From bce923fb74c1e0db8e7587460b25315c3cdef9a9 Mon Sep 17 00:00:00 2001
From: zxstty <zhaojiaqi18@huawei.com>
Date: Thu, 13 Feb 2025 17:25:00 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0rag=E7=9A=84csrf=E7=BC=96?=
 =?UTF-8?q?=E8=A7=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 data_chain/apps/base/session/session.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data_chain/apps/base/session/session.py b/data_chain/apps/base/session/session.py
index a9d61e4..2ac987a 100644
--- a/data_chain/apps/base/session/session.py
+++ b/data_chain/apps/base/session/session.py
@@ -88,7 +88,7 @@ class SessionManager:
         csrf_value = f"{session_id}{rand}"
         csrf_b64 = base64.b64encode(bytes.fromhex(csrf_value))
 
-        hmac_processor = hmac.new(key=bytes.fromhex(config["CSRF_KEY"]), msg=csrf_b64, digestmod=hashlib.sha256)
+        hmac_processor = hmac.new(key=bytes.fromhex(base64.b64decode(config["CSRF_KEY"])), msg=csrf_b64, digestmod=hashlib.sha256)
         signature = base64.b64encode(hmac_processor.digest())
 
         csrf_b64 = csrf_b64.decode("utf-8")
@@ -120,7 +120,7 @@ class SessionManager:
             except Exception as e:
                 logging.error(f"Get csrf token from session error: {e}")
 
-        hmac_obj = hmac.new(key=bytes.fromhex(config["CSRF_KEY"]),
+        hmac_obj = hmac.new(key=bytes.fromhex(base64.b64decode(config["CSRF_KEY"])),
                             msg=token_msg[0].encode("utf-8"), digestmod=hashlib.sha256)
         signature = hmac_obj.digest()
         current_signature = base64.b64decode(token_msg[1])
-- 
Gitee