feat(core): 新增 PasswordEncoder 自动配置

* 密码添加配置。
* 密码加密解密

continew-starter-core/pom.xml

@@ -58,5 +58,11 @@
             <groupId>cn.hutool</groupId>
             <artifactId>hutool-db</artifactId>
         </dependency>
+
+        <!-- 密码加解密-->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-crypto</artifactId>
+        </dependency>
     </dependencies>
 </project>

continew-starter-core/src/main/java/top/charles7c/continew/starter/core/autoconfigure/password/PasswordEncoderAutoConfiguration.java

@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ * <p>
+ * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.gnu.org/licenses/lgpl.html
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.charles7c.continew.starter.core.autoconfigure.password;
+
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.util.StrUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.*;
+import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
+import org.springframework.util.StringUtils;
+import top.charles7c.continew.starter.core.autoconfigure.project.ProjectProperties;
+import top.charles7c.continew.starter.core.constant.PropertiesConstants;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 密码配置类,默认编解码器使用的是BCryptPasswordEncoder
+ * 编码后的密码是遵循一定规则的{idForEncode}encodePassword,前缀{}包含了编码的方式再拼接上该方式编码后的密码串。
+ * 可以添加自定义的编解码，也可以修改默认的编解码器，只需修改默认的encodingId。
+ * 优点：如果有一天我们对密码编码规则进行替换或者轮转。现有的用户不会受到影响。只要修改默认的DelegatingPasswordEncoder的idForEncode
+ *
+ * @author Jasmine
+ * @since 1.3.0
+ */
+@Slf4j
+@AutoConfiguration
+@EnableConfigurationProperties(PasswordEncoderProperties.class)
+@ConditionalOnProperty(prefix = PropertiesConstants.PASSWORD_ENCODER, name = PropertiesConstants.ENABLED, havingValue = "true")
+public class PasswordEncoderAutoConfiguration {
+
+    private final PasswordEncoderProperties properties;
+    private final List<PasswordEncoder> passwordEncoderList;
+
+    public PasswordEncoderAutoConfiguration(PasswordEncoderProperties properties, List<PasswordEncoder> passwordEncoderList) {
+        this.properties = properties;
+        this.passwordEncoderList = passwordEncoderList;
+    }
+
+    /**
+     * 密码加密解密
+     *
+     * @see DelegatingPasswordEncoder
+     * @see PasswordEncoderFactories
+     */
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        String encodingId = "bcrypt";
+        if(StrUtil.isNotBlank(properties.getEncodingId())) {
+            encodingId = properties.getEncodingId();
+        }
+
+        Map<String, PasswordEncoder> encoders = new HashMap<>();
+        encoders.put(encodingId, new BCryptPasswordEncoder());
+        encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder());
+        encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder());
+        encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5"));
+        encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());
+        encoders.put("pbkdf2", Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_5());
+        encoders.put("pbkdf2@SpringSecurity_v5_8", Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8());
+        encoders.put("scrypt", SCryptPasswordEncoder.defaultsForSpringSecurity_v4_1());
+        encoders.put("scrypt@SpringSecurity_v5_8", SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8());
+        encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1"));
+        encoders
+                .put("SHA-256", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256"));
+        encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder());
+        encoders.put("argon2", Argon2PasswordEncoder.defaultsForSpringSecurity_v5_2());
+        encoders.put("argon2@SpringSecurity_v5_8", Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8());
+
+        // 添加自定义的密码编解码器
+        if(CollUtil.isNotEmpty(passwordEncoderList)) {
+            passwordEncoderList.forEach(passwordEncoder-> encoders.put(passwordEncoder.getClass().getSimpleName().toLowerCase(), passwordEncoder));
+        }
+        return new DelegatingPasswordEncoder(encodingId, encoders);
+    }
+}

continew-starter-core/src/main/java/top/charles7c/continew/starter/core/autoconfigure/password/PasswordEncoderProperties.java

@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ * <p>
+ * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.gnu.org/licenses/lgpl.html
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.charles7c.continew.starter.core.autoconfigure.password;
+
+/**
+ * @author Jasmine
+ * @version 1.0
+ * @description
+ * @see PasswordEncoderProperties
+ * @since 2024-01-30 17:19:19
+ */
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import top.charles7c.continew.starter.core.constant.PropertiesConstants;
+
+/**
+ * 项目配置属性
+ *
+ * @author Charles7c
+ * @since 1.0.0
+ */
+@Data
+@ConfigurationProperties(PropertiesConstants.PASSWORD_ENCODER)
+public class PasswordEncoderProperties {
+
+    /**
+     * 是否启用
+     */
+    private Boolean enabled;
+
+    /**
+     * 启动的算法
+     */
+    private String encodingId;
+}

continew-starter-core/src/main/java/top/charles7c/continew/starter/core/constant/PropertiesConstants.java

@@ -91,4 +91,9 @@ public class PropertiesConstants {
      * 行为验证码配置
      */
     public static final String CAPTCHA_BEHAVIOR = CAPTCHA + ".behavior";
+
+    /**
+     * 密码编解码配置
+     */
+    public static final String PASSWORD_ENCODER = CONTINEW_STARTER + ".password-encoder";
 }

continew-starter-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -1,3 +1,4 @@
 top.charles7c.continew.starter.core.autoconfigure.project.ProjectAutoConfiguration
 top.charles7c.continew.starter.core.autoconfigure.threadpool.ThreadPoolAutoConfiguration
 top.charles7c.continew.starter.core.autoconfigure.threadpool.AsyncAutoConfiguration
+top.charles7c.continew.starter.core.autoconfigure.password.PasswordEncoderAutoConfiguration