密码明文保存

https://github.com/leanote/desktop-app/issues/63

node_modules/api.js

@@ -103,7 +103,7 @@ var Api = {
 			// console.log('login ret');
 			// console.log(ret);
 			if(Common.isOk(ret)) {
-				ret.Pwd = pwd;
+				ret.Pwd = Common.md5(pwd, ret.UserId);
 				ret['Host'] = Evt.leanoteUrl;
 				User.setCurUser(ret);
 				callback && callback(ret);
@@ -113,45 +113,10 @@ var Api = {
 			}
 		});
 	},
-	post: function() {
+
-		var me = this;
+
-		var options = {
+
-			headers: { 'X-Custom-Header': 'Bumbaway atuna' }
+
-		}
-		// you can pass params as a string or as an object.
-		needle.post(me.getUrl('auth/login'), 'foo=bar', options, function(err, resp) {
-			var ret = resp.body;
-			log(ret);
-		});	
-	},
-	// get图片
-	getImageTest: function(callback) {
-		needle.get('http://localhost:9000/images/logo.png', function(err, resp) {
-			// log(resp.body);
-			/*
-			{ 'accept-ranges': 'bytes',
-			  'content-disposition': 'inline; filename="logo.png"',
-			  'content-length': '8583',
-			  'content-type': 'image/png',
-			  date: 'Mon, 19 Jan 2015 15:01:47 GMT',
-  			*/
-			// log(resp.headers);
-			fs.writeFile('/Users/life/Desktop/aa.png', resp.body);
-		});
-	},
-	// 测试
-	uploadImage: function() {
-		var data = {
-			foo: 'bar',
-			cc: [1,2,3,3],
-			dd: {name: 'life', age: 18},
-			image: { file: '/Users/life/Desktop/imageplus.png', content_type: 'image/png' }
-		}
-		needle.post('http://localhost/phpinfo.php', data, { multipart: true }, function(err, resp, body) {
-			// needle will read the file and include it in the form-data as binary
-			console.log(resp.body);
-		});
-	},
 	getSyncNotebooks: function(afterUsn, maxEntry, callback) {
 		var me = this;
 		var url = this.getUrl('notebook/getSyncNotebooks', {afterUsn: afterUsn, maxEntry: maxEntry});
@@ -749,10 +714,53 @@ var Api = {
 		});
 	},
 
+	//---------------
+	// just for fun
+
 	test: function() {
 		log("??");
 		Note = require('note');
 		log(Note);
+	},
+
+	post: function() {
+		var me = this;
+		var options = {
+			headers: { 'X-Custom-Header': 'Bumbaway atuna' }
+		}
+		// you can pass params as a string or as an object.
+		needle.post(me.getUrl('auth/login'), 'foo=bar', options, function(err, resp) {
+			var ret = resp.body;
+			log(ret);
+		});	
+	},
+	// get图片
+	getImageTest: function(callback) {
+		needle.get('http://localhost:9000/images/logo.png', function(err, resp) {
+			// log(resp.body);
+			/*
+			{ 'accept-ranges': 'bytes',
+			  'content-disposition': 'inline; filename="logo.png"',
+			  'content-length': '8583',
+			  'content-type': 'image/png',
+			  date: 'Mon, 19 Jan 2015 15:01:47 GMT',
+  			*/
+			// log(resp.headers);
+			fs.writeFile('/Users/life/Desktop/aa.png', resp.body);
+		});
+	},
+	// 测试
+	uploadImage: function() {
+		var data = {
+			foo: 'bar',
+			cc: [1,2,3,3],
+			dd: {name: 'life', age: 18},
+			image: { file: '/Users/life/Desktop/imageplus.png', content_type: 'image/png' }
+		}
+		needle.post('http://localhost/phpinfo.php', data, { multipart: true }, function(err, resp, body) {
+			// needle will read the file and include it in the form-data as binary
+			console.log(resp.body);
+		});
 	}
 
 };

node_modules/common.js

@@ -1,4 +1,5 @@
 var fs = require('fs');
+var crypto = require('crypto');
 // var User = require('user');
 // var Evt = require('evt');
 var ObjectId = require('objectid');
@@ -207,6 +208,17 @@ var Common = {
 			last = exec(cmd); 
 			last.on('exit', exitFunc);
 		}
+	},
+
+	md5: function(str, salt) {
+		var md5sum = crypto.createHash('md5');
+		var key = str;
+		if (salt) {
+			key += salt;
+		}
+		md5sum.update(key);
+		str = md5sum.digest('hex');
+		return str;
 	}
 };
 module.exports = Common; 

node_modules/user.js

@@ -52,10 +52,36 @@ User = {
 	login: function(username, password, host, callback) {
 		var me = this;
 		// 先本地验证
-		// console.log('login');
 		db.users.findOne({Username: username, IsLocal: true}, function(err, user) {
-			// console.log('login end');
+			if (!err && user && user.UserId && user.Pwd) {
-			if(err || !user || !user.UserId || user.Pwd != password) {
+				var md5Password = Common.md5(password, user.UserId);
+				// 如果是32位的, 表示是md5
+				if (user.Pwd.length == 32) {
+					if (user.Pwd == md5Password) {
+						// 本地用户
+						me.saveCurUser(user, function() {
+							callback(true);
+						});
+					}
+					// 密码有误
+					else {
+						callback(false);
+					}
+				}
+				// 如果不是32位的, 那表示保存的是之前的明文, 则将明文转成密文
+				else if (user.Pwd == password) {
+					user.Pwd = md5Password;
+					me.saveCurUser(user, function() {
+						callback(true);
+					});
+				}
+				// 密码有误
+				else {
+					callback(false);
+				}
+			}
+			// 本地用户没有, 则远程验证
+			else {
 				if(!Api) {
 					Api = require('api');
 				}
@@ -67,11 +93,6 @@ User = {
 						callback(false);
 					}
 				});
-			} else {
-				// 本地用户
-				me.saveCurUser(user, function() {
-					callback(true);
-				});
 			}
 		});
 	},
@@ -85,8 +106,8 @@ User = {
 				user.Username = useranme;
 				user.IsLocal = true;
 				user.IsActive = true;
-				user.Pwd = pwd;
 				user.UserId = Common.objectId();
+				user.Pwd = Common.md5(pwd, user.UserId);
 				db.users.insert(user, function(err, doc) {
 					// 创建默认的笔记本
 					if (!err) {

tests/test2.js

@@ -1,10 +0,0 @@
-var needle = require('needle');
-
-var m = 100;
-var j = 0;
-for(var i = 0; i < m; ++i) {
-  needle.get('http://leanote.com/api/user/getSyncState?token=554576a438f4113d3a000962&', function(err, resp) {
-    j++;
-    console.log(j);
-  });
-}

tests/testCommon.js

@@ -0,0 +1,4 @@
+// 服务测试
+var Common = require('common');
+var pwd = Common.md5('abc123', '1d22e0ec60ca20a1f0259cdd00eb7cfd');
+console.log(pwd);