123

2026-01-15 10:36:58 +08:00 · 2026-01-15 10:36:54 +08:00
3 changed files with 169 additions and 0 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -0,0 +1,7 @@
+{
+  "permissions": {
+    "allow": [
+      "Edit"
+    ]
+  }
+}
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/cai/app/AuthAppController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/cai/app/AuthAppController.java
@@ -15,6 +15,7 @@ import com.ruoyi.cai.service.IpBlackService;
 import com.ruoyi.cai.service.IpRecordService;
 import com.ruoyi.cai.service.SmsVerifyService;
 import com.ruoyi.cai.service.UserService;
+import com.ruoyi.cai.util.PasswordUtil;
 import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.core.domain.R;
 import com.ruoyi.common.enums.BusinessType;
@@ -70,6 +71,10 @@ public class AuthAppController {
        if(!mobile){
            return R.fail(600,"请输入正确的手机格式");
        }
+        PasswordUtil.PasswordValidationResult result = PasswordUtil.validatePassword(caiUser.getPassword());
+        if(!result.isValid()){
+            return R.fail(600,result.getErrorMessage());
+        }
        String token = caiLoginManager.register(caiUser);
        LoginVo vo = new LoginVo();
        vo.setToken(token);
--- a/ruoyi-cai/src/main/java/com/ruoyi/cai/util/PasswordUtil.java
+++ b/ruoyi-cai/src/main/java/com/ruoyi/cai/util/PasswordUtil.java
@@ -0,0 +1,157 @@
+package com.ruoyi.cai.util;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+/**
+ * 密码安全校验工具类
+ *
+ * @author 77
+ * @date 2025-01-15
+ */
+public class PasswordUtil {
+
+    /**
+     * 密码最小长度
+     */
+    private static final int MIN_PASSWORD_LENGTH = 8;
+
+    /**
+     * 常见弱密码列表
+     */
+    private static final Set<String> COMMON_WEAK_PASSWORDS = new HashSet<>(Arrays.asList(
+            "123456",
+            "12345678",
+            "123456789",
+            "password",
+            "qwerty",
+            "12345",
+            "1234567",
+            "1234567890",
+            "111111",
+            "000000",
+            "888888",
+            "666666",
+            "A123456",
+            "a123456",
+            "123456a",
+            "123456A",
+            "123456ab",
+            "123456AB",
+            "Password123",
+            "password123",
+            "Qwerty123",
+            "qwerty123",
+            "Admin123",
+            "admin123",
+            "Abc123456",
+            "abc123456"
+    ));
+
+    /**
+     * 字母正则表达式（包含大小写）
+     */
+    private static final Pattern LETTER_PATTERN = Pattern.compile("[a-zA-Z]");
+
+    /**
+     * 数字正则表达式
+     */
+    private static final Pattern DIGIT_PATTERN = Pattern.compile("[0-9]");
+
+    /**
+     * 校验密码安全性
+     *
+     * @param password 用户输入的密码
+     * @return 校验结果对象
+     */
+    public static PasswordValidationResult validatePassword(String password) {
+        PasswordValidationResult result = new PasswordValidationResult();
+
+        // 1. 检查是否为空
+        if (password == null || password.isEmpty()) {
+            result.setValid(false);
+            result.setErrorMessage("密码不能为空");
+            return result;
+        }
+
+        // 2. 检查长度
+        if (password.length() < MIN_PASSWORD_LENGTH) {
+            result.setValid(false);
+            result.setErrorMessage("密码长度不能少于" + MIN_PASSWORD_LENGTH + "位");
+            return result;
+        }
+
+        // 3. 检查是否包含字母
+        if (!LETTER_PATTERN.matcher(password).find()) {
+            result.setValid(false);
+            result.setErrorMessage("密码必须包含字母");
+            return result;
+        }
+
+        // 4. 检查是否包含数字
+        if (!DIGIT_PATTERN.matcher(password).find()) {
+            result.setValid(false);
+            result.setErrorMessage("密码必须包含数字");
+            return result;
+        }
+
+        // 5. 检查是否为常见弱密码
+        String lowerCasePassword = password.toLowerCase();
+        for (String weakPassword : COMMON_WEAK_PASSWORDS) {
+            if (lowerCasePassword.equals(weakPassword.toLowerCase())) {
+                result.setValid(false);
+                result.setErrorMessage("密码过于简单，请使用更复杂的密码");
+                return result;
+            }
+        }
+
+        // 校验通过
+        result.setValid(true);
+        result.setErrorMessage(null);
+        return result;
+    }
+
+    /**
+     * 快速校验密码（仅返回boolean，不提供详细错误信息）
+     *
+     * @param password 用户输入的密码
+     * @return true-密码安全，false-密码不安全
+     */
+    public static boolean isPasswordValid(String password) {
+        return validatePassword(password).isValid();
+    }
+
+    /**
+     * 密码校验结果内部类
+     */
+    public static class PasswordValidationResult {
+        /**
+         * 是否校验通过
+         */
+        private boolean valid;
+
+        /**
+         * 错误信息（校验失败时有值，校验成功时为null）
+         */
+        private String errorMessage;
+
+        public boolean isValid() {
+            return valid;
+        }
+
+        public void setValid(boolean valid) {
+            this.valid = valid;
+        }
+
+        public String getErrorMessage() {
+            return errorMessage;
+        }
+
+        public void setErrorMessage(String errorMessage) {
+            this.errorMessage = errorMessage;
+        }
+    }
+}
Author	SHA1	Message	Date
777	be17f5ca1d	123	2026-01-15 10:36:58 +08:00
777	44d5ca6ee7	123	2026-01-15 10:36:54 +08:00