代码审计修改

src/api/modules/sys.user.api.js

@@ -1,9 +1,7 @@
 import { find, assign } from 'lodash'
 
 const users = [
-  { username: 'admin', password: 'admin', uuid: 'admin-uuid', name: 'Admin' },
-  { username: 'editor', password: 'editor', uuid: 'editor-uuid', name: 'Editor' },
-  { username: 'user1', password: 'user1', uuid: 'user1-uuid', name: 'User1' }
+
 ]
 
 export default ({ service, request, serviceForMock, requestForMock, mock, faker, tools }) => ({

src/store/modules/d2admin/modules/account.js

@@ -14,8 +14,8 @@ export default {
      * @param {Object} payload route {Object} 登录成功后定向的路由对象 任何 vue-router 支持的格式
      */
     async login ({ dispatch }, {
-      username = '',
-      password = ''
+      username,
+      password
     } = {}) {
       const res = await api.SYS_USER_LOGIN({ username, password })
      console.log(res,"llllllll")

src/utils/index.js

@@ -318,8 +318,9 @@ export function uniqueArr(arr) {
  * @returns {string}
  */
 export function createUniqueString() {
+  let randomNumber = window.crypto.getRandomValues(new Uint32Array(1))[0] / 0x100000000;
   const timestamp = +new Date() + ''
-  const randomNum = parseInt((1 + Math.random()) * 65536) + ''
+  const randomNum = parseInt((1 + randomNumber) * 65536) + ''
   return (+(randomNum + timestamp)).toString(32)
 }
 

src/views/demo/equipmentManage/equipmentInfo/index.vue

@@ -661,19 +661,20 @@ export default {
   },
   methods: {
     connect() {
+      let randomNumber = window.crypto.getRandomValues(new Uint32Array(1))[0] / 0x100000000;
       let options = {
         //本地
         // username: "admin",
         // password: "public",
         //测试
-           username: "admin",
+        username: "admin",
         password: "admin@123",
         //生产
         // username: "admin",
         // password: "admin@2Ld&DDrsk",
         cleanSession: true,
         keepAlive: 60,
-        clientId: "mqttjs_" + Math.random().toString(16).substr(2, 8),
+        clientId: "mqttjs_" + randomNumber.toString(16).substr(2, 8),
         connectTimeout: 4000,
       };
       //本地开发环境

src/views/demo/productManage/compontents/addDialog.vue

@@ -107,8 +107,8 @@ export default {
   },
   data() {
     return {
-      //  imgAction:window.location.origin+'/smart-grp-basic/minio/testupload',
-      imgAction:'http://101.36.160.140:31005/smart-grp-basic/minio/testupload',
+       imgAction:window.location.origin+'/smart-grp-basic/minio/testupload',
+      // imgAction:'http://101.36.160.140:31005/smart-grp-basic/minio/testupload',
       defaultProps: {
         children: "children",
         label: "productCategoryName",

src/views/demo/productManage/productInfo/realTime/index.vue

@@ -162,6 +162,8 @@ export default {
   },
   methods: {
     connect() {
+      let randomNumber = window.crypto.getRandomValues(new Uint32Array(1))[0] / 0x100000000;
+
       let options = {
         //本地
         // username: "admin",
@@ -174,7 +176,7 @@ export default {
         // password: "admin@2Ld&DDrsk",
         cleanSession: true,
         keepAlive: 60,
-        clientId: "mqttjs_" + Math.random().toString(16).substr(2, 8),
+        clientId: "mqttjs_" + randomNumber.toString(16).substr(2, 8),
         connectTimeout: 4000,
       };
       //本地开发环境

src/views/demo/system/userManagement/index.vue

@@ -455,10 +455,6 @@ export default {
         }
       });
       var data = {
-        // orgName: this.orgName,
-        // userRoleName: this.userRoleName,
-        // manageStoreName: this.manageStoreName,
-
         id: this.rowId,
         userId: this.form.userId,
         userRealName:this.form.userRealName,

src/views/system/login/page.vue

@@ -92,32 +92,17 @@ export default {
   data () {
     return {
   
-      // seccodeImg:window.location.origin+'/smart-grp-basic/userInfo/identifyImage',
-      seccodeImg:'http://101.36.160.140:31005/smart-grp-basic/userInfo/identifyImage',
+      seccodeImg:window.location.origin+'/smart-grp-basic/userInfo/identifyImage',
+      // seccodeImg:'http://101.36.160.140:31005/smart-grp-basic/userInfo/identifyImage',
+      // seccodeImg:'http://23.99.21.201:59887/smart-grp-basic/userInfo/identifyImage',
     
       // 快速选择用户
       dialogVisible: false,
-      users: [
-        {
-          name: 'Admin',
-          username: 'admin',
-          password: 'admin'
-        },
-        {
-          name: 'Editor',
-          username: 'editor',
-          password: 'editor'
-        },
-        {
-          name: 'User1',
-          username: 'user1',
-          password: 'user1'
-        }
-      ],
+
       // 表单
       formLogin: {
-        username: '',
-        password: '',
+        username: null,
+        password: null,
         code: 'v9am'
       },
       // 表单校验
@@ -178,11 +163,13 @@ export default {
    
   
    loginBtn(){
+
      let data={
        userName:this.formLogin.username,
-       userPassword:this.formLogin.password,
+       userPassword:encodeURIComponent(this.formLogin.password),
        identifyCode:this.formLogin.seccode
      }
+     console.log(data,9999);
      api.login(data)
      .then(res=>{
        if(res.code==200){
@@ -209,13 +196,16 @@ export default {
      })
    },
    seccodeImgClick(){
+    let randomNumber = window.crypto.getRandomValues(new Uint32Array(1))[0] / 0x100000000;
  
-    this.seccodeImg=this.seccodeImg+'?'+Math.random()
+    this.seccodeImg=this.seccodeImg+'?'+randomNumber
   
    },
   
     // 提交登录信息
     submit () {
+   console.log(this.formLogin,89898989);
+
       this.$refs.loginForm.validate((valid) => {
         if (valid) {
           // 登录
@@ -242,8 +232,10 @@ export default {
     },
     // 随机语录
     tipsrandom () {
+      let randomNumber = window.crypto.getRandomValues(new Uint32Array(1))[0] / 0x100000000;
+      
       var index
-      index = Math.floor(Math.random() * this.tipsarr.length)
+      index = Math.floor(randomNumber * this.tipsarr.length)
       this.tips = this.tipsarr[index]
     }
   }

src/views/system/login/page1.vue

@@ -1,487 +0,0 @@
-<template>
-  <div class="page-login">
-    <div class="page-login--layer page-login--layer-area">
-      <ul class="circles">
-        <li v-for="n in 10" :key="n"></li>
-      </ul>
-    </div>
-   
-    <div class="page-login--layer">
-      <div
-        class="page-login--content"
-        flex="dir:top main:justify cross:stretch box:justify">
-        <div class="page-login--content-header">
-          <!-- <p class="page-login--content-header-motto" >
-           
-            {{ tips }}
-          </p> -->
-        </div>
-        <div
-          class="page-login--content-main"
-          flex="dir:top main:center cross:center">
-          <!-- logo -->
-          <img class="page-login--logo" src="./image/logo.png">
-          <!-- form -->
-          <div class="page-login--form">
-            <el-card shadow="never">
-              <el-form
-                ref="loginForm"
-                label-position="top"
-                :rules="rules"
-                :model="formLogin"
-                size="default">
-                <el-form-item prop="username">
-                  <el-input
-                    type="text"
-                    v-model="formLogin.username"
-                    placeholder="用户名">
-                    <i slot="prepend" class="fa fa-user-circle-o"></i>
-                  </el-input>
-                </el-form-item>
-                <el-form-item prop="password">
-                  <el-input
-                    type="password"
-                    v-model="formLogin.password"
-                    placeholder="密码">
-                    <i slot="prepend" class="fa fa-keyboard-o"></i>
-                  </el-input>
-                </el-form-item>
-                <!-- <el-form-item prop="code">
-                  <el-input
-                    type="text"
-                    v-model="formLogin.code"
-                    placeholder="验证码">
-                    <template slot="append">
-                      <img class="login-code" src="./image/login-code.png">
-                    </template>
-                  </el-input>
-                </el-form-item> -->
-                <el-button
-                  size="default"
-                  @click="submit"
-                  type="primary"
-                  class="button-login">
-                  登录
-                </el-button>
-              </el-form>
-            </el-card>
-            <p
-              class="page-login--options"
-              flex="main:justify cross:center">
-              <!-- <span><d2-icon name="question-circle"/> 忘记密码</span>
-              <span>注册用户</span> -->
-            </p>
-            <!-- quick login -->
-            <!-- <el-button class="page-login--quick" size="default" type="info" @click="dialogVisible = true">
-              快速选择用户
-            </el-button> -->
-          </div>
-        </div>
-        <div class="page-login--content-footer">
-         <!--  <p class="page-login--content-footer-locales">
-            <a
-              v-for="language in $languages"
-              :key="language.value"
-              @click="onChangeLocale(language.value)">
-              {{ language.label }}
-            </a>
-          </p> -->
-          <!-- <p class="page-login--content-footer-copyright">
-            Copyright
-            <d2-icon name="copyright"/>
-            紫光软件 
-            <a href="https://github.com/FairyEver">
-              All&nbsp;Rights&nbsp;Reserved
-            </a>
-          </p> -->
-          <!-- <p class="page-login--content-footer-options">
-            <a href="#">帮助</a>
-            <a href="#">隐私</a>
-            <a href="#">条款</a>
-          </p> -->
-            <Foot></Foot>
-        </div>
-      </div>
-    </div>
-    <el-dialog
-      title="快速选择用户"
-      :visible.sync="dialogVisible"
-      width="400px">
-      <el-row :gutter="10" style="margin: -20px 0px -10px 0px;">
-        <el-col v-for="(user, index) in users" :key="index" :span="8">
-          <div class="page-login--quick-user" @click="handleUserBtnClick(user)">
-            <d2-icon name="user-circle-o"/>
-            <span>{{user.name}}</span>
-          </div>
-        </el-col>
-      </el-row>
-    </el-dialog>
-  </div>
-</template>
-
-<script>
-
-import Foot from "../../../layout/header-aside/components/footer";
-import dayjs from 'dayjs'
-import { mapActions } from 'vuex'
-import localeMixin from '@/locales/mixin.js'
-export default {
-  components: {Foot},
-  mixins: [
-    localeMixin
-  ],
-  data () {
-    return {
-      
-    
-      // 快速选择用户
-      dialogVisible: false,
-      users: [
-        {
-          name: 'Admin',
-          username: 'admin',
-          password: 'admin'
-        },
-        {
-          name: 'Editor',
-          username: 'editor',
-          password: 'editor'
-        },
-        {
-          name: 'User1',
-          username: 'user1',
-          password: 'user1'
-        }
-      ],
-      // 表单
-      formLogin: {
-        username: 'admin',
-        password: 'admin',
-        code: 'v9am'
-      },
-      // 表单校验
-      rules: {
-        username: [
-          {
-            required: true,
-            message: '请输入用户名',
-            trigger: 'blur'
-          }
-        ],
-        password: [
-          {
-            required: true,
-            message: '请输入密码',
-            trigger: 'blur'
-          }
-        ],
-        code: [
-          {
-            required: true,
-            message: '请输入验证码',
-            trigger: 'blur'
-          }
-        ]
-      },
-      
-    }
-  },
-  mounted () {
-
-   
-  },
-
-  methods: {
-    ...mapActions('d2admin/account', [
-      'login'
-    ]),
-    refreshTime () {
-      this.time = dayjs().format('HH:mm:ss')
-    },
-    /**
-     * @description 接收选择一个用户快速登录的事件
-     * @param {Object} user 用户信息
-     */
-    handleUserBtnClick (user) {
-      this.formLogin.username = user.username
-      this.formLogin.password = user.password
-      this.submit()
-    },
-    /**
-     * @description 提交表单
-     */
-    // 提交登录信息
-    submit () {
-      this.$refs.loginForm.validate((valid) => {
-        if (valid) {
-          // 登录
-          // 注意 这里的演示没有传验证码
-          // 具体需要传递的数据请自行修改代码
-          this.login({
-            username: this.formLogin.username,
-            password: this.formLogin.password
-          })
-            .then(() => {
-              // 重定向对象不存在则返回顶层路径
-              this.$router.replace(this.$route.query.redirect || '/')
-            })
-        } else {
-          // 登录表单校验失败
-          this.$message.error('表单校验失败，请检查')
-        }
-      })
-    },
-   
-  }
-}
-</script>
-
-<style lang="scss">
-.page-login {
-  @extend %unable-select;
-  $backgroundColor: #F0F2F5;
-  // ---
-  background-color: $backgroundColor;
-  background: url('./image/bg.png') center no-repeat ;
-  background-size:100% 100%;
-  height: 100%;
-  position: relative;
-  // 层
-  .page-login--layer {
-    @extend %full;
-    overflow: auto;
-  }
-  .page-login--layer-area {
-    overflow: hidden;
-  }
-  // 时间
-  .page-login--layer-time {
-    font-size: 24em;
-    font-weight: bold;
-    color: rgba(0, 0, 0, 0.03);
-    overflow: hidden;
-  }
-  // 登陆页面控件的容器
-  .page-login--content {
-    height: 100%;
-    min-height: 500px;
-  }
-  // header
-  .page-login--content-header {
-    padding: 1em 0;
-    .page-login--content-header-motto {
-      margin: 0px;
-      padding: 0px;
-      color: $color-text-normal;
-      text-align: center;
-      font-size: 12px;
-    }
-  }
-  // main
-  .page-login--logo {
-    width: 240px;
-    margin-bottom: 2em;
-    margin-top: -2em;
-  }
-  // 登录表单
-  .page-login--form {
-    width: 280px;
-    // 卡片
-    .el-card {
-      margin-bottom: 15px;
-    }
-    // 登录按钮
-    .button-login {
-      width: 100%;
-    }
-    // 输入框左边的图表区域缩窄
-    .el-input-group__prepend {
-      padding: 0px 14px;
-    }
-    .login-code {
-      height: 40px - 2px;
-      display: block;
-      margin: 0px -20px;
-      border-top-right-radius: 2px;
-      border-bottom-right-radius: 2px;
-    }
-    // 登陆选项
-    .page-login--options {
-      margin: 0px;
-      padding: 0px;
-      font-size: 14px;
-      color: $color-primary;
-      margin-bottom: 15px;
-      font-weight: bold;
-    }
-    .page-login--quick {
-      width: 100%;
-    }
-  }
-  // 快速选择用户面板
-  .page-login--quick-user {
-    @extend %flex-center-col;
-    padding: 10px 0px;
-    border-radius: 4px;
-    &:hover {
-      background-color: $color-bg;
-      i {
-        color: $color-text-normal;
-      }
-      span {
-        color: $color-text-normal;
-      }
-    }
-    i {
-      font-size: 36px;
-      color: $color-text-sub;
-    }
-    span {
-      font-size: 12px;
-      margin-top: 10px;
-      color: $color-text-sub;
-    }
-  }
-  // footer
-  .page-login--content-footer {
-    // padding: 1em 0;
-    .page-login--content-footer-locales {
-      padding: 0px;
-      margin: 0px;
-      margin-bottom: 15px;
-      font-size: 12px;
-      line-height: 12px;
-      text-align: center;
-      color: $color-text-normal;
-      a {
-        color: $color-text-normal;
-        margin: 0 .5em;
-        &:hover {
-          color: $color-text-main;
-        }
-      }
-    }
-    .page-login--content-footer-copyright {
-      padding: 0px;
-      margin: 0px;
-      margin-bottom: 10px;
-      font-size: 12px;
-      line-height: 12px;
-      text-align: center;
-      color: $color-text-normal;
-      a {
-        color: $color-text-normal;
-      }
-    }
-    .page-login--content-footer-options {
-      padding: 0px;
-      margin: 0px;
-      font-size: 12px;
-      line-height: 12px;
-      text-align: center;
-      a {
-        color: $color-text-normal;
-        margin: 0 1em;
-      }
-    }
-  }
-  // 背景
-  .circles {
-    position: absolute;
-    top: 0;
-    left: 0;
-    width: 100%;
-    height: 100%;
-    overflow: hidden;
-    margin: 0px;
-    padding: 0px;
-    // li {
-    //   position: absolute;
-    //   display: block;
-    //   list-style: none;
-    //   width: 20px;
-    //   height: 20px;
-    //   background: #FFF;
-    //   animation: animate 25s linear infinite;
-    //   bottom: -200px;
-    //   @keyframes animate {
-    //     0%{
-    //       transform: translateY(0) rotate(0deg);
-    //       opacity: 1;
-    //       border-radius: 0;
-    //     }
-    //     100%{
-    //       transform: translateY(-1000px) rotate(720deg);
-    //       opacity: 0;
-    //       border-radius: 50%;
-    //     }
-    //   }
-    //   &:nth-child(1) {
-    //     left: 15%;
-    //     width: 80px;
-    //     height: 80px;
-    //     animation-delay: 0s;
-    //   }
-    //   &:nth-child(2) {
-    //     left: 5%;
-    //     width: 20px;
-    //     height: 20px;
-    //     animation-delay: 2s;
-    //     animation-duration: 12s;
-    //   }
-    //   &:nth-child(3) {
-    //     left: 70%;
-    //     width: 20px;
-    //     height: 20px;
-    //     animation-delay: 4s;
-    //   }
-    //   &:nth-child(4) {
-    //     left: 40%;
-    //     width: 60px;
-    //     height: 60px;
-    //     animation-delay: 0s;
-    //     animation-duration: 18s;
-    //   }
-    //   &:nth-child(5) {
-    //     left: 65%;
-    //     width: 20px;
-    //     height: 20px;
-    //     animation-delay: 0s;
-    //   }
-    //   &:nth-child(6) {
-    //     left: 75%;
-    //     width: 150px;
-    //     height: 150px;
-    //     animation-delay: 3s;
-    //   }
-    //   &:nth-child(7) {
-    //     left: 35%;
-    //     width: 200px;
-    //     height: 200px;
-    //     animation-delay: 7s;
-    //   }
-    //   &:nth-child(8) {
-    //     left: 50%;
-    //     width: 25px;
-    //     height: 25px;
-    //     animation-delay: 15s;
-    //     animation-duration: 45s;
-    //   }
-    //   &:nth-child(9) {
-    //     left: 20%;
-    //     width: 15px;
-    //     height: 15px;
-    //     animation-delay: 2s;
-    //     animation-duration: 35s;
-    //   }
-    //   &:nth-child(10) {
-    //     left: 85%;
-    //     width: 150px;
-    //     height: 150px;
-    //     animation-delay: 0s;
-    //     animation-duration: 11s;
-    //   }
-    // }
-  }
-}
-</style>

src/views/system/visualized/index-click.vue

@@ -693,6 +693,8 @@ export default {
       this.getPointList();
     },
     connect() {
+      let randomNumber = window.crypto.getRandomValues(new Uint32Array(1))[0] / 0x100000000;
+
       let options = {
         //本地
         username: "admin",
@@ -705,7 +707,7 @@ export default {
         // password: "admin@2Ld&DDrsk",
         cleanSession: true,
         keepAlive: 60,
-        clientId: "mqttjs_" + Math.random().toString(16).substr(2, 8),
+        clientId: "mqttjs_" + randomNumber.toString(16).substr(2, 8),
         connectTimeout: 4000,
       };
       //本地开发环境

src/views/system/visualized/index-hover.vue

@@ -401,6 +401,8 @@ export default {
       this.getPointList();
     },
     connect() {
+      let randomNumber = window.crypto.getRandomValues(new Uint32Array(1))[0] / 0x100000000;
+
       let options = {
      //本地
         username: "admin",
@@ -413,7 +415,7 @@ export default {
         // password: "admin@2Ld&DDrsk",
         cleanSession: true,
         keepAlive: 60,
-        clientId: "mqttjs_" + Math.random().toString(16).substr(2, 8),
+        clientId: "mqttjs_" + randomNumber.toString(16).substr(2, 8),
         connectTimeout: 4000,
       };
      //本地开发环境

src/views/system/visualized/index.vue

@@ -440,6 +440,8 @@ export default {
       this.$refs.tempWetChange.getTempWet(this.cfCode)
     },
     connect() {
+      let randomNumber = window.crypto.getRandomValues(new Uint32Array(1))[0] / 0x100000000;
+
       let options = {
         //本地
         // username: "admin",
@@ -452,7 +454,7 @@ export default {
         // password: "admin@2Ld&DDrsk",
         cleanSession: true,
         keepAlive: 60,
-        clientId: "mqttjs_" + Math.random().toString(16).substr(2, 8),
+        clientId: "mqttjs_" + randomNumber.toString(16).substr(2, 8),
         connectTimeout: 4000,
       };
       //本地开发环境