94 lines
3.0 KiB
Python
94 lines
3.0 KiB
Python
import hmac
|
|
import hashlib
|
|
import base64
|
|
import json
|
|
import time
|
|
import secrets
|
|
import string
|
|
|
|
def generate_secure_secret(length=64):
|
|
"""生成安全的随机十六进制字符串"""
|
|
return secrets.token_hex(length // 2)
|
|
|
|
def generate_random_string(length=32):
|
|
"""生成包含字母数字的随机字符串 (用于密码等)"""
|
|
chars = string.ascii_letters + string.digits
|
|
return ''.join(secrets.choice(chars) for _ in range(length))
|
|
|
|
def base64url_encode(input_bytes):
|
|
return base64.urlsafe_b64encode(input_bytes).decode('utf-8').rstrip('=')
|
|
|
|
def generate_jwt(role, secret):
|
|
# 1. Header
|
|
header = {
|
|
"alg": "HS256",
|
|
"typ": "JWT"
|
|
}
|
|
|
|
# 2. Payload
|
|
now = int(time.time())
|
|
payload = {
|
|
"role": role,
|
|
"iss": "supabase",
|
|
"iat": now,
|
|
"exp": now + 315360000 # 10年有效期
|
|
}
|
|
|
|
# Encode parts
|
|
header_b64 = base64url_encode(json.dumps(header).encode('utf-8'))
|
|
payload_b64 = base64url_encode(json.dumps(payload).encode('utf-8'))
|
|
|
|
# 3. Signature
|
|
signing_input = f"{header_b64}.{payload_b64}".encode('utf-8')
|
|
signature = hmac.new(
|
|
secret.encode('utf-8'),
|
|
signing_input,
|
|
hashlib.sha256
|
|
).digest()
|
|
signature_b64 = base64url_encode(signature)
|
|
|
|
return f"{header_b64}.{payload_b64}.{signature_b64}"
|
|
|
|
if __name__ == "__main__":
|
|
print("=" * 60)
|
|
print("🔐 Supabase 全自动配置生成器 (Zero Dependency)")
|
|
print("=" * 60)
|
|
print("正在生成所有密钥...\n")
|
|
|
|
# 1. 自动生成主密钥
|
|
jwt_secret = generate_secure_secret(64)
|
|
|
|
# 2. 基于主密钥生成 JWT
|
|
anon_key = generate_jwt("anon", jwt_secret)
|
|
service_key = generate_jwt("service_role", jwt_secret)
|
|
|
|
# 3. 生成其他加密 Key和密码
|
|
vault_key = generate_secure_secret(32)
|
|
meta_key = generate_secure_secret(32)
|
|
secret_key_base = generate_secure_secret(64)
|
|
|
|
db_password = generate_random_string(20)
|
|
dashboard_password = generate_random_string(16)
|
|
|
|
# 4. 输出结果
|
|
print(f"✅ 生成完成!请直接复制以下内容覆盖您的 .env 文件中的对应部分:\n")
|
|
|
|
print("-" * 20 + " [ 复制开始 ] " + "-" * 20)
|
|
print(f"# === 数据库安全配置 ===")
|
|
print(f"POSTGRES_PASSWORD={db_password}")
|
|
print(f"JWT_SECRET={jwt_secret}")
|
|
print(f"ANON_KEY={anon_key}")
|
|
print(f"SERVICE_ROLE_KEY={service_key}")
|
|
print(f"SECRET_KEY_BASE={secret_key_base}")
|
|
print(f"VAULT_ENC_KEY={vault_key}")
|
|
print(f"PG_META_CRYPTO_KEY={meta_key}")
|
|
print(f"\n# === 管理后台配置 ===")
|
|
print(f"DASHBOARD_USERNAME=admin")
|
|
print(f"DASHBOARD_PASSWORD={dashboard_password}")
|
|
print("-" * 20 + " [ 复制结束 ] " + "-" * 20)
|
|
|
|
print("\n💡 提示:")
|
|
print(f"1. 数据库密码: {db_password}")
|
|
print(f"2. 后台登录密码: {dashboard_password}")
|
|
print("请妥善保管这些密码!")
|