mima

xingyun-api/src/main/resources/application.yml

@@ -1,6 +1,6 @@
 server:
   #端口
-  port: 8080
+  port: 8200
 spring:
   application:
     name: @project.artifactId@

xingyun-template/src/main/java/com/lframework/xingyun/template/inner/controller/AuthController.java

@@ -55,6 +55,7 @@ import com.lframework.xingyun.template.inner.service.system.SysMenuService;
 import com.lframework.xingyun.template.inner.service.system.SysUserDeptService;
 import com.lframework.xingyun.template.inner.service.system.SysUserRoleService;
 import com.lframework.xingyun.template.inner.service.system.SysUserService;
+import com.lframework.xingyun.template.inner.sign.util.SecretUtil;
 import com.lframework.xingyun.template.inner.vo.system.user.LoginVo;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
@@ -173,7 +174,8 @@ public class AuthController extends DefaultBaseController {
   public InvokeResult<LoginBo> login(@Valid LoginVo vo) {
 
     String username = vo.getUsername();
-    String password = vo.getPassword();
+    String jmpassword = vo.getPassword();
+   String password= SecretUtil.AesDecrypt(jmpassword);
     String tenantId = null;
     if (TenantUtil.enableTenant()) {
       String[] tmpArr = username.split("@");

xingyun-template/src/main/java/com/lframework/xingyun/template/inner/controller/UserCenterController.java

@@ -24,6 +24,7 @@ import com.lframework.starter.web.resp.InvokeResultBuilder;
 import com.lframework.starter.web.common.utils.ApplicationUtil;
 import com.lframework.starter.web.common.security.AbstractUserDetails;
 import com.lframework.starter.web.common.security.SecurityUtil;
+import com.lframework.xingyun.template.inner.sign.util.SecretUtil;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
@@ -86,8 +87,10 @@ public class UserCenterController extends DefaultBaseController {
       @NotBlank(message = "新密码不能为空！") String newPsw,
       @NotBlank(message = "确认密码不能为空！") String confirmPsw) {
 
+    String jmoldPsw= SecretUtil.AesDecrypt(oldPsw);
+
     AbstractUserDetails user = getCurrentUser();
-    if (!encoderWrapper.getEncoder().matches(oldPsw, user.getPassword())) {
+    if (!encoderWrapper.getEncoder().matches(jmoldPsw, user.getPassword())) {
       throw new InputErrorException("旧密码不正确，请重新输入！");
     }
 
@@ -95,11 +98,12 @@ public class UserCenterController extends DefaultBaseController {
       throw new InputErrorException("两次密码输入不一致，请检查！");
     }
 
-    if (!RegUtil.isMatch(PatternPool.PATTERN_PASSWORD, newPsw)) {
-      throw new InputErrorException("密码格式不正确，请检查！");
-    }
+//    if (!RegUtil.isMatch(PatternPool.PATTERN_PASSWORD, newPsw)) {
+//      throw new InputErrorException("密码格式不正确，请检查！");
+//    }
+    String jmnewPsw= SecretUtil.AesDecrypt(newPsw);
 
-    sysUserService.updatePassword(user.getId(), newPsw);
+    sysUserService.updatePassword(user.getId(), jmnewPsw);
 
     //修改密码后，退出登录状态
     SecurityUtil.logout();

xingyun-template/src/main/java/com/lframework/xingyun/template/inner/sign/util/SecretUtil.java

@@ -0,0 +1,116 @@
+package com.lframework.xingyun.template.inner.sign.util;
+
+import com.aliyuncs.utils.IOUtils;
+import org.springframework.util.DigestUtils;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+
+public class SecretUtil {
+    public static String MD5(String decrypt) {
+        return DigestUtils.md5DigestAsHex(decrypt.getBytes());
+    }
+
+    public static String SHA1(String decrypt) {
+        try {
+            MessageDigest digest = MessageDigest.getInstance("SHA-1");
+            digest.update(decrypt.getBytes());
+            byte messageDigest[] = digest.digest();
+            // Create Hex String
+            StringBuffer hexString = new StringBuffer();
+            // 字节数组转换为 十六进制 数
+            for (int i = 0; i < messageDigest.length; i++) {
+                String shaHex = Integer.toHexString(messageDigest[i] & 0xFF);
+                if (shaHex.length() < 2) {
+                    hexString.append(0);
+                }
+                hexString.append(shaHex);
+            }
+            return hexString.toString();
+
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        }
+        return "";
+    }
+
+    public static String SHA256(String s) {
+        InputStream fis = new ByteArrayInputStream(s.getBytes());
+        return SHA256(fis);
+    }
+
+    public static String SHA256(InputStream inputStream) {
+        byte buffer[] = new byte[1024 * 10];
+        MessageDigest md5 = null;
+        try {
+            md5 = MessageDigest.getInstance("SHA-256");
+            for (int numRead = 0; (numRead = inputStream.read(buffer)) > 0; ) {
+                md5.update(buffer, 0, numRead);
+            }
+            byte[] digest = md5.digest();
+            StringBuffer strHexString = new StringBuffer();
+            for (int i = 0; i < digest.length; i++) {
+                String hex = Integer.toHexString(0xff & digest[i]);
+                if (hex.length() == 1) {
+                    strHexString.append('0');
+                }
+                strHexString.append(hex);
+            }
+            return strHexString.toString();
+        } catch (NoSuchAlgorithmException | IOException e) {
+            e.printStackTrace();
+        } finally {
+            IOUtils.closeQuietly(inputStream);
+        }
+        return null;
+    }
+
+
+    private static String AES_KEY = "j8z&j*a$t{w#k}e@";
+    private static String AES_ECB = "AES/ECB/PKCS5Padding";
+
+    /**
+     * 使用AES加密原始字符串.
+     *
+     * @param input 原始输入字符串
+     */
+    public static String AesEncrypt(String input) {
+        try {
+            SecretKey secretKey = new SecretKeySpec(AES_KEY.getBytes(), "AES");
+            Cipher cipher = Cipher.getInstance(AES_ECB);
+            cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+            byte[] result = cipher.doFinal(input.getBytes("utf-8"));
+            return Base64.getEncoder().encodeToString(result);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return "";
+    }
+
+    /**
+     * 使用AES解密原始字符串.
+     *
+     * @param input 原始输入字符串
+     */
+    public static String AesDecrypt(String input) {
+        try {
+            SecretKey secretKey = new SecretKeySpec(AES_KEY.getBytes(), "AES");
+            Cipher cipher = Cipher.getInstance(AES_ECB);
+            cipher.init(Cipher.DECRYPT_MODE, secretKey);
+            byte[] result = cipher.doFinal(Base64.getDecoder().decode(input));
+            return new String(result, "utf-8");
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return "";
+    }
+
+
+}