From 30999e1de46e9ae532cd2d68c5e03dab1245ed83 Mon Sep 17 00:00:00 2001 From: Viajero-tect <2737079298@qq.com> Date: Thu, 13 Nov 2025 17:06:01 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E2=80=9C=E6=95=B0=E6=8D=AE?= =?UTF-8?q?=E7=BC=96=E8=BE=91=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- accounts/es_client.py | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/accounts/es_client.py b/accounts/es_client.py index 930cca7..50f7c6f 100644 --- a/accounts/es_client.py +++ b/accounts/es_client.py @@ -5,30 +5,25 @@ from .crypto import salt_for_username, derive_password def get_user_by_username(username: str): """ - 从Elasticsearch获取用户数据 + 从Elasticsearch获取用户数据;若不存在则回退到内置admin。 + 期望ES中存储的是明文密码,登录时按用户名盐派生后对nonce做HMAC验证。 """ - # 首先尝试从ES获取用户数据 - # es_user = es_get_user_by_username(username) - # if es_user: - # salt = salt_for_username(username) - # derived = derive_password(es_user.get('password', ''), salt) - # # 如果ES中有用户数据,使用ES中的密码 - # return { - # 'user_id': es_user.get('user_id', 0), - # 'username': es_user.get('username', ''), - # 'password': base64.b64encode(derived).decode('ascii'), - # 'permission': es_user.get('permission', 1), - # } + es_user = es_get_user_by_username(username) + if es_user: + salt = salt_for_username(username) + derived = derive_password(es_user.get('password', ''), salt) + return { + 'user_id': es_user.get('user_id', 0), + 'username': es_user.get('username', ''), + 'password': base64.b64encode(derived).decode('ascii'), + 'permission': es_user.get('permission', 1), + } + salt = salt_for_username('admin') derived = derive_password('admin', salt) - return { 'user_id': 0, 'username': 'admin', 'password': base64.b64encode(derived).decode('ascii'), 'permission': 0, - } - - - - return None \ No newline at end of file + } \ No newline at end of file