Explorar o código

修改渗透安全bug

hurixing hai 1 ano
pai
achega
37826f4209

+ 3 - 0
src/components/FileUpload/index.vue

@@ -42,6 +42,7 @@
 
 <script>
 import { getToken } from "@/utils/auth";
+import {hashWithSalt} from '@/utils/SHA256'
 
 export default {
   name: "FileUpload",
@@ -152,6 +153,8 @@ export default {
           return false;
         }
       }
+      this.headers.timestamp = Date.now()
+      this.headers.sign= hashWithSalt(this.headers.timestamp+this.headers.Usertoken)
       this.$modal.loading("正在上传文件,请稍候...");
       this.number++;
       return true;

+ 3 - 0
src/components/ImageUpload/index.vue

@@ -46,6 +46,7 @@
 
 <script>
 import { getToken } from "@/utils/auth";
+import {hashWithSalt} from '@/utils/SHA256'
 
 export default {
   props: {
@@ -174,6 +175,8 @@ export default {
           return false;
         }
       }
+      this.headers.timestamp = Date.now()
+      this.headers.sign= hashWithSalt(this.headers.timestamp+this.headers.Usertoken)
       this.$modal.loading("正在上传图片,请稍候...");
       this.number++;
     },

+ 3 - 0
src/components/minioFileUpload/index.vue

@@ -42,6 +42,7 @@
 
 <script>
 import { getToken } from "@/utils/auth";
+import {hashWithSalt} from '@/utils/SHA256'
 
 export default {
   name: "FileUpload",
@@ -155,6 +156,8 @@ export default {
           return false;
         }
       }
+      this.headers.timestamp = Date.now()
+      this.headers.sign= hashWithSalt(this.headers.timestamp+this.headers.Usertoken)
       this.$modal.loading("正在上传文件,请稍候...");
       this.number++;
       return true;

+ 10 - 0
src/utils/SHA256.js

@@ -0,0 +1,10 @@
+import CryptoJS from 'crypto-js'
+
+export function hashWithSalt(input) {  
+
+    // 对组合后的WordArray进行SHA-256哈希处理  
+    const hashed = CryptoJS.SHA256(input+"ujnhytghyujhyuyh");  
+    
+    // 将哈希值转换为十六进制字符串并返回  
+    return hashed.toString(CryptoJS.enc.Hex);  
+}

+ 9 - 2
src/utils/request.js

@@ -7,6 +7,7 @@ import { tansParams, blobValidate } from "@/utils/common";
 import cache from '@/plugins/cache'
 import { saveAs } from 'file-saver'
 import { message } from '@/utils/resetMessage'
+import {hashWithSalt} from '@/utils/SHA256'
 let downloadLoadingInstance;
 // 是否显示重新登录
 export let isRelogin = { show: false };
@@ -32,6 +33,10 @@ service.interceptors.request.use(config => {
   if (getToken() && !isToken) {
     config.headers['userToken'] = getToken() // 让每个请求携带自定义token 请根据实际情况自行修改
   }
+  // 防重时间戳
+  const timestamp = Date.now();
+  config.headers['timestamp'] = timestamp;
+  config.headers['sign'] = hashWithSalt(timestamp+getToken())
   // get请求映射params参数
   if (config.method === 'get' && config.params) {
     let url = config.url + '?' + tansParams(config.params);
@@ -101,7 +106,10 @@ service.interceptors.response.use(res => {
       });
     }
     return Promise.reject('无效的会话,或者会话已过期,请重新登录。')
-  }else if(code === 406) {
+  } else if (code ===415) {
+
+
+  } else if(code === 406) {
     MessageBox.confirm('你的账户已在别的设备登录,请重新登录', '系统提示', { confirmButtonText: '重新登录', type: 'warning', showCancelButton: false, }).then(() => {
       store.dispatch('LogOut').then(() => {
         if (process.env.NODE_ENV == 'production') {
@@ -113,7 +121,6 @@ service.interceptors.response.use(res => {
     }).catch(() => {
 
     });
-    return Promise.reject('error')
   } else if (code === 500) {
     Message({ message: msg, type: 'error' })
     return Promise.reject(new Error(msg))

+ 2 - 2
src/utils/secret.js

@@ -1,8 +1,8 @@
 import CryptoJS from 'crypto-js'
 
 //设置秘钥和秘钥偏移量
-const SECRET_KEY = CryptoJS.enc.Utf8.parse("1234567890123456");
-const SECRET_IV = CryptoJS.enc.Utf8.parse("1234567890123456");
+const SECRET_KEY = CryptoJS.enc.Utf8.parse("fhyredhufrdhyrfb");
+const SECRET_IV = CryptoJS.enc.Utf8.parse("hghthfbdbrhfuehr");
 /**
  * 加密方法
  * @param word