提交 696e1c1d authored 作者: 钟是志's avatar 钟是志

北电科安全漏洞修改

上级 cea79cec
...@@ -2,14 +2,55 @@ import fetch from 'dva/fetch'; ...@@ -2,14 +2,55 @@ import fetch from 'dva/fetch';
import router from 'umi/router'; import router from 'umi/router';
import moment from 'moment'; import moment from 'moment';
import FormdataWrapper from '@/webPublic/zyd_public/utils/object-to-formdata-custom'; import FormdataWrapper from '@/webPublic/zyd_public/utils/object-to-formdata-custom';
import { isJSON, controlNotification, getIsBei_Dian } from '@/webPublic/zyd_public/utils/utils'; import {
isJSON,
controlNotification,
getIsBei_Dian,
getHeaders,
} from '@/webPublic/zyd_public/utils/utils';
import config from '@/config/config'; import config from '@/config/config';
import apiConfig from './apiSystemConfig'; import apiConfig from './apiSystemConfig';
import { omit } from 'lodash'; import { omit } from 'lodash';
import qs from 'qs'; import qs from 'qs';
import { queryIsSafe } from '@/webPublic/one_stop_public/utils/queryConfig'; import { queryIsSafe } from '@/webPublic/one_stop_public/utils/queryConfig';
import { uaaRequest } from '@/webPublic/one_stop_public/utils/request'; import { uaaRequest } from '@/webPublic/one_stop_public/utils/request';
import { getToken, setToken, setFetchUrl, getFetchUrl, getType, setType } from '@/webPublic/one_stop_public/utils/token'; import {
getToken,
setToken,
setFetchUrl,
getFetchUrl,
getType,
setType
} from '@/webPublic/one_stop_public/utils/token';
// 28038 1.1越权【高】 2022年7月7日
export const urlTransform = (url) => {
if (!getIsBei_Dian()) {
return url;
}
if (url && url.indexOf(config.gateWayPort) > -1) {
let uArr = url.split(config.gateWayPort);
uArr[1] = uArr[1].replaceAll('\//', '\/');
url = config.gateWayPort + uArr[1];
}
// let u = url.split('://');
let currentUser = sessionStorage.getItem('currentUser');
if (!currentUser || !isJSON(currentUser)) {
console.log('没有获取currentUser, 无法转换接口');
return url;
}
currentUser = JSON.parse(currentUser);
if (!currentUser.typeString) {
console.log('没有获取currentUser的typeString, 无法转换接口');
return url;
}
if (url && url.indexOf('zydsgWeb') > -1) {
url = url.replace('zydsgWeb', 'zydsgWeb/safe/' + currentUser.typeString);
}
return url;
};
const codeMessage = { const codeMessage = {
200: '服务器成功返回请求的数据。', 200: '服务器成功返回请求的数据。',
...@@ -44,8 +85,8 @@ const checkStatus = response => { ...@@ -44,8 +85,8 @@ const checkStatus = response => {
} }
if (response.status === 401) { if (response.status === 401) {
setToken(null); setToken(null);
if(window.top != window.self){ if (window.top != window.self) {
window.top.postMessage("returnLogin", '*'); // Iframe 返回登录页 window.top.postMessage('returnLogin', '*'); // Iframe 返回登录页
return true; return true;
} }
} }
...@@ -82,7 +123,8 @@ function setFetchInfo(url, options) { ...@@ -82,7 +123,8 @@ function setFetchInfo(url, options) {
let session = getFetchUrl(); let session = getFetchUrl();
if (isJSON(session)) { if (isJSON(session)) {
session = JSON.parse(session); session = JSON.parse(session);
if (session.url === url && moment().valueOf() - session.time < 500) { if (session.url === url && moment()
.valueOf() - session.time < 500) {
if (options.body && JSON.stringify(options.body) === session.body) { if (options.body && JSON.stringify(options.body) === session.body) {
console.log('频繁调用接口: ', url); console.log('频繁调用接口: ', url);
return false; return false;
...@@ -92,7 +134,8 @@ function setFetchInfo(url, options) { ...@@ -92,7 +134,8 @@ function setFetchInfo(url, options) {
return JSON.stringify({ return JSON.stringify({
url, url,
time: moment().valueOf(), time: moment()
.valueOf(),
body: options.body ? JSON.stringify(options.body) : '', body: options.body ? JSON.stringify(options.body) : '',
}); });
} }
...@@ -108,13 +151,14 @@ export default function request( ...@@ -108,13 +151,14 @@ export default function request(
url, url,
options = {}, options = {},
) { ) {
url = urlTransform(url); // 北电科接口越权修改
if (url && url.indexOf('/CmsApi/') > -1 && queryIsSafe() && url.indexOf('/CmsApi/getExportInfo') <= -1) { if (url && url.indexOf('/CmsApi/') > -1 && queryIsSafe() && url.indexOf('/CmsApi/getExportInfo') <= -1) {
url = url.replace(config.httpServer, ''); url = url.replace(config.httpServer, '');
return uaaRequest(url, options.body); return uaaRequest(url, options.body);
} }
if(process.env.NODE_ENV === 'development' && getIsBei_Dian()){ if (process.env.NODE_ENV === 'development' && getIsBei_Dian()) {
url = url.replace('https://yx.bpi.edu.cn/produce', 'http://localhost:8010/produce'); url = url.replace('https://yx.bpi.edu.cn/produce', 'http://localhost:8010/produce');
url = url.replace('http://scjoyedu.eicp.net:51352/produce', 'http://localhost:8010/produce');
} }
let sessionFetch = setFetchInfo(url, options); let sessionFetch = setFetchInfo(url, options);
...@@ -125,10 +169,10 @@ export default function request( ...@@ -125,10 +169,10 @@ export default function request(
} }
let defaultToken = getToken(); let defaultToken = getToken();
const token = defaultToken !== null && defaultToken !== 'null' ? defaultToken : ''; const token = defaultToken !== null && defaultToken !== 'null' ? defaultToken : '';
if(url.indexOf('oauthPub=true') <= -1 && url.indexOf('uia/logout') <= -1 && !getIsBei_Dian()){ if (url.indexOf('oauthPub=true') <= -1 && url.indexOf('uia/logout') <= -1 && !getIsBei_Dian()) {
if(url.indexOf('?') > -1){ if (url.indexOf('?') > -1) {
url = url + '&token=' + (process.env.NODE_ENV === 'development' ? token : ''); url = url + '&token=' + (process.env.NODE_ENV === 'development' ? token : '');
}else{ } else {
url = url + '?token=' + (process.env.NODE_ENV === 'development' ? token : ''); url = url + '?token=' + (process.env.NODE_ENV === 'development' ? token : '');
} }
} }
...@@ -155,7 +199,7 @@ export default function request( ...@@ -155,7 +199,7 @@ export default function request(
newOptions.headers = { newOptions.headers = {
Accept: 'application/json', Accept: 'application/json',
...newOptions.headers, ...newOptions.headers,
Authorization: `bearer ${token}`, ...getHeaders(url).headers,
}; };
newOptions.body = FormdataWrapper(newOptions.body); newOptions.body = FormdataWrapper(newOptions.body);
} else { } else {
...@@ -164,7 +208,7 @@ export default function request( ...@@ -164,7 +208,7 @@ export default function request(
Accept: 'application/json', Accept: 'application/json',
'Content-Type': 'multipart/form-data', 'Content-Type': 'multipart/form-data',
...newOptions.headers, ...newOptions.headers,
Authorization: `bearer ${token}`, ...getHeaders(url).headers,
}; };
} }
} }
...@@ -173,7 +217,7 @@ export default function request( ...@@ -173,7 +217,7 @@ export default function request(
newOptions = omit(newOptions, 'body'); newOptions = omit(newOptions, 'body');
} }
if(!token || token === 'null' || url.indexOf('uia/logout') > -1){ if (!token || token === 'null' || url.indexOf('uia/logout') > -1) {
delete newOptions.headers.Authorization; delete newOptions.headers.Authorization;
} }
...@@ -195,7 +239,7 @@ export default function request( ...@@ -195,7 +239,7 @@ export default function request(
if (typeof response == 'string') { if (typeof response == 'string') {
try { try {
const xxx = JSON.parse(response); const xxx = JSON.parse(response);
if(xxx.status === 404){ if (xxx.status === 404) {
controlNotification({ controlNotification({
message: '接口异常', message: '接口异常',
}); });
...@@ -220,8 +264,8 @@ export default function request( ...@@ -220,8 +264,8 @@ export default function request(
const status = e.name; const status = e.name;
if (status === 401) { if (status === 401) {
if(window.top != window.self){ if (window.top != window.self) {
window.top.postMessage("returnLogin", '*'); // Iframe 返回登录页 window.top.postMessage('returnLogin', '*'); // Iframe 返回登录页
return true; return true;
} }
// @HACK // @HACK
...@@ -245,7 +289,6 @@ export default function request( ...@@ -245,7 +289,6 @@ export default function request(
} }
let systemName = '学工系统'; let systemName = '学工系统';
let type = getType(); let type = getType();
if (url.indexOf('/v1/api/zydxgWeb/') > -1 && type) { if (url.indexOf('/v1/api/zydxgWeb/') > -1 && type) {
...@@ -259,7 +302,7 @@ export default function request( ...@@ -259,7 +302,7 @@ export default function request(
systemName = findApiConfig && findApiConfig.name || '系统'; systemName = findApiConfig && findApiConfig.name || '系统';
} }
if(!window.navigator.onLine){ if (!window.navigator.onLine) {
return controlNotification({ return controlNotification({
message: '网络故障', message: '网络故障',
description: `${systemName}无法连接到网络,请稍后再试`, description: `${systemName}无法连接到网络,请稍后再试`,
...@@ -269,8 +312,8 @@ export default function request( ...@@ -269,8 +312,8 @@ export default function request(
message: '网络故障', message: '网络故障',
description: `${systemName}无法连接到服务器,请稍后再试`, description: `${systemName}无法连接到服务器,请稍后再试`,
}); });
if(window.top != window.self){ if (window.top != window.self) {
window.top.postMessage("returnLogin", '*'); // Iframe 返回登录页 window.top.postMessage('returnLogin', '*'); // Iframe 返回登录页
return true; return true;
} }
return; return;
......
...@@ -2,6 +2,7 @@ import { getIsBei_Dian } from '@/webPublic/zyd_public/utils/utils'; ...@@ -2,6 +2,7 @@ import { getIsBei_Dian } from '@/webPublic/zyd_public/utils/utils';
import { getToken } from '@/webPublic/one_stop_public/utils/token'; import { getToken } from '@/webPublic/one_stop_public/utils/token';
import config from '@/config/config'; import config from '@/config/config';
import { getInfo, transformApi } from '@/highOrderComponent/Service'; import { getInfo, transformApi } from '@/highOrderComponent/Service';
import { urlTransform } from '@/webPublic/zyd_public/request/request';
export function hrefWithToken(url) { export function hrefWithToken(url) {
if (!getIsBei_Dian()) { if (!getIsBei_Dian()) {
if (url.indexOf('?') > -1) { if (url.indexOf('?') > -1) {
...@@ -13,8 +14,10 @@ export function hrefWithToken(url) { ...@@ -13,8 +14,10 @@ export function hrefWithToken(url) {
getInfo({}, '/InstructorConfigApi/getCurrentDate') getInfo({}, '/InstructorConfigApi/getCurrentDate')
.then((response) => { .then((response) => {
const hrefUrl = transformApi(url); const hrefUrl = transformApi(url);
let u = `${hrefUrl}${url}`;
u = urlTransform(u);
if (response) { if (response) {
window.open(`${hrefUrl}${url}`); // 存在问题 浏览器会自动切换内核到IE 内核导致 文件名称乱码. window.open(`${u}`); // 存在问题 浏览器会自动切换内核到IE 内核导致 文件名称乱码.
return true; return true;
} else { } else {
return false; return false;
...@@ -36,7 +39,7 @@ export function hrefWithTokenSg(url) { ...@@ -36,7 +39,7 @@ export function hrefWithTokenSg(url) {
const hrefUrl = `${config.mockServer}/${config.gateWayUrl.zydsg}`; const hrefUrl = `${config.mockServer}/${config.gateWayUrl.zydsg}`;
if (response) { if (response) {
let u = `${hrefUrl}${url}`; let u = `${hrefUrl}${url}`;
console.log(u); u = urlTransform(u);
window.open(u); // 存在问题 浏览器会自动切换内核到IE 内核导致 文件名称乱码. window.open(u); // 存在问题 浏览器会自动切换内核到IE 内核导致 文件名称乱码.
return true; return true;
} else { } else {
......
...@@ -8,6 +8,7 @@ import { Icon, message, notification } from 'antd'; ...@@ -8,6 +8,7 @@ import { Icon, message, notification } from 'antd';
import { getOneStopActiveMenus, getOnestopKey } from '../../Services'; import { getOneStopActiveMenus, getOnestopKey } from '../../Services';
import FormdataWrapper from './object-to-formdata-custom'; import FormdataWrapper from './object-to-formdata-custom';
import { getToken } from '@/webPublic/one_stop_public/utils/token'; import { getToken } from '@/webPublic/one_stop_public/utils/token';
import { urlTransform } from '@/webPublic/zyd_public/request/request';
let messageTime = new Date().getTime() - 3000; let messageTime = new Date().getTime() - 3000;
...@@ -15,7 +16,8 @@ let messageTime = new Date().getTime() - 3000; ...@@ -15,7 +16,8 @@ let messageTime = new Date().getTime() - 3000;
* 校验 开始时间必须在结束时间之前的函数 * 校验 开始时间必须在结束时间之前的函数
* */ * */
export function checkDate(endTime = '2019-01-01', startTime = '2018-12-31') { export function checkDate(endTime = '2019-01-01', startTime = '2018-12-31') {
return moment(endTime).isAfter(moment(startTime)); return moment(endTime)
.isAfter(moment(startTime));
} }
/** /**
...@@ -23,14 +25,15 @@ export function checkDate(endTime = '2019-01-01', startTime = '2018-12-31') { ...@@ -23,14 +25,15 @@ export function checkDate(endTime = '2019-01-01', startTime = '2018-12-31') {
* */ * */
export function matchReg(str) { export function matchReg(str) {
let reg = /<\/?.+?\/?>/g; let reg = /<\/?.+?\/?>/g;
return str.replace(reg, '').replace(/&nbsp;/g, ' '); return str.replace(reg, '')
.replace(/&nbsp;/g, ' ');
} }
export function htmlFormat(str) { export function htmlFormat(str) {
if (typeof str !== 'string') { if (typeof str !== 'string') {
return ''; return '';
} }
const newTxt = str.replace(/\s+([^<>]+)(?=<)/g, function(match) { const newTxt = str.replace(/\s+([^<>]+)(?=<)/g, function (match) {
return match.replace(/\s/g, '&nbsp;'); return match.replace(/\s/g, '&nbsp;');
}); });
return newTxt; return newTxt;
...@@ -58,7 +61,7 @@ export function deepCopy(obj, parent = null) { ...@@ -58,7 +61,7 @@ export function deepCopy(obj, parent = null) {
if (React.isValidElement(obj)) { if (React.isValidElement(obj)) {
return React.cloneElement(obj); return React.cloneElement(obj);
} }
if(moment.isMoment(obj)){ if (moment.isMoment(obj)) {
return obj.clone(obj); return obj.clone(obj);
} }
if (['boolean', 'string', 'number'].indexOf(typeof obj) > -1 || !obj) { if (['boolean', 'string', 'number'].indexOf(typeof obj) > -1 || !obj) {
...@@ -220,7 +223,7 @@ export function controlNotification(props) { ...@@ -220,7 +223,7 @@ export function controlNotification(props) {
messageTime = nowTime; messageTime = nowTime;
notification.info({ notification.info({
...props, ...props,
icon: <Icon type='info-circle' style={{ color: '#fa8c16' }} />, icon: <Icon type="info-circle" style={{ color: '#fa8c16' }}/>,
}); });
return true; return true;
} }
...@@ -280,21 +283,15 @@ export function diGuiTree(treeData = [], i = 0) { ...@@ -280,21 +283,15 @@ export function diGuiTree(treeData = [], i = 0) {
* */ * */
export function downloadFile(url, params, fileName = '导出文件', ext = 'xlsx', method = 'POST') { export function downloadFile(url, params, fileName = '导出文件', ext = 'xlsx', method = 'POST') {
if(process.env.NODE_ENV === 'development' && getIsBei_Dian()){ if (process.env.NODE_ENV === 'development' && getIsBei_Dian()) {
url = url.replace('https://yx.bpi.edu.cn/produce', 'http://localhost:8010/produce'); url = url.replace('https://yx.bpi.edu.cn/produce', 'http://localhost:8010/produce');
} }
url = urlTransform(url);
fetch(url, { fetch(url, {
method, method,
body: method === 'GET' ? undefined : FormdataWrapper(params), body: method === 'GET' ? undefined : FormdataWrapper(params),
// credentials: 'omit', ...getHeaders(url),
// mode: 'cors',
// headers: {
// // Accept: 'application/json',
//
// },
headers: {
Authorization: `bearer ${getToken()}`,
},
}) })
.then((res) => { .then((res) => {
if (res.status + '' !== '200') { if (res.status + '' !== '200') {
...@@ -332,7 +329,7 @@ export function downloadFile(url, params, fileName = '导出文件', ext = 'xlsx ...@@ -332,7 +329,7 @@ export function downloadFile(url, params, fileName = '导出文件', ext = 'xlsx
} }
// 校验密码是否符合 包含数字 字母 和特殊字符 解决 中医大的安全漏洞 // 校验密码是否符合 包含数字 字母 和特殊字符 解决 中医大的安全漏洞
export default function CheckPassWord(password = '', length= 12) { export default function CheckPassWord(password = '', length = 12) {
// console.log(password); // console.log(password);
if (!password || password.length < length) { if (!password || password.length < length) {
// message.warning("密码过于简单, 请输入不小于8位的密码 且必须包含数字和字母!"); // message.warning("密码过于简单, 请输入不小于8位的密码 且必须包含数字和字母!");
...@@ -340,7 +337,7 @@ export default function CheckPassWord(password = '', length= 12) { ...@@ -340,7 +337,7 @@ export default function CheckPassWord(password = '', length= 12) {
return false; return false;
} }
let cRegex = new RegExp(/.*[\u4e00-\u9fa5]+.*$/); let cRegex = new RegExp(/.*[\u4e00-\u9fa5]+.*$/);
if(cRegex.test(password)){ if (cRegex.test(password)) {
message.warning('密码中不能包含中文字符!'); message.warning('密码中不能包含中文字符!');
return false; return false;
} }
...@@ -358,22 +355,22 @@ export default function CheckPassWord(password = '', length= 12) { ...@@ -358,22 +355,22 @@ export default function CheckPassWord(password = '', length= 12) {
* *
* 检查文本格式是否正确 * 检查文本格式是否正确
* */ * */
export function checkInputType(data, type){ export function checkInputType(data, type) {
switch (type) { switch (type) {
case 'phone': case 'phone':
if(!(/^[1][3,4,5,6,7,8,9][0-9]{9}$/.test(data))){ if (!(/^[1][3,4,5,6,7,8,9][0-9]{9}$/.test(data))) {
message.warning('手机号码格式错误!'); message.warning('手机号码格式错误!');
return false; return false;
} }
break; break;
case 'email': case 'email':
if(!(/^[A-Za-z0-9\u4e00-\u9fa5]+@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$/.test(data))){ if (!(/^[A-Za-z0-9\u4e00-\u9fa5]+@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$/.test(data))) {
message.warning('邮箱格式错误!'); message.warning('邮箱格式错误!');
return false; return false;
} }
break; break;
case 'idCard': case 'idCard':
if(!(/(^\d{15}$)|(^\d{18}$)|(^\d{17}(\d|X|x)$)/.test(data))){ if (!(/(^\d{15}$)|(^\d{18}$)|(^\d{17}(\d|X|x)$)/.test(data))) {
message.warning('身份证号码格式错误!'); message.warning('身份证号码格式错误!');
return false; return false;
} }
...@@ -385,10 +382,15 @@ export function checkInputType(data, type){ ...@@ -385,10 +382,15 @@ export function checkInputType(data, type){
return true; return true;
} }
export function getHeaders() { export function getHeaders(url = '') {
let safe = '';
if (url && url.indexOf('/safe') > -1) {
safe = '/safe' + url.split('/safe')[1];
}
return { return {
headers: { headers: {
Authorization: `bearer ${getToken()}`, Authorization: `bearer ${getToken()}`,
safe,
}, },
}; };
} }
...@@ -401,6 +403,7 @@ export function getIsA_Ba() { // 判断当前环境是不是阿坝学校 然后 ...@@ -401,6 +403,7 @@ export function getIsA_Ba() { // 判断当前环境是不是阿坝学校 然后
export function getIsBei_Dian() { // 判断当前环境是不是北电科学校 然后做定制需求. 主要用于定制开发 export function getIsBei_Dian() { // 判断当前环境是不是北电科学校 然后做定制需求. 主要用于定制开发
return window.specialImportantSystemConfig?.schoolName && window.specialImportantSystemConfig?.schoolName.indexOf('北京电子科技') > -1; return window.specialImportantSystemConfig?.schoolName && window.specialImportantSystemConfig?.schoolName.indexOf('北京电子科技') > -1;
} }
export function getIsGui_Jian() { // 判断当前环境是不是北电科学校 然后做定制需求. 主要用于定制开发 export function getIsGui_Jian() { // 判断当前环境是不是北电科学校 然后做定制需求. 主要用于定制开发
return window.specialImportantSystemConfig?.schoolName && window.specialImportantSystemConfig?.schoolName.indexOf('贵州建设职业') > -1; return window.specialImportantSystemConfig?.schoolName && window.specialImportantSystemConfig?.schoolName.indexOf('贵州建设职业') > -1;
} }
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论