fix: 用户密码明文传输漏洞

sgzb-ui/src/store/modules/user.js

@@ -1,6 +1,33 @@
 import { login, logout, getInfo, refreshToken,checkCode,loginByMall } from '@/api/login'
 import { getToken, setToken, setExpiresIn, removeToken } from '@/utils/auth'
 import { Notification, MessageBox, Message, Loading } from 'element-ui'
+
+const secretKey = 'CCCQrpassWordKey'
+
+async function encryptData(data, keyStr) {
+  const keyUint8 = new TextEncoder().encode(keyStr);
+  const key = await crypto.subtle.importKey(
+      'raw',
+      keyUint8,
+      { name: 'AES-CBC', length: 256 },
+      false,
+      ['encrypt']
+  );
+
+  const iv = crypto.getRandomValues(new Uint8Array(16));
+  const cipherTextBuffer = await crypto.subtle.encrypt(
+      { name: 'AES-CBC', iv },
+      key,
+      new TextEncoder().encode(data)
+  );
+
+  const combined = new Uint8Array(iv.length + cipherTextBuffer.byteLength);
+  combined.set(iv, 0);
+  combined.set(new Uint8Array(cipherTextBuffer), iv.length);
+
+  return btoa(String.fromCharCode.apply(null, combined));
+}
+
 const user = {
   state: {
     token: getToken(),
@@ -37,9 +64,9 @@ const user = {
 
   actions: {
     // 登录
-    Login({ commit }, userInfo) {
+    async Login({ commit }, userInfo) {
       const username = userInfo.username.trim()
-      const password = userInfo.password
+      const password = await encryptData(userInfo.password, secretKey)
       const code = userInfo.code
       const uuid = userInfo.uuid
       return new Promise((resolve, reject) => {