bonus
/
devicesmgt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: 用户密码明文传输漏洞

This commit is contained in:
binbin_pan 2024-05-22 15:15:35 +08:00
parent 7c741e09b1
commit a74db9ac70
2 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
sgzb-ui/src/store/modules/user.js
View File

@ -1,6 +1,33 @@
import { login, logout, getInfo, refreshToken, checkCode, loginByMall } from '@/api/login' import { login, logout, getInfo, refreshToken, checkCode, loginByMall } from '@/api/login'
import { getToken, setToken, setExpiresIn, removeToken } from '@/utils/auth' import { getToken, setToken, setExpiresIn, removeToken } from '@/utils/auth'
import { Notification, MessageBox, Message, Loading } from 'element-ui' import { Notification, MessageBox, Message, Loading } from 'element-ui'
const secretKey = 'CCNXrpassWordKey'
async function encryptData(data, keyStr) {
const keyUint8 = new TextEncoder().encode(keyStr);
const key = await crypto.subtle.importKey(
'raw',
keyUint8,
{ name: 'AES-CBC', length: 256 },
false,
['encrypt']
);
const iv = crypto.getRandomValues(new Uint8Array(16));
const cipherTextBuffer = await crypto.subtle.encrypt(
{ name: 'AES-CBC', iv },
key,
new TextEncoder().encode(data)
);
const combined = new Uint8Array(iv.length + cipherTextBuffer.byteLength);
combined.set(iv, 0);
combined.set(new Uint8Array(cipherTextBuffer), iv.length);
return btoa(String.fromCharCode.apply(null, combined));
}
const user = { const user = {
state: { state: {
token: getToken(), token: getToken(),
@ -37,9 +64,9 @@ const user = {
actions: { actions: {
// 登录 // 登录
Login({ commit }, userInfo) { async Login({ commit }, userInfo) {
const username = userInfo.username.trim() const username = userInfo.username.trim()
const password = userInfo.password const password = await encryptData(userInfo.password, secretKey);
const code = userInfo.code const code = userInfo.code
const uuid = userInfo.uuid const uuid = userInfo.uuid
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {

4
sgzb-ui/vue.config.js
View File

@ -42,10 +42,10 @@ module.exports = {
// target: `https://test-cc.zhgkxt.com`,//线上环境-南网 // target: `https://test-cc.zhgkxt.com`,//线上环境-南网
// target: `https://z.csgmall.com.cn`, // target: `https://z.csgmall.com.cn`,
target: `http://10.40.92.8:28080`, //超 // target: `http://10.40.92.8:28080`, //超
// target: `http://10.40.92.81:8080`, //韩/ // target: `http://10.40.92.81:8080`, //韩/
// target: `http://10.40.92.74:8080`,//旭/ // target: `http://10.40.92.74:8080`,//旭/
// target: `http://10.40.92.138:28080`, //帅 target: `http://10.40.92.141:28080`, //帅
// target: `http://10.40.92.253:28080`, //福 // target: `http://10.40.92.253:28080`, //福
//******** 注意事项 ********* */ //******** 注意事项 ********* */