feat: 初始密码和首次登录修改密码的流程与livegbs保持一致

api.go

@@ -192,6 +192,9 @@ func withVerify(f func(w http.ResponseWriter, req *http.Request)) func(http.Resp
 		if !ok {
 			w.WriteHeader(http.StatusUnauthorized)
 			return
+		} else if AdminMD5 == PwdMD5 && req.URL.Path != "/api/v1/modifypassword" && req.URL.Path != "/api/v1/userinfo" {
+			// 如果没有修改默认密码, 只允许放行这2个接口
+			return
 		}
 
 		f(w, req)
@@ -225,11 +228,12 @@ func startApiServer(addr string) {
 	// 关闭国标流. 如果是实时流, 等收流或空闲超时自行删除. 回放或下载流立即删除.
 	apiServer.router.HandleFunc("/api/v1/stream/stop", withVerify(common.WithFormDataParams(apiServer.OnCloseStream, InviteParams{})))
 
-	apiServer.router.HandleFunc("/api/v1/device/list", withVerify(common.WithQueryStringParams(apiServer.OnDeviceList, QueryDeviceChannel{})))           // 查询设备列表
-	apiServer.router.HandleFunc("/api/v1/device/channeltree", withVerify(common.WithQueryStringParams(apiServer.OnDeviceTree, QueryDeviceChannel{})))    // 设备树
-	apiServer.router.HandleFunc("/api/v1/device/channellist", withVerify(common.WithQueryStringParams(apiServer.OnChannelList, QueryDeviceChannel{})))   // 查询通道列表
-	apiServer.router.HandleFunc("/api/v1/device/fetchcatalog", withVerify(common.WithQueryStringParams(apiServer.OnCatalogQuery, QueryDeviceChannel{}))) // 更新通道
-	apiServer.router.HandleFunc("/api/v1/device/remove", withVerify(common.WithFormDataParams(apiServer.OnDeviceRemove, DeleteDevice{})))                // 更新通道
+	apiServer.router.HandleFunc("/api/v1/device/list", withVerify(common.WithQueryStringParams(apiServer.OnDeviceList, QueryDeviceChannel{})))                          // 查询设备列表
+	apiServer.router.HandleFunc("/api/v1/device/channeltree", withVerify(common.WithQueryStringParams(apiServer.OnDeviceTree, QueryDeviceChannel{})))                   // 设备树
+	apiServer.router.HandleFunc("/api/v1/device/channellist", withVerify(common.WithQueryStringParams(apiServer.OnChannelList, QueryDeviceChannel{})))                  // 查询通道列表
+	apiServer.router.HandleFunc("/api/v1/device/fetchcatalog", withVerify(common.WithQueryStringParams(apiServer.OnCatalogQuery, QueryDeviceChannel{})))                // 更新通道
+	apiServer.router.HandleFunc("/api/v1/device/remove", withVerify(common.WithFormDataParams(apiServer.OnDeviceRemove, DeleteDevice{})))                               // 删除设备
+	apiServer.router.HandleFunc("/api/v1/device/setmediatransport", withVerify(common.WithFormDataParams(apiServer.OnDeviceMediaTransportSet, SetMediaTransportReq{}))) // 设置设备媒体传输模式
 
 	apiServer.router.HandleFunc("/api/v1/playback/recordlist", withVerify(common.WithQueryStringParams(apiServer.OnRecordList, QueryRecordParams{}))) // 查询录像列表
 	apiServer.router.HandleFunc("/api/v1/stream/info", withVerify(apiServer.OnStreamInfo))
@@ -270,7 +274,15 @@ func startApiServer(addr string) {
 	apiServer.router.HandleFunc("/api/v1/jt/channel/add", common.WithJsonResponse(apiServer.OnVirtualChannelAdd, &dao.ChannelModel{}))
 	apiServer.router.HandleFunc("/api/v1/jt/channel/edit", common.WithJsonResponse(apiServer.OnVirtualChannelEdit, &dao.ChannelModel{}))
 	apiServer.router.HandleFunc("/api/v1/jt/channel/remove", common.WithJsonResponse(apiServer.OnVirtualChannelRemove, &dao.ChannelModel{}))
-	apiServer.router.HandleFunc("/api/v1/device/setmediatransport", withVerify(common.WithFormDataParams(apiServer.OnDeviceMediaTransportSet, SetMediaTransportReq{})))
+	apiServer.router.HandleFunc("/logout", func(writer http.ResponseWriter, req *http.Request) {
+		cookie, err := req.Cookie("token")
+		if err == nil {
+			TokenManager.Remove(cookie.Value)
+			writer.Header().Set("Location", "/login.html")
+			writer.WriteHeader(http.StatusFound)
+			return
+		}
+	})
 
 	registerLiveGBSApi()
 

api_livegbs.go

@@ -189,6 +189,7 @@ func registerLiveGBSApi() {
 			HasAllChannel bool     `json:"HasAllChannel"`
 			LoginAt       string   `json:"LoginAt"`
 			RemoteIP      string   `json:"RemoteIP"`
+			PwdModReq     bool     `json:"PwdModReq"`
 		}{
 			Token:         cookie.Value,
 			ID:            1,
@@ -197,6 +198,7 @@ func registerLiveGBSApi() {
 			HasAllChannel: true,
 			LoginAt:       session.LoginTime.Format("2006-01-02 15:04:05"),
 			RemoteIP:      request.RemoteAddr,
+			PwdModReq:     AdminMD5 == PwdMD5,
 		}
 
 		_ = common.HttpResponseJson(writer, response)
@@ -204,7 +206,7 @@ func registerLiveGBSApi() {
 
 	apiServer.router.HandleFunc("/api/v1/ispasswordchanged", func(writer http.ResponseWriter, request *http.Request) {
 		_ = common.HttpResponseJson(writer, map[string]bool{
-			"PasswordChanged": true,
+			"PasswordChanged": AdminMD5 != PwdMD5,
 			"UserChanged":     false,
 		})
 	})
@@ -265,7 +267,8 @@ func (api *ApiServer) OnLogin(v *LoginReq, w http.ResponseWriter, r *http.Reques
 func (api *ApiServer) OnModifyPassword(v *ModifyPasswordReq, w http.ResponseWriter, r *http.Request) (interface{}, error) {
 	ModifyPasswordLock.Lock()
 	defer ModifyPasswordLock.Unlock()
-	if PwdMD5 != v.OldPwd {
+	// 如果是首次修改密码, livegbs前端旧密码携带的是空密码, 所以首次修改不检验旧密码
+	if AdminMD5 != PwdMD5 && PwdMD5 != v.OldPwd {
 		log.Sugar.Errorf("修改密码失败, 旧密码错误 oldPwd: %s remote addr: %s", v.OldPwd, r.RemoteAddr)
 		w.WriteHeader(http.StatusBadRequest)
 		_, _ = w.Write([]byte("原密码不正确"))

main.go

@@ -1,6 +1,8 @@
 package main
 
 import (
+	"crypto/md5"
+	"encoding/hex"
 	"encoding/json"
 	"gb-cms/common"
 	"gb-cms/dao"
@@ -17,6 +19,7 @@ import (
 )
 
 var (
+	AdminMD5    string // 明文密码"admin"的MD5值
 	PwdMD5      string
 	StartUpTime time.Time
 	KernelArch  string
@@ -58,6 +61,9 @@ func main() {
 		hook.RegisterEventUrl(hook.EventTypeDeviceOnInvite, config.Hooks.OnInvite)
 	}
 
+	hash := md5.Sum([]byte("admin"))
+	AdminMD5 = hex.EncodeToString(hash[:])
+
 	plaintext, md5 := ReadTempPwd()
 	if plaintext != "" {
 		log.Sugar.Infof("temp pwd: %s", plaintext)

temp_pwd.go

@@ -29,7 +29,7 @@ func ReadTempPwd() (plaintext string, md5Hex string) {
 	pwd, err := os.ReadFile("./data/pwd.txt")
 	if err != nil {
 		// 生成密码
-		plaintext = GenerateTempPwd()
+		plaintext = "admin"
 
 		// 计算md5
 		hash := md5.Sum([]byte(plaintext))