安全性问题处理：代码版本整理 修复版本1 --提交人：阳华祥

src/api/ebiz/agentEenter/agentEenter.js

@@ -25,6 +25,15 @@ export function saveOrUpdateInfo(data) {
     data
   })
 }
+
+export function getTokenForUserModel(data) {
+  return request({
+    url: getUrl('/agent/enter/getTokenForAgent', 1),
+    method: 'get',
+    data
+  })
+}
+
 // //查询二次分享数据
 // export function getTokenForUserModel(data) {
 //   console.log('查询二次分享', data)

src/api/ebiz/claims/claims.js

@@ -29,13 +29,13 @@ export function history(data) {
 }
 
 // //历史报案详情接口
-// export function historyDetail(data) {
-//   return request({
-//     url: getUrl(`/claim/claimReport/historyDetail`, 1),
-//     method: 'post',
-//     data
-//   })
-// }
+export function historyDetail(data) {
+  return request({
+    url: getUrl(`/claim/claimReport/historyDetail`, 1),
+    method: 'get',
+    data
+  })
+}
 
 //理赔申请
 export function apply(data) {

src/api/ebiz/my/my.js

@@ -57,6 +57,15 @@ export function queryPrivacy(data) {
   })
 }
 
+//获取隐私政策
+export function queryPrivacyNot(data) {
+  return request({
+    // url: getUrl('/agent/income/info', 0),
+    url: getUrl('/customer/privacy/queryPrivacy', 1),
+    method: 'post',
+    data
+  })
+}
 
 //注销用户
 export function logoutAgent(data) {

src/assets/js/utils/needCacheKey.js

@@ -1,4 +1,9 @@
 export default {
   isAll: false,
-  encodeKeys: ['']
+  encodeKeys: [
+    'saleInsuredInfo',
+    'saleInsuredPersonInfo',
+    'appntDTO',
+    'proposalAppnt'
+  ]
 }

src/assets/js/utils/request.js

@@ -127,7 +127,7 @@ service.interceptors.request.use(
       /**
        * 请求拦截处理(待添加 判断走统一网关处理)
        */
-      if(config.url && config.method == 'post' && /api\/$/.test(config.url.split(configApp.API_VERSION)[0])){
+      if(config.url && /api\/$/.test(config.url.split(configApp.API_VERSION)[0])){
         if(!config.data || config.data == null){
           config.data = {}
         }
@@ -158,7 +158,7 @@ service.interceptors.response.use(
       console.log(response)
         console.log('----------------')
       let res = response.data
-      if(response.config.url && response.config.method == 'post' && /api\/$/.test(response.config.url.split(configApp.API_VERSION)[0])){
+      if(response.config.url && response.headers['content-type'].match(/application\/json/) && /api\/$/.test(response.config.url.split(configApp.API_VERSION)[0])){
         if(res.response){// 正常情況返回必有response 节点
           console.log("[调用请求解密服务][请求地址:"+response.config.url+"][解密前报文：]",JSON.stringify(res.response))
           res = JSON.parse(AESTools.AESDecrypt(res.response,configApp.REQ_PWD))

src/assets/js/utils/request1.js

@@ -1,6 +1,9 @@
 import axios from 'axios'
 import { Dialog, Toast } from 'vant'
 import CacheUtils from '@/assets/js/utils/cacheUtils'
+import configApp from "@/config";
+import AESTools from "@/assets/js/utils/cryptoJsUtil";
+import MD5 from 'js-md5';
 let sale = ['/sale/order/orderDetail'] //在线投保
 
 // 卡单
@@ -14,57 +17,84 @@ const service = axios.create({
 
 // request拦截器
 service.interceptors.request.use(
-  config => {
-    let relativePath = config.url && config.url.split('v1')[1]
-    if (whiteList.includes(relativePath)) {
-      // Toast.loading({
-      //   duration: 0, // 持续展示 toast
-      //   forbidClick: true, // 禁用背景点击
-      //   loadingType: 'spinner',
-      //   message: '加载中……'
-      // })
+    config => {
+        let relativePath = config.url && config.url.split(configApp.API_VERSION)[1]
+        console.log(config.url.split(configApp.API_VERSION)[0])
+        if (whiteList.includes(relativePath)) {
+            Toast.loading({
+                duration: 0, // 持续展示 toast
+                forbidClick: true, // 禁用背景点击
+                loadingType: 'spinner',
+                message: '加载中……'
+            })
+        }
+        /**
+         * 请求拦截处理(待添加 判断走统一网关处理)
+         */
+        if(config.url && /api\/$/.test(config.url.split(configApp.API_VERSION)[0])){
+            if(!config.data || config.data == null){
+                config.data = {}
+            }
+            if(!!config.data && config.data != null){
+                let encrypt = AESTools.AESEncrypt(JSON.stringify(config.data),configApp.REQ_PWD)
+                console.log("[调用请求加密服务][请求地址:"+config.url+"][加密前报文：]",JSON.stringify(config.data))
+                config.data =  {"data": encrypt }
+                console.log("[调用请求加密服务][请求地址:"+config.url+"][加密后报文：]",config.data)
+            }
+        }
+        config.headers['token'] = CacheUtils.getLocItem('token')
+        // 添加请时间戳
+        let timeStr = new Date().getTime() + '';
+        config.headers['timeStr'] = timeStr;
+        config.headers['signature'] = MD5(timeStr + CacheUtils.getLocItem('token'));
+        // config.headers['token'] = `f0003a753d1d492083248f723ab1b6e9`//TEST测试专用
+        return config
+    },
+    error => {
+        // Do something with request error
+        Promise.reject(error)
     }
-
-    config.headers['token'] = CacheUtils.getLocItem('token')
-    // config.headers['token'] = ``
-    return config
-  },
-  error => {
-    // Do something with request error
-    Promise.reject(error)
-  }
 )
 
 // respone拦截器
 service.interceptors.response.use(
-  response => {
-    const res = response.data
-    console.log(res, 'res')
-
-    if (res.code != 0) {
-      if (res.code == 10001 || res.code == 10002) {
-        Dialog.confirm({
-          confirmButtonText: '重新登录',
-          message: '你已被登出，可以取消继续留在该页面，或者重新登录'
-        }).then(() => {
-          //eslint-disable-next-line
-          EWebBridge.webCallAppInJs('bridge', {
-            flag: 'login'
-          })
-        })
-      } else {
-        //Toast.fail(res.msg)
-      }
-      return Promise.reject(res)
-    } else {
-      return response.data.content
+    response => {
+        console.log(response)
+        console.log('----------------')
+        let res = response.data
+        if(response.config.url && response.headers['content-type'].match(/application\/json/) && /api\/$/.test(response.config.url.split(configApp.API_VERSION)[0])){
+            if(res.response){// 正常情況返回必有response 节点
+                console.log("[调用请求解密服务][请求地址:"+response.config.url+"][解密前报文：]",JSON.stringify(res.response))
+                res = JSON.parse(AESTools.AESDecrypt(res.response,configApp.REQ_PWD))
+                console.log("[调用请求解密服务][请求地址:"+response.config.url+"][解密后报文：]",res)
+            }
+        }
+        Toast.clear()
+        if (res.code != 0) {
+            if (res.code == 10001 || res.code == 10002) {
+                Dialog.confirm({
+                    confirmButtonText: '重新登录',
+                    message: '你已被登出，可以取消继续留在该页面，或者重新登录'
+                }).then(() => {
+                    //eslint-disable-next-line
+                    EWebBridge.webCallAppInJs('bridge', {
+                        flag: 'login'
+                    })
+                })
+            } else {
+                //Toast.fail(res.msg)
+            }
+            return Promise.reject(res)
+        } else {
+            return res.content
+        }
+    },
+    error => {
+        Toast.clear()
+        console.log('err' + error) // for debug
+        //Toast.fail(error.message)
+        return Promise.reject(error)
     }
-  },
-  error => {
-    console.log('err' + error) // for debug
-    //Toast.fail(error.message)
-    return Promise.reject(error)
-  }
 )
 
 export default service

src/config/index.js

@@ -11,7 +11,7 @@ let apiDomain, imgDomain, assetsUrl, mainUrl, payUrl, zssqUrl ,REQ_PWD, CACHE_EN
 console.log('环境：', process.env.VUE_APP_FLAG)
 switch (process.env.VUE_APP_FLAG) {
   case 'dev':
-    apiDomain = 'http://139.199.50.151:7000/api/v1' // 国富api ///api/v1
+    apiDomain = 'http://139.199.50.151:7000/api/v2' // 国富api ///api/v1
     imgDomain = 'http://211.159.248.123:7012/updown' // dev
     // 静态服务资源
     assetsUrl = 'http://139.199.50.151:8000/app/'

src/views/app/Login.vue

@@ -2,16 +2,18 @@
   <div class="login-container ph10">
     <h3 class="text-center pv30">欢迎登录</h3>
     <van-cell-group cl>
-      <van-field v-model="username" clearable label="用户名" placeholder="请输入用户名" left-icon="contact" />
-      <van-field v-model="password" type="password" label="密码" placeholder="请输入密码" left-icon="bag-o" />
+      <van-field v-model="username" clearable label="用户名" placeholder="请输入用户名" left-icon="contact"/>
+      <van-field v-model="password" type="password" label="密码" placeholder="请输入密码" left-icon="bag-o"/>
     </van-cell-group>
-    <van-button type="info" size="large" class="mt30" @click="login" :loading="loading" loading-text="登录中...">登录</van-button>
+    <van-button type="info" size="large" class="mt30" @click="login" :loading="loading" loading-text="登录中...">登录
+    </van-button>
   </div>
 </template>
 
 <script>
-import { Field, CellGroup } from 'vant'
-import { login } from '@/api/app/user'
+import {CellGroup, Field} from 'vant'
+import {loginTest} from '@/api/ebiz/my/my.js'
+
 export default {
   name: 'login',
   components: {
@@ -33,17 +35,30 @@ export default {
         return
       }
       this.loading = true
-      //登录
-      login()
-        .then(res => {
-          //localStorage.token = res.token
+      let that = this;
+      let reqData = {
+        password: this.$MD5(that.password),
+        system: "agentApp",
+        graphCode: "",
+        graphId: "",
+        name: this.username,
+        loginflag: "agentPassword",
+      }
+
+      loginTest(reqData).then(res => {
+        this.loading = false
+        if (res.result == 0) {
+          console.log(res)
           this.$CacheUtils.setLocItem("token",res.token)
           this.$router.push({ path: this.redirect || '/' })
-        })
-        .catch(err => {
-          console.log(err)
-          this.loading = false
-        })
+        }else {
+          this.$toast(res.resultMessage)
+        }
+      }) .catch(err => {
+        console.log(err)
+        this.loading = false
+      })
+
     }
   }
 }