bug-4428 敏感信息泄露风险处理，clintId/clientSecret不在前端存储，去除无用微签接口

public/config.js

@@ -33,12 +33,6 @@
     HEADER_SYSTEM_ID: 'X-Authorization-systemid',
     //  租户ID
     HEADER_TENANT_ID: 'X-Authorization-tenantid',
-
-    //================认证中心=====================
-    //申请应用时分配的AppKey
-    CLIENT_ID: 'ibps',
-    //申请应用时分配的AppSecret
-    CLIENT_SECRET: '58b65297-3467-0859-8337-8cbaf81ef68a',
     //授权方式:authorization_code ：授权码方式，  password_credentials：密码模式
     GRANT_TYPE: 'authorization_code',
 

src/api/oauth2/oauth2.js

@@ -214,8 +214,8 @@ OAuth.prototype.getAccessTokenByCode = function(code, callback) {
   const args = {
     url: OAUTH2_URL() + '/authentication/apply',
     data: {
-      client_id: this.clientId,
-      client_secret: this.clientSecret,
+      // client_id: this.clientId,
+      // client_secret: this.clientSecret,
       authorize_code: code,
       grant_type: 'authorization_code'
     },
@@ -296,7 +296,7 @@ OAuth.prototype.refreshAccessToken = function(refreshToken, callback) {
   const args = {
     url: OAUTH2_URL() + '/authentication/apply',
     data: {
-      client_id: this.clientId,
+      // client_id: this.clientId,
       grant_type: 'refresh_token',
       refresh_token: refreshToken
     },
@@ -461,7 +461,7 @@ OAuth.prototype.authorize = function(data, callback) {
       login_state: data
     }
   }
-  data.client_id = this.clientId
+  // data.client_id = this.clientId
 
   const args = {
     url,

src/api/oauth2/user.js

@@ -4,10 +4,12 @@ import { getRefreshToken } from '@/utils/auth'
 import { OAUTH2_URL } from '@/api/baseUrl'
 // 1、引入ibps-oauth包
 import IbpsOAuth from './oauth2'
-import { GRANT_TYPE, CLIENT_ID, CLIENT_SECRET } from '@/constant'
+// import { GRANT_TYPE, CLIENT_ID, CLIENT_SECRET } from '@/constant'
+import { GRANT_TYPE } from '@/constant'
 
 // 2、生成一个OAuth的实例，clientId和clientSecert作为构造参数
-const oauthApi = new IbpsOAuth(CLIENT_ID, CLIENT_SECRET)
+// const oauthApi = new IbpsOAuth(CLIENT_ID, CLIENT_SECRET)
+const oauthApi = new IbpsOAuth()
 
 /**
  * 用户登录
@@ -133,8 +135,8 @@ export function switchUser({ username, token }) {
     url: OAUTH2_URL() + '/authentication/switch',
     method: 'post',
     data: {
-      'client_id': CLIENT_ID,
-      'client_secret': CLIENT_SECRET,
+      // 'client_id': CLIENT_ID,
+      // 'client_secret': CLIENT_SECRET,
       'grant_type': 'authorization_code',
       'access_token': token,
       'username': username
@@ -147,8 +149,8 @@ export function exitSwitchUser({ username, token }) {
     url: OAUTH2_URL() + '/authentication/switch/exit',
     method: 'post',
     data: {
-      'client_id': CLIENT_ID,
-      'client_secret': CLIENT_SECRET,
+      // 'client_id': CLIENT_ID,
+      // 'client_secret': CLIENT_SECRET,
       'grant_type': 'authorization_code',
       'access_token': token,
       'username': username

src/api/oauth2/wechat.js

@@ -1,10 +1,11 @@
 // 1、引入wechat-oauth包
 import OAuth from 'wechat-oauth'
-import { CLIENT_ID, CLIENT_SECRET } from '@/constant'
+// import { CLIENT_ID, CLIENT_SECRET } from '@/constant'
 
 // 2、生成一个OAuth的实例，appId和appSecert作为构造参数
 
-var oauthApi = new OAuth(CLIENT_ID, CLIENT_SECRET)
+// var oauthApi = new OAuth(CLIENT_ID, CLIENT_SECRET)
+var oauthApi = new OAuth()
 
 // 微信登录 https://www.jianshu.com/p/1c48ec65936b
 console.info(oauthApi)

src/api/platform/form/seal.js

@@ -65,49 +65,3 @@ export const onlyOfficeToPdf = params => {
         params
     })
 }
-
-/* 自动微签：脚本对文件盖章 */
-export function seal (url, fileType, type) {
-    const Base64 = require('js-base64').Base64
-    const data = {
-        'signKey': 'V1FTMjAyMTEyMjFkOTVjNWM=',
-        'signSecret': 'YWQwMmY3ZjQ4ZDJmMmYwNDA=',
-        'sealUser': 'YWRtaW4=',
-        'password': 'MTIzNA==',
-        // "ruleName": "6aqR57yd56ug6KeE5YiZLOmmlumhteeblueroA==",
-        'ruleName': type,
-        'provideSigFile': Base64.encode(url),
-        'fileKey': Base64.encode(Utils.guid() + '.' + fileType)
-    }
-    return axios({
-        url: `${BASE_URL}doSeal/`,
-        method: 'post',
-        data: data
-    })
-}
-
-/* 手动微签：脚本对文件进行手动盖章-预处理 */
-export function sealPre (url, fileKey) {
-    const Base64 = require('js-base64').Base64
-    const data = {
-        'signKey': 'V1FTMjAyMTEyMjFkOTVjNWM=',
-        'signSecret': 'YWQwMmY3ZjQ4ZDJmMmYwNDA=',
-        'sealUser': 'YWRtaW4=',
-        'password': 'MTIzNA==',
-        'provideSigFile': Base64.encode(url),
-        // "getSigFile":  Base64.encode(this.$form.$getSigFile),
-        'getSigFile': Base64.encode(`${BASE_URL}#/sealCompleted`),
-        'fileKey': Base64.encode(fileKey)
-    }
-    return axios({
-        url: `${BASE_URL}preprocess/`,
-        method: 'post',
-        data: data
-    })
-}
-
-/* 手动微签：脚本对文件进行手动盖章-手动签章页面的url */
-export function getSigPageUrl (sigFile) {
-    const sigUrl = `${BASE_SEAL_API}manualSig/manualSigPage/?signKey=V1FTMjAyMTEyMjFkOTVjNWM=&signSecret=YWQwMmY3ZjQ4ZDJmMmYwNDA=&sigFile=${sigFile}`
-    return sigUrl
-}

src/business/platform/form/utils/JForm.js

@@ -13,7 +13,6 @@ import Vue from 'vue'
 import request from '@/utils/request'
 import common from '@/utils/common'
 import dialog from '@/utils/dialog'
-import sealApi from '@/utils/seal'
 import store from '@/store'
 const _import = require('@/utils/util.import.' + process.env.NODE_ENV)
 import router from '@/router'
@@ -40,7 +39,6 @@ _.extend(JForm, {
         this.$request = request
         this.$dialog = dialog
         this.$common = common
-        this.$sealApi = sealApi
         this.$router = router
         this.$store = store
         this.$import = _import

src/utils/seal.js

@@ -1,9 +0,0 @@
-// 微签接口
-
-import { seal,sealPre,getSigPageUrl } from '@/api/platform/form/seal'
-
-export default {
-    seal,
-    sealPre,
-    getSigPageUrl
-}