ContiNew/continew-admin
1
1
Fork 0
mirror of https://github.com/continew-org/continew-admin.git synced 2025-10-31 22:57:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor: 适配 ContiNew Starter 加密模块(安全模块)

Browse Source
This commit is contained in:
Charles7c
2024-02-08 23:19:37 +08:00
parent 2109789116
commit 6435175dc3
10 changed files with 89 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
continew-admin-common/pom.xml
View File

@@ -96,6 +96,12 @@
<artifactId>continew-starter-file-excel</artifactId> <artifactId>continew-starter-file-excel</artifactId>
</dependency> </dependency>
<!-- ContiNew Starter 安全模块 - 加密 -->
<dependency>
<groupId>top.charles7c.continew</groupId>
<artifactId>continew-starter-security-crypto</artifactId>
</dependency>
<!-- ContiNew Starter 安全模块 - 脱敏 --> <!-- ContiNew Starter 安全模块 - 脱敏 -->
<dependency> <dependency>
<groupId>top.charles7c.continew</groupId> <groupId>top.charles7c.continew</groupId>

29
continew-admin-common/src/main/java/top/charles7c/continew/admin/common/config/mybatis/BCryptEncryptor.java Normal file
View File

@@ -0,0 +1,29 @@
package top.charles7c.continew.admin.common.config.mybatis;
import org.springframework.security.crypto.password.PasswordEncoder;
import top.charles7c.continew.starter.security.crypto.encryptor.IEncryptor;
/**
* BCrypt 加/解密处理器(不可逆)
*
* @author Charles7c
* @since 2024/2/8 22:29
*/
public class BCryptEncryptor implements IEncryptor {
private final PasswordEncoder passwordEncoder;
public BCryptEncryptor(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
@Override
public String encrypt(String plaintext, String password, String publicKey) throws Exception {
return passwordEncoder.encode(plaintext);
}
@Override
public String decrypt(String ciphertext, String password, String privateKey) throws Exception {
return ciphertext;
}
}

9
continew-admin-common/src/main/java/top/charles7c/continew/admin/common/config/mybatis/MybatisPlusConfiguration.java
View File

@@ -21,6 +21,7 @@ import org.springframework.context.annotation.Configuration;
import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler; import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;
import org.springframework.security.crypto.password.PasswordEncoder;
import top.charles7c.continew.starter.data.mybatis.plus.datapermission.DataPermissionFilter; import top.charles7c.continew.starter.data.mybatis.plus.datapermission.DataPermissionFilter;
/** /**
@@ -47,4 +48,12 @@ public class MybatisPlusConfiguration {
public DataPermissionFilter dataPermissionFilter() { public DataPermissionFilter dataPermissionFilter() {
return new DataPermissionFilterImpl(); return new DataPermissionFilterImpl();
} }
/**
* BCrypt 加/解密处理器
*/
@Bean
public BCryptEncryptor bCryptEncryptor(PasswordEncoder passwordEncoder) {
return new BCryptEncryptor(passwordEncoder);
}
} }

2
continew-admin-common/src/main/java/top/charles7c/continew/admin/common/config/properties/RsaProperties.java
View File

@@ -31,7 +31,7 @@ public class RsaProperties {
public static final String PRIVATE_KEY; public static final String PRIVATE_KEY;
static { static {
PRIVATE_KEY = SpringUtil.getProperty("rsa.privateKey"); PRIVATE_KEY = SpringUtil.getProperty("continew-starter.security.crypto.private-key");
} }
private RsaProperties() { private RsaProperties() {

16
continew-admin-system/src/main/java/top/charles7c/continew/admin/system/model/entity/UserDO.java
View File

@@ -16,16 +16,17 @@
package top.charles7c.continew.admin.system.model.entity; package top.charles7c.continew.admin.system.model.entity;
import java.io.Serial;
import java.time.LocalDateTime;
import lombok.Data;
import com.baomidou.mybatisplus.annotation.TableName; import com.baomidou.mybatisplus.annotation.TableName;
import lombok.Data;
import top.charles7c.continew.admin.common.config.mybatis.BCryptEncryptor;
import top.charles7c.continew.admin.common.enums.DisEnableStatusEnum; import top.charles7c.continew.admin.common.enums.DisEnableStatusEnum;
import top.charles7c.continew.admin.common.enums.GenderEnum; import top.charles7c.continew.admin.common.enums.GenderEnum;
import top.charles7c.continew.starter.extension.crud.model.entity.BaseDO; import top.charles7c.continew.starter.extension.crud.model.entity.BaseDO;
import top.charles7c.continew.starter.security.crypto.annotation.FieldEncrypt;
import top.charles7c.continew.starter.security.crypto.enums.Algorithm;
import java.io.Serial;
import java.time.LocalDateTime;
/** /**
* 用户实体 * 用户实体
@@ -53,6 +54,7 @@ public class UserDO extends BaseDO {
/** /**
* 密码 * 密码
*/ */
@FieldEncrypt(encryptor = BCryptEncryptor.class)
private String password; private String password;
/** /**
@@ -63,11 +65,13 @@ public class UserDO extends BaseDO {
/** /**
* 邮箱 * 邮箱
*/ */
@FieldEncrypt(Algorithm.AES)
private String email; private String email;
/** /**
* 手机号码 * 手机号码
*/ */
@FieldEncrypt(Algorithm.AES)
private String phone; private String phone;
/** /**

12
continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
View File

@@ -93,7 +93,6 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
String phone = req.getPhone(); String phone = req.getPhone();
CheckUtils.throwIf(StrUtil.isNotBlank(phone) && this.isPhoneExists(phone, null), errorMsgTemplate, phone); CheckUtils.throwIf(StrUtil.isNotBlank(phone) && this.isPhoneExists(phone, null), errorMsgTemplate, phone);
req.setStatus(DisEnableStatusEnum.ENABLE); req.setStatus(DisEnableStatusEnum.ENABLE);
req.setPassword(passwordEncoder.encode(req.getPassword()));
} }
@Override @Override
@@ -201,12 +200,9 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), "当前密码错误"); CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), "当前密码错误");
} }
// 更新密码和密码重置时间 // 更新密码和密码重置时间
LocalDateTime now = LocalDateTime.now(); user.setPassword(newPassword);
baseMapper.lambdaUpdate() user.setPwdResetTime(LocalDateTime.now());
.set(UserDO::getPassword, passwordEncoder.encode(newPassword)) baseMapper.updateById(user);
.set(UserDO::getPwdResetTime, now)
.eq(UserDO::getId, id)
.update();
} }
@Override @Override
@@ -234,7 +230,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
@Override @Override
public void resetPassword(UserPasswordResetReq req, Long id) { public void resetPassword(UserPasswordResetReq req, Long id) {
UserDO user = super.getById(id); UserDO user = super.getById(id);
user.setPassword(passwordEncoder.encode(req.getNewPassword())); user.setPassword(req.getNewPassword());
user.setPwdResetTime(LocalDateTime.now()); user.setPwdResetTime(LocalDateTime.now());
baseMapper.updateById(user); baseMapper.updateById(user);
} }

15
continew-admin-webapi/src/main/resources/config/application-dev.yml
View File

@@ -236,6 +236,16 @@ sa-token.extension:
# 本地存储资源 # 本地存储资源
- /file/** - /file/**
--- ### 字段加/解密配置
continew-starter.security:
crypto:
enabled: true
# 对称加密算法密钥
password: abcdefghijklmnop
# 非对称加密算法密钥(在线生成 RSA 密钥对http://web.chacuo.net/netrsakeypair
public-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM51dgYtMyF+tTQt80sfFOpSV27a7t9uaUVeFrdGiVxscuizE7H8SMntYqfn9lp8a5GH5P1/GGehVjUD2gF/4kcCAwEAAQ==
private-key: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAznV2Bi0zIX61NC3zSx8U6lJXbtru325pRV4Wt0aJXGxy6LMTsfxIye1ip+f2WnxrkYfk/X8YZ6FWNQPaAX/iRwIDAQABAkEAk/VcAusrpIqA5Ac2P5Tj0VX3cOuXmyouaVcXonr7f+6y2YTjLQuAnkcfKKocQI/juIRQBFQIqqW/m1nmz1wGeQIhAO8XaA/KxzOIgU0l/4lm0A2Wne6RokJ9HLs1YpOzIUmVAiEA3Q9DQrpAlIuiT1yWAGSxA9RxcjUM/1kdVLTkv0avXWsCIE0X8woEjK7lOSwzMG6RpEx9YHdopjViOj1zPVH61KTxAiBmv/dlhqkJ4rV46fIXELZur0pj6WC3N7a4brR8a+CLLQIhAMQyerWl2cPNVtE/8tkziHKbwW3ZUiBXU24wFxedT9iV
--- ### 密码编码器配置 --- ### 密码编码器配置
continew-starter.security: continew-starter.security:
password: password:
@@ -243,11 +253,6 @@ continew-starter.security:
# BCryptPasswordEncoder # BCryptPasswordEncoder
encoding-id: bcrypt encoding-id: bcrypt
--- ### 非对称加密配置(例如:密码加密传输,前端公钥加密,后端私钥解密;在线生成 RSA 密钥对http://web.chacuo.net/netrsakeypair
rsa:
# 私钥
privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAznV2Bi0zIX61NC3zSx8U6lJXbtru325pRV4Wt0aJXGxy6LMTsfxIye1ip+f2WnxrkYfk/X8YZ6FWNQPaAX/iRwIDAQABAkEAk/VcAusrpIqA5Ac2P5Tj0VX3cOuXmyouaVcXonr7f+6y2YTjLQuAnkcfKKocQI/juIRQBFQIqqW/m1nmz1wGeQIhAO8XaA/KxzOIgU0l/4lm0A2Wne6RokJ9HLs1YpOzIUmVAiEA3Q9DQrpAlIuiT1yWAGSxA9RxcjUM/1kdVLTkv0avXWsCIE0X8woEjK7lOSwzMG6RpEx9YHdopjViOj1zPVH61KTxAiBmv/dlhqkJ4rV46fIXELZur0pj6WC3N7a4brR8a+CLLQIhAMQyerWl2cPNVtE/8tkziHKbwW3ZUiBXU24wFxedT9iV
--- ### 文件上传配置 --- ### 文件上传配置
spring.servlet: spring.servlet:
multipart: multipart:

15
continew-admin-webapi/src/main/resources/config/application-prod.yml
View File

@@ -235,6 +235,16 @@ sa-token.extension:
# 本地存储资源 # 本地存储资源
- /file/** - /file/**
--- ### 字段加/解密配置
continew-starter.security:
crypto:
enabled: true
# 对称加密算法密钥
password: abcdefghijklmnop
# 非对称加密算法密钥(在线生成 RSA 密钥对http://web.chacuo.net/netrsakeypair
public-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM51dgYtMyF+tTQt80sfFOpSV27a7t9uaUVeFrdGiVxscuizE7H8SMntYqfn9lp8a5GH5P1/GGehVjUD2gF/4kcCAwEAAQ==
private-key: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAznV2Bi0zIX61NC3zSx8U6lJXbtru325pRV4Wt0aJXGxy6LMTsfxIye1ip+f2WnxrkYfk/X8YZ6FWNQPaAX/iRwIDAQABAkEAk/VcAusrpIqA5Ac2P5Tj0VX3cOuXmyouaVcXonr7f+6y2YTjLQuAnkcfKKocQI/juIRQBFQIqqW/m1nmz1wGeQIhAO8XaA/KxzOIgU0l/4lm0A2Wne6RokJ9HLs1YpOzIUmVAiEA3Q9DQrpAlIuiT1yWAGSxA9RxcjUM/1kdVLTkv0avXWsCIE0X8woEjK7lOSwzMG6RpEx9YHdopjViOj1zPVH61KTxAiBmv/dlhqkJ4rV46fIXELZur0pj6WC3N7a4brR8a+CLLQIhAMQyerWl2cPNVtE/8tkziHKbwW3ZUiBXU24wFxedT9iV
--- ### 密码编码器配置 --- ### 密码编码器配置
continew-starter.security: continew-starter.security:
password: password:
@@ -242,11 +252,6 @@ continew-starter.security:
# BCryptPasswordEncoder # BCryptPasswordEncoder
encoding-id: bcrypt encoding-id: bcrypt
--- ### 非对称加密配置(例如:密码加密传输,前端公钥加密,后端私钥解密;在线生成 RSA 密钥对http://web.chacuo.net/netrsakeypair
rsa:
# 私钥
privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAznV2Bi0zIX61NC3zSx8U6lJXbtru325pRV4Wt0aJXGxy6LMTsfxIye1ip+f2WnxrkYfk/X8YZ6FWNQPaAX/iRwIDAQABAkEAk/VcAusrpIqA5Ac2P5Tj0VX3cOuXmyouaVcXonr7f+6y2YTjLQuAnkcfKKocQI/juIRQBFQIqqW/m1nmz1wGeQIhAO8XaA/KxzOIgU0l/4lm0A2Wne6RokJ9HLs1YpOzIUmVAiEA3Q9DQrpAlIuiT1yWAGSxA9RxcjUM/1kdVLTkv0avXWsCIE0X8woEjK7lOSwzMG6RpEx9YHdopjViOj1zPVH61KTxAiBmv/dlhqkJ4rV46fIXELZur0pj6WC3N7a4brR8a+CLLQIhAMQyerWl2cPNVtE/8tkziHKbwW3ZUiBXU24wFxedT9iV
--- ### 文件上传配置 --- ### 文件上传配置
spring.servlet: spring.servlet:
multipart: multipart:

4
continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_column.sql
View File

@@ -6,3 +6,7 @@ ALTER TABLE `sys_log` ADD COLUMN `trace_id` varchar(255) NULL COMMENT '链路ID'
-- changeset Charles7c:2 -- changeset Charles7c:2
ALTER TABLE `sys_user` ALTER TABLE `sys_user`
MODIFY COLUMN `password` varchar(255) DEFAULT NULL COMMENT '密码(加密)' AFTER `nickname`; MODIFY COLUMN `password` varchar(255) DEFAULT NULL COMMENT '密码(加密)' AFTER `nickname`;
-- changeset Charles7c:3
ALTER TABLE `sys_user`
MODIFY COLUMN `phone` varchar(255) DEFAULT NULL COMMENT '手机号码' AFTER `email`;

4
continew-admin-webapi/src/main/resources/db/changelog/v2.4.0/continew-admin_data.sql
View File

@@ -3,3 +3,7 @@
-- changeset Charles7c:1 -- changeset Charles7c:1
UPDATE `sys_user` SET `password` = '{bcrypt}$2a$10$4jGwK2BMJ7FgVR.mgwGodey8.xR8FLoU1XSXpxJ9nZQt.pufhasSa' WHERE `username` = 'admin'; UPDATE `sys_user` SET `password` = '{bcrypt}$2a$10$4jGwK2BMJ7FgVR.mgwGodey8.xR8FLoU1XSXpxJ9nZQt.pufhasSa' WHERE `username` = 'admin';
UPDATE `sys_user` SET `password` = '{bcrypt}$2a$10$meMbyso06lupZjxT88fG8undZo6.DSNUmifRfnnre8r/s13ciq6M6' WHERE `username` = 'test'; UPDATE `sys_user` SET `password` = '{bcrypt}$2a$10$meMbyso06lupZjxT88fG8undZo6.DSNUmifRfnnre8r/s13ciq6M6' WHERE `username` = 'test';
-- changeset Charles7c:2
UPDATE `sys_user` SET `email` = '42190c6c5639d2ca4edb4150a35e058559ccf8270361a23745a2fd285a273c28' WHERE `username` = 'admin';
UPDATE `sys_user` SET `phone` = '5bda89a4609a65546422ea56bfe5eab4' WHERE `username` = 'admin';