Startsida Utforska Hjälp
Registrera dig Logga in
ZhuJiaHao
/
zdqy_firm_former
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

bug-4428 敏感信息泄露风险处理,clintId/clientSecret不在前端存储,去除无用微签接口

cfort 10 månader sedan
förälder
b5c2d58236
incheckning
c91604a6bf
6 ändrade filer med 15 tillägg och 76 borttagningar
Unifierad Vy Visa Diff Statistik
  1. 0 6
      public/config.js
  2. 7 7
      src/api/oauth2/oauth2.js
  3. 8 6
      src/api/oauth2/user.js
  4. 0 46
      src/api/platform/form/seal.js
  5. 0 2
      src/business/platform/form/utils/JForm.js
  6. 0 9
      src/utils/seal.js

+ 0 - 6
public/config.js
Visa fil 

@@ -38,12 +38,6 @@
 
         HEADER_SYSTEM_ID: 'X-Authorization-systemid',
 
         HEADER_SYSTEM_ID: 'X-Authorization-systemid',
 
         //  租户ID
 
         //  租户ID
 
         HEADER_TENANT_ID: 'X-Authorization-tenantid',
 
         HEADER_TENANT_ID: 'X-Authorization-tenantid',
 
-
 
-        //================认证中心=====================
 
-        //申请应用时分配的AppKey
 
-        CLIENT_ID: 'ibps',
 
-        //申请应用时分配的AppSecret
 
-        CLIENT_SECRET: '58b65297-3467-0859-8337-8cbaf81ef68a',
 
         //授权方式:authorization_code :授权码方式,  password_credentials:密码模式
 
         //授权方式:authorization_code :授权码方式,  password_credentials:密码模式
 
         GRANT_TYPE: 'authorization_code',
 
         GRANT_TYPE: 'authorization_code',

+ 7 - 7
src/api/oauth2/oauth2.js
Visa fil 

@@ -220,8 +220,8 @@ OAuth.prototype.getAccessTokenByCode = function (code, callback) {
 
     const args = {
 
     const args = {
 
         url: OAUTH2_URL() + '/authentication/apply',
 
         url: OAUTH2_URL() + '/authentication/apply',
 
         data: {
 
         data: {
 
-            client_id: this.clientId,
 
-            client_secret: this.clientSecret,
 
+            // client_id: this.clientId,
 
+            // client_secret: this.clientSecret,
 
             authorize_code: code,
 
             authorize_code: code,
 
             username: this.username,
 
             username: this.username,
 
             grant_type: 'authorization_code'
 
             grant_type: 'authorization_code'
 
@@ -264,8 +264,8 @@ OAuth.prototype.getAccessTokenByPassword = function ({ username, password }, cal
 
     const args = {
 
     const args = {
 
         url: OAUTH2_URL() + '/authentication/apply',
 
         url: OAUTH2_URL() + '/authentication/apply',
 
         data: {
 
         data: {
 
-            client_id: this.clientId,
 
-            client_secret: this.clientSecret,
 
+            // client_id: this.clientId,
 
+            // client_secret: this.clientSecret,
 
             username: username,
 
             username: username,
 
             password: password,
 
             password: password,
 
             grant_type: 'password_credentials'
 
             grant_type: 'password_credentials'
 
@@ -306,8 +306,8 @@ OAuth.prototype.refreshAccessToken = function (refreshToken, callback) {
 
     const args = {
 
     const args = {
 
         url: OAUTH2_URL() + '/authentication/apply',
 
         url: OAUTH2_URL() + '/authentication/apply',
 
         data: {
 
         data: {
 
-            client_id: this.clientId,
 
-            client_secret: this.clientSecret,
 
+            // client_id: this.clientId,
 
+            // client_secret: this.clientSecret,
 
             grant_type: 'refresh_token',
 
             grant_type: 'refresh_token',
 
             username,
 
             username,
 
             refresh_token: refreshToken
 
             refresh_token: refreshToken
 
@@ -474,7 +474,7 @@ OAuth.prototype.authorize = function (data, callback) {
 
             login_state: data
 
             login_state: data
 
         }
 
         }
 
     }
 
     }
 
-    data.client_id = this.clientId
 
+    // data.client_id = this.clientId
 
 
 
     const args = {
 
     const args = {
 
         url,
 
         url,

+ 8 - 6
src/api/oauth2/user.js
Visa fil 

@@ -4,10 +4,12 @@ import { getRefreshToken } from '@/utils/auth'
 
 import { OAUTH2_URL } from '@/api/baseUrl'
 
 import { OAUTH2_URL } from '@/api/baseUrl'
 
 // 1、引入ibps-oauth包
 
 // 1、引入ibps-oauth包
 
 import IbpsOAuth from './oauth2'
 
 import IbpsOAuth from './oauth2'
 
-import { GRANT_TYPE, CLIENT_ID, CLIENT_SECRET } from '@/constant'
 
+// import { GRANT_TYPE, CLIENT_ID, CLIENT_SECRET } from '@/constant'
 
+import { GRANT_TYPE } from '@/constant'
 
 
 
 // 2、生成一个OAuth的实例,clientId和clientSecert作为构造参数
 
 // 2、生成一个OAuth的实例,clientId和clientSecert作为构造参数
 
-const oauthApi = new IbpsOAuth(CLIENT_ID, CLIENT_SECRET)
 
+// const oauthApi = new IbpsOAuth(CLIENT_ID, CLIENT_SECRET)
 
+const oauthApi = new IbpsOAuth()
 
 
 
 /**
 
 /**
 
  * 用户登录
 
  * 用户登录
 
@@ -120,8 +122,8 @@ export function switchUser ({ username, token }) {
 
         url: OAUTH2_URL() + '/authentication/switch',
 
         url: OAUTH2_URL() + '/authentication/switch',
 
         method: 'post',
 
         method: 'post',
 
         data: {
 
         data: {
 
-            'client_id': CLIENT_ID,
 
-            'client_secret': CLIENT_SECRET,
 
+            // 'client_id': CLIENT_ID,
 
+            // 'client_secret': CLIENT_SECRET,
 
             'grant_type': 'authorization_code',
 
             'grant_type': 'authorization_code',
 
             'access_token': token,
 
             'access_token': token,
 
             'username': username
 
             'username': username
 
@@ -134,8 +136,8 @@ export function exitSwitchUser ({ username, token }) {
 
         url: OAUTH2_URL() + '/authentication/switch/exit',
 
         url: OAUTH2_URL() + '/authentication/switch/exit',
 
         method: 'post',
 
         method: 'post',
 
         data: {
 
         data: {
 
-            'client_id': CLIENT_ID,
 
-            'client_secret': CLIENT_SECRET,
 
+            // 'client_id': CLIENT_ID,
 
+            // 'client_secret': CLIENT_SECRET,
 
             'grant_type': 'authorization_code',
 
             'grant_type': 'authorization_code',
 
             'access_token': token,
 
             'access_token': token,
 
             'username': username
 
             'username': username

+ 0 - 46
src/api/platform/form/seal.js
Visa fil 

@@ -65,49 +65,3 @@ export const onlyOfficeToPdf = params => {
 
         params
 
         params
 
     })
 
     })
 
 }
 
 }
 
-
 
-/* 自动微签:脚本对文件盖章 */
 
-export function seal (url, fileType, type) {
 
-    const Base64 = require('js-base64').Base64
 
-    const data = {
 
-        'signKey': 'V1FTMjAyMTEyMjFkOTVjNWM=',
 
-        'signSecret': 'YWQwMmY3ZjQ4ZDJmMmYwNDA=',
 
-        'sealUser': 'YWRtaW4=',
 
-        'password': 'MTIzNA==',
 
-        // "ruleName": "6aqR57yd56ug6KeE5YiZLOmmlumhteeblueroA==",
 
-        'ruleName': type,
 
-        'provideSigFile': Base64.encode(url),
 
-        'fileKey': Base64.encode(Utils.guid() + '.' + fileType)
 
-    }
 
-    return axios({
 
-        url: `${BASE_URL}doSeal/`,
 
-        method: 'post',
 
-        data: data
 
-    })
 
-}
 
-
 
-/* 手动微签:脚本对文件进行手动盖章-预处理 */
 
-export function sealPre (url, fileKey) {
 
-    const Base64 = require('js-base64').Base64
 
-    const data = {
 
-        'signKey': 'V1FTMjAyMTEyMjFkOTVjNWM=',
 
-        'signSecret': 'YWQwMmY3ZjQ4ZDJmMmYwNDA=',
 
-        'sealUser': 'YWRtaW4=',
 
-        'password': 'MTIzNA==',
 
-        'provideSigFile': Base64.encode(url),
 
-        // "getSigFile":  Base64.encode(this.$form.$getSigFile),
 
-        'getSigFile': Base64.encode(`${BASE_URL}#/sealCompleted`),
 
-        'fileKey': Base64.encode(fileKey)
 
-    }
 
-    return axios({
 
-        url: `${BASE_URL}preprocess/`,
 
-        method: 'post',
 
-        data: data
 
-    })
 
-}
 
-
 
-/* 手动微签:脚本对文件进行手动盖章-手动签章页面的url */
 
-export function getSigPageUrl (sigFile) {
 
-    const sigUrl = `${BASE_SEAL_API}manualSig/manualSigPage/?signKey=V1FTMjAyMTEyMjFkOTVjNWM=&signSecret=YWQwMmY3ZjQ4ZDJmMmYwNDA=&sigFile=${sigFile}`
 
-    return sigUrl
 
-}

+ 0 - 2
src/business/platform/form/utils/JForm.js
Visa fil 

@@ -6,7 +6,6 @@ import Vue from 'vue'
 
 import request from '@/utils/request'
 
 import request from '@/utils/request'
 
 import dialog from '@/utils/dialog'
 
 import dialog from '@/utils/dialog'
 
 import common from '@/utils/common'
 
 import common from '@/utils/common'
 
-import sealApi from '@/utils/seal'
 
 const _import = require('@/utils/util.import.' + process.env.NODE_ENV)
 
 const _import = require('@/utils/util.import.' + process.env.NODE_ENV)
 
 import store from '@/store'
 
 import store from '@/store'
 
 import router from '@/router'
 
 import router from '@/router'
 
@@ -33,7 +32,6 @@ _.extend(JForm, {
 
         this.$request = request
 
         this.$request = request
 
         this.$dialog = dialog
 
         this.$dialog = dialog
 
         this.$common = common
 
         this.$common = common
 
-        this.$sealApi = sealApi
 
         this.$router = router
 
         this.$router = router
 
         this.$store = store
 
         this.$store = store
 
         this.$import = _import
 
         this.$import = _import

+ 0 - 9
src/utils/seal.js
Visa fil 

@@ -1,9 +0,0 @@
 
-// 微签接口
 
-
 
-import { seal,sealPre,getSigPageUrl } from '@/api/platform/form/seal'
 
-
 
-export default {
 
-    seal,
 
-    sealPre,
 
-    getSigPageUrl
 
-}