diff --git a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java index 517c7c46..1b08d643 100644 --- a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java +++ b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java @@ -309,4 +309,27 @@ public class EncodeUtils { return null; } + // 对邮箱和手机号进行安全处理 + private static final Pattern emailPattern = Pattern.compile("([\\w\\W]?)([\\w\\W]+)([\\w\\W])(@[\\w\\W]+)"); + private static final Pattern mobilePattern = Pattern.compile("(\\d{3})(\\d+)(\\d{3})"); + + /** + * 手机号码进行掩码处理 + */ + public static String mobileMask(String mobile){ + if (StringUtils.isBlank(mobile)){ + return mobile; + } + return mobilePattern.matcher(mobile).replaceAll("$1****$3"); + } + + /** + * 对电子邮箱进行掩码处理 + */ + public static String emailMask(String email){ + if (StringUtils.isBlank(email)){ + return email; + } + return emailPattern.matcher(email).replaceAll("$1****$3$4"); + } } diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java index f9ec6f86..901d4e58 100644 --- a/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java +++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java @@ -5,6 +5,7 @@ package com.jeesite.modules.sys.web; import com.jeesite.common.codec.DesUtils; +import com.jeesite.common.codec.EncodeUtils; import com.jeesite.common.collect.ListUtils; import com.jeesite.common.collect.MapUtils; import com.jeesite.common.config.Global; @@ -549,39 +550,39 @@ public class AccountController extends BaseController{ * 发送邮件验证码 */ private String sendEmailValidCode(User user, String code, String title, Map data){ - String account = user.getEmail(); + String email = user.getEmail(); try { title = text("{0}({1}){2}验证码", user.getUserName(), user.getLoginCode(), title); String content = text("尊敬的用户,您好!\n\n您的验证码是:{0}(请勿透露给其他人)\n\n" + "请复制后,填写在你的验证码窗口完成验证。\n\n本邮件由系统自动发出,请勿回复。\n\n感谢您的使用!", code); -// String receiveUserCode = "[CODE]"+account; +// String receiveUserCode = "[CODE]"+email; // MsgPushUtils.push(MsgPush.TYPE_EMAIL, title, content, null, null, receiveUserCode); - EmailUtils.send(account, title, content); + EmailUtils.send(email, title, content); } catch (Exception e) { logger.error(title + "发送邮件错误。", e); return renderResult(Global.FALSE, text("系统出现了点问题,错误信息:{0}", e.getMessage())); } - account = account.replaceAll("([\\w\\W]?)([\\w\\W]+)([\\w\\W])(@[\\w\\W]+)", "$1****$3$4"); - return renderResult(Global.TRUE, text("验证码已发送到“{0}”邮箱账号,请尽快查收!", account), data); + email = EncodeUtils.emailMask(email); + return renderResult(Global.TRUE, text("验证码已发送到“{0}”邮箱账号,请尽快查收!", email), data); } /** * 发送短信验证码 */ private String sendSmsValidCode(User user, String code, String title, Map data){ - String account = user.getMobile(); + String mobile = user.getMobile(); try { title = text("{0}({1}){2}验证码", user.getUserName(), user.getLoginCode(), title); String content = text("您好,您的验证码是:{0}(请勿透露给其他人)感谢您的使用。", code); -// String receiveUserCode = "[CODE]"+account; +// String receiveUserCode = "[CODE]"+mobile; // MsgPushUtils.push(MsgPush.TYPE_SMS, title, content, null, null, receiveUserCode); - SmsUtils.send(content, account); + SmsUtils.send(content, mobile); } catch (Exception e) { logger.error(title + "发送短信错误。", e); return renderResult(Global.FALSE, text("系统出现了点问题,错误信息:{0}", e.getMessage())); } - account = account.replaceAll("(\\d{3})(\\d+)(\\d{3})","$1****$3"); - return renderResult(Global.TRUE, text("验证码已发送到“{0}”的手机号码,请尽快查收!", account), data); + mobile = EncodeUtils.mobileMask(mobile); + return renderResult(Global.TRUE, text("验证码已发送到“{0}”的手机号码,请尽快查收!", mobile), data); } }