🎉 3.7.0.RELEASE Token加密传输

2025-01-23 21:21:34 +08:00 · 2023-09-12 01:57:32 +08:00 · 2023-09-12 01:57:32 +08:00 · 4713014876
commit 4713014876
parent d1ccdf99fb
15 changed files with 161 additions and 48 deletions
--- a/2
+++ b/2
@ -176,7 +176,7 @@ recommend that a file or class name and description of purpose be included on
 the same "printed page" as the copyright notice for easier identification within
 third-party archives.

-   Copyright 2020 BladeX (https://bladex.vip)
+   Copyright 2023 BladeX (https://bladex.cn)

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/README.md
+++ b/README.md
@ -1,13 +1,13 @@
 <p align="center">
-      <img src="https://img.shields.io/badge/Release-V3.6.0-green.svg" alt="Downloads">
+      <img src="https://img.shields.io/badge/Release-V3.7.0-green.svg" alt="Downloads">
      <img src="https://img.shields.io/badge/JDK-1.8+-green.svg" alt="Build Status">
  <img src="https://img.shields.io/badge/license-Apache%202-blue.svg" alt="Build Status">
   <img src="https://img.shields.io/badge/Spring%20Cloud-2021-blue.svg" alt="Coverage Status">
-   <img src="https://img.shields.io/badge/Spring%20Boot-2.7.10-blue.svg" alt="Downloads">
-   <a target="_blank" href="https://bladex.vip">
+   <img src="https://img.shields.io/badge/Spring%20Boot-2.7.15-blue.svg" alt="Downloads">
+   <a target="_blank" href="https://bladex.cn">
   <img src="https://img.shields.io/badge/Author-Small%20Chill-ff69b4.svg" alt="Downloads">
 </a>
- <a target="_blank" href="https://bladex.vip">
+ <a target="_blank" href="https://bladex.cn">
   <img src="https://img.shields.io/badge/Copyright%20-@BladeX-%23ff3f59.svg" alt="Downloads">
 </a>
 </p>  
@ -29,8 +29,8 @@
 <img src="https://gitee.com/smallc/SpringBlade/raw/master/pic/springblade-framework.png"/>

 ## 官方信息
-* 官网地址：[https://bladex.vip](https://bladex.vip)
-* 问答社区：[https://sns.bladex.vip](https://sns.bladex.vip)
+* 官网地址：[https://bladex.cn](https://bladex.cn)
+* 问答社区：[https://sns.bladex.cn](https://sns.bladex.cn)
 * 会员计划：[SpringBlade会员计划](https://gitee.com/smallc/SpringBlade/wikis/SpringBlade会员计划)
 * 交流一群：`477853168`(满)
 * 交流二群：`751253339`(满)
@ -41,15 +41,15 @@
 * 交流七群：`298061704`

 ## 在线演示
-* Saber-基于Vue：[https://saber.bladex.vip](https://saber.bladex.vip)
-* Sword-基于React：[https://sword.bladex.vip](https://sword.bladex.vip)
+* Saber-基于Vue：[https://saber.bladex.cn](https://saber.bladex.cn)
+* Sword-基于React：[https://sword.bladex.cn](https://sword.bladex.cn)

 ## 数据大屏
-* 数据大屏展示系统：[https://data.bladex.vip](https://data.bladex.vip)
+* 数据大屏展示系统：[https://data.bladex.cn](https://data.bladex.cn)

 ## 技术文档
 * [SpringBlade开发手册一览](https://gitee.com/smallc/SpringBlade/wikis/SpringBlade开发手册)
-* [SpringBlade常见问题集锦](https://sns.bladex.vip/article-14966.html)
+* [SpringBlade常见问题集锦](https://sns.bladex.cn/article-14966.html)
 * [SpringBlade基于Kuboard部署K8S](https://kuboard.cn/learning/k8s-practice/spring-blade/)
 * [SpringBlade基于Rainbond部署](https://www.rainbond.com/docs/micro-service/example/blade)

@ -89,7 +89,7 @@ $ yarn run serve

 # 界面

-## [BladeX](https://bladex.vip/#/vip) 工作流一览
+## [BladeX](https://bladex.cn/#/vip) 工作流一览
 <table>
    <tr>
        <td><img src="https://gitee.com/smallc/SpringBlade/raw/master/pic/bladex-flow1.png"/></td>
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "saber-admin",
-  "version": "3.6.0",
+  "version": "3.7.0",
  "private": true,
  "scripts": {
    "serve": "vue-cli-service serve",
@ -17,6 +17,7 @@
    "element-ui": "^2.15.6",
    "js-base64": "^2.5.1",
    "js-cookie": "^2.2.0",
+    "crypto-js": "^4.0.0",
    "mockjs": "^1.0.1-beta3",
    "node-gyp": "^5.0.6",
    "nprogress": "^0.2.0",
--- a/public/cdn/avue/2.10.10/avue.min.js
+++ b/public/cdn/avue/2.10.10/avue.min.js
--- a/public/cdn/avue/2.10.10/index.css
+++ b/public/cdn/avue/2.10.10/index.css
--- a/public/cdn/avue/2.10.16/avue.min.js
+++ b/public/cdn/avue/2.10.16/avue.min.js
--- a/public/cdn/avue/2.10.16/index.css
+++ b/public/cdn/avue/2.10.16/index.css
--- a/public/index.html
+++ b/public/index.html
@ -12,7 +12,7 @@
  <link rel="stylesheet" href="<%= BASE_URL %>cdn/element-ui/2.15.6/theme-chalk/index.css">
  <link rel="stylesheet" href="<%= BASE_URL %>cdn/animate/3.5.2/animate.css">
  <link rel="stylesheet" href="<%= BASE_URL %>cdn/iconfont/1.0.0/index.css">
-  <link rel="stylesheet" href="<%= BASE_URL %>cdn/avue/2.10.10/index.css">
+  <link rel="stylesheet" href="<%= BASE_URL %>cdn/avue/2.10.16/index.css">
  <link rel="icon" href="<%= BASE_URL %>favicon.png">
  <title>Saber企业级开发平台</title>
  <style>
@ -91,8 +91,8 @@
      </div>
    </div>
    <div class="avue-home__footer">
-      <a href="https://bladex.vip" target="_blank">
-        https://bladex.vip </a>
+      <a href="https://bladex.cn" target="_blank">
+        https://bladex.cn </a>
    </div>
  </div>
 </div>
@ -103,7 +103,7 @@
 <script src="<%= BASE_URL %>cdn/vue-router/3.0.1/vue-router.min.js" charset="utf-8"></script>
 <script src="<%= BASE_URL %>cdn/axios/1.0.0/axios.min.js" charset="utf-8"></script>
 <script src="<%= BASE_URL %>cdn/element-ui/2.15.6/index.js" charset="utf-8"></script>
-<script src="<%= BASE_URL %>cdn/avue/2.10.10/avue.min.js" charset="utf-8"></script>
+<script src="<%= BASE_URL %>cdn/avue/2.10.16/avue.min.js" charset="utf-8"></script>
 </body>

 </html>
--- a/src/api/desk/notice.js
+++ b/src/api/desk/notice.js
@ -8,7 +8,8 @@ export const getList = (current, size, params) => {
      ...params,
      current,
      size,
-    }
+    },
+    cryptoToken: true,
  })
 }

@ -18,7 +19,8 @@ export const remove = (ids) => {
    method: 'post',
    params: {
      ids,
-    }
+    },
+    cryptoToken: true,
  })
 }

@ -26,7 +28,8 @@ export const add = (row) => {
  return request({
    url: '/api/blade-desk/notice/submit',
    method: 'post',
-    data: row
+    data: row,
+    cryptoToken: true,
  })
 }

@ -34,7 +37,8 @@ export const update = (row) => {
  return request({
    url: '/api/blade-desk/notice/submit',
    method: 'post',
-    data: row
+    data: row,
+    cryptoToken: true,
  })
 }

@ -44,7 +48,8 @@ export const getNotice = (id) => {
    method: 'get',
    params: {
      id
-    }
+    },
+    cryptoToken: true,
  })
 }

--- a/src/page/login/userlogin.vue
+++ b/src/page/login/userlogin.vue
@ -155,7 +155,7 @@
      getTenant() {
        let domain = getTopUrl();
        // 临时指定域名，方便测试
-        //domain = "https://bladex.vip";
+        //domain = "https://bladex.cn";
        info(domain).then(res => {
          const data = res.data;
          if (data.success && data.data.tenantId) {
--- a/src/router/axios.js
+++ b/src/router/axios.js
@ -33,8 +33,13 @@ axios.interceptors.request.use(config => {
  const meta = (config.meta || {});
  const isToken = meta.isToken === false;
  config.headers['Authorization'] = `Basic ${Base64.encode(`${website.clientId}:${website.clientSecret}`)}`;
-  if (getToken() && !isToken) {
-    config.headers['Blade-Auth'] = 'bearer ' + getToken() // 让每个请求携带token--['Authorization']为自定义key 请根据实际情况自行修改
+  //headers传递token是否加密
+  const cryptoToken = config.cryptoToken === true;
+  const token = getToken();
+  if (token && !isToken) {
+    config.headers['Blade-Auth'] = cryptoToken
+      ? 'crypto ' + crypto.encrypt(token)
+      : 'bearer ' + token;
  }
  //headers中配置serialize为true开启序列化
  if (config.method === 'post' && meta.isSerialize === true) {
--- a/src/util/crypto.js
+++ b/src/util/crypto.js
@ -0,0 +1,84 @@
+import CryptoJS from 'crypto-js';
+
+export default class crypto {
+  // 使用AesUtil.genAesKey()生成,需和后端配置保持一致
+  static aesKey = '';
+
+  // 使用DesUtil.genDesKey()生成,需和后端配置保持一致
+  static desKey = '';
+
+  /**
+   * aes 加密方法
+   * @param data
+   * @returns {*}
+   */
+  static encrypt(data) {
+    return this.encryptAES(data, this.aesKey);
+  }
+
+  /**
+   * aes 解密方法
+   * @param data
+   * @returns {*}
+   */
+  static decrypt(data) {
+    return this.decryptAES(data, this.aesKey);
+  }
+
+  /**
+   * aes 加密方法，同java：AesUtil.encryptToBase64(text, aesKey);
+   */
+  static encryptAES(data, key) {
+    const dataBytes = CryptoJS.enc.Utf8.parse(data);
+    const keyBytes = CryptoJS.enc.Utf8.parse(key);
+    const encrypted = CryptoJS.AES.encrypt(dataBytes, keyBytes, {
+      iv: keyBytes,
+      mode: CryptoJS.mode.CBC,
+      padding: CryptoJS.pad.Pkcs7,
+    });
+    return CryptoJS.enc.Base64.stringify(encrypted.ciphertext);
+  }
+
+  /**
+   * aes 解密方法，同java：AesUtil.decryptFormBase64ToString(encrypt, aesKey);
+   */
+  static decryptAES(data, key) {
+    const keyBytes = CryptoJS.enc.Utf8.parse(key);
+    const decrypted = CryptoJS.AES.decrypt(data, keyBytes, {
+      iv: keyBytes,
+      mode: CryptoJS.mode.CBC,
+      padding: CryptoJS.pad.Pkcs7,
+    });
+    return CryptoJS.enc.Utf8.stringify(decrypted);
+  }
+
+  /**
+   * des 加密方法，同java：DesUtil.encryptToBase64(text, desKey)
+   */
+  static encryptDES(data, key) {
+    const keyHex = CryptoJS.enc.Utf8.parse(key);
+    const encrypted = CryptoJS.DES.encrypt(data, keyHex, {
+      mode: CryptoJS.mode.ECB,
+      padding: CryptoJS.pad.Pkcs7,
+    });
+    return encrypted.toString();
+  }
+
+  /**
+   * des 解密方法，同java：DesUtil.decryptFormBase64(encryptBase64, desKey);
+   */
+  static decryptDES(data, key) {
+    const keyHex = CryptoJS.enc.Utf8.parse(key);
+    const decrypted = CryptoJS.DES.decrypt(
+      {
+        ciphertext: CryptoJS.enc.Base64.parse(data),
+      },
+      keyHex,
+      {
+        mode: CryptoJS.mode.ECB,
+        padding: CryptoJS.pad.Pkcs7,
+      }
+    );
+    return decrypted.toString(CryptoJS.enc.Utf8);
+  }
+}
--- a/src/views/desk/notice.vue
+++ b/src/views/desk/notice.vue
@ -34,7 +34,7 @@
 </template>

 <script>
-  import {getList, remove, update, add, getNotice} from "@/api/dept/notice";
+  import {getList, remove, update, add, getNotice} from "@/api/desk/notice";
  import {mapGetters} from "vuex";

  export default {
--- a/src/views/wel/index.vue
+++ b/src/views/wel/index.vue
@ -3,14 +3,14 @@
    <basic-container>
      <third-register></third-register>
      <p style="text-align: center;">
-        <img src="https://img.shields.io/badge/Release-V3.6.0-green.svg" alt="Downloads"/>
+        <img src="https://img.shields.io/badge/Release-V3.7.0-green.svg" alt="Downloads"/>
        <img src="https://img.shields.io/badge/JDK-1.8+-green.svg" alt="Build Status"/>
        <img src="https://img.shields.io/badge/Spring%20Cloud-2021-blue.svg" alt="Coverage Status"/>
-        <img src="https://img.shields.io/badge/Spring%20Boot-2.7.10.RELEASE-blue.svg" alt="Downloads"/>
-        <a target="_blank" href="https://bladex.vip">
+        <img src="https://img.shields.io/badge/Spring%20Boot-2.7.15-blue.svg" alt="Downloads"/>
+        <a target="_blank" href="https://bladex.cn">
          <img src="https://img.shields.io/badge/Saber%20Author-Small%20Chill-ff69b4.svg" alt="Downloads"/>
        </a>
-        <a target="_blank" href="https://bladex.vip">
+        <a target="_blank" href="https://bladex.cn">
          <img src="https://img.shields.io/badge/Copyright%20-@BladeX-%23ff3f59.svg" alt="Downloads"/>
        </a>
      </p>
@ -31,7 +31,7 @@
            <div>3.基于稳定生产的商业项目升级优化而来，更加贴近企业级的需求</div>
            <div>4.追求企业开发更加高效，部署更加方便，生产更加稳定</div>
            <div>5.GVP-码云最有价值开源项目</div>
-            <div>6.BladeX授权地址:<a target="_blank" href="https://bladex.vip/#/vip">点击授权</a></div>
+            <div>6.BladeX授权地址:<a target="_blank" href="https://bladex.cn/#/vip">点击授权</a></div>
          </el-collapse-item>
          <el-collapse-item title="为何需要BladeX" name="3">
            <div>1.经历过较长的线上生产，积累了很多企业痛点的解决方案</div>
@ -92,19 +92,19 @@
            <el-divider content-position="right"><i class="el-icon-star-off"/></el-divider>
            <span>官网地址</span>
            <el-divider direction="vertical"/>
-            <span><el-link href="https://bladex.vip" target="_blank"
-                           type="primary">https://bladex.vip</el-link></span>
+            <span><el-link href="https://bladex.cn" target="_blank"
+                           type="primary">https://bladex.cn</el-link></span>
            <el-divider content-position="right"><i class="el-icon-star-off"/></el-divider>
            <span>社区地址</span>
            <el-divider direction="vertical"/>
-            <span><el-link href="https://sns.bladex.vip" target="_blank"
-                           type="primary">https://sns.bladex.vip</el-link></span>
+            <span><el-link href="https://sns.bladex.cn" target="_blank"
+                           type="primary">https://sns.bladex.cn</el-link></span>
            <el-divider content-position="right"><i class="el-icon-star-off"/></el-divider>
            <span>获取文档</span>
            <el-divider direction="vertical"/>
            <span class="tag-group">
                <el-tag type="success" style="cursor: pointer"
-                        onclick="window.open('https://sns.bladex.vip/note/view/1.html')">免费版</el-tag>
+                        onclick="window.open('https://sns.bladex.cn/note/view/1.html')">免费版</el-tag>
                <el-divider direction="vertical"/>
                <el-tag type="danger" style="cursor: pointer"
                        onclick="window.open('https://www.kancloud.cn/@smallchill')">收费版</el-tag>
@ -117,7 +117,7 @@
                        onclick="window.open('https://gitee.com/smallc/SpringBlade')">开源版</el-tag>
                <el-divider direction="vertical"/>
                <el-tag type="danger" effect="dark" style="cursor: pointer"
-                        onclick="window.open('https://bladex.vip/#/vip')">商业版</el-tag>
+                        onclick="window.open('https://bladex.cn/#/vip')">商业版</el-tag>
              </span>
          </div>
        </basic-container>
@ -125,6 +125,19 @@
      <el-row>
        <basic-container>
          <el-collapse v-model="logActiveNames" @change="handleChange">
+            <el-collapse-item title="3.7.0发布 新增Token加密传输功能" name="34">
+              <div>1.升级 SpringCloud 至 2021.0.8</div>
+              <div>2.升级 SpringBoot 至 2.7.15</div>
+              <div>3.升级 Mybatis-Plus 至 3.5.3.2</div>
+              <div>4.升级 Mybatis-Plus-Generator 至 3.5.3.2</div>
+              <div>5.升级 Druid 至 1.2.19</div>
+              <div>6.升级 Avue2 至 2.10.16</div>
+              <div>7.升级 Avue3 至 3.2.19</div>
+              <div>8.新增 Token加密传输功能，提升系统安全性</div>
+              <div>9.新增 后端对Token加密增加强制校验的功能</div>
+              <div>10.优化 INode树形节点封装，增加泛型支持</div>
+              <div>11.优化 Sql防注入的功能</div>
+            </el-collapse-item>
            <el-collapse-item title="3.6.0发布 基于vue3的前端架构正式发布" name="33">
              <div>1.升级 SpringCloud 至 2021.0.6</div>
              <div>2.升级 SpringBoot 至 2.7.10</div>
@ -484,7 +497,7 @@
    data() {
      return {
        activeNames: ['1', '2', '3', '5'],
-        logActiveNames: ['33']
+        logActiveNames: ['34']
      };
    },
    computed: {
--- a/yarn.lock
+++ b/yarn.lock
@ -2614,6 +2614,11 @@ crypto-browserify@^3.11.0:
    randombytes "^2.0.0"
    randomfill "^1.0.3"

+crypto-js@^4.0.0:
+  version "4.1.1"
+  resolved "https://registry.npmmirror.com/crypto-js/-/crypto-js-4.1.1.tgz#9e485bcf03521041bd85844786b83fb7619736cf"
+  integrity sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==
+
 css-color-names@0.0.4, css-color-names@^0.0.4:
  version "0.0.4"
  resolved "https://registry.npm.taobao.org/css-color-names/download/css-color-names-0.0.4.tgz#808adc2e79cf84738069b646cb20ec27beb629e0"