diff --git a/apps/api/views.py b/apps/api/views.py index 113962d..60445ac 100644 --- a/apps/api/views.py +++ b/apps/api/views.py @@ -5,23 +5,29 @@ from apps.api.common import CaesarCypherClass, Base64CypherClass from apps.api.config import Config config = Config() +caesar = CaesarCypherClass() +base64 = Base64CypherClass() # Create your views here. @require_POST def get_config(request): + """ + 获取系统配置的接口,通过identity标识字段查询param参数并返回,如果使用加密版数据库则根据加密方式进行解密后返回 + :param request: identity标识字段 + :return: 获取到的参数param + """ try: identity = request.POST.get("param") - if config.getconfig("isCypher"): - if config.getconfig("CypherMethod") == "base64": - param_base64 = m_api.SysConfig.objects.using("cypher").filter(identity=identity).first().param - param = Base64CypherClass().base64_decode_str(Base64CypherClass(), param_base64) + if config.getconfig("isCypher"): # 启用加密数据库 + param_base64 = m_api.SysConfig.objects.using("cypher").filter(identity=identity).first().param + if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar + param = caesar.caesar_decode(param_base64) return HttpResponse(param) - if config.getconfig("CypherMethod") == "caesar": - param_base64 = m_api.SysConfig.objects.using("cypher").filter(identity=identity).first().param - param = CaesarCypherClass.caesar_decode(param_base64) + else: # 加密方式为Base64 + param = base64.base64_decode_str(base64, param_base64) return HttpResponse(param) - else: + else: # 不加密的数据库 param = m_api.SysConfig.objects.using("default").filter(identity=identity).first().param return HttpResponse(param) except Exception as e: diff --git a/apps/auth/views.py b/apps/auth/views.py index 6c0d207..da10205 100644 --- a/apps/auth/views.py +++ b/apps/auth/views.py @@ -28,18 +28,18 @@ def gettoken(request): @require_POST def search_user(request): """ - 查询用户名 + 查询用户名是否存在,若存在则返回True,不存在则返回False,如果使用加密版数据库则根据加密方式进行加密后再查询数据库 :param request: :return: """ - if config.getconfig("isCypher"): - if config.getconfig("CypherMethod") == "caesar": + if config.getconfig("isCypher"): # 启用加密数据库 + if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar username = caesar.caesar_encode(request.POST.get("username")) user = auth_models.User.objects.using("cypher").filter(username=username) - else: + else: # 加密方式为Base64 username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8') user = auth_models.User.objects.using("cypher").filter(username=username) - else: + else: # 不加密的数据库 username = request.POST.get("username") user = auth_models.User.objects.using("default").filter(username=username) if user.exists(): @@ -51,7 +51,9 @@ def search_user(request): @require_POST def add_user(request): """ - 用户注册 + 用户注册,前端需要将用户名密码以base64的方式加密后传输,存储密码时是用md5进行存储。 + 如果使用加密版数据库则根据加密方式,将用户名、邮箱、电话加密后存储到数据库。 + 用户头像目前以路径的方式存储 :param request: POST提交注册信息 :return: 注册结果 """ @@ -61,12 +63,12 @@ def add_user(request): avatar = request.FILES.get("avatar") pwd_base64 = base64.base64_decode_str(base64, request.POST.get("pwd")) pwd = make_password(pwd_base64) - if config.getconfig("isCypher"): - if config.getconfig("CypherMethod") == "caesar": + if config.getconfig("isCypher"): # 启用加密数据库 + if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar username = caesar.caesar_encode(request.POST.get("username")) email = caesar.caesar_encode(request.POST.get("email")) phone = caesar.caesar_encode(request.POST.get("phone")) - else: + else: # 加密方式为Base64 username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8') email = base64.base64_encode_str(base64, request.POST.get("email")).decode('utf-8') phone = base64.base64_encode_str(base64, request.POST.get("phone")).decode('utf-8') @@ -79,7 +81,7 @@ def add_user(request): last_login_time=last_login_time, avatar=avatar ) - else: + else: # 不加密的数据库 username = request.POST.get("username") email = request.POST.get("email") phone = request.POST.get("phone") @@ -100,27 +102,24 @@ def add_user(request): @require_POST def login_user(request): """ - 用户登录,验证用户密码是否正确,正确返回菜单,错误返回用户名或密码不正确 + 用户登录,验证用户密码是否正确,正确返回菜单,错误返回用户名或密码不正确。 + 如果使用加密版数据库则根据加密方式,将用户名加密后进行数据库查询。 :param request: - :return: + :return: "用户名或密码不正确"或用户拥有权限的菜单 """ try: - if config.getconfig("isCypher"): - if config.getconfig("CypherMethod") == "caesar": + pwd_input = base64.base64_decode_str(base64, request.POST.get("pwd")) + if config.getconfig("isCypher"): # 启用加密数据库 + if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar username = caesar.caesar_encode(request.POST.get("username")) - pwd_input = caesar.caesar_encode(request.POST.get("pwd")) - pwd_made = auth_models.User.objects.using("cypher").filter(username=username).first() - else: + else: # 加密方式为Base64 username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8') - pwd_input = base64.base64_decode_str(base64, request.POST.get("pwd")) - pwd_made = auth_models.User.objects.using("cypher").filter(username=username).first() - else: + pwd_made = auth_models.User.objects.using("cypher").filter(username=username).first() + else: # 不加密的数据库 username = request.POST.get("username") - pwd_input = base64.base64_decode_str(base64, request.POST.get("pwd")) pwd_made = auth_models.User.objects.using("default").filter(username=username).first() if pwd_made is not None: - pwd = check_password(pwd_input, pwd_made.pwd) - if pwd: + if check_password(pwd_input, pwd_made.pwd): return HttpResponse(True) else: return HttpResponse("用户名或密码不正确") diff --git a/data/db_cypher.sqlite3 b/data/db_cypher.sqlite3 index 8bb6362..f49331b 100644 Binary files a/data/db_cypher.sqlite3 and b/data/db_cypher.sqlite3 differ