chore: 禁止核心环境变量暴露全局window

2 years ago · 5da179699e
7 changed files with 12 additions and 34 deletions
--- a/.env
+++ b/.env
@ -7,14 +7,18 @@ VITE_GLOB_APP_TITLE = 康来智慧冷链平台
				@@ -7,14 +7,18 @@ VITE_GLOB_APP_TITLE = 康来智慧冷链平台
 # 简称，用于配置文件名字 不要出现空格、数字开头等特殊字符
 VITE_GLOB_APP_SHORT_NAME = kicc_admin

+# 开启微前端模式
+VITE_GLOB_APP_OPEN_QIANKUN=true
+
 # client
-VITE_GLOB_CLIENT_ID = kicc
+VITE_CLIENT_ID = kicc

 # client-secret
-VITE_GLOB_CLIENT_SECRET = kicc
+VITE_CLIENT_SECRET = kicc

 # 网关ase密码解密密钥,保持跟后端密钥一致,必须要有否则登录会失败的
-VITE_GLOB_GATEWAY_ASE_ENCODE_SECRET = changsha-kanglai
+VITE_GATEWAY_ASE_ENCODE_SECRET = changsha-kanglai
+
+# 授权客户端密钥
+VITE_AUTH_CLIENT = [["kicc_lock","kicc_lock"],["kics","kics"],["klab","klab"]]

-# 开启微前端模式
-VITE_GLOB_APP_OPEN_QIANKUN=true
--- a/build/utils.ts
+++ b/build/utils.ts
@ -38,7 +38,7 @@ export function wrapperEnv(envConf: Recordable): ViteEnv {
				@@ -38,7 +38,7 @@ export function wrapperEnv(envConf: Recordable): ViteEnv {
    if (envName === 'VITE_PORT') {
      realName = Number(realName);
    }
-    if (envName === 'VITE_PROXY') {
+    if (envName === 'VITE_PROXY' || envName === 'VITE_AUTH_CLIENT') {
      try {
        realName = JSON.parse(realName);
      } catch (error) {
--- a/src/api/platform/core/controller/user.ts
+++ b/src/api/platform/core/controller/user.ts
@ -7,11 +7,9 @@
				@@ -7,11 +7,9 @@
 import type { Captcha, User, LoginParams, TokenEnhancer } from '../entity/user';
 import type { RequestOptions } from '/#/axios';
 import { encryptionLogin } from '/@/utils/cipher';
-import { useGlobSetting } from '/@/hooks/setting';
 import { defHttp } from '/@/utils/http/axios';
 import qs from 'qs';

-const globSetting = useGlobSetting();
 export enum Api {
  login = '/auth_proxy/oauth/token',
  logout = '/auth_proxy/token/logout',
@ -25,7 +23,7 @@ export const login = (params: LoginParams, options?: boolean | RequestOptions) =
				@@ -25,7 +23,7 @@ export const login = (params: LoginParams, options?: boolean | RequestOptions) =
  // 非对称密钥AES加密处理
  const user =  encryptionLogin({
    data: params,
-    key: globSetting.gatewayAseEncodeSecret,
+    key: import.meta.env.VITE_GATEWAY_ASE_ENCODE_SECRET,
    param: ['password']
  });

--- a/src/hooks/setting/index.ts
+++ b/src/hooks/setting/index.ts
@ -16,9 +16,6 @@ export const useGlobSetting = (): Readonly<GlobConfig> => {
				@@ -16,9 +16,6 @@ export const useGlobSetting = (): Readonly<GlobConfig> => {
    VITE_GLOB_APP_SHORT_NAME,
    VITE_GLOB_API_URL_PREFIX,
    VITE_GLOB_UPLOAD_URL,
-    VITE_GLOB_CLIENT_ID,
-    VITE_GLOB_CLIENT_SECRET,
-    VITE_GLOB_GATEWAY_ASE_ENCODE_SECRET,
    VITE_GLOB_FILE_PREVIEW_URL,
    VITE_GLOB_APP_OPEN_QIANKUN,
  } = getAppEnvConfig();
@ -34,9 +31,6 @@ export const useGlobSetting = (): Readonly<GlobConfig> => {
				@@ -34,9 +31,6 @@ export const useGlobSetting = (): Readonly<GlobConfig> => {
    shortName: VITE_GLOB_APP_SHORT_NAME,
    urlPrefix: VITE_GLOB_API_URL_PREFIX,
    uploadUrl: VITE_GLOB_UPLOAD_URL,
-    clientId: VITE_GLOB_CLIENT_ID,
-    clientSecret: VITE_GLOB_CLIENT_SECRET,
-    gatewayAseEncodeSecret: VITE_GLOB_GATEWAY_ASE_ENCODE_SECRET,
    filePreviewUrl: VITE_GLOB_FILE_PREVIEW_URL,
    openQianKun: VITE_GLOB_APP_OPEN_QIANKUN
  };
--- a/src/utils/env.ts
+++ b/src/utils/env.ts
@ -34,9 +34,6 @@ export function getAppEnvConfig() {
				@@ -34,9 +34,6 @@ export function getAppEnvConfig() {
    VITE_GLOB_APP_SHORT_NAME,
    VITE_GLOB_API_URL_PREFIX,
    VITE_GLOB_UPLOAD_URL,
-    VITE_GLOB_CLIENT_ID,
-    VITE_GLOB_CLIENT_SECRET,
-    VITE_GLOB_GATEWAY_ASE_ENCODE_SECRET,
    VITE_GLOB_FILE_PREVIEW_URL,
    VITE_GLOB_APP_OPEN_QIANKUN,
  } = ENV;
@ -53,9 +50,6 @@ export function getAppEnvConfig() {
				@@ -53,9 +50,6 @@ export function getAppEnvConfig() {
    VITE_GLOB_APP_SHORT_NAME,
    VITE_GLOB_API_URL_PREFIX,
    VITE_GLOB_UPLOAD_URL,
-    VITE_GLOB_CLIENT_ID,
-    VITE_GLOB_CLIENT_SECRET,
-    VITE_GLOB_GATEWAY_ASE_ENCODE_SECRET,
    VITE_GLOB_FILE_PREVIEW_URL,
    VITE_GLOB_APP_OPEN_QIANKUN,
  };
--- a/src/utils/http/axios/index.ts
+++ b/src/utils/http/axios/index.ts
@ -108,7 +108,7 @@ const transform: AxiosTransform = {
				@@ -108,7 +108,7 @@ const transform: AxiosTransform = {
  requestInterceptors: (config, options) => {
    // 请求之前处理config
    const token = getAccessToken();
-    const { clientId, clientSecret } = globSetting;
+    const clientId = import.meta.env.VITE_CLIENT_ID, clientSecret = import.meta.env.VITE_CLIENT_SECRET;
    const { clientId: customClientId , clientSecret: customClientSecret } = options?.requestOptions || {};
    // 使用token进行请求
    if (token && (config as Recordable)?.requestOptions?.withToken !== false) {
--- a/types/config.d.ts
+++ b/types/config.d.ts
@ -148,12 +148,6 @@ export interface GlobConfig {
				@@ -148,12 +148,6 @@ export interface GlobConfig {
  urlPrefix?: string;
  // 项目缩写
  shortName: string;
-  // client
-  clientId: string;
-  // clientSecret
-  clientSecret: string;
-  // 网关ase密码解密密钥,保持跟后端密钥一致,必须要有否则登录会失败的
-  gatewayAseEncodeSecret: string;
  // 文件在线预览网址
  filePreviewUrl?: string;
  // 开启微前端
@ -171,12 +165,6 @@ export interface GlobEnvConfig {
				@@ -171,12 +165,6 @@ export interface GlobEnvConfig {
  VITE_GLOB_APP_SHORT_NAME: string;
  // 上传网址
  VITE_GLOB_UPLOAD_URL?: string;
-  // client
-  VITE_GLOB_CLIENT_ID: string;
-  // clientSecret
-  VITE_GLOB_CLIENT_SECRET: string;
-  // 网关ase密码解密密钥,保持跟后端密钥一致,必须要有否则登录会失败的
-  VITE_GLOB_GATEWAY_ASE_ENCODE_SECRET: string;
  // 文件在线预览网址
  VITE_GLOB_FILE_PREVIEW_URL?: string;
  // 开启微前端