refactor: 优化密码策略处理

2025-11-10 13:01:43 +08:00 · 2024-05-15 23:14:51 +08:00
parent d44fb3a681
commit 90ecaab632
23 changed files with 303 additions and 270 deletions
--- a/continew-admin-webapi/src/main/java/top/continew/admin/webapi/auth/AuthController.java
+++ b/continew-admin-webapi/src/main/java/top/continew/admin/webapi/auth/AuthController.java
@@ -23,6 +23,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.enums.ParameterIn;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
@@ -68,7 +69,7 @@ public class AuthController {
    @SaIgnore
    @Operation(summary = "账号登录", description = "根据账号和密码进行登录认证")
    @PostMapping("/account")
-    public R<LoginResp> accountLogin(@Validated @RequestBody AccountLoginReq loginReq) {
+    public R<LoginResp> accountLogin(@Validated @RequestBody AccountLoginReq loginReq, HttpServletRequest request) {
        String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + loginReq.getUuid();
        String captcha = RedisUtils.get(captchaKey);
        ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);
@@ -77,21 +78,7 @@ public class AuthController {
        // 用户登录
        String rawPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(loginReq.getPassword()));
        ValidationUtils.throwIfBlank(rawPassword, "密码解密失败");
-        String token = loginService.accountLogin(loginReq.getUsername(), rawPassword);
-        return R.ok(LoginResp.builder().token(token).build());
-    }
-
-    @SaIgnore
-    @Operation(summary = "邮箱登录", description = "根据邮箱和验证码进行登录认证")
-    @PostMapping("/email")
-    public R<LoginResp> emailLogin(@Validated @RequestBody EmailLoginReq loginReq) {
-        String email = loginReq.getEmail();
-        String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + email;
-        String captcha = RedisUtils.get(captchaKey);
-        ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);
-        ValidationUtils.throwIfNotEqualIgnoreCase(loginReq.getCaptcha(), captcha, CAPTCHA_ERROR);
-        RedisUtils.delete(captchaKey);
-        String token = loginService.emailLogin(email);
+        String token = loginService.accountLogin(loginReq.getUsername(), rawPassword, request);
        return R.ok(LoginResp.builder().token(token).build());
    }

@@ -109,6 +96,20 @@ public class AuthController {
        return R.ok(LoginResp.builder().token(token).build());
    }

+    @SaIgnore
+    @Operation(summary = "邮箱登录", description = "根据邮箱和验证码进行登录认证")
+    @PostMapping("/email")
+    public R<LoginResp> emailLogin(@Validated @RequestBody EmailLoginReq loginReq) {
+        String email = loginReq.getEmail();
+        String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + email;
+        String captcha = RedisUtils.get(captchaKey);
+        ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);
+        ValidationUtils.throwIfNotEqualIgnoreCase(loginReq.getCaptcha(), captcha, CAPTCHA_ERROR);
+        RedisUtils.delete(captchaKey);
+        String token = loginService.emailLogin(email);
+        return R.ok(LoginResp.builder().token(token).build());
+    }
+
    @Operation(summary = "用户退出", description = "注销用户的当前登录")
    @Parameter(name = "Authorization", description = "令牌", required = true, example = "Bearer xxxx-xxxx-xxxx-xxxx", in = ParameterIn.HEADER)
    @PostMapping("/logout")
--- a/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/UserController.java
+++ b/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/UserController.java
@@ -61,7 +61,7 @@ public class UserController extends BaseController<UserService, UserResp, UserDe
        String rawPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(req.getPassword()));
        ValidationUtils.throwIfNull(rawPassword, "密码解密失败");
        ValidationUtils.throwIf(!ReUtil
-            .isMatch(RegexConstants.PASSWORD, rawPassword), "密码长度为 6 到 32 位，可以包含字母、数字、下划线，特殊字符，同时包含字母和数字");
+            .isMatch(RegexConstants.PASSWORD, rawPassword), "密码长度为 8-32 个字符，支持大小写字母、数字、特殊字符，至少包含字母和数字");
        req.setPassword(rawPassword);
        return super.add(req);
    }
@@ -74,7 +74,7 @@ public class UserController extends BaseController<UserService, UserResp, UserDe
        String rawNewPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(req.getNewPassword()));
        ValidationUtils.throwIfNull(rawNewPassword, "新密码解密失败");
        ValidationUtils.throwIf(!ReUtil
-            .isMatch(RegexConstants.PASSWORD, rawNewPassword), "密码长度为 6 到 32 位，可以包含字母、数字、下划线，特殊字符，同时包含字母和数字");
+            .isMatch(RegexConstants.PASSWORD, rawNewPassword), "密码长度为 8-32 个字符，支持大小写字母、数字、特殊字符，至少包含字母和数字");
        req.setNewPassword(rawNewPassword);
        baseService.resetPassword(req, id);
        return R.ok("重置密码成功");