refactor: 使用密码编码器重构密码加密、密码判断等相关处理

采用 BCryptPasswordEncoder，并动态兼容
continew-org · Jan 31, 2024 · 594f7fd · 594f7fd
1 parent 860ca40
commit 594f7fd
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 22 deletions.
diff --git a/...inew-admin-common/src/main/java/top/charles7c/continew/admin/common/util/SecureUtils.java b/...inew-admin-common/src/main/java/top/charles7c/continew/admin/common/util/SecureUtils.java
@@ -66,15 +66,4 @@ public static String decryptByRsaPrivateKey(String data) {
     public static String decryptByRsaPrivateKey(String data, String privateKey) {
         return new String(SecureUtil.rsa(privateKey, null).decrypt(Base64.decode(data), KeyType.PrivateKey));
     }
-
-    /**
-     * MD5 加密
-     *
-     * @param data 要加密的内容
-     * @param salt 盐
-     * @return 加密后的内容
-     */
-    public static String md5Salt(String data, String salt) {
-        return SecureUtil.md5(SecureUtil.md5(data) + salt);
-    }
 }
diff --git a/...system/src/main/java/top/charles7c/continew/admin/auth/service/impl/LoginServiceImpl.java b/...system/src/main/java/top/charles7c/continew/admin/auth/service/impl/LoginServiceImpl.java
@@ -27,6 +27,7 @@
 import cn.hutool.json.JSONUtil;
 import lombok.RequiredArgsConstructor;
 import me.zhyd.oauth.model.AuthUser;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import top.charles7c.continew.admin.auth.model.resp.MetaResp;
 import top.charles7c.continew.admin.auth.model.resp.RouteResp;
@@ -39,7 +40,6 @@
 import top.charles7c.continew.admin.common.enums.MenuTypeEnum;
 import top.charles7c.continew.admin.common.enums.MessageTypeEnum;
 import top.charles7c.continew.admin.common.model.dto.LoginUser;
-import top.charles7c.continew.admin.common.util.SecureUtils;
 import top.charles7c.continew.admin.common.util.helper.LoginHelper;
 import top.charles7c.continew.admin.system.enums.MessageTemplateEnum;
 import top.charles7c.continew.admin.system.model.entity.DeptDO;
@@ -77,13 +77,13 @@ public class LoginServiceImpl implements LoginService {
     private final UserRoleService userRoleService;
     private final UserSocialService userSocialService;
     private final MessageService messageService;
+    private final PasswordEncoder passwordEncoder;
 
     @Override
     public String accountLogin(String username, String password) {
         UserDO user = userService.getByUsername(username);
         CheckUtils.throwIfNull(user, "用户名或密码不正确");
-        Long userId = user.getId();
-        CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(password, userId.toString()), user.getPassword(), "用户名或密码不正确");
+        CheckUtils.throwIf(!passwordEncoder.matches(password, user.getPassword()), "用户名或密码不正确");
         this.checkUserStatus(user);
         return this.login(user);
     }

diff --git a/...ystem/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java b/...ystem/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
@@ -27,14 +27,14 @@
 import lombok.RequiredArgsConstructor;
 import org.dromara.x.file.storage.core.FileInfo;
 import org.dromara.x.file.storage.core.FileStorageService;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.multipart.MultipartFile;
 import top.charles7c.continew.admin.common.constant.CacheConstants;
 import top.charles7c.continew.admin.common.constant.FileConstants;
 import top.charles7c.continew.admin.common.constant.SysConstants;
 import top.charles7c.continew.admin.common.enums.DisEnableStatusEnum;
-import top.charles7c.continew.admin.common.util.SecureUtils;
 import top.charles7c.continew.admin.common.util.helper.LoginHelper;
 import top.charles7c.continew.admin.system.mapper.UserMapper;
 import top.charles7c.continew.admin.system.model.entity.UserDO;
@@ -72,6 +72,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     private final UserRoleService userRoleService;
     private final FileService fileService;
     private final FileStorageService fileStorageService;
+    private final PasswordEncoder passwordEncoder;
 
     @Override
     public Long add(UserDO user) {
@@ -95,7 +96,7 @@ protected void beforeAdd(UserReq req) {
     protected void afterAdd(UserReq req, UserDO user) {
         Long userId = user.getId();
         baseMapper.lambdaUpdate()
-            .set(UserDO::getPassword, SecureUtils.md5Salt(SysConstants.DEFAULT_PASSWORD, userId.toString()))
+            .set(UserDO::getPassword, passwordEncoder.encode(SysConstants.DEFAULT_PASSWORD))
             .set(UserDO::getPwdResetTime, LocalDateTime.now())
             .eq(UserDO::getId, userId)
             .update();
@@ -198,12 +199,12 @@ public void updatePassword(String oldPassword, String newPassword, Long id) {
         UserDO user = super.getById(id);
         String password = user.getPassword();
         if (StrUtil.isNotBlank(password)) {
-            CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(oldPassword, id.toString()), password, "当前密码错误");
+            CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), "当前密码错误");
         }
         // 更新密码和密码重置时间
         LocalDateTime now = LocalDateTime.now();
         baseMapper.lambdaUpdate()
-            .set(UserDO::getPassword, SecureUtils.md5Salt(newPassword, id.toString()))
+            .set(UserDO::getPassword, passwordEncoder.encode(newPassword))
             .set(UserDO::getPwdResetTime, now)
             .eq(UserDO::getId, id)
             .update();
@@ -212,7 +213,7 @@ public void updatePassword(String oldPassword, String newPassword, Long id) {
     @Override
     public void updatePhone(String newPhone, String currentPassword, Long id) {
         UserDO user = super.getById(id);
-        CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(currentPassword, id.toString()), user.getPassword(), "当前密码错误");
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
         Long count = baseMapper.lambdaQuery().eq(UserDO::getPhone, newPhone).count();
         CheckUtils.throwIf(count > 0, "手机号已绑定其他账号，请更换其他手机号");
         CheckUtils.throwIfEqual(newPhone, user.getPhone(), "新手机号不能与当前手机号相同");
@@ -223,7 +224,7 @@ public void updatePhone(String newPhone, String currentPassword, Long id) {
     @Override
     public void updateEmail(String newEmail, String currentPassword, Long id) {
         UserDO user = super.getById(id);
-        CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(currentPassword, id.toString()), user.getPassword(), "当前密码错误");
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
         Long count = baseMapper.lambdaQuery().eq(UserDO::getEmail, newEmail).count();
         CheckUtils.throwIf(count > 0, "邮箱已绑定其他账号，请更换其他邮箱");
         CheckUtils.throwIfEqual(newEmail, user.getEmail(), "新邮箱不能与当前邮箱相同");
@@ -234,7 +235,7 @@ public void updateEmail(String newEmail, String currentPassword, Long id) {
     @Override
     public void resetPassword(Long id) {
         UserDO user = super.getById(id);
-        user.setPassword(SecureUtils.md5Salt(SysConstants.DEFAULT_PASSWORD, id.toString()));
+        user.setPassword(passwordEncoder.encode(SysConstants.DEFAULT_PASSWORD));
         user.setPwdResetTime(LocalDateTime.now());
         baseMapper.updateById(user);
     }

diff --git a/continew-admin-webapi/src/main/resources/config/application-dev.yml b/continew-admin-webapi/src/main/resources/config/application-dev.yml
@@ -245,6 +245,13 @@ spring.servlet:
     # 单次总上传文件大小限制
     max-request-size: 20MB
 
+--- ### 密码编码器配置
+continew-starter:
+  password-encoder:
+    enabled: true
+    # BCryptPasswordEncoder
+    encoding-id: bcrypt
+
 --- ### 非对称加密配置（例如：密码加密传输，前端公钥加密，后端私钥解密；在线生成 RSA 密钥对：http://web.chacuo.net/netrsakeypair）
 rsa:
   # 私钥

diff --git a/continew-admin-webapi/src/main/resources/config/application-prod.yml b/continew-admin-webapi/src/main/resources/config/application-prod.yml
@@ -245,6 +245,13 @@ spring.servlet:
     # 单次总上传文件大小限制
     max-request-size: 20MB
 
+--- ### 密码编码器配置
+continew-starter:
+  password-encoder:
+    enabled: true
+    # BCryptPasswordEncoder
+    encoding-id: bcrypt
+
 --- ### 非对称加密配置（例如：密码加密传输，前端公钥加密，后端私钥解密；在线生成 RSA 密钥对：http://web.chacuo.net/netrsakeypair）
 rsa:
   # 私钥

diff --git a/continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_column.sql b/continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_column.sql
@@ -1,4 +1,8 @@
 -- liquibase formatted sql
 
 -- changeset Charles7c:1
-ALTER TABLE `sys_log` ADD COLUMN `trace_id` varchar(255) NULL COMMENT '链路ID' AFTER `id`;
+ALTER TABLE `sys_log` ADD COLUMN `trace_id` varchar(255) NULL COMMENT '链路ID' AFTER `id`;
+
+-- changeset Charles7c:2
+ALTER TABLE `sys_user`
+    MODIFY COLUMN `password` varchar(255) DEFAULT NULL COMMENT '密码（加密）' AFTER `nickname`;
diff --git a/continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_data.sql b/continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_data.sql
@@ -1 +1,5 @@
 -- liquibase formatted sql
+
+-- changeset Charles7c:1
+UPDATE `sys_user` SET `password` = '{bcrypt}$2a$10$4jGwK2BMJ7FgVR.mgwGodey8.xR8FLoU1XSXpxJ9nZQt.pufhasSa' WHERE `username` = 'admin';
+UPDATE `sys_user` SET `password` = '{bcrypt}$2a$10$meMbyso06lupZjxT88fG8undZo6.DSNUmifRfnnre8r/s13ciq6M6' WHERE `username` = 'test';