From 75a4829a6128f1e37e0ee7b02e645e0590f8c1d9 Mon Sep 17 00:00:00 2001 From: wangcl <15217009762@163.com> Date: Fri, 26 Jul 2024 16:42:29 +0800 Subject: [PATCH 1/4] =?UTF-8?q?fix:=201.=20=E5=8E=BB=E9=99=A4jwt=E5=AD=98?= =?UTF-8?q?=E5=82=A8password=E5=85=B3=E9=94=AE=E4=BF=A1=E6=81=AF=EF=BC=9Bt?= =?UTF-8?q?oken=E5=88=9B=E5=BB=BA=E9=80=BB=E8=BE=91=E5=90=8Cnode=EF=BC=8Cj?= =?UTF-8?q?wt=E4=BF=A1=E6=81=AF=E5=AE=9E=E7=8E=B0node=E5=92=8Cjava?= =?UTF-8?q?=E4=BA=92=E9=80=9A=202.=20=E6=96=B0=E5=A2=9Ehash256=E6=96=B9?= =?UTF-8?q?=E6=B3=95=EF=BC=8C=E7=94=A8=E6=88=B7=E6=B3=A8=E5=86=8Cpassword?= =?UTF-8?q?=E5=8A=A0=E5=AF=86=E9=80=BB=E8=BE=91=E5=90=8Cnode,=E5=AE=9E?= =?UTF-8?q?=E7=8E=B0java=E7=AB=AF=E6=B3=A8=E5=86=8C=E7=9A=84=E8=B4=A6?= =?UTF-8?q?=E5=8F=B7=E7=99=BB=E5=BD=95=E5=92=8Cnode=E7=89=88=E6=9C=AC?= =?UTF-8?q?=E4=BA=92=E9=80=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../core/auth/impl/AuthServiceImpl.java | 2 +- .../engine/core/auth/util/AuthUtil.java | 25 +++++++++++++++++++ .../engine/core/auth/util/JwtTokenUtil.java | 2 +- .../engine/core/user/UserService.java | 2 ++ .../core/user/impl/UserServiceImpl.java | 7 +++++- .../engine/interceptor/LoginInterceptor.java | 8 +++--- 6 files changed, 39 insertions(+), 7 deletions(-) diff --git a/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/impl/AuthServiceImpl.java b/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/impl/AuthServiceImpl.java index 60422eaa..e5bfd75e 100644 --- a/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/impl/AuthServiceImpl.java +++ b/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/impl/AuthServiceImpl.java @@ -61,7 +61,7 @@ public UserVo register(UserParam userParam) { //保存 User user = new User(); user.setUsername(userParam.getUsername()); - user.setPassword(AuthUtil.encryptPassword(userParam.getPassword(), userParam.getUsername())); + user.setPassword(AuthUtil.hash256(userParam.getPassword())); mongoRepository.save(user); return createTokenAndDeleteCaptcha(userParam); } diff --git a/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/AuthUtil.java b/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/AuthUtil.java index 8370e59a..df8ec72f 100644 --- a/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/AuthUtil.java +++ b/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/AuthUtil.java @@ -31,5 +31,30 @@ public static String encryptPassword(String password, String username) { } } + /** + * SHA-256 + * @param password + * @return + */ + public static String hash256(String password) { + try { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest(password.getBytes()); + // 将 byte 数组转换为十六进制字符串 + StringBuilder hexString = new StringBuilder(); + for (byte b : hash) { + String hex = Integer.toHexString(0xff & b); + if (hex.length() == 1) { + hexString.append('0'); + } + hexString.append(hex); + } + return hexString.toString(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + return null; + } + } + } diff --git a/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/JwtTokenUtil.java b/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/JwtTokenUtil.java index 4123b9f3..67cf7531 100644 --- a/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/JwtTokenUtil.java +++ b/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/JwtTokenUtil.java @@ -59,7 +59,7 @@ public Token generateToken(User user) { Date expiryDate = new Date(now.getTime() + expirationTime * HOUR_MILLISECOND); String token = JWT.create() .withClaim("username", user.getUsername()) - .withClaim("password", user.getPassword()) + .withClaim("_id", user.getId()) .withExpiresAt(expiryDate) .withJWTId(UUID.randomUUID().toString()) .sign(Algorithm.HMAC256(secret)); diff --git a/survey-core/src/main/java/com/xiaojusurvey/engine/core/user/UserService.java b/survey-core/src/main/java/com/xiaojusurvey/engine/core/user/UserService.java index db5cce95..e5e7f721 100644 --- a/survey-core/src/main/java/com/xiaojusurvey/engine/core/user/UserService.java +++ b/survey-core/src/main/java/com/xiaojusurvey/engine/core/user/UserService.java @@ -9,4 +9,6 @@ public interface UserService { List findAllUser(); User loadUserByUsernameAndPassword(String username, String password); + + User getUserById(String userId); } diff --git a/survey-core/src/main/java/com/xiaojusurvey/engine/core/user/impl/UserServiceImpl.java b/survey-core/src/main/java/com/xiaojusurvey/engine/core/user/impl/UserServiceImpl.java index 011846e4..6011529c 100644 --- a/survey-core/src/main/java/com/xiaojusurvey/engine/core/user/impl/UserServiceImpl.java +++ b/survey-core/src/main/java/com/xiaojusurvey/engine/core/user/impl/UserServiceImpl.java @@ -35,7 +35,7 @@ public List findAllUser() { @Override public User loadUserByUsernameAndPassword(String username, String password) { Query query = new Query(); - String encryptPassword = AuthUtil.encryptPassword(password, username); + String encryptPassword = AuthUtil.hash256(password); query.addCriteria(Criteria.where("username").is(username).and("password").is(encryptPassword)); //查询用户并返回 User user = mongoRepository.findOne(query, User.class); @@ -44,4 +44,9 @@ public User loadUserByUsernameAndPassword(String username, String password) { } return user; } + + @Override + public User getUserById(String userId) { + return mongoRepository.findOne(new Query(Criteria.where("_id").is(userId)), User.class); + } } diff --git a/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java b/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java index b09e7565..3a08cbef 100644 --- a/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java +++ b/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java @@ -39,14 +39,14 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons //查询用户信息 Map claims = jwt.getClaims(); //获取用户名,密码 - String username = claims.get("username").asString(); - String password = claims.get("password").asString(); + String username = String.valueOf(claims.get("username")); + String userId = String.valueOf(claims.get("_id")); //判空 - if (ObjectUtils.isEmpty(username) || ObjectUtils.isEmpty(password)) { + if (ObjectUtils.isEmpty(username) || ObjectUtils.isEmpty(userId)) { //token超时 throw new ServiceException(RespErrorCode.USER_CREDENTIALS_ERROR.getMessage(), RespErrorCode.USER_CREDENTIALS_ERROR.getCode()); } - User user = userService.loadUserByUsernameAndPassword(username, password); + User user = userService.getUserById(userId); request.setAttribute("user", user); return HandlerInterceptor.super.preHandle(request, response, handler); } From f8fa26d9121c91b5898cad53b41075f19fc98710 Mon Sep 17 00:00:00 2001 From: wangcl <15217009762@163.com> Date: Fri, 26 Jul 2024 19:29:08 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E5=88=A0=E9=99=A4=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E8=8E=B7=E5=8F=96jwt=E4=BF=A1=E6=81=AF=E4=B8=AD=E7=9A=84?= =?UTF-8?q?=E9=AD=94=E6=B3=95=E5=80=BC=EF=BC=9B=E5=A4=84=E7=90=86=E7=A9=BA?= =?UTF-8?q?=E6=8C=87=E9=92=88=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../engine/interceptor/LoginInterceptor.java | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java b/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java index 3a08cbef..12a26c1f 100644 --- a/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java +++ b/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java @@ -17,8 +17,12 @@ public class LoginInterceptor implements HandlerInterceptor { + public static final String USERNAME = "username"; + public static final String _ID = "_id"; + @Resource private JwtTokenUtil jwtTokenUtil; + @Resource private UserService userService; @@ -39,8 +43,13 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons //查询用户信息 Map claims = jwt.getClaims(); //获取用户名,密码 - String username = String.valueOf(claims.get("username")); - String userId = String.valueOf(claims.get("_id")); + String username = null, userId = null; + if (!ObjectUtils.isEmpty(claims.get(USERNAME))) { + username = claims.get(USERNAME).asString(); + } + if (!ObjectUtils.isEmpty(claims.get(_ID))) { + userId = claims.get(_ID).asString(); + } //判空 if (ObjectUtils.isEmpty(username) || ObjectUtils.isEmpty(userId)) { //token超时 From 61146d439c2423c7b56c08f54acb564242e49b42 Mon Sep 17 00:00:00 2001 From: wangcl <15217009762@163.com> Date: Sat, 27 Jul 2024 11:09:08 +0800 Subject: [PATCH 3/4] add error code --- .../xiaojusurvey/engine/common/constants/RespErrorCode.java | 1 + .../com/xiaojusurvey/engine/core/auth/util/AuthUtil.java | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/survey-common/src/main/java/com/xiaojusurvey/engine/common/constants/RespErrorCode.java b/survey-common/src/main/java/com/xiaojusurvey/engine/common/constants/RespErrorCode.java index 917010dc..836d0b1b 100644 --- a/survey-common/src/main/java/com/xiaojusurvey/engine/common/constants/RespErrorCode.java +++ b/survey-common/src/main/java/com/xiaojusurvey/engine/common/constants/RespErrorCode.java @@ -6,6 +6,7 @@ public enum RespErrorCode { AUTHENTICATION_FAILED(1001, "没有权限"), PARAMETER_ERROR(1002, "参数有误"), + ENCRYPTION_ERROR(1003, "加密异常"), USER_EXISTS(2001, "用户已存在"), USER_NOT_EXISTS(2002, "用户不存在"), USER_PASSWORD_ERROR(2003, "用户名或密码错误"), diff --git a/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/AuthUtil.java b/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/AuthUtil.java index df8ec72f..a46d3a7e 100644 --- a/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/AuthUtil.java +++ b/survey-core/src/main/java/com/xiaojusurvey/engine/core/auth/util/AuthUtil.java @@ -1,6 +1,9 @@ package com.xiaojusurvey.engine.core.auth.util; +import com.xiaojusurvey.engine.common.constants.RespErrorCode; +import com.xiaojusurvey.engine.common.exception.ServiceException; + import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -51,8 +54,7 @@ public static String hash256(String password) { } return hexString.toString(); } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - return null; + throw new ServiceException(RespErrorCode.ENCRYPTION_ERROR.getMessage(), RespErrorCode.ENCRYPTION_ERROR.getCode()); } } From 4c8c45f61fa8cb70892f228c7d97b250c02469da Mon Sep 17 00:00:00 2001 From: wangcl <15217009762@163.com> Date: Sat, 27 Jul 2024 13:34:40 +0800 Subject: [PATCH 4/4] =?UTF-8?q?=E5=B8=B8=E9=87=8F=E5=91=BD=E5=90=8D?= =?UTF-8?q?=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../engine/interceptor/LoginInterceptor.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java b/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java index 12a26c1f..56b5f6fe 100644 --- a/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java +++ b/survey-server/src/main/java/com/xiaojusurvey/engine/interceptor/LoginInterceptor.java @@ -17,8 +17,8 @@ public class LoginInterceptor implements HandlerInterceptor { - public static final String USERNAME = "username"; - public static final String _ID = "_id"; + public static final String USER_NAME = "username"; + public static final String USER_ID = "_id"; @Resource private JwtTokenUtil jwtTokenUtil; @@ -44,11 +44,11 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons Map claims = jwt.getClaims(); //获取用户名,密码 String username = null, userId = null; - if (!ObjectUtils.isEmpty(claims.get(USERNAME))) { - username = claims.get(USERNAME).asString(); + if (!ObjectUtils.isEmpty(claims.get(USER_NAME))) { + username = claims.get(USER_NAME).asString(); } - if (!ObjectUtils.isEmpty(claims.get(_ID))) { - userId = claims.get(_ID).asString(); + if (!ObjectUtils.isEmpty(claims.get(USER_ID))) { + userId = claims.get(USER_ID).asString(); } //判空 if (ObjectUtils.isEmpty(username) || ObjectUtils.isEmpty(userId)) {