处理java端用户体系和node逻辑保持一致 (#367)

* fix: 1. 去除jwt存储password关键信息;token创建逻辑同node,jwt信息实现node和java互通
2. 新增hash256方法,用户注册password加密逻辑同node,实现java端注册的账号登录和node版本互通

* 删除获取获取jwt信息中的魔法值;处理空指针问题

* add error code

* 常量命名调整
This commit is contained in:
misWCL 2024-07-27 21:04:47 +08:00 committed by GitHub
parent 5e95e33691
commit db9735b4a2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 51 additions and 7 deletions

View File

@ -6,6 +6,7 @@ import lombok.Getter;
public enum RespErrorCode {
AUTHENTICATION_FAILED(1001, "没有权限"),
PARAMETER_ERROR(1002, "参数有误"),
ENCRYPTION_ERROR(1003, "加密异常"),
USER_EXISTS(2001, "用户已存在"),
USER_NOT_EXISTS(2002, "用户不存在"),
USER_PASSWORD_ERROR(2003, "用户名或密码错误"),

View File

@ -61,7 +61,7 @@ public class AuthServiceImpl implements AuthService {
//保存
User user = new User();
user.setUsername(userParam.getUsername());
user.setPassword(AuthUtil.encryptPassword(userParam.getPassword(), userParam.getUsername()));
user.setPassword(AuthUtil.hash256(userParam.getPassword()));
mongoRepository.save(user);
return createTokenAndDeleteCaptcha(userParam);
}

View File

@ -1,6 +1,9 @@
package com.xiaojusurvey.engine.core.auth.util;
import com.xiaojusurvey.engine.common.constants.RespErrorCode;
import com.xiaojusurvey.engine.common.exception.ServiceException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@ -31,5 +34,29 @@ public class AuthUtil {
}
}
/**
* SHA-256
* @param password
* @return
*/
public static String hash256(String password) {
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(password.getBytes());
// byte 数组转换为十六进制字符串
StringBuilder hexString = new StringBuilder();
for (byte b : hash) {
String hex = Integer.toHexString(0xff & b);
if (hex.length() == 1) {
hexString.append('0');
}
hexString.append(hex);
}
return hexString.toString();
} catch (NoSuchAlgorithmException e) {
throw new ServiceException(RespErrorCode.ENCRYPTION_ERROR.getMessage(), RespErrorCode.ENCRYPTION_ERROR.getCode());
}
}
}

View File

@ -59,7 +59,7 @@ public class JwtTokenUtil {
Date expiryDate = new Date(now.getTime() + expirationTime * HOUR_MILLISECOND);
String token = JWT.create()
.withClaim("username", user.getUsername())
.withClaim("password", user.getPassword())
.withClaim("_id", user.getId())
.withExpiresAt(expiryDate)
.withJWTId(UUID.randomUUID().toString())
.sign(Algorithm.HMAC256(secret));

View File

@ -9,4 +9,6 @@ public interface UserService {
List<User> findAllUser();
User loadUserByUsernameAndPassword(String username, String password);
User getUserById(String userId);
}

View File

@ -35,7 +35,7 @@ public class UserServiceImpl implements UserService {
@Override
public User loadUserByUsernameAndPassword(String username, String password) {
Query query = new Query();
String encryptPassword = AuthUtil.encryptPassword(password, username);
String encryptPassword = AuthUtil.hash256(password);
query.addCriteria(Criteria.where("username").is(username).and("password").is(encryptPassword));
//查询用户并返回
User user = mongoRepository.findOne(query, User.class);
@ -44,4 +44,9 @@ public class UserServiceImpl implements UserService {
}
return user;
}
@Override
public User getUserById(String userId) {
return mongoRepository.findOne(new Query(Criteria.where("_id").is(userId)), User.class);
}
}

View File

@ -17,8 +17,12 @@ import java.util.Map;
public class LoginInterceptor implements HandlerInterceptor {
public static final String USER_NAME = "username";
public static final String USER_ID = "_id";
@Resource
private JwtTokenUtil jwtTokenUtil;
@Resource
private UserService userService;
@ -39,14 +43,19 @@ public class LoginInterceptor implements HandlerInterceptor {
//查询用户信息
Map<String, Claim> claims = jwt.getClaims();
//获取用户名,密码
String username = claims.get("username").asString();
String password = claims.get("password").asString();
String username = null, userId = null;
if (!ObjectUtils.isEmpty(claims.get(USER_NAME))) {
username = claims.get(USER_NAME).asString();
}
if (!ObjectUtils.isEmpty(claims.get(USER_ID))) {
userId = claims.get(USER_ID).asString();
}
//判空
if (ObjectUtils.isEmpty(username) || ObjectUtils.isEmpty(password)) {
if (ObjectUtils.isEmpty(username) || ObjectUtils.isEmpty(userId)) {
//token超时
throw new ServiceException(RespErrorCode.USER_CREDENTIALS_ERROR.getMessage(), RespErrorCode.USER_CREDENTIALS_ERROR.getCode());
}
User user = userService.loadUserByUsernameAndPassword(username, password);
User user = userService.getUserById(userId);
request.setAttribute("user", user);
return HandlerInterceptor.super.preHandle(request, response, handler);
}