bonus
/
smart_archives_web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

前端校验

This commit is contained in:
cwchen 2025-09-30 09:42:45 +08:00
parent 163c41a84b
commit 56b01565a7
7 changed files with 119 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/utils/request.js
View File

@ -119,7 +119,10 @@ service.interceptors.request.use(
requestUrl += '?' + paramsString
}
}
const signature = generateRequestSignature(userId, timestamp, method, requestUrl, userSecret)
console.log(signature);
console.log(requestUrl);
config.headers['timestamp'] = timestamp
config.headers['X-Signature'] = signature
} catch (error) {

39
src/utils/validate.js
View File

@ -5,7 +5,10 @@
* @returns {Boolean}
*/
export function isPathMatch(pattern, path) {
const regexPattern = pattern.replace(/\//g, '\\/').replace(/\*\*/g, '.*').replace(/\*/g, '[^\\/]*')
const regexPattern = pattern
.replace(/\//g, '\\/')
.replace(/\*\*/g, '.*')
.replace(/\*/g, '[^\\/]*')
const regex = new RegExp(`^${regexPattern}$`)
return regex.test(path)
}
@ -16,7 +19,12 @@ export function isPathMatch(pattern, path) {
* @returns {Boolean}
*/
export function isEmpty(value) {
if (value == null || value == "" || value == undefined || value == "undefined") {
if (
value == null ||
value == '' ||
value == undefined ||
value == 'undefined'
) {
return true
}
return false
@ -54,7 +62,8 @@ export function validUsername(str) {
* @returns {Boolean}
*/
export function validURL(url) {
const reg = /^(https?|ftp):\/\/([a-zA-Z0-9.-]+(:[a-zA-Z0-9.&%$-]+)*@)*((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}|([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))(:[0-9]+)*(\/($|[a-zA-Z0-9.,?'\\+&%$#=~_-]+))*$/
const reg =
/^(https?|ftp):\/\/([a-zA-Z0-9.-]+(:[a-zA-Z0-9.&%$-]+)*@)*((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}|([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))(:[0-9]+)*(\/($|[a-zA-Z0-9.,?'\\+&%$#=~_-]+))*$/
return reg.test(url)
}
@ -90,7 +99,8 @@ export function validAlphabets(str) {
* @returns {Boolean}
*/
export function validEmail(email) {
const reg = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
const reg =
/^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
return reg.test(email)
}
@ -154,3 +164,24 @@ export function isIPv4RangeOrder(start, end) {
if (!isIPv4(start) || !isIPv4(end)) return false
return ipv4ToInt(start) <= ipv4ToInt(end)
}
/**
* 统一安全校验方法
* 使用方法validSecurity(str) 返回 true/false
*/
/**
* 统一安全校验方法
* 使用方法validSecurity(str) 返回 true/false
*/
export function validSecurity(str) {
if (!str || typeof str !== 'string') {
return true;
}
// 将所有正则模式合并为一个统一的正则表达式
const securityRegex = /<script>(.*?)<\/script>|src[\r\n]*=[\r\n]*'(.*?)'|src[\r\n]*=[\r\n]*"(.*?)"|<\/script>|<script(.*?)>|eval\((.*?)\)|e-xpression\((.*?)\)|javascript:|vbscript:|onload(.*?)=|onerror(.*?)=|onclick(.*?)=|onmouseover(.*?)=|alert\((.*?)\)|<.*>|\[.*\]|\(.*\)|'.*'|".*"|%3c|%3e|%2f|%27|%22|%2b|%3b|%28|%29|%5b|%5d|@.*|!.*|%.*|\\x3c|\\x3e|\\x2f|\\x27|\\x22|data:text\/html|base64|document\.|window\.|location\.|cookie|--|\/\*.*?\*\/|#|'|"|\bselect\b|\binsert\b|\bupdate\b|\bdelete\b|\bdrop\b|\btruncate\b|\balter\b|\bcreate\b|\bexec\b|\bexecute\b|\bdeclare\b|\bxp_cmdshell\b|\bsp_\w+\b|\bchar\b|\bascii\b|\bsubstr\b|\bsubstring\b|\bconcat\b|\bmaster\b|\bsys\b|\binformation_schema\b|\bunion\b|\binto\b|\bfrom\b|\bwhere\b|\band\b|\bor\b/i;
return !securityRegex.test(str);
}

7
src/views/archivesManagement/archClass/archCatalogue/components/leftTree.vue
View File

@ -55,6 +55,7 @@
<script>
import { getArchivalCatalogueTreeApi,delArchiveApi } from '@/api/archivesManagement/index.js'
import AddTreeData from './addTreeData.vue'
import { validSecurity } from '@/utils/validate'
export default {
name: 'LeftTree',
components: { AddTreeData },
@ -154,6 +155,7 @@ export default {
this.selectedNodeId = data.id;
this.$emit('handleNodeClick', data)
},
// -
convertToVueTree(data) {
if (!data || !Array.isArray(data)) {
@ -205,6 +207,11 @@ export default {
},
//
onHandleSearch() {
//
if (this.filterText && !validSecurity(this.filterText)) {
this.$message.error('搜索内容包含非法字符,请重新输入')
return
}
this.$refs.leftTreeRef.filter(this.filterText)
},
//

7
src/views/archivesManagement/fileManager/components/leftTree.vue
View File

@ -56,6 +56,7 @@
<script>
import { getFileManageTreeApi, delFileManageApi } from '@/api/archivesManagement/fileManager/fileManager.js'
import FileAddTreeData from './addTreeData.vue'
import { validSecurity } from '@/utils/validate'
export default {
name: 'FileLeftTree',
components: { FileAddTreeData },
@ -154,6 +155,7 @@ export default {
this.selectedNodeId = data.id;
this.$emit('handleNodeClick', data)
},
// -
convertToVueTree(data) {
if (!data || !Array.isArray(data)) {
@ -208,6 +210,11 @@ export default {
},
//
onHandleSearch() {
//
if (this.filterText && !validSecurity(this.filterText)) {
this.$message.error('搜索内容包含非法字符,请重新输入')
return
}
this.$refs.leftTreeRef.filter(this.filterText)
},
//

7
src/views/common/fileTree.vue
View File

@ -35,6 +35,7 @@ import _ from 'lodash'
import {
getFileManageTreeApi
} from '@/api/filesTransfer/apply'
import { validSecurity } from '@/utils/validate'
export default {
name: "FileTree",
props: ["width", "title", "rowData"],
@ -121,8 +122,14 @@ export default {
// ID
this.selectedNodeId = data.id;
},
//
onHandleSearch() {
//
if (this.filterText && !validSecurity(this.filterText)) {
this.$message.error('搜索内容包含非法字符,请重新输入')
return
}
this.$refs.leftTreeRef.filter(this.filterText)
},
//

9
src/views/data-collect/data-set-manage/components/left-tree.vue
View File

@ -25,6 +25,7 @@
<script>
import { getLeftTreeListAPI } from '@/api/data-collect/data-set-manage'
import { validSecurity } from '@/utils/validate'
export default {
name: 'LeftTree',
data() {
@ -48,6 +49,7 @@ export default {
onHandleNodeClick(data) {
this.$emit('handleNodeClick', data)
},
convertToVueTree(data) {
return data.map(item => ({
id: item.code,
@ -75,6 +77,13 @@ export default {
this.displayedTreeData = JSON.parse(JSON.stringify(this.treeDataList))
return
}
//
if (!validSecurity(this.filterText)) {
this.$message.error('输入内容包含非法字符,请重新输入')
return
}
this.displayedTreeData = this.filterTreeData(this.treeDataList)
},
//

9
src/views/data-collect/data-set-manage/components/right-table.vue
View File

@ -39,6 +39,7 @@
<script>
import { getListDataSetAPI } from '@/api/data-collect/data-set-manage'
import Share from './share.vue'
import { validSecurity } from '@/utils/validate'
export default {
name: 'RightTable',
components: {
@ -95,6 +96,7 @@ export default {
showColose() {
this.isflag = false;
},
//
onHandleQuery() {
if (!Array.isArray(this.columns) || this.columns.length < 1) return
@ -106,6 +108,13 @@ export default {
this.filteredManual = null
return
}
//
if (!validSecurity(keyword)) {
this.$message.error('搜索内容包含非法字符,请重新输入')
return
}
//
const source = Array.isArray(this.tableData) ? this.tableData : []
const kw = keyword.toLowerCase()