7x31
/
anylink
mirror of https://github.com/bjdgyc/anylink.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

使用动态盐值加密密码

This commit is contained in:
wsczx 2024-10-26 21:22:04 +08:00
parent 34e555c70c
commit ff9d92a693
1 changed files with 63 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
server/dbdata/user.go
View File

@ -1,12 +1,15 @@
package dbdata package dbdata
import ( import (
"crypto/rand"
"encoding/base64" "encoding/base64"
"errors" "errors"
"fmt" "fmt"
"strings"
"sync" "sync"
"time" "time"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/pkg/utils" "github.com/bjdgyc/anylink/pkg/utils"
"github.com/xlzd/gotp" "github.com/xlzd/gotp"
"golang.org/x/crypto/scrypt" "golang.org/x/crypto/scrypt"
@ -126,7 +129,6 @@ func checkLocalUser(name, pwd, group string) error {
// return fmt.Errorf("%s %s", name, "动态码错误") // return fmt.Errorf("%s %s", name, "动态码错误")
// } // }
// } // }
// 判断用户密码 // 判断用户密码
if !VerifyPassword(pwd, v.PinCode) { if !VerifyPassword(pwd, v.PinCode) {
return fmt.Errorf("%s %s", name, "密码错误") return fmt.Errorf("%s %s", name, "密码错误")
@ -193,29 +195,72 @@ func CheckOtp(name, otp, secret string) bool {
return verify return verify
} }
// 插入数据库前加密 Password // 插入数据库前加密密码
func (u *User) BeforeInsert() { func (u *User) BeforeInsert() error {
u.PinCode = ScryptPassword(u.PinCode) hashedPassword, err := ScryptPassword(u.PinCode)
} if err != nil {
base.Error(err)
// 更新数据库前加密 Password return err
func (u *User) BeforeUpdate() {
if len(u.PinCode) != 44 {
u.PinCode = ScryptPassword(u.PinCode)
} }
u.PinCode = hashedPassword
return nil
} }
// 加密 // 更新数据库前加密密码
func ScryptPassword(passwd string) string { func (u *User) BeforeUpdate() error {
salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b} if len(u.PinCode) != 57 {
hashPasswd, _ := scrypt.Key([]byte(passwd), salt, 1<<16, 8, 1, 32) hashedPassword, err := ScryptPassword(u.PinCode)
return base64.StdEncoding.EncodeToString(hashPasswd) if err != nil {
base.Error(err)
return err
}
u.PinCode = hashedPassword
}
return nil
} }
// 验证 // 加密密码
func ScryptPassword(passwd string) (string, error) {
salt := make([]byte, 8)
if _, err := rand.Read(salt); err != nil {
return "", err
}
hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<16, 8, 1, 32)
if err != nil {
return "", err
}
encodedSalt := base64.StdEncoding.EncodeToString(salt)
encodedHash := base64.StdEncoding.EncodeToString(hashPasswd)
return encodedSalt + "&" + encodedHash, nil
}
// 验证密码
func VerifyPassword(password, hashPassword string) bool { func VerifyPassword(password, hashPassword string) bool {
if len(hashPassword) != 44 { // 老用户使用明文验证
if len(hashPassword) != 57 {
return password == hashPassword return password == hashPassword
} }
return ScryptPassword(password) == hashPassword
// 分割盐值和哈希值
encodepwds := strings.SplitN(hashPassword, "&", 2)
if len(encodepwds) != 2 {
return false
}
// 解码盐值
salt, err := base64.StdEncoding.DecodeString(encodepwds[0])
if err != nil {
return false
}
// 计算新的哈希值
newHash, err := scrypt.Key([]byte(password), salt, 1<<16, 8, 1, 32)
if err != nil {
return false
}
return base64.StdEncoding.EncodeToString(newHash) == encodepwds[1]
} }