🔒 密码加密由 BCrypt 修改为 MD5

src/main/java/im/zhaojun/common/controller/InstallController.java

@@ -1,5 +1,6 @@
 package im.zhaojun.common.controller;
 
+import cn.hutool.crypto.SecureUtil;
 import im.zhaojun.common.model.StorageConfig;
 import im.zhaojun.common.model.dto.InstallModelDTO;
 import im.zhaojun.common.model.dto.ResultBean;
@@ -8,7 +9,6 @@ import im.zhaojun.common.model.enums.StorageTypeEnum;
 import im.zhaojun.common.service.FileService;
 import im.zhaojun.common.service.StorageConfigService;
 import im.zhaojun.common.service.SystemConfigService;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -58,7 +58,7 @@ public class InstallController {
         StorageTypeEnum storageTypeEnum = installModelDTO.getStorageStrategy();
         systemConfigDTO.setStorageStrategy(storageTypeEnum);
         systemConfigDTO.setUsername(installModelDTO.getUsername());
-        systemConfigDTO.setPassword(new BCryptPasswordEncoder().encode(installModelDTO.getPassword()));
+        systemConfigDTO.setPassword(SecureUtil.md5(installModelDTO.getPassword()));
         systemConfigDTO.setDomain(installModelDTO.getDomain());
         systemConfigService.updateSystemConfig(systemConfigDTO);
 

src/main/java/im/zhaojun/common/security/MD5PasswordEncoder.java

@@ -0,0 +1,17 @@
+package im.zhaojun.common.security;
+
+import cn.hutool.crypto.SecureUtil;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+public class MD5PasswordEncoder implements PasswordEncoder {
+
+    @Override
+    public String encode(CharSequence rawPassword) {
+        return SecureUtil.md5(rawPassword.toString());
+    }
+
+    @Override
+    public boolean matches(CharSequence rawPassword, String encodedPassword) {
+        return SecureUtil.md5(rawPassword.toString()).equals(encodedPassword);
+    }
+}

src/main/java/im/zhaojun/common/security/MySecurityConfig.java

@@ -11,7 +11,6 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 import javax.annotation.Resource;
@@ -116,7 +115,7 @@ public class MySecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Bean
     public static PasswordEncoder passwordEncoder() {
-        return new BCryptPasswordEncoder();
+        return new MD5PasswordEncoder();
     }
 
 }

src/main/java/im/zhaojun/common/service/SystemConfigService.java

@@ -1,5 +1,6 @@
 package im.zhaojun.common.service;
 
+import cn.hutool.crypto.SecureUtil;
 import im.zhaojun.common.config.StorageTypeFactory;
 import im.zhaojun.common.model.SystemConfig;
 import im.zhaojun.common.model.constant.SystemConfigConstant;
@@ -105,7 +106,7 @@ public class SystemConfigService {
         usernameConfig.setValue(username);
         systemConfigRepository.save(usernameConfig);
 
-        password = new BCryptPasswordEncoder().encode(password);
+        password = SecureUtil.md5(password);;
         SystemConfig systemConfig = systemConfigRepository.findByKey(SystemConfigConstant.PASSWORD);
         systemConfig.setValue(password);