From 98f2db21d3b4bf9c887528a0bf109388cf6fe1a3 Mon Sep 17 00:00:00 2001
From: dqjdda <201507802@qq.com>
Date: Sun, 1 Dec 2019 18:12:51 +0800
Subject: [PATCH] =?UTF-8?q?=E5=89=8D=E7=AB=AFrsa=E5=85=AC=E9=92=A5?=
 =?UTF-8?q?=E5=8A=A0=E5=AF=86=E4=BC=A0=E8=BE=93=E7=99=BB=E5=BD=95=E5=AF=86?=
 =?UTF-8?q?=E7=A0=81=EF=BC=8C=E5=90=8E=E7=AB=AFrsa=E7=A7=81=E9=92=A5?=
 =?UTF-8?q?=E8=A7=A3=E5=AF=86=E5=AF=86=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../zhengjie/modules/security/rest/AuthController.java   | 9 ++++++++-
 eladmin-system/src/main/resources/config/application.yml | 6 +++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java
index c2fe7d6c..85a488a8 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java
@@ -1,6 +1,8 @@
 package me.zhengjie.modules.security.rest;
 
 import cn.hutool.core.util.IdUtil;
+import cn.hutool.crypto.asymmetric.KeyType;
+import cn.hutool.crypto.asymmetric.RSA;
 import com.wf.captcha.ArithmeticCaptcha;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -44,6 +46,8 @@ public class AuthController {
 
     @Value("${loginCode.expiration}")
     private Long expiration;
+    @Value("${rsa.private_key}")
+    private String privateKey;
     private final SecurityProperties properties;
     private final RedisUtils redisUtils;
     private final UserDetailsService userDetailsService;
@@ -65,6 +69,9 @@ public class AuthController {
     @AnonymousAccess
     @PostMapping(value = "/login")
     public ResponseEntity login(@Validated @RequestBody AuthUser authUser, HttpServletRequest request){
+        // 密码解密
+        RSA rsa = new RSA(privateKey, null);
+        String password = new String(rsa.decrypt(authUser.getPassword(), KeyType.PrivateKey));
         // 查询验证码
         String code = (String) redisUtils.get(authUser.getUuid());
         // 清除验证码
@@ -76,7 +83,7 @@ public class AuthController {
             throw new BadRequestException("验证码错误");
         }
         UsernamePasswordAuthenticationToken authenticationToken =
-                new UsernamePasswordAuthenticationToken(authUser.getUsername(), authUser.getPassword());
+                new UsernamePasswordAuthenticationToken(authUser.getUsername(), password);
 
         Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
         SecurityContextHolder.getContext().setAuthentication(authentication);
diff --git a/eladmin-system/src/main/resources/config/application.yml b/eladmin-system/src/main/resources/config/application.yml
index 6ebf8549..cf7bf659 100644
--- a/eladmin-system/src/main/resources/config/application.yml
+++ b/eladmin-system/src/main/resources/config/application.yml
@@ -51,4 +51,8 @@ code:
 
 #登录图形验证码有效时间/分钟
 loginCode:
-  expiration: 2
\ No newline at end of file
+  expiration: 2
+
+#密码加密传输，前端公钥加密，后端私钥解密
+rsa:
+  private_key: MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEA0vfvyTdGJkdbHkB8mp0f3FE0GYP3AYPaJF7jUd1M0XxFSE2ceK3k2kw20YvQ09NJKk+OMjWQl9WitG9pB6tSCQIDAQABAkA2SimBrWC2/wvauBuYqjCFwLvYiRYqZKThUS3MZlebXJiLB+Ue/gUifAAKIg1avttUZsHBHrop4qfJCwAI0+YRAiEA+W3NK/RaXtnRqmoUUkb59zsZUBLpvZgQPfj1MhyHDz0CIQDYhsAhPJ3mgS64NbUZmGWuuNKp5coY2GIj/zYDMJp6vQIgUueLFXv/eZ1ekgz2Oi67MNCk5jeTF2BurZqNLR3MSmUCIFT3Q6uHMtsB9Eha4u7hS31tj1UWE+D+ADzp59MGnoftAiBeHT7gDMuqeJHPL4b+kC+gzV4FGTfhR9q3tTbklZkD2A==
\ No newline at end of file