refactor: 使用密码编码器重构密码加密、密码判断等相关处理

采用 BCryptPasswordEncoder，并动态兼容

continew-admin-system/src/main/java/top/charles7c/continew/admin/auth/service/impl/LoginServiceImpl.java

@@ -27,6 +27,7 @@ import cn.hutool.core.util.StrUtil;
 import cn.hutool.json.JSONUtil;
 import lombok.RequiredArgsConstructor;
 import me.zhyd.oauth.model.AuthUser;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import top.charles7c.continew.admin.auth.model.resp.MetaResp;
 import top.charles7c.continew.admin.auth.model.resp.RouteResp;
@@ -39,7 +40,6 @@ import top.charles7c.continew.admin.common.enums.GenderEnum;
 import top.charles7c.continew.admin.common.enums.MenuTypeEnum;
 import top.charles7c.continew.admin.common.enums.MessageTypeEnum;
 import top.charles7c.continew.admin.common.model.dto.LoginUser;
-import top.charles7c.continew.admin.common.util.SecureUtils;
 import top.charles7c.continew.admin.common.util.helper.LoginHelper;
 import top.charles7c.continew.admin.system.enums.MessageTemplateEnum;
 import top.charles7c.continew.admin.system.model.entity.DeptDO;
@@ -77,13 +77,13 @@ public class LoginServiceImpl implements LoginService {
     private final UserRoleService userRoleService;
     private final UserSocialService userSocialService;
     private final MessageService messageService;
+    private final PasswordEncoder passwordEncoder;
 
     @Override
     public String accountLogin(String username, String password) {
         UserDO user = userService.getByUsername(username);
         CheckUtils.throwIfNull(user, "用户名或密码不正确");
-        Long userId = user.getId();
-        CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(password, userId.toString()), user.getPassword(), "用户名或密码不正确");
+        CheckUtils.throwIf(!passwordEncoder.matches(password, user.getPassword()), "用户名或密码不正确");
         this.checkUserStatus(user);
         return this.login(user);
     }

continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java

@@ -27,6 +27,7 @@ import com.alicp.jetcache.anno.Cached;
 import lombok.RequiredArgsConstructor;
 import org.dromara.x.file.storage.core.FileInfo;
 import org.dromara.x.file.storage.core.FileStorageService;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.multipart.MultipartFile;
@@ -34,7 +35,6 @@ import top.charles7c.continew.admin.common.constant.CacheConstants;
 import top.charles7c.continew.admin.common.constant.FileConstants;
 import top.charles7c.continew.admin.common.constant.SysConstants;
 import top.charles7c.continew.admin.common.enums.DisEnableStatusEnum;
-import top.charles7c.continew.admin.common.util.SecureUtils;
 import top.charles7c.continew.admin.common.util.helper.LoginHelper;
 import top.charles7c.continew.admin.system.mapper.UserMapper;
 import top.charles7c.continew.admin.system.model.entity.UserDO;
@@ -72,6 +72,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     private final UserRoleService userRoleService;
     private final FileService fileService;
     private final FileStorageService fileStorageService;
+    private final PasswordEncoder passwordEncoder;
 
     @Override
     public Long add(UserDO user) {
@@ -95,7 +96,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     protected void afterAdd(UserReq req, UserDO user) {
         Long userId = user.getId();
         baseMapper.lambdaUpdate()
-            .set(UserDO::getPassword, SecureUtils.md5Salt(SysConstants.DEFAULT_PASSWORD, userId.toString()))
+            .set(UserDO::getPassword, passwordEncoder.encode(SysConstants.DEFAULT_PASSWORD))
             .set(UserDO::getPwdResetTime, LocalDateTime.now())
             .eq(UserDO::getId, userId)
             .update();
@@ -198,12 +199,12 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
         UserDO user = super.getById(id);
         String password = user.getPassword();
         if (StrUtil.isNotBlank(password)) {
-            CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(oldPassword, id.toString()), password, "当前密码错误");
+            CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), "当前密码错误");
         }
         // 更新密码和密码重置时间
         LocalDateTime now = LocalDateTime.now();
         baseMapper.lambdaUpdate()
-            .set(UserDO::getPassword, SecureUtils.md5Salt(newPassword, id.toString()))
+            .set(UserDO::getPassword, passwordEncoder.encode(newPassword))
             .set(UserDO::getPwdResetTime, now)
             .eq(UserDO::getId, id)
             .update();
@@ -212,7 +213,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     @Override
     public void updatePhone(String newPhone, String currentPassword, Long id) {
         UserDO user = super.getById(id);
-        CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(currentPassword, id.toString()), user.getPassword(), "当前密码错误");
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
         Long count = baseMapper.lambdaQuery().eq(UserDO::getPhone, newPhone).count();
         CheckUtils.throwIf(count > 0, "手机号已绑定其他账号，请更换其他手机号");
         CheckUtils.throwIfEqual(newPhone, user.getPhone(), "新手机号不能与当前手机号相同");
@@ -223,7 +224,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     @Override
     public void updateEmail(String newEmail, String currentPassword, Long id) {
         UserDO user = super.getById(id);
-        CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(currentPassword, id.toString()), user.getPassword(), "当前密码错误");
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
         Long count = baseMapper.lambdaQuery().eq(UserDO::getEmail, newEmail).count();
         CheckUtils.throwIf(count > 0, "邮箱已绑定其他账号，请更换其他邮箱");
         CheckUtils.throwIfEqual(newEmail, user.getEmail(), "新邮箱不能与当前邮箱相同");
@@ -234,7 +235,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     @Override
     public void resetPassword(Long id) {
         UserDO user = super.getById(id);
-        user.setPassword(SecureUtils.md5Salt(SysConstants.DEFAULT_PASSWORD, id.toString()));
+        user.setPassword(passwordEncoder.encode(SysConstants.DEFAULT_PASSWORD));
         user.setPwdResetTime(LocalDateTime.now());
         baseMapper.updateById(user);
     }