加密

aad0b447 · 刘怀志 · 635f1724 · aad0b447 · aad0b447 · aad0b447
Commit aad0b447 authored Nov 21, 2023 by 刘怀志
Showing with 144 additions and 5 deletions

package.json package.json +1 -0

aesSecretUtil.js src/utils/encrypt/aesSecretUtil.js +76 -0

aseKeConfig.js src/utils/encrypt/aseKeConfig.js +10 -0

request.js src/utils/request.js +57 -5

No files found.
--- a/package.json
+++ b/package.json
@@ -31,6 +31,7 @@
    "axios": "0.24.0",
    "clipboard": "2.0.8",
    "core-js": "3.25.3",
+    "crypto-js": "^4.1.1",
    "echarts": "5.4.0",
    "element-ui": "2.15.13",
    "file-saver": "2.0.5",

--- a/src/utils/encrypt/aesSecretUtil.js
+++ b/src/utils/encrypt/aesSecretUtil.js
+import CryptoJS from 'crypto-js'
+import { AES_KEY, AES_IV, PARAM_ENCRYPT_ABLE, EXCLUE_PATH, RESULT_ENCRYPT_ABLE } from './aseKeConfig.js'
+const key = CryptoJS.enc.Utf8.parse(AES_KEY) // 16位
+const iv = CryptoJS.enc.Utf8.parse(AES_IV)
+const excluePath = EXCLUE_PATH
+const paramEncryptAble = PARAM_ENCRYPT_ABLE
+const resultEncryptAble = RESULT_ENCRYPT_ABLE
+/**
+ * Description AES CBC BASE64加密解密
+ * @author
+ * @date 13:38 2022/3/31
+ */
+export default {
+  // aes加密
+  encrypt(word) {
+    let encrypted = ''
+    if (typeof word === 'string') {
+      const srcs = CryptoJS.enc.Utf8.parse(word)
+      encrypted = CryptoJS.AES.encrypt(srcs, key, {
+        iv: iv,
+        mode: CryptoJS.mode.CBC,
+        padding: CryptoJS.pad.ZeroPadding
+      })
+    } else if (typeof word === 'object') {
+      // 对象格式的转成json字符串
+      const data = JSON.stringify(word)
+      const srcs = CryptoJS.enc.Utf8.parse(data)
+      encrypted = CryptoJS.AES.encrypt(srcs, key, {
+        iv: iv,
+        mode: CryptoJS.mode.CBC,
+        padding: CryptoJS.pad.ZeroPadding
+      })
+    }
+    return CryptoJS.enc.Base64.stringify(encrypted.ciphertext)
+  },
+  // aes解密
+  decrypt(word) {
+    if (word) {
+      let base64 = CryptoJS.enc.Base64.parse(word)
+      let src = CryptoJS.enc.Base64.stringify(base64)
+      var decrypt = CryptoJS.AES.decrypt(src, key, {
+        iv: iv,
+        mode: CryptoJS.mode.CBC,
+        padding: CryptoJS.pad.ZeroPadding
+      })
+      var decryptedStr = decrypt.toString(CryptoJS.enc.Utf8)
+      return decryptedStr.toString()
+    } else {
+      return word
+    }
+  },
+  // 判断url是否在匹配的正则表达式上,匹配则不进行加密，不配则需要加密
+  checkIsExcluePath(url) {
+    // 如果包含需要排除加密的接口返回true
+    let flag = false
+    for (let i = 0; i < excluePath.length; i++) {
+      if (new RegExp('^' + excluePath[i]).test(url)) {
+        flag = true
+        break
+      } else {
+        flag = false
+      }
+    }
+    return flag
+  },
+  // 判断是否请求需要进行加密，配置值true的时候需要加密否则不需要
+  checkParamEncryptAble() {
+    // console.log(encryptAble)
+    return paramEncryptAble
+  },
+  // 判断是否只对结果进行加密
+  checkResultEncryptAble() {
+    // console.log(encryptAble)
+    return resultEncryptAble
+  }
+}
--- a/src/utils/encrypt/aseKeConfig.js
+++ b/src/utils/encrypt/aseKeConfig.js
+export const AES_KEY = 'BhspR0VVgULUt6Na'
+export const AES_IV = 'Bhsp3T+V02Bg3Gh6'
+// 参数是否进行加密设置,需要与后端配置保持一致
+export const PARAM_ENCRYPT_ABLE = true
+// 结果是否进行加密
+export const RESULT_ENCRYPT_ABLE = true
+// 是否开启参数加密
+export const IS_ENCRYPT = true
+// 需要排除的不进行加密的接口，正则匹配
+export const EXCLUE_PATH = ['.*/captchaImage', '.*/common/uploadMinioPublic', '.*/uploadMinioPrivate', '.*/export', '.*/logout', '.*/common/download/resource']
--- a/src/utils/request.js
+++ b/src/utils/request.js
@@ -6,6 +6,17 @@ import errorCode from '@/utils/errorCode'
 import { tansParams, blobValidate } from "@/utils/ruoyi";
 import cache from '@/plugins/cache'
 import { saveAs } from 'file-saver'
+import secret from '@/utils/encrypt/aesSecretUtil'
+import {IS_ENCRYPT} from '@/utils/encrypt/aseKeConfig.js'
+// 提取url
+export function parseGetUrl(url) {
+  let firstLocation = url.indexOf("?")
+  if (firstLocation > -1) {
+    return url.substring(0, firstLocation)
+  } else {
+    return url
+  }
+}

 let downloadLoadingInstance;
 // 是否显示重新登录
@@ -28,13 +39,31 @@ service.interceptors.request.use(config => {
  const isRepeatSubmit = (config.headers || {}).repeatSubmit === false
  if (getToken() && !isToken) {
    config.headers['Authorization'] = 'Bearer ' + getToken() // 让每个请求携带自定义token 请根据实际情况自行修改
-  }
+  }var parseParam = {}
+  // 是否排除在外的接口
+  var isExclueUrl = secret.checkIsExcluePath(config.url)
+  // 是否进行参数加密
+  var paramEncryptFlag = !isExclueUrl && secret.checkParamEncryptAble() && IS_ENCRYPT
+  var resultEncryptFlag = secret.checkResultEncryptAble()
  // get请求映射params参数
  if (config.method === 'get' && config.params) {
-    let url = config.url + '?' + tansParams(config.params);
-    url = url.slice(0, -1);
-    config.params = {};
-    config.url = url;
+    // 将取值为null或者undefined的字段剔除不传到后台
+    for(let key in config.params) {
+      if (config.params[key] == undefined || config.params[key] == null){
+        delete config.params[key]
+      }
+    }
+    console.log('加密前参数get', config.params)
+    if (paramEncryptFlag && config.params) {
+      config.headers['Product'] = 'Advanced'
+      parseParam = secret.encrypt(config.params)
+      config.params = parseParam;
+    }else{
+      let url = config.url + '?' + tansParams(config.params);
+      url = url.slice(0, -1);
+      config.params = {};
+      config.url = url;
+    }
  }
  if (!isRepeatSubmit && (config.method === 'post' || config.method === 'put')) {
    const requestObj = {
@@ -65,6 +94,16 @@ service.interceptors.request.use(config => {
      }
    }
  }
+  if (paramEncryptFlag && config.data) {
+    // 将取值为null或者undefined的字段剔除不传到后台
+    for(let key in config.params) {
+      if (config.params[key] == undefined || config.params[key] == null){
+        delete config.params[key]
+      }
+    }
+    console.log('加密前参数post', config.data)
+    config.data = secret.encrypt(config.data)
+  }
  return config
 }, error => {
    console.log(error)
@@ -73,6 +112,19 @@ service.interceptors.request.use(config => {

 // 响应拦截器
 service.interceptors.response.use(res => {
+    if (IS_ENCRYPT){
+      // 是否排除在外的接口
+      var uri = parseGetUrl(res.config.url)
+      var isExclueUrl = secret.checkIsExcluePath(uri)
+      var resultEncryptFlag = secret.checkResultEncryptAble()
+      if (!isExclueUrl){
+        if (resultEncryptFlag) {
+          console.log(JSON.parse(secret.decrypt(res.data)), '----解密结果')
+          res.data = JSON.parse(secret.decrypt(res.data))
+        }
+      }
+      console.log('res.data', res.data)
+    }
    // 未设置状态码则默认成功状态
    const code = res.data.code || 200;
    // 获取错误信息