新增: 登陆密码加密处理

2024-11-19 17:22:58 +08:00 · 2024-11-19 17:22:58 +08:00 · fd3bcfe92b
parent de2ee51fc4
commit fd3bcfe92b
2 changed files with 51 additions and 4 deletions
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -1,6 +1,7 @@
 class AccountsController < ApplicationController
  before_action :require_login, only: [:login_check, :simple_update, :change_password]
  include ApplicationHelper
+  include AesCryptHelper

  #skip_before_action :check_account, :only => [:logout]

@ -193,8 +194,9 @@ class AccountsController < ApplicationController

  # 用户登录
  def login
-    Users::LoginForm.new(login_params).validate!
-    @user = User.try_to_login(params[:login], params[:password])
+    password = decrypt(login_params[:password]) rescue ""
+    Users::LoginForm.new(login_params.merge!({password: password})).validate!
+    @user = User.try_to_login(params[:login], password)

    return normal_status(-2, "错误的账号或密码") if @user.blank?
    # user is already in local database
@ -203,7 +205,7 @@ class AccountsController < ApplicationController
    login_control = LimitForbidControl::UserLogin.new(@user)
    return normal_status(-2, "登录密码出错已达上限，账号已被锁定，请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid?

-    password_ok = @user.check_password?(params[:password].to_s)
+    password_ok = @user.check_password?(password.to_s)
    unless password_ok
      if login_control.remain_times-1 == 0
        normal_status(-2, "登录密码出错已达上限，账号已被锁定，请#{login_control.forbid_expires/60}分钟后重新登录或找回密码")
@ -216,7 +218,7 @@ class AccountsController < ApplicationController

    LimitForbidControl::UserLogin.new(@user).clear
    successful_authentication(@user)
-    sync_pwd_to_gitea!(@user, {password: params[:password].to_s}) # TODO用户密码未同步
+    sync_pwd_to_gitea!(@user, {password: password.to_s}) # TODO用户密码未同步
    
    # session[:user_id] = @user.id
  end
--- a/app/helpers/aes_crypt_helper.rb
+++ b/app/helpers/aes_crypt_helper.rb
@ -0,0 +1,45 @@
+module AesCryptHelper
+
+  AES_KEY = EduSetting.get("login_crypt_key") || '59c96c3572ab8cc1'
+
+  def encrypt(plain_text, output_encoding = 'base64')
+
+    # 将字符串密钥和IV转换为16字节的字节数组
+    key = AES_KEY.byteslice(0, 16)
+    iv = AES_KEY.byteslice(0, 16)
+
+    # 创建并设置AES-CBC加密器
+    cipher = OpenSSL::Cipher.new('AES-128-CBC')
+    cipher.encrypt
+    cipher.key = key
+    cipher.iv = iv
+
+    # 加密数据，并添加PKCS7填充
+    encrypted_data = cipher.update(plain_text) + cipher.final
+    # 将加密数据转换为Base64编码
+    Base64.strict_encode64(encrypted_data)
+  end
+  
+  def decrypt(cipher_text, input_encoding = 'base64')
+    # 确保密钥是16字节长
+    key = AES_KEY.byteslice(0, 16) # 如果密钥不足16字节，填充空格；如果超过，截断
+    iv = AES_KEY.byteslice(0, 16)
+    
+    decipher = OpenSSL::Cipher.new('AES-128-CBC')
+    decipher.decrypt
+    decipher.key = key
+    decipher.iv = iv
+    
+    # 根据输入编码解码密文
+    decrypted_data = case input_encoding
+                     when 'base64'
+                       Base64.strict_decode64(cipher_text)
+                     else
+                       cipher_text
+                     end
+    
+    decrypted = decipher.update(decrypted_data) + decipher.final
+    decrypted
+  end
+  
+end