feat: 登录强制校验弱密码&关键信息加密传输

mayfly_go_web/package.json

@@ -14,6 +14,7 @@
     "cropperjs": "^1.5.11",
     "echarts": "^5.3.3",
     "element-plus": "^2.2.9",
+    "jsencrypt": "^3.2.1",
     "jsoneditor": "^9.9.0",
     "lodash": "^4.17.21",
     "mitt": "^3.0.0",
@@ -23,7 +24,7 @@
     "sql-formatter": "^7.0.3",
     "vue": "^3.2.37",
     "vue-clipboard3": "^1.0.1",
-    "vue-router": "^4.0.16",
+    "vue-router": "^4.1.2",
     "vuex": "^4.0.2",
     "xterm": "^4.19.0",
     "xterm-addon-fit": "^0.5.0"

mayfly_go_web/src/common/openApi.ts

@@ -2,6 +2,8 @@ import request from './request'
 
 export default {
     login: (param: any) => request.request('POST', '/sys/accounts/login', param, null),
+    changePwd: (param: any) => request.request('POST', '/sys/accounts/change-pwd', param, null),
+    getPublicKey: () => request.request('GET', '/common/public-key', null, null),
     captcha: () => request.request('GET', '/sys/captcha', null, null),
     logout: (param: any) => request.request('POST', '/sys/accounts/logout/{token}', param, null),
     getMenuRoute: (param: any) => request.request('Get', '/sys/resources/account', param, null)

mayfly_go_web/src/common/rsa.ts

@@ -0,0 +1,37 @@
+import openApi from './openApi';
+import JSEncrypt from 'jsencrypt'
+import { notBlank } from './assert';
+
+var encryptor: any = null
+
+export async function getRsaPublicKey() {
+    let publicKey = sessionStorage.getItem('RsaPublicKey')
+    if (publicKey) {
+        return publicKey
+    }
+    publicKey = await openApi.getPublicKey() as string
+    sessionStorage.setItem('RsaPublicKey', publicKey)
+    return publicKey
+}
+
+/**
+ * 公钥加密指定值
+ * 
+ * @param value value
+ * @returns 加密后的值
+ */
+export async function RsaEncrypt(value: any) {
+    // 不存在则返回空值
+    if (!value) {
+        return ""
+    }
+    if (encryptor != null) {
+        return encryptor.encrypt(value)
+    }
+    console.log(value)
+    encryptor = new JSEncrypt()
+    const publicKey = await getRsaPublicKey() as string;
+    notBlank(publicKey, "获取公钥失败")
+    encryptor.setPublicKey(publicKey)//设置公钥
+    return encryptor.encrypt(value)
+}

mayfly_go_web/src/views/login/component/AccountLogin.vue

@@ -1,18 +1,12 @@
 <template>
+    <div>
         <el-form ref="loginFormRef" :model="loginForm" :rules="rules" class="login-content-form" size="large">
             <el-form-item prop="username">
                 <el-input type="text" placeholder="请输入用户名" prefix-icon="user" v-model="loginForm.username" clearable autocomplete="off">
                 </el-input>
             </el-form-item>
             <el-form-item prop="password">
-            <el-input
-                type="password"
-                placeholder="请输入密码"
-                prefix-icon="lock"
-                v-model="loginForm.password"
-                autocomplete="off"
-                show-password
-            >
+                <el-input type="password" placeholder="请输入密码" prefix-icon="lock" v-model="loginForm.password" autocomplete="off" show-password>
                 </el-input>
             </el-form-item>
             <el-form-item prop="captcha">
@@ -49,6 +43,33 @@
                 </el-button>
             </el-form-item>
         </el-form>
+
+        <el-dialog title="修改密码" v-model="changePwdDialog.visible" :close-on-click-modal="false" width="450px" :destroy-on-close="true">
+            <el-form :model="changePwdDialog.form" :rules="changePwdDialog.rules" ref="changePwdFormRef" label-width="65px">
+                <el-form-item prop="username" label="用户名" required>
+                    <el-input v-model.trim="changePwdDialog.form.username" disabled></el-input>
+                </el-form-item>
+                <el-form-item prop="oldPassword" label="旧密码" required>
+                    <el-input v-model.trim="changePwdDialog.form.oldPassword" autocomplete="new-password" type="password"></el-input>
+                </el-form-item>
+                <el-form-item prop="newPassword" label="新密码" required>
+                    <el-input
+                        v-model.trim="changePwdDialog.form.newPassword"
+                        placeholder="须为8位以上且包含字⺟⼤⼩写+数字+特殊符号"
+                        type="password"
+                        autocomplete="new-password"
+                    ></el-input>
+                </el-form-item>
+            </el-form>
+
+            <template #footer>
+                <div class="dialog-footer">
+                    <el-button @click="cancelChangePwd">取 消</el-button>
+                    <el-button @click="changePwd" type="primary" :loading="loading.changePwd">确 定</el-button>
+                </div>
+            </template>
+        </el-dialog>
+    </div>
 </template>
 
 <script lang="ts">
@@ -60,7 +81,9 @@ import { useStore } from '@/store/index.ts';
 import { setSession } from '@/common/utils/storage.ts';
 import { formatAxis } from '@/common/utils/formatTime.ts';
 import openApi from '@/common/openApi';
+import { RsaEncrypt } from '@/common/rsa';
 import { letterAvatar } from '@/common/utils/string';
+
 export default defineComponent({
     name: 'AccountLogin',
     setup() {
@@ -68,6 +91,8 @@ export default defineComponent({
         const route = useRoute();
         const router = useRouter();
         const loginFormRef: any = ref(null);
+        const changePwdFormRef: any = ref(null);
+
         const state = reactive({
             captchaImage: '',
             loginForm: {
@@ -76,6 +101,24 @@ export default defineComponent({
                 captcha: '',
                 cid: '',
             },
+            changePwdDialog: {
+                visible: false,
+                form: {
+                    username: '',
+                    oldPassword: '',
+                    newPassword: '',
+                },
+                rules: {
+                    newPassword: [
+                        { required: true, message: '请输入新密码', trigger: 'blur' },
+                        {
+                            pattern: /^(?=.*[A-Za-z])(?=.*\d)(?=.*[`~!@#$%^&*()_+<>?:"{},.\/\\;'[\]])[A-Za-z\d`~!@#$%^&*()_+<>?:"{},.\/\\;'[\]]{8,}$/,
+                            message: '须为8位以上且包含字⺟⼤⼩写+数字+特殊符号',
+                            trigger: 'blur',
+                        },
+                    ],
+                },
+            },
             rules: {
                 username: [{ required: true, message: '请输入用户名', trigger: 'blur' }],
                 password: [{ required: true, message: '请输入密码', trigger: 'blur' }],
@@ -83,6 +126,7 @@ export default defineComponent({
             },
             loading: {
                 signIn: false,
+                changePwd: false,
             },
         });
 
@@ -116,15 +160,26 @@ export default defineComponent({
         const onSignIn = async () => {
             state.loading.signIn = true;
             let loginRes;
+            const originPwd = state.loginForm.password;
             try {
-                loginRes = await openApi.login(state.loginForm);
-                // // 存储 token 到浏览器缓存
+                const loginReq = { ...state.loginForm };
+                loginReq.password = await RsaEncrypt(originPwd);
+                loginRes = await openApi.login(loginReq);
+                // 存储 token 到浏览器缓存
                 setSession('token', loginRes.token);
                 setSession('menus', loginRes.menus);
-            } catch (e) {
+            } catch (e: any) {
                 state.loading.signIn = false;
                 state.loginForm.captcha = '';
+                // 密码强度不足
+                if (e.code && e.code == 401) {
+                    state.changePwdDialog.form.username = state.loginForm.username;
+                    state.changePwdDialog.form.oldPassword = originPwd;
+                    state.changePwdDialog.form.newPassword = '';
+                    state.changePwdDialog.visible = true;
+                } else {
                     getCaptcha();
+                }
                 return;
             }
             // 用户信息
@@ -174,11 +229,44 @@ export default defineComponent({
             }, 300);
         };
 
+        const changePwd = () => {
+            changePwdFormRef.value.validate(async (valid: boolean) => {
+                if (!valid) {
+                    return false;
+                }
+                try {
+                    state.loading.changePwd = true;
+                    const form = state.changePwdDialog.form;
+                    const changePwdReq: any = { ...form };
+                    changePwdReq.oldPassword = await RsaEncrypt(form.oldPassword);
+                    changePwdReq.newPassword = await RsaEncrypt(form.newPassword);
+                    await openApi.changePwd(changePwdReq);
+                    ElMessage.success('密码修改成功, 新密码已填充至登录密码框');
+                    state.loginForm.password = state.changePwdDialog.form.newPassword;
+                    state.changePwdDialog.visible = false;
+                    getCaptcha();
+                } finally {
+                    state.loading.changePwd = false;
+                }
+            });
+        };
+
+        const cancelChangePwd = () => {
+            state.changePwdDialog.visible = false;
+            state.changePwdDialog.form.newPassword = '';
+            state.changePwdDialog.form.oldPassword = '';
+            state.changePwdDialog.form.username = '';
+            getCaptcha();
+        };
+
         return {
             getCaptcha,
             currentTime,
             loginFormRef,
+            changePwdFormRef,
             login,
+            changePwd,
+            cancelChangePwd,
             ...toRefs(state),
         };
     },

mayfly_go_web/src/views/ops/db/DbEdit.vue

@@ -26,7 +26,7 @@
                     <el-input v-model.trim="form.host" placeholder="请输入主机ip" auto-complete="off"></el-input>
                 </el-form-item>
                 <el-form-item prop="port" label="port:" required>
-                    <el-input type="number" v-model.trim="form.port" placeholder="请输入端口"></el-input>
+                    <el-input type="number" v-model.number="form.port" placeholder="请输入端口"></el-input>
                 </el-form-item>
                 <el-form-item prop="username" label="用户名:" required>
                     <el-input v-model.trim="form.username" placeholder="请输入用户名"></el-input>
@@ -86,6 +86,7 @@ import { projectApi } from '../project/api.ts';
 import { ElMessage } from 'element-plus';
 import type { ElInput } from 'element-plus';
 import { notBlank } from '@/common/assert';
+import { RsaEncrypt } from '@/common/rsa';
 
 export default defineComponent({
     name: 'DbEdit',
@@ -259,10 +260,11 @@ export default defineComponent({
             if (!state.form.id) {
                 notBlank(state.form.password, '新增操作，密码不可为空');
             }
-            dbForm.value.validate((valid: boolean) => {
+            dbForm.value.validate(async (valid: boolean) => {
                 if (valid) {
-                    state.form.port = Number.parseInt(state.form.port as any);
-                    dbApi.saveDb.request(state.form).then(() => {
+                    const reqForm = { ...state.form };
+                    reqForm.password = await RsaEncrypt(reqForm.password);
+                    dbApi.saveDb.request(reqForm).then(() => {
                         ElMessage.success('保存成功');
                         emit('val-change', state.form);
                         state.btnLoading = true;

mayfly_go_web/src/views/ops/machine/MachineEdit.vue

@@ -48,6 +48,7 @@ import { toRefs, reactive, watch, defineComponent, ref } from 'vue';
 import { machineApi } from './api';
 import { ElMessage } from 'element-plus';
 import { notBlank } from '@/common/assert';
+import { RsaEncrypt } from '@/common/rsa';
 
 export default defineComponent({
     name: 'MachineEdit',
@@ -76,8 +77,8 @@ export default defineComponent({
                 projectName: null,
                 name: null,
                 port: 22,
-                username: null,
-                password: null,
+                username: "",
+                password: "",
                 remark: '',
             },
             btnLoading: false,
@@ -149,9 +150,11 @@ export default defineComponent({
             if (!state.form.id) {
                 notBlank(state.form.password, '新增操作，密码不可为空');
             }
-            machineForm.value.validate((valid: boolean) => {
+            machineForm.value.validate(async (valid: boolean) => {
                 if (valid) {
-                    machineApi.saveMachine.request(state.form).then(() => {
+                    const reqForm = { ...state.form };
+                    reqForm.password = await RsaEncrypt(state.form.password);
+                    machineApi.saveMachine.request(reqForm).then(() => {
                         ElMessage.success('保存成功');
                         emit('val-change', state.form);
                         state.btnLoading = true;

mayfly_go_web/src/views/ops/mongo/MongoDataOp.vue

@@ -15,7 +15,7 @@
                             </el-form-item>
 
                             <el-form-item label="库" label-width="20px">
-                                <el-select v-model="database" placeholder="请选择库" @change="changeDatabase">
+                                <el-select v-model="database" placeholder="请选择库" @change="changeDatabase" filterable>
                                     <el-option v-for="item in databases" :key="item.Name" :label="item.Name" :value="item.Name">
                                         <span style="float: left">{{ item.Name }}</span>
                                         <span style="float: right; color: #8492a6; margin-left: 4px; font-size: 13px">{{
@@ -26,12 +26,8 @@
                             </el-form-item>
 
                             <el-form-item label="集合" label-width="40px">
-                                <el-select v-model="collection" placeholder="请选择集合" @change="changeCollection">
+                                <el-select v-model="collection" placeholder="请选择集合" @change="changeCollection" filterable>
                                     <el-option v-for="item in collections" :key="item" :label="item" :value="item">
-                                        <!-- <span style="float: left">{{ item.uri }}</span>
-                                            <span style="float: right; color: #8492a6; margin-left: 6px; font-size: 13px">{{
-                                                ` [${item.name}]`
-                                            }}</span> -->
                                     </el-option>
                                 </el-select>
                             </el-form-item>

mayfly_go_web/src/views/ops/mongo/MongoEdit.vue

@@ -42,6 +42,7 @@ import { toRefs, reactive, watch, defineComponent, ref } from 'vue';
 import { mongoApi } from './api';
 import { projectApi } from '../project/api.ts';
 import { ElMessage } from 'element-plus';
+import { RsaEncrypt } from '@/common/rsa';
 
 export default defineComponent({
     name: 'MongoEdit',
@@ -144,9 +145,11 @@ export default defineComponent({
         };
 
         const btnOk = async () => {
-            mongoForm.value.validate((valid: boolean) => {
+            mongoForm.value.validate(async (valid: boolean) => {
                 if (valid) {
-                    mongoApi.saveMongo.request(state.form).then(() => {
+                    const reqForm = { ...state.form };
+                    reqForm.uri = await RsaEncrypt(reqForm.uri);
+                    mongoApi.saveMongo.request(reqForm).then(() => {
                         ElMessage.success('保存成功');
                         emit('val-change', state.form);
                         state.btnLoading = true;

mayfly_go_web/src/views/ops/redis/RedisEdit.vue

@@ -20,14 +20,19 @@
                     </el-select>
                 </el-form-item>
                 <el-form-item prop="host" label="host:" required>
-                    <el-input v-model.trim="form.host" placeholder="请输入host:port，集群模式用','分割" auto-complete="off" type="textarea"></el-input>
+                    <el-input
+                        v-model.trim="form.host"
+                        placeholder="请输入host:port，集群模式用','分割"
+                        auto-complete="off"
+                        type="textarea"
+                    ></el-input>
                 </el-form-item>
                 <el-form-item prop="password" label="密码:">
                     <el-input
                         type="password"
                         show-password
                         v-model.trim="form.password"
-                        placeholder="请输入密码"
+                        placeholder="请输入密码, 修改操作可不填"
                         autocomplete="new-password"
                     ></el-input>
                 </el-form-item>
@@ -54,6 +59,7 @@ import { toRefs, reactive, watch, defineComponent, ref } from 'vue';
 import { redisApi } from './api';
 import { projectApi } from '../project/api.ts';
 import { ElMessage } from 'element-plus';
+import { RsaEncrypt } from '@/common/rsa';
 
 export default defineComponent({
     name: 'RedisEdit',
@@ -80,14 +86,14 @@ export default defineComponent({
             form: {
                 id: null,
                 name: null,
-                mode: "standalone",
+                mode: 'standalone',
                 host: null,
                 password: null,
                 project: null,
                 projectId: null,
                 envId: null,
                 env: null,
-                remark: "",
+                remark: '',
             },
             btnLoading: false,
             rules: {
@@ -166,9 +172,11 @@ export default defineComponent({
         };
 
         const btnOk = async () => {
-            redisForm.value.validate((valid: boolean) => {
+            redisForm.value.validate(async (valid: boolean) => {
                 if (valid) {
-                    redisApi.saveRedis.request(state.form).then(() => {
+                    const reqForm = { ...state.form };
+                    reqForm.password = await RsaEncrypt(reqForm.password);
+                    redisApi.saveRedis.request(reqForm).then(() => {
                         ElMessage.success('保存成功');
                         emit('val-change', state.form);
                         state.btnLoading = true;

mayfly_go_web/src/views/ops/redis/RedisList.vue

@@ -22,7 +22,7 @@
                 <el-table-column prop="env" label="环境" min-width="100"></el-table-column>
                 <el-table-column prop="host" label="host:port" min-width="150" show-overflow-tooltip> </el-table-column>
                 <el-table-column prop="mode" label="mode" min-width="100"></el-table-column>
-                <el-table-column prop="remark" label="备注" min-width="100"></el-table-column>
+                <el-table-column prop="remark" label="备注" min-width="120" show-overflow-tooltip></el-table-column>
                 <el-table-column prop="createTime" label="创建时间" min-width="160">
                     <template #default="scope">
                         {{ $filters.dateFormat(scope.row.createTime) }}

server/go.mod

@@ -9,12 +9,12 @@ require (
 	github.com/gorilla/websocket v1.5.0
 	github.com/lib/pq v1.10.6
 	github.com/mojocn/base64Captcha v1.3.5 // 验证码
-	github.com/pkg/sftp v1.13.4
+	github.com/pkg/sftp v1.13.5
 	github.com/robfig/cron/v3 v3.0.1 // 定时任务
 	github.com/sirupsen/logrus v1.8.1
 	github.com/xwb1989/sqlparser v0.0.0-20180606152119-120387863bf2
 	go.mongodb.org/mongo-driver v1.9.1 // mongo
-	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // ssh
+	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // ssh
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	// gorm
 	gorm.io/driver/mysql v1.3.4

server/initialize/router.go

@@ -2,7 +2,7 @@ package initialize
 
 import (
 	"fmt"
-	common_index_router "mayfly-go/internal/common/router"
+	common_router "mayfly-go/internal/common/router"
 	devops_router "mayfly-go/internal/devops/router"
 	sys_router "mayfly-go/internal/sys/router"
 	"mayfly-go/pkg/config"
@@ -46,7 +46,8 @@ func InitRouter() *gin.Engine {
 	// 设置路由组
 	api := router.Group("/api")
 	{
-		common_index_router.InitIndexRouter(api)
+		common_router.InitIndexRouter(api)
+		common_router.InitCommonRouter(api)
 
 		sys_router.InitCaptchaRouter(api)
 		sys_router.InitAccountRouter(api) // 注册account路由

server/internal/common/api/common.go

@@ -0,0 +1,16 @@
+package api
+
+import (
+	"mayfly-go/pkg/biz"
+	"mayfly-go/pkg/ctx"
+	"mayfly-go/pkg/utils"
+)
+
+type Common struct {
+}
+
+func (i *Common) RasPublicKey(rc *ctx.ReqCtx) {
+	publicKeyStr, err := utils.GetRsaPublicKey()
+	biz.ErrIsNilAppendErr(err, "rsa生成公私钥失败")
+	rc.ResData = publicKeyStr
+}

server/internal/common/router/common.go

@@ -0,0 +1,21 @@
+package router
+
+import (
+	"mayfly-go/internal/common/api"
+	"mayfly-go/pkg/ctx"
+
+	"github.com/gin-gonic/gin"
+)
+
+func InitCommonRouter(router *gin.RouterGroup) {
+	common := router.Group("common")
+	c := &api.Common{}
+	{
+		// 获取公钥
+		common.GET("public-key", func(g *gin.Context) {
+			ctx.NewReqCtxWithGin(g).
+				WithNeedToken(false).
+				Handle(c.RasPublicKey)
+		})
+	}
+}

server/internal/devops/api/db.go

@@ -47,6 +47,12 @@ func (d *Db) Save(rc *ctx.ReqCtx) {
 
 	db := new(entity.Db)
 	utils.Copy(db, form)
+
+	// 密码解密，并使用解密后的赋值
+	originPwd, err := utils.DefaultRsaDecrypt(form.Password, true)
+	biz.ErrIsNilAppendErr(err, "解密密码错误: %s")
+	db.Password = originPwd
+
 	// 密码脱敏记录日志
 	form.Password = "****"
 	rc.ReqParam = form

server/internal/devops/api/form/redis.go

@@ -10,6 +10,7 @@ type Redis struct {
 	Project   string `json:"project"`
 	Env       string `json:"env"`
 	EnvId     uint64 `binding:"required" json:"envId"`
+	Remark    string `json:"remark"`
 }
 
 type KeyInfo struct {

server/internal/devops/api/machine.go

@@ -57,6 +57,11 @@ func (m *Machine) SaveMachine(rc *ctx.ReqCtx) {
 	entity := new(entity.Machine)
 	utils.Copy(entity, machineForm)
 
+	// 密码解密，并使用解密后的赋值
+	originPwd, err := utils.DefaultRsaDecrypt(machineForm.Password, true)
+	biz.ErrIsNilAppendErr(err, "解密密码错误: %s")
+	entity.Password = originPwd
+
 	// 密码脱敏记录日志
 	machineForm.Password = "****"
 	rc.ReqParam = machineForm

server/internal/devops/api/mongo.go

@@ -38,6 +38,11 @@ func (m *Mongo) Save(rc *ctx.ReqCtx) {
 
 	mongo := new(entity.Mongo)
 	utils.Copy(mongo, form)
+	// 解密uri，并使用解密后的赋值
+	originUri, err := utils.DefaultRsaDecrypt(form.Uri, true)
+	biz.ErrIsNilAppendErr(err, "解密uri错误: %s")
+	mongo.Uri = originUri
+
 	mongo.SetBaseInfo(rc.LoginAccount)
 	m.MongoApp.Save(mongo)
 }

server/internal/devops/api/redis.go

@@ -38,6 +38,12 @@ func (r *Redis) Save(rc *ctx.ReqCtx) {
 
 	redis := new(entity.Redis)
 	utils.Copy(redis, form)
+
+	// 密码解密，并使用解密后的赋值
+	originPwd, err := utils.DefaultRsaDecrypt(redis.Password, true)
+	biz.ErrIsNilAppendErr(err, "解密密码错误: %s")
+	redis.Password = originPwd
+
 	// 密码脱敏记录日志
 	form.Password = "****"
 	rc.ReqParam = form

server/internal/devops/application/redis_app.go

@@ -65,7 +65,10 @@ func (r *redisAppImpl) GetRedisBy(condition *entity.Redis, cols ...string) error
 }
 
 func (r *redisAppImpl) Save(re *entity.Redis) {
+	// ’修改信息且密码不为空‘ or ‘新增’需要测试是否可连接
+	if (re.Id != 0 && re.Password != "") || re.Id == 0 {
 		TestRedisConnection(re)
+	}
 
 	// 查找是否存在该库
 	oldRedis := &entity.Redis{Host: re.Host, Db: re.Db}

server/internal/sys/api/account.go

@@ -12,6 +12,7 @@ import (
 	"mayfly-go/pkg/ginx"
 	"mayfly-go/pkg/model"
 	"mayfly-go/pkg/utils"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -34,10 +35,16 @@ func (a *Account) Login(rc *ctx.ReqCtx) {
 	// 校验验证码
 	biz.IsTrue(captcha.Verify(loginForm.Cid, loginForm.Captcha), "验证码错误")
 
-	account := &entity.Account{Username: loginForm.Username, Password: utils.Md5(loginForm.Password)}
+	originPwd, err := utils.DefaultRsaDecrypt(loginForm.Password, true)
+	biz.ErrIsNilAppendErr(err, "解密密码错误: %s")
+
+	account := &entity.Account{Username: loginForm.Username, Password: utils.Md5(originPwd)}
 	biz.ErrIsNil(a.AccountApp.GetAccount(account, "Id", "Username", "Status", "LastLoginTime", "LastLoginIp"), "用户名或密码错误")
 	biz.IsTrue(account.IsEnable(), "该账号不可用")
 
+	// 校验密码强度是否符合
+	biz.IsTrueBy(CheckPasswordLever(originPwd), biz.NewBizErrCode(401, "您的密码安全等级较低，请修改后重新登录"))
+
 	var resources vo.AccountResourceVOList
 	// 获取账号菜单资源
 	a.ResourceApp.GetAccountResources(account.Id, &resources)
@@ -72,6 +79,48 @@ func (a *Account) Login(rc *ctx.ReqCtx) {
 	}
 }
 
+func (a *Account) ChangePassword(rc *ctx.ReqCtx) {
+	form := new(form.AccountChangePasswordForm)
+	ginx.BindJsonAndValid(rc.GinCtx, form)
+
+	originOldPwd, err := utils.DefaultRsaDecrypt(form.OldPassword, true)
+	biz.ErrIsNilAppendErr(err, "解密旧密码错误: %s")
+
+	account := &entity.Account{Username: form.Username, Password: utils.Md5(originOldPwd)}
+	biz.ErrIsNil(a.AccountApp.GetAccount(account, "Id", "Username", "Status"), "旧密码不正确")
+
+	originNewPwd, err := utils.DefaultRsaDecrypt(form.NewPassword, true)
+	biz.ErrIsNilAppendErr(err, "解密新密码错误: %s")
+	biz.IsTrue(CheckPasswordLever(originNewPwd), "密码强度必须8位以上且包含字⺟⼤⼩写+数字+特殊符号")
+
+	updateAccount := new(entity.Account)
+	updateAccount.Id = account.Id
+	updateAccount.Password = utils.Md5(originNewPwd)
+	a.AccountApp.Update(updateAccount)
+
+	// 赋值loginAccount 主要用于记录操作日志，因为操作日志保存请求上下文没有该信息不保存日志
+	rc.LoginAccount = &model.LoginAccount{Id: account.Id, Username: account.Username}
+}
+
+func CheckPasswordLever(ps string) bool {
+	if len(ps) < 8 {
+		return false
+	}
+	num := `[0-9]{1}`
+	a_z := `[a-zA-Z]{1}`
+	symbol := `[!@#~$%^&*()+|_.,]{1}`
+	if b, err := regexp.MatchString(num, ps); !b || err != nil {
+		return false
+	}
+	if b, err := regexp.MatchString(a_z, ps); !b || err != nil {
+		return false
+	}
+	if b, err := regexp.MatchString(symbol, ps); !b || err != nil {
+		return false
+	}
+	return true
+}
+
 // 保存更新账号登录信息
 func (a *Account) saveLogin(account *entity.Account, ip string) {
 	// 更新账号最后登录时间
@@ -105,7 +154,7 @@ func (a *Account) saveLogin(account *entity.Account, ip string) {
 }
 
 // 获取个人账号信息
-func (a Account) AccountInfo(rc *ctx.ReqCtx) {
+func (a *Account) AccountInfo(rc *ctx.ReqCtx) {
 	ap := new(vo.AccountPersonVO)
 	// 角色信息
 	roles := new([]vo.AccountRoleVO)
@@ -116,7 +165,7 @@ func (a Account) AccountInfo(rc *ctx.ReqCtx) {
 }
 
 // 更新个人账号信息
-func (a Account) UpdateAccount(rc *ctx.ReqCtx) {
+func (a *Account) UpdateAccount(rc *ctx.ReqCtx) {
 	updateForm := &form.AccountUpdateForm{}
 	ginx.BindJsonAndValid(rc.GinCtx, updateForm)
 
@@ -126,13 +175,14 @@ func (a Account) UpdateAccount(rc *ctx.ReqCtx) {
 	updateAccount.Id = rc.LoginAccount.Id
 
 	if updateAccount.Password != "" {
+		biz.IsTrue(CheckPasswordLever(updateAccount.Password), "密码强度必须8位以上且包含字⺟⼤⼩写+数字+特殊符号")
 		updateAccount.Password = utils.Md5(updateAccount.Password)
 	}
 	a.AccountApp.Update(updateAccount)
 }
 
 // 获取账号接收的消息列表
-func (a Account) GetMsgs(rc *ctx.ReqCtx) {
+func (a *Account) GetMsgs(rc *ctx.ReqCtx) {
 	condition := &entity.Msg{
 		RecipientId: int64(rc.LoginAccount.Id),
 	}

server/internal/sys/api/form/account.go

@@ -7,3 +7,9 @@ type AccountCreateForm struct {
 type AccountUpdateForm struct {
 	Password *string `json:"password" binding:"min=6,max=16"`
 }
+
+type AccountChangePasswordForm struct {
+	Username    string `json:"username"`
+	OldPassword string `json:"oldPassword"`
+	NewPassword string `json:"newPassword"`
+}

server/internal/sys/router/account.go

@@ -26,6 +26,14 @@ func InitAccountRouter(router *gin.RouterGroup) {
 				Handle(a.Login)
 		})
 
+		changePwdLog := ctx.NewLogInfo("用户修改密码").WithSave(true)
+		account.POST("change-pwd", func(g *gin.Context) {
+			ctx.NewReqCtxWithGin(g).
+				WithNeedToken(false).
+				WithLog(changePwdLog).
+				Handle(a.ChangePassword)
+		})
+
 		// 获取个人账号信息
 		account.GET("/self", func(c *gin.Context) {
 			ctx.NewReqCtxWithGin(c).Handle(a.AccountInfo)

server/pkg/biz/bizerror.go

@@ -7,28 +7,28 @@ type BizError struct {
 }
 
 var (
-	Success       *BizError = NewBizErrCode(200, "success")
-	BizErr        *BizError = NewBizErrCode(400, "biz error")
-	ServerError   *BizError = NewBizErrCode(500, "server error")
-	PermissionErr *BizError = NewBizErrCode(501, "token error")
+	Success       BizError = NewBizErrCode(200, "success")
+	BizErr        BizError = NewBizErrCode(400, "biz error")
+	ServerError   BizError = NewBizErrCode(500, "server error")
+	PermissionErr BizError = NewBizErrCode(501, "token error")
 )
 
 // 错误消息
-func (e *BizError) Error() string {
+func (e BizError) Error() string {
 	return e.err
 }
 
 // 错误码
-func (e *BizError) Code() int16 {
+func (e BizError) Code() int16 {
 	return e.code
 }
 
 // 创建业务逻辑错误结构体，默认为业务逻辑错误
-func NewBizErr(msg string) *BizError {
-	return &BizError{code: BizErr.code, err: msg}
+func NewBizErr(msg string) BizError {
+	return BizError{code: BizErr.code, err: msg}
 }
 
 // 创建业务逻辑错误结构体，可设置指定错误code
-func NewBizErrCode(code int16, msg string) *BizError {
-	return &BizError{code: code, err: msg}
+func NewBizErrCode(code int16, msg string) BizError {
+	return BizError{code: code, err: msg}
 }

server/pkg/ctx/log_handler.go

@@ -95,7 +95,7 @@ func getErrMsg(rc *ReqCtx, err interface{}) string {
 
 	var errMsg string
 	switch t := err.(type) {
-	case *biz.BizError:
+	case biz.BizError:
 		errMsg = fmt.Sprintf("\n<-e errCode: %d, errMsg: %s", t.Code(), t.Error())
 	case error:
 		errMsg = fmt.Sprintf("\n<-e errMsg: %s\n%s", t.Error(), string(debug.Stack()))

server/pkg/ginx/ginx.go

@@ -62,7 +62,7 @@ func SuccessRes(g *gin.Context, data interface{}) {
 // 返回失败结果集
 func ErrorRes(g *gin.Context, err interface{}) {
 	switch t := err.(type) {
-	case *biz.BizError:
+	case biz.BizError:
 		g.JSON(http.StatusOK, model.Error(t))
 	case error:
 		g.JSON(http.StatusOK, model.ServerError())

server/pkg/model/result.go

@@ -44,7 +44,7 @@ func SuccessNoData() *Result {
 	return &Result{Code: SuccessCode, Msg: SuccessMsg}
 }
 
-func Error(bizerr *biz.BizError) *Result {
+func Error(bizerr biz.BizError) *Result {
 	return &Result{Code: bizerr.Code(), Msg: bizerr.Error()}
 }
 

server/pkg/utils/crypto_utils.go

@@ -1,8 +1,15 @@
 package utils
 
 import (
+	"bytes"
 	"crypto/md5"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/base64"
 	"encoding/hex"
+	"encoding/pem"
+	"errors"
 )
 
 // md5
@@ -11,3 +18,115 @@ func Md5(str string) string {
 	h.Write([]byte(str))
 	return hex.EncodeToString(h.Sum(nil))
 }
+
+// 系统统一RSA秘钥对
+var RsaPair []string
+
+// 生成RSA私钥和公钥字符串
+// bits 证书大小
+// @return privateKeyStr publicKeyStr error
+func GenerateRSAKey(bits int) (string, string, error) {
+	var privateKeyStr, publicKeyStr string
+
+	//GenerateKey函数使用随机数据生成器random生成一对具有指定字位数的RSA密钥
+	//Reader是一个全局、共享的密码用强随机数生成器
+	privateKey, err := rsa.GenerateKey(rand.Reader, bits)
+	if err != nil {
+		return privateKeyStr, publicKeyStr, err
+	}
+	//保存私钥
+	//通过x509标准将得到的ras私钥序列化为ASN.1 的 DER编码字符串
+	X509PrivateKey := x509.MarshalPKCS1PrivateKey(privateKey)
+	//构建一个pem.Block结构体对象
+	privateBlock := pem.Block{Type: "RSA Private Key", Bytes: X509PrivateKey}
+
+	privateBuf := new(bytes.Buffer)
+	pem.Encode(privateBuf, &privateBlock)
+	privateKeyStr = privateBuf.String()
+
+	//保存公钥
+	//获取公钥的数据
+	publicKey := privateKey.PublicKey
+	//X509对公钥编码
+	X509PublicKey, err := x509.MarshalPKIXPublicKey(&publicKey)
+	if err != nil {
+		return publicKeyStr, privateKeyStr, err
+	}
+	//创建一个pem.Block结构体对象
+	publicBlock := pem.Block{Type: "RSA Public Key", Bytes: X509PublicKey}
+
+	publicBuf := new(bytes.Buffer)
+	pem.Encode(publicBuf, &publicBlock)
+	publicKeyStr = publicBuf.String()
+
+	return privateKeyStr, publicKeyStr, nil
+}
+
+// rsa解密
+func RsaDecrypt(privateKeyStr string, data []byte) ([]byte, error) {
+	block, _ := pem.Decode([]byte(privateKeyStr))
+	if block == nil {
+		return nil, errors.New("private key error")
+	}
+
+	priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	return rsa.DecryptPKCS1v15(rand.Reader, priv, data)
+}
+
+// 使用系统默认的私钥解密
+// @param base64 字符串是否使用base64编码
+func DefaultRsaDecrypt(data string, useBase64 bool) (string, error) {
+	// 空字符串不解密
+	if data == "" {
+		return "", nil
+	}
+	if useBase64 {
+		if decodeBase64, err := base64.StdEncoding.DecodeString(data); err != nil {
+			return "", err
+		} else {
+			data = string(decodeBase64)
+		}
+	}
+	priKey, err := GetRsaPrivateKey()
+	if err != nil {
+		return "", err
+	}
+	val, err := RsaDecrypt(priKey, []byte(data))
+	if err != nil {
+		return "", err
+	}
+	return string(val), nil
+}
+
+// 获取系统的RSA公钥
+func GetRsaPublicKey() (string, error) {
+	if len(RsaPair) == 2 {
+		return RsaPair[1], nil
+	}
+
+	privateKey, publicKey, err := GenerateRSAKey(1024)
+	if err != nil {
+		return "", err
+	}
+	RsaPair = append(RsaPair, privateKey)
+	RsaPair = append(RsaPair, publicKey)
+	return publicKey, nil
+}
+
+// 获取系统私钥
+func GetRsaPrivateKey() (string, error) {
+	if len(RsaPair) == 2 {
+		return RsaPair[0], nil
+	}
+
+	privateKey, publicKey, err := GenerateRSAKey(1024)
+	if err != nil {
+		return "", err
+	}
+	RsaPair = append(RsaPair, privateKey)
+	RsaPair = append(RsaPair, publicKey)
+	return privateKey, nil
+}