From 2062063811dcd9f9f0fd0dff05345e62bb3c5ba3 Mon Sep 17 00:00:00 2001 From: RockChinQ <1010553892@qq.com> Date: Wed, 14 Aug 2024 12:55:46 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=BC=BA=E5=88=B6=E5=88=87=E6=8D=A2?= =?UTF-8?q?=E5=88=B0=20argon2id?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/config/config.go | 1 - backend/database/mongo.go | 5 ++-- backend/database/po.go | 3 +-- backend/service/account.go | 52 +++++++++++++------------------------- backend/util/crypto.go | 16 ------------ 5 files changed, 20 insertions(+), 57 deletions(-) diff --git a/backend/config/config.go b/backend/config/config.go index 11b9b4a..85e1a2b 100644 --- a/backend/config/config.go +++ b/backend/config/config.go @@ -47,7 +47,6 @@ func SetDefault() { viper.SetDefault("mq.redis.hash.post_publish_status", "campux_post_publish_status") viper.SetDefault("mq.redis.prefix.oauth2_code", "campux_oauth2_code") - viper.SetDefault("experimental.password.hash.argon", true) } // 创建配置文件对象 diff --git a/backend/database/mongo.go b/backend/database/mongo.go index e84f839..53baf44 100644 --- a/backend/database/mongo.go +++ b/backend/database/mongo.go @@ -168,7 +168,7 @@ func (m *MongoDBManager) GetAccountByUIN(uin int64) (*AccountPO, error) { return &acc, nil } -func (m *MongoDBManager) UpdatePassword(uin int64, pwd, salt string) error { +func (m *MongoDBManager) UpdatePassword(uin int64, pwd string) error { // 更新 _, err := m.Client.Database(viper.GetString("database.mongo.db")).Collection(ACCOUNT_COLLECTION).UpdateOne( @@ -178,8 +178,7 @@ func (m *MongoDBManager) UpdatePassword(uin int64, pwd, salt string) error { }, bson.M{ "$set": bson.M{ - "pwd": pwd, - "salt": salt, + "pwd": pwd, }, }, ) diff --git a/backend/database/po.go b/backend/database/po.go index 5502982..c49316a 100644 --- a/backend/database/po.go +++ b/backend/database/po.go @@ -25,8 +25,7 @@ type AccountPO struct { Uin int64 `json:"uin" bson:"uin"` // QQ号 Pwd string `json:"pwd" bson:"pwd"` // 数据库存md5之后的密码 CreatedAt time.Time `json:"created_at" bson:"created_at"` // CST时间 - UserGroup UserGroup `json:"user_group" bson:"user_group"` // 用户组 - Salt string `json:"salt" bson:"salt"` // 加盐 + UserGroup UserGroup `json:"user_group" bson:"user_group"` // 用户 } type AccountExpose struct { diff --git a/backend/service/account.go b/backend/service/account.go index c6a046f..7be68ba 100644 --- a/backend/service/account.go +++ b/backend/service/account.go @@ -2,7 +2,6 @@ package service import ( "errors" - "github.com/spf13/viper" "time" "github.com/RockChinQ/Campux/backend/database" @@ -35,22 +34,16 @@ func (as *AccountService) CreateAccount(uin int64) (string, error) { return "", ErrAccountAlreadyExist } else { initPwd := util.GenerateRandomPassword() - salt := util.GenerateRandomSalt() var pwdHash string - if viper.GetBool(`experimental.password.hash.argon`) { - pwdHash, err = util.CreateHash(initPwd, util.DefaultParams) - if err != nil { - return "", err - } - } else { - pwdHash = util.EncryptPassword(initPwd, salt) + pwdHash, err = util.CreateHash(initPwd, util.DefaultParams) + if err != nil { + return "", err } acc := &database.AccountPO{ Uin: uin, Pwd: pwdHash, UserGroup: database.USER_GROUP_USER, - Salt: salt, CreatedAt: util.GetCSTTime(), } @@ -72,13 +65,13 @@ func (as *AccountService) CheckAccount(uin int64, pwd string) (string, error) { } var valid bool - if viper.GetBool(`experimental.password.hash.argon`) { - valid, err = util.ComparePasswordAndHash(pwd, acc.Pwd) - if err != nil { - return "", err + valid, err = util.ComparePasswordAndHash(pwd, acc.Pwd) + if err != nil { + if err == util.ErrInvalidHash { + return "", errors.New("hash 算法已更改,请重置密码") } - } else { - valid = acc.Pwd == util.EncryptPassword(pwd, acc.Salt) + + return "", err } if !valid { @@ -104,21 +97,16 @@ func (as *AccountService) ResetPassword(uin int64) (string, error) { // 生成新密码 newPwd := util.GenerateRandomPassword() - salt := util.GenerateRandomSalt() var encryptedPwd string - if viper.GetBool(`experimental.password.hash.argon`) { - encryptedPwd, err = util.CreateHash(newPwd, util.DefaultParams) - if err != nil { - return "", err - } - } else { - encryptedPwd = util.EncryptPassword(newPwd, salt) + encryptedPwd, err = util.CreateHash(newPwd, util.DefaultParams) + if err != nil { + return "", err } // 更新密码 - err = as.DB.UpdatePassword(uin, encryptedPwd, salt) + err = as.DB.UpdatePassword(uin, encryptedPwd) return newPwd, err } @@ -135,20 +123,14 @@ func (as *AccountService) ChangePassword(uin int64, newPwd string) error { return ErrAccountNotFound } - salt := util.GenerateRandomSalt() - var encryptedPwd string - if viper.GetBool(`experimental.password.hash.argon`) { - encryptedPwd, err = util.CreateHash(newPwd, util.DefaultParams) - if err != nil { - return err - } - } else { - encryptedPwd = util.EncryptPassword(newPwd, salt) + encryptedPwd, err = util.CreateHash(newPwd, util.DefaultParams) + if err != nil { + return err } // 更新密码 - err = as.DB.UpdatePassword(uin, encryptedPwd, salt) + err = as.DB.UpdatePassword(uin, encryptedPwd) return err } diff --git a/backend/util/crypto.go b/backend/util/crypto.go index 2dfc4d9..80c8691 100644 --- a/backend/util/crypto.go +++ b/backend/util/crypto.go @@ -24,19 +24,3 @@ func GenerateRandomPassword() string { return string(b) } - -// 随机生成一个包含小写字母和数字的字符串,长度为16 -// 用于生成salt -func GenerateRandomSalt() string { - const letterBytes = "abcdefghijklmnopqrstuvwxyz0123456789" - b := make([]byte, 16) - for i := range b { - b[i] = letterBytes[rand.Intn(len(letterBytes))] - } - return string(b) -} - -// 计算密码的md5值 -func EncryptPassword(password, salt string) string { - return MD5(password + salt) -}