登录加密方式优化

controllers/user_login.go

@@ -256,6 +256,7 @@ func (this *UserLoginController) Login() {
 		Mobile     string `description:"手机号"`
 		Email      string `description:"邮箱"`
 		VerifyCode string `description:"验证码"`
+		ReqTime    string `description:"登录时间戳"`
 	}
 	var req UserLoginReq
 	err := json.Unmarshal(this.Ctx.Input.RequestBody, &req)
@@ -307,38 +308,55 @@ func (this *UserLoginController) Login() {
 			return
 		}
 
-		// 账号密码校验
+		// 查询账号信息
 		errPassKey := fmt.Sprint(utils.CACHE_LOGIN_ERR_PASS, req.Username)
-		accountUser, e := system.CheckSysUser(req.Username, req.Password)
+		accountUser, e := system.GetSysUserByAdminName(req.Username)
 		if e != nil {
 			br.Ret = models.BaseRespCodeLoginErr
-			if e.Error() == utils.ErrNoRow() {
-				br.Msg = "登录失败, 账号或密码错误"
-				if isAbnormal != "" {
-					return
-				}
-				// 错误密码计数, 超过6次标记异常
-				if !utils.Rc.IsExist(errPassKey) {
-					_ = utils.Rc.Put(errPassKey, 1, utils.GetTodayLastSecond())
-					return
-				}
-				errNum, _ := utils.Rc.RedisInt(errPassKey)
-				errNum += 1
-				if errNum >= 6 {
-					br.Ret = models.BaseRespCodeAbnormalLogin
-					br.Msg = "账号异常, 请进行手机号/邮箱校验"
-					// 标记异常登录, 重置计数
-					_ = utils.Rc.Put(abnormalKey, "true", utils.GetTodayLastSecond())
-					_ = utils.Rc.Delete(errPassKey)
-					return
-				}
+			br.Msg = "登录失败, 账号或密码错误"
+			// 账号查询异常均进行标记, 避免一直尝试进行登录
+			if !utils.Rc.IsExist(errPassKey) {
+				_ = utils.Rc.Put(errPassKey, 1, utils.GetTodayLastSecond())
+				return
+			}
+			errNum, _ := utils.Rc.RedisInt(errPassKey)
+			errNum += 1
+			if errNum < 6 {
 				_ = utils.Rc.Put(errPassKey, errNum, utils.GetTodayLastSecond())
 				return
 			}
+			// 标记异常登录, 重置计数
+			br.Ret = models.BaseRespCodeAbnormalLogin
+			br.Msg = "账号异常, 请进行手机号/邮箱校验"
+			_ = utils.Rc.Put(abnormalKey, "true", utils.GetTodayLastSecond())
+			_ = utils.Rc.Delete(errPassKey)
+			return
+		}
+
+		// 账号密码校验
+		dbPass := utils.MD5(fmt.Sprintf("%s%s%s", accountUser.Password, utils.UserLoginSalt, req.ReqTime))
+		if req.Password != dbPass {
+			br.Ret = models.BaseRespCodeLoginErr
 			br.Msg = "登录失败, 账号或密码错误"
-			br.ErrMsg = "登录失败, Err:" + e.Error()
+			// 错误密码计数, 超过6次标记异常
+			if !utils.Rc.IsExist(errPassKey) {
+				_ = utils.Rc.Put(errPassKey, 1, utils.GetTodayLastSecond())
+				return
+			}
+			errNum, _ := utils.Rc.RedisInt(errPassKey)
+			errNum += 1
+			if errNum < 6 {
+				_ = utils.Rc.Put(errPassKey, errNum, utils.GetTodayLastSecond())
+				return
+			}
+			// 标记异常登录, 重置计数
+			br.Ret = models.BaseRespCodeAbnormalLogin
+			br.Msg = "账号异常, 请进行手机号/邮箱校验"
+			_ = utils.Rc.Put(abnormalKey, "true", utils.GetTodayLastSecond())
+			_ = utils.Rc.Delete(errPassKey)
 			return
 		}
+
 		if accountUser.Enabled == 0 {
 			br.Msg = "您的账号已被禁用, 如需登录, 请联系管理员"
 			br.ErrMsg = fmt.Sprintf("账号已被禁用, 登录账号: %s, 账户名称: %s", accountUser.AdminName, accountUser.RealName)

utils/constants.go

@@ -383,3 +383,7 @@ const (
 	DATA_SUB_SOURCE_EDB  = iota //经济数据库
 	DATA_SUB_SOURCE_DATE        //日期序列
 )
+
+const (
+	UserLoginSalt = "MiQM9yusNA9T2uIH" // 用户登录盐值
+)