refactor: 使用密码编码器重构密码加密、密码判断等相关处理

采用 BCryptPasswordEncoder，并动态兼容
2025-11-04 10:57:10 +08:00 · 2024-01-31 22:28:30 +08:00
parent 860ca403c2
commit 594f7fd042
7 changed files with 34 additions and 22 deletions
--- a/continew-admin-common/src/main/java/top/charles7c/continew/admin/common/util/SecureUtils.java
+++ b/continew-admin-common/src/main/java/top/charles7c/continew/admin/common/util/SecureUtils.java
@@ -66,15 +66,4 @@ public class SecureUtils {
    public static String decryptByRsaPrivateKey(String data, String privateKey) {
        return new String(SecureUtil.rsa(privateKey, null).decrypt(Base64.decode(data), KeyType.PrivateKey));
    }
-
-    /**
-     * MD5 加密
-     *
-     * @param data 要加密的内容
-     * @param salt 盐
-     * @return 加密后的内容
-     */
-    public static String md5Salt(String data, String salt) {
-        return SecureUtil.md5(SecureUtil.md5(data) + salt);
-    }
 }
--- a/continew-admin-system/src/main/java/top/charles7c/continew/admin/auth/service/impl/LoginServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/continew/admin/auth/service/impl/LoginServiceImpl.java
@@ -27,6 +27,7 @@ import cn.hutool.core.util.StrUtil;
 import cn.hutool.json.JSONUtil;
 import lombok.RequiredArgsConstructor;
 import me.zhyd.oauth.model.AuthUser;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import top.charles7c.continew.admin.auth.model.resp.MetaResp;
 import top.charles7c.continew.admin.auth.model.resp.RouteResp;
@@ -39,7 +40,6 @@ import top.charles7c.continew.admin.common.enums.GenderEnum;
 import top.charles7c.continew.admin.common.enums.MenuTypeEnum;
 import top.charles7c.continew.admin.common.enums.MessageTypeEnum;
 import top.charles7c.continew.admin.common.model.dto.LoginUser;
-import top.charles7c.continew.admin.common.util.SecureUtils;
 import top.charles7c.continew.admin.common.util.helper.LoginHelper;
 import top.charles7c.continew.admin.system.enums.MessageTemplateEnum;
 import top.charles7c.continew.admin.system.model.entity.DeptDO;
@@ -77,13 +77,13 @@ public class LoginServiceImpl implements LoginService {
    private final UserRoleService userRoleService;
    private final UserSocialService userSocialService;
    private final MessageService messageService;
+    private final PasswordEncoder passwordEncoder;

    @Override
    public String accountLogin(String username, String password) {
        UserDO user = userService.getByUsername(username);
        CheckUtils.throwIfNull(user, "用户名或密码不正确");
-        Long userId = user.getId();
-        CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(password, userId.toString()), user.getPassword(), "用户名或密码不正确");
+        CheckUtils.throwIf(!passwordEncoder.matches(password, user.getPassword()), "用户名或密码不正确");
        this.checkUserStatus(user);
        return this.login(user);
    }
--- a/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
@@ -27,6 +27,7 @@ import com.alicp.jetcache.anno.Cached;
 import lombok.RequiredArgsConstructor;
 import org.dromara.x.file.storage.core.FileInfo;
 import org.dromara.x.file.storage.core.FileStorageService;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.multipart.MultipartFile;
@@ -34,7 +35,6 @@ import top.charles7c.continew.admin.common.constant.CacheConstants;
 import top.charles7c.continew.admin.common.constant.FileConstants;
 import top.charles7c.continew.admin.common.constant.SysConstants;
 import top.charles7c.continew.admin.common.enums.DisEnableStatusEnum;
-import top.charles7c.continew.admin.common.util.SecureUtils;
 import top.charles7c.continew.admin.common.util.helper.LoginHelper;
 import top.charles7c.continew.admin.system.mapper.UserMapper;
 import top.charles7c.continew.admin.system.model.entity.UserDO;
@@ -72,6 +72,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
    private final UserRoleService userRoleService;
    private final FileService fileService;
    private final FileStorageService fileStorageService;
+    private final PasswordEncoder passwordEncoder;

    @Override
    public Long add(UserDO user) {
@@ -95,7 +96,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
    protected void afterAdd(UserReq req, UserDO user) {
        Long userId = user.getId();
        baseMapper.lambdaUpdate()
-            .set(UserDO::getPassword, SecureUtils.md5Salt(SysConstants.DEFAULT_PASSWORD, userId.toString()))
+            .set(UserDO::getPassword, passwordEncoder.encode(SysConstants.DEFAULT_PASSWORD))
            .set(UserDO::getPwdResetTime, LocalDateTime.now())
            .eq(UserDO::getId, userId)
            .update();
@@ -198,12 +199,12 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
        UserDO user = super.getById(id);
        String password = user.getPassword();
        if (StrUtil.isNotBlank(password)) {
-            CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(oldPassword, id.toString()), password, "当前密码错误");
+            CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), "当前密码错误");
        }
        // 更新密码和密码重置时间
        LocalDateTime now = LocalDateTime.now();
        baseMapper.lambdaUpdate()
-            .set(UserDO::getPassword, SecureUtils.md5Salt(newPassword, id.toString()))
+            .set(UserDO::getPassword, passwordEncoder.encode(newPassword))
            .set(UserDO::getPwdResetTime, now)
            .eq(UserDO::getId, id)
            .update();
@@ -212,7 +213,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
    @Override
    public void updatePhone(String newPhone, String currentPassword, Long id) {
        UserDO user = super.getById(id);
-        CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(currentPassword, id.toString()), user.getPassword(), "当前密码错误");
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
        Long count = baseMapper.lambdaQuery().eq(UserDO::getPhone, newPhone).count();
        CheckUtils.throwIf(count > 0, "手机号已绑定其他账号，请更换其他手机号");
        CheckUtils.throwIfEqual(newPhone, user.getPhone(), "新手机号不能与当前手机号相同");
@@ -223,7 +224,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
    @Override
    public void updateEmail(String newEmail, String currentPassword, Long id) {
        UserDO user = super.getById(id);
-        CheckUtils.throwIfNotEqual(SecureUtils.md5Salt(currentPassword, id.toString()), user.getPassword(), "当前密码错误");
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
        Long count = baseMapper.lambdaQuery().eq(UserDO::getEmail, newEmail).count();
        CheckUtils.throwIf(count > 0, "邮箱已绑定其他账号，请更换其他邮箱");
        CheckUtils.throwIfEqual(newEmail, user.getEmail(), "新邮箱不能与当前邮箱相同");
@@ -234,7 +235,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
    @Override
    public void resetPassword(Long id) {
        UserDO user = super.getById(id);
-        user.setPassword(SecureUtils.md5Salt(SysConstants.DEFAULT_PASSWORD, id.toString()));
+        user.setPassword(passwordEncoder.encode(SysConstants.DEFAULT_PASSWORD));
        user.setPwdResetTime(LocalDateTime.now());
        baseMapper.updateById(user);
    }
--- a/continew-admin-webapi/src/main/resources/config/application-dev.yml
+++ b/continew-admin-webapi/src/main/resources/config/application-dev.yml
@@ -245,6 +245,13 @@ spring.servlet:
    # 单次总上传文件大小限制
    max-request-size: 20MB

+--- ### 密码编码器配置
+continew-starter:
+  password-encoder:
+    enabled: true
+    # BCryptPasswordEncoder
+    encoding-id: bcrypt
+
 --- ### 非对称加密配置（例如：密码加密传输，前端公钥加密，后端私钥解密；在线生成 RSA 密钥对：http://web.chacuo.net/netrsakeypair）
 rsa:
  # 私钥
--- a/continew-admin-webapi/src/main/resources/config/application-prod.yml
+++ b/continew-admin-webapi/src/main/resources/config/application-prod.yml
@@ -245,6 +245,13 @@ spring.servlet:
    # 单次总上传文件大小限制
    max-request-size: 20MB

+--- ### 密码编码器配置
+continew-starter:
+  password-encoder:
+    enabled: true
+    # BCryptPasswordEncoder
+    encoding-id: bcrypt
+
 --- ### 非对称加密配置（例如：密码加密传输，前端公钥加密，后端私钥解密；在线生成 RSA 密钥对：http://web.chacuo.net/netrsakeypair）
 rsa:
  # 私钥
--- a/continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_column.sql
+++ b/continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_column.sql
@@ -2,3 +2,7 @@

 -- changeset Charles7c:1
 ALTER TABLE `sys_log` ADD COLUMN `trace_id` varchar(255) NULL COMMENT '链路ID' AFTER `id`;
+
+-- changeset Charles7c:2
+ALTER TABLE `sys_user`
+    MODIFY COLUMN `password` varchar(255) DEFAULT NULL COMMENT '密码（加密）' AFTER `nickname`;
--- a/continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_data.sql
+++ b/continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_data.sql
@@ -1 +1,5 @@
 -- liquibase formatted sql
+
+-- changeset Charles7c:1
+UPDATE `sys_user` SET `password` = '{bcrypt}$2a$10$4jGwK2BMJ7FgVR.mgwGodey8.xR8FLoU1XSXpxJ9nZQt.pufhasSa' WHERE `username` = 'admin';
+UPDATE `sys_user` SET `password` = '{bcrypt}$2a$10$meMbyso06lupZjxT88fG8undZo6.DSNUmifRfnnre8r/s13ciq6M6' WHERE `username` = 'test';