20221118提交

 修改密码算法 sm3 加盐  增加弹窗

app/model/Configuration.js

@@ -39,6 +39,14 @@ module.exports = app => {
     record: {
       type: String,
     },
+    // 是否显示弹窗
+    isshow: {
+      type: Boolean,
+    },
+    // 弹窗文字
+    isname: {
+      type: String,
+    },
   });
   return mongoose.model('Configuration', ConfigurationSchema);
 };

app/service/adminUser.js

@@ -3,7 +3,9 @@
 const Service = require('egg').Service;
 const assert = require('assert');
 const moment = require('moment');
-const crypto = require('crypto');
+// const crypto = require('crypto');
+const sm3 = require('sm3');
+const uuid = require('uuid');
 class adminUserService extends Service {
   async create({ acct, password, userName, phone, state, roleList }) {
     assert(acct, '帐号不存在');
@@ -14,10 +16,12 @@ class adminUserService extends Service {
     const user = await model.find({ acct });
     if (user.length > 0) return { errmsg: '帐号已存在', errcode: -2001 };
     const createAt = moment().format('x');
-    const hash = crypto.createHmac('sha256', this.app.config.userSecret);
-    const pwa = hash.update(password).digest('hex');
+    // 生成uuid盐值
+    const salt = uuid.v1();
+    // sm3 加盐加密
+    password = sm3(`${password}:${salt}`);
     try {
-      const res = await model.create({ acct, password: pwa, userName, phone, createAt, state, roleList });
+      const res = await model.create({ acct, password, userName, phone, createAt, state, roleList });
       return { errmsg: '', errcode: 0, res };
     } catch (error) {
       console.log(error);
@@ -27,10 +31,11 @@ class adminUserService extends Service {
   async update({ userName, phone, _id, roleList, state, password }) {
     assert(_id, 'id不存在');
     const { AdminUser: model } = this.ctx.model;
+    const user = await model.findOne({ _id });
     try {
       if (password) {
-        const hash = crypto.createHmac('sha256', this.app.config.userSecret);
-        password = hash.update(password).digest('hex');
+        // sm3 使用数据库存储的盐值 加密
+        password = sm3(`${password}:${user.salt}`);
       }
       await model.findById(_id).update({ userName, phone, roleList, state, password });
       return { errmsg: '', errcode: 0 };
@@ -42,15 +47,16 @@ class adminUserService extends Service {
   async pwdUpdate({ password, userName, confirmPwd }) {
     assert(userName, '用户名不存在');
     const { AdminUser: model } = this.ctx.model;
-    const hash = crypto.createHmac('sha256', this.app.config.userSecret);
-    const cpwd = hash.update(confirmPwd).digest('hex');
+    const user = await model.findOne({ userName });
+    if (!user) return { errcode: -1001, errmsg: '用户不存在', data: '' };
+    const cpwd = sm3(`${confirmPwd}:${user.salt}`);
+    if (user.password !== cpwd) return { errcode: -1001, errmsg: '原密码不正确', data: '' };
     try {
       const res = await model.findOne({ userName });
       if (res.password !== cpwd) {
         return { errmsg: '原密码错误', errcode: -2003 };
       }
-      const hash = crypto.createHmac('sha256', this.app.config.userSecret);
-      password = hash.update(password).digest('hex');
+      password = sm3(`${password}:${user.salt}`);
       await model.findByIdAndUpdate(res._id, { password });
       return { errmsg: '', errcode: 0 };
     } catch (error) {
@@ -77,9 +83,9 @@ class adminUserService extends Service {
       let res;
       const total = await model.find({ ...filter });
       if (skip && limit) {
-        res = await model.find({ ...filter }, { password: false }).skip(Number(skip) * Number(limit)).limit(Number(limit));
+        res = await model.find({ ...filter }, { password: false, salt: false }).skip(Number(skip) * Number(limit)).limit(Number(limit));
       } else {
-        res = await model.find({ ...filter }, { password: false });
+        res = await model.find({ ...filter }, { password: false, salt: false });
       }
       return { errmsg: '', errcode: 0, data: res, total: total.length };
     } catch (error) {

app/service/configuration.js

@@ -4,21 +4,21 @@ const Service = require('egg').Service;
 const assert = require('assert');
 const moment = require('moment');
 class ConfigurationService extends Service {
-  async create({ name, describe, company, phone, address, mail, postcode, record, path }) {
+  async create({ name, describe, company, phone, address, mail, postcode, record, path, isshow, isname }) {
     const { Configuration: model } = this.ctx.model;
     const createAt = moment().format('x');
     try {
-      await model.create({ name, describe, company, phone, address, mail, postcode, record, createAt, path });
+      await model.create({ name, describe, company, phone, address, mail, postcode, record, createAt, path, isshow, isname });
       return { errmsg: '', errcode: 0 };
     } catch (error) {
       throw new Error('添加失败');
     }
   }
-  async update({ name, describe, company, phone, address, mail, postcode, record, _id, path }) {
+  async update({ name, describe, company, phone, address, mail, postcode, record, _id, path, isshow, isname }) {
     assert(_id, 'id不存在');
     const { Configuration: model } = this.ctx.model;
     try {
-      await model.findById(_id).update({ name, describe, company, phone, address, mail, postcode, record, path });
+      await model.findById(_id).update({ name, describe, company, phone, address, mail, postcode, record, path, isshow, isname });
       return { errmsg: '', errcode: 0 };
     } catch (error) {
       throw new Error('修改失败');

app/service/power.js

@@ -2,9 +2,9 @@
 
 const Service = require('egg').Service;
 const assert = require('assert');
-const crypto = require('crypto');
 const menu = require('../public/adminMenu');
 const svgCaptcha = require('svg-captcha');
+const sm3 = require('sm3');
 class UserService extends Service {
   async login({ acct, password, code }) {
     assert(acct, '帐号不存在');
@@ -15,17 +15,16 @@ class UserService extends Service {
       return { errmsg: '验证码错误', errcode: -2003 };
     }
     const { AdminUser: model } = this.ctx.model;
-    const hash = crypto.createHmac('sha256', this.app.config.userSecret);
-    const pwd = hash.update(password).digest('hex');
     try {
-      const res = await model.find({ acct });
-      if (res.length <= 0) {
+      const res = await model.findOne({ acct });
+      if (!res) {
         return { errmsg: '用户不存在', errcode: -2003 };
       }
-      const userInfo = res[0];
+      const userInfo = res;
       if (userInfo.state !== '0') {
         return { errmsg: '用户状态异常', errcode: -2003 };
       }
+      const pwd = sm3(`${password}:${userInfo.salt}`);
       if (userInfo.password !== pwd) {
         return { errmsg: '密码错误', errcode: -2003 };
       }
@@ -68,17 +67,21 @@ class UserService extends Service {
     }
   }
   async captcha() {
-    const captcha = svgCaptcha.create({
-      size: 4,
-      fontSize: 50,
-      ignoreChars: 'Ooli',
-      width: 100,
-      height: 40,
-      noise: 3,
-      color: true,
-      background: '#cc9966',
+    const captcha = svgCaptcha.createMathExpr({
+      // 翻转颜色
+      inverse: false,
+      // 字体大小
+      fontSize: 36,
+      // 噪声线条数
+      noise: 2,
+      // 宽度
+      width: 80,
+      // 高度
+      height: 30,
     });
-    this.ctx.session.code = captcha.text;
+    // 保存到redis,忽略大小写
+    const code = captcha.text.toLowerCase();
+    this.ctx.session.code = code;
     this.ctx.response.type = 'image/svg+xml';
     return captcha.data;
   }

package.json

@@ -15,6 +15,7 @@
     "egg-session": "^3.3.0",
     "lodash": "^4.17.21",
     "moment": "^2.29.1",
+    "sm3": "^1.0.3",
     "svg-captcha": "^1.4.0",
     "uuid": "^8.3.2"
   },