提交 696e1c1d authored 作者: 钟是志's avatar 钟是志

北电科安全漏洞修改

上级 cea79cec
......@@ -2,14 +2,55 @@ import fetch from 'dva/fetch';
import router from 'umi/router';
import moment from 'moment';
import FormdataWrapper from '@/webPublic/zyd_public/utils/object-to-formdata-custom';
import { isJSON, controlNotification, getIsBei_Dian } from '@/webPublic/zyd_public/utils/utils';
import {
isJSON,
controlNotification,
getIsBei_Dian,
getHeaders,
} from '@/webPublic/zyd_public/utils/utils';
import config from '@/config/config';
import apiConfig from './apiSystemConfig';
import { omit } from 'lodash';
import qs from 'qs';
import { queryIsSafe } from '@/webPublic/one_stop_public/utils/queryConfig';
import { uaaRequest } from '@/webPublic/one_stop_public/utils/request';
import { getToken, setToken, setFetchUrl, getFetchUrl, getType, setType } from '@/webPublic/one_stop_public/utils/token';
import {
getToken,
setToken,
setFetchUrl,
getFetchUrl,
getType,
setType
} from '@/webPublic/one_stop_public/utils/token';
// 28038 1.1越权【高】 2022年7月7日
export const urlTransform = (url) => {
if (!getIsBei_Dian()) {
return url;
}
if (url && url.indexOf(config.gateWayPort) > -1) {
let uArr = url.split(config.gateWayPort);
uArr[1] = uArr[1].replaceAll('\//', '\/');
url = config.gateWayPort + uArr[1];
}
// let u = url.split('://');
let currentUser = sessionStorage.getItem('currentUser');
if (!currentUser || !isJSON(currentUser)) {
console.log('没有获取currentUser, 无法转换接口');
return url;
}
currentUser = JSON.parse(currentUser);
if (!currentUser.typeString) {
console.log('没有获取currentUser的typeString, 无法转换接口');
return url;
}
if (url && url.indexOf('zydsgWeb') > -1) {
url = url.replace('zydsgWeb', 'zydsgWeb/safe/' + currentUser.typeString);
}
return url;
};
const codeMessage = {
200: '服务器成功返回请求的数据。',
......@@ -44,8 +85,8 @@ const checkStatus = response => {
}
if (response.status === 401) {
setToken(null);
if(window.top != window.self){
window.top.postMessage("returnLogin", '*'); // Iframe 返回登录页
if (window.top != window.self) {
window.top.postMessage('returnLogin', '*'); // Iframe 返回登录页
return true;
}
}
......@@ -82,7 +123,8 @@ function setFetchInfo(url, options) {
let session = getFetchUrl();
if (isJSON(session)) {
session = JSON.parse(session);
if (session.url === url && moment().valueOf() - session.time < 500) {
if (session.url === url && moment()
.valueOf() - session.time < 500) {
if (options.body && JSON.stringify(options.body) === session.body) {
console.log('频繁调用接口: ', url);
return false;
......@@ -92,7 +134,8 @@ function setFetchInfo(url, options) {
return JSON.stringify({
url,
time: moment().valueOf(),
time: moment()
.valueOf(),
body: options.body ? JSON.stringify(options.body) : '',
});
}
......@@ -108,13 +151,14 @@ export default function request(
url,
options = {},
) {
url = urlTransform(url); // 北电科接口越权修改
if (url && url.indexOf('/CmsApi/') > -1 && queryIsSafe() && url.indexOf('/CmsApi/getExportInfo') <= -1) {
url = url.replace(config.httpServer, '');
return uaaRequest(url, options.body);
}
if(process.env.NODE_ENV === 'development' && getIsBei_Dian()){
if (process.env.NODE_ENV === 'development' && getIsBei_Dian()) {
url = url.replace('https://yx.bpi.edu.cn/produce', 'http://localhost:8010/produce');
url = url.replace('http://scjoyedu.eicp.net:51352/produce', 'http://localhost:8010/produce');
}
let sessionFetch = setFetchInfo(url, options);
......@@ -125,10 +169,10 @@ export default function request(
}
let defaultToken = getToken();
const token = defaultToken !== null && defaultToken !== 'null' ? defaultToken : '';
if(url.indexOf('oauthPub=true') <= -1 && url.indexOf('uia/logout') <= -1 && !getIsBei_Dian()){
if(url.indexOf('?') > -1){
if (url.indexOf('oauthPub=true') <= -1 && url.indexOf('uia/logout') <= -1 && !getIsBei_Dian()) {
if (url.indexOf('?') > -1) {
url = url + '&token=' + (process.env.NODE_ENV === 'development' ? token : '');
}else{
} else {
url = url + '?token=' + (process.env.NODE_ENV === 'development' ? token : '');
}
}
......@@ -155,7 +199,7 @@ export default function request(
newOptions.headers = {
Accept: 'application/json',
...newOptions.headers,
Authorization: `bearer ${token}`,
...getHeaders(url).headers,
};
newOptions.body = FormdataWrapper(newOptions.body);
} else {
......@@ -164,7 +208,7 @@ export default function request(
Accept: 'application/json',
'Content-Type': 'multipart/form-data',
...newOptions.headers,
Authorization: `bearer ${token}`,
...getHeaders(url).headers,
};
}
}
......@@ -173,7 +217,7 @@ export default function request(
newOptions = omit(newOptions, 'body');
}
if(!token || token === 'null' || url.indexOf('uia/logout') > -1){
if (!token || token === 'null' || url.indexOf('uia/logout') > -1) {
delete newOptions.headers.Authorization;
}
......@@ -195,7 +239,7 @@ export default function request(
if (typeof response == 'string') {
try {
const xxx = JSON.parse(response);
if(xxx.status === 404){
if (xxx.status === 404) {
controlNotification({
message: '接口异常',
});
......@@ -220,8 +264,8 @@ export default function request(
const status = e.name;
if (status === 401) {
if(window.top != window.self){
window.top.postMessage("returnLogin", '*'); // Iframe 返回登录页
if (window.top != window.self) {
window.top.postMessage('returnLogin', '*'); // Iframe 返回登录页
return true;
}
// @HACK
......@@ -245,7 +289,6 @@ export default function request(
}
let systemName = '学工系统';
let type = getType();
if (url.indexOf('/v1/api/zydxgWeb/') > -1 && type) {
......@@ -259,7 +302,7 @@ export default function request(
systemName = findApiConfig && findApiConfig.name || '系统';
}
if(!window.navigator.onLine){
if (!window.navigator.onLine) {
return controlNotification({
message: '网络故障',
description: `${systemName}无法连接到网络,请稍后再试`,
......@@ -269,8 +312,8 @@ export default function request(
message: '网络故障',
description: `${systemName}无法连接到服务器,请稍后再试`,
});
if(window.top != window.self){
window.top.postMessage("returnLogin", '*'); // Iframe 返回登录页
if (window.top != window.self) {
window.top.postMessage('returnLogin', '*'); // Iframe 返回登录页
return true;
}
return;
......
......@@ -2,6 +2,7 @@ import { getIsBei_Dian } from '@/webPublic/zyd_public/utils/utils';
import { getToken } from '@/webPublic/one_stop_public/utils/token';
import config from '@/config/config';
import { getInfo, transformApi } from '@/highOrderComponent/Service';
import { urlTransform } from '@/webPublic/zyd_public/request/request';
export function hrefWithToken(url) {
if (!getIsBei_Dian()) {
if (url.indexOf('?') > -1) {
......@@ -13,8 +14,10 @@ export function hrefWithToken(url) {
getInfo({}, '/InstructorConfigApi/getCurrentDate')
.then((response) => {
const hrefUrl = transformApi(url);
let u = `${hrefUrl}${url}`;
u = urlTransform(u);
if (response) {
window.open(`${hrefUrl}${url}`); // 存在问题 浏览器会自动切换内核到IE 内核导致 文件名称乱码.
window.open(`${u}`); // 存在问题 浏览器会自动切换内核到IE 内核导致 文件名称乱码.
return true;
} else {
return false;
......@@ -36,7 +39,7 @@ export function hrefWithTokenSg(url) {
const hrefUrl = `${config.mockServer}/${config.gateWayUrl.zydsg}`;
if (response) {
let u = `${hrefUrl}${url}`;
console.log(u);
u = urlTransform(u);
window.open(u); // 存在问题 浏览器会自动切换内核到IE 内核导致 文件名称乱码.
return true;
} else {
......
......@@ -8,6 +8,7 @@ import { Icon, message, notification } from 'antd';
import { getOneStopActiveMenus, getOnestopKey } from '../../Services';
import FormdataWrapper from './object-to-formdata-custom';
import { getToken } from '@/webPublic/one_stop_public/utils/token';
import { urlTransform } from '@/webPublic/zyd_public/request/request';
let messageTime = new Date().getTime() - 3000;
......@@ -15,7 +16,8 @@ let messageTime = new Date().getTime() - 3000;
* 校验 开始时间必须在结束时间之前的函数
* */
export function checkDate(endTime = '2019-01-01', startTime = '2018-12-31') {
return moment(endTime).isAfter(moment(startTime));
return moment(endTime)
.isAfter(moment(startTime));
}
/**
......@@ -23,14 +25,15 @@ export function checkDate(endTime = '2019-01-01', startTime = '2018-12-31') {
* */
export function matchReg(str) {
let reg = /<\/?.+?\/?>/g;
return str.replace(reg, '').replace(/&nbsp;/g, ' ');
return str.replace(reg, '')
.replace(/&nbsp;/g, ' ');
}
export function htmlFormat(str) {
if (typeof str !== 'string') {
return '';
}
const newTxt = str.replace(/\s+([^<>]+)(?=<)/g, function(match) {
const newTxt = str.replace(/\s+([^<>]+)(?=<)/g, function (match) {
return match.replace(/\s/g, '&nbsp;');
});
return newTxt;
......@@ -58,7 +61,7 @@ export function deepCopy(obj, parent = null) {
if (React.isValidElement(obj)) {
return React.cloneElement(obj);
}
if(moment.isMoment(obj)){
if (moment.isMoment(obj)) {
return obj.clone(obj);
}
if (['boolean', 'string', 'number'].indexOf(typeof obj) > -1 || !obj) {
......@@ -220,7 +223,7 @@ export function controlNotification(props) {
messageTime = nowTime;
notification.info({
...props,
icon: <Icon type='info-circle' style={{ color: '#fa8c16' }} />,
icon: <Icon type="info-circle" style={{ color: '#fa8c16' }}/>,
});
return true;
}
......@@ -280,21 +283,15 @@ export function diGuiTree(treeData = [], i = 0) {
* */
export function downloadFile(url, params, fileName = '导出文件', ext = 'xlsx', method = 'POST') {
if(process.env.NODE_ENV === 'development' && getIsBei_Dian()){
if (process.env.NODE_ENV === 'development' && getIsBei_Dian()) {
url = url.replace('https://yx.bpi.edu.cn/produce', 'http://localhost:8010/produce');
}
url = urlTransform(url);
fetch(url, {
method,
body: method === 'GET' ? undefined : FormdataWrapper(params),
// credentials: 'omit',
// mode: 'cors',
// headers: {
// // Accept: 'application/json',
//
// },
headers: {
Authorization: `bearer ${getToken()}`,
},
...getHeaders(url),
})
.then((res) => {
if (res.status + '' !== '200') {
......@@ -332,7 +329,7 @@ export function downloadFile(url, params, fileName = '导出文件', ext = 'xlsx
}
// 校验密码是否符合 包含数字 字母 和特殊字符 解决 中医大的安全漏洞
export default function CheckPassWord(password = '', length= 12) {
export default function CheckPassWord(password = '', length = 12) {
// console.log(password);
if (!password || password.length < length) {
// message.warning("密码过于简单, 请输入不小于8位的密码 且必须包含数字和字母!");
......@@ -340,7 +337,7 @@ export default function CheckPassWord(password = '', length= 12) {
return false;
}
let cRegex = new RegExp(/.*[\u4e00-\u9fa5]+.*$/);
if(cRegex.test(password)){
if (cRegex.test(password)) {
message.warning('密码中不能包含中文字符!');
return false;
}
......@@ -358,22 +355,22 @@ export default function CheckPassWord(password = '', length= 12) {
*
* 检查文本格式是否正确
* */
export function checkInputType(data, type){
export function checkInputType(data, type) {
switch (type) {
case 'phone':
if(!(/^[1][3,4,5,6,7,8,9][0-9]{9}$/.test(data))){
if (!(/^[1][3,4,5,6,7,8,9][0-9]{9}$/.test(data))) {
message.warning('手机号码格式错误!');
return false;
}
break;
case 'email':
if(!(/^[A-Za-z0-9\u4e00-\u9fa5]+@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$/.test(data))){
if (!(/^[A-Za-z0-9\u4e00-\u9fa5]+@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$/.test(data))) {
message.warning('邮箱格式错误!');
return false;
}
break;
case 'idCard':
if(!(/(^\d{15}$)|(^\d{18}$)|(^\d{17}(\d|X|x)$)/.test(data))){
if (!(/(^\d{15}$)|(^\d{18}$)|(^\d{17}(\d|X|x)$)/.test(data))) {
message.warning('身份证号码格式错误!');
return false;
}
......@@ -385,10 +382,15 @@ export function checkInputType(data, type){
return true;
}
export function getHeaders() {
export function getHeaders(url = '') {
let safe = '';
if (url && url.indexOf('/safe') > -1) {
safe = '/safe' + url.split('/safe')[1];
}
return {
headers: {
Authorization: `bearer ${getToken()}`,
safe,
},
};
}
......@@ -401,6 +403,7 @@ export function getIsA_Ba() { // 判断当前环境是不是阿坝学校 然后
export function getIsBei_Dian() { // 判断当前环境是不是北电科学校 然后做定制需求. 主要用于定制开发
return window.specialImportantSystemConfig?.schoolName && window.specialImportantSystemConfig?.schoolName.indexOf('北京电子科技') > -1;
}
export function getIsGui_Jian() { // 判断当前环境是不是北电科学校 然后做定制需求. 主要用于定制开发
return window.specialImportantSystemConfig?.schoolName && window.specialImportantSystemConfig?.schoolName.indexOf('贵州建设职业') > -1;
}
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论