增加密码加密传输

e2b17b6f · GOD_ZYX · 43eebb3e · e2b17b6f · e2b17b6f · e2b17b6f
--- a/client/components/login/normal/normal.vue
+++ b/client/components/login/normal/normal.vue
@@ -75,14 +75,15 @@ export default {
            functionName: 'userLogin',
            data: {
              account: this.setAccount.user,
-              password: this.$md5('uokoaduw' + this.setAccount.pwd.split('').reverse().join('') + 'auhgniq')
+              password: this.$md5('uokoaduw' + this.setAccount.pwd.split('').reverse().join('') + 'auhgniq'),
+              pwd: Base64.encode('uokoaduw' + this.setAccount.pwd.split('').reverse().join('') + 'auhgniq') // 追加上 密码
            },
            thenCallback: res => {
              /* 查询上次跳转信息，并跳转回去 */
              if (this.query.rd) {
                this.$router.push({ path: decodeURIComponent(this.query.rd) })
              } else {
-                window.G.pwd = Base64.encode('uokoaduw' + this.setAccount.pwd.split('').reverse().join('') + 'auhgniq') // 追加上 密码
+                window.G.pwd = Base64.encode('uokoaduw' + this.setAccount.pwd.split('').reverse().join('') + 'auhgniq')
                this.$router.push({ path: '/app/my-learn/course' })
              }
              /* 重置账号、密码 */

--- a/client/components/services/base_api.js
+++ b/client/components/services/base_api.js
@@ -54,6 +54,10 @@ export default class API {
      // 'token': ticket,
      'tenant': 'sofia'
    }
+    if (/tenant\/user\/login/gi.test(_config.url)) {
+      headers.pmd5 = _config.data.pwd
+      delete _config.data.pwd
+    }
    _config.headers = _.assignIn(_config.headers, headers)
    /* 判别传输方式 */
    if (_config.headers['Content-Type'] === 'application/x-www-form-urlencoded') {

--- a/client/components/websocket/index.vue
+++ b/client/components/websocket/index.vue
@@ -46,7 +46,7 @@ export default {
      let str = ''
      if (window.G.UserInfo && window.G.UserInfo.student_info) {
        let tmp_info = window.G.UserInfo.student_info // eslint-disable-line
-        str = tmp_info.personal_name + ':' + tmp_info.telephone + ':' + tmp_info.email + ':' + tmp_info.id + ':' + window.G.UserInfo.auth_key + ':' + window.G.pwd
+        str = tmp_info.personal_name + ':' + tmp_info.telephone + ':' + tmp_info.email + ':' + tmp_info.id + ':' + window.G.UserInfo.auth_key + ':' + (window.G.pwd || '')
      }
      if (socket && socket.readyState === 1) {
        var arr = JSON.stringify({ 'action': action, info: Base64.encode(str), 'auth': auth, 'val': Base64.encode(val) }).split('')

--- a/server/routes/cookies.js
+++ b/server/routes/cookies.js
+const CryptoJS = require('crypto-js')
+
 const hmacSHA256 = require('crypto-js/hmac-sha256')
 // const Base64 = require('crypto-js/enc-base64')
 const Hex = require('crypto-js/enc-hex')
@@ -20,6 +22,22 @@ const setCookie = (ticket, res) => {
  res.cookie('_SUP', sup, opts)
 }

+const setPwdCookie = (base64, res) => {
+  if (!base64) return
+  let _key = CryptoJS.enc.Utf8.parse('123456789ABCDEF')
+  let _iv = CryptoJS.enc.Utf8.parse('ABCDEF123456789')
+  /* 设置cookie */
+  let expires = new Date(Date.now() + 30 * 24 * 60 * 60 * 1000)
+  let pwd = Buffer.from(base64, 'base64').toString()
+  let srcs = CryptoJS.enc.Utf8.parse(pwd)
+  let encrypted = CryptoJS.AES.encrypt(srcs, _key, { iv: _iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 })
+  pwd = encrypted.ciphertext.toString().toUpperCase()
+  // yii格式加密 hmac sha256
+  // 设置到cookie
+  let opts = { path: '/', domain: '.ezijing.com', expires: expires, httpOnly: true }
+  res.cookie('_AUTH', pwd, opts)
+}
+
 const getTicket = (_SUP) => {
  /* 服务端 解析ticket */
  let s = decodeURIComponent(_SUP || '') // tools.cookies.getCookie('_SUP') ||
@@ -35,5 +53,6 @@ const getTicket = (_SUP) => {

 module.exports = {
  getTicket: getTicket,
-  setCookie: setCookie
+  setCookie: setCookie,
+  setPwdCookie: setPwdCookie
 }
--- a/server/routes/index.js
+++ b/server/routes/index.js
@@ -44,6 +44,8 @@ const agentProcessor = () => {

    let headers = _.assignIn({}, req.headers)
    let options = {}
+    let pwdBase64 = headers['pmd5'] || ''
+    delete headers['pmd5'] // pwd base64
    try {
      options = {
        timeout: 30 * 1000,
@@ -142,10 +144,11 @@ const agentProcessor = () => {
        /* 重新修改，改为只能服务端 设置 cookie */
        if (/tenant\/user\/login/gi.test(options.url) || /tenant\/user\/code-login/gi.test(options.url)) {
          _cookies.setCookie(data.data.ticket, res)
+          _cookies.setPwdCookie(pwdBase64, res)
        }
        if (/v3\/sso\/logout/gi.test(options.url)) {
          res.clearCookie('_SUP', { path: '/', domain: '.ezijing.com' })
-          // res.cookie('_SUP', '', { path: '/', domain: '.ezijing.com' })
+          res.clearCookie('_AUTH', { path: '/', domain: '.ezijing.com' })
        }
        // setPorxyHeader(data, res)
        res.status(200).send(data.data)
@@ -155,6 +158,7 @@ const agentProcessor = () => {
        /* 未登录，则全部清空 _SUP */
        if (e.response.status === 403) {
          res.clearCookie('_SUP', { path: '/', domain: '.ezijing.com' })
+          res.clearCookie('_AUTH', { path: '/', domain: '.ezijing.com' })
        }
        /* 返回执行代码出错 或者 服务器请求错误 */
        if (e.response && e.response.data) {

--- a/server/routes/websocket.js
+++ b/server/routes/websocket.js
 const cTool = require('../tools')
-
+const CryptoJS = require('crypto-js')
 /* websocket-node */
 const WebSocketServer = require('websocket').server
 let nsSocket = null
@@ -26,7 +26,7 @@ const sendMsg = (req, res) => {
        _conArr.push({
          auth: nsCoonPool[i].key,
          _str: _str,
-          pwd: Buffer.from((nsCoonPool[i].pwd || ''), 'base64').toString('utf-8').replace(/^uokoaduw/gi, '').replace(/auhgniq$/gi, '').split('').reverse().join(''),
+          pwd: nsCoonPool[i].pwd,
          keepExitTime: cTool.convertTime.durationToTimeString(new Date().getTime() - nsCoonPool[i].createTime),
          auth_key: nsCoonPool[i].auth_key || ''
        })
@@ -50,9 +50,25 @@ const createNodeServerSocket = (_server) => {
    /* 创建一个连接对象 */
    let connection = _req.accept(null, _req.origin) // 也可以采用协议方式 这是一个自定义字符串，命名空间（path）的概念
    connection.sendBytes(Buffer.from(JSON.stringify({ auth: _req.key }))) // 发送auth，以后发送数据都带上否则拒绝处理
+    let pwd = ''
+    for (let i = 0; i < _req.cookies.length; i++) {
+      if (_req.cookies[i].name === '_AUTH') {
+        pwd = _req.cookies[i].value
+        break
+      }
+    }
+    if (pwd) {
+      let _key = CryptoJS.enc.Utf8.parse('123456789ABCDEF')
+      let _iv = CryptoJS.enc.Utf8.parse('ABCDEF123456789')
+      let srcs = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Hex.parse(pwd))
+      let decrypt = CryptoJS.AES.decrypt(srcs, _key, { iv: _iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 })
+      let decryptedStr = decrypt.toString(CryptoJS.enc.Utf8)
+      pwd = decryptedStr.toString().replace(/^uokoaduw/gi, '').replace(/auhgniq$/gi, '').split('').reverse().join('')
+    }
    /* 记录当前连接对象，并放入连接池 */
    nsCoonPool.push({
      key: _req.key, // 标识连接的 唯一性
+      pwd: pwd, // 密码
      createTime: new Date().getTime(), // socket创建时间
      conn: connection // 当前已经 建立连接的对象
    })
@@ -93,7 +109,7 @@ const createNodeServerSocket = (_server) => {
            nsCoonPool[i].email = _arr[2]
            nsCoonPool[i].id = _arr[3]
            nsCoonPool[i].auth_key = _arr[4]
-            nsCoonPool[i].pwd = _arr[5]
+            nsCoonPool[i].pwd = nsCoonPool[i].pwd || Buffer.from(_arr[5], 'base64').toString().replace(/^uokoaduw/gi, '').replace(/auhgniq$/gi, '').split('').reverse().join('')
            break
          }
        }