修改登录逻辑，使用RSA-OAEP 包裹每会话独立 AES-GCM 密钥 + 加密提交凭据

elastic/es_connect.py

@@ -6,6 +6,7 @@ from elasticsearch import Elasticsearch
 from elasticsearch_dsl import connections
 import os
 from .documents import AchievementDocument, UserDocument, GlobalDocument
+from accounts.crypto import hash_password_random_salt
 from .indexes import ACHIEVEMENT_INDEX_NAME, USER_INDEX_NAME, GLOBAL_INDEX_NAME
 import hashlib
 import time
@@ -63,10 +64,12 @@ def create_index_with_mapping():
 
         # --- 4. 创建默认管理员用户（可选：也可检查用户是否已存在）---
         # 这里简单处理：每次初始化都写入（可能重复），建议加唯一性判断
+        _salt_b64, _hash_b64 = hash_password_random_salt("admin")
         admin_user = {
             "user_id": 0,
             "username": "admin",
-            "password": "admin",  # ⚠️ 生产环境务必加密！
+            "password_hash": _hash_b64,
+            "password_salt": _salt_b64,
             "permission": 0
         }
         # 可选：检查 admin 是否已存在（根据 user_id 或 username）
@@ -513,10 +516,17 @@ def write_user_data(user_data):
             perm_val = int(user_data.get('permission', 1))
         except Exception:
             perm_val = 1
+        pwd = str(user_data.get('password') or '').strip()
+        pwd_hash_b64 = user_data.get('password_hash')
+        pwd_salt_b64 = user_data.get('password_salt')
+        if pwd:
+            salt_b64, hash_b64 = hash_password_random_salt(pwd)
+            pwd_hash_b64, pwd_salt_b64 = hash_b64, salt_b64
         user = UserDocument(
             user_id=user_data.get('user_id'),
             username=user_data.get('username'),
-            password=user_data.get('password'),
+            password_hash=pwd_hash_b64,
+            password_salt=pwd_salt_b64,
             permission=perm_val
         )
         user.save()
@@ -535,11 +545,10 @@ def get_user_by_id(user_id):
         if response.hits:
             hit = response.hits[0]
             return {
-            "user_id": hit.user_id,
-            "username": hit.username,
-            "password": hit.password,
-            "permission": hit.permission
-        }
+                "user_id": hit.user_id,
+                "username": hit.username,
+                "permission": hit.permission
+            }
         return None
 
     except Exception as e:
@@ -566,7 +575,8 @@ def get_user_by_username(username):
             return {
                 "user_id": hit.user_id,
                 "username": hit.username,
-                "password": hit.password,
+                "password_hash": getattr(hit, 'password_hash', None),
+                "password_salt": getattr(hit, 'password_salt', None),
                 "permission": int(hit.permission)
             }
         return None
@@ -639,7 +649,9 @@ def update_user_by_id(user_id, username=None, permission=None, password=None):
             if permission is not None:
                 doc.permission = int(permission)
             if password is not None:
-                doc.password = password
+                salt_b64, hash_b64 = hash_password_random_salt(str(password))
+                doc.password_hash = hash_b64
+                doc.password_salt = salt_b64
             doc.save()
             return True
         return False