From 463c7f43eb7e530967683cdcacffcef786a4e817 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期四, 31 八月 2023 08:57:55 +0800
Subject: [PATCH] [UPDATE] 解決弱點Insecure block cipher mode, AES CBC安全性上不足所以需要改為GCM模式來做加密
---
PAMapp/shared/services/login.service.ts | 26 ++++++++++++++------------
1 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/PAMapp/shared/services/login.service.ts b/PAMapp/shared/services/login.service.ts
index 4b06bed..3c8f45a 100644
--- a/PAMapp/shared/services/login.service.ts
+++ b/PAMapp/shared/services/login.service.ts
@@ -2,6 +2,8 @@
import { AxiosResponse } from 'axios';
import _ from "lodash";
import CryptoJS from "crypto-js";
+import forge from "node-forge";
+// import CryptoJS from "asmcrypto-js";
import { ConsultantLoginInfo } from "../models/ConsultantLoginInfo";
import { LoginRequest } from "../models/loginRequest.model";
@@ -86,19 +88,19 @@
/** 憿批�� **/
logInToConsultant(consultantDto:ConsultantLoginInfo, verificationCode: string):Promise<AxiosResponse<LoginSuccessToken>>{
- const key = "PAMKEY1234567890";
- const iv = "0123456789abcdef";
+ const iv = "0123456789abcdef";
+ const key = "PAMKEY1234567890";
+ const cipher = forge.cipher.createCipher('AES-GCM', key);
+ cipher.start({
+ iv:iv
+ });
+ cipher.update(forge.util.createBuffer(forge.util.encodeUtf8(consultantDto.password)));
+ cipher.finish();
+ const encry = cipher.output;
+ var tag = cipher.mode.tag;
+ const encryptedPassword = window.btoa(encry.data+tag.data);
- const keyBytes = CryptoJS.enc.Utf8.parse(key);
- const ivBytes = CryptoJS.enc.Utf8.parse(iv);
-
- const encrypted = CryptoJS.AES.encrypt(consultantDto.password, keyBytes, {
- iv: ivBytes,
- mode: CryptoJS.mode.CBC,
- padding: CryptoJS.pad.Pkcs7,
- });
-
- return http.post(`/eService/authenticate/${verificationCode}`, { ...consultantDto, password: encrypted.toString() });
+ return http.post(`/eService/authenticate/${verificationCode}`, { ...consultantDto, password: encryptedPassword});
}
async logout(): Promise<void> {
--
Gitblit v1.8.0