From c568756d16544e5c78ce07fdd17198f1d83fea6d Mon Sep 17 00:00:00 2001 From: lealife Date: Mon, 7 Sep 2015 15:39:46 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BD=BF=E7=94=A8Crypto=E5=8A=A0=E5=AF=86,=20?= =?UTF-8?q?=E6=89=BE=E5=9B=9E=E5=AF=86=E7=A0=81,=20=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/AuthController.go | 2 +- app/lea/Pwd.go | 22 ++++++++ app/service/AuthService.go | 90 ++++++++++++++----------------- app/service/UserService.go | 17 ++++-- 4 files changed, 78 insertions(+), 53 deletions(-) create mode 100644 app/lea/Pwd.go diff --git a/app/controllers/AuthController.go b/app/controllers/AuthController.go index de52dc8..b3dd23c 100644 --- a/app/controllers/AuthController.go +++ b/app/controllers/AuthController.go @@ -40,7 +40,7 @@ func (c Auth) Login(email, from string) revel.Result { func (c Auth) doLogin(email, pwd string) revel.Result { sessionId := c.Session.Id() var msg = "" - + userInfo, err := authService.Login(email, pwd) if err != nil { // 登录错误, 则错误次数++ diff --git a/app/lea/Pwd.go b/app/lea/Pwd.go new file mode 100644 index 0000000..290e343 --- /dev/null +++ b/app/lea/Pwd.go @@ -0,0 +1,22 @@ +package lea + +// 对比密码是否一致 +// 因为之前密码是用md5加密的, 所以通过密码长度来判断 +// rawPwd 原始, 用户输入的密码 +func ComparePwd(rawPwd, dbPwd string) bool { + if len(dbPwd) == 32 { + return Md5(rawPwd) == dbPwd + } + + hex := []byte(dbPwd) + return CompareHash(hex, rawPwd) +} + +// 加密 +func GenPwd(rawPwd string) string { + digest, err := GenerateHash(rawPwd) + if err != nil { + return "" + } + return string(digest) +} \ No newline at end of file diff --git a/app/service/AuthService.go b/app/service/AuthService.go index c12d5f0..ec1f8f5 100644 --- a/app/service/AuthService.go +++ b/app/service/AuthService.go @@ -2,36 +2,30 @@ package service import ( "gopkg.in/mgo.v2/bson" -// "github.com/leanote/leanote/app/db" + // "github.com/leanote/leanote/app/db" "github.com/leanote/leanote/app/info" -// "github.com/revel/revel" - "strings" - . "github.com/leanote/leanote/app/lea" - "fmt" - "strconv" + // "github.com/revel/revel" "errors" + "fmt" + . "github.com/leanote/leanote/app/lea" + "strconv" + "strings" ) -// 登录与权限 +// 登录与权限 Login & Register type AuthService struct { } // 使用bcrypt认证或者Md5认证 +// Use bcrypt (Md5 depreciated) func (this *AuthService) Login(emailOrUsername, pwd string) (info.User, error) { emailOrUsername = strings.Trim(emailOrUsername, " ") - // pwd = strings.Trim(pwd, " ") + // pwd = strings.Trim(pwd, " ") userInfo := userService.GetUserInfoByName(emailOrUsername) - passwd := userInfo.Pwd - if len(passwd) == 32 && Md5(pwd) != passwd { - return userInfo, errors.New("wrong username or password") - } - if len(passwd) > 32 { - hex := []byte(passwd) - if !CompareHash(hex, pwd) { - return userInfo, errors.New("wrong username or password") - } - } + if userInfo.UserId == "" || !ComparePwd(pwd, userInfo.Pwd) { + return userInfo, errors.New("wrong username or password") + } return userInfo, nil } @@ -51,76 +45,74 @@ func (this *AuthService) Register(email, pwd, fromUserId string) (bool, string) if userService.IsExistsUser(email) { return false, "userHasBeenRegistered-" + email } - digest, err := GenerateHash(pwd) - if err != nil { - return false,"GenerateHash error" + passwd := GenPwd(pwd) + if passwd == "" { + return false, "GenerateHash error" } - passwd := string(digest) user := info.User{UserId: bson.NewObjectId(), Email: email, Username: email, Pwd: passwd} if fromUserId != "" && IsObjectId(fromUserId) { user.FromUserId = bson.ObjectIdHex(fromUserId) } - LogJ(user) return this.register(user) } func (this *AuthService) register(user info.User) (bool, string) { if userService.AddUser(user) { // 添加笔记本, 生活, 学习, 工作 - userId := user.UserId.Hex(); + userId := user.UserId.Hex() notebook := info.Notebook{ - Seq: -1, + Seq: -1, UserId: user.UserId} title2Id := map[string]bson.ObjectId{"life": bson.NewObjectId(), "study": bson.NewObjectId(), "work": bson.NewObjectId()} for title, objectId := range title2Id { notebook.Title = title notebook.NotebookId = objectId notebook.UserId = user.UserId - notebookService.AddNotebook(notebook); + notebookService.AddNotebook(notebook) } - + // 添加leanote -> 该用户的共享 registerSharedUserId := configService.GetGlobalStringConfig("registerSharedUserId") - if(registerSharedUserId != "") { + if registerSharedUserId != "" { registerSharedNotebooks := configService.GetGlobalArrMapConfig("registerSharedNotebooks") registerSharedNotes := configService.GetGlobalArrMapConfig("registerSharedNotes") registerCopyNoteIds := configService.GetGlobalArrayConfig("registerCopyNoteIds") - + // 添加共享笔记本 for _, notebook := range registerSharedNotebooks { perm, _ := strconv.Atoi(notebook["perm"]) - shareService.AddShareNotebookToUserId(notebook["notebookId"], perm, registerSharedUserId, userId); + shareService.AddShareNotebookToUserId(notebook["notebookId"], perm, registerSharedUserId, userId) } - + // 添加共享笔记 for _, note := range registerSharedNotes { perm, _ := strconv.Atoi(note["perm"]) - shareService.AddShareNoteToUserId(note["noteId"], perm, registerSharedUserId, userId); + shareService.AddShareNoteToUserId(note["noteId"], perm, registerSharedUserId, userId) } - + // 复制笔记 for _, noteId := range registerCopyNoteIds { - note := noteService.CopySharedNote(noteId, title2Id["life"].Hex(), registerSharedUserId, user.UserId.Hex()); -// Log(noteId) -// Log("Copy") -// LogJ(note) + note := noteService.CopySharedNote(noteId, title2Id["life"].Hex(), registerSharedUserId, user.UserId.Hex()) + // Log(noteId) + // Log("Copy") + // LogJ(note) noteUpdate := bson.M{"IsBlog": false} // 不要是博客 noteService.UpdateNote(user.UserId.Hex(), note.NoteId.Hex(), noteUpdate, -1) } } - + //--------------- // 添加一条userBlog - blogService.UpdateUserBlog(info.UserBlog{UserId: user.UserId, - Title: user.Username + " 's Blog", - SubTitle: "Love Leanote!", - AboutMe: "Hello, I am (^_^)", + blogService.UpdateUserBlog(info.UserBlog{UserId: user.UserId, + Title: user.Username + " 's Blog", + SubTitle: "Love Leanote!", + AboutMe: "Hello, I am (^_^)", CanComment: true, - }) + }) // 添加一个单页面 blogService.AddOrUpdateSingle(user.UserId.Hex(), "", "About Me", "Hello, I am (^_^)") } - + return true, "" } @@ -131,7 +123,7 @@ func (this *AuthService) register(user info.User) (bool, string) { func (this *AuthService) getUsername(thirdType, thirdUsername string) (username string) { username = thirdType + "-" + thirdUsername i := 1 - for ;; { + for { if !userService.IsExistsUserByUsername(username) { return } @@ -147,11 +139,11 @@ func (this *AuthService) ThirdRegister(thirdType, thirdUserId, thirdUsername str } username := this.getUsername(thirdType, thirdUsername) - userInfo = info.User{UserId: bson.NewObjectId(), - Username: username, - ThirdUserId: thirdUserId, + userInfo = info.User{UserId: bson.NewObjectId(), + Username: username, + ThirdUserId: thirdUserId, ThirdUsername: thirdUsername, - } + } _, _ = this.register(userInfo) return } diff --git a/app/service/UserService.go b/app/service/UserService.go index 0b2e757..1bf5349 100644 --- a/app/service/UserService.go +++ b/app/service/UserService.go @@ -295,10 +295,16 @@ func (this *UserService) UpdateAvatar(userId, avatarPath string) (bool) { // 已经登录了的用户修改密码 func (this *UserService) UpdatePwd(userId, oldPwd, pwd string) (bool, string) { userInfo := this.GetUserInfo(userId) - if userInfo.Pwd != Md5(oldPwd) { + if !ComparePwd(oldPwd, userInfo.Pwd) { return false, "oldPasswordError" } - ok := db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", Md5(pwd)) + + passwd := GenPwd(pwd) + if passwd == "" { + return false, "GenerateHash error" + } + + ok := db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", passwd) return ok, "" } @@ -307,7 +313,12 @@ func (this *UserService) ResetPwd(adminUserId, userId, pwd string) (ok bool, msg if configService.GetAdminUserId() != adminUserId { return } - ok = db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", Md5(pwd)) + + passwd := GenPwd(pwd) + if passwd == "" { + return false, "GenerateHash error" + } + ok = db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", passwd) return }