diff --git a/controllers/VaultController.php b/controllers/VaultController.php index 807992b..ef3ecd0 100644 --- a/controllers/VaultController.php +++ b/controllers/VaultController.php @@ -255,7 +255,7 @@ class VaultController extends Controller } /** - * 初始化文件保险箱密码 + * 初始化文件保险箱 * @return Response * @throws Exception */ @@ -277,6 +277,7 @@ class VaultController extends Controller } /** + * 保险箱密码验证 * @return Response */ public function actionAuth(): Response diff --git a/views/vault/_init.php b/views/vault/_init.php index aecd0ed..192a97e 100644 --- a/views/vault/_init.php +++ b/views/vault/_init.php @@ -14,11 +14,14 @@ $this->params['breadcrumbs'][] = $this->title;

title) ?>

第一次使用文件保险箱,请在下方输入保险箱密码:

+

+ 请牢记设置的保险箱密码,保险箱内所有文件都会使用此密码进行端到端加密,只有拥有正确密码的用户才可以解密文件(服务端也无法查看文件内容) +

'init-vault-form', 'action' => ['vault/init'], 'method' => 'post']); ?> - field($model, 'input_vault_secret')->label('保险箱密码(建议不要与登陆密码相同)')->passwordInput(['autofocus' => true]) ?> + field($model, 'input_vault_secret')->label('保险箱密码:')->passwordInput(['autofocus' => true]) ?>
'btn btn-primary']) ?>
diff --git a/web/js/vault_gateway_hook.js b/web/js/vault_gateway_hook.js index 99e4c91..f4e5634 100644 --- a/web/js/vault_gateway_hook.js +++ b/web/js/vault_gateway_hook.js @@ -7,55 +7,8 @@ document.getElementById('gateway-vault-form').addEventListener('submit', functio document.addEventListener('DOMContentLoaded', function () { if (!(window.crypto && window.crypto.subtle)) { console.log('浏览器不支持 Crypto API'); + //顺带一提,简单测试了下,那些不支持crypto api的浏览器,可能前面登录那关都过不去(验证码) alert('您的浏览器不支持加密功能,故无法使用文件保险箱功能,请使用现代浏览器。'); window.location.href = 'index.php?r=site%2Findex'; } }); - -// async function generateEncryptionKeyFromPassword(password) { -// const passwordBuffer = new TextEncoder().encode(password); -// const key = await window.crypto.subtle.importKey( -// 'raw', -// passwordBuffer, -// {name: 'PBKDF2'}, -// false, -// ['deriveKey'] -// ); -// const encryptionKey = await window.crypto.subtle.deriveKey( -// { -// name: 'PBKDF2', -// salt: new Uint8Array([]), -// iterations: 100000, -// hash: 'SHA-256' -// }, -// key, -// {name: 'AES-GCM', length: 256}, -// false, -// ['encrypt', 'decrypt'] -// ); -// -// return encryptionKey; -// } -// -// function cryptoKeyToString(cryptoKey) { -// return window.crypto.subtle.exportKey('raw', cryptoKey).then(function (keyData) { -// return String.fromCharCode.apply(null, new Uint8Array(keyData)); -// }); -// } -// -// function stringToCryptoKey(keyString) { -// // 将字符串转换为 Uint8Array -// var keyData = new Uint8Array(keyString.length); -// for (var i = 0; i < keyString.length; ++i) { -// keyData[i] = keyString.charCodeAt(i); -// } -// -// // 使用 importKey 方法导入 CryptoKey 对象 -// return window.crypto.subtle.importKey( -// 'raw', -// keyData, -// {name: 'PBKDF2'}, -// false, -// ['deriveKey'] -// ); -// } \ No newline at end of file diff --git a/web/js/vault_script.js b/web/js/vault_script.js index d881d09..6fdedd4 100644 --- a/web/js/vault_script.js +++ b/web/js/vault_script.js @@ -10,6 +10,7 @@ $(document).on('click', '.download-btn', async function() { await downloadAndDecryptFile(downloadUrl, vaultRawKey, filename); } catch (error) { console.error('Error downloading or decrypting the file:', error); + // 到这一步出错的话 保险箱内文件怕是抢救不回来了 } }); $(document).on('click', '.delete-btn', function () {