From b5bdff41aaf1630f0449de3f084567a1406f9887 Mon Sep 17 00:00:00 2001
From: Tim <135014430+nagisa77@users.noreply.github.com>
Date: Mon, 30 Jun 2025 21:08:39 +0800
Subject: [PATCH] Fix JWT key generation

---
 .../java/com/openisle/service/JwtService.java    | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/openisle/service/JwtService.java b/src/main/java/com/openisle/service/JwtService.java
index bdd814e10..0d2112a37 100644
--- a/src/main/java/com/openisle/service/JwtService.java
+++ b/src/main/java/com/openisle/service/JwtService.java
@@ -2,13 +2,14 @@ package com.openisle.service;
 
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
-import io.jsonwebtoken.io.Decoders;
-import io.jsonwebtoken.io.Encoders;
 import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
 import java.security.Key;
 import java.util.Date;
 
@@ -21,8 +22,13 @@ public class JwtService {
     private long expiration;
 
     private Key getSigningKey() {
-        byte[] keyBytes = Encoders.BASE64.encode(secret.getBytes()).getBytes();
-        return Keys.hmacShaKeyFor(keyBytes);
+        try {
+            MessageDigest digest = MessageDigest.getInstance("SHA-256");
+            byte[] keyBytes = digest.digest(secret.getBytes(StandardCharsets.UTF_8));
+            return Keys.hmacShaKeyFor(keyBytes);
+        } catch (NoSuchAlgorithmException e) {
+            throw new IllegalStateException("SHA-256 not available", e);
+        }
     }
 
     public String generateToken(String subject) {