fix: fix srun md5 logic

reference to #31
2024-03-23 16:51:53 +08:00
parent 575aad904a
commit 99b43d403c
2 changed files with 13 additions and 6 deletions
--- a/pkg/srun/encode.go
+++ b/pkg/srun/encode.go
@@ -1,17 +1,21 @@
 package srun

 import (
+	"crypto/hmac"
 	"crypto/md5"
 	"crypto/sha1"
+	"encoding/hex"
 	"fmt"
-	"io"
 )

 // Md5 编码
-func Md5(content string) string {
-	w := md5.New()
-	_, _ = io.WriteString(w, content)
-	return fmt.Sprintf("%x", w.Sum(nil))
+func Md5(token, password string) (string, error) {
+	mac := hmac.New(md5.New, []byte(token))
+	_, err := mac.Write([]byte(password))
+	if err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(mac.Sum(nil)), nil
 }

 // Sha1 编码
--- a/pkg/srun/srun.go
+++ b/pkg/srun/srun.go
@@ -96,7 +96,10 @@ func (c Srun) DoLogin(clientIP string) error {
 		infoPrefix = fmt.Sprintf("{%s}", c.LoginInfo.Meta.InfoPrefix)
 	}
 	EncryptedInfo := infoPrefix + Base64(XEncode(string(info), tokenStr))
-	Md5Str := Md5(tokenStr)
+	Md5Str, err := Md5(tokenStr, c.LoginInfo.Form.Password)
+	if err != nil {
+		return err
+	}
 	EncryptedMd5 := "{MD5}" + Md5Str
 	EncryptedChkstr := Sha1(
 		tokenStr + c.LoginInfo.Form.Username + tokenStr + Md5Str +