liux
/
gs_sub_evaluate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: liux:291c6acb87b1d4a6447428349b3ce1427b90c3e9
Branches Tags
liux:master
..
compare: liux:fca50335a53ace04380dbaa3e9b9c1472f7c738a
Branches Tags
liux:master

No commits in common. "291c6acb87b1d4a6447428349b3ce1427b90c3e9" and "fca50335a53ace04380dbaa3e9b9c1472f7c738a" have entirely different histories.
291c6acb87 ... fca50335a5

2 changed files with 99 additions and 151 deletions
Show Stats Expand all files Collapse all files

36
src/main/resources/application.properties
View File

@ -1,12 +1,11 @@
server.port=1803 server.port=1803
server.servlet.context-path=/GsSubEvaluate server.servlet.context-path=/GsSubEvaluate
#spring.datasource.url=jdbc:mysql://127.0.0.1:3306/gs_sub_evaluate?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=GMT%2B8
#spring.datasource.url=jdbc:mysql://127.0.0.1:3307/aaa?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=GMT%2B8
#spring.datasource.username=root #spring.datasource.username=root
#spring.datasource.password=root #spring.datasource.password=bonus@admin123!%
spring.datasource.url=jdbc:mysql://192.168.0.14:1115/gs_sub_evaluate?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false spring.datasource.url=jdbc:mysql://192.168.0.14:4419/gs_sub_evaluate?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
spring.datasource.username=root spring.datasource.username=root
spring.datasource.password=xbzadmin@szedu14! spring.datasource.password=Bonus@admin123!
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.max-idle=10 spring.datasource.max-idle=10
spring.datasource.max-wait=60000 spring.datasource.max-wait=60000
@ -14,26 +13,26 @@ spring.datasource.min-idle=5
spring.datasource.initial-size=5 spring.datasource.initial-size=5
server.session.timeout=10 server.session.timeout=10
server.tomcat.uri-encoding=UTF-8 server.tomcat.uri-encoding=UTF-8
#mapper���� #mapper<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
mybatis.mapper-locations=classpath:mappers/*/*Mapper.xml mybatis.mapper-locations=classpath:mappers/*/*Mapper.xml
mybatis.type-aliases-package=com.bonus.gs.sub.evaluate.*.entity mybatis.type-aliases-package=com.bonus.gs.sub.evaluate.*.entity
#redis config #redis config
#spring.redis.host=localhost #spring.redis.host=localhost
spring.redis.host=127.0.0.1 #spring.redis.host=127.0.0.1
spring.redis.port=6379 #spring.redis.port=6379
spring.redis.password= #spring.redis.password=
#测试 #测试
#spring.redis.host=192.168.0.14 spring.redis.host=192.168.0.14
#spring.redis.port=2005 spring.redis.port=2005
#spring.redis.password=Xbzbns@Redis123! spring.redis.password=Xbzbns@Redis123!
# ��־ # <EFBFBD><EFBFBD>־
logging.config=classpath:logback-boot.xml logging.config=classpath:logback-boot.xml
log.level.root=info log.level.root=info
log.level.my=debug log.level.my=debug
log.file=logs/sys-back.log log.file=logs/sys-back.log
log.maxsize=30MB log.maxsize=30MB
#����ͷ��С #<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͷ<EFBFBD><EFBFBD>С
server.max-http-header-size=102400 server.max-http-header-size=102400
spring.servlet.multipart.max-file-size=-1 spring.servlet.multipart.max-file-size=-1
spring.servlet.multipart.max-request-size=-1 spring.servlet.multipart.max-request-size=-1
@ -42,7 +41,6 @@ spring.http.multipart.maxRequestSize=10Mb
token.expire.seconds=7200 token.expire.seconds=7200
spring.servlet.multipart.enabled=true spring.servlet.multipart.enabled=true
#upload.dir=/data/upload upload.dir=/home/gswbs/upload
upload.dir=E:/upload #upload.dir=D:/upload
user.password=Bonus@admin123
user.password=Pjxt@2025

144
src/main/resources/static/login.html
View File

@ -5,96 +5,76 @@
<meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache"> <meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Expires" content="0"> <meta http-equiv="Expires" content="0">
<title>登录 - 分包评价系统</title> <title>登录</title>
<link href="css/login.css" type="text/css" rel="stylesheet"> <link href="css/login.css" type="text/css" rel="stylesheet">
<style>
.csrf-info {
background-color: #f8f9fa;
border-left: 4px solid #007bff;
padding: 10px 15px;
margin: 15px 0;
font-size: 14px;
display: none;
}
.csrf-token-field {
display: none;
}
</style>
</head> </head>
<body> <body>
<div class="login"> <div class="login">
<div class="message">分包评价</div> <div class="message">分包评价</div>
<div id="darkbannerwrap"></div> <div id="darkbannerwrap"></div>
<div class="csrf-info" id="csrfInfo">
<strong>安全提示:</strong> 此表单包含CSRF保护令牌防止跨站请求伪造攻击。
</div>
<form id="login-form" method="post" onsubmit="return false;"> <form id="login-form" method="post" onsubmit="return false;">
<input id="username" name="username" placeholder="用户名" type="text" autocomplete="off"> <input id="username" name="username" placeholder="用户名" type="text"
autocomplete="off">
<hr class="hr15"> <hr class="hr15">
<input id="password" name="password" placeholder="密码" type="password" autocomplete="off"> <input id="password" name="password" placeholder="密码" type="password"
autocomplete="off">
<hr class="hr15"> <hr class="hr15">
<!-- CSRF令牌字段 --> <button style="width: 100%;" type="submit"
<input type="hidden" id="csrfToken" name="csrfToken" value=""> onclick="login(this)">登录</button>
<button style="width: 100%;" type="submit" onclick="login(this)">登录</button>
<hr class="hr20"> <hr class="hr20">
<span id="info" style="color: red"></span> <span id="info" style="color: red"></span>
</form> </form>
</div> </div>
</body>
<script src="js/libs/jquery-2.1.1.min.js"></script> <script src="js/libs/jquery-2.1.1.min.js"></script>
<script src="js/publicJs.js"></script> <script src="js/publicJs.js"></script>
<script src="layui/layui.js"></script> <script src="layui/layui.js"></script>
<script src="layui/crypto-js.min.js"></script> <script src="layui/crypto-js.min.js"></script>
<script type="text/javascript"> <script type="text/javascript">
// 页面加载时获取CSRF令牌 // if (top != self) {
document.addEventListener('DOMContentLoaded', function() { // parent.location.href = '/GsSubEvaluate/login.html';
fetchCSRFToken(); // }
}); // 获取查询参数
// 获取CSRF令牌
function fetchCSRFToken() {
$.ajax({
type: 'get',
url: ctxPath + '/csrf/token',
success: function(data) {
if (data && data.token) {
$('#csrfToken').val(data.token);
$('#csrfInfo').show();
}
},
error: function() {
// 如果获取令牌失败,生成一个客户端令牌作为备用
var clientToken = generateClientToken();
$('#csrfToken').val(clientToken);
}
});
}
// 生成客户端CSRF令牌
function generateClientToken() {
var timestamp = new Date().getTime();
var random = Math.random().toString(36).substring(2);
return CryptoJS.SHA256(timestamp + random).toString();
}
// 原有代码保持不变
let urlParams = new URLSearchParams(window.location.search); let urlParams = new URLSearchParams(window.location.search);
let tokens = urlParams.get('tokens'); let tokens = urlParams.get('tokens'); // 假设 URL 为 https://example.com/path?query=1
let loginName = urlParams.get('loginName'); let loginName = urlParams.get('loginName');
if(tokens && tokens!=='undefined'){ if(tokens && tokens!=='undefined'){
tokenVerify(tokens,loginName); tokenVerify(tokens,loginName);
} }
// var token = localStorage.getItem("token");
// if (token != null && token.trim().length != 0) {
// $.ajax({
// type : 'get',
// url : ctxPath + '/users/current?token=' + token,
// success : function(data) {
// location.href = ctxPath + '/index.html';
// },
// error : function(xhr, textStatus, errorThrown) {
// var msg = xhr.responseText;
// var response = JSON.parse(msg);
// var code = response.code;
// var message = response.message;
// if (code == 401) {
// localStorage.removeItem("token");
// }
// }
// });
// }
function tokenVerify(tokens,loginName) { function tokenVerify(tokens,loginName) {
$.ajax({ $.ajax({
type : 'post', type : 'post',
url : ctxPath + '/users/tokenVerify', url : ctxPath + '/users/tokenVerify',
data : {tokens:tokens,loginName:loginName}, data : {tokens:tokens,loginName:loginName},
success : function(data) { success : function(data) {
// debugger;
let res = data.res; let res = data.res;
layer.msg(data.resMsg); layer.msg(data.resMsg);
if(res === 1) { if(res === 1) {
@ -104,31 +84,20 @@
} }
}, },
error : function(xhr, textStatus, errorThrown) { error : function(xhr, textStatus, errorThrown) {
// 错误处理
} }
}); });
} }
function login_2(username,password) { function login_2(username,password) {
// 确保有CSRF令牌
if (!$('#csrfToken').val()) {
fetchCSRFToken();
setTimeout(function() {
login_2(username, password);
}, 100);
return;
}
$.ajax({ $.ajax({
type : 'post', type : 'post',
url : ctxPath + '/login', url : ctxPath + '/login',
data: { data : {username:username,password:password},
username: username,
password: password,
csrfToken: $('#csrfToken').val()
},
success : function(data) { success : function(data) {
// debugger;
localStorage.setItem("token", data.token); localStorage.setItem("token", data.token);
localStorage.setItem("roleName", data.loginUser.roleName);
localStorage.setItem("loginUser", JSON.stringify(data.loginUser)); localStorage.setItem("loginUser", JSON.stringify(data.loginUser));
location.href = ctxPath + '/index.html'; location.href = ctxPath + '/index.html';
}, },
@ -136,48 +105,36 @@
var msg = xhr.responseText; var msg = xhr.responseText;
var response = JSON.parse(msg); var response = JSON.parse(msg);
$("#info").html(response.message); $("#info").html(response.message);
$(obj).attr("disabled", false);
} }
}); });
} }
// AES加密函数 // AES加密函数
function encryptData(data, key) { function encryptData(data, key) {
const keyHex = CryptoJS.enc.Utf8.parse(key); const keyHex = CryptoJS.enc.Utf8.parse(key);
const ivHex = CryptoJS.enc.Utf8.parse(key.substring(0, 16)); const ivHex = CryptoJS.enc.Utf8.parse(key.substring(0, 16)); // 使用密钥前16位作为IV
return CryptoJS.AES.encrypt(data, keyHex, { return CryptoJS.AES.encrypt(data, keyHex, {
iv: ivHex, iv: ivHex,
mode: CryptoJS.mode.CBC, mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7 padding: CryptoJS.pad.Pkcs7
}).toString(); }).toString();
} }
function login(obj) { function login(obj) {
$(obj).attr("disabled", true); $(obj).attr("disabled", true);
var username = $.trim($('#username').val()); var username = $.trim($('#username').val());
var password = $.trim($('#password').val()); var password = $.trim($('#password').val());
if (username == "" || password == "") { if (username == "" || password == "") {
$("#info").html('用户名或者密码不能为空'); $("#info").html('用户名或者密码不能为空');
$(obj).attr("disabled", false); $(obj).attr("disabled", false);
} else { } else {
// 确保有CSRF令牌 // 加密密钥(需与后端一致)
if (!$('#csrfToken').val()) {
fetchCSRFToken();
setTimeout(function() {
login(obj);
}, 100);
return;
}
// 加密密钥
var secretKey = "zhgd@bonus@zhgd@bonus@1234567890"; var secretKey = "zhgd@bonus@zhgd@bonus@1234567890";
// 加密用户名和密码 // 加密用户名和密码
var encryptedData = { var encryptedData = {
username: encryptData(username, secretKey), username: encryptData(username, secretKey),
password: encryptData(password, secretKey), password: encryptData(password, secretKey),
csrfToken: $('#csrfToken').val()
}; };
$.ajax({ $.ajax({
@ -185,28 +142,21 @@
url : ctxPath + '/login', url : ctxPath + '/login',
data : encryptedData, data : encryptedData,
success : function(data) { success : function(data) {
// debugger;
localStorage.setItem("token", data.token); localStorage.setItem("token", data.token);
// localStorage.setItem("roleName", data.loginUser.roleName);
localStorage.setItem("loginUser", JSON.stringify(data.loginUser)); localStorage.setItem("loginUser", JSON.stringify(data.loginUser));
location.href = ctxPath + '/index.html'; location.href = ctxPath + '/index.html';
}, },
error : function(xhr, textStatus, errorThrown) { error : function(xhr, textStatus, errorThrown) {
var msg = xhr.responseText; var msg = xhr.responseText;
try {
var response = JSON.parse(msg); var response = JSON.parse(msg);
$("#info").html(response.message); $("#info").html(response.message);
// 如果错误是由于CSRF令牌无效重新获取令牌
if (response.code === 403 && response.message.includes("CSRF")) {
fetchCSRFToken();
}
} catch(e) {
$("#info").html("登录失败,请重试");
}
$(obj).attr("disabled", false); $(obj).attr("disabled", false);
} }
}); });
} }
} }
</script> </script>
</body>
</html> </html>