feat: 登录时,对用户名密码加密
This commit is contained in:
taojinlong
parent
042f447286
commit
1ef965357d
@ -5,6 +5,7 @@ import io.dataease.auth.api.dto.CurrentUserDto;
|
||||
import io.dataease.auth.api.dto.LoginDto;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import springfox.documentation.annotations.ApiIgnore;
|
||||
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
@ -55,4 +56,8 @@ public interface AuthApi {
|
||||
@PostMapping("/isPluginLoaded")
|
||||
boolean isPluginLoaded();
|
||||
|
||||
@ApiIgnore
|
||||
@GetMapping("/getPublicKey")
|
||||
String getPublicKey();
|
||||
|
||||
}
|
||||
|
||||
@ -10,10 +10,7 @@ import io.dataease.auth.entity.TokenInfo;
|
||||
import io.dataease.auth.service.AuthUserService;
|
||||
import io.dataease.auth.util.JWTUtils;
|
||||
import io.dataease.auth.util.RsaUtil;
|
||||
import io.dataease.commons.utils.BeanUtils;
|
||||
import io.dataease.commons.utils.CodingUtil;
|
||||
import io.dataease.commons.utils.LogUtil;
|
||||
import io.dataease.commons.utils.ServletUtils;
|
||||
import io.dataease.commons.utils.*;
|
||||
import io.dataease.controller.sys.request.LdapAddRequest;
|
||||
import io.dataease.exception.DataEaseException;
|
||||
import io.dataease.i18n.Translator;
|
||||
@ -55,10 +52,9 @@ public class AuthServer implements AuthApi {
|
||||
|
||||
@Override
|
||||
public Object login(@RequestBody LoginDto loginDto) throws Exception {
|
||||
String username = loginDto.getUsername();
|
||||
String password = loginDto.getPassword();
|
||||
String username = RsaUtil.decryptByPrivateKey(RsaProperties.privateKey, loginDto.getUsername());;
|
||||
String pwd = RsaUtil.decryptByPrivateKey(RsaProperties.privateKey, loginDto.getPassword());
|
||||
|
||||
String pwd = RsaUtil.decryptByPrivateKey(RsaProperties.privateKey, password);
|
||||
// 增加ldap登录方式
|
||||
Integer loginType = loginDto.getLoginType();
|
||||
boolean isSupportLdap = authUserService.supportLdap();
|
||||
@ -191,8 +187,11 @@ public class AuthServer implements AuthApi {
|
||||
return authUserService.pluginLoaded();
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public String getPublicKey() {
|
||||
return RsaProperties.publicKey;
|
||||
}
|
||||
|
||||
|
||||
/*@Override
|
||||
|
||||
@ -60,6 +60,7 @@ public class ShiroServiceImpl implements ShiroService {
|
||||
filterChainDefinitionMap.put("/api/auth/validateName", ANON);
|
||||
filterChainDefinitionMap.put("/api/auth/isOpenLdap", ANON);
|
||||
filterChainDefinitionMap.put("/api/auth/isOpenOidc", ANON);
|
||||
filterChainDefinitionMap.put("/api/auth/getPublicKey", ANON);
|
||||
filterChainDefinitionMap.put("/api/pluginCommon/component/*", ANON);
|
||||
filterChainDefinitionMap.put("/plugin/oidc/authInfo", ANON);
|
||||
filterChainDefinitionMap.put("/sso/callBack*", ANON);
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
package io.dataease.commons.utils;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
|
||||
@Setter
|
||||
@Getter
|
||||
public class RsaKey {
|
||||
|
||||
//公钥
|
||||
private String publicKey;
|
||||
|
||||
//私钥
|
||||
private String privateKey;
|
||||
|
||||
}
|
||||
@ -1,224 +0,0 @@
|
||||
package io.dataease.commons.utils;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.security.*;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.security.spec.X509EncodedKeySpec;
|
||||
|
||||
public class RsaUtil {
|
||||
|
||||
public static final String CHARSET = "UTF-8";
|
||||
public static final String RSA_ALGORITHM = "RSA";
|
||||
|
||||
|
||||
/**
|
||||
* 创建RSA 公钥-私钥
|
||||
*/
|
||||
public static RsaKey createKeys() throws NoSuchAlgorithmException {
|
||||
return createKeys(1024);
|
||||
}
|
||||
|
||||
/**
|
||||
* 创建RSA 公钥-私钥
|
||||
*/
|
||||
public static RsaKey createKeys(int keySize) throws NoSuchAlgorithmException {
|
||||
//为RSA算法创建一个KeyPairGenerator对象
|
||||
KeyPairGenerator kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM);
|
||||
|
||||
//初始化KeyPairGenerator对象,密钥长度
|
||||
kpg.initialize(keySize);
|
||||
//生成密匙对
|
||||
KeyPair keyPair = kpg.generateKeyPair();
|
||||
|
||||
//得到公钥
|
||||
Key publicKey = keyPair.getPublic();
|
||||
|
||||
String publicKeyStr = new String(Base64.encodeBase64(publicKey.getEncoded()));
|
||||
|
||||
//得到私钥
|
||||
Key privateKey = keyPair.getPrivate();
|
||||
String privateKeyStr = new String(Base64.encodeBase64(privateKey.getEncoded()));
|
||||
|
||||
RsaKey rsaKey = new RsaKey();
|
||||
rsaKey.setPublicKey(publicKeyStr);
|
||||
rsaKey.setPrivateKey(privateKeyStr);
|
||||
|
||||
return rsaKey;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 公钥加密
|
||||
*
|
||||
* @param originalText 原文
|
||||
* @param publicKey 公钥
|
||||
*/
|
||||
public static String publicEncrypt(String originalText, String publicKey) throws NoSuchAlgorithmException {
|
||||
RSAPublicKey rsaPublicKey = getPublicKey(publicKey);
|
||||
return publicEncrypt(originalText, rsaPublicKey);
|
||||
}
|
||||
|
||||
/**
|
||||
* 公钥解密
|
||||
*
|
||||
* @param cipherText 密文
|
||||
* @param publicKey 公钥
|
||||
*/
|
||||
public static String publicDecrypt(String cipherText, String publicKey) throws NoSuchAlgorithmException {
|
||||
RSAPublicKey rsaPublicKey = getPublicKey(publicKey);
|
||||
return publicDecrypt(cipherText, rsaPublicKey);
|
||||
}
|
||||
|
||||
/**
|
||||
* 私钥加密
|
||||
*
|
||||
* @param originalText 原文
|
||||
* @param privateKey 私钥
|
||||
*/
|
||||
public static String privateEncrypt(String originalText, String privateKey) throws NoSuchAlgorithmException {
|
||||
RSAPrivateKey rsaPrivateKey = getPrivateKey(privateKey);
|
||||
return privateEncrypt(originalText, rsaPrivateKey);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 私钥解密
|
||||
*
|
||||
* @param cipherText 密文
|
||||
* @param privateKey 私钥
|
||||
*/
|
||||
public static String privateDecrypt(String cipherText, String privateKey) throws NoSuchAlgorithmException {
|
||||
RSAPrivateKey rsaPrivateKey = getPrivateKey(privateKey);
|
||||
return privateDecrypt(cipherText, rsaPrivateKey);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 得到公钥
|
||||
*
|
||||
* @param publicKey 密钥字符串(经过base64编码)
|
||||
*/
|
||||
private static RSAPublicKey getPublicKey(String publicKey) throws NoSuchAlgorithmException {
|
||||
//通过X509编码的Key指令获得公钥对象
|
||||
KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);
|
||||
|
||||
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));
|
||||
RSAPublicKey key = null;
|
||||
try {
|
||||
key = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);
|
||||
} catch (InvalidKeySpecException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return key;
|
||||
}
|
||||
|
||||
/**
|
||||
* 公钥加密
|
||||
*
|
||||
* @param originalText 原文
|
||||
* @param publicKey 公钥
|
||||
*/
|
||||
private static String publicEncrypt(String originalText, RSAPublicKey publicKey) {
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
|
||||
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
|
||||
return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, originalText.getBytes(CHARSET), publicKey.getModulus().bitLength()));
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("加密字符串[" + originalText + "]时遇到异常", e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 得到私钥
|
||||
*
|
||||
* @param privateKey 密钥字符串(经过base64编码)
|
||||
*/
|
||||
private static RSAPrivateKey getPrivateKey(String privateKey) throws NoSuchAlgorithmException {
|
||||
//通过PKCS#8编码的Key指令获得私钥对象
|
||||
KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);
|
||||
|
||||
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));
|
||||
RSAPrivateKey key = null;
|
||||
try {
|
||||
key = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);
|
||||
} catch (InvalidKeySpecException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return key;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 私钥解密
|
||||
*
|
||||
* @param cipherText 密文
|
||||
* @param privateKey 私钥
|
||||
*/
|
||||
|
||||
private static String privateDecrypt(String cipherText, RSAPrivateKey privateKey) {
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
|
||||
cipher.init(Cipher.DECRYPT_MODE, privateKey);
|
||||
return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(cipherText), privateKey.getModulus().bitLength()), CHARSET);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("解密字符串[" + cipherText + "]时遇到异常", e);
|
||||
}
|
||||
}
|
||||
|
||||
private static String privateEncrypt(String originalText, RSAPrivateKey privateKey) {
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
|
||||
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
|
||||
return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, originalText.getBytes(CHARSET), privateKey.getModulus().bitLength()));
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("加密字符串[" + originalText + "]时遇到异常", e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private static String publicDecrypt(String cipherText, RSAPublicKey publicKey) {
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
|
||||
cipher.init(Cipher.DECRYPT_MODE, publicKey);
|
||||
return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(cipherText), publicKey.getModulus().bitLength()), CHARSET);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("解密字符串[" + cipherText + "]时遇到异常", e);
|
||||
}
|
||||
}
|
||||
|
||||
private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize) {
|
||||
int maxBlock;
|
||||
if (opmode == Cipher.DECRYPT_MODE) {
|
||||
maxBlock = keySize / 8;
|
||||
} else {
|
||||
maxBlock = keySize / 8 - 11;
|
||||
}
|
||||
int offSet = 0;
|
||||
byte[] buff;
|
||||
int i = 0;
|
||||
try (
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream()
|
||||
) {
|
||||
while (datas.length > offSet) {
|
||||
if (datas.length - offSet > maxBlock) {
|
||||
buff = cipher.doFinal(datas, offSet, maxBlock);
|
||||
} else {
|
||||
buff = cipher.doFinal(datas, offSet, datas.length - offSet);
|
||||
}
|
||||
out.write(buff, 0, buff.length);
|
||||
i++;
|
||||
offSet = i * maxBlock;
|
||||
}
|
||||
return out.toByteArray();
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("加解密阀值为[" + maxBlock + "]的数据时发生异常", e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@ -71,3 +71,10 @@ export function pluginLoaded() {
|
||||
method: 'post'
|
||||
})
|
||||
}
|
||||
|
||||
export function getPublicKey() {
|
||||
return request({
|
||||
url: '/api/auth/getPublicKey',
|
||||
method: 'get'
|
||||
})
|
||||
}
|
||||
|
||||
@ -16,6 +16,7 @@ const privateKey = 'MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEA0vfvyTdGJkdb
|
||||
|
||||
// 加密
|
||||
export function encrypt(txt) {
|
||||
let publicKey = localStorage.getItem("publicKey");
|
||||
const encryptor = new JSEncrypt()
|
||||
encryptor.setPublicKey(publicKey) // 设置公钥
|
||||
return encryptor.encrypt(txt) // 对需要加密的数据进行加密
|
||||
@ -28,3 +29,4 @@ export function decrypt(txt) {
|
||||
return encryptor.decrypt(txt)
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -63,10 +63,11 @@
|
||||
<script>
|
||||
|
||||
import { encrypt } from '@/utils/rsaEncrypt'
|
||||
import { ldapStatus, oidcStatus } from '@/api/user'
|
||||
import { ldapStatus, oidcStatus, getPublicKey } from '@/api/user'
|
||||
import { getSysUI } from '@/utils/auth'
|
||||
import PluginCom from '@/views/system/plugin/PluginCom'
|
||||
import Cookies from 'js-cookie'
|
||||
import store from "@/store";
|
||||
export default {
|
||||
name: 'Login',
|
||||
components: { PluginCom },
|
||||
@ -116,6 +117,12 @@ export default {
|
||||
this.loginTypes.push(2)
|
||||
}
|
||||
})
|
||||
getPublicKey().then(res => {
|
||||
if (res.success && res.data) {
|
||||
// 保存公钥
|
||||
localStorage.setItem('publicKey', res.data)
|
||||
}
|
||||
})
|
||||
},
|
||||
created() {
|
||||
this.$store.dispatch('user/getUI').then(() => {
|
||||
@ -162,11 +169,12 @@ export default {
|
||||
if (valid) {
|
||||
this.loading = true
|
||||
const user = {
|
||||
username: this.loginForm.username,
|
||||
password: this.loginForm.password,
|
||||
username: encrypt(this.loginForm.username),
|
||||
password: encrypt(this.loginForm.password),
|
||||
loginType: this.loginForm.loginType
|
||||
}
|
||||
user.password = encrypt(user.password)
|
||||
let publicKey = localStorage.getItem("publicKey");
|
||||
console.log(publicKey)
|
||||
this.$store.dispatch('user/login', user).then(() => {
|
||||
this.$router.push({ path: this.redirect || '/' })
|
||||
this.loading = false
|
||||
|
||||
Loading…
Reference in New Issue
Block a user