From be17f5ca1d486e0e899663c29d2e94d184cdadf8 Mon Sep 17 00:00:00 2001 From: 777 <123@qwe.com> Date: Thu, 15 Jan 2026 10:36:58 +0800 Subject: [PATCH] 123 --- .claude/settings.local.json | 7 + .../java/com/ruoyi/cai/util/PasswordUtil.java | 157 ++++++++++++++++++ 2 files changed, 164 insertions(+) create mode 100644 .claude/settings.local.json create mode 100644 ruoyi-cai/src/main/java/com/ruoyi/cai/util/PasswordUtil.java diff --git a/.claude/settings.local.json b/.claude/settings.local.json new file mode 100644 index 00000000..9b7f38cd --- /dev/null +++ b/.claude/settings.local.json @@ -0,0 +1,7 @@ +{ + "permissions": { + "allow": [ + "Edit" + ] + } +} \ No newline at end of file diff --git a/ruoyi-cai/src/main/java/com/ruoyi/cai/util/PasswordUtil.java b/ruoyi-cai/src/main/java/com/ruoyi/cai/util/PasswordUtil.java new file mode 100644 index 00000000..f556a4f5 --- /dev/null +++ b/ruoyi-cai/src/main/java/com/ruoyi/cai/util/PasswordUtil.java @@ -0,0 +1,157 @@ +package com.ruoyi.cai.util; + +import java.util.Arrays; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import java.util.regex.Pattern; + +/** + * 密码安全校验工具类 + * + * @author 77 + * @date 2025-01-15 + */ +public class PasswordUtil { + + /** + * 密码最小长度 + */ + private static final int MIN_PASSWORD_LENGTH = 8; + + /** + * 常见弱密码列表 + */ + private static final Set COMMON_WEAK_PASSWORDS = new HashSet<>(Arrays.asList( + "123456", + "12345678", + "123456789", + "password", + "qwerty", + "12345", + "1234567", + "1234567890", + "111111", + "000000", + "888888", + "666666", + "A123456", + "a123456", + "123456a", + "123456A", + "123456ab", + "123456AB", + "Password123", + "password123", + "Qwerty123", + "qwerty123", + "Admin123", + "admin123", + "Abc123456", + "abc123456" + )); + + /** + * 字母正则表达式(包含大小写) + */ + private static final Pattern LETTER_PATTERN = Pattern.compile("[a-zA-Z]"); + + /** + * 数字正则表达式 + */ + private static final Pattern DIGIT_PATTERN = Pattern.compile("[0-9]"); + + /** + * 校验密码安全性 + * + * @param password 用户输入的密码 + * @return 校验结果对象 + */ + public static PasswordValidationResult validatePassword(String password) { + PasswordValidationResult result = new PasswordValidationResult(); + + // 1. 检查是否为空 + if (password == null || password.isEmpty()) { + result.setValid(false); + result.setErrorMessage("密码不能为空"); + return result; + } + + // 2. 检查长度 + if (password.length() < MIN_PASSWORD_LENGTH) { + result.setValid(false); + result.setErrorMessage("密码长度不能少于" + MIN_PASSWORD_LENGTH + "位"); + return result; + } + + // 3. 检查是否包含字母 + if (!LETTER_PATTERN.matcher(password).find()) { + result.setValid(false); + result.setErrorMessage("密码必须包含字母"); + return result; + } + + // 4. 检查是否包含数字 + if (!DIGIT_PATTERN.matcher(password).find()) { + result.setValid(false); + result.setErrorMessage("密码必须包含数字"); + return result; + } + + // 5. 检查是否为常见弱密码 + String lowerCasePassword = password.toLowerCase(); + for (String weakPassword : COMMON_WEAK_PASSWORDS) { + if (lowerCasePassword.equals(weakPassword.toLowerCase())) { + result.setValid(false); + result.setErrorMessage("密码过于简单,请使用更复杂的密码"); + return result; + } + } + + // 校验通过 + result.setValid(true); + result.setErrorMessage(null); + return result; + } + + /** + * 快速校验密码(仅返回boolean,不提供详细错误信息) + * + * @param password 用户输入的密码 + * @return true-密码安全,false-密码不安全 + */ + public static boolean isPasswordValid(String password) { + return validatePassword(password).isValid(); + } + + /** + * 密码校验结果内部类 + */ + public static class PasswordValidationResult { + /** + * 是否校验通过 + */ + private boolean valid; + + /** + * 错误信息(校验失败时有值,校验成功时为null) + */ + private String errorMessage; + + public boolean isValid() { + return valid; + } + + public void setValid(boolean valid) { + this.valid = valid; + } + + public String getErrorMessage() { + return errorMessage; + } + + public void setErrorMessage(String errorMessage) { + this.errorMessage = errorMessage; + } + } +}