Merge pull request #176 from Yazzyk/v2.0

处理了 2 个漏洞，并增加验证码方式选择

server/internal/consts/captcha.go

@@ -0,0 +1,6 @@
+package consts
+
+const (
+	CaptchaTypeString = iota + 1 // 字符串
+	CaptchaTypeMath              // 数字计算
+)

server/internal/controller/admin/common/site.go

@@ -95,7 +95,11 @@ func (c *cSite) LoginConfig(ctx context.Context, _ *common.SiteLoginConfigReq) (
 
 // Captcha 登录验证码
 func (c *cSite) Captcha(ctx context.Context, _ *common.LoginCaptchaReq) (res *common.LoginCaptchaRes, err error) {
-	cid, base64 := captcha.Generate(ctx)
+	loginConf, err := service.SysConfig().GetLogin(ctx)
+	if err != nil {
+		return
+	}
+	cid, base64 := captcha.Generate(ctx, loginConf.CaptchaType)
 	res = &common.LoginCaptchaRes{Cid: cid, Base64: base64}
 	return
 }

server/internal/library/captcha/captcha.go

@@ -7,6 +7,7 @@ package captcha
 
 import (
 	"context"
+	"hotgo/internal/consts"
 	"image/color"
 
 	"github.com/gogf/gf/v2/frame/g"
@@ -18,44 +19,52 @@ import (
 var store = base64Captcha.DefaultMemStore
 
 // Generate 生成验证码
-func Generate(ctx context.Context) (id string, base64 string) {
-	// 字符
-	//	driver := &base64Captcha.DriverString{
-	//		Height: 42,
-	//		Width:  100,
-	//		//NoiseCount:      50,
-	//		//ShowLineOptions: 20,
-	//		Length: 4,
-	//		BgColor: &color.RGBA{
-	//			R: 255,
-	//			G: 250,
-	//			B: 250,
-	//			A: 250,
-	//		},
-	//		Source: "0123456789", // abcdefghjkmnpqrstuvwxyz23456789
-	//		Fonts:  []string{"chromohv.ttf"},
-	//	}
+func Generate(ctx context.Context, captchaType int) (id string, base64 string) {
+	var err error
 
+	switch captchaType {
 	// 算数
-	driver := &base64Captcha.DriverMath{
-		Height:          42,
-		Width:           100,
-		NoiseCount:      0,
-		ShowLineOptions: 0,
-		BgColor: &color.RGBA{
-			R: 255,
-			G: 250,
-			B: 250,
-			A: 250,
-		},
-		Fonts: []string{"chromohv.ttf"},
+	case consts.CaptchaTypeMath:
+		driver := &base64Captcha.DriverMath{
+			Height:          42,
+			Width:           100,
+			NoiseCount:      0,
+			ShowLineOptions: 0,
+			BgColor: &color.RGBA{
+				R: 255,
+				G: 250,
+				B: 250,
+				A: 250,
+			},
+			Fonts: []string{"chromohv.ttf"},
+		}
+		c := base64Captcha.NewCaptcha(driver.ConvertFonts(), store)
+		id, base64, _, err = c.Generate()
+	// 字符
+	default:
+		driver := &base64Captcha.DriverString{
+			Height: 42,
+			Width:  100,
+			//NoiseCount:      50,
+			//ShowLineOptions: 20,
+			Length: 4,
+			BgColor: &color.RGBA{
+				R: 255,
+				G: 250,
+				B: 250,
+				A: 250,
+			},
+			Source: "abcdefghjkmnpqrstuvwxyz23456789", // abcdefghjkmnpqrstuvwxyz23456789
+			Fonts:  []string{"chromohv.ttf"},
+		}
+		c := base64Captcha.NewCaptcha(driver.ConvertFonts(), store)
+		id, base64, _, err = c.Generate()
 	}
 
-	c := base64Captcha.NewCaptcha(driver.ConvertFonts(), store)
-	id, base64, _, err := c.Generate()
 	if err != nil {
 		g.Log().Errorf(ctx, "captcha.Generate err:%+v", err)
 	}
+
 	return
 }
 

server/internal/logic/admin/site.go

@@ -154,7 +154,7 @@ func (s *sAdminSite) AccountLogin(ctx context.Context, in *adminin.AccountLoginI
 	}
 
 	if mb == nil {
-		err = gerror.New("账号不存在")
+		err = gerror.New("用户名或密码错误")
 		return
 	}
 

server/internal/logic/sys/login_log.go

@@ -82,6 +82,9 @@ func (s *sSysLoginLog) List(ctx context.Context, in *sysin.LoginLogListInp) (lis
 	}
 
 	for _, v := range list {
+		if v.Response.Contains("token") {
+			v.Response.Set("token", "******")
+		}
 		v.Os = useragent.GetOs(v.UserAgent)
 		v.Browser = useragent.GetBrowser(v.UserAgent)
 		v.SysLogId, err = dao.SysLog.Ctx(ctx).Fields(dao.SysLog.Columns().Id).Where(dao.SysLog.Columns().ReqId, v.ReqId).Value()

server/internal/model/config.go

@@ -176,6 +176,7 @@ type WechatConfig struct {
 type LoginConfig struct {
 	RegisterSwitch int     `json:"loginRegisterSwitch"`
 	CaptchaSwitch  int     `json:"loginCaptchaSwitch"`
+	CaptchaType    int     `json:"loginCaptchaType"`
 	Avatar         string  `json:"loginAvatar"`
 	RoleId         int64   `json:"loginRoleId"`
 	DeptId         int64   `json:"loginDeptId"`