fix: 彻底消除用户枚举和异常信息泄露的遗留问题

- UserServiceImpl: 3处"用户不存在"统一改为"用户名或密码错误"/"认证失败" - RouterHandlerFactory: failureHandler 中 ctx.failure().getMessage() 改为"服务器内部错误"
2026-06-10 23:47:29 +00:00 · 2026-05-29 05:53:40 +08:00
parent 7ca63985bd
commit 7d5831b5f4
2 changed files with 6 additions and 6 deletions
--- a/web-service/src/main/java/cn/qaiu/lz/web/service/impl/UserServiceImpl.java
+++ b/web-service/src/main/java/cn/qaiu/lz/web/service/impl/UserServiceImpl.java
@@ -189,10 +189,10 @@ public class UserServiceImpl implements UserService {
                .execute(Tuple.of(username))
                .onSuccess(rows -> {
                    if (rows.size() == 0) {
-                        promise.fail("用户不存在");
+                        promise.fail("用户名或密码错误");
                        return;
                    }
-                    
+
                    Row row = rows.iterator().next();
                    SysUser user = rowToUser(row);
                    promise.complete(filterSensitiveInfo(user));
@@ -296,10 +296,10 @@ public class UserServiceImpl implements UserService {
                .execute(Tuple.of(user.getUsername()))
                .onSuccess(rows -> {
                    if (rows.size() == 0) {
-                        promise.fail("用户不存在");
+                        promise.fail("用户名或密码错误");
                        return;
                    }
-                    
+
                    Row row = rows.iterator().next();
                    SysUser existUser = rowToUser(row);
                    
@@ -406,7 +406,7 @@ public class UserServiceImpl implements UserService {
                .onFailure(err -> {
                    promise.complete(new JsonObject()
                            .put("success", false)
-                            .put("message", "用户不存在"));
+                            .put("message", "认证失败，请重新登录"));
                });
        
        return promise.future();