Merge remote-tracking branch 'origin/master'

controllers/base_auth.go

@@ -302,6 +302,8 @@ func (c *BaseAuthController) ServeJSON(encoding ...bool) {
 
 func (c *BaseAuthController) JSON(data interface{}, hasIndent bool, coding bool) error {
 	c.Ctx.Output.Header("Content-Type", "application/json; charset=utf-8")
+	desEncrypt := utils.DesBase64Encrypt([]byte(utils.DesKey), utils.DesKeySalt)
+	c.Ctx.Output.Header("Dk", string(desEncrypt)) // des3加解密key
 	var content []byte
 	var err error
 	if hasIndent {
@@ -324,7 +326,7 @@ func (c *BaseAuthController) JSON(data interface{}, hasIndent bool, coding bool)
 	c.logUri(content, requestBody, ip)
 	// 如果不是debug分支的话，那么需要加密返回
 	if utils.RunMode != "debug" {
-		content = utils.DesBase64Encrypt(content)
+		content = utils.DesBase64Encrypt(content, utils.DesKey)
 		// get请求时，不加双引号就获取不到数据，不知道什么原因，所以还是在前后加上双引号吧
 		content = []byte(`"` + string(content) + `"`)
 	}

controllers/base_common.go

@@ -85,6 +85,8 @@ func (c *BaseCommonController) ServeJSON(encoding ...bool) {
 
 func (c *BaseCommonController) JSON(data interface{}, hasIndent bool, coding bool) error {
 	c.Ctx.Output.Header("Content-Type", "application/json; charset=utf-8")
+	desEncrypt := utils.DesBase64Encrypt([]byte(utils.DesKey), utils.DesKeySalt)
+	c.Ctx.Output.Header("Dk", string(desEncrypt)) // des3加解密key
 	var content []byte
 	var err error
 	if hasIndent {
@@ -104,7 +106,7 @@ func (c *BaseCommonController) JSON(data interface{}, hasIndent bool, coding boo
 	c.logUri(content, requestBody, ip)
 	// 如果不是debug分支的话，那么需要加密返回
 	if utils.RunMode != "debug" {
-		content = utils.DesBase64Encrypt(content)
+		content = utils.DesBase64Encrypt(content, utils.DesKey)
 		// get请求时，不加双引号就获取不到数据，不知道什么原因，所以还是在前后加上双引号吧
 		content = []byte(`"` + string(content) + `"`)
 	}

controllers/user_login.go

@@ -242,7 +242,7 @@ func (this *UserLoginController) GetVerifyCode() {
 func (this *UserLoginController) Login() {
 	br := new(models.BaseResponse).Init()
 	defer func() {
-		if br.ErrMsg != "" {
+		if br.ErrMsg == "" {
 			br.IsSendEmail = false
 		}
 		this.Data["json"] = br
@@ -257,6 +257,7 @@ func (this *UserLoginController) Login() {
 		Mobile     string `description:"手机号"`
 		Email      string `description:"邮箱"`
 		VerifyCode string `description:"验证码"`
+		ReqTime    string `description:"登录时间戳"`
 	}
 	var req UserLoginReq
 	err := json.Unmarshal(this.Ctx.Input.RequestBody, &req)
@@ -308,38 +309,55 @@ func (this *UserLoginController) Login() {
 			return
 		}
 
-		// 账号密码校验
+		// 查询账号信息
 		errPassKey := fmt.Sprint(utils.CACHE_LOGIN_ERR_PASS, req.Username)
-		accountUser, e := system.CheckSysUser(req.Username, req.Password)
+		accountUser, e := system.GetSysUserByAdminName(req.Username)
 		if e != nil {
 			br.Ret = models.BaseRespCodeLoginErr
-			if e.Error() == utils.ErrNoRow() {
-				br.Msg = "登录失败, 账号或密码错误"
-				if isAbnormal != "" {
-					return
-				}
-				// 错误密码计数, 超过6次标记异常
-				if !utils.Rc.IsExist(errPassKey) {
-					_ = utils.Rc.Put(errPassKey, 1, utils.GetTodayLastSecond())
-					return
-				}
-				errNum, _ := utils.Rc.RedisInt(errPassKey)
-				errNum += 1
-				if errNum >= 6 {
-					br.Ret = models.BaseRespCodeAbnormalLogin
-					br.Msg = "账号异常, 请进行手机号/邮箱校验"
-					// 标记异常登录, 重置计数
-					_ = utils.Rc.Put(abnormalKey, "true", utils.GetTodayLastSecond())
-					_ = utils.Rc.Delete(errPassKey)
-					return
-				}
+			br.Msg = "登录失败, 账号或密码错误"
+			// 账号查询异常均进行标记, 避免一直尝试进行登录
+			if !utils.Rc.IsExist(errPassKey) {
+				_ = utils.Rc.Put(errPassKey, 1, utils.GetTodayLastSecond())
+				return
+			}
+			errNum, _ := utils.Rc.RedisInt(errPassKey)
+			errNum += 1
+			if errNum < 6 {
 				_ = utils.Rc.Put(errPassKey, errNum, utils.GetTodayLastSecond())
 				return
 			}
+			// 标记异常登录, 重置计数
+			br.Ret = models.BaseRespCodeAbnormalLogin
+			br.Msg = "账号异常, 请进行手机号/邮箱校验"
+			_ = utils.Rc.Put(abnormalKey, "true", utils.GetTodayLastSecond())
+			_ = utils.Rc.Delete(errPassKey)
+			return
+		}
+
+		// 账号密码校验
+		dbPass := utils.MD5(fmt.Sprintf("%s%s%s", accountUser.Password, utils.UserLoginSalt, req.ReqTime))
+		if req.Password != dbPass {
+			br.Ret = models.BaseRespCodeLoginErr
 			br.Msg = "登录失败, 账号或密码错误"
-			br.ErrMsg = "登录失败, Err:" + e.Error()
+			// 错误密码计数, 超过6次标记异常
+			if !utils.Rc.IsExist(errPassKey) {
+				_ = utils.Rc.Put(errPassKey, 1, utils.GetTodayLastSecond())
+				return
+			}
+			errNum, _ := utils.Rc.RedisInt(errPassKey)
+			errNum += 1
+			if errNum < 6 {
+				_ = utils.Rc.Put(errPassKey, errNum, utils.GetTodayLastSecond())
+				return
+			}
+			// 标记异常登录, 重置计数
+			br.Ret = models.BaseRespCodeAbnormalLogin
+			br.Msg = "账号异常, 请进行手机号/邮箱校验"
+			_ = utils.Rc.Put(abnormalKey, "true", utils.GetTodayLastSecond())
+			_ = utils.Rc.Delete(errPassKey)
 			return
 		}
+
 		if accountUser.Enabled == 0 {
 			br.Msg = "您的账号已被禁用, 如需登录, 请联系管理员"
 			br.ErrMsg = fmt.Sprintf("账号已被禁用, 登录账号: %s, 账户名称: %s", accountUser.AdminName, accountUser.RealName)

utils/constants.go

@@ -359,4 +359,9 @@ const (
 
 const (
 	WindDbWsd = "wsd"
-)
+)
+
+const (
+	UserLoginSalt = "MiQM9yusNA9T2uIH"         // 用户登录盐值
+	DesKeySalt    = "JMCqSoUrTAmyNNIRb0TtlrPk" // DesKey盐值
+)

utils/des3.go

@@ -12,8 +12,8 @@ import (
 )
 
 // des3 + base64 encrypt
-func DesBase64Encrypt(origData []byte) []byte {
-	result, err := TripleDesEncrypt(origData, []byte(DesKey))
+func DesBase64Encrypt(origData []byte, desKey string) []byte {
+	result, err := TripleDesEncrypt(origData, []byte(desKey))
 	if err != nil {
 		panic(any(err))
 	}