Merge pull request #344 from wsczx/devanother

增加密码加密存储的功能，老用户不影响，但更新后自动加密存储
2024-10-31 17:30:27 +08:00 · 2024-10-31 17:30:27 +08:00 · 874b6914e2
parent 152b62ac90 dd7d1b0e25
commit 874b6914e2
3 changed files with 27 additions and 12 deletions
--- a/server/dbdata/cert.go
+++ b/server/dbdata/cert.go
@ -400,12 +400,3 @@ func buildNameToCertificate(cert *tls.Certificate) {
 		nameToCertificate[san] = cert
 	}
 }
-
-// func Scrypt(passwd string) string {
-// 	salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b}
-// 	hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32)
-// 	if err != nil {
-// 		return err.Error()
-// 	}
-// 	return base64.StdEncoding.EncodeToString(hashPasswd)
-// }
--- a/server/dbdata/user.go
+++ b/server/dbdata/user.go
@ -6,6 +6,7 @@ import (
 	"sync"
 	"time"

+	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/xlzd/gotp"
 )
@ -116,7 +117,7 @@ func checkLocalUser(name, pwd, group string) error {
 		return fmt.Errorf("%s %s", name, "用户组错误")
 	}
 	// 判断otp信息
-	pinCode := pwd
+	// pinCode := pwd
 	// if !v.DisableOtp {
 	// 	pinCode = pwd[:pl-6]
 	// 	otp := pwd[pl-6:]
@ -124,9 +125,8 @@ func checkLocalUser(name, pwd, group string) error {
 	// 		return fmt.Errorf("%s %s", name, "动态码错误")
 	// 	}
 	// }
-
 	// 判断用户密码
-	if pinCode != v.PinCode {
+	if !utils.PasswordVerify(pwd, v.PinCode) {
 		return fmt.Errorf("%s %s", name, "密码错误")
 	}

@ -190,3 +190,23 @@ func CheckOtp(name, otp, secret string) bool {

 	return verify
 }
+
+// 插入数据库前加密密码
+func (u *User) BeforeInsert() {
+	hashedPassword, err := utils.PasswordHash(u.PinCode)
+	if err != nil {
+		base.Error(err)
+	}
+	u.PinCode = hashedPassword
+}
+
+// 更新数据库前加密密码
+func (u *User) BeforeUpdate() {
+	if len(u.PinCode) != 60 {
+		hashedPassword, err := utils.PasswordHash(u.PinCode)
+		if err != nil {
+			base.Error(err)
+		}
+		u.PinCode = hashedPassword
+	}
+}
--- a/server/pkg/utils/password_hash.go
+++ b/server/pkg/utils/password_hash.go
@ -14,6 +14,10 @@ func PasswordHash(password string) (string, error) {
 }

 func PasswordVerify(password, hash string) bool {
+	// 保留老用户明文验证
+	if len(hash) != 60 {
+		return password == hash
+	}
 	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
 	return err == nil
 }