src/main/java/com/chinaweal/youfool/course/controller/LoginController.java

@@ -51,7 +51,7 @@ public class LoginController {
 
         // 查询用户信息
         SysUser sysUser = sysUserService.getUserByUsername(username);
-        if (sysUser == null || !SysUser.verifyPassword(password, sysUser.getPassword())) {
+        if (sysUser == null || !sysUser.getPassword().equals(password)) {
             return RestResult.error(BaseResultCode.BUSINESS_LOGIC_ERROR, "用户名或密码错误");
         }
 

src/main/java/com/chinaweal/youfool/course/entity/SysUser.java

@@ -9,8 +9,6 @@ import lombok.Data;
 
 import java.io.Serial;
 import java.io.Serializable;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 
 /**
  * 系统用户实体类
@@ -100,64 +98,4 @@ public class SysUser implements Serializable {
     @TableField("gitea_open_id")
     @Schema(description = "Gitea Open ID", example = "1234567890")
     private String giteaOpenId;
-
-    /**
-     * 密码加密方法
-     *
-     * <p>将原始密码按照MD5(MD5(原密码)+123456)的方式加密</p>
-     *
-     * @param originalPassword 原始密码
-     * @return 加密后的密码
-     */
-    public static String encryptPassword(String originalPassword) {
-        try {
-            MessageDigest md5 = MessageDigest.getInstance("MD5");
-            
-            // 第一次MD5加密
-            byte[] firstHash = md5.digest(originalPassword.getBytes());
-            String firstMd5 = bytesToHex(firstHash);
-            
-            // 拼接123456
-            String combined = firstMd5 + "123456";
-            
-            // 第二次MD5加密
-            byte[] secondHash = md5.digest(combined.getBytes());
-            return bytesToHex(secondHash);
-            
-        } catch (NoSuchAlgorithmException e) {
-            throw new RuntimeException("MD5算法不可用", e);
-        }
-    }
-
-    /**
-     * 字节数组转十六进制字符串
-     *
-     * @param bytes 字节数组
-     * @return 十六进制字符串
-     */
-    private static String bytesToHex(byte[] bytes) {
-        StringBuilder hexString = new StringBuilder();
-        for (byte b : bytes) {
-            String hex = Integer.toHexString(0xff & b);
-            if (hex.length() == 1) {
-                hexString.append('0');
-            }
-            hexString.append(hex);
-        }
-        return hexString.toString();
-    }
-
-    /**
-     * 验证密码
-     *
-     * <p>验证输入的密码是否与存储的密码匹配</p>
-     *
-     * @param inputPassword 输入的密码
-     * @param storedPassword 存储的密码
-     * @return 是否匹配
-     */
-    public static boolean verifyPassword(String inputPassword, String storedPassword) {
-        String encryptedInput = encryptPassword(inputPassword);
-        return encryptedInput.equals(storedPassword);
-    }
 }

src/main/resources/templates/login.html

@@ -145,7 +145,21 @@
     </div>
 
     <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/jsencrypt@3.2.1/bin/jsencrypt.min.js"></script>
     <script>
+        // 获取公钥
+        let publicKey = '';
+        fetch('/course/user/auth/publicKey')
+            .then(response => response.json())
+            .then(data => {
+                if (data.code === 200) {
+                    publicKey = data.data;
+                }
+            })
+            .catch(error => {
+                console.error('获取公钥失败:', error);
+            });
+
         // 登录表单提交
         document.getElementById('loginForm').addEventListener('submit', async function(e) {
             e.preventDefault();
@@ -155,10 +169,20 @@
             const errorMessage = document.getElementById('errorMessage');
             
             try {
+                // 加密密码
+                const encrypt = new JSEncrypt();
+                encrypt.setPublicKey(publicKey);
+                const encryptedPassword = encrypt.encrypt(password);
+                
+                if (!encryptedPassword) {
+                    throw new Error('密码加密失败');
+                }
+                
                 // 发送登录请求
                 const response = await axios.post('/course/user/auth/login', {
                     username: username,
-                    password: password
+                    password: encryptedPassword,
+                    encrypt: true
                 });
                 
                 if (response.data.code === 200) {

src/test/java/com/chinaweal/youfool/course/entity/SysUserTest.java

@@ -1,57 +0,0 @@
-package com.chinaweal.youfool.course.entity;
-
-import org.junit.jupiter.api.Test;
-import static org.junit.jupiter.api.Assertions.*;
-
-/**
- * SysUser密码加密测试类
- *
- * @author test
- * @since 1.0.0
- */
-public class SysUserTest {
-
-    @Test
-    public void testEncryptPassword() {
-        // 测试密码加密功能
-        String originalPassword = "test123";
-        String encryptedPassword = SysUser.encryptPassword(originalPassword);
-        
-        // 验证加密结果不为空
-        assertNotNull(encryptedPassword);
-        // 验证加密结果是32位MD5哈希值
-        assertEquals(32, encryptedPassword.length());
-        // 验证相同密码加密结果一致
-        String encryptedPassword2 = SysUser.encryptPassword(originalPassword);
-        assertEquals(encryptedPassword, encryptedPassword2);
-    }
-
-    @Test
-    public void testVerifyPassword() {
-        // 测试密码验证功能
-        String originalPassword = "test123";
-        String encryptedPassword = SysUser.encryptPassword(originalPassword);
-        
-        // 验证正确密码
-        assertTrue(SysUser.verifyPassword(originalPassword, encryptedPassword));
-        
-        // 验证错误密码
-        assertFalse(SysUser.verifyPassword("wrongPassword", encryptedPassword));
-    }
-
-    @Test
-    public void testPasswordEncryptionWithExample() {
-        // 测试具体示例：密码"admin"的加密结果
-        String password = "admin";
-        String encrypted = SysUser.encryptPassword(password);
-        
-        System.out.println("密码 '" + password + "' 的加密结果: " + encrypted);
-        
-        // 验证加密结果
-        assertNotNull(encrypted);
-        assertEquals(32, encrypted.length());
-        
-        // 验证能够正确验证
-        assertTrue(SysUser.verifyPassword(password, encrypted));
-    }
-}