重要安全更新

2026-03-25 07:16:51 +00:00 · 2026-02-25 13:25:25 +08:00
parent 411f8a8d61
commit b547ac1aed
7 changed files with 657 additions and 230 deletions
--- a/src/components/LockScreen.tsx
+++ b/src/components/LockScreen.tsx
@@ -1,5 +1,4 @@
 import { useState, useEffect, useRef } from 'react'
-import * as configService from '../services/config'
 import { ArrowRight, Fingerprint, Lock, ScanFace, ShieldCheck } from 'lucide-react'
 import './LockScreen.scss'

@@ -9,14 +8,6 @@ interface LockScreenProps {
    useHello?: boolean
 }

-async function sha256(message: string) {
-    const msgBuffer = new TextEncoder().encode(message)
-    const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer)
-    const hashArray = Array.from(new Uint8Array(hashBuffer))
-    const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('')
-    return hashHex
-}
-
 export default function LockScreen({ onUnlock, avatar, useHello = false }: LockScreenProps) {
    const [password, setPassword] = useState('')
    const [error, setError] = useState('')
@@ -49,19 +40,9 @@ export default function LockScreen({ onUnlock, avatar, useHello = false }: LockS

    const quickStartHello = async () => {
        try {
-            // 如果父组件已经告诉我们要用 Hello，直接开始，不等待 IPC
-            let shouldUseHello = useHello
-
-            // 为了稳健，如果 prop 没传（虽然现在都传了），再 check 一次 config
-            if (!shouldUseHello) {
-                shouldUseHello = await configService.getAuthUseHello()
-            }
-
-            if (shouldUseHello) {
-                // 标记为可用，显示按钮
+            if (useHello) {
                setHelloAvailable(true)
                setShowHello(true)
-                // 立即执行验证 (0延迟)
                verifyHello()
            }
        } catch (e) {
@@ -96,35 +77,19 @@ export default function LockScreen({ onUnlock, avatar, useHello = false }: LockS
        e?.preventDefault()
        if (!password || isUnlocked) return

-        // 如果正在进行 Hello 验证，它会自动失败或被取代，UI上不用特意取消
-        // 因为 native 调用是模态的或者独立的，我们只要让 JS 状态不对锁住即可
-
-        // 不再检查 isVerifying，因为我们允许打断 Hello
        setIsVerifying(true)
        setError('')

        try {
-            const storedHash = await configService.getAuthPassword()
+            // 发送原始密码到主进程，由主进程验证并解密密钥
+            const result = await window.electronAPI.auth.unlock(password)

-            // 兜底：如果没有设置过密码，直接放行并关闭应用锁
-            if (!storedHash) {
-                await configService.setAuthEnabled(false)
-                handleUnlock()
-                return
-            }
-
-            const inputHash = await sha256(password)
-
-            if (inputHash === storedHash) {
-                // 解锁成功，重新写入 authEnabled 以修复可能被篡改的签名
-                await configService.setAuthEnabled(true)
+            if (result.success) {
                handleUnlock()
            } else {
-                setError('密码错误')
+                setError(result.error || '密码错误')
                setPassword('')
                setIsVerifying(false)
-                // 如果密码错误，是否重新触发 Hello? 
-                // 用户可能想重试密码，暂时不自动触发
            }
        } catch (e) {
            setError('验证失败')