From 9dbe1b15446fd712c3f3090d54c4ccb41e8708e5 Mon Sep 17 00:00:00 2001
From: Juiced66 <juliendecosse30630@gmail.com>
Date: Wed, 6 Nov 2024 07:18:01 +0100
Subject: [PATCH] chore: add log to warn user about generated seed usage

---
 lib/kuzzle/internalIndexHandler.js | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/lib/kuzzle/internalIndexHandler.js b/lib/kuzzle/internalIndexHandler.js
index 3767eb672f..c4ab0c50e6 100644
--- a/lib/kuzzle/internalIndexHandler.js
+++ b/lib/kuzzle/internalIndexHandler.js
@@ -209,12 +209,18 @@ class InternalIndexHandler extends Store {
 
     let storedSeed = await this.exists("config", this._JWT_SECRET_ID);
 
-    if (!configSeed && !storedSeed) {
-      storedSeed = crypto.randomBytes(512).toString("hex");
-      await this.create(
-        "config",
-        { seed: storedSeed },
-        { id: this._JWT_SECRET_ID },
+    if (!configSeed) {
+      if (!storedSeed) {
+        storedSeed = crypto.randomBytes(512).toString("hex");
+        await this.create(
+          "config",
+          { seed: storedSeed },
+          { id: this._JWT_SECRET_ID },
+        );
+      }
+
+      global.kuzzle.log.warn(
+        "[!] Kuzzle is using generated seed for authentication. This is suitable for development but should NEVER be use in Production. See https://docs.kuzzle.io/core/2/guides/getting-started/deploy-your-application/",
       );
     }
     global.kuzzle.secret = configSeed