🎉 3.7.0.RELEASE Token加密传输

2024-11-21 17:59:26 +08:00 · 2023-09-12 01:58:51 +08:00 · 2023-09-12 01:58:51 +08:00 · ac9abc8cc0
commit ac9abc8cc0
parent 9926a29988
11 changed files with 145 additions and 36 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2020 BladeX (https://bladex.vip)
+Copyright (c) 2023 BladeX (https://bladex.cn)

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@ -1,13 +1,13 @@
 <p align="center">
-      <img src="https://img.shields.io/badge/Release-V3.6.0-green.svg" alt="Downloads">
+      <img src="https://img.shields.io/badge/Release-V3.7.0-green.svg" alt="Downloads">
      <img src="https://img.shields.io/badge/JDK-1.8+-green.svg" alt="Build Status">
  <img src="https://img.shields.io/badge/license-Apache%202-blue.svg" alt="Build Status">
   <img src="https://img.shields.io/badge/Spring%20Cloud-2021-blue.svg" alt="Coverage Status">
-   <img src="https://img.shields.io/badge/Spring%20Boot-2.7.1-blue.svg" alt="Downloads">
-   <a target="_blank" href="https://bladex.vip">
+   <img src="https://img.shields.io/badge/Spring%20Boot-2.7.15-blue.svg" alt="Downloads">
+   <a target="_blank" href="https://bladex.cn">
   <img src="https://img.shields.io/badge/Author-Small%20Chill-ff69b4.svg" alt="Downloads">
 </a>
- <a target="_blank" href="https://bladex.vip">
+ <a target="_blank" href="https://bladex.cn">
   <img src="https://img.shields.io/badge/Copyright%20-@BladeX-%23ff3f59.svg" alt="Downloads">
 </a>
 </p>  
@ -29,8 +29,8 @@
 <img src="https://gitee.com/smallc/SpringBlade/raw/master/pic/springblade-framework.png"/>

 ## 官方信息
-* 官网地址：[https://bladex.vip](https://bladex.vip)
-* 问答社区：[https://sns.bladex.vip](https://sns.bladex.vip)
+* 官网地址：[https://bladex.cn](https://bladex.cn)
+* 问答社区：[https://sns.bladex.cn](https://sns.bladex.cn)
 * 会员计划：[SpringBlade会员计划](https://gitee.com/smallc/SpringBlade/wikis/SpringBlade会员计划)
 * 交流一群：`477853168`(满)
 * 交流二群：`751253339`(满)
@ -41,15 +41,15 @@
 * 交流七群：`298061704`

 ## 在线演示
-* Saber-基于Vue：[https://saber.bladex.vip](https://saber.bladex.vip)
-* Sword-基于React：[https://sword.bladex.vip](https://sword.bladex.vip)
+* Saber-基于Vue：[https://saber.bladex.cn](https://saber.bladex.cn)
+* Sword-基于React：[https://sword.bladex.cn](https://sword.bladex.cn)

 ## 数据大屏
-* 数据大屏展示系统：[https://data.bladex.vip](https://data.bladex.vip)
+* 数据大屏展示系统：[https://data.bladex.cn](https://data.bladex.cn)

 ## 技术文档
 * [SpringBlade开发手册一览](https://gitee.com/smallc/SpringBlade/wikis/SpringBlade开发手册)
-* [SpringBlade常见问题集锦](https://sns.bladex.vip/article-14966.html)
+* [SpringBlade常见问题集锦](https://sns.bladex.cn/article-14966.html)
 * [SpringBlade基于Kuboard部署K8S](https://kuboard.cn/learning/k8s-practice/spring-blade/)
 * [SpringBlade基于Rainbond部署](https://www.rainbond.com/docs/micro-service/example/blade)

@ -92,7 +92,7 @@ $ yarn run start 或者 yarn run start:no-mock

 # 界面

-## [BladeX](https://bladex.vip/#/vip) 工作流一览
+## [BladeX](https://bladex.cn/#/vip) 工作流一览
 <table>
    <tr>
        <td><img src="https://gitee.com/smallc/SpringBlade/raw/master/pic/bladex-flow1.png"/></td>
--- a/mock/client.js
+++ b/mock/client.js
@ -10,7 +10,7 @@ function getFakeList(req, res) {
      clientSecret: 'sword_secret',
      scope: 'all',
      authorizedGrantTypes: 'refresh_token,password,authorization_code',
-      webServerRedirectUri: 'https://sword.bladex.vip',
+      webServerRedirectUri: 'https://sword.bladex.cn',
      accessTokenValidity: '3600',
      refreshTokenValidity: '36000',
    },
@ -20,7 +20,7 @@ function getFakeList(req, res) {
      clientSecret: 'saber_secret',
      scope: 'all',
      authorizedGrantTypes: 'refresh_token,password,authorization_code',
-      webServerRedirectUri: 'https://saber.bladex.vip',
+      webServerRedirectUri: 'https://saber.bladex.cn',
      accessTokenValidity: '3600',
      refreshTokenValidity: '36000',
    }
@ -44,7 +44,7 @@ function getFakeDetail(req, res) {
    clientSecret: 'sword_secret',
    scope: 'all',
    authorizedGrantTypes: 'refresh_token,password,authorization_code',
-    webServerRedirectUri: 'https://sword.bladex.vip',
+    webServerRedirectUri: 'https://sword.bladex.cn',
    accessTokenValidity: '3600',
    refreshTokenValidity: '36000',
  };
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "sword-admin",
-  "version": "3.6.0",
+  "version": "3.7.0",
  "description": "An out-of-box UI solution for enterprise applications",
  "private": true,
  "scripts": {
@ -38,6 +38,7 @@
    "bizcharts": "^3.4.3",
    "bizcharts-plugin-slider": "^2.1.1-beta.1",
    "classnames": "^2.2.6",
+    "crypto-js": "^4.0.0",
    "dva": "^2.4.1",
    "enquire-js": "^0.2.1",
    "hash.js": "^1.1.7",
--- a/src/layouts/Footer.js
+++ b/src/layouts/Footer.js
@ -8,7 +8,7 @@ const FooterView = () => (
    <GlobalFooter
      copyright={
        <Fragment>
-          Copyright <Icon type="copyright" /> 2021 SpringBlade{' '}
+          Copyright <Icon type="copyright" /> 2023 SpringBlade{' '}
          <a
            key="github"
            title="git"
--- a/src/layouts/UserLayout.js
+++ b/src/layouts/UserLayout.js
@ -27,7 +27,7 @@ const links = [

 const copyright = (
  <Fragment>
-    Copyright <Icon type="copyright" /> 2021 SpringBlade{' '}
+    Copyright <Icon type="copyright" /> 2023 SpringBlade{' '}
    <a
      key="github"
      title="git"
--- a/src/pages/Dashboard/Workplace.js
+++ b/src/pages/Dashboard/Workplace.js
@ -20,23 +20,23 @@ class Workplace extends PureComponent {
          <Row gutter={24}>
            <Col span={24}>
              <div style={{ textAlign: 'center' }}>
-                <img src="https://img.shields.io/badge/Release-V3.6.0-green.svg" alt="Downloads" />
+                <img src="https://img.shields.io/badge/Release-V3.7.0-green.svg" alt="Downloads" />
                <img src="https://img.shields.io/badge/JDK-1.8+-green.svg" alt="Build Status" />
                <img
                  src="https://img.shields.io/badge/Spring%20Cloud-2021-blue.svg"
                  alt="Coverage Status"
                />
                <img
-                  src="https://img.shields.io/badge/Spring%20Boot-2.7.1.RELEASE-blue.svg"
+                  src="https://img.shields.io/badge/Spring%20Boot-2.7.15-blue.svg"
                  alt="Downloads"
                />
-                <a href="https://bladex.vip">
+                <a href="https://bladex.cn">
                  <img
                    src="https://img.shields.io/badge/Sword%20Author-Small%20Chill-ff69b4.svg"
                    alt="Downloads"
                  />
                </a>
-                <a href="https://bladex.vip">
+                <a href="https://bladex.cn">
                  <img
                    src="https://img.shields.io/badge/Copyright%20-@BladeX-%23ff3f59.svg"
                    alt="Downloads"
@ -64,7 +64,7 @@ class Workplace extends PureComponent {
                  <div>4.追求企业开发更加高效，部署更加方便，生产更加稳定</div>
                  <div>5.GVP-码云最有价值开源项目</div>
                  <div>
-                    6.BladeX授权地址:<a href="https://bladex.vip/#/vip">点击授权</a>
+                    6.BladeX授权地址:<a href="https://bladex.cn/#/vip">点击授权</a>
                  </div>
                </Panel>
                <Panel header="为何需要BladeX" key="3">
@ -171,20 +171,20 @@ class Workplace extends PureComponent {
                <Divider style={{ margin: '12px 0' }} />
                <span>官网地址</span>
                <Divider type="vertical" />
-                <a href="https://bladex.vip" target="_blank">
-                  https://bladex.vip
+                <a href="https://bladex.cn" target="_blank">
+                  https://bladex.cn
                </a>
                <Divider style={{ margin: '12px 0' }} />
                <span>社区地址</span>
                <Divider type="vertical" />
-                <a href="https://sns.bladex.vip" target="_blank">
-                  https://sns.bladex.vip
+                <a href="https://sns.bladex.cn" target="_blank">
+                  https://sns.bladex.cn
                </a>
                <Divider style={{ margin: '12px 0' }} />
                <span>获取文档</span>
                <Divider type="vertical" />
                <Tag color="#91e253" style={{ cursor: 'pointer' }}>
-                  <a href="https://sns.bladex.vip/note/view/1.html" target="_blank">
+                  <a href="https://sns.bladex.cn/note/view/1.html" target="_blank">
                    免费版
                  </a>
                </Tag>
@ -204,7 +204,7 @@ class Workplace extends PureComponent {
                </Tag>
                <Divider type="vertical" />
                <Tag color="#f50" style={{ cursor: 'pointer' }}>
-                  <a href="https://bladex.vip/#/vip" target="_blank">
+                  <a href="https://bladex.cn/#/vip" target="_blank">
                    商业版
                  </a>
                </Tag>
@ -212,7 +212,20 @@ class Workplace extends PureComponent {
            </Row>
            <Row gutter={24}>
              <Card className={styles.card} bordered={false}>
-                <Collapse bordered={false} defaultActiveKey={['33']}>
+                <Collapse bordered={false} defaultActiveKey={['34']}>
+                  <Panel header="3.7.0发布 新增Token加密传输功能" key="34">
+                    <div>1.升级 SpringCloud 至 2021.0.8</div>
+                    <div>2.升级 SpringBoot 至 2.7.15</div>
+                    <div>3.升级 Mybatis-Plus 至 3.5.3.2</div>
+                    <div>4.升级 Mybatis-Plus-Generator 至 3.5.3.2</div>
+                    <div>5.升级 Druid 至 1.2.19</div>
+                    <div>6.升级 Avue2 至 2.10.16</div>
+                    <div>7.升级 Avue3 至 3.2.19</div>
+                    <div>8.新增 Token加密传输功能，提升系统安全性</div>
+                    <div>9.新增 后端对Token加密增加强制校验的功能</div>
+                    <div>10.优化 INode树形节点封装，增加泛型支持</div>
+                    <div>11.优化 Sql防注入的功能</div>
+                  </Panel>
                  <Panel header="3.6.0发布 基于vue3的前端架构正式发布" key="33">
                    <div>1.升级 SpringCloud 至 2021.0.6</div>
                    <div>2.升级 SpringBoot 至 2.7.10</div>
--- a/src/services/api.js
+++ b/src/services/api.js
@ -108,7 +108,7 @@ export async function fakeRegister(params) {
 }

 export async function queryNotices() {
-  return request('/api/blade-desk/notice/my-notices');
+  return request('/api/blade-desk/dashboard/my-notices');
 }

 export async function getFakeCaptcha(mobile) {
--- a/src/services/notice.js
+++ b/src/services/notice.js
@ -5,17 +5,18 @@ import request from '../utils/request';
 // =====================通知公告===========================

 export async function queryProjectNotice(params = {}) {
-  return request(`/api/blade-desk/notice/notices?${stringify(params)}`);
+  return request(`/api/blade-desk/dashboard/notices?${stringify(params)}`, { cryptoToken: true });
 }

 export async function list(params) {
-  return request(`/api/blade-desk/notice/list?${stringify(params)}`);
+  return request(`/api/blade-desk/notice/list?${stringify(params)}`, { cryptoToken: true });
 }

 export async function remove(params) {
  return request('/api/blade-desk/notice/remove', {
    method: 'POST',
    body: func.toFormData(params),
+    cryptoToken: true,
  });
 }

@ -23,9 +24,10 @@ export async function submit(params) {
  return request('/api/blade-desk/notice/submit', {
    method: 'POST',
    body: params,
+    cryptoToken: true,
  });
 }

 export async function detail(params) {
-  return request(`/api/blade-desk/notice/detail?${stringify(params)}`);
+  return request(`/api/blade-desk/notice/detail?${stringify(params)}`, { cryptoToken: true });
 }
--- a/src/utils/crypto.js
+++ b/src/utils/crypto.js
@ -0,0 +1,84 @@
+import CryptoJS from 'crypto-js';
+
+export default class crypto {
+  // 使用AesUtil.genAesKey()生成,需和后端配置保持一致
+  static aesKey = 'O2BEeIv399qHQNhD6aGW8R8DEj4bqHXm';
+
+  // 使用DesUtil.genDesKey()生成,需和后端配置保持一致
+  static desKey = '';
+
+  /**
+   * aes 加密方法
+   * @param data
+   * @returns {*}
+   */
+  static encrypt(data) {
+    return this.encryptAES(data, this.aesKey);
+  }
+
+  /**
+   * aes 解密方法
+   * @param data
+   * @returns {*}
+   */
+  static decrypt(data) {
+    return this.decryptAES(data, this.aesKey);
+  }
+
+  /**
+   * aes 加密方法，同java：AesUtil.encryptToBase64(text, aesKey);
+   */
+  static encryptAES(data, key) {
+    const dataBytes = CryptoJS.enc.Utf8.parse(data);
+    const keyBytes = CryptoJS.enc.Utf8.parse(key);
+    const encrypted = CryptoJS.AES.encrypt(dataBytes, keyBytes, {
+      iv: keyBytes,
+      mode: CryptoJS.mode.CBC,
+      padding: CryptoJS.pad.Pkcs7,
+    });
+    return CryptoJS.enc.Base64.stringify(encrypted.ciphertext);
+  }
+
+  /**
+   * aes 解密方法，同java：AesUtil.decryptFormBase64ToString(encrypt, aesKey);
+   */
+  static decryptAES(data, key) {
+    const keyBytes = CryptoJS.enc.Utf8.parse(key);
+    const decrypted = CryptoJS.AES.decrypt(data, keyBytes, {
+      iv: keyBytes,
+      mode: CryptoJS.mode.CBC,
+      padding: CryptoJS.pad.Pkcs7,
+    });
+    return CryptoJS.enc.Utf8.stringify(decrypted);
+  }
+
+  /**
+   * des 加密方法，同java：DesUtil.encryptToBase64(text, desKey)
+   */
+  static encryptDES(data, key) {
+    const keyHex = CryptoJS.enc.Utf8.parse(key);
+    const encrypted = CryptoJS.DES.encrypt(data, keyHex, {
+      mode: CryptoJS.mode.ECB,
+      padding: CryptoJS.pad.Pkcs7,
+    });
+    return encrypted.toString();
+  }
+
+  /**
+   * des 解密方法，同java：DesUtil.decryptFormBase64(encryptBase64, desKey);
+   */
+  static decryptDES(data, key) {
+    const keyHex = CryptoJS.enc.Utf8.parse(key);
+    const decrypted = CryptoJS.DES.decrypt(
+      {
+        ciphertext: CryptoJS.enc.Base64.parse(data),
+      },
+      keyHex,
+      {
+        mode: CryptoJS.mode.ECB,
+        padding: CryptoJS.pad.Pkcs7,
+      }
+    );
+    return decrypted.toString(CryptoJS.enc.Utf8);
+  }
+}
--- a/src/utils/request.js
+++ b/src/utils/request.js
@ -4,8 +4,9 @@ import router from 'umi/router';
 import hash from 'hash.js';
 import { Base64 } from 'js-base64';
 import { clientId, clientSecret } from '../defaultSettings';
-import { getToken, removeAll } from './authority';
+import { getAccessToken, getToken, removeAll } from './authority';
 import RequestForm from '@/utils/RequestForm';
+import crypto from '@/utils/crypto';

 const codeMessage = {
  200: '服务器成功返回请求的数据。',
@ -122,7 +123,15 @@ export default function request(url, option) {
    Authorization: `Basic ${Base64.encode(`${clientId}:${clientSecret}`)}`,
  };

-  const token = getToken();
+  // token鉴权
+  let token;
+  // 加密判断
+  if (newOptions.cryptoToken === true) {
+    token = `crypto ${crypto.encrypt(getAccessToken())}`;
+  } else {
+    token = getToken();
+  }
+
  if (token) {
    newOptions.headers = {
      ...newOptions.headers,