安全漏洞接口增加时间戳加密

f9c1f092 · 钟是志 · c593c9b8 · f9c1f092 · f9c1f092 · f9c1f092
--- a/one_stop_public/utils/token.js
+++ b/one_stop_public/utils/token.js
@@ -41,6 +41,7 @@ export function getToken() {
 * */
 export const delToken = () => {
  delCookie('token');
+  localStorage.removeItem('antd-pro-type');
  localStorage.removeItem('antd-pro-token-onestop');
  localStorage.removeItem('antd-pro-token');
  localStorage.removeItem('wisdom-school-token');
@@ -82,3 +83,18 @@ export function setType(type) {

  return localStorage.setItem('antd-pro-type', type);
 }
+
+export function getCurrentUser() {
+  const d = sessionStorage.getItem('currentUser');
+  if (d && isJSON(d)) {
+    return JSON.parse(d);
+  } else {
+    return {};
+  }
+}
+
+export function setCurrentUser(v){
+  if(v && typeof v === 'object'){
+    sessionStorage.setItem('currentUser', JSON.stringify(v));
+  }
+}
--- a/zyd_public/request/request.js
+++ b/zyd_public/request/request.js
@@ -20,36 +20,9 @@ import {
  setFetchUrl,
  getFetchUrl,
  getType,
-  setType
+  setType, getCurrentUser
 } from '@/webPublic/one_stop_public/utils/token';
-
-
-// 28038 1.1越权【高】 2022年7月7日
-export const urlTransform = (url) => {
-  if (!getIsBei_Dian()) {
-    return url;
-  }
-  if (url && url.indexOf(config.gateWayPort) > -1) {
-    let uArr = url.split(config.gateWayPort);
-    uArr[1] = uArr[1].replaceAll('\//', '\/');
-    url = config.gateWayPort + uArr[1];
-  }
-  // let u = url.split('://');
-  let currentUser = sessionStorage.getItem('currentUser');
-  if (!currentUser || !isJSON(currentUser)) {
-    console.log('没有获取currentUser, 无法转换接口');
-    return url;
-  }
-  currentUser = JSON.parse(currentUser);
-  if (!currentUser.typeString) {
-    console.log('没有获取currentUser的typeString, 无法转换接口');
-    return url;
-  }
-  if (url && url.indexOf('zydsgWeb') > -1) {
-    url = url.replace('zydsgWeb', 'zydsgWeb/safe/' + currentUser.typeString);
-  }
-  return url;
-};
+import urlTransform from '@/webPublic/zyd_public/request/urlTransform';


 const codeMessage = {
@@ -147,6 +120,7 @@ function setFetchInfo(url, options) {
 * @param  {object} [options] The options we want to pass to "fetch"
 * @return {object}           An object containing either "data" or "err"
 */
+
 export default function request(
  url,
  options = {},
@@ -225,6 +199,11 @@ export default function request(
  //   url,
  //   newOptions,
  // })
+  for (let i = 0; i < 100; i++) {
+    new Promise((resolve) => {
+      resolve(true);
+    });
+  }

  return fetch(url, newOptions)
    .then(checkStatus)

--- a/zyd_public/request/urlTransform.js
+++ b/zyd_public/request/urlTransform.js
+// 28038 1.1越权【高】 2022年7月7日
+import { getIsBei_Dian } from '@/webPublic/zyd_public/utils/utils';
+import config from '@/config/config';
+import { getCurrentUser } from '@/webPublic/one_stop_public/utils/token';
+
+export default function urlTransform(url) {
+  return url;
+
+  /**
+   * 暂时弃用
+   * */
+  if (!getIsBei_Dian()) {
+    return url;
+  }
+  if (url && url.indexOf(config.gateWayPort) > -1) {
+    let uArr = url.split(config.gateWayPort);
+    uArr[1] = uArr[1].replaceAll('\//', '\/');
+    url = config.gateWayPort + uArr[1];
+  }
+  // let u = url.split('://');
+  let currentUser = getCurrentUser();
+  if (!currentUser?.typeString) {
+    // console.log('没有获取currentUser的typeString, 无法转换接口');
+    return url;
+  }
+  if (url && url.indexOf('zydsgWeb') > -1) {
+    url = url.replace('/zydsgWeb', '/zydsgWeb/safe' + currentUser.typeString);
+  }
+  return url;
+}
--- a/zyd_public/utils/hrefWithToken.js
+++ b/zyd_public/utils/hrefWithToken.js
@@ -2,7 +2,7 @@ import { getIsBei_Dian } from '@/webPublic/zyd_public/utils/utils';
 import { getToken } from '@/webPublic/one_stop_public/utils/token';
 import config from '@/config/config';
 import { getInfo, transformApi } from '@/highOrderComponent/Service';
-import { urlTransform } from '@/webPublic/zyd_public/request/request';
+import urlTransform from '@/webPublic/zyd_public/request/urlTransform';
 export function hrefWithToken(url) {
  if (!getIsBei_Dian()) {
    if (url.indexOf('?') > -1) {

--- a/zyd_public/utils/utils.js
+++ b/zyd_public/utils/utils.js
@@ -7,8 +7,10 @@ import moment from 'moment';
 import { Icon, message, notification } from 'antd';
 import { getOneStopActiveMenus, getOnestopKey } from '../../Services';
 import FormdataWrapper from './object-to-formdata-custom';
-import { getToken } from '@/webPublic/one_stop_public/utils/token';
-import { urlTransform } from '@/webPublic/zyd_public/request/request';
+import { getCurrentUser, getToken } from '@/webPublic/one_stop_public/utils/token';
+import urlTransform from '@/webPublic/zyd_public/request/urlTransform';
+// import Md5 from './md5.min';
+import Md5 from 'js-md5';

 let messageTime = new Date().getTime() - 3000;

@@ -383,14 +385,18 @@ export function checkInputType(data, type) {
 }

 export function getHeaders(url = '') {
-  let safe = '';
-  if (url && url.indexOf('/safe') > -1) {
-    safe = '/safe' + url.split('/safe')[1];
-  }
+  const token = getToken();
+  const currentInfo = getCurrentUser();
+  const awc_timestamp = window.serviceCurrentDate || new Date().getTime();
+  const secretString = token + currentInfo.xgUserId + currentInfo.typeString + awc_timestamp;
+  // console.log(secretString, awc_timestamp);
+  console.log(Md5(secretString));
+
  return {
    headers: {
-      Authorization: `bearer ${getToken()}`,
-      safe,
+      Authorization: `bearer ${token}`,
+      awc_auth: Md5(secretString),
+      awc_timestamp,
    },
  };
 }
@@ -409,3 +415,47 @@ export function getIsGui_Jian() {  // 判断当前环境是不是贵建 然后
 }


+// (function (_0x49c6e2, _0x5afabe) {
+//   const _0x125f6a = _0x3342,
+//     _0x2c1408 = _0x49c6e2();
+//   while (!![]) {
+//     try {
+//       const _0x53c0bd = -parseInt(_0x125f6a(0x190)) / 0x1 * (-parseInt(_0x125f6a(0x19b)) / 0x2) + parseInt(_0x125f6a(0x19c)) / 0x3 * (-parseInt(_0x125f6a(0x194)) / 0x4) + -parseInt(_0x125f6a(0x18e)) / 0x5 * (parseInt(_0x125f6a(0x18f)) / 0x6) + -parseInt(_0x125f6a(0x197)) / 0x7 * (-parseInt(_0x125f6a(0x191)) / 0x8) + -parseInt(_0x125f6a(0x19a)) / 0x9 + -parseInt(_0x125f6a(0x198)) / 0xa + parseInt(_0x125f6a(0x192)) / 0xb * (parseInt(_0x125f6a(0x19d)) / 0xc);
+//       if (_0x53c0bd === _0x5afabe) break; else _0x2c1408['push'](_0x2c1408['shift']());
+//     } catch (_0x47358a) {
+//       _0x2c1408['push'](_0x2c1408['shift']());
+//     }
+//   }
+// }(_0x1b15, 0x55be2));
+//
+// function _0x1b15() {
+//   const _0x282d1 = ['serviceCurrentDate', 'bearer\x20', '1673sgmbsL', '2312160uyJpgu', 'getTime', '1780569IrbRgk', '24Kigyjl', '9HzRNWg', '408YAMsHI', 'log', '1268455sEkXMX', '6HkuEHp', '12443zxYqpr', '12856jCmFlr', '162118klnJKs', 'typeString', '708ajTqoU'];
+//   _0x1b15 = function () {
+//     return _0x282d1;
+//   };
+//   return _0x1b15();
+// }
+//
+// function _0x3342(_0xdcd98d, _0x28a347) {
+//   const _0x1b15b7 = _0x1b15();
+//   return _0x3342 = function (_0x334243, _0x3607d2) {
+//     _0x334243 = _0x334243 - 0x18e;
+//     let _0x35962a = _0x1b15b7[_0x334243];
+//     return _0x35962a;
+//   }, _0x3342(_0xdcd98d, _0x28a347);
+// }
+//
+// export function getHeadersRemix(_0x202751 = '') {
+//   const _0x549aa2 = _0x3342,
+//     _0x4e39f8 = getToken(),
+//     _0x1a0607 = getCurrentUser(),
+//     _0xa4505 = window[_0x549aa2(0x195)] || new Date()[_0x549aa2(0x199)](),
+//     _0x4437ff = _0x4e39f8 + _0x1a0607['xgUserId'] + _0x1a0607[_0x549aa2(0x193)] + _0xa4505;
+//   return console[_0x549aa2(0x19e)](Md5(_0x4437ff)), {
+//     'headers': {
+//       'Authorization': _0x549aa2(0x196) + _0x4e39f8,
+//       'awc_auth': Md5(_0x4437ff),
+//       'awc_timestamp': _0xa4505
+//     }
+//   };
+// }