使用已有的加密方案加密密码

2024-10-28 11:53:34 +08:00 · 2024-10-28 11:53:34 +08:00 · dd7d1b0e25
parent ff9d92a693
commit dd7d1b0e25
2 changed files with 10 additions and 60 deletions
--- a/server/dbdata/user.go
+++ b/server/dbdata/user.go
@ -1,18 +1,14 @@
 package dbdata
 import (
 	"crypto/rand"
 	"encoding/base64"
 	"errors"
 	"fmt"
 	"strings"
 	"sync"
 	"time"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/xlzd/gotp"
 	"golang.org/x/crypto/scrypt"
 )
 // type User struct {
@ -130,7 +126,7 @@ func checkLocalUser(name, pwd, group string) error {
 	// 	}
 	// }
 	// 判断用户密码
-	if !VerifyPassword(pwd, v.PinCode) {
+	if !utils.PasswordVerify(pwd, v.PinCode) {
 		return fmt.Errorf("%s %s", name, "密码错误")
 	}
@ -196,71 +192,21 @@ func CheckOtp(name, otp, secret string) bool {
 }
 // 插入数据库前加密密码
-func (u *User) BeforeInsert() error {
+func (u *User) BeforeInsert() {
-	hashedPassword, err := ScryptPassword(u.PinCode)
+	hashedPassword, err := utils.PasswordHash(u.PinCode)
 	if err != nil {
 		base.Error(err)
 		return err
 	}
 	u.PinCode = hashedPassword
 	return nil
 }
 // 更新数据库前加密密码
-func (u *User) BeforeUpdate() error {
+func (u *User) BeforeUpdate() {
-	if len(u.PinCode) != 57 {
+	if len(u.PinCode) != 60 {
-		hashedPassword, err := ScryptPassword(u.PinCode)
+		hashedPassword, err := utils.PasswordHash(u.PinCode)
 		if err != nil {
 			base.Error(err)
 			return err
 		}
 		u.PinCode = hashedPassword
 	}
 	return nil
 }
 // 加密密码
 func ScryptPassword(passwd string) (string, error) {
 	salt := make([]byte, 8)
 	if _, err := rand.Read(salt); err != nil {
 		return "", err
 	}
 	hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<16, 8, 1, 32)
 	if err != nil {
 		return "", err
 	}
 	encodedSalt := base64.StdEncoding.EncodeToString(salt)
 	encodedHash := base64.StdEncoding.EncodeToString(hashPasswd)
 	return encodedSalt + "&" + encodedHash, nil
 }
 // 验证密码
 func VerifyPassword(password, hashPassword string) bool {
 	// 老用户使用明文验证
 	if len(hashPassword) != 57 {
 		return password == hashPassword
 	}
 	// 分割盐值和哈希值
 	encodepwds := strings.SplitN(hashPassword, "&", 2)
 	if len(encodepwds) != 2 {
 		return false
 	}
 	// 解码盐值
 	salt, err := base64.StdEncoding.DecodeString(encodepwds[0])
 	if err != nil {
 		return false
 	}
 	// 计算新的哈希值
 	newHash, err := scrypt.Key([]byte(password), salt, 1<<16, 8, 1, 32)
 	if err != nil {
 		return false
 	}
 	return base64.StdEncoding.EncodeToString(newHash) == encodepwds[1]
 }
--- a/server/pkg/utils/password_hash.go
+++ b/server/pkg/utils/password_hash.go
@ -14,6 +14,10 @@ func PasswordHash(password string) (string, error) {
 }
 func PasswordVerify(password, hash string) bool {
 	// 保留老用户明文验证
 	if len(hash) != 60 {
 		return password == hash
 	}
 	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
 	return err == nil
 }