本文主要是介绍Taro + node.js 注册 仿照java 中的加盐算法,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
1.需求
为了让用户的密码更加保密
我们在md5 之前 在加一个随机数 用java 的说法 叫做 加盐算法
2.代码
//H5注册async H5Register(register) {if (!register.phone ||!register.password ||!register.confirmPassword ||!register.yzmCode ||!register.registerCode) {throw new CoolCommException('参数不能为空~');}const phoneRegex = /^1[3-9]\d{9}$/; // 手机号码的正则表达式if (!phoneRegex.test(register.phone)) {throw new CoolCommException('手机号码格式不正确~');}if (register.password !== register.confirmPassword) {throw new CoolCommException('两次密码不一致');}const inviteCode = await this.businessUserEntity.findOneBy({inviteCode: register.registerCode,});if (!inviteCode) {throw new CoolCommException('导师不存在~');}const checkV = await this.captchaCheckByH5(register.yzmCode);if (checkV) {const user = await this.businessStudentEntity.findOneBy({phone: register?.phone,});if (user) {throw new CoolCommException('账户已存在~');}const salt = this.generatePasswordCode();await this.businessStudentEntity.save({phone: register.phone,password: md5(register.password + salt).toUpperCase(),membershipLevel: 0,balance: 0,userId: inviteCode.id,randomStr: salt,});return 1;} else {throw new CoolCommException('验证码不正确~');}}
//生成加盐密码public generatePasswordCode() {// const hmac = crypto.createHmac('sha256', '1234567890');// hmac.update(password.toString());// const hash = hmac.digest('hex');// const code = hash.substring(0, 6).toUpperCase();// return code;let chars = 'ABCDEFGHJKMNPQRSTWXYZ1234567890';/****默认去掉了容易混淆的字符oOLl,9gq,Vv,Uu,I1****/let maxPos = chars.length;var code = '';for (let i = 0; i < 6; i++) {code += chars.charAt(Math.floor(Math.random() * maxPos));}return code.toString();}
3 登录验证
为了适配之前的纯md5 方式
// H5 登录async H5Login(login) {if (!login.password || !login.phone) {throw new CoolCommException('账户或者密码不能为空~');}let user;// 尝试使用直接MD5加密的密码进行验证const userByDirectMd5 = await this.businessStudentEntity.findOneBy({phone: login.phone,password: md5(login.password),});// 如果没有找到,尝试使用带有随机字符串的加密方式if (!userByDirectMd5) {const userInfo = await this.businessStudentEntity.findOneBy({phone: login.phone,});if (!userInfo) {// 手机号不存在,直接返回错误throw new CoolCommException('账户不存在或密码不正确~');}const userByRandomStrMd5 = await this.businessStudentEntity.findOneBy({phone: login.phone,password: md5(login.password + userInfo.randomStr).toUpperCase(),});if (!userByRandomStrMd5) {// 密码不正确throw new CoolCommException('账户不存在或密码不正确~');}// 这里可以设置 user 为使用随机字符串加密方式找到的用户user = userByRandomStrMd5;} else {// 这里设置 user 为使用直接MD5加密方式找到的用户user = userByDirectMd5;}// 检查账户是否启用if (user.isEnabled == 0) {throw new CoolCommException('账户无权限,请联系客服开通~');}// 生成和缓存JWT令牌const { expire, refreshExpire } = this.coolConfig.jwt.token;const result = {expire,token: await this.generateTokenClient(user, expire),refreshExpire,refreshToken: await this.generateTokenClient(user, refreshExpire, true),};// 缓存令牌await this.cacheManager.set(`business:client:token:${user.id}`,result.token,{ ttl: expire });await this.cacheManager.set(`business:client:token:refresh:${user.id}`,result.refreshToken,{ ttl: refreshExpire });return result;}
这篇关于Taro + node.js 注册 仿照java 中的加盐算法的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!