秘钥信息写入到命令行

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/config/ElePropertyConfig.java

@@ -96,6 +96,10 @@ public class ElePropertyConfig {
     @Value("${file.enc.passwd}")
     private String fileEncPasswd;
 
+    @Getter
+    @Value("${login.enc.passwd}")
+    private String loginEncPasswd;
+
     public String getAiFileUploadStoreDir() {
         if (EleCommonUtil.isWinOs()) {
             return FileUtil.normalize(winPrefix + File.separator + aiFileUploadStoreDir);

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/config/LoginInterceptor.java

@@ -145,7 +145,7 @@ public class LoginInterceptor implements HandlerInterceptor {
             response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
             return false;
         } else {
-            Claims claims = TokenUtil.getLoginInfo(token);
+            Claims claims = TokenUtil.getLoginInfo(token, elePropertyConfig.getLoginEncPasswd());
             if (claims == null) {
                 log.error("User info is missing, uri is --->{}", uri);
                 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/UserServiceImpl.java

@@ -16,6 +16,7 @@ import com.electromagnetic.industry.software.common.exception.BizException;
 import com.electromagnetic.industry.software.common.pojo.UserLoginInfo;
 import com.electromagnetic.industry.software.common.resp.ElectromagneticResult;
 import com.electromagnetic.industry.software.common.util.*;
+import com.electromagnetic.industry.software.manage.config.ElePropertyConfig;
 import com.electromagnetic.industry.software.manage.mapper.RoleMapper;
 import com.electromagnetic.industry.software.manage.mapper.TokenMapper;
 import com.electromagnetic.industry.software.manage.mapper.UserMapper;
@@ -58,6 +59,8 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
     private RoleMapper roleMapper;
     @Resource
     private EdFileFavoriteService edFileFavoriteService;
+    @Resource
+    private ElePropertyConfig elePropertyConfig;
 
     /**
      * 用户登录
@@ -68,7 +71,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
     @Override
     public ElectromagneticResult<?> login(UserLoginRequest loginRequest) {
         UserLoginInfo info = UserMappers.INSTANCE.getUserLoginRequestToModel(loginRequest);
-        String decodePwd = AESUtils.decrypt(info.getUserPwd(), UserConstants.SECRET_KEY);
+        String decodePwd = AESUtils.decrypt(info.getUserPwd(), elePropertyConfig.getLoginEncPasswd());
         LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();
         queryWrapper.eq(User::getWorkNumber, info.getWorkNumber())
                 .eq(User::getEffectFlag, EffectFlagEnum.EFFECT.code);
@@ -120,7 +123,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
                 .addClaims(claims)
                 .setId(UUID.randomUUID().toString())
                 .setIssuedAt(DateTime.now())
-                .signWith(SignatureAlgorithm.HS512, UserConstants.SECRET_KEY)
+                .signWith(SignatureAlgorithm.HS512, elePropertyConfig.getLoginEncPasswd())
                 .compact();
     }
 
@@ -323,7 +326,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
     public ElectromagneticResult<?> changePassword(String userId, String newPassword) {
         User user = this.getById(userId);
         Assert.notNull(user, StrFormatter.format("用户ID {} 无效", userId));
-        String decodeNewPwd = AESUtils.decrypt(newPassword, UserConstants.SECRET_KEY);
+        String decodeNewPwd = AESUtils.decrypt(newPassword, elePropertyConfig.getLoginEncPasswd());
 
         Assert.isTrue(!decodeNewPwd.contains(user.getUserAccount()), "密码最小长度为8，必须至少包含一个大写字母、一个小写字母、一个特殊字符、数字、不可包含账号");
         Assert.isTrue(EleCommonUtil.isPwdValid(decodeNewPwd), "密码最小长度为8，必须至少包含一个大写字母、一个小写字母、一个特殊字符、数字、不可包含账号");
@@ -418,7 +421,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
         Assert.notNull(user, StrFormatter.format("用户不存在，ID为 {}", userId));
 
         // 解密并验证密码
-        String decodeOldPwd = AESUtils.decrypt(oldInputPassword, UserConstants.SECRET_KEY);
+        String decodeOldPwd = AESUtils.decrypt(oldInputPassword, elePropertyConfig.getLoginEncPasswd());
         Boolean isValid = matchPassword(user, decodeOldPwd);
         UserThreadLocal.setSuccessInfo("", "", "校验原始密码，当前密码与原始密码匹配结果 {}", isValid ? "通过" : "不通过");
         return ElectromagneticResultUtil.success(isValid);

electrmangnetic/src/main/resources/application.properties

@@ -63,4 +63,5 @@ backup.remote.port=1111
 backup.mysql.path=/workspace/mysqlbak/test
 backup.mysql.script.path=/workspace/mysqlbak/back_dev.sh
 
-file.enc.passwd=123456
+file.enc.passwd=123456
+login.enc.passwd=123456

electromagnetic-common/src/main/java/com/electromagnetic/industry/software/common/cons/UserConstants.java

@@ -22,11 +22,6 @@ public interface UserConstants {
      */
     long DEFAULT_EXPIRE_TIME = 7 * 24 * 60 * 60 * 1000;
 
-    /**
-     * 令牌密钥
-     */
-    String SECRET_KEY = "5JKRGV0QO4WK1WCWVK55YEU0A1NPOXOP";
-
     /**
      * 令牌前缀
      */

electromagnetic-common/src/main/java/com/electromagnetic/industry/software/common/util/TokenUtil.java

@@ -12,9 +12,9 @@ public class TokenUtil {
      * @param token
      * @return
      */
-    public static Claims getLoginInfo(String token) {
+    public static Claims getLoginInfo(String token, String loginEncode) {
         return Jwts.parser()
-                .setSigningKey(UserConstants.SECRET_KEY)
+                .setSigningKey(loginEncode)
                 .parseClaimsJws(token)
                 .getBody();
     }