youfool-project
/
youfool-course
generated from youfool-project/youfool-prj-springboot-template
16
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'xsha/lroyia/task-20251024-074232' (#2) from xsha/lroyia/task-20251024-074232 into master 

Reviewed-on: #2
This commit is contained in:
黎润豪 2025-10-24 15:55:58 +08:00
parent b5b53df7d9 79876b9712
commit 5f42096e55
4 changed files with 121 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/com/chinaweal/youfool/course/controller/LoginController.java
View File

@ -51,7 +51,7 @@ public class LoginController {
// 查询用户信息 // 查询用户信息
SysUser sysUser = sysUserService.getUserByUsername(username); SysUser sysUser = sysUserService.getUserByUsername(username);
if (sysUser == null || !sysUser.getPassword().equals(password)) { if (sysUser == null || !SysUser.verifyPassword(password, sysUser.getPassword())) {
return RestResult.error(BaseResultCode.BUSINESS_LOGIC_ERROR, "用户名或密码错误"); return RestResult.error(BaseResultCode.BUSINESS_LOGIC_ERROR, "用户名或密码错误");
} }

62
src/main/java/com/chinaweal/youfool/course/entity/SysUser.java
View File

@ -9,6 +9,8 @@ import lombok.Data;
import java.io.Serial; import java.io.Serial;
import java.io.Serializable; import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
/** /**
* 系统用户实体类 * 系统用户实体类
@ -98,4 +100,64 @@ public class SysUser implements Serializable {
@TableField("gitea_open_id") @TableField("gitea_open_id")
@Schema(description = "Gitea Open ID", example = "1234567890") @Schema(description = "Gitea Open ID", example = "1234567890")
private String giteaOpenId; private String giteaOpenId;
/**
* 密码加密方法
*
* <p>将原始密码按照MD5(MD5(原密码)+123456)的方式加密</p>
*
* @param originalPassword 原始密码
* @return 加密后的密码
*/
public static String encryptPassword(String originalPassword) {
try {
MessageDigest md5 = MessageDigest.getInstance("MD5");
// 第一次MD5加密
byte[] firstHash = md5.digest(originalPassword.getBytes());
String firstMd5 = bytesToHex(firstHash);
// 拼接123456
String combined = firstMd5 + "123456";
// 第二次MD5加密
byte[] secondHash = md5.digest(combined.getBytes());
return bytesToHex(secondHash);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("MD5算法不可用", e);
}
}
/**
* 字节数组转十六进制字符串
*
* @param bytes 字节数组
* @return 十六进制字符串
*/
private static String bytesToHex(byte[] bytes) {
StringBuilder hexString = new StringBuilder();
for (byte b : bytes) {
String hex = Integer.toHexString(0xff & b);
if (hex.length() == 1) {
hexString.append('0');
}
hexString.append(hex);
}
return hexString.toString();
}
/**
* 验证密码
*
* <p>验证输入的密码是否与存储的密码匹配</p>
*
* @param inputPassword 输入的密码
* @param storedPassword 存储的密码
* @return 是否匹配
*/
public static boolean verifyPassword(String inputPassword, String storedPassword) {
String encryptedInput = encryptPassword(inputPassword);
return encryptedInput.equals(storedPassword);
}
} }

26
src/main/resources/templates/login.html
View File

@ -145,21 +145,7 @@
</div> </div>
<script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/jsencrypt@3.2.1/bin/jsencrypt.min.js"></script>
<script> <script>
// 获取公钥
let publicKey = '';
fetch('/course/user/auth/publicKey')
.then(response => response.json())
.then(data => {
if (data.code === 200) {
publicKey = data.data;
}
})
.catch(error => {
console.error('获取公钥失败:', error);
});
// 登录表单提交 // 登录表单提交
document.getElementById('loginForm').addEventListener('submit', async function(e) { document.getElementById('loginForm').addEventListener('submit', async function(e) {
e.preventDefault(); e.preventDefault();
@ -169,20 +155,10 @@
const errorMessage = document.getElementById('errorMessage'); const errorMessage = document.getElementById('errorMessage');
try { try {
// 加密密码
const encrypt = new JSEncrypt();
encrypt.setPublicKey(publicKey);
const encryptedPassword = encrypt.encrypt(password);
if (!encryptedPassword) {
throw new Error('密码加密失败');
}
// 发送登录请求 // 发送登录请求
const response = await axios.post('/course/user/auth/login', { const response = await axios.post('/course/user/auth/login', {
username: username, username: username,
password: encryptedPassword, password: password
encrypt: true
}); });
if (response.data.code === 200) { if (response.data.code === 200) {

57
src/test/java/com/chinaweal/youfool/course/entity/SysUserTest.java Normal file
View File

@ -0,0 +1,57 @@
package com.chinaweal.youfool.course.entity;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* SysUser密码加密测试类
*
* @author test
* @since 1.0.0
*/
public class SysUserTest {
@Test
public void testEncryptPassword() {
// 测试密码加密功能
String originalPassword = "test123";
String encryptedPassword = SysUser.encryptPassword(originalPassword);
// 验证加密结果不为空
assertNotNull(encryptedPassword);
// 验证加密结果是32位MD5哈希值
assertEquals(32, encryptedPassword.length());
// 验证相同密码加密结果一致
String encryptedPassword2 = SysUser.encryptPassword(originalPassword);
assertEquals(encryptedPassword, encryptedPassword2);
}
@Test
public void testVerifyPassword() {
// 测试密码验证功能
String originalPassword = "test123";
String encryptedPassword = SysUser.encryptPassword(originalPassword);
// 验证正确密码
assertTrue(SysUser.verifyPassword(originalPassword, encryptedPassword));
// 验证错误密码
assertFalse(SysUser.verifyPassword("wrongPassword", encryptedPassword));
}
@Test
public void testPasswordEncryptionWithExample() {
// 测试具体示例:密码"admin"的加密结果
String password = "admin";
String encrypted = SysUser.encryptPassword(password);
System.out.println("密码 '" + password + "' 的加密结果: " + encrypted);
// 验证加密结果
assertNotNull(encrypted);
assertEquals(32, encrypted.length());
// 验证能够正确验证
assertTrue(SysUser.verifyPassword(password, encrypted));
}
}