From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password
---
PAMapp/shared/services/httpClient.ts | 51 +++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 43 insertions(+), 8 deletions(-)
diff --git a/PAMapp/shared/services/httpClient.ts b/PAMapp/shared/services/httpClient.ts
index 531eda2..db17491 100644
--- a/PAMapp/shared/services/httpClient.ts
+++ b/PAMapp/shared/services/httpClient.ts
@@ -1,22 +1,45 @@
import { AxiosRequestConfig, AxiosError, AxiosResponse} from 'axios';
-import ErrorMessageBox from '../errorService';
import axios from 'axios';
import _ from 'lodash';
+import messageBoxService from './message-box.service';
+
const notRequireInterceptorErrorUrl = [
'/otp/verify',
+ // '/otp/sendOtp',
'/eService/authenticate',
'/login/validate/get_img_code',
'/login/validate/verify_img_code',
+ '/api/access_analysis/insert'
];
+const BASE_URL = process.env.BASE_URL!;
+
+function sanitizeBaseUrl(baseUrl: string): string {
+ const pattern = /^(https?:\/\/).+/i;
+ if (!pattern.test(baseUrl)) {
+ throw new Error('Invalid BASE_URL');
+ }
+ const cleanedBaseUrl = cleanUrl(baseUrl);
+ return cleanedBaseUrl;
+}
+
+function cleanUrl(url: string): string {
+ const cleanedUrl = url.replace(/[^a-zA-Z0-9:/._-]/g, '');
+ return cleanedUrl;
+}
+
+
export const http = axios.create({
- baseURL: process.env.BASE_URL,
+ baseURL: sanitizeBaseUrl(BASE_URL),
withCredentials: true
});
+let apiNumber = 0;
+
http.interceptors.request.use(
(config: AxiosRequestConfig) => {
+ apiNumber += 1;
loadingStart();
addHttpHeader(config);
return config;
@@ -25,11 +48,17 @@
http.interceptors.response.use(
(response: AxiosResponse) => {
- loadingFinish();
+ apiNumber -= 1;
+ if (apiNumber === 0) {
+ loadingFinish();
+ }
return response;
},
(error: AxiosError) => {
- loadingFinish();
+ apiNumber -= 1;
+ if (apiNumber === 0) {
+ loadingFinish();
+ }
showErrorMessageBox(error)
return Promise.reject(error);
}
@@ -37,7 +66,8 @@
function addHttpHeader(config: AxiosRequestConfig): void {
config.headers = {
- Authorization: 'Bearer ' + localStorage.getItem('id_token')
+ Authorization: 'Bearer ' + localStorage.getItem('id_token'),
+ 'content-type': 'application/json'
}
}
@@ -54,18 +84,23 @@
};
function showErrorMessageBox(error: any): void {
- // console.log('error', error, error.response);
setTimeout(() => {
+ // NOTE: 甇斤 HOT FIX 憿批��憭望������暹��� dialog [Tomas, 2022/7/20 14:21]
+ if(error.config.url.includes('/eService/authenticate')) return;
+ if (error.config.url.includes('/otp/sendOtp')) {
+ messageBoxService.showErrorMessage('', error);
+ return
+ }
if (!_.includes(notRequireInterceptorErrorUrl, error.config.url)) {
switch (error.response.status) {
case 401:
- Promise.all([ErrorMessageBox('���暹��'), window.$nuxt.$store.dispatch('localStorage/actionStorageClear')]).then(() => {
+ Promise.all([messageBoxService.showErrorMessage('���暹��'), window.$nuxt.$store.dispatch('localStorage/actionStorageClear')]).then(() => {
_.isEqual(window.$nuxt.$route.name, 'index') ? location.reload() : window.$nuxt.$router.push('/');
});
break;
default:
- ErrorMessageBox('', error);
+ messageBoxService.showErrorMessage('', error);
break;
}
}
--
Gitblit v1.8.0