7.25 渗透测试 前端secret修复，修改刷新token接口和code换token接口

.eslintrc.js

@@ -7,8 +7,8 @@ module.exports = {
     //商城2.0跳转地址
     REACT_APP_MALL_V2_URL: false,
     //各系统跳转参数
-    REACT_APP_CLIENT_KEY: true,
+    // REACT_APP_CLIENT_KEY: true,
-    REACT_APP_CLIENT_SECRET: true,
+    // REACT_APP_CLIENT_SECRET: true,
     //密码加密参数
     REACT_APP_PASSWORD_CIPHERMODE: true,
     REACT_APP_PASSWORD_PUBLICKEY: true,

config/config.UAT.ts

@@ -7,8 +7,8 @@ export default defineConfig({
     REACT_APP_MALL_V2_URL:'http://111.198.162.67/zglt/index_hzf.jsp?id=dev',
 
     //各系统跳转参数
-    REACT_APP_CLIENT_KEY : 'KgPEkttG',
+    // REACT_APP_CLIENT_KEY : 'KgPEkttG',
-    REACT_APP_CLIENT_SECRET :'ae5bdb183c502355d2055b3de73300aa73cbfdf3',
+    // REACT_APP_CLIENT_SECRET :'ae5bdb183c502355d2055b3de73300aa73cbfdf3',
 
     //密码加密参数
     REACT_APP_PASSWORD_CIPHERMODE:'1',

config/config.dev.ts

@@ -7,8 +7,8 @@ export default defineConfig({
     REACT_APP_MALL_V2_URL: 'http://111.198.162.67/zglt/index_hzf.jsp?id=dev',
 
     //各系统跳转参数
-    REACT_APP_CLIENT_KEY: 'KgPEkttG',
+    // REACT_APP_CLIENT_KEY: 'KgPEkttG',
-    REACT_APP_CLIENT_SECRET: 'ae5bdb183c502355d2055b3de73300aa73cbfdf3',
+    // REACT_APP_CLIENT_SECRET: 'ae5bdb183c502355d2055b3de73300aa73cbfdf3',
 
     //密码加密参数
     REACT_APP_PASSWORD_CIPHERMODE: '1',

config/config.prod.ts

@@ -7,8 +7,8 @@ export default defineConfig({
     REACT_APP_MALL_V2_URL:'http://111.198.162.67/zglt/index_hzf.jsp?id=dev',
 
     //各系统跳转参数
-    REACT_APP_CLIENT_KEY : 'KgPEkttG',
+    // REACT_APP_CLIENT_KEY : 'KgPEkttG',
-    REACT_APP_CLIENT_SECRET :'ae5bdb183c502355d2055b3de73300aa73cbfdf3',
+    // REACT_APP_CLIENT_SECRET :'ae5bdb183c502355d2055b3de73300aa73cbfdf3',
 
     //密码加密参数
     REACT_APP_PASSWORD_CIPHERMODE:'1',

config/config.sim.ts

@@ -7,8 +7,8 @@ export default defineConfig({
     REACT_APP_MALL_V2_URL: 'http://111.198.162.67/zglt/index_hzf.jsp?id=dev',
 
     //各系统跳转参数
-    REACT_APP_CLIENT_KEY: 'KgPEkttG',
+    // REACT_APP_CLIENT_KEY: 'KgPEkttG',
-    REACT_APP_CLIENT_SECRET: 'ae5bdb183c502355d2055b3de73300aa73cbfdf3',
+    // REACT_APP_CLIENT_SECRET: 'ae5bdb183c502355d2055b3de73300aa73cbfdf3',
 
     //密码加密参数
     REACT_APP_PASSWORD_CIPHERMODE: '1',

src/pages/LoadingPage/index.tsx

@@ -22,15 +22,15 @@ const Loading: React.FC<{}> = () => {
       clientId: REACT_APP_CLIENT_KEY,
       scope: getUserScope()
     }
-    const params = {
+    // const params = {
-      grant_type: "refresh_token",
+    //   grant_type: "refresh_token",
-      refresh_token: getUserRefreshToken(),
+    //   refresh_token: getUserRefreshToken(),
-      client_id: REACT_APP_CLIENT_KEY,
+    //   client_id: REACT_APP_CLIENT_KEY,
-      client_secret: REACT_APP_CLIENT_SECRET,
+    //   client_secret: REACT_APP_CLIENT_SECRET,
-    }
+    // }
-    const header = {
+    // const header = {
-      clientId: REACT_APP_CLIENT_KEY,
+    //   clientId: REACT_APP_CLIENT_KEY,
-    }
+    // }
     if (userType == '0') {//联通用户
       await cloudReloadToken('', headers)
       await getUserData(token, url, extra, 1)
@@ -138,11 +138,9 @@ const Loading: React.FC<{}> = () => {
     //获取协议部分 http: https:
     const protocol = window.location.protocol
     const grant_type = 'authorization_code';
-    const client_id = REACT_APP_CLIENT_KEY;
-    const client_secret = REACT_APP_CLIENT_SECRET;
     const redirect_uri = `${protocol}//${host}/redirect${e}`;
     let token = '';
-    await getTokenByCode({ grant_type, client_id, client_secret, redirect_uri, code }).then(res => {
+    await getTokenByCode({ grant_type, redirect_uri, code }).then(res => {
       if (res?.success == true) {
         sessionStorage.setItem('Authorization', res?.data?.value)
         token = 'Bearer ' + res?.data?.value;

src/pages/LoadingPage/service.ts

@@ -18,7 +18,7 @@ export async function fgetUserMsg(params: any) {
  * @returns 
  */
 export async function getTokenByCode(params: any) {
-  return request('/api/auth/oauth/token', {
+  return request('/api/core-service-ebtp-userinfo/v1/auth/oauth/token', {
     method: 'POST',
     params: params,
   });

src/pages/usercloud/login/index.tsx

@@ -62,13 +62,8 @@ const Login: React.FC<LoginProps> = (props) => {
     const params = {
       grant_type: "refresh_token",
       refresh_token: data?.refreshToken?.value,
-      client_id: REACT_APP_CLIENT_KEY,
-      client_secret: REACT_APP_CLIENT_SECRET,
     }
-    const header = {
+    await refreshTokenApi(params).then(res => {
-      clientId: REACT_APP_CLIENT_KEY,
-    }
-    await refreshTokenApi(params, header).then(res => {
       if (res?.success == true) {
         sessionStorage.setItem('Authorization', res?.data?.value);
         // sessionStorage.setItem('refreshToken', res?.data?.refreshToken.value);

src/pages/usercooper/login/index.tsx

@@ -63,13 +63,8 @@ const Login: React.FC<LoginProps> = (props) => {
     const params = {
       grant_type: "refresh_token",
       refresh_token: data?.refreshToken?.value,
-      client_id: REACT_APP_CLIENT_KEY,
-      client_secret: REACT_APP_CLIENT_SECRET,
     }
-    const header = {
+    await refreshTokenApi(params).then(res => {
-      clientId: REACT_APP_CLIENT_KEY,
-    }
-    await refreshTokenApi(params, header).then(res => {
       if (res?.success == true) {
         sessionStorage.setItem('Authorization', res?.data?.value);
         // sessionStorage.setItem('refreshToken', res?.data?.refreshToken.value);

src/pages/userexpert/login/index.tsx

@@ -62,13 +62,8 @@ const Login: React.FC<LoginProps> = (props) => {
     const params = {
       grant_type: "refresh_token",
       refresh_token: data?.refreshToken?.value,
-      client_id: REACT_APP_CLIENT_KEY,
-      client_secret: REACT_APP_CLIENT_SECRET,
     }
-    const header = {
+    await refreshTokenApi(params).then(res => {
-      clientId: REACT_APP_CLIENT_KEY,
-    }
-    await refreshTokenApi(params, header).then(res => {
       if (res?.success == true) {
         sessionStorage.setItem('Authorization', res?.data?.value);
         // sessionStorage.setItem('refreshToken', res?.data?.refreshToken.value);

src/pages/userformal/login/index.tsx

@@ -228,13 +228,8 @@ const Index: React.FC<{}> = () => {
     const params = {
       grant_type: "refresh_token",
       refresh_token: data?.refreshToken?.value,
-      client_id: REACT_APP_CLIENT_KEY,
-      client_secret: REACT_APP_CLIENT_SECRET,
     }
-    const header = {
+    await refreshTokenApi(params).then(res => {
-      clientId: REACT_APP_CLIENT_KEY,
-    }
-    await refreshTokenApi(params, header).then(res => {
       if (res?.success == true) {
         sessionStorage.setItem('Authorization', res?.data?.value);
         // sessionStorage.setItem('refreshToken', res?.data?.refreshToken.value);

src/services/login.ts

@@ -95,12 +95,11 @@ export async function CloudfakeAccountLogin(params: LoginParamsType) {
  * @param params 
  * @returns 
  */
-export async function refreshTokenApi(params: any, headers: any) {
+export async function refreshTokenApi(params: any) {
-  return request('/api/auth/oauth/token', {
+  return request('/api/core-service-ebtp-userinfo/v1/auth/oauth/token', {
     method: 'POST',
     requestType: 'form',
     data: params,
-    headers: headers
   });
 }
 

src/typings.d.ts

@@ -43,9 +43,9 @@ declare const REACT_APP_ENV: 'test' | 'dev' | 'pre' | false;
 /**ENV-商城2.0跳转地址 */
 declare const REACT_APP_MALL_V2_URL: string
 /**ENV-系统跳转参数KEY */
-declare const REACT_APP_CLIENT_KEY: string
+// declare const REACT_APP_CLIENT_KEY: string
 /**ENV-系统跳转参数SECRET */
-declare const REACT_APP_CLIENT_SECRET: string
+// declare const REACT_APP_CLIENT_SECRET: string
 /**ENV-密码加密参数CIPHERMODE */
 declare const REACT_APP_PASSWORD_CIPHERMODE: string
 /**ENV-密码加密参数PUBLICKEY */