修改密钥

backend/open_webui/routers/auths.py

@@ -336,7 +336,7 @@ async def signin(request: Request, response: Response, form_data: SigninForm):
         trusted_token = request.headers[WEBUI_AUTH_TRUSTED_TOKEN_HEADER]
         # 讲token解密，获取用户名称和邮箱
         try:
-            payload = jwt.decode(trusted_token, "QCopWfW1tmdxRulrO3axMBx78ygNkOI-fOv7J-4iJaU", algorithms=["HS256"])
+            payload = jwt.decode(trusted_token, "IxLnoAoNL83xQNU1VMyrtlKiocIBMonZNKBjGp54Puk", algorithms=["HS256"])
         except jwt.ExpiredSignatureError:
             raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
         except jwt.InvalidTokenError:

backend/open_webui/test/token_for_signin.py

@@ -6,7 +6,7 @@ from datetime import datetime, timedelta
 def generate_jwt_token(
     email: str,
     name: str,
-    secret_key: str = "QCopWfW1tmdxRulrO3axMBx78ygNkOI-fOv7J-4iJaU",  # 建议通过环境变量注入实际密钥
+    secret_key: str = "IxLnoAoNL83xQNU1VMyrtlKiocIBMonZNKBjGp54Puk",  # 建议通过环境变量注入实际密钥
     expires: int = 3600  # 默认有效期 1 小时（秒）
 ) -> str:
     """
@@ -53,5 +53,5 @@ if __name__ == "__main__":
     key_bytes = secrets.token_bytes(32)
 
     # 转换为Base64字符串（无填充，URL安全）
-    key_base64 = base64.urlsafe_b64encode(key_bytes).decode().strip("=")
+    key_base64 = base64.urlsafe_b64encode(key_bytes).decode().strip("=").strip("-")
     print("密钥:", key_base64)