From 6d43da7941e8e764baa2700d92c2241fbdcbad75 Mon Sep 17 00:00:00 2001
From: liujiangyong <liu.jiangyong@free-sun.com.cn>
Date: Mon, 30 Oct 2023 14:43:10 +0800
Subject: [PATCH] =?UTF-8?q?(*)=20=E5=AF=86=E7=A0=81=E4=BC=A0=E8=BE=93?=
 =?UTF-8?q?=E5=8A=A0=E5=AF=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/app/lib/controllers/auth/index.js            | 6 ++++--
 api/app/lib/controllers/member/index.js          | 8 ++++++--
 web/client/src/layout/components/header/index.js | 8 +++++++-
 web/client/src/sections/auth/containers/login.js | 4 +++-
 4 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/api/app/lib/controllers/auth/index.js b/api/app/lib/controllers/auth/index.js
index c8959a3..03d418c 100644
--- a/api/app/lib/controllers/auth/index.js
+++ b/api/app/lib/controllers/auth/index.js
@@ -2,6 +2,7 @@
 const Hex = require('crypto-js/enc-hex');
 const SHA1 = require('crypto-js/sha1');
 const MD5 = require('crypto-js/md5');
+const CryptoJS = require('crypto-js');
 const moment = require('moment');
 const uuid = require('uuid');
 
@@ -11,10 +12,11 @@ async function login (ctx, next) {
         const models = ctx.fs.dc.models;
         const params = ctx.request.body;
 
-
         let userRes = null
         if (params.username && params.password) {
-            const password = Hex.stringify(MD5(params.password));
+            const secretKey = 'freesun';
+            const decryptedPassword = CryptoJS.AES.decrypt(params.password, secretKey).toString(CryptoJS.enc.Utf8);
+            const password = Hex.stringify(MD5(decryptedPassword));
             userRes = await models.User.findOne({
                 attributes: { exclude: ['password'] },
                 where: {
diff --git a/api/app/lib/controllers/member/index.js b/api/app/lib/controllers/member/index.js
index ed65497..2b0a2af 100644
--- a/api/app/lib/controllers/member/index.js
+++ b/api/app/lib/controllers/member/index.js
@@ -1,6 +1,7 @@
 'use strict';
 const Hex = require('crypto-js/enc-hex');
 const MD5 = require('crypto-js/md5');
+const CryptoJS = require('crypto-js');
 
 function getUserList(opts) {
     return async function (ctx, next) {
@@ -83,14 +84,17 @@ function editUser(opts) {
             const { id } = ctx.params;
             const body = ctx.request.body;
             if (body.oldpassword) {
-                const password = Hex.stringify(MD5(body.oldpassword));
+                const secretKey = 'freesun';
+                const decryptedOldPassword = CryptoJS.AES.decrypt(body.oldpassword, secretKey).toString(CryptoJS.enc.Utf8);
+                const decryptedPassword = CryptoJS.AES.decrypt(body.password, secretKey).toString(CryptoJS.enc.Utf8);
+                const password = Hex.stringify(MD5(decryptedOldPassword));
                 const checkPwd = await models.User.findOne({ where: { id: id, password } });
                 if (!checkPwd) {
                     ctx.status = 400;
                     ctx.body = { message: '旧密码错误' }
                 } else {
                     await models.User.update(
-                        { password: Hex.stringify(MD5(body.password)) },
+                        { password: Hex.stringify(MD5(decryptedPassword)) },
                         { where: { id: id, } }
                     )
                     ctx.status = 204;
diff --git a/web/client/src/layout/components/header/index.js b/web/client/src/layout/components/header/index.js
index 076e3b9..c06021e 100644
--- a/web/client/src/layout/components/header/index.js
+++ b/web/client/src/layout/components/header/index.js
@@ -3,6 +3,7 @@ import React from 'react';
 import { Menu } from 'antd';
 import { Link } from 'react-router-dom';
 import { connect } from 'react-redux';
+import CryptoJS from 'crypto-js';
 import styles from './style.css';
 import {
     MenuFoldOutlined, MenuUnfoldOutlined, UserOutlined, LogoutOutlined
@@ -12,7 +13,12 @@ const Header = props => {
     const { dispatch, history, user, pathname, toggleCollapsed, collapsed, actions } = props
 
     const onFinish = async (values) => {
-        const dataToSave = { ...values }
+        const secretKey = "freesun";
+        const dataToSave = {
+            ...values,
+            oldpassword: CryptoJS.AES.encrypt(values.oldpassword, secretKey).toString(),
+            password: CryptoJS.AES.encrypt(values.password, secretKey).toString(),
+        }
         return dispatch(
             actions.memberManagement.modifyUser(user.id, dataToSave, values?.msg || ''),
         ).then((res) => {
diff --git a/web/client/src/sections/auth/containers/login.js b/web/client/src/sections/auth/containers/login.js
index e1cabcb..e6ae3ab 100644
--- a/web/client/src/sections/auth/containers/login.js
+++ b/web/client/src/sections/auth/containers/login.js
@@ -4,6 +4,7 @@ import { connect } from 'react-redux';
 import { push } from 'react-router-redux';
 import SHA1 from 'crypto-js/sha1';
 import Hex from 'crypto-js/enc-hex';
+import CryptoJS from 'crypto-js';
 import { ApiTable } from '$utils'
 import { Request } from '@peace/utils'
 import { Button, Input, Form, Row, Col, message, Tabs } from 'antd';
@@ -72,7 +73,8 @@ const Login = props => {
                     payload: { error: '请输入账号名和密码' }
                 });
             setInputChanged(false)
-            dispatch(login({ username, password }));
+            const secretKey = "freesun";
+            dispatch(login({ username, password: CryptoJS.AES.encrypt(password, secretKey).toString() }));
         } else {
             if (!phone || !code)
                 dispatch({