bug233 短信注册受到攻击问题处理

909494b6 · honghy · wux · 0aee3506 · 909494b6 · 909494b6
Commit 909494b6 authored Feb 05, 2025 by honghy Committed by wux Feb 06, 2025
Hide whitespace changes
Inline Side-by-side

Showing with 5417 additions and 1 deletion

register.vue src/pages/register/register.vue +25 -1

jsencrypt-min.js src/utils/jsencrypt-min.js +5370 -0

jsencrypt.js src/utils/jsencrypt.js +22 -0

No files found.
--- a/src/pages/register/register.vue
+++ b/src/pages/register/register.vue
@@ -130,6 +130,8 @@

 <script>
 import userAgreement from "../../components/userAgreement/index.vue";
+import { encrypt } from '@/utils/jsencrypt'
+
 export default {
  components: {
    userAgreement,
@@ -204,6 +206,7 @@ export default {
      if (this.leftTime < 60) {
        return false;
      }
+	  
 	  var data = {
 	    mobile: this.mobile,
 	    nodeValue: 'user-sms-reg',
@@ -214,7 +217,28 @@ export default {
 	    isOrders: 0,
 	    messageType: this.smsData[e.detail.value]
 	  }
-
+	  var i = Math.floor(Math.random() * (3 - 1 + 1)) + 1
+      const specialChars = ['!', '@', '#', '$', '%', '^', '&', '*'];
+      var date = Date.now();
+      // 生成随机索引
+      const randomIndex = Math.floor(date % specialChars.length);
+      // 选择特殊字符
+      const specialChar = specialChars[randomIndex];
+	  var p1 = ''
+	  /*
+	  1:手机号+节点+秘钥
+	  2:手机号+国家号+秘钥
+	  3:手机号+国家号+节点+秘钥
+	   */
+	  if(i==1) {
+		p1 = data.mobile + data.nodeValue + 'gzjd8888' + specialChar
+	  } else if (i==2) {
+		p1 = data.mobile + data.areaCode + 'gzjd8888' + specialChar
+	  } else if (i==3) {
+		p1 = data.mobile + data.areaCode + data.nodeValue + 'gzjd8888' + specialChar
+	  }
+	  data['p1'] = encrypt(p1)
+	  data['p2'] = [i,date]
 	  this.$request
 	    .get("/app-api/param/validator/mobile", data)
 	    .then((res) => {

--- a/src/utils/jsencrypt-min.js
+++ b/src/utils/jsencrypt-min.js
--- a/src/utils/jsencrypt.js
+++ b/src/utils/jsencrypt.js
+import JSEncrypt from '@/utils/jsencrypt-min'
+
+// 密钥对生成 http://web.chacuo.net/netrsakeypair
+
+const publicKey = 'MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOE4LpDcF8WderHctum1zJQiy2TM+D5VWBEIxn9kvz9GL5A6ki8cWk0xacvN2Ros4pmHm573y7TJi8xv/YHplbsCAwEAAQ=='
+
+const privateKey = 'MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA4TgukNwXxZ16sdy26bXMlCLLZMz4PlVYEQjGf2S/P0YvkDqSLxxaTTFpy83ZGizimYebnvfLtMmLzG/9gemVuwIDAQABAkA7X3E/NRZ7PTnEO9hookmtX8LY7wQegqc1zmdt3CRizGJRB7/9LzDqvnOIvqqm+EoiZLjUUNKVkOom0FI2u32hAiEA8UtmegwiMaqmE4xrjqocLRAR0aVWV7i4fSTcSvLVCcsCIQDu8fvGY9wfVKEGgyfcJHuORowDAbYYXOulxC6sEW7l0QIgE1J2Yk+WbWO86NPVyRbWKsWep6sVvvCL1XmeKmJHrQECIQDGAEmVbTyDzdodjmNiXezwye7NswZVC/LNi1LtjQircQIhAIpF1rvPvxXkE7KvWTePrCWeU/+c6e1ylG7sPYumc1cx'
+
+// 加密
+export function encrypt(txt) {
+  const encryptor = new JSEncrypt()
+  encryptor.setPublicKey(publicKey) // 设置公钥
+  return encryptor.encrypt(txt) // 对数据进行加密
+}
+
+// 解密
+export function decrypt(txt) {
+  const encryptor = new JSEncrypt()
+  encryptor.setPrivateKey(privateKey) // 设置私钥
+  return encryptor.decrypt(txt) // 对数据进行解密
+}
+