fix: 修复 BCryptEncryptor 在部分场景会导致重复加密的错误

2025-10-31 22:57:17 +08:00 · 2025-04-18 21:13:25 +08:00
parent bf3e1590fa
commit c9d5810f7d
4 changed files with 21 additions and 16 deletions
--- a/continew-common/src/main/java/top/continew/admin/common/config/mybatis/BCryptEncryptor.java
+++ b/continew-common/src/main/java/top/continew/admin/common/config/mybatis/BCryptEncryptor.java
@@ -19,6 +19,8 @@ package top.continew.admin.common.config.mybatis;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import top.continew.starter.security.crypto.encryptor.IEncryptor;

+import java.util.regex.Pattern;
+
 /**
 * BCrypt 加/解密处理器（不可逆）
 *
@@ -27,6 +29,10 @@ import top.continew.starter.security.crypto.encryptor.IEncryptor;
 */
 public class BCryptEncryptor implements IEncryptor {

+    /**
+     * BCrypt 正则表达式
+     */
+    private static final Pattern BCRYPT_PATTERN = Pattern.compile("\\A\\$2(a|y|b)?\\$(\\d\\d)\\$[./0-9A-Za-z]{53}");
    private final PasswordEncoder passwordEncoder;

    public BCryptEncryptor(PasswordEncoder passwordEncoder) {
@@ -34,12 +40,16 @@ public class BCryptEncryptor implements IEncryptor {
    }

    @Override
-    public String encrypt(String plaintext, String password, String publicKey) throws Exception {
+    public String encrypt(String plaintext, String password, String publicKey) {
+        // 如果已经是 BCrypt 加密格式，直接返回
+        if (BCRYPT_PATTERN.matcher(plaintext).matches()) {
+            return plaintext;
+        }
        return passwordEncoder.encode(plaintext);
    }

    @Override
-    public String decrypt(String ciphertext, String password, String privateKey) throws Exception {
+    public String decrypt(String ciphertext, String password, String privateKey) {
        return ciphertext;
    }
 }
--- a/continew-webapi/src/main/resources/config/application-dev.yml
+++ b/continew-webapi/src/main/resources/config/application-dev.yml
@@ -239,9 +239,8 @@ sa-token.extension:
    # 本地存储资源
    - /file/**

--- ### 安全配置
+--- ### 安全配置：字段加/解密配置
 continew-starter.security:
-  ## 字段加/解密配置
  crypto:
    enabled: true
    # 对称加密算法密钥
@@ -249,11 +248,6 @@ continew-starter.security:
    # 非对称加密算法密钥（在线生成 RSA 密钥对：http://web.chacuo.net/netrsakeypair）
    public-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM51dgYtMyF+tTQt80sfFOpSV27a7t9uaUVeFrdGiVxscuizE7H8SMntYqfn9lp8a5GH5P1/GGehVjUD2gF/4kcCAwEAAQ==
    private-key: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAznV2Bi0zIX61NC3zSx8U6lJXbtru325pRV4Wt0aJXGxy6LMTsfxIye1ip+f2WnxrkYfk/X8YZ6FWNQPaAX/iRwIDAQABAkEAk/VcAusrpIqA5Ac2P5Tj0VX3cOuXmyouaVcXonr7f+6y2YTjLQuAnkcfKKocQI/juIRQBFQIqqW/m1nmz1wGeQIhAO8XaA/KxzOIgU0l/4lm0A2Wne6RokJ9HLs1YpOzIUmVAiEA3Q9DQrpAlIuiT1yWAGSxA9RxcjUM/1kdVLTkv0avXWsCIE0X8woEjK7lOSwzMG6RpEx9YHdopjViOj1zPVH61KTxAiBmv/dlhqkJ4rV46fIXELZur0pj6WC3N7a4brR8a+CLLQIhAMQyerWl2cPNVtE/8tkziHKbwW3ZUiBXU24wFxedT9iV
-  ## 密码编码器配置
-  password:
-    enabled: true
-    # BCryptPasswordEncoder
-    encoding-id: bcrypt

 --- ### 限流器配置
 continew-starter:
--- a/continew-webapi/src/main/resources/config/application-prod.yml
+++ b/continew-webapi/src/main/resources/config/application-prod.yml
@@ -236,9 +236,8 @@ sa-token.extension:
    # 本地存储资源
    - /file/**

--- ### 安全配置
+--- ### 安全配置：字段加/解密配置
 continew-starter.security:
-  ## 字段加/解密配置
  crypto:
    enabled: true
    # 对称加密算法密钥
@@ -246,11 +245,6 @@ continew-starter.security:
    # 非对称加密算法密钥（在线生成 RSA 密钥对：http://web.chacuo.net/netrsakeypair）
    public-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM51dgYtMyF+tTQt80sfFOpSV27a7t9uaUVeFrdGiVxscuizE7H8SMntYqfn9lp8a5GH5P1/GGehVjUD2gF/4kcCAwEAAQ==
    private-key: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAznV2Bi0zIX61NC3zSx8U6lJXbtru325pRV4Wt0aJXGxy6LMTsfxIye1ip+f2WnxrkYfk/X8YZ6FWNQPaAX/iRwIDAQABAkEAk/VcAusrpIqA5Ac2P5Tj0VX3cOuXmyouaVcXonr7f+6y2YTjLQuAnkcfKKocQI/juIRQBFQIqqW/m1nmz1wGeQIhAO8XaA/KxzOIgU0l/4lm0A2Wne6RokJ9HLs1YpOzIUmVAiEA3Q9DQrpAlIuiT1yWAGSxA9RxcjUM/1kdVLTkv0avXWsCIE0X8woEjK7lOSwzMG6RpEx9YHdopjViOj1zPVH61KTxAiBmv/dlhqkJ4rV46fIXELZur0pj6WC3N7a4brR8a+CLLQIhAMQyerWl2cPNVtE/8tkziHKbwW3ZUiBXU24wFxedT9iV
-  ## 密码编码器配置
-  password:
-    enabled: true
-    # BCryptPasswordEncoder
-    encoding-id: bcrypt

 --- ### 限流器配置
 continew-starter:
--- a/continew-webapi/src/main/resources/config/application.yml
+++ b/continew-webapi/src/main/resources/config/application.yml
@@ -75,6 +75,13 @@ continew-starter.crud:
    name-key: title
    weight-key: sort

+--- ### 安全配置：密码编码器配置
+continew-starter.security:
+  password:
+    enabled: true
+    # BCryptPasswordEncoder（如有改动，需同步调整 top.continew.admin.common.config.mybatis.BCryptEncryptor）
+    encoding-id: bcrypt
+
 --- ### 接口文档配置
 springdoc:
  # 设置对象型参数的展示形式（设为 true 表示将对象型参数平展开，即对象内的属性直接作为参数展示而不是嵌套在对象内，默认 false）