canglan
4193a1a153
- 密码哈希从 MD5+SHA1 升级为 bcrypt - 删除 super_admins/users 表中的 salt 字段 - 删除旧版升级文件(upgrade.php, check_upgrade, execute_upgrade, sql/upgrades/) - 删除 PASSWORD_SALT 配置项 - 清理所有'兼容 Python 版'注释 - 新项目独立,无历史包袱
99 lines
2.3 KiB
Go
99 lines
2.3 KiB
Go
// ===========================================
|
|
// 多班级版班级管理系统 - Go 后端
|
|
//
|
|
// 开发者: Canglan
|
|
// 联系方式: admin@sea-studio.top
|
|
// 版权归属: Sea Network Technology Studio
|
|
// 许可证: Apache License 2.0
|
|
//
|
|
// 版权所有 © Sea Network Technology Studio
|
|
// ===========================================
|
|
|
|
package crypto
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"fmt"
|
|
"math/big"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
// HashPassword 使用 bcrypt 对密码进行哈希
|
|
// bcrypt 自带盐值管理,无需外部 salt
|
|
func HashPassword(password string) (string, error) {
|
|
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
return "", fmt.Errorf("密码哈希失败: %w", err)
|
|
}
|
|
return string(hash), nil
|
|
}
|
|
|
|
// VerifyPassword 验证密码是否与 bcrypt 哈希匹配
|
|
func VerifyPassword(password, hash string) bool {
|
|
return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
|
|
}
|
|
|
|
// GenerateRandomPassword 生成随机密码
|
|
func GenerateRandomPassword(length int) (string, error) {
|
|
alphabet := "abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789"
|
|
result := make([]byte, length)
|
|
for i := range result {
|
|
n, err := rand.Int(rand.Reader, big.NewInt(int64(len(alphabet))))
|
|
if err != nil {
|
|
return "", fmt.Errorf("生成随机密码失败: %w", err)
|
|
}
|
|
result[i] = alphabet[n.Int64()]
|
|
}
|
|
return string(result), nil
|
|
}
|
|
|
|
// ValidatePasswordStrength 验证密码强度
|
|
// 要求: 大小写字母、数字、特殊符号至少包含 3 种,长度 6-20
|
|
func ValidatePasswordStrength(password string) (bool, string) {
|
|
if len(password) < 6 {
|
|
return false, "密码长度至少6位"
|
|
}
|
|
if len(password) > 20 {
|
|
return false, "密码长度不能超过20位"
|
|
}
|
|
|
|
hasUpper := false
|
|
hasLower := false
|
|
hasDigit := false
|
|
hasSpecial := false
|
|
|
|
for _, c := range password {
|
|
switch {
|
|
case c >= 'A' && c <= 'Z':
|
|
hasUpper = true
|
|
case c >= 'a' && c <= 'z':
|
|
hasLower = true
|
|
case c >= '0' && c <= '9':
|
|
hasDigit = true
|
|
default:
|
|
hasSpecial = true
|
|
}
|
|
}
|
|
|
|
charTypes := 0
|
|
if hasUpper {
|
|
charTypes++
|
|
}
|
|
if hasLower {
|
|
charTypes++
|
|
}
|
|
if hasDigit {
|
|
charTypes++
|
|
}
|
|
if hasSpecial {
|
|
charTypes++
|
|
}
|
|
|
|
if charTypes < 3 {
|
|
return false, "密码必须包含大写字母、小写字母、数字、特殊符号中的至少3种"
|
|
}
|
|
|
|
return true, ""
|
|
}
|