Home Explore Help
Register Sign In
kylx365
/
miaoguo_system_server
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

0

chengjie 5 months ago
parent
1cc0c28d8b
commit
38e9b669ec
3 changed files with 28 additions and 6 deletions
Split View Show Diff Stats
  1. 3 2
      src/api/mps/mpsCommonController.js
  2. 1 1
      src/api/mps/routes.js
  3. 24 3
      src/api/web/webController.js

+ 3 - 2
src/api/mps/mpsCommonController.js
View File 

@@ -8,6 +8,7 @@ import config from '../../config/index.js';
8 8 
 import _ from 'lodash';
9 9 
 import axios from 'axios';
10 10 
 import { stringUtils } from '../../util/stringClass.js';
11 
+import { Encrypt, Decrypt } from '../../util/crypto/index.js';
11 12
12 13 
 /**
13 14 
  * 分数线网页首页
 
@@ -81,11 +82,11 @@ export async function WebMPSErrorHtml(ctx) {
81 82 
     }
82 83 
 };
83 84
84 
-export async function Login(ctx) {
85 
+export async function MPSLogin(ctx) {
85 86 
     //console.log("LoginStart:" + new Date().getSeconds());
86 87 
     let param = ctx.request.body;
87 88 
     if (param.param) {
88 
-        const paramStr = Crypto.Decrypt(param.param, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
89 
+        const paramStr = Decrypt(param.param, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
89 90 
         //console.log("paramStr:"+paramStr);
90 91 
         param = JSON.parse(paramStr);
91 92 
     }

+ 1 - 1
src/api/mps/routes.js
View File 

@@ -14,7 +14,7 @@ router.get('/mps',mpsCommonController.WebMPSHtml);
14 14 
 router.get('/mpserror',mpsCommonController.WebMPSErrorHtml);
15 15 
 router.get('/mpsschool',mpsCommonController.WebMPSSchoolHtml);
16 16
17 
-router.post('/api/MPSLogin',mpsCommonController.Login);
17 
+router.post('/api/MPSLogin',mpsCommonController.MPSLogin);
18 18 
 router.get('/api/GetMPSDistrict',mpsSchoolController.GetMPSDistrict);
19 19 
 router.get('/api/GetMPSFeedbackList',mpsCommonController.GetMPSFeedbackList);
20 20 
 router.get('/api/UpdateMPSFeedback',mpsCommonController.UpdateMPSFeedback);

+ 24 - 3
src/api/web/webController.js
View File 

@@ -4,6 +4,7 @@ import { promises as fsPromises } from 'fs';
4 4 
 import { globalCache } from '../../util/GlobalCache.js';
5 5 
 import config from '../../config/index.js';
6 6 
 import _ from 'lodash';
7 
+import { Encrypt, Decrypt } from '../../util/crypto/index.js';
7 8 
 import axios from 'axios';
8 9 
 import commonModel from '../../model/commonModel.js';
9 10 
 
@@ -29,7 +30,7 @@ export async function  WebLoginDo (ctx){
29 30
30 31 
         console.log("param.Param:"+param.Param);
31 32 
         param.Param=stringUtils.ReplaceAllString(param.Param,"@@@","+");
32 
-        param.Param2= Crypto.Decrypt(param.Param, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
33 
+        param.Param2= Decrypt(param.Param, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
33 34 
         console.log("param.Param2:"+param.Param2);
34 35
35 36 
         const arrTemp=param.Param2.split("&");
 
@@ -69,7 +70,7 @@ export async function  WebLoginDo (ctx){
69 70 
                     || param.UnionID == "oY_7p0ZqeajxewE0PSmP6X20AOtc"
70 71 
                     || process.env.NODE_ENV == "development") {
71 72
72 
-                    const userid = Crypto.Encrypt(param.UnionID, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
73 
+                    const userid = Encrypt(param.UnionID, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
73 74 
                     ctx.cookies.set('test', userid, {maxAge: 365 * 24 * 60 * 60 * 1000});
74 75 
                     //console.log("UnionID2:"+userid);
75 76 
 
@@ -181,7 +182,21 @@ export async function WebLogout(ctx) {
181 182 
  */
182 183 
 export async function Kylx365DBAdmin(ctx) {
183 184 
     console.log("Kylx365DBAdmin");
184 
-    const data = await fsPromises.readFile("./public/mg/kylx365_db_admin.html");
185 
+
186 
+    const allowedIP = '192.168.1.100';      // 您的本地IP
187 
+    const clientToken = ctx.req.headers['x-auth-token'];
188 
+    const clientIP = ctx.ip || ctx.request.ip ||
189 
+                (ctx.request.headers['x-forwarded-for'] || '').split(',')[0] ||
190 
+                ctx.request.socket.remoteAddress;
191 
+    console.log("clientIP:"+clientIP);
192 
+    let data = "";
193 
+
194 
+    if (clientIP === allowedIP || clientIP=="::1") {
195 
+        data = await fsPromises.readFile("./public/mg/kylx365_db_admin.html");
196 
+    } else {
197 
+        data = "There is an error in accessing the web page.";
198 
+    }
199 
+
185 200 
     ctx.body = data.toString();
186 201 
 };
187 202 
 
@@ -210,6 +225,12 @@ export async function RunKylx365DBSql(ctx) {
210 225 
         SQL: ctx.request.body.sql || "",
211 226 
         IsCompleteField:ctx.request.body.IsCompleteField || false,
212 227 
     };
228 
+
229 
+    // 获取客户端IP地址
230 
+    const clientIP = ctx.ip || ctx.request.ip ||
231 
+                    (ctx.request.headers['x-forwarded-for'] || '').split(',')[0] ||
232 
+                    ctx.request.socket.remoteAddress;
233 
+    console.log("客户端IP: " + clientIP);
213 234 
     console.log(param.SQL);
214 235 
     // 获取第一个分号前的SQL语句
215 236 
     const firstStatement = param.SQL.split(';')[0].trim();