登录上线

2025-11-09 20:31:37 +08:00
parent e650a087ca
commit aba94c074a
35 changed files with 675 additions and 5919 deletions
--- a/accounts/es_client.py
+++ b/accounts/es_client.py
@@ -0,0 +1,38 @@
+import base64
+import hashlib
+
+
+def _salt_for_username(username: str) -> bytes:
+    return hashlib.sha256(username.encode('utf-8')).digest()
+
+
+def _derive_password(password_plain: str, salt: bytes) -> bytes:
+    return hashlib.pbkdf2_hmac('sha256', password_plain.encode('utf-8'), salt, 100_000, dklen=32)
+
+
+def get_user_by_username(username: str):
+    """
+    Placeholder for ES lookup. Returns fixed JSON for a demo user.
+    In production this should query ES with the given mapping.
+
+    Demo user:
+    - username: admin
+    - password: Password123! (stored as PBKDF2-derived secret only)
+    - user_id: 1
+    - premission: 0 (admin)
+    """
+    if username != 'admin':
+        return None
+
+    salt = _salt_for_username(username)
+    # Demo: derive and store secret from a known password for the placeholder
+    derived = _derive_password('Password123!', salt)
+    return {
+        'user_id': 1,
+        'username': 'admin',
+        # Store only the derived secret, not the plaintext password
+        'password': base64.b64encode(derived).decode('ascii'),
+        'premission': 0,
+        # Expose salt to the client during challenge so both sides derive consistently
+        'salt': base64.b64encode(salt).decode('ascii'),
+    }