msksbr/bookMgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
00e2ea0700e642762f2330e68e798cf1998c769b
bookMgr/src/main/kotlin/com/msksbr/bookmgr/runner/InitUserRunner.kt
T
msksbr 00e2ea0700 fix(auth): harden login against timing-based user enumeration 
- Use constant-time comparison when user is not found to prevent
  user enumeration via response timing
- Remove debug logging that could expose sensitive data
- Add AspectJ weaver dependency for AOP support
2026-05-21 17:53:26 +08:00

78 lines
2.3 KiB
Kotlin
Raw Blame History

package com.msksbr.bookmgr.runner
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
import com.msksbr.bookmgr.entity.User
import com.msksbr.bookmgr.mapper.UserMapper
import com.msksbr.bookmgr.script.log
import org.springframework.boot.ApplicationArguments
import org.springframework.boot.ApplicationRunner
import org.springframework.security.crypto.password.PasswordEncoder
import org.springframework.stereotype.Component
import org.springframework.transaction.annotation.Transactional
@Component
class InitUserRunner(
val passwordEncoder: PasswordEncoder,
val userMapper: UserMapper,
) : ApplicationRunner {
// 添加注解,失败时可回滚
@Transactional
override fun run(args: ApplicationArguments) {
log.info("Starting default user initialization")
val existsAdmin = userMapper.selectOne(
QueryWrapper<User>()
.eq("username", "admin")
)
if (existsAdmin == null) {
log.info("Admin user not found, creating...")
insertAdmin()
}
val existsUser01 = userMapper.selectOne(
QueryWrapper<User>()
.eq("username", "user01")
)
if (existsUser01 == null) {
log.info("Common user01 not found, creating...")
insertUser01()
}
val existsUser02 = userMapper.selectOne(
QueryWrapper<User>()
.eq("username", "user02")
)
if (existsUser02 == null) {
log.info("Common user02 not found, creating...")
insertUser02()
}
log.info("Default user initialization completed")
}
fun insertAdmin() {
val user = User(
id = null,
username = "admin",
password = passwordEncoder.encode("admin")!!,
role = "admin"
)
userMapper.insert(user)
}
fun insertUser01() {
val user = User(
id = null,
username = "user01",
password = passwordEncoder.encode("user01")!!,
role = "user"
)
userMapper.insert(user)
}
fun insertUser02() {
val user = User(
id = null,
username = "user02",
password = passwordEncoder.encode("user02")!!,
role = "user"
)
userMapper.insert(user)
}
}
Reference in New Issue View Git Blame Copy Permalink