ahdoawhfo/netdisk-fast-download
1
0
Fork 0
mirror of https://github.com/qaiu/netdisk-fast-download.git synced 2026-06-11 07:57:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: 彻底消除用户枚举和异常信息泄露的遗留问题

Browse Source 
- UserServiceImpl: 3处"用户不存在"统一改为"用户名或密码错误"/"认证失败"
- RouterHandlerFactory: failureHandler 中 ctx.failure().getMessage() 改为"服务器内部错误"
This commit is contained in:
yukaidi
2026-05-29 05:53:40 +08:00
parent 7ca63985bd
commit 7d5831b5f4
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/cn/qaiu/vx/core/handlerfactory/RouterHandlerFactory.java
View File

@@ -181,7 +181,7 @@ public class RouterHandlerFactory implements BaseHttpApi {
doFireJsonResultResponse(ctx, JsonResult.error("未知异常, 请联系管理员"), 503); doFireJsonResultResponse(ctx, JsonResult.error("未知异常, 请联系管理员"), 503);
} else { } else {
LOGGER.error("路由处理失败", ctx.failure()); LOGGER.error("路由处理失败", ctx.failure());
doFireJsonResultResponse(ctx, JsonResult.error(ctx.failure().getMessage()), 500); doFireJsonResultResponse(ctx, JsonResult.error("服务器内部错误"), 500);
} }
}); });
} else if (method.isAnnotationPresent(SockRouteMapper.class)) { } else if (method.isAnnotationPresent(SockRouteMapper.class)) {

10
web-service/src/main/java/cn/qaiu/lz/web/service/impl/UserServiceImpl.java
View File

@@ -189,10 +189,10 @@ public class UserServiceImpl implements UserService {
.execute(Tuple.of(username)) .execute(Tuple.of(username))
.onSuccess(rows -> { .onSuccess(rows -> {
if (rows.size() == 0) { if (rows.size() == 0) {
promise.fail("用户不存在"); promise.fail("用户名或密码错误");
return; return;
} }
Row row = rows.iterator().next(); Row row = rows.iterator().next();
SysUser user = rowToUser(row); SysUser user = rowToUser(row);
promise.complete(filterSensitiveInfo(user)); promise.complete(filterSensitiveInfo(user));
@@ -296,10 +296,10 @@ public class UserServiceImpl implements UserService {
.execute(Tuple.of(user.getUsername())) .execute(Tuple.of(user.getUsername()))
.onSuccess(rows -> { .onSuccess(rows -> {
if (rows.size() == 0) { if (rows.size() == 0) {
promise.fail("用户不存在"); promise.fail("用户名或密码错误");
return; return;
} }
Row row = rows.iterator().next(); Row row = rows.iterator().next();
SysUser existUser = rowToUser(row); SysUser existUser = rowToUser(row);
@@ -406,7 +406,7 @@ public class UserServiceImpl implements UserService {
.onFailure(err -> { .onFailure(err -> {
promise.complete(new JsonObject() promise.complete(new JsonObject()
.put("success", false) .put("success", false)
.put("message", "用户不存在")); .put("message", "认证失败,请重新登录"));
}); });
return promise.future(); return promise.future();