From b3d151c9f9c62302dea0bc9d1c9320e1b9bf3183 Mon Sep 17 00:00:00 2001
From: gaoziman <2942894660@qq.com>
Date: Tue, 23 Dec 2025 14:33:37 +0800
Subject: [PATCH] =?UTF-8?q?chore(=E5=AE=89=E5=85=A8):=20=E5=BC=BA=E5=88=B6?=
 =?UTF-8?q?=E7=8E=AF=E5=A2=83=E5=8F=98=E9=87=8F=E9=85=8D=E7=BD=AE=E5=B9=B6?=
 =?UTF-8?q?=E6=89=A9=E5=B1=95=E8=B7=AF=E7=94=B1=E4=BF=9D=E6=8A=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- auth.ts: JWT_SECRET必须通过环境变量配置
- crypto.ts: ENCRYPTION_KEY必须通过环境变量配置
- middleware.ts: 添加/assistants和/notes到受保护路由
- db.ts: 更新默认数据库名称
---
 src/drizzle/db.ts | 2 +-
 src/lib/auth.ts   | 9 +++++----
 src/lib/crypto.ts | 7 +++++--
 src/middleware.ts | 6 +++---
 4 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/drizzle/db.ts b/src/drizzle/db.ts
index b71e17c..bb3d7f8 100644
--- a/src/drizzle/db.ts
+++ b/src/drizzle/db.ts
@@ -8,7 +8,7 @@ const pool = new Pool({
   port: parseInt(process.env.DB_PORT || '35433'),
   user: process.env.DB_USER || 'postgres',
   password: process.env.DB_PASSWORD || 'postgres',
-  database: process.env.DB_NAME || 'lioncode_ui',
+  database: process.env.DB_NAME || 'cchcode_ui',
   max: 10, // 最大连接数
   idleTimeoutMillis: 30000, // 空闲超时
   connectionTimeoutMillis: 5000, // 连接超时
diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index d45a39f..b99e434 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -1,10 +1,11 @@
 import { SignJWT, jwtVerify } from 'jose';
 import { cookies } from 'next/headers';
 
-// JWT 密钥（生产环境应使用环境变量）
-const JWT_SECRET = new TextEncoder().encode(
-  process.env.JWT_SECRET || 'lioncode-jwt-secret-key-2024'
-);
+// JWT 密钥（必须通过环境变量配置）
+if (!process.env.JWT_SECRET) {
+  throw new Error('环境变量 JWT_SECRET 未配置，请在 .env.local 中设置');
+}
+const JWT_SECRET = new TextEncoder().encode(process.env.JWT_SECRET);
 
 // Token 有效期：7 天
 const TOKEN_EXPIRY = '7d';
diff --git a/src/lib/crypto.ts b/src/lib/crypto.ts
index c2c5ebd..9a11518 100644
--- a/src/lib/crypto.ts
+++ b/src/lib/crypto.ts
@@ -1,8 +1,11 @@
 import crypto from 'crypto';
 
 // 加密密钥（32字节 = 256位，用于 AES-256）
-// 生产环境应使用环境变量
-const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY || 'lioncode-encryption-key-2024-sec';
+// 必须通过环境变量配置
+if (!process.env.ENCRYPTION_KEY) {
+  throw new Error('环境变量 ENCRYPTION_KEY 未配置，请在 .env.local 中设置');
+}
+const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;
 
 // 确保密钥长度为32字节
 const getKey = (): Buffer => {
diff --git a/src/middleware.ts b/src/middleware.ts
index 332a5eb..ccef20d 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -2,16 +2,16 @@ import { NextResponse } from 'next/server';
 import type { NextRequest } from 'next/server';
 import { jwtVerify } from 'jose';
 
-// JWT 密钥
+// JWT 密钥（必须通过环境变量配置）
 const JWT_SECRET = new TextEncoder().encode(
-  process.env.JWT_SECRET || 'lioncode-jwt-secret-key-2024'
+  process.env.JWT_SECRET || ''
 );
 
 // Cookie 名称
 const AUTH_COOKIE_NAME = 'lioncode_auth_token';
 
 // 需要登录才能访问的路由
-const protectedRoutes = ['/', '/chat', '/settings'];
+const protectedRoutes = ['/', '/chat', '/settings', '/assistants', '/notes'];
 
 // 公开路由（已登录用户访问会重定向到首页）
 const publicRoutes = ['/login', '/register', '/reset-password'];