账号密码加密；加密传输python部分

@@ -4,20 +4,40 @@ import os
 from flask_sqlalchemy import SQLAlchemy
 import glob
 import traceback
-from pyDes import des,PAD_PKCS5,ECB
+from pyDes import des, PAD_PKCS5, ECB
 
 import base64
+from gmssl import sm3, func, sm2
+
+
+class SM3():
+    @classmethod
+    def encode(self, data=""):
+        by_str = bytes(data, 'utf-8')
+        result = (sm3.sm3_hash(func.bytes_to_list(by_str)))
+        return result
+
+
+class SM2():
+    privatekey = "EOpBYj1pH54b8BsAlkON71Q2c2FXEm+VTPNCgxz4+gVZ2C/pF/Bv152Qj3QH7cBRCUlNeO5SkI02DcwTASmVwESzR4F9IbMvUNxkDngINdcwaSWCTaaRTstNd4FIlJ0CqhDl/TPHFuBoRNBgUDfPJFfl7XYHs4VmOcrp02aXv8Q="
+    publickey = "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEsENe/8Sft6rK0h59t2a/6Pf4nzvxvJzc1SzalZe1xSDtUqW/10E/e+RjRbvykyjKzu3vAY1lwv9aU2Tnp6+isw=="
+    sm2_crypt = sm2.CryptSM2(public_key=publickey, private_key=privatekey)
+
+    def decode(self, ciphertxt):
+        return self.sm2_crypt.decrypt(ciphertxt)
+
+
 class DES():
     '''
     DES密码加解密
     '''
-    Des: des = des("Chinadci", ECB, "\0\0\0\0\0\0\0\0", pad=None, padmode=PAD_PKCS5)
+    Des: des = des("Chinadci", ECB, "\0\0\0\0\0\0\0\0",
+                   pad=None, padmode=PAD_PKCS5)
 
     @classmethod
     def encode(cls, data):
         return str(base64.b64encode(cls.Des.encrypt(data)), encoding="utf8")
 
-
     @classmethod
     def decode(cls, data):
         if data:
@@ -26,6 +46,7 @@ class DES():
         else:
             return data
 
+
 db = SQLAlchemy()
 
 # 动态加载Model
@@ -33,13 +54,14 @@ current_dir = os.path.abspath(os.path.dirname(__file__))
 pkgs = list(glob.glob('%s/modules/*/models' % (current_dir)))
 pkgs.extend(list(glob.glob('%s/modules/*/*/models' % (current_dir))))
 
-for pkg in pkgs :
+for pkg in pkgs:
     pkg = os.path.normpath(pkg)
     node_list = pkg.split(os.path.sep)
-    pkg_name = "app.{}".format(".".join(node_list[node_list.index("modules"):]))
+    pkg_name = "app.{}".format(
+        ".".join(node_list[node_list.index("modules"):]))
     try:
         if pkg_name.__contains__("models"):
             __import__(pkg_name)
     except Exception as e:
         print(traceback.format_exc())
-        pass
\ No newline at end of file
+        pass

@@ -4,7 +4,6 @@ from flasgger import swag_from
 from app.util import BlueprintApi
 from app.util import BlueprintApi
 from flask import Blueprint, render_template, redirect, request, session, jsonify
-from sqlalchemy import and_
 from .models import *
 from .oauth2 import authorization, generate_user_info,require_oauth
 from authlib.oauth2 import OAuth2Error
@@ -13,6 +12,7 @@ from . import user_create, client_create, client_query, user_query, user_update,
 import configure
 from app.decorators.auth_decorator import auth_decorator
 import time
+from app.models import SM3
 
 def current_user():
     if "id" in session:
@@ -54,7 +54,7 @@ class DataManager(BlueprintApi):
                 error = "密码不可为空"
             else:
                 username = request.form.get("username")
-                password = request.form.get("password")
+                password = SM3.encode(request.form.get("password"))
                 user = User.query.filter_by(
                     username=username, password=password).first()
                 if not user:

@@ -6,6 +6,7 @@
 from .models import *
 from app.util.component.ApiTemplate import ApiTemplate
 import time
+from app.models import SM3
 
 
 class Api(ApiTemplate):
@@ -27,7 +28,7 @@ class Api(ApiTemplate):
         try:
             # 业务逻辑
             username = self.para.get("username")
-            password = self.para.get("pwd")
+            password = SM3.encode(self.para.get("pwd"))
             role = self.para.get("role")
             company = self.para.get("company", None)
             position = self.para.get("position", None)

 from app.util.component.ApiTemplate import ApiTemplate
-import time
+from app.models import SM3
 from .models import *
 
 
@@ -25,10 +25,10 @@ class Api(ApiTemplate):
             else:
                 # 更新密码要求同时输入pwd/newPwd/reNewPwd
                 if self.para.__contains__("pwd") or self.para.__contains__("newPwd") or self.para.__contains__("reNewPwd"):
-                    password = self.para.get("pwd")
-                    new_password = self.para.get("newPwd")
-                    re_new_password = self.para.get("reNewPwd")
-                    
+                    password = SM3.encode(self.para.get("pwd"))
+                    new_password = SM3.encode(self.para.get("newPwd"))
+                    re_new_password = SM3.encode(self.para.get("reNewPwd"))
+
                     # validate pwd
                     if not password:
                         res["result"] = False
@@ -42,17 +42,17 @@ class Api(ApiTemplate):
                         res["result"] = False
                         res["msg"] = "原密码输入错误"
                         return res
-                    
+
                     # 更新密码
                     userinfo.update({"password": new_password})
-                    
-                #更新用户基本信息
+
+                # 更新用户基本信息
                 for key in obj_value:
                     if self.para.__contains__(obj_value[key]):
                         value = self.para.get(obj_value[key])
                         value = "" if value == "None" or value == "none" else value
                         userinfo.update({key: value})
-                        
+
                 db.session.commit()
                 res["result"] = True
                 res["msg"] = "更新用户信息成功"

@@ -4,8 +4,8 @@ import logging
 deploy_ip_host = "172.26.40.105:8840"
 # 系统数据库
 
-SQLALCHEMY_DATABASE_URI = "postgresql://postgres:chinadci@172.26.60.100:5432/dmap_manager_test"
-# SQLALCHEMY_DATABASE_URI = "postgresql://postgres:postgres@localhost:5433/dmap_dms_test1"
+# SQLALCHEMY_DATABASE_URI = "postgresql://postgres:chinadci@172.26.60.100:5432/dmap_manager_test"
+SQLALCHEMY_DATABASE_URI = "postgresql://postgres:postgres@localhost:5433/dmap_dms_test1"
 
 # 指定精华表所在位置(必须为空间库)，设置为None则存放在各自的实体库中
 #VACUATE_DB_URI = None

-## https://swagger.io/docs/specification/2-0/what-is-swagger/
-## 1 需求：api需要授权
-Swagger(app, config=swagger_config,template=SWAGGER_TEMPLATE)的template中 
-### 确定当前使用swagger的标准
-确定当前使用openapi2版本，需要查阅openapi2的文档
-### 了解简单YAML使用方式
-### 配置
\ No newline at end of file
+# 权限控制
+## 1 接口权限控制
+[swagger](https://swagger.io/docs/specification/2-0/what-is-swagger/)
+
+**需求：api需要授权**
+
+1.确定当前使用openapi2版本
+2.了解简单YAML使用方式，文档使用YAML格式
+3.声明Swagger，传入配置template（json或者yaml）
+```python
+Swagger(app, config=swagger_config,template=SWAGGER_TEMPLATE)
+```
+
+## 2 用户密码加密
+[pipy](https://pypi.org/project/gmssl/)
+[github](https://github.com/guanzhi/GmSSL)
+[使用gmssl demo](https://www.cnblogs.com/rocedu/p/15518988.html)
+
+**用户密码加密不可逆，兼容国产化，使用sm3算法，采用gmssl开源组件**
+
+封装好的类使用如下：
+```python
+from app.models import SM3
+password = SM3.encode('test')
+```
+## 3 通过http传输的敏感信息要加密
+1. 使用sm2
+通过gmssl工具生成sm2的公钥、私钥。[教程](https://github.com/guanzhi/GmSSL)
+
+privatekey使用的pem是`zhou@123`
+
+```shell
+gmssl sm2 -genkey -out skey.pem
+gmssl sm2 -pubout -in skey.pem -out vkey.pem
+```
+
+2. 使用公钥加密，私钥解密
+```python
+privatekey="EOpBYj1pH54b8BsAlkON71Q2c2FXEm+VTPNCgxz4+gVZ2C/pF/Bv152Qj3QH7cBRCUlNeO5SkI02DcwTASmVwESzR4F9IbMvUNxkDngINdcwaSWCTaaRTstNd4FIlJ0CqhDl/TPHFuBoRNBgUDfPJFfl7XYHs4VmOcrp02aXv8Q="
+publickey="MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEsENe/8Sft6rK0h59t2a/6Pf4nzvxvJzc1SzalZe1xSDtUqW/10E/e+RjRbvykyjKzu3vAY1lwv9aU2Tnp6+isw=="
+```
\ No newline at end of file

@@ -20,4 +20,4 @@ kazoo==2.8.0
 paramiko==2.8.0
 requests==2.26.0
 schedule==1.1.0
-
+gmssl==3.2.1
\ No newline at end of file