chore: add log to warn user about generated seed usage

kuzzleio · Nov 6, 2024 · 9dbe1b1 · 9dbe1b1
1 parent a96e7e1
commit 9dbe1b1
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/lib/kuzzle/internalIndexHandler.js b/lib/kuzzle/internalIndexHandler.js
@@ -209,12 +209,18 @@ class InternalIndexHandler extends Store {
 
     let storedSeed = await this.exists("config", this._JWT_SECRET_ID);
 
-    if (!configSeed && !storedSeed) {
-      storedSeed = crypto.randomBytes(512).toString("hex");
-      await this.create(
-        "config",
-        { seed: storedSeed },
-        { id: this._JWT_SECRET_ID },
+    if (!configSeed) {
+      if (!storedSeed) {
+        storedSeed = crypto.randomBytes(512).toString("hex");
+        await this.create(
+          "config",
+          { seed: storedSeed },
+          { id: this._JWT_SECRET_ID },
+        );
+      }
+
+      global.kuzzle.log.warn(
+        "[!] Kuzzle is using generated seed for authentication. This is suitable for development but should NEVER be use in Production. See https://docs.kuzzle.io/core/2/guides/getting-started/deploy-your-application/",
       );
     }
     global.kuzzle.secret = configSeed