From 8562734fdec093c2e8fc7b49d3896ff952cf94f0 Mon Sep 17 00:00:00 2001
From: Chang lue Tsen <tension@ppanel.dev>
Date: Thu, 9 Oct 2025 13:33:03 -0400
Subject: [PATCH] feat(user): add encryption algorithm and salt fields to User
 model for migrate

---
 initialize/migrate/database/02115_user_algo.down.sql  | 3 +++
 initialize/migrate/database/02115_user_algo.up.sql    | 3 +++
 internal/logic/admin/user/createUserLogic.go          | 1 +
 internal/logic/admin/user/updateUserBasicInfoLogic.go | 1 +
 internal/logic/auth/resetPasswordLogic.go             | 3 ++-
 internal/logic/auth/telephoneLoginLogic.go            | 2 +-
 internal/logic/auth/telephoneResetPasswordLogic.go    | 1 +
 internal/logic/auth/telephoneUserRegisterLogic.go     | 1 +
 internal/logic/auth/userLoginLogic.go                 | 2 +-
 internal/logic/auth/userRegisterLogic.go              | 1 +
 internal/model/user/user.go                           | 2 ++
 pkg/tool/encryption.go                                | 4 +---
 pkg/tool/encryption_test.go                           | 2 +-
 queue/logic/order/activateOrderLogic.go               | 1 +
 14 files changed, 20 insertions(+), 7 deletions(-)
 create mode 100644 initialize/migrate/database/02115_user_algo.down.sql
 create mode 100644 initialize/migrate/database/02115_user_algo.up.sql

diff --git a/initialize/migrate/database/02115_user_algo.down.sql b/initialize/migrate/database/02115_user_algo.down.sql
new file mode 100644
index 0000000..51d4d33
--- /dev/null
+++ b/initialize/migrate/database/02115_user_algo.down.sql
@@ -0,0 +1,3 @@
+ALTER TABLE `User`
+DROP COLUMN `algo`,
+    DROP COLUMN `salt`;
diff --git a/initialize/migrate/database/02115_user_algo.up.sql b/initialize/migrate/database/02115_user_algo.up.sql
new file mode 100644
index 0000000..f8a7c11
--- /dev/null
+++ b/initialize/migrate/database/02115_user_algo.up.sql
@@ -0,0 +1,3 @@
+ALTER TABLE `User`
+    ADD COLUMN `algo` VARCHAR(20) NOT NULL DEFAULT 'default' COMMENT 'Encryption Algorithm' AFTER `password`,
+    ADD COLUMN `salt` VARCHAR(20) NOT NULL DEFAULT 'default' COMMENT 'Password Salt' AFTER `algo`;
diff --git a/internal/logic/admin/user/createUserLogic.go b/internal/logic/admin/user/createUserLogic.go
index 5f6c858..0fb6b43 100644
--- a/internal/logic/admin/user/createUserLogic.go
+++ b/internal/logic/admin/user/createUserLogic.go
@@ -40,6 +40,7 @@ func (l *CreateUserLogic) CreateUser(req *types.CreateUserRequest) error {
 	pwd := tool.EncodePassWord(req.Password)
 	newUser := &user.User{
 		Password:           pwd,
+		Algo:               "default",
 		ReferralPercentage: req.ReferralPercentage,
 		OnlyFirstPurchase:  &req.OnlyFirstPurchase,
 		ReferCode:          req.ReferCode,
diff --git a/internal/logic/admin/user/updateUserBasicInfoLogic.go b/internal/logic/admin/user/updateUserBasicInfoLogic.go
index 9f57f75..faa7930 100644
--- a/internal/logic/admin/user/updateUserBasicInfoLogic.go
+++ b/internal/logic/admin/user/updateUserBasicInfoLogic.go
@@ -129,6 +129,7 @@ func (l *UpdateUserBasicInfoLogic) UpdateUserBasicInfo(req *types.UpdateUserBasi
 			return errors.Wrapf(xerr.NewErrCodeMsg(503, "Demo mode does not allow modification of the admin user password"), "UpdateUserBasicInfo failed: cannot update admin user password in demo mode")
 		}
 		userInfo.Password = tool.EncodePassWord(req.Password)
+		userInfo.Algo = "default"
 	}
 
 	err = l.svcCtx.UserModel.Update(l.ctx, userInfo)
diff --git a/internal/logic/auth/resetPasswordLogic.go b/internal/logic/auth/resetPasswordLogic.go
index d0d3f2f..25f493a 100644
--- a/internal/logic/auth/resetPasswordLogic.go
+++ b/internal/logic/auth/resetPasswordLogic.go
@@ -104,7 +104,8 @@ func (l *ResetPasswordLogic) ResetPassword(req *types.ResetPasswordRequest) (res
 
 	// Update password
 	userInfo.Password = tool.EncodePassWord(req.Password)
-	if err := l.svcCtx.UserModel.Update(l.ctx, userInfo); err != nil {
+	userInfo.Algo = "default"
+	if err = l.svcCtx.UserModel.Update(l.ctx, userInfo); err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update user info failed: %v", err.Error())
 	}
 	// Generate session id
diff --git a/internal/logic/auth/telephoneLoginLogic.go b/internal/logic/auth/telephoneLoginLogic.go
index 54e4d8e..7f351ac 100644
--- a/internal/logic/auth/telephoneLoginLogic.go
+++ b/internal/logic/auth/telephoneLoginLogic.go
@@ -98,7 +98,7 @@ func (l *TelephoneLoginLogic) TelephoneLogin(req *types.TelephoneLoginRequest, r
 
 	if req.TelephoneCode == "" {
 		// Verify password
-		if !tool.VerifyPassWord(req.Password, userInfo.Password) {
+		if !tool.MultiPasswordVerify(userInfo.Algo, userInfo.Salt, req.Password, userInfo.Password) {
 			return nil, errors.Wrapf(xerr.NewErrCode(xerr.UserPasswordError), "user password")
 		}
 	} else {
diff --git a/internal/logic/auth/telephoneResetPasswordLogic.go b/internal/logic/auth/telephoneResetPasswordLogic.go
index 18891b0..98f6419 100644
--- a/internal/logic/auth/telephoneResetPasswordLogic.go
+++ b/internal/logic/auth/telephoneResetPasswordLogic.go
@@ -78,6 +78,7 @@ func (l *TelephoneResetPasswordLogic) TelephoneResetPassword(req *types.Telephon
 	// Generate password
 	pwd := tool.EncodePassWord(req.Password)
 	userInfo.Password = pwd
+	userInfo.Algo = "default"
 	err = l.svcCtx.UserModel.Update(l.ctx, userInfo)
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "update user password failed: %v", err.Error())
diff --git a/internal/logic/auth/telephoneUserRegisterLogic.go b/internal/logic/auth/telephoneUserRegisterLogic.go
index 6db07ee..859875a 100644
--- a/internal/logic/auth/telephoneUserRegisterLogic.go
+++ b/internal/logic/auth/telephoneUserRegisterLogic.go
@@ -107,6 +107,7 @@ func (l *TelephoneUserRegisterLogic) TelephoneUserRegister(req *types.TelephoneR
 	pwd := tool.EncodePassWord(req.Password)
 	userInfo := &user.User{
 		Password:          pwd,
+		Algo:              "default",
 		OnlyFirstPurchase: &l.svcCtx.Config.Invite.OnlyFirstPurchase,
 		AuthMethods: []user.AuthMethods{
 			{
diff --git a/internal/logic/auth/userLoginLogic.go b/internal/logic/auth/userLoginLogic.go
index d328924..a8034f7 100644
--- a/internal/logic/auth/userLoginLogic.go
+++ b/internal/logic/auth/userLoginLogic.go
@@ -76,7 +76,7 @@ func (l *UserLoginLogic) UserLogin(req *types.UserLoginRequest) (resp *types.Log
 	}
 
 	// Verify password
-	if !tool.VerifyPassWord(req.Password, userInfo.Password) {
+	if !tool.MultiPasswordVerify(userInfo.Algo, userInfo.Salt, req.Password, userInfo.Password) {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.UserPasswordError), "user password")
 	}
 	// Generate session id
diff --git a/internal/logic/auth/userRegisterLogic.go b/internal/logic/auth/userRegisterLogic.go
index e4e01e4..e8e81fe 100644
--- a/internal/logic/auth/userRegisterLogic.go
+++ b/internal/logic/auth/userRegisterLogic.go
@@ -90,6 +90,7 @@ func (l *UserRegisterLogic) UserRegister(req *types.UserRegisterRequest) (resp *
 	pwd := tool.EncodePassWord(req.Password)
 	userInfo := &user.User{
 		Password:          pwd,
+		Algo:              "default",
 		OnlyFirstPurchase: &l.svcCtx.Config.Invite.OnlyFirstPurchase,
 	}
 	if referer != nil {
diff --git a/internal/model/user/user.go b/internal/model/user/user.go
index 603f98e..98bfbcb 100644
--- a/internal/model/user/user.go
+++ b/internal/model/user/user.go
@@ -7,6 +7,8 @@ import (
 type User struct {
 	Id                    int64         `gorm:"primaryKey"`
 	Password              string        `gorm:"type:varchar(100);not null;comment:User Password"`
+	Algo                  string        `gorm:"type:varchar(20);default:'default';comment:Encryption Algorithm"`
+	Salt                  string        `gorm:"type:varchar(20);default:null;comment:Password Salt"`
 	Avatar                string        `gorm:"type:MEDIUMTEXT;comment:User Avatar"`
 	Balance               int64         `gorm:"default:0;comment:User Balance"` // User Balance Amount
 	ReferCode             string        `gorm:"type:varchar(20);default:'';comment:Referral Code"`
diff --git a/pkg/tool/encryption.go b/pkg/tool/encryption.go
index 509e389..f51f61a 100644
--- a/pkg/tool/encryption.go
+++ b/pkg/tool/encryption.go
@@ -40,15 +40,13 @@ func MultiPasswordVerify(algo, salt, password, hash string) bool {
 	case "md5":
 		sum := md5.Sum([]byte(password))
 		return hex.EncodeToString(sum[:]) == hash
-
 	case "sha256":
 		sum := sha256.Sum256([]byte(password))
 		return hex.EncodeToString(sum[:]) == hash
-
 	case "md5salt":
 		sum := md5.Sum([]byte(password + salt))
 		return hex.EncodeToString(sum[:]) == hash
-	case "default":
+	case "default": // PPanel's default algorithm
 		return VerifyPassWord(password, hash)
 	case "bcrypt":
 		// Bcrypt (corresponding to PHP's password_hash/password_verify)
diff --git a/pkg/tool/encryption_test.go b/pkg/tool/encryption_test.go
index 5a96038..b8776e4 100644
--- a/pkg/tool/encryption_test.go
+++ b/pkg/tool/encryption_test.go
@@ -10,6 +10,6 @@ func TestEncodePassWord(t *testing.T) {
 
 func TestMultiPasswordVerify(t *testing.T) {
 	pwd := "$2y$10$WFO17pdtohfeBILjEChoGeVxpDG.u9kVCKhjDAeEeNmCjIlj3tDRy"
-	status := MultiPasswordVerify("", "", "admin", pwd)
+	status := MultiPasswordVerify("bcrypt", "", "admin1", pwd)
 	t.Logf("MultiPasswordVerify: %v", status)
 }
diff --git a/queue/logic/order/activateOrderLogic.go b/queue/logic/order/activateOrderLogic.go
index f6c8f9c..55dc284 100644
--- a/queue/logic/order/activateOrderLogic.go
+++ b/queue/logic/order/activateOrderLogic.go
@@ -223,6 +223,7 @@ func (l *ActivateOrderLogic) createGuestUser(ctx context.Context, orderInfo *ord
 
 	userInfo := &user.User{
 		Password: tool.EncodePassWord(tempOrder.Password),
+		Algo:     "default",
 		AuthMethods: []user.AuthMethods{
 			{
 				AuthType:       tempOrder.AuthType,