3.4.3 update-bug-1218-密码加密修改

distributed-print/src/main/java/com/qmth/distributed/print/api/SysController.java

@@ -5,6 +5,8 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.qmth.boot.api.annotation.Aac;
 import com.qmth.boot.api.constant.ApiConstant;
 import com.qmth.boot.api.exception.ApiException;
+import com.qmth.boot.core.rateLimit.annotation.RateLimit;
+import com.qmth.boot.core.rateLimit.entity.RateLimitTarget;
 import com.qmth.distributed.print.business.bean.params.LoginParam;
 import com.qmth.teachcloud.common.bean.result.DictionaryResult;
 import com.qmth.distributed.print.business.bean.result.EditResult;
@@ -112,7 +114,7 @@ public class SysController {
     @ApiOperation(value = "登录")
     @RequestMapping(value = "/login", method = RequestMethod.POST)
     @ApiResponses({@ApiResponse(code = 200, message = "用户信息", response = LoginResult.class)})
-    @Aac(auth = false)
+    @Aac(auth = false, rateLimit = @RateLimit(count = 2, period = 60000, target = RateLimitTarget.DEVICE))
     public Result login(@ApiParam(value = "用户信息", required = true) @Valid @RequestBody LoginParam login, BindingResult bindingResult) throws NoSuchAlgorithmException {
         if (bindingResult.hasErrors()) {
             return ResultUtil.error(bindingResult.getAllErrors().get(0).getDefaultMessage());
@@ -163,7 +165,8 @@ public class SysController {
                 throw ExceptionResultEnum.ERROR.exception("用户被禁用");
             }
 
-            String decodePassword = Base64Util.encode(AesECBUtil.decryptSimple(password).getBytes());
+//            String decodePassword = Base64Util.encode(AesECBUtil.decryptSimple(password).getBytes());
+            String decodePassword = Base64Util.encode(RSAUtil.decrypt(password).getBytes());
             if (!decodePassword.equals(userList.get(0).getPassword())) {
                 throw ExceptionResultEnum.ERROR.exception("用户名或密码错误");
             }

distributed-print/src/main/java/com/qmth/distributed/print/api/SysUserController.java

@@ -193,7 +193,6 @@ public class SysUserController {
      */
     @ApiOperation(value = "修改密码")
     @RequestMapping(value = "/update_password", method = RequestMethod.POST)
-    @Aac(strict = false, auth = false)
     @OperationLogDetail(operationType = OperationTypeEnum.UPDATE, detail = "修改密码操作，用户ID：{{user.id}}")
     public Result updatePassword(@RequestBody SysUser user) throws NoSuchAlgorithmException {
         return ResultUtil.ok(sysUserService.updatePassword(user));

teachcloud-common/src/main/java/com/qmth/teachcloud/common/service/impl/SysUserServiceImpl.java

@@ -207,8 +207,8 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
     @Transactional
     @Override
     public LoginResult updatePassword(SysUser user) throws NoSuchAlgorithmException {
-        Long userId = ServletUtil.getRequestUserId();
-        SysUser sysUser = this.getById(userId);
+        TBSession ts = (TBSession) ServletUtil.getRequestSession();
+        SysUser sysUser = this.getById(ts.getIdentity());
         if (sysUser == null) {
             throw ExceptionResultEnum.ERROR.exception("用户不存在");
         }
@@ -216,7 +216,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
         String mobileNumber = user.getMobileNumber();
         String verifyCode = user.getVerifyCode();
         if (SystemConstant.strNotNull(newPwd)) {
-            String decodePassword = Base64Util.encode(AesECBUtil.decryptSimple(newPwd).getBytes());
+            String decodePassword = Base64Util.encode(RSAUtil.decrypt(newPwd).getBytes());
             // 参数中存在密码->更新密码
             if (sysUser.getPassword().equals(decodePassword)) {
                 throw ExceptionResultEnum.ERROR.exception("新密码和旧密码一致，请重新输入");

teachcloud-common/src/main/java/com/qmth/teachcloud/common/util/RSAUtil.java

@@ -0,0 +1,65 @@
+package com.qmth.teachcloud.common.util;
+
+import javax.crypto.Cipher;
+import java.nio.charset.StandardCharsets;
+import java.security.*;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+
+public class RSAUtil {
+
+    // 私钥
+    private static final String PRIVATE_KEY = "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBANeXZtC7kT0likxp5YcJsard5/LpLnLU8zBmnqJq27kpiEUltn7WhI9UJvPoRM0XHexrKTibWWegqYANo6voPKjytZWWbD7KqMHl/NXuwmuVrfzk6mwIN3OccEQri/a5tBFKrzo3Y8UZfFI96RA2WaXB9p7xkuLo0ZutucxF/xt5AgMBAAECgYEA1guYZcbD1UyvOVyuKNskDTvSLSb8GcB5TmWkPCcRzY2BoP1nahi7db4cCm9h16mK6Q4f1/bM1gj6IIvqIyQpC9T9aiWvESBOIc567ExeNimdKwgAlheNbTVgyscIvj96Kj8QbatUxrUULnJMXWJDLQdHyIKusoCTxL8Dx+cTgf0CQQD3xFtVlQyfwISpaoc5TWvHCamTMjsjfkvpu2GJ2NveX5Q0GyzcpgIAI6pkpRafWoWhSLv81IeomVFQXJX9UgTfAkEA3sFXYx3GqZUNues30Tpd3B+xsHAZuiSg1NJihStQzfGNG7LB37LmKLjvtnFeEXLm8XWQ/BqiHsfB4If8u2HSpwJBAOua3P9U7Nw8xeoUUuI6rPJoTcibS4FE6AsrFGVwwiOD3/psnQx1EBHx2GY8VnbSLaBg+eJCd33rzVcNs9Nf2yECQQCf4cfWRWX1DB35BuJeU3VQ7JK+IAfnOikR+Btsl+V8m9Z7Pfe3lxFpwyuTGJW7Emy+fHLe8ELSsu/uN8zntdPbAkEA8vPOk/X8TojgKtY2ZHHV+KyupRSvR2Mu6cQJstcU355HRgRCm+5XGXHYiR+EN8Cqu4FS1sw0HtO/k3wSiXr2LQ==";
+
+    public static void createKey() throws NoSuchAlgorithmException {
+        // KeyPairGenerator类用于生成公钥和私钥对，基于RSA算法生成对象
+        KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
+        // 初始化密钥对生成器
+        keyPairGen.initialize(1024, new SecureRandom());
+        // 生成一个密钥对，保存在keyPair中
+        KeyPair keyPair = keyPairGen.generateKeyPair();
+        // 得到私钥
+        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
+        // 得到公钥
+        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
+        String publicKeyString = Base64.getEncoder().encodeToString(publicKey.getEncoded());
+        // 得到私钥字符串
+        String privateKeyString = Base64.getEncoder().encodeToString(privateKey.getEncoded());
+        // 将公钥和私钥保存到Map
+        //0表示公钥
+        System.out.println("public = " + publicKeyString);
+        System.out.println("private = " + privateKeyString);
+    }
+
+    public static String decrypt(String str) {
+        //64位解码加密后的字符串
+        byte[] inputByte = Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8));
+        //base64编码的私钥
+        byte[] decoded = Base64.getDecoder().decode(PRIVATE_KEY);
+        RSAPrivateKey priKey = null;
+        //RSA解密
+        Cipher cipher = null;
+        String outStr = null;
+
+        try {
+            priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded));
+            cipher = Cipher.getInstance("RSA");
+            cipher.init(Cipher.DECRYPT_MODE, priKey);
+            outStr = new String(cipher.doFinal(inputByte));
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return outStr;
+    }
+
+    public static void main(String[] args) {
+        try {
+            createKey();
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+}