fix: 用户密码明文传输漏洞

2024-05-22 15:20:05 +08:00 · 2024-05-22 15:20:05 +08:00 · 68c2cd6097
parent de0ae37060
commit 68c2cd6097
1 changed files with 29 additions and 2 deletions
--- a/sgzb-ui/src/store/modules/user.js
+++ b/sgzb-ui/src/store/modules/user.js
@ -1,6 +1,33 @@
 import { login, logout, getInfo, refreshToken,checkCode,loginByMall } from '@/api/login'
 import { getToken, setToken, setExpiresIn, removeToken } from '@/utils/auth'
 import { Notification, MessageBox, Message, Loading } from 'element-ui'
+
+const secretKey = 'CCCQrpassWordKey'
+
+async function encryptData(data, keyStr) {
+  const keyUint8 = new TextEncoder().encode(keyStr);
+  const key = await crypto.subtle.importKey(
+      'raw',
+      keyUint8,
+      { name: 'AES-CBC', length: 256 },
+      false,
+      ['encrypt']
+  );
+
+  const iv = crypto.getRandomValues(new Uint8Array(16));
+  const cipherTextBuffer = await crypto.subtle.encrypt(
+      { name: 'AES-CBC', iv },
+      key,
+      new TextEncoder().encode(data)
+  );
+
+  const combined = new Uint8Array(iv.length + cipherTextBuffer.byteLength);
+  combined.set(iv, 0);
+  combined.set(new Uint8Array(cipherTextBuffer), iv.length);
+
+  return btoa(String.fromCharCode.apply(null, combined));
+}
+
 const user = {
  state: {
    token: getToken(),
@ -37,9 +64,9 @@ const user = {

  actions: {
    // 登录
-    Login({ commit }, userInfo) {
+    async Login({ commit }, userInfo) {
      const username = userInfo.username.trim()
-      const password = userInfo.password
+      const password = await encryptData(userInfo.password, secretKey)
      const code = userInfo.code
      const uuid = userInfo.uuid
      return new Promise((resolve, reject) => {