(*) 密码传输加密

api/app/lib/controllers/auth/index.js

@@ -2,6 +2,7 @@
 const Hex = require('crypto-js/enc-hex');
 const SHA1 = require('crypto-js/sha1');
 const MD5 = require('crypto-js/md5');
+const CryptoJS = require('crypto-js');
 const moment = require('moment');
 const uuid = require('uuid');
 
@@ -11,10 +12,11 @@ async function login (ctx, next) {
         const models = ctx.fs.dc.models;
         const params = ctx.request.body;
 
-
         let userRes = null
         if (params.username && params.password) {
-            const password = Hex.stringify(MD5(params.password));
+            const secretKey = 'freesun';
+            const decryptedPassword = CryptoJS.AES.decrypt(params.password, secretKey).toString(CryptoJS.enc.Utf8);
+            const password = Hex.stringify(MD5(decryptedPassword));
             userRes = await models.User.findOne({
                 attributes: { exclude: ['password'] },
                 where: {

api/app/lib/controllers/member/index.js

@@ -1,6 +1,7 @@
 'use strict';
 const Hex = require('crypto-js/enc-hex');
 const MD5 = require('crypto-js/md5');
+const CryptoJS = require('crypto-js');
 
 function getUserList(opts) {
     return async function (ctx, next) {
@@ -83,14 +84,17 @@ function editUser(opts) {
             const { id } = ctx.params;
             const body = ctx.request.body;
             if (body.oldpassword) {
-                const password = Hex.stringify(MD5(body.oldpassword));
+                const secretKey = 'freesun';
+                const decryptedOldPassword = CryptoJS.AES.decrypt(body.oldpassword, secretKey).toString(CryptoJS.enc.Utf8);
+                const decryptedPassword = CryptoJS.AES.decrypt(body.password, secretKey).toString(CryptoJS.enc.Utf8);
+                const password = Hex.stringify(MD5(decryptedOldPassword));
                 const checkPwd = await models.User.findOne({ where: { id: id, password } });
                 if (!checkPwd) {
                     ctx.status = 400;
                     ctx.body = { message: '旧密码错误' }
                 } else {
                     await models.User.update(
-                        { password: Hex.stringify(MD5(body.password)) },
+                        { password: Hex.stringify(MD5(decryptedPassword)) },
                         { where: { id: id, } }
                     )
                     ctx.status = 204;

web/client/src/layout/components/header/index.js

@@ -3,6 +3,7 @@ import React from 'react';
 import { Menu } from 'antd';
 import { Link } from 'react-router-dom';
 import { connect } from 'react-redux';
+import CryptoJS from 'crypto-js';
 import styles from './style.css';
 import {
     MenuFoldOutlined, MenuUnfoldOutlined, UserOutlined, LogoutOutlined
@@ -12,7 +13,12 @@ const Header = props => {
     const { dispatch, history, user, pathname, toggleCollapsed, collapsed, actions } = props
 
     const onFinish = async (values) => {
-        const dataToSave = { ...values }
+        const secretKey = "freesun";
+        const dataToSave = {
+            ...values,
+            oldpassword: CryptoJS.AES.encrypt(values.oldpassword, secretKey).toString(),
+            password: CryptoJS.AES.encrypt(values.password, secretKey).toString(),
+        }
         return dispatch(
             actions.memberManagement.modifyUser(user.id, dataToSave, values?.msg || ''),
         ).then((res) => {

web/client/src/sections/auth/containers/login.js

@@ -4,6 +4,7 @@ import { connect } from 'react-redux';
 import { push } from 'react-router-redux';
 import SHA1 from 'crypto-js/sha1';
 import Hex from 'crypto-js/enc-hex';
+import CryptoJS from 'crypto-js';
 import { ApiTable } from '$utils'
 import { Request } from '@peace/utils'
 import { Button, Input, Form, Row, Col, message, Tabs } from 'antd';
@@ -72,7 +73,8 @@ const Login = props => {
                     payload: { error: '请输入账号名和密码' }
                 });
             setInputChanged(false)
-            dispatch(login({ username, password }));
+            const secretKey = "freesun";
+            dispatch(login({ username, password: CryptoJS.AES.encrypt(password, secretKey).toString() }));
         } else {
             if (!phone || !code)
                 dispatch({