From fd3bcfe92b116f3adb0451e0637d145ac32ac37d Mon Sep 17 00:00:00 2001 From: yystopf Date: Tue, 19 Nov 2024 17:22:58 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E:=20=E7=99=BB=E9=99=86?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E5=8A=A0=E5=AF=86=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/accounts_controller.rb | 10 +++--- app/helpers/aes_crypt_helper.rb | 45 ++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 app/helpers/aes_crypt_helper.rb diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index e0508efe8..474b62979 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -1,6 +1,7 @@ class AccountsController < ApplicationController before_action :require_login, only: [:login_check, :simple_update, :change_password] include ApplicationHelper + include AesCryptHelper #skip_before_action :check_account, :only => [:logout] @@ -193,8 +194,9 @@ class AccountsController < ApplicationController # 用户登录 def login - Users::LoginForm.new(login_params).validate! - @user = User.try_to_login(params[:login], params[:password]) + password = decrypt(login_params[:password]) rescue "" + Users::LoginForm.new(login_params.merge!({password: password})).validate! + @user = User.try_to_login(params[:login], password) return normal_status(-2, "错误的账号或密码") if @user.blank? # user is already in local database @@ -203,7 +205,7 @@ class AccountsController < ApplicationController login_control = LimitForbidControl::UserLogin.new(@user) return normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") if login_control.forbid? - password_ok = @user.check_password?(params[:password].to_s) + password_ok = @user.check_password?(password.to_s) unless password_ok if login_control.remain_times-1 == 0 normal_status(-2, "登录密码出错已达上限,账号已被锁定,请#{login_control.forbid_expires/60}分钟后重新登录或找回密码") @@ -216,7 +218,7 @@ class AccountsController < ApplicationController LimitForbidControl::UserLogin.new(@user).clear successful_authentication(@user) - sync_pwd_to_gitea!(@user, {password: params[:password].to_s}) # TODO用户密码未同步 + sync_pwd_to_gitea!(@user, {password: password.to_s}) # TODO用户密码未同步 # session[:user_id] = @user.id end diff --git a/app/helpers/aes_crypt_helper.rb b/app/helpers/aes_crypt_helper.rb new file mode 100644 index 000000000..798c6dd61 --- /dev/null +++ b/app/helpers/aes_crypt_helper.rb @@ -0,0 +1,45 @@ +module AesCryptHelper + + AES_KEY = EduSetting.get("login_crypt_key") || '59c96c3572ab8cc1' + + def encrypt(plain_text, output_encoding = 'base64') + + # 将字符串密钥和IV转换为16字节的字节数组 + key = AES_KEY.byteslice(0, 16) + iv = AES_KEY.byteslice(0, 16) + + # 创建并设置AES-CBC加密器 + cipher = OpenSSL::Cipher.new('AES-128-CBC') + cipher.encrypt + cipher.key = key + cipher.iv = iv + + # 加密数据,并添加PKCS7填充 + encrypted_data = cipher.update(plain_text) + cipher.final + # 将加密数据转换为Base64编码 + Base64.strict_encode64(encrypted_data) + end + + def decrypt(cipher_text, input_encoding = 'base64') + # 确保密钥是16字节长 + key = AES_KEY.byteslice(0, 16) # 如果密钥不足16字节,填充空格;如果超过,截断 + iv = AES_KEY.byteslice(0, 16) + + decipher = OpenSSL::Cipher.new('AES-128-CBC') + decipher.decrypt + decipher.key = key + decipher.iv = iv + + # 根据输入编码解码密文 + decrypted_data = case input_encoding + when 'base64' + Base64.strict_decode64(cipher_text) + else + cipher_text + end + + decrypted = decipher.update(decrypted_data) + decipher.final + decrypted + end + +end \ No newline at end of file