switch to bcrypt

gengjiawen · gengjiawen · commit 2fa73925d5da · 2017-02-05T14:39:13.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,5 @@ node_modules/
 dist/
 npm-debug.log
 img/
-.vscode/
+.vscode/
+.idea/
diff --git a/package.json b/package.json
@@ -6,10 +6,12 @@
   "private": true,
   "scripts": {
     "dev": "node build/dev-server.js",
-    "build": "node build/build.js"
+    "build": "node build/build.js",
+    "server": "node app.js"
   },
   "dependencies": {
     "axios": "^0.15.3",
+    "bcryptjs": "^2.4.0",
     "element-ui": "^1.1.2",
     "koa": "^1.2.4",
     "koa-bodyparser": "^2.3.0",
@@ -19,7 +21,6 @@
     "koa-logger": "^1.3.0",
     "koa-router": "5.4",
     "koa-static": "^2.0.0",
-    "md5": "^2.2.1",
     "mysql": "^2.12.0",
     "sequelize": "^3.29.0",
     "stylus": "^0.54.5",
diff --git a/server/controllers/user.js b/server/controllers/user.js
@@ -1,5 +1,6 @@
 const user = require('../models/user.js');
 const jwt = require('koa-jwt');
+const bcrypt = require('bcryptjs');
 
 const getUserInfo = function* (){
   const id = this.params.id; // 获取url里传过来的参数里的id
@@ -13,7 +14,7 @@ const postUserAuth = function* (){
   const userInfo = yield user.getUserByName(data.name);
   console.log(this.request)
   if(userInfo != null){ // 如果查无此用户会返回null
-    if(userInfo.password != data.password){
+    if(!bcrypt.compareSync(data.password, userInfo.password)){
       this.body = {
         success: false, // success标志位是方便前端判断返回是正确与否
         info: '密码错误！'
@@ -43,4 +44,4 @@ module.exports = {
     router.get('/user/:id', getUserInfo); // 定义url的参数是id
     router.post('/user', postUserAuth);
   }
-}
+}
diff --git a/server/schema/user.js b/server/schema/user.js
@@ -13,7 +13,7 @@ module.exports = function(sequelize, DataTypes) {
       allowNull: false
     },
     password: {
-      type: DataTypes.CHAR(32),
+      type: DataTypes.CHAR(128),
       allowNull: false
     }
   }, {
diff --git a/sql/user.sql b/sql/user.sql
@@ -20,15 +20,17 @@ USE `todolist`;
 CREATE TABLE IF NOT EXISTS `user` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `user_name` char(50) NOT NULL,
-  `password` char(32) NOT NULL,
+  `password` char(128) NOT NULL,
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
 
 -- 正在导出表  todolist.user 的数据：~0 rows (大约)
 DELETE FROM `user`;
 /*!40000 ALTER TABLE `user` DISABLE KEYS */;
-INSERT INTO `user` (`id`, `user_name`, `password`) VALUES
-	(1, 'molunerfinn', '202cb962ac59075b964b07152d234b70');
+INSERT INTO `user` (`user_name`, `password`) VALUES
+	('molunerfinn', '$2a$10$x3f0Y2SNAmyAfqhKVAV.7uE7RHs3FDGuSYw.LlZhOFoyK7cjfZ.Q6');
+INSERT INTO `user` (`user_name`, `password`) VALUES
+  ('admin', '$2a$10$x3f0Y2SNAmyAfqhKVAV.7uE7RHs3FDGuSYw.LlZhOFoyK7cjfZ.Q6');
 /*!40000 ALTER TABLE `user` ENABLE KEYS */;
 
 /*!40101 SET SQL_MODE=IFNULL(@OLD_SQL_MODE, '') */;
diff --git a/src/components/Login.vue b/src/components/Login.vue
@@ -2,16 +2,16 @@
   <el-row class="content">
     <el-col :xs="24" :sm="{span: 6,offset: 9}">
       <span class="title">
-       欢迎登录 
+       欢迎登录
       </span>
       <el-row>
-        <el-input 
-          v-model="account" 
+        <el-input
+          v-model="account"
           placeholder="账号"
           type="text">
         </el-input>
-        <el-input 
-          v-model="password" 
+        <el-input
+          v-model="password"
           placeholder="密码"
           type="password"
           @keyup.enter.native="loginToDo">
@@ -23,8 +23,6 @@
 </template>
 
 <script>
-import md5 from 'md5'
-
 export default {
   data () {
     return {
@@ -36,8 +34,8 @@ export default {
     loginToDo() {
       let obj = {
         name: this.account,
-        password: md5(this.password)
-      } 
+        password: this.password
+      }
       this.$http.post('/auth/user', obj) // 将信息发送给后端
         .then((res) => {
           console.log(res);
@@ -46,7 +44,7 @@ export default {
             this.$message({ // 登录成功，显示提示语
               type: 'success',
               message: '登录成功！'
-            }); 
+            });
             this.$router.push('/todolist') // 进入todolist页面，登录成功
           }else{
             this.$message.error(res.data.info); // 登录失败，显示提示语
@@ -70,5 +68,5 @@ export default {
     margin 12px 0
   .el-button
     width 100%
-    margin-top 12px    
-</style>
+    margin-top 12px
+</style>

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ module.exports = function(sequelize, DataTypes) {`
`13`	`13`	`allowNull: false`
`14`	`14`	`},`
`15`	`15`	`password: {`
`16`		`- type: DataTypes.CHAR(32),`
	`16`	`+ type: DataTypes.CHAR(128),`
`17`	`17`	`allowNull: false`
`18`	`18`	`}`
`19`	`19`	`}, {`