From 74c454532d9312f178c42aad9478349b63143856 Mon Sep 17 00:00:00 2001
From: wxg0103 <727495428@qq.com>
Date: Thu, 18 Sep 2025 18:42:55 +0800
Subject: [PATCH] feat: enhance user authentication with RSA key handling and
 encrypted data support

---
 apps/chat/serializers/chat_authentication.py |  4 +++-
 apps/common/forms/switch_field.py            |  2 +-
 apps/system_manage/serializers/system.py     |  5 ++++-
 apps/users/serializers/login.py              | 10 +++++++++-
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/apps/chat/serializers/chat_authentication.py b/apps/chat/serializers/chat_authentication.py
index 4291337e2..960c1e1e7 100644
--- a/apps/chat/serializers/chat_authentication.py
+++ b/apps/chat/serializers/chat_authentication.py
@@ -20,6 +20,7 @@ from common.constants.authentication_type import AuthenticationType
 from common.constants.cache_version import Cache_Version
 from common.database_model_manage.database_model_manage import DatabaseModelManage
 from common.exception.app_exception import NotFound404, AppUnauthorizedFailed
+from common.utils.rsa_util import get_key_pair_by_sql
 
 
 class AnonymousAuthenticationSerializer(serializers.Serializer):
@@ -82,7 +83,8 @@ class AuthProfileSerializer(serializers.Serializer):
                     'authentication_type': application_access_token.authentication_value.get(
                         'type', 'password'),
                     'max_attempts': max_attempts,
-                    'login_value': final_login_value
+                    'login_value': final_login_value,
+                    'rasKey' : get_key_pair_by_sql().get('key')
                 }
         return profile
 
diff --git a/apps/common/forms/switch_field.py b/apps/common/forms/switch_field.py
index 9fa176bee..ea119c3ec 100644
--- a/apps/common/forms/switch_field.py
+++ b/apps/common/forms/switch_field.py
@@ -28,6 +28,6 @@ class SwitchField(BaseField):
         @param props_info:
         """
 
-        super().__init__('Switch', label, required, default_value, relation_show_field_dict,
+        super().__init__('SwitchInput', label, required, default_value, relation_show_field_dict,
                          {},
                          TriggerType.OPTION_LIST, attrs, props_info)
diff --git a/apps/system_manage/serializers/system.py b/apps/system_manage/serializers/system.py
index 61536edd1..56a21bccd 100644
--- a/apps/system_manage/serializers/system.py
+++ b/apps/system_manage/serializers/system.py
@@ -14,7 +14,9 @@ from django.core.cache import cache
 
 from common.constants.cache_version import Cache_Version
 from common.database_model_manage.database_model_manage import DatabaseModelManage
+from common.utils.rsa_util import get_key_pair_by_sql
 from maxkb import settings
+from system_manage.models import SystemSetting
 
 
 class SettingType(models.CharField):
@@ -38,4 +40,5 @@ class SystemProfileSerializer(serializers.Serializer):
         version = os.environ.get('MAXKB_VERSION')
         license_is_valid = DatabaseModelManage.get_model('license_is_valid') or (lambda: False)
         return {'version': version, 'edition': settings.edition,
-                'license_is_valid': license_is_valid() if license_is_valid() is not None else False}
+                'license_is_valid': license_is_valid() if license_is_valid() is not None else False,
+                'ras': get_key_pair_by_sql().get('key')}
diff --git a/apps/users/serializers/login.py b/apps/users/serializers/login.py
index 5099469be..ab5a46ab9 100644
--- a/apps/users/serializers/login.py
+++ b/apps/users/serializers/login.py
@@ -22,6 +22,7 @@ from common.constants.cache_version import Cache_Version
 from common.database_model_manage.database_model_manage import DatabaseModelManage
 from common.exception.app_exception import AppApiException
 from common.utils.common import password_encrypt, get_random_chars
+from common.utils.rsa_util import encrypt, decrypt
 from maxkb.const import CONFIG
 from users.models import User
 
@@ -31,6 +32,9 @@ class LoginRequest(serializers.Serializer):
     password = serializers.CharField(required=True, max_length=128, label=_("Password"))
     captcha = serializers.CharField(required=False, max_length=64, label=_('captcha'), allow_null=True,
                                     allow_blank=True)
+    encryptedData = serializers.CharField(required=False, label=_('encryptedData'), allow_null=True,
+                                        allow_blank=True)
+
 
 
 system_version, system_get_key = Cache_Version.SYSTEM.value
@@ -60,6 +64,10 @@ class LoginSerializer(serializers.Serializer):
     @staticmethod
     def login(instance):
         username = instance.get("username", "")
+        encryptedData = instance.get("encryptedData", "")
+        if encryptedData:
+            json_data = json.loads(decrypt(encryptedData))
+            instance.update(json_data)
         try:
             LoginRequest(data=instance).is_valid(raise_exception=True)
         except Exception as e:
@@ -99,7 +107,7 @@ class LoginSerializer(serializers.Serializer):
             if captcha_cache is None or captcha.lower() != captcha_cache:
                 raise AppApiException(1005, _("Captcha code error or expiration"))
 
-        user = QuerySet(User).filter(username=username, password=password).first()
+        user = QuerySet(User).filter(username=username, password=password_encrypt(password)).first()
         if user is None:
             record_login_fail(username)
             raise AppApiException(500, _('The username or password is incorrect'))