fix(auth): harden password verification against timing attacks

- Run dummy hash when user is not found to prevent timing-based enumeration - Extract and log real client IP on login requests - Remove unused test files - Reorder application config for clarity
2026-05-21 02:39:06 +08:00
parent 2cf3806298
commit 3937224341
7 changed files with 52 additions and 94 deletions
@@ -1,6 +1,4 @@
 spring:
-  profiles:
-    active: dev
  application:
    name: bookMgr
  datasource:
@@ -17,4 +15,9 @@ spring:
 mybatis-plus:
  configuration:
    # 开启驼峰命名法
-    map-underscore-to-camel-case: true
+    map-underscore-to-camel-case: true
+    # 开启日志输出sql语句
+    # log-impl: org.apache.ibatis.logging.commons.JakartaCommonsLoggingImpl
+# logging:
+#   level:
+#     com.msksbr.bookmgr: "DEBUG"