diff --git a/controllers/VaultController.php b/controllers/VaultController.php index ba69fbc..807992b 100644 --- a/controllers/VaultController.php +++ b/controllers/VaultController.php @@ -33,7 +33,7 @@ class VaultController extends Controller 'rules' => [ [ 'allow' => true, - 'actions' => ['index', 'download', 'delete', 'upload', 'init', 'auth'], + 'actions' => ['index', 'download', 'delete', 'upload', 'init', 'auth', 'get-salt'], 'roles' => ['user'], ], ], @@ -47,6 +47,7 @@ class VaultController extends Controller 'upload' => ['POST'], 'init' => ['POST'], 'auth' => ['POST'], + 'get-salt' => ['GET'], ], ], ] @@ -263,6 +264,7 @@ class VaultController extends Controller $model = Yii::$app->user->identity; // 获取当前用户模型 if ($model->load(Yii::$app->request->post()) && $model->validate() && !empty($model->input_vault_secret)) { $model->vault_secret = Yii::$app->getSecurity()->generatePasswordHash($model->input_vault_secret); + $model->vault_salt = Yii::$app->getSecurity()->generateRandomString(64); if ($model->save(false)) { // 保存用户模型 Yii::$app->session->setFlash('success', '保险箱初始化成功,请牢记密码,否则无法恢复保险箱内文件'); } else { @@ -293,4 +295,16 @@ class VaultController extends Controller } return $this->redirect('index.php?r=vault%2Findex'); } + + /** + * 获取保险箱密码盐 + * GET + * @return array + */ + public function actionGetSalt(): array + { + Yii::$app->response->format = Response::FORMAT_JSON; + $user = Yii::$app->user->identity; + return ['vault_salt' => $user->vault_salt]; + } } \ No newline at end of file diff --git a/models/User.php b/models/User.php index 6cc54b4..2f9ebc6 100644 --- a/models/User.php +++ b/models/User.php @@ -30,6 +30,7 @@ use yii\web\IdentityInterface; * @property string|null $recovery_codes OTP恢复代码 * @property int|null $dark_mode 夜间模式(0 off,1 on,2 auto) * @property string|null $vault_secret 保险箱密钥 + * @property string|null $vault_salt 保险箱加密密钥盐 * * @property CollectionTasks[] $collectionTasks * @property Share[] $shares @@ -63,7 +64,7 @@ class User extends ActiveRecord implements IdentityInterface return [ [['status', 'is_encryption_enabled', 'is_otp_enabled', 'dark_mode'], 'integer'], [['created_at', 'last_login'], 'safe'], - [['bio', 'totp_input', 'recoveryCode_input', 'name'], 'string'], + [['bio', 'totp_input', 'recoveryCode_input', 'name','vault_salt'], 'string'], ['input_vault_secret', 'string', 'min' => 6, 'max' => 24], [['encryption_key', 'otp_secret', 'recovery_codes', 'vault_secret'], 'string', 'max' => 255], [['last_login_ip'], 'string', 'max' => 45], @@ -122,7 +123,8 @@ class User extends ActiveRecord implements IdentityInterface 'storage_limit' => 'Storage Limit', 'recovery_codes' => 'Recovery Codes', 'dark_mode' => 'Dark Mode', - 'vault_secret' => 'Vault Secret' + 'vault_secret' => 'Vault Secret', + 'vault_salt' => 'Vault Salt', ]; } diff --git a/views/vault/_gateway.php b/views/vault/_gateway.php index 3da4770..06ab5a0 100644 --- a/views/vault/_gateway.php +++ b/views/vault/_gateway.php @@ -19,7 +19,7 @@ $this->params['breadcrumbs'][] = $this->title;