feat: enhance user authentication with RSA key handling and encrypted data support

2025-12-26 01:33:05 +00:00 · 2025-09-18 18:42:55 +08:00 · 2025-09-18 18:42:55 +08:00 · 74c454532d
parent a0118ca397
commit 74c454532d
4 changed files with 17 additions and 4 deletions
--- a/apps/chat/serializers/chat_authentication.py
+++ b/apps/chat/serializers/chat_authentication.py
@ -20,6 +20,7 @@ from common.constants.authentication_type import AuthenticationType
 from common.constants.cache_version import Cache_Version
 from common.database_model_manage.database_model_manage import DatabaseModelManage
 from common.exception.app_exception import NotFound404, AppUnauthorizedFailed
+from common.utils.rsa_util import get_key_pair_by_sql


 class AnonymousAuthenticationSerializer(serializers.Serializer):
@ -82,7 +83,8 @@ class AuthProfileSerializer(serializers.Serializer):
                    'authentication_type': application_access_token.authentication_value.get(
                        'type', 'password'),
                    'max_attempts': max_attempts,
-                    'login_value': final_login_value
+                    'login_value': final_login_value,
+                    'rasKey' : get_key_pair_by_sql().get('key')
                }
        return profile

--- a/apps/common/forms/switch_field.py
+++ b/apps/common/forms/switch_field.py
@ -28,6 +28,6 @@ class SwitchField(BaseField):
        @param props_info:
        """

-        super().__init__('Switch', label, required, default_value, relation_show_field_dict,
+        super().__init__('SwitchInput', label, required, default_value, relation_show_field_dict,
                         {},
                         TriggerType.OPTION_LIST, attrs, props_info)
--- a/apps/system_manage/serializers/system.py
+++ b/apps/system_manage/serializers/system.py
@ -14,7 +14,9 @@ from django.core.cache import cache

 from common.constants.cache_version import Cache_Version
 from common.database_model_manage.database_model_manage import DatabaseModelManage
+from common.utils.rsa_util import get_key_pair_by_sql
 from maxkb import settings
+from system_manage.models import SystemSetting


 class SettingType(models.CharField):
@ -38,4 +40,5 @@ class SystemProfileSerializer(serializers.Serializer):
        version = os.environ.get('MAXKB_VERSION')
        license_is_valid = DatabaseModelManage.get_model('license_is_valid') or (lambda: False)
        return {'version': version, 'edition': settings.edition,
-                'license_is_valid': license_is_valid() if license_is_valid() is not None else False}
+                'license_is_valid': license_is_valid() if license_is_valid() is not None else False,
+                'ras': get_key_pair_by_sql().get('key')}
--- a/apps/users/serializers/login.py
+++ b/apps/users/serializers/login.py
@ -22,6 +22,7 @@ from common.constants.cache_version import Cache_Version
 from common.database_model_manage.database_model_manage import DatabaseModelManage
 from common.exception.app_exception import AppApiException
 from common.utils.common import password_encrypt, get_random_chars
+from common.utils.rsa_util import encrypt, decrypt
 from maxkb.const import CONFIG
 from users.models import User

@ -31,6 +32,9 @@ class LoginRequest(serializers.Serializer):
    password = serializers.CharField(required=True, max_length=128, label=_("Password"))
    captcha = serializers.CharField(required=False, max_length=64, label=_('captcha'), allow_null=True,
                                    allow_blank=True)
+    encryptedData = serializers.CharField(required=False, label=_('encryptedData'), allow_null=True,
+                                        allow_blank=True)
+


 system_version, system_get_key = Cache_Version.SYSTEM.value
@ -60,6 +64,10 @@ class LoginSerializer(serializers.Serializer):
    @staticmethod
    def login(instance):
        username = instance.get("username", "")
+        encryptedData = instance.get("encryptedData", "")
+        if encryptedData:
+            json_data = json.loads(decrypt(encryptedData))
+            instance.update(json_data)
        try:
            LoginRequest(data=instance).is_valid(raise_exception=True)
        except Exception as e:
@ -99,7 +107,7 @@ class LoginSerializer(serializers.Serializer):
            if captcha_cache is None or captcha.lower() != captcha_cache:
                raise AppApiException(1005, _("Captcha code error or expiration"))

-        user = QuerySet(User).filter(username=username, password=password).first()
+        user = QuerySet(User).filter(username=username, password=password_encrypt(password)).first()
        if user is None:
            record_login_fail(username)
            raise AppApiException(500, _('The username or password is incorrect'))