From cc568d9569287160017860d4cda7815756ad2fed Mon Sep 17 00:00:00 2001
From: Azalea <22280294+hykilpikonna@users.noreply.github.com>
Date: Mon, 19 Feb 2024 04:39:28 -0500
Subject: [PATCH] [F] Fix token too short

---
 src/main/java/icu/samnyan/aqua/net/components/JWT.kt | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/main/java/icu/samnyan/aqua/net/components/JWT.kt b/src/main/java/icu/samnyan/aqua/net/components/JWT.kt
index bdee530f..c1c0e74f 100644
--- a/src/main/java/icu/samnyan/aqua/net/components/JWT.kt
+++ b/src/main/java/icu/samnyan/aqua/net/components/JWT.kt
@@ -36,8 +36,15 @@ class JWT(
             log.warn("USING DEFAULT JWT SECRET, PLEASE SET aqua-net.jwt IN CONFIGURATION")
         }
 
+        // Pad byte array to 256 bits
+        var ba = props.secret.toByteArray()
+        if (ba.size < 32) {
+            log.warn("JWT Secret is less than 256 bits, padding with 0. PLEASE USE A STRONGER SECRET!")
+            ba = ByteArray(32).also { ba.copyInto(it) }
+        }
+
         // Initialize key
-        key = Keys.hmacShaKeyFor(props.secret.toByteArray())
+        key = Keys.hmacShaKeyFor(ba)
 
         // Create parser
         parser = Jwts.parser()