From 9c99ea247d2d3b13f0d09db8a670ef2bd88a259a Mon Sep 17 00:00:00 2001
From: mashuai <ma_shuai0327@163.com>
Date: Wed, 22 May 2024 16:42:09 +0800
Subject: [PATCH] =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=8A=A0=E5=AF=86=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../sgzb/auth/controller/TokenController.java | 32 +++++++++++++++++--
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java b/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java
index 644a0d17..5ba474de 100644
--- a/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java
+++ b/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java
@@ -1,6 +1,12 @@
 package com.bonus.sgzb.auth.controller;
 
 import javax.annotation.Resource;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
 import javax.servlet.http.HttpServletRequest;
 
 import com.bonus.sgzb.auth.form.*;
@@ -23,6 +29,11 @@ import com.bonus.sgzb.common.security.service.TokenService;
 import com.bonus.sgzb.common.security.utils.SecurityUtils;
 import com.bonus.sgzb.system.api.model.LoginUser;
 
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
 import java.util.Map;
 
 /**
@@ -54,12 +65,27 @@ public class TokenController {
 
     //web端登录
     @PostMapping("login")
-    public R<?> login(@RequestBody LoginBody form) {
+    public R<?> login(@RequestBody LoginBody form) throws Exception {
+        // 定义密钥
+        String key = "CCNWrpassWordKey";
+        byte[] encryptedBytes = Base64.getDecoder().decode(form.getPassword());
+        byte[] iv = new byte[16];
+        System.arraycopy(encryptedBytes, 0, iv, 0, iv.length);
+
+        byte[] cipherText = new byte[encryptedBytes.length - iv.length];
+        System.arraycopy(encryptedBytes, iv.length, cipherText, 0, cipherText.length);
+
+        SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "AES");
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+        cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv));
+
+        byte[] decryptedBytes = cipher.doFinal(cipherText);
+        String decryptedData = new String(decryptedBytes, StandardCharsets.UTF_8);
         // 用户登录
-        LoginUser userInfo = sysLoginService.login(form.getUsername(), form.getPassword());
+        LoginUser userInfo = sysLoginService.login(form.getUsername(), decryptedData);
         String uuid = form.getUuid();
         String captcha = redisService.getCacheObject(CacheConstants.CAPTCHA_CODE_KEY + uuid).toString();
-        if (StringUtils.isBlank(captcha)){
+        if (StringUtils.isBlank(captcha)) {
             return R.fail("验证码超时，请重新刷新");
         }
         if (form.getCode() != null && form.getCode().equals(captcha)) {