1.更新数据库结构，添加菜单表、角色表、角色菜单表、角色用户表

2.优化代理逻辑

CMS_Django_Backend/settings.py

@@ -37,6 +37,7 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
     'apps.auth.apps.AuthConfig',
     'apps.api.apps.ApiConfig',
+    'apps.home.apps.HomeConfig',
 ]
 
 MIDDLEWARE = [
@@ -77,6 +78,10 @@ DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.sqlite3',
         'NAME': BASE_DIR / 'data/db.sqlite3',
+    },
+    'cypher': {
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': BASE_DIR / 'data/db_cypher.sqlite3',
     }
 }
 

CMS_Django_Backend/urls.py

@@ -18,11 +18,13 @@ from django.contrib import admin
 from django.urls import path, include
 from django.conf import settings
 from django.conf.urls.static import static
+from apps.home import views as home_views
 
 urlpatterns = [
     # path('admin/', admin.site.urls),
-    # path('login', include('apps.login.urls'))
-    # path('auth', include('apps.auth.urls'))
+    # path('login', include('apps.login.urls')),
+    # path('auth', include('apps.auth.urls')),
+    path('home/', home_views.home, name='home'),
     path('api/', include('apps.api.urls')),
-    path('auth/', include('apps.auth.urls'))
+    path('auth/', include('apps.auth.urls')),
 ] + static(settings.MEDIA_URL, document_root = settings.MEDIA_ROOT)

apps/api/common.py

@@ -0,0 +1,125 @@
+import re
+
+
+class CaesarCypherClass:
+    """
+    恺撒密码，提供以恺撒密码方法进行加密及解密的方法，加密方法使用CaesarEncode()函数，解密方法使用CaesarDecode()函数
+    """
+
+    def __init__(self, *args, **kwargs):
+        pass
+
+    @staticmethod
+    def caesar_encode(s):
+        """
+        恺撒密码加密方法，需要提供需要加密的明文。
+        """
+        s_encode = ''
+        for c in s:
+            if 'a' <= c <= 'z':
+                s_encode += chr(ord('a') + (ord(c) - ord('a') + 3) % 26)
+            elif 'A' <= c <= 'Z':
+                s_encode += chr(ord('A') + (ord(c) - ord('A') + 3) % 26)
+            elif 0x4E00 <= ord(c) <= 0x9FA5:
+                s_encode += chr(ord(c) + 3)
+            elif '0' <= c <= '9':
+                s_encode += chr(ord('0') + (ord(c) - ord('0') + 3) % 10)
+            else:
+                s_encode += c
+        return s_encode
+
+    @staticmethod
+    def caesar_decode(s):
+        """
+        恺撒密码解密方法，需要提供需要解密的密文。
+        """
+        s_decode = ''
+        for c in s:
+            if 'a' <= c <= 'z':
+                s_decode += chr(ord('a') + (ord(c) - ord('a') - 3) % 26)
+            elif 'A' <= c <= 'Z':
+                s_decode += chr(ord('A') + (ord(c) - ord('A') - 3) % 26)
+            elif 0x4E00 <= ord(c) <= 0x9FA5:
+                s_decode += chr(ord(c) - 3)
+            elif '0' <= c <= '9':
+                s_decode += chr(ord('0') + (ord(c) - ord('0') - 3) % 10)
+            else:
+                s_decode += c
+        return s_decode
+
+
+class Base64CypherClass:
+    """
+    Base64的加解密算法，最简单的加密方式，可加密短的文字、小图片、小文件，图片文件大小不宜超过10M
+    """
+    def __init__(self, *args, **kwargs):
+        """
+        Base64类初始化函数
+        :param args:
+        :param kwargs:
+        """
+        import importlib
+        self.base64 = importlib.import_module('base64')
+        self.os = importlib.import_module('os')
+        self.time = importlib.import_module('time')
+        self.re = importlib.import_module('re')
+
+    @staticmethod
+    def base64_encode_str(self, s):
+        """
+        Base64字符串加密
+        :param self:
+        :param s: 要加密的字符串
+        :return: 加密后的字符串
+        """
+        return self.base64.b64encode(s.encode('utf-8'))
+
+    @staticmethod
+    def base64_decode_str(self, s):
+        """
+        Base64字符串解密，解密前先判断是否为Base64加密方式
+        :param self:
+        :param s: 要解密的字符串
+        :return: 解密后的字符串
+        """
+        try:
+            self.base64.b64decode(s)
+            return self.base64.b64decode(s).decode('utf-8')
+        except Exception as e:
+            return f"base64解密失败，请确定加密方式是否正确。错误信息：{e}"
+
+    @staticmethod
+    def base64_encode_pic(self, pic):
+        """
+        Base64加密图片，路径不存在则返回"图片路径不存在"
+        :param self:
+        :param pic: 要加密的图片路径
+        :return: 返回加密的base64字符
+        """
+        if self.os.path.exists(pic):
+            with open(pic, 'rb') as f:
+                read_pic = open(pic, 'rb')
+                read_data = read_pic.read()
+                read_pic.close()
+            return self.base64.b64encode(read_data)
+        else:
+            return "图片路径不存在"
+
+    @staticmethod
+    def base64_decode_pic(self, pic_bs64):
+        """
+        Base64解密图片
+        :param self:
+        :param pic_bs64:
+        :return: 返回图片路径
+        """
+        pic_path = f"upload/temp/pic{int(self.time.time())}"
+        if self.os.path.exists(f"{pic_path}.jpg"):
+            self.os.remove(f"{pic_path}.jpg")
+        elif not self.os.path.exists("upload/temp/pic"):
+            self.os.path.mkdir("upload/temp/pic")
+
+        with open(f"{pic_path}.jpg", 'wb') as f:
+            f.write(self.base64.b64decode(pic_bs64))
+
+        return f"{pic_path}.jpg"

apps/api/config.py

@@ -0,0 +1,8 @@
+class Config:
+    config = {
+        "isCypher": False,
+        "CypherMethod": "base64"
+    }
+
+    def getconfig(self, config_name):
+        return self.config[config_name]

apps/api/urls.py

@@ -2,5 +2,5 @@ from django.urls import path
 from apps.api import views
 
 urlpatterns = [
-    path("getconfig/", views.getconfig, name="getconfig"),
+    path("getconfig/", views.get_config, name="getconfig"),
 ]

apps/api/views.py

@@ -1,15 +1,44 @@
 from django.shortcuts import HttpResponse
 from apps.api import models as m_api
 from django.views.decorators.http import require_http_methods, require_POST, require_GET
+from apps.api.common import CaesarCypherClass, Base64CypherClass
+from apps.api.config import Config
+
+config = Config()
+caesar = CaesarCypherClass()
+base64 = Base64CypherClass()
 
 
 # Create your views here.
 @require_POST
-def getconfig(request):
+def get_config(request):
+    """
+    获取系统配置的接口，通过identity标识字段查询param参数并返回，如果使用加密版数据库则根据加密方式进行解密后返回
+    :param request: identity标识字段
+    :return: 获取到的参数param
+    """
     try:
-        param = request.POST.get("param")
-        title = m_api.SysConfig.objects.filter(identity=param).first().param
-        return HttpResponse(title)
+        identity = request.POST.get("param")
+        if config.getconfig("isCypher"):  # 启用加密数据库
+            param_base64 = m_api.SysConfig.objects.using("cypher").filter(identity=identity).first().param
+            if config.getconfig("CypherMethod") == "caesar":  # 加密方式为Caesar
+                param = caesar.caesar_decode(param_base64)
+                return HttpResponse(param)
+            else:  # 加密方式为Base64
+                param = base64.base64_decode_str(base64, param_base64)
+                return HttpResponse(param)
+        else:  # 不加密的数据库
+            param = m_api.SysConfig.objects.using("default").filter(identity=identity).first().param
+            return HttpResponse(param)
     except Exception as e:
         print(f"报错了:{e}")
-        return HttpResponse("报错了")
+        return HttpResponse(f"报错了:{e}")
+
+
+@require_POST
+def add_config(request):
+    try:
+        pass
+    except Exception as e:
+        print(f"报错了:{e}")
+        return HttpResponse(f"报错了:{e}")

apps/auth/migrations/0002_menu_role_rolemenu_roleuser.py

@@ -0,0 +1,52 @@
+# Generated by Django 5.1 on 2024-09-17 09:09
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('auth', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Menu',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False, unique=True, verbose_name='id')),
+                ('menu_name', models.CharField(max_length=50, verbose_name='菜单名称')),
+                ('parent_id', models.IntegerField(max_length=50, verbose_name='父菜单')),
+                ('path', models.CharField(max_length=128, verbose_name='路由地址')),
+                ('order', models.IntegerField(default=0, max_length=5, verbose_name='排序')),
+                ('create_time', models.DateTimeField(verbose_name='创建时间')),
+                ('update_time', models.DateTimeField(auto_now=True, verbose_name='最后更新时间')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Role',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False, unique=True, verbose_name='id')),
+                ('role_name', models.CharField(max_length=50, verbose_name='角色名称')),
+                ('role_name_en', models.CharField(max_length=50, verbose_name='角色英文名称')),
+                ('create_time', models.DateTimeField(verbose_name='创建时间')),
+                ('update_time', models.DateTimeField(auto_now=True, verbose_name='最后更新时间')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='RoleMenu',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False, unique=True, verbose_name='id')),
+                ('menu_id', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.menu', verbose_name='菜单ID')),
+                ('role_id', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.role', verbose_name='角色ID')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='RoleUser',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False, unique=True, verbose_name='id')),
+                ('role_id', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.role', verbose_name='角色ID')),
+                ('user_id', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.user', verbose_name='用户ID')),
+            ],
+        ),
+    ]

apps/auth/migrations/0003_alter_menu_order_alter_menu_parent_id.py

@@ -0,0 +1,23 @@
+# Generated by Django 5.1 on 2024-09-17 09:09
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('auth', '0002_menu_role_rolemenu_roleuser'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='menu',
+            name='order',
+            field=models.IntegerField(default=0, verbose_name='排序'),
+        ),
+        migrations.AlterField(
+            model_name='menu',
+            name='parent_id',
+            field=models.IntegerField(verbose_name='父菜单'),
+        ),
+    ]

apps/auth/models.py

@@ -35,3 +35,33 @@ class User(models.Model):
             return self.avatar.url
         else:
             return '/media/avatar/default.jpg'
+
+
+class Menu(models.Model):
+    id = models.AutoField(verbose_name="id", primary_key=True, unique=True)
+    menu_name = models.CharField(verbose_name="菜单名称", max_length=50, null=False, blank=False)
+    parent_id = models.IntegerField(verbose_name="父菜单")
+    path = models.CharField(verbose_name="路由地址", max_length=128)
+    order = models.IntegerField(verbose_name="排序", default=0)
+    create_time = models.DateTimeField(verbose_name="创建时间")
+    update_time = models.DateTimeField(verbose_name="最后更新时间", auto_now=True)
+
+
+class Role(models.Model):
+    id = models.AutoField(verbose_name="id", primary_key=True, unique=True)
+    role_name = models.CharField(verbose_name="角色名称", max_length=50, null=False, blank=False)
+    role_name_en = models.CharField(verbose_name="角色英文名称", max_length=50)
+    create_time = models.DateTimeField(verbose_name="创建时间")
+    update_time = models.DateTimeField(verbose_name="最后更新时间", auto_now=True)
+
+
+class RoleMenu(models.Model):
+    id = models.AutoField(verbose_name="id", primary_key=True, unique=True)
+    menu_id = models.ForeignKey(verbose_name="菜单ID", to="Menu", to_field="id", on_delete=models.CASCADE)
+    role_id = models.ForeignKey(verbose_name="角色ID", to="Role", to_field="id", on_delete=models.CASCADE)
+
+
+class RoleUser(models.Model):
+    id = models.AutoField(verbose_name="id", primary_key=True, unique=True)
+    role_id = models.ForeignKey(verbose_name="角色ID", to="Role", to_field="id", on_delete=models.CASCADE)
+    user_id = models.ForeignKey(verbose_name="用户ID", to="User", to_field="id", on_delete=models.CASCADE)

apps/auth/urls.py

@@ -5,4 +5,5 @@ urlpatterns = [
     path("gettoken/", views.gettoken, name="getToken"),
     path("searchuser/", views.search_user, name="searchuser"),
     path("adduser/", views.add_user, name="addUser"),
+    path("login/", views.login_user, name="loginUser"),
 ]

apps/auth/views.py

@@ -1,12 +1,19 @@
-import json, datetime, base64
+import binascii
+import json, datetime
 from django.shortcuts import HttpResponse
 from django.middleware.csrf import get_token
 from django.views.decorators.http import require_GET, require_POST
 from apps.auth import models as auth_models
 from django.contrib.auth.hashers import make_password, check_password
-
+from apps.api.common import CaesarCypherClass, Base64CypherClass
+from apps.api.config import Config
 
 # Create your views here.
+config = Config()
+base64 = Base64CypherClass()
+caesar = CaesarCypherClass()
+
+
 @require_GET
 def gettoken(request):
     """
@@ -21,41 +28,104 @@ def gettoken(request):
 @require_POST
 def search_user(request):
     """
-    查询用户名
+    查询用户名是否存在，若存在则返回True，不存在则返回False，如果使用加密版数据库则根据加密方式进行加密后再查询数据库
     :param request:
     :return:
     """
-    username = request.POST.get('username')
-    user = auth_models.User.objects.filter(username=username)
+    if config.getconfig("isCypher"):  # 启用加密数据库
+        if config.getconfig("CypherMethod") == "caesar":  # 加密方式为Caesar
+            username = caesar.caesar_encode(request.POST.get("username"))
+            user = auth_models.User.objects.using("cypher").filter(username=username)
+        else:  # 加密方式为Base64
+            username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8')
+            user = auth_models.User.objects.using("cypher").filter(username=username)
+    else:  # 不加密的数据库
+        username = request.POST.get("username")
+        user = auth_models.User.objects.using("default").filter(username=username)
     if user.exists():
-        return HttpResponse("用户名已存在")
-    else:
         return HttpResponse(True)
+    else:
+        return HttpResponse(False)
 
 
 @require_POST
 def add_user(request):
     """
-    用户注册
+    用户注册，前端需要将用户名密码以base64的方式加密后传输，存储密码时是用md5进行存储。
+    如果使用加密版数据库则根据加密方式，将用户名、邮箱、电话加密后存储到数据库。
+    用户头像目前以路径的方式存储
     :param request: POST提交注册信息
     :return: 注册结果
     """
-    username = request.POST.get("username")
-    pwd_base64 = base64.b64decode(request.POST.get("pwd"))
-    pwd = make_password(pwd_base64)
-    email = request.POST.get("email")
-    phone = request.POST.get("phone")
-    create_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
-    last_login_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
-    print(username, pwd, email, phone)
-    avatar = request.FILES.get("avatar")
-    auth_models.User.objects.create(
-        username=username,
-        pwd=pwd,
-        email=email,
-        phone=phone,
-        create_time=create_time,
-        last_login_time=last_login_time,
-        avatar=avatar
-    )
-    return HttpResponse("添加用户成功")
+    try:
+        create_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+        last_login_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+        avatar = request.FILES.get("avatar")
+        pwd_base64 = base64.base64_decode_str(base64, request.POST.get("pwd"))
+        pwd = make_password(pwd_base64)
+        if config.getconfig("isCypher"):  # 启用加密数据库
+            if config.getconfig("CypherMethod") == "caesar":  # 加密方式为Caesar
+                username = caesar.caesar_encode(request.POST.get("username"))
+                email = caesar.caesar_encode(request.POST.get("email"))
+                phone = caesar.caesar_encode(request.POST.get("phone"))
+            else:  # 加密方式为Base64
+                username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8')
+                email = base64.base64_encode_str(base64, request.POST.get("email")).decode('utf-8')
+                phone = base64.base64_encode_str(base64, request.POST.get("phone")).decode('utf-8')
+            auth_models.User.objects.using("cypher").create(
+                username=username,
+                pwd=pwd,
+                email=email,
+                phone=phone,
+                create_time=create_time,
+                last_login_time=last_login_time,
+                avatar=avatar
+            )
+        else:  # 不加密的数据库
+            username = request.POST.get("username")
+            email = request.POST.get("email")
+            phone = request.POST.get("phone")
+            auth_models.User.objects.using("default").create(
+                username=username,
+                pwd=pwd,
+                email=email,
+                phone=phone,
+                create_time=create_time,
+                last_login_time=last_login_time,
+                avatar=avatar
+            )
+        return HttpResponse("添加用户成功")
+    except Exception as e:
+        return HttpResponse(f"报错了：{e}")
+
+
+@require_POST
+def login_user(request):
+    """
+    用户登录，验证用户密码是否正确，正确返回菜单，错误返回用户名或密码不正确。
+    如果使用加密版数据库则根据加密方式，将用户名加密后进行数据库查询。
+    :param request:
+    :return: "用户名或密码不正确"或用户拥有权限的菜单
+    """
+    try:
+        pwd_input = base64.base64_decode_str(base64, request.POST.get("pwd"))
+        if config.getconfig("isCypher"):  # 启用加密数据库
+            if config.getconfig("CypherMethod") == "caesar":  # 加密方式为Caesar
+                username = caesar.caesar_encode(request.POST.get("username"))
+            else:  # 加密方式为Base64
+                username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8')
+            pwd_made = auth_models.User.objects.using("cypher").filter(username=username).first()
+        else:  # 不加密的数据库
+            username = request.POST.get("username")
+            pwd_made = auth_models.User.objects.using("default").filter(username=username).first()
+        if pwd_made is not None:
+            if check_password(pwd_input, pwd_made.pwd):
+                return HttpResponse(True)
+            else:
+                return HttpResponse("用户名或密码不正确")
+        else:
+            return HttpResponse("用户名或密码不正确")
+    except binascii.Error as e:
+        return HttpResponse("base64解码失败")
+    except Exception as e:
+        return HttpResponse(f"报错了:{e}")

apps/home/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

apps/home/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class HomeConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'apps.home'

apps/home/models.py

@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.

apps/home/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

apps/home/views.py

@@ -0,0 +1,20 @@
+from django.shortcuts import render, HttpResponse
+from apps.api.common import CaesarCypherClass, Base64CypherClass
+
+
+# Create your views here.
+def home(request):
+    bs64 = Base64CypherClass()
+    s = request.GET.get('s')
+    print(s)
+    s_encode = bs64.base64_encode_str(bs64,s)
+    print(s_encode)
+    s_decode = bs64.base64_decode_str(bs64,s)
+
+    # s_encode = bs64.base64_encode_pic(bs64, s)
+    # if s_encode != "图片路径不存在":
+    #     s_decode = bs64.base64_decode_pic(bs64, s_encode)
+    # else:
+    #     s_decode = ''
+    # return HttpResponse(f"解密:{s_decode}")
+    return HttpResponse(f"加密:{s_encode}\n解密:{s_decode}")