Merge pull request #1286 from longguikeji/feature-402

feat: 🎸 md5加密
longguikeji · Sep 16, 2022 · 4a74e9f · 4a74e9f
2 parents 5363c96 + 26dd8ce
commit 4a74e9f
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/api/v1/views/app.py b/api/v1/views/app.py
@@ -124,11 +124,13 @@ def get_app_read_secret(request, tenant_id: str, id: str):
     '''
     获取应用秘钥
     '''
-    from arkid.common.utils import generate_secret
+    from arkid.common.utils import generate_secret, generate_md5_secret
+    secret = generate_secret()
+    md5_secret = generate_md5_secret(secret)
     app = App.valid_objects.get(id=id)
-    app.secret = generate_secret()
+    app.secret = md5_secret
     app.save()
-    return {"data": {"read_secret": app.secret}}
+    return {"data": {"read_secret": secret}}
 
 @api.get("/tenant/{tenant_id}/apps/{app_id}/openapi_version/", response=ConfigOpenApiVersionDataSchemaOut, tags=['应用'])
 @operation(roles=[TENANT_ADMIN, PLATFORM_ADMIN])

diff --git a/arkid/common/utils.py b/arkid/common/utils.py
@@ -259,4 +259,8 @@ def generate_secret(chars=None, length=128):
     if chars is None:
         chars= CHARS_COMMON
     rand = SystemRandom()
-    return ''.join(rand.choice(chars) for x in range(length))
+    return ''.join(rand.choice(chars) for x in range(length))
+
+def generate_md5_secret(secret):
+    import hashlib
+    return hashlib.md5(secret.encode('utf-8')).hexdigest()
diff --git a/arkid/core/api.py b/arkid/core/api.py
@@ -100,7 +100,8 @@ class GlobalAuth(HttpBaseBearer):
     openapi_scheme = "token"
 
     def authenticate(self, request, token, app_id, app_secret):
-        from arkid.core.models import User  
+        from arkid.core.models import User
+        from arkid.common.utils import generate_md5_secret 
         try:
             if request.user and isinstance(request.user, User):  # restore 审批请求时，user已经存在，不需要再校验token
                 token = ExpiringToken.objects.filter(user=request.user).first()
@@ -137,7 +138,7 @@ def authenticate(self, request, token, app_id, app_secret):
                     except ValueError:
                         logger.error(_("invalid app_id", "无效的应用id"))
                         return
-                    app = App.valid_objects.get(id=app_id, secret=app_secret)
+                    app = App.valid_objects.get(id=app_id, secret=generate_md5_secret(app_secret))
                     tenant = request.tenant or Tenant.platform_tenant()
                     # 获取操作id查询用户权限
                     operation_id = request.operation_id