⚡ 用户密码在Controller层统一进行AES解密,service层输入保证使用明文密码
This commit is contained in:
b2baccline
@@ -20,10 +20,12 @@ import com.hccake.ballcat.common.core.domain.SelectData;
|
|||||||
import com.hccake.ballcat.common.core.result.BaseResultCode;
|
import com.hccake.ballcat.common.core.result.BaseResultCode;
|
||||||
import com.hccake.ballcat.common.core.result.R;
|
import com.hccake.ballcat.common.core.result.R;
|
||||||
import com.hccake.ballcat.common.core.result.SystemResultCode;
|
import com.hccake.ballcat.common.core.result.SystemResultCode;
|
||||||
|
import com.hccake.ballcat.common.core.util.PasswordUtil;
|
||||||
import io.swagger.annotations.Api;
|
import io.swagger.annotations.Api;
|
||||||
import io.swagger.annotations.ApiOperation;
|
import io.swagger.annotations.ApiOperation;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.validation.annotation.Validated;
|
import org.springframework.validation.annotation.Validated;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
@@ -54,6 +56,12 @@ public class SysUserController {
|
|||||||
|
|
||||||
private final SysUserRoleService sysUserRoleService;
|
private final SysUserRoleService sysUserRoleService;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TODO 封装为实体对象,方便归档系统参数
|
||||||
|
*/
|
||||||
|
@Value("${password.secret-key}")
|
||||||
|
private String passwordSecretKey;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 分页查询用户
|
* 分页查询用户
|
||||||
* @param pageParam 参数集
|
* @param pageParam 参数集
|
||||||
@@ -78,20 +86,22 @@ public class SysUserController {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* 新增用户
|
* 新增用户
|
||||||
* @param sysUserDto userInfo
|
* @param sysUserDTO userInfo
|
||||||
* @return success/false
|
* @return success/false
|
||||||
*/
|
*/
|
||||||
@PostMapping
|
@PostMapping
|
||||||
@ApiOperation(value = "新增系统用户", notes = "新增系统用户")
|
@ApiOperation(value = "新增系统用户", notes = "新增系统用户")
|
||||||
@CreateOperationLogging(msg = "新增系统用户")
|
@CreateOperationLogging(msg = "新增系统用户")
|
||||||
@PreAuthorize("@per.hasPermission('sys:sysuser:add')")
|
@PreAuthorize("@per.hasPermission('sys:sysuser:add')")
|
||||||
public R<?> addSysUser(@Valid @RequestBody SysUserDTO sysUserDto) {
|
public R<?> addSysUser(@Valid @RequestBody SysUserDTO sysUserDTO) {
|
||||||
|
SysUser user = sysUserService.getByUsername(sysUserDTO.getUsername());
|
||||||
SysUser user = sysUserService.getByUsername(sysUserDto.getUsername());
|
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
return R.failed(BaseResultCode.LOGIC_CHECK_ERROR, "用户名已存在");
|
return R.failed(BaseResultCode.LOGIC_CHECK_ERROR, "用户名已存在");
|
||||||
}
|
}
|
||||||
return sysUserService.addSysUser(sysUserDto) ? R.ok()
|
// 明文密码
|
||||||
|
String password = PasswordUtil.decodeAES(sysUserDTO.getPass(), passwordSecretKey);
|
||||||
|
sysUserDTO.setPassword(password);
|
||||||
|
return sysUserService.addSysUser(sysUserDTO) ? R.ok()
|
||||||
: R.failed(BaseResultCode.UPDATE_DATABASE_ERROR, "新增系统用户失败");
|
: R.failed(BaseResultCode.UPDATE_DATABASE_ERROR, "新增系统用户失败");
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -164,10 +174,14 @@ public class SysUserController {
|
|||||||
@UpdateOperationLogging(msg = "修改系统用户密码")
|
@UpdateOperationLogging(msg = "修改系统用户密码")
|
||||||
@PreAuthorize("@per.hasPermission('sys:sysuser:pass')")
|
@PreAuthorize("@per.hasPermission('sys:sysuser:pass')")
|
||||||
public R<?> updateUserPass(@PathVariable Integer userId, @RequestBody SysUserPassDTO sysUserPassDTO) {
|
public R<?> updateUserPass(@PathVariable Integer userId, @RequestBody SysUserPassDTO sysUserPassDTO) {
|
||||||
if (!sysUserPassDTO.getPass().equals(sysUserPassDTO.getConfirmPass())) {
|
String pass = sysUserPassDTO.getPass();
|
||||||
|
if (!pass.equals(sysUserPassDTO.getConfirmPass())) {
|
||||||
return R.failed(SystemResultCode.BAD_REQUEST, "错误的密码!");
|
return R.failed(SystemResultCode.BAD_REQUEST, "错误的密码!");
|
||||||
}
|
}
|
||||||
return sysUserService.updateUserPass(userId, sysUserPassDTO.getPass()) ? R.ok()
|
|
||||||
|
// 明文密码
|
||||||
|
String password = PasswordUtil.decodeAES(pass, passwordSecretKey);
|
||||||
|
return sysUserService.updatePassword(userId, password) ? R.ok()
|
||||||
: R.failed(BaseResultCode.UPDATE_DATABASE_ERROR, "修改用户密码失败!");
|
: R.failed(BaseResultCode.UPDATE_DATABASE_ERROR, "修改用户密码失败!");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -74,7 +74,7 @@ public interface SysUserMapper extends ExtendMapper<SysUser> {
|
|||||||
* @param password 密码
|
* @param password 密码
|
||||||
* @return 更新条数
|
* @return 更新条数
|
||||||
*/
|
*/
|
||||||
default boolean updateUserPassword(Integer userId, String password) {
|
default boolean updatePassword(Integer userId, String password) {
|
||||||
int i = this.update(null,
|
int i = this.update(null,
|
||||||
Wrappers.<SysUser>lambdaUpdate().eq(SysUser::getUserId, userId).set(SysUser::getPassword, password));
|
Wrappers.<SysUser>lambdaUpdate().eq(SysUser::getUserId, userId).set(SysUser::getPassword, password));
|
||||||
return SqlHelper.retBool(i);
|
return SqlHelper.retBool(i);
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ import com.hccake.ballcat.admin.modules.sys.model.dto.SysUserDTO;
|
|||||||
import com.hccake.ballcat.admin.modules.sys.model.entity.SysUser;
|
import com.hccake.ballcat.admin.modules.sys.model.entity.SysUser;
|
||||||
import com.hccake.ballcat.admin.modules.sys.model.vo.SysUserVO;
|
import com.hccake.ballcat.admin.modules.sys.model.vo.SysUserVO;
|
||||||
import org.mapstruct.Mapper;
|
import org.mapstruct.Mapper;
|
||||||
|
import org.mapstruct.Mapping;
|
||||||
import org.mapstruct.factory.Mappers;
|
import org.mapstruct.factory.Mappers;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -21,6 +22,7 @@ public interface SysUserConverter {
|
|||||||
* @param sysUserDTO 系统用户DTO
|
* @param sysUserDTO 系统用户DTO
|
||||||
* @return SysUser 系统用户
|
* @return SysUser 系统用户
|
||||||
*/
|
*/
|
||||||
|
@Mapping(target = "password", ignore = true)
|
||||||
SysUser dtoToPo(SysUserDTO sysUserDTO);
|
SysUser dtoToPo(SysUserDTO sysUserDTO);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
package com.hccake.ballcat.admin.modules.sys.model.dto;
|
package com.hccake.ballcat.admin.modules.sys.model.dto;
|
||||||
|
|
||||||
|
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||||
import com.hccake.ballcat.common.core.desensite.annotation.JsonRegexDesensitize;
|
import com.hccake.ballcat.common.core.desensite.annotation.JsonRegexDesensitize;
|
||||||
import com.hccake.ballcat.common.core.desensite.enums.RegexDesensitizationTypeEnum;
|
import com.hccake.ballcat.common.core.desensite.enums.RegexDesensitizationTypeEnum;
|
||||||
import io.swagger.annotations.ApiModelProperty;
|
import io.swagger.annotations.ApiModelProperty;
|
||||||
@@ -27,6 +28,12 @@ public class SysUserDTO {
|
|||||||
@ApiModelProperty(value = "前端传入密码")
|
@ApiModelProperty(value = "前端传入密码")
|
||||||
private String pass;
|
private String pass;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 用户明文密码, 不参与前后端交互
|
||||||
|
*/
|
||||||
|
@JsonIgnore
|
||||||
|
private String password;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 登录账号
|
* 登录账号
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -77,10 +77,10 @@ public interface SysUserService extends ExtendService<SysUser> {
|
|||||||
/**
|
/**
|
||||||
* 修改用户密码
|
* 修改用户密码
|
||||||
* @param userId 用户ID
|
* @param userId 用户ID
|
||||||
* @param pass 未加密的密码
|
* @param password 明文密码
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
boolean updateUserPass(Integer userId, String pass);
|
boolean updatePassword(Integer userId, String password);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 批量修改用户状态
|
* 批量修改用户状态
|
||||||
|
|||||||
@@ -25,7 +25,6 @@ import com.hccake.ballcat.common.core.domain.SelectData;
|
|||||||
import com.hccake.ballcat.common.core.util.PasswordUtil;
|
import com.hccake.ballcat.common.core.util.PasswordUtil;
|
||||||
import com.hccake.extend.mybatis.plus.service.impl.ExtendServiceImpl;
|
import com.hccake.extend.mybatis.plus.service.impl.ExtendServiceImpl;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
|
||||||
import org.springframework.context.ApplicationEventPublisher;
|
import org.springframework.context.ApplicationEventPublisher;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
import org.springframework.transaction.annotation.Transactional;
|
||||||
@@ -60,9 +59,6 @@ public class SysUserServiceImpl extends ExtendServiceImpl<SysUserMapper, SysUser
|
|||||||
|
|
||||||
private final ApplicationEventPublisher publisher;
|
private final ApplicationEventPublisher publisher;
|
||||||
|
|
||||||
@Value("${password.secret-key}")
|
|
||||||
private String secretKey;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 根据QueryObject查询分页数据
|
* 根据QueryObject查询分页数据
|
||||||
* @param pageParam 分页参数
|
* @param pageParam 分页参数
|
||||||
@@ -135,9 +131,10 @@ public class SysUserServiceImpl extends ExtendServiceImpl<SysUserMapper, SysUser
|
|||||||
SysUser sysUser = SysUserConverter.INSTANCE.dtoToPo(sysUserDto);
|
SysUser sysUser = SysUserConverter.INSTANCE.dtoToPo(sysUserDto);
|
||||||
sysUser.setStatus(SysUserConst.Status.NORMAL.getValue());
|
sysUser.setStatus(SysUserConst.Status.NORMAL.getValue());
|
||||||
sysUser.setType(SysUserConst.Type.SYSTEM.getValue());
|
sysUser.setType(SysUserConst.Type.SYSTEM.getValue());
|
||||||
|
// 对密码进行 BCrypt 加密
|
||||||
String password = PasswordUtil.decodeAesAndEncodeBCrypt(sysUserDto.getPass(), secretKey);
|
String password = sysUserDto.getPassword();
|
||||||
sysUser.setPassword(password);
|
String bCryptPassword = PasswordUtil.encodeBCrypt(password);
|
||||||
|
sysUser.setPassword(bCryptPassword);
|
||||||
boolean result = SqlHelper.retBool(baseMapper.insert(sysUser));
|
boolean result = SqlHelper.retBool(baseMapper.insert(sysUser));
|
||||||
if (result) {
|
if (result) {
|
||||||
publisher.publishEvent(new UserChangeEvent(sysUser));
|
publisher.publishEvent(new UserChangeEvent(sysUser));
|
||||||
@@ -187,14 +184,15 @@ public class SysUserServiceImpl extends ExtendServiceImpl<SysUserMapper, SysUser
|
|||||||
/**
|
/**
|
||||||
* 修改用户密码
|
* 修改用户密码
|
||||||
* @param userId 用户ID
|
* @param userId 用户ID
|
||||||
* @param pass 明文密码
|
* @param password 明文密码
|
||||||
* @return 更新成功:true
|
* @return 更新成功:true
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean updateUserPass(Integer userId, String pass) {
|
public boolean updatePassword(Integer userId, String password) {
|
||||||
Assert.isTrue(adminUserChecker.hasModifyPermission(getById(userId)), "当前用户不允许修改!");
|
Assert.isTrue(adminUserChecker.hasModifyPermission(getById(userId)), "当前用户不允许修改!");
|
||||||
String password = PasswordUtil.decodeAesAndEncodeBCrypt(pass, secretKey);
|
// BCrypt 加密
|
||||||
return baseMapper.updateUserPassword(userId, password);
|
String bCryptPassword = PasswordUtil.encodeBCrypt(password);
|
||||||
|
return baseMapper.updatePassword(userId, bCryptPassword);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -21,16 +21,6 @@ public class PasswordUtil {
|
|||||||
|
|
||||||
public static final PasswordEncoder ENCODER = new BCryptPasswordEncoder();
|
public static final PasswordEncoder ENCODER = new BCryptPasswordEncoder();
|
||||||
|
|
||||||
/**
|
|
||||||
* 将前端传递过来的密文解密后再进行加密
|
|
||||||
* @param pass AES加密后的密文
|
|
||||||
* @param secretKey 密钥
|
|
||||||
* @return BCrypt加密后的密文密码
|
|
||||||
*/
|
|
||||||
public static String decodeAesAndEncodeBCrypt(String pass, String secretKey) {
|
|
||||||
return encodeBCrypt(decodeAES(pass, secretKey));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 将前端传递过来的密文解密为明文
|
* 将前端传递过来的密文解密为明文
|
||||||
* @param aesPass AES加密后的密文
|
* @param aesPass AES加密后的密文
|
||||||
|
|||||||
Reference in New Issue
Block a user