reafctor: sms接口加密

2023-03-21 14:40:59 +08:00 · 2023-03-21 14:40:59 +08:00 · ed52174b25
commit ed52174b25
parent 46c4be225a
6 changed files with 35 additions and 7 deletions
--- a/apps/server/src/controller/user.controller.ts
+++ b/apps/server/src/controller/user.controller.ts
@ -14,6 +14,7 @@ import { createToken, decodeToken } from '../util/encrypt';
 import { SmsService } from '../service/sms.service';
 import { SmsDTO } from '../dto/sms.dto';
 import { RedisService } from '@midwayjs/redis';
+import * as CryptoJS from 'crypto-js';

@Controller('/user')
 export class UserController {
@ -100,7 +101,10 @@ export class UserController {
  @Post('/web/sms')
  async verifyCode(@Body() params: SmsDTO) {
    try {
-      const { phoneNumber: phoneNumbers } = params;
+      const { phoneNumber: phoneNumbers, sign } = params;
+      const decrypted = CryptoJS.AES.decrypt(sign, phoneNumbers);
+      const hackAction = decrypted.toString(CryptoJS.enc.Utf8) !== phoneNumbers;
+      if (hackAction) return { code: BizCode.ERROR, msg: 'fuck u' };
      const code = Math.floor(Math.random() * 9000 + 1000);
      await this.redisService.set('' + phoneNumbers, code, 'EX', 60);
      await this.smsService.send({ code, phoneNumbers });
--- a/apps/server/src/dto/sms.dto.ts
+++ b/apps/server/src/dto/sms.dto.ts
@ -4,5 +4,7 @@ export class SmsDTO {
  @Rule(
    RuleType.string().required().length(11).error(new Error('手机号格式错误'))
  )
-  phoneNumber?: string | number;
+  phoneNumber?: string;
+  @Rule(RuleType.string().required())
+  sign?: string;
 }
--- a/apps/web/src/api/index.ts
+++ b/apps/web/src/api/index.ts
@ -1,5 +1,6 @@
 import { ILoginRequest } from "./dto";
 import R from "./axios";
+import * as CryptoJS from "crypto-js";

 export const getCourseList = () => R.post("/api/course/select/all");

@ -11,5 +12,8 @@ export const userLogin = (p: ILoginRequest) =>

 export const userState = () => R.get("/api/user/web/state");

-export const sms = (phoneNumber: string | number) =>
-  R.post("/api/user/web/sms", { phoneNumber });
+export const sms = (phoneNumber: string | number) => {
+  const payload = "" + phoneNumber;
+  const sign = "" + CryptoJS.AES.encrypt(payload, payload);
+  return R.post("/api/user/web/sms", { sign, phoneNumber });
+};
--- a/apps/web/stats.html
+++ b/apps/web/stats.html
--- a/package.json
+++ b/package.json
@ -52,12 +52,14 @@
    "rollup-plugin-dts": "5.2.0",
    "axios": "1.3.4",
    "dayjs": "1.11.7",
-    "@types/js-cookie": "3.0.3"
+    "@types/js-cookie": "3.0.3",
+    "@types/crypto-js": "4.1.1"
  },
  "dependencies": {
    "object-hash": "^3.0.0",
    "vditor": "3.9.0",
    "zustand": "4.3.6",
-    "js-cookie": "3.0.1"
+    "js-cookie": "3.0.1",
+    "crypto-js": "4.1.1"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -11,6 +11,7 @@ importers:
      '@rollup/plugin-node-resolve': 15.0.1
      '@rollup/plugin-terser': 0.4.0
      '@rollup/plugin-typescript': 11.0.0
+      '@types/crypto-js': 4.1.1
      '@types/js-cookie': 3.0.3
      '@types/node': ^18.13.0
      autoprefixer: 10.4.13
@ -19,6 +20,7 @@ importers:
      chalk: 4.1.2
      copy-webpack-plugin: 5.1.2
      cross-env: ^6.0.0
+      crypto-js: 4.1.1
      css-loader: 6.7.3
      dayjs: 1.11.7
      inquirer: 8.0.0
@ -48,6 +50,7 @@ importers:
      webpack-cli: ^5.0.1
      zustand: 4.3.6
    dependencies:
+      crypto-js: registry.npmmirror.com/crypto-js/4.1.1
      js-cookie: 3.0.1
      object-hash: registry.npmmirror.com/object-hash/3.0.0
      vditor: registry.npmmirror.com/vditor/3.9.0
@ -60,6 +63,7 @@ importers:
      '@rollup/plugin-node-resolve': registry.npmmirror.com/@rollup/plugin-node-resolve/15.0.1_rollup@3.17.2
      '@rollup/plugin-terser': registry.npmmirror.com/@rollup/plugin-terser/0.4.0_rollup@3.17.2
      '@rollup/plugin-typescript': registry.npmmirror.com/@rollup/plugin-typescript/11.0.0_vi3xdhr63abcxdtwtptol35g5u
+      '@types/crypto-js': registry.npmmirror.com/@types/crypto-js/4.1.1
      '@types/js-cookie': 3.0.3
      '@types/node': registry.npmmirror.com/@types/node/18.13.0
      autoprefixer: registry.npmmirror.com/autoprefixer/10.4.13_postcss@8.4.21
@ -4648,6 +4652,12 @@ packages:
      '@types/node': registry.npmmirror.com/@types/node/18.14.1
    dev: true

+  registry.npmmirror.com/@types/crypto-js/4.1.1:
+    resolution: {integrity: sha512-BG7fQKZ689HIoc5h+6D2Dgq1fABRa0RbBWKBd9SP/MVRVXROflpm5fhwyATX5duFmbStzyzyycPB8qUYKDH3NA==, registry: https://registry.npm.taobao.org/, tarball: https://registry.npmmirror.com/@types/crypto-js/-/crypto-js-4.1.1.tgz}
+    name: '@types/crypto-js'
+    version: 4.1.1
+    dev: true
+
  registry.npmmirror.com/@types/debug/4.1.7:
    resolution: {integrity: sha512-9AonUzyTjXXhEOa0DnqpzZi6VHlqKMswga9EXjpXnnqxwLtdvPPtlO8evrI5D9S6asFRCQ6v+wpiUKbw+vKqyg==, registry: https://registry.npm.taobao.org/, tarball: https://registry.npmmirror.com/@types/debug/-/debug-4.1.7.tgz}
    name: '@types/debug'
@ -6761,6 +6771,12 @@ packages:
      which: registry.npmmirror.com/which/2.0.2
    dev: true

+  registry.npmmirror.com/crypto-js/4.1.1:
+    resolution: {integrity: sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==, registry: https://registry.npm.taobao.org/, tarball: https://registry.npmmirror.com/crypto-js/-/crypto-js-4.1.1.tgz}
+    name: crypto-js
+    version: 4.1.1
+    dev: false
+
  registry.npmmirror.com/crypto-random-string/2.0.0:
    resolution: {integrity: sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==, registry: https://registry.npm.taobao.org/, tarball: https://registry.npmmirror.com/crypto-random-string/-/crypto-random-string-2.0.0.tgz}
    name: crypto-random-string