5 maanden geleden · 38e9b669ec
--- a/src/api/mps/mpsCommonController.js
+++ b/src/api/mps/mpsCommonController.js
@@ -8,6 +8,7 @@ import config from '../../config/index.js';
 
				 import _ from 'lodash';
			
 
				 import axios from 'axios';
			
 
				 import { stringUtils } from '../../util/stringClass.js';
			
 
				+import { Encrypt, Decrypt } from '../../util/crypto/index.js';
			
 
				 
			
 
				 /**
			
 
				  * 分数线网页首页
			
@@ -81,11 +82,11 @@ export async function WebMPSErrorHtml(ctx) {
 
				     }
			
 
				 };
			
 
				 
			
 
				-export async function Login(ctx) {
			
 
				+export async function MPSLogin(ctx) {
			
 
				     //console.log("LoginStart:" + new Date().getSeconds());
			
 
				     let param = ctx.request.body;
			
 
				     if (param.param) {
			
 
				-        const paramStr = Crypto.Decrypt(param.param, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
			
 
				+        const paramStr = Decrypt(param.param, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
			
 
				         //console.log("paramStr:"+paramStr);
			
 
				         param = JSON.parse(paramStr);
			
 
				     }
			
--- a/src/api/mps/routes.js
+++ b/src/api/mps/routes.js
@@ -14,7 +14,7 @@ router.get('/mps',mpsCommonController.WebMPSHtml);
 
				 router.get('/mpserror',mpsCommonController.WebMPSErrorHtml);
			
 
				 router.get('/mpsschool',mpsCommonController.WebMPSSchoolHtml);
			
 
				 
			
 
				-router.post('/api/MPSLogin',mpsCommonController.Login);
			
 
				+router.post('/api/MPSLogin',mpsCommonController.MPSLogin);
			
 
				 router.get('/api/GetMPSDistrict',mpsSchoolController.GetMPSDistrict);
			
 
				 router.get('/api/GetMPSFeedbackList',mpsCommonController.GetMPSFeedbackList);
			
 
				 router.get('/api/UpdateMPSFeedback',mpsCommonController.UpdateMPSFeedback);
			
--- a/src/api/web/webController.js
+++ b/src/api/web/webController.js
@@ -4,6 +4,7 @@ import { promises as fsPromises } from 'fs';
 
				 import { globalCache } from '../../util/GlobalCache.js';
			
 
				 import config from '../../config/index.js';
			
 
				 import _ from 'lodash';
			
 
				+import { Encrypt, Decrypt } from '../../util/crypto/index.js';
			
 
				 import axios from 'axios';
			
 
				 import commonModel from '../../model/commonModel.js';
			
 
				 
			
@@ -29,7 +30,7 @@ export async function  WebLoginDo (ctx){
 
				 
			
 
				         console.log("param.Param:"+param.Param);
			
 
				         param.Param=stringUtils.ReplaceAllString(param.Param,"@@@","+");
			
 
				-        param.Param2= Crypto.Decrypt(param.Param, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
			
 
				+        param.Param2= Decrypt(param.Param, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
			
 
				         console.log("param.Param2:"+param.Param2);
			
 
				 
			
 
				         const arrTemp=param.Param2.split("&");
			
@@ -69,7 +70,7 @@ export async function  WebLoginDo (ctx){
 
				                     || param.UnionID == "oY_7p0ZqeajxewE0PSmP6X20AOtc"
			
 
				                     || process.env.NODE_ENV == "development") {
			
 
				 
			
 
				-                    const userid = Crypto.Encrypt(param.UnionID, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
			
 
				+                    const userid = Encrypt(param.UnionID, config.urlSecrets.aes_key, config.urlSecrets.aes_iv);
			
 
				                     ctx.cookies.set('test', userid, {maxAge: 365 * 24 * 60 * 60 * 1000});
			
 
				                     //console.log("UnionID2:"+userid);
			
 
				 
			
@@ -181,7 +182,21 @@ export async function WebLogout(ctx) {
 
				  */
			
 
				 export async function Kylx365DBAdmin(ctx) {
			
 
				     console.log("Kylx365DBAdmin");
			
 
				-    const data = await fsPromises.readFile("./public/mg/kylx365_db_admin.html");
			
 
				+
			
 
				+    const allowedIP = '192.168.1.100';      // 您的本地IP
			
 
				+    const clientToken = ctx.req.headers['x-auth-token'];
			
 
				+    const clientIP = ctx.ip || ctx.request.ip || 
			
 
				+                (ctx.request.headers['x-forwarded-for'] || '').split(',')[0] || 
			
 
				+                ctx.request.socket.remoteAddress;
			
 
				+    console.log("clientIP:"+clientIP);
			
 
				+    let data = "";
			
 
				+    
			
 
				+    if (clientIP === allowedIP || clientIP=="::1") {
			
 
				+        data = await fsPromises.readFile("./public/mg/kylx365_db_admin.html");
			
 
				+    } else {
			
 
				+        data = "There is an error in accessing the web page.";
			
 
				+    }
			
 
				+
			
 
				     ctx.body = data.toString();
			
 
				 };
			
 
				 
			
@@ -210,6 +225,12 @@ export async function RunKylx365DBSql(ctx) {
 
				         SQL: ctx.request.body.sql || "",
			
 
				         IsCompleteField:ctx.request.body.IsCompleteField || false,
			
 
				     };
			
 
				+    
			
 
				+    // 获取客户端IP地址
			
 
				+    const clientIP = ctx.ip || ctx.request.ip || 
			
 
				+                    (ctx.request.headers['x-forwarded-for'] || '').split(',')[0] || 
			
 
				+                    ctx.request.socket.remoteAddress;
			
 
				+    console.log("客户端IP: " + clientIP);
			
 
				     console.log(param.SQL);
			
 
				     // 获取第一个分号前的SQL语句
			
 
				     const firstStatement = param.SQL.split(';')[0].trim();