refactor: replace md5 with sha256 for commenter email hash (halo-dev#…

…7092) #### What type of PR is this? /kind feature /kind improvement #### What this PR does / why we need it: 本次PR对系统中用于电子邮件哈希的算法进行了升级。原先使用的是MD5算法，现在替换为了更安全的SHA-256算法。这一变更提高了数据的安全性，降低了电子邮件被破解的风险。 #### Which issue(s) this PR fixes: 未指定具体问题编号，但解决了潜在的安全隐患。 #### Special notes for your reviewer: 在替换哈希算法的过程中，我已经确保了代码的兼容性和性能。建议审查者在合并前进行全面的测试，以确保新算法的正确性和系统的稳定性。 #### Does this PR introduce a user-facing change? ```release-note 增强评论邮箱哈希算法（SHA256） ```
ruibaby · Dec 9, 2024 · 0748ae4 · 0748ae4
1 parent 348e7c9
commit 0748ae4
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java
@@ -1,12 +1,14 @@
 package run.halo.app.theme.finders.impl;
 
 
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.apache.commons.lang3.ObjectUtils.defaultIfNull;
 import static run.halo.app.extension.index.query.QueryFactory.and;
 import static run.halo.app.extension.index.query.QueryFactory.equal;
 import static run.halo.app.extension.index.query.QueryFactory.isNull;
 import static run.halo.app.extension.index.query.QueryFactory.or;
 
+import com.google.common.hash.Hashing;
 import java.security.Principal;
 import java.util.HashMap;
 import java.util.Optional;
@@ -20,7 +22,6 @@
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
-import org.springframework.util.DigestUtils;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import run.halo.app.content.comment.OwnerInfo;
@@ -172,7 +173,9 @@ private Mono<? extends CommentVo> filterCommentSensitiveData(CommentVo commentVo
         specOwner.setName("");
         var email = owner.getEmail();
         if (StringUtils.isNotBlank(email)) {
-            var emailHash = DigestUtils.md5DigestAsHex(email.getBytes());
+            var emailHash = Hashing.sha256()
+                .hashString(email.toLowerCase(), UTF_8)
+                .toString();
             if (specOwner.getAnnotations() == null) {
                 specOwner.setAnnotations(new HashMap<>(2));
             }
@@ -224,7 +227,9 @@ private Mono<? extends ReplyVo> filterReplySensitiveData(ReplyVo replyVo) {
         specOwner.setName("");
         var email = owner.getEmail();
         if (StringUtils.isNotBlank(email)) {
-            var emailHash = DigestUtils.md5DigestAsHex(email.getBytes());
+            var emailHash = Hashing.sha256()
+                .hashString(email.toLowerCase(), UTF_8)
+                .toString();
             if (specOwner.getAnnotations() == null) {
                 specOwner.setAnnotations(new HashMap<>(2));
             }

diff --git a/...c/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java b/...c/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java
@@ -389,7 +389,8 @@ String fakeReplyJson() {
                                 "name":"",
                                 "displayName":"fake-display-name",
                                 "annotations":{
-                                    "email-hash": "4249f4df72b475e7894fabed1c5888cf"
+                                    "email-hash": \
+                    "79783106d88279c6c8f94f1f4dec22bdb9f90a8d14c9d6c6628a11430e236cbf"
                                 }
                             },
                             "creationTime": "2024-03-11T06:23:42.923294424Z",