[FIX]密码改为密文存储

docs/docs.go

@@ -94,6 +94,12 @@ var doc = `{
                         "description": "State",
                         "name": "state",
                         "in": "query"
+                    },
+                    {
+                        "type": "integer",
+                        "description": "Page",
+                        "name": "page",
+                        "in": "query"
                     }
                 ],
                 "responses": {

docs/swagger.json

@@ -74,6 +74,12 @@
                         "description": "State",
                         "name": "state",
                         "in": "query"
+                    },
+                    {
+                        "type": "integer",
+                        "description": "Page",
+                        "name": "page",
+                        "in": "query"
                     }
                 ],
                 "responses": {

docs/swagger.yaml

@@ -45,6 +45,10 @@ paths:
         in: query
         name: state
         type: integer
+      - description: Page
+        in: query
+        name: page
+        type: integer
       produces:
       - application/json
       responses:

go.mod

@@ -21,6 +21,7 @@ require (
 	github.com/swaggo/swag v1.6.7
 	github.com/ugorji/go v1.1.8 // indirect
 	github.com/unknwon/com v1.0.1
+	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
 	golang.org/x/net v0.0.0-20200904194848-62affa334b73 // indirect
 	golang.org/x/sys v0.0.0-20200909081042-eff7692f9009 // indirect
 	golang.org/x/tools v0.0.0-20200921210052-fa0125251cc4 // indirect

models/employee.go

@@ -1,6 +1,8 @@
 package models
 
-import "github.com/jinzhu/gorm"
+import (
+	"github.com/jinzhu/gorm"
+)
 
 type Employee struct {
 	Model
@@ -80,8 +82,30 @@ func GetEmployee(id int) (*Employee, error) {
 	return &employee, nil
 }
 
-func EditEmployee(id int, data interface{}) error {
+func GetEmployeeByUsername(username string) (*Employee, error) {
-	if err := db.Model(&Employee{}).Where("id = ? AND deleted_on = ?", id, 0).Updates(data).Error; err != nil {
+	var employee Employee
+	err := db.Where("username = ? AND deleted_on = ? ", username, 0).First(&employee).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		return nil, err
+	}
+
+	err = db.Model(&employee).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		return nil, err
+	}
+
+	return &employee, nil
+}
+
+func EditEmployee(id int, data map[string]interface{}) error {
+	if err := db.Model(&Employee{}).Where("id = ? AND deleted_on = ?", id, 0).Updates(Employee{
+		AvatarUrl:  data["avatar_url"].(string),
+		Username:   data["username"].(string),
+		Password:   data["password"].(string),
+		Department: data["department"].(string),
+		Position:   data["position"].(string),
+		State:      data["state"].(int),
+	}).Error; err != nil {
 		return err
 	}
 	return nil

routers/admin/login.go

@@ -4,9 +4,10 @@ import (
 	"github.com/astaxie/beego/validation"
 	"github.com/gin-gonic/gin"
 	"github.com/go-pripro/shop/models"
+	"github.com/go-pripro/shop/pkg/app"
 	"github.com/go-pripro/shop/pkg/e"
-	"github.com/go-pripro/shop/pkg/logging"
 	"github.com/go-pripro/shop/pkg/util"
+	"golang.org/x/crypto/bcrypt"
 	"net/http"
 )
 
@@ -22,34 +23,32 @@ type Employee struct {
 // @Success 200 {string} json "{"code":200,"data":{},"msg":"ok"}"
 // @Router /admin/login [get]
 func GetLogin(c *gin.Context)  {
+	appG := app.Gin{C: c}
 	username := c.Query("username")
 	password := c.Query("password")
 	valid := validation.Validation{}
 	a := Employee{Username: username, Password: password}
-	ok, _ := valid.Valid(&a)
+
+	if ok, err := valid.Valid(&a); err != nil || !ok {
+		app.MarkErrors(valid.Errors)
+		appG.Response(http.StatusBadRequest, e.InvalidParams, nil)
+		return
+	}
+
 	data := make(map[string]interface{})
-	code := e.InvalidParams
+	if fEmployee, err := models.GetEmployeeByUsername(username); err != nil {
-	if ok {
+		appG.Response(http.StatusInternalServerError, e.ErrorAuth, nil)
-		isExist := models.CheckEmployee(username, password)
+	} else {
-		if isExist {
+		if err := bcrypt.CompareHashAndPassword([]byte(fEmployee.Password), []byte(password)); err != nil{
+			appG.Response(http.StatusInternalServerError, e.ErrorAuth, nil)
+		} else {
 			token, err := util.GenerateToken(username, password)
 			if err != nil {
-				code = e.ErrorAuthToken
+				appG.Response(http.StatusInternalServerError, e.ErrorAuthToken, nil)
 			} else {
 				data["token"] = token
-				code = e.SUCCESS
+				appG.Response(http.StatusOK, e.SUCCESS, data)
 			}
-		} else {
-			code = e.ErrorAuth
-		}
-	} else {
-		for _, err := range valid.Errors {
-			logging.Info(err.Key, err.Message)
 		}
 	}
-	c.JSON(http.StatusOK, gin.H{
-		"code": code,
-		"msg":  e.GetMsg(code),
-		"data": data,
-	})
 }

routers/admin/v1/employee.go

@@ -127,6 +127,7 @@ func GetEmployee(c *gin.Context) {
 // @Param department query string false "Department"
 // @Param position query string false "Position"
 // @Param state query int false "State"
+// @Param page query int false "Page"
 // @Success 200 {string} json "{"code": 200, "data": {}, "msg":"ok"}"
 // @Router /admin/v1/employees [get]
 func GetEmployees(c *gin.Context) {
@@ -197,7 +198,7 @@ func EditEmployee(c *gin.Context) {
 	valid := validation.Validation{}
 	valid.Min(id, 1, "id").Message("必须是有效的员工id")
 	valid.Range(state, 0, 1, "state").Message("状态只允许0或1")
-	
+
 	if valid.HasErrors() {
 		app.MarkErrors(valid.Errors)
 		appG.Response(http.StatusBadRequest, e.InvalidParams, nil)
@@ -221,29 +222,12 @@ func EditEmployee(c *gin.Context) {
 		appG.Response(http.StatusInternalServerError, e.ErrorExistEmployee, nil)
 	}
 
-	if avatarUrl != "" {
+	employeeService.AvatarUrl = avatarUrl
-		employeeService.AvatarUrl = avatarUrl
+	employeeService.Username = username
-	}
+	employeeService.Password = password
-
+	employeeService.Department = department
-	if username != "" {
+	employeeService.Position = position
-		employeeService.Username = username
+	employeeService.State = state
-	}
-
-	if password != "" {
-		employeeService.Password = password
-	}
-
-	if department != ""  {
-		employeeService.Department = department
-	}
-
-	if position != "" {
-		employeeService.Position = position
-	}
-
-	if state >= 0 {
-		employeeService.State = state
-	}
 
 	if err := employeeService.Edit(); err == nil {
 		appG.Response(http.StatusOK, e.SUCCESS, employeeService)

service/employee_service/employee.go

@@ -7,6 +7,7 @@ import (
 	"github.com/go-pripro/shop/pkg/gredis"
 	"github.com/go-pripro/shop/pkg/logging"
 	"github.com/go-pripro/shop/service/cache_service"
+	"golang.org/x/crypto/bcrypt"
 )
 
 type Employee struct {
@@ -25,11 +26,19 @@ type Employee struct {
 	PageSize int
 }
 
+func (syncEmployee *Employee) EncodePassword(password string) string {
+	if hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost); err == nil {
+		return string(hash)
+	}
+	return string(rune(0))
+}
+
 func (syncEmployee *Employee) Add() error {
+	encodePassword := syncEmployee.EncodePassword(syncEmployee.Password)
 	employee := map[string]interface{}{
 		"avatar_url": syncEmployee.AvatarUrl,
 		"username":   syncEmployee.Username,
-		"password":   syncEmployee.Password,
+		"password":   encodePassword,
 		"department": syncEmployee.Department,
 		"position":   syncEmployee.Position,
 		"state":      syncEmployee.State,
@@ -43,10 +52,12 @@ func (syncEmployee *Employee) Add() error {
 }
 
 func (syncEmployee *Employee) Edit() error {
+	encodePassword := syncEmployee.EncodePassword(syncEmployee.Password)
+
 	return models.EditEmployee(syncEmployee.ID, map[string]interface{}{
 		"avatar_url": syncEmployee.AvatarUrl,
 		"username":   syncEmployee.Username,
-		"password":   syncEmployee.Password,
+		"password":   encodePassword,
 		"department": syncEmployee.Department,
 		"position":   syncEmployee.Position,
 		"state":      syncEmployee.State,