jbcheong/hubez-admin
1
0
Fork 0
mirror of http://git.mhez-qa.uplus.co.kr/hubez/hubez-admin.git synced 2025-12-07 05:12:34 +09:00
Code Issues Projects Releases Wiki Activity

웹취약점, 모의해킹 조치

Browse Source
This commit is contained in:
USER
2022-08-24 14:04:30 +09:00
parent d0e0ef7020
commit a2273154d1
92 changed files with 1193 additions and 1246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
frontend/src/common/config.js
View File

@@ -7,7 +7,8 @@ const consts = {
tokenPart1: 'JwtPart1',
tokenPart2: 'JwtPart2',
tokenPart3: 'JwtPart3',
tokenPart4: 'JwtPart4'
tokenPart4: 'JwtPart4',
authToken: null
}
export { environment, testProp, consts };

87
frontend/src/common/http-client.js
View File

@@ -20,7 +20,8 @@ const authInterceptor = config => {
// cookie, header 등에 자격정보 설정이 필요한 api는 true 설정으로 호출해야 하고
// 자격정보 설정이 필요없는 api는 withCredentials=false 설정으로 호출해야 한다.
// config.withCredentials = !config.url.startsWith('/api/public/');
console.log("Test Url : "+ config.url);
// console.log("Test Url : "+ config.url);
/*if(config.url == '/api/auth/login'){
config.baseURL = "http://localhost:3000";
}*/
@@ -28,17 +29,27 @@ const authInterceptor = config => {
};
const tokenInterceptor = config => {
if(tokenSvc.getAuthorization(consts.tokenPart1) != null){
config.headers.Authorization = tokenSvc.getAuthorization(consts.tokenPart1);
//console.log("getToken : "+config.headers.Authorization);
//config.headers.Authorization = tokenSvc.getToken();
// var authToken = tokenSvc.getAuthToken();
// console.log(this.$store);
// alert('tokenInterceptor'+authToken);
// if(tokenSvc.getAuthorization(consts.tokenPart1) != null){
// //config.headers.Authorization = tokenSvc.getAuthorization(consts.tokenPart1);
// //console.log("getToken : "+config.headers.Authorization);
// //config.headers.Authorization = tokenSvc.getToken();
// }
console.log('http : ',sessionStorage.authToken);
if(sessionStorage.authToken != null) {
config.headers.Authorization = 'Bearer '+ sessionStorage.authToken;
}
return config;
}
const loggerInterceptor = config => {
//console.log('testProp:', testProp);
//console.log('request url:', config.url, 'params:', config.data);
console.log('request url:', config.url, 'params:', config.data, 'config: ', config);
return config;
};
@@ -48,46 +59,65 @@ const loadingLayer = (type, config) => {
get: httpClient.get(url, { params: { ... }, headers: {"show-layer": "Yes"} }) // in 2nd property
post: httpClient.post(url, params, { headers: {"show-layer": "Yes"} }) // 3rd property
*/
if (config.headers['Show-Layer'] == 'Yes') {
if (type) {
loadOverlap.push('add');
} else {
loadOverlap.pop();
}
// if (config.headers['Show-Layer'] == 'Yes') {
// if (type) {
// loadOverlap.push('add');
// } else {
// loadOverlap.pop();
// }
if (loadOverlap.length > 0) {
document.querySelector('html > body').style.overflow = 'hidden'; // 스크롤 block
document.getElementsByClassName('loading_layer')[0].style.display = 'block';
} else {
document.querySelector('html > body').style.removeProperty('overflow'); // 스크롤 allow
document.getElementsByClassName('loading_layer')[0].style.display = 'none';
}
// if (loadOverlap.length > 0) {
// document.querySelector('html > body').style.overflow = 'hidden'; // 스크롤 block
// document.getElementsByClassName('loading_layer')[0].style.display = 'block';
// } else {
// document.querySelector('html > body').style.removeProperty('overflow'); // 스크롤 allow
// document.getElementsByClassName('loading_layer')[0].style.display = 'none';
// }
// }
if(type){
document.querySelector('html > body').style.overflow = 'hidden'; // 스크롤 block
document.getElementsByClassName('loadingDimmed')[0].style.display = 'block';
document.getElementsByClassName('sp-3balls')[0].style.display = 'block';
}else{
document.querySelector('html > body').style.removeProperty('overflow'); // 스크롤 allow
document.getElementsByClassName('loadingDimmed')[0].style.display = 'none';
document.getElementsByClassName('sp-3balls')[0].style.display = 'none';
}
};
/*const loadingLayerInterceptor = config => {
const urlInterceptor = config => {
if(sessionStorage.fromUrl != null){
config.params.fromUrl = sessionStorage.fromUrl;
}
return config;
}
const loadingLayerInterceptor = config => {
loadingLayer(true, config);
return config;
};*/
};
/** Adding the request interceptors */
httpClient.interceptors.request.use(authInterceptor);
httpClient.interceptors.request.use(tokenInterceptor);
httpClient.interceptors.request.use(urlInterceptor);
httpClient.interceptors.request.use(loggerInterceptor);
//httpClient.interceptors.request.use(loadingLayerInterceptor);
httpClient.interceptors.request.use(loadingLayerInterceptor);
/** Adding the response interceptors */
httpClient.interceptors.response.use(
response => {
//loadingLayer(false, response.config);
loadingLayer(false, response.config);
console.log('response status:', response.status, 'data:', response.data);
return response;
},
error => {
console.log(error);
//alert(error);
delete sessionStorage.authToken;
if(error.message === 'Network Error'){
alert('네트워크 오류가 발생했습니다. 잠시 후 다시 시도해주세요.');
tokenSvc.removeToken();
// tokenSvc.removeToken();
window.top.location.href = '/login';
}
if (error.response != undefined && error.response != null) loadingLayer(false, error.response.config);
@@ -98,17 +128,18 @@ httpClient.interceptors.response.use(
return Promise.reject(error);
}else if(error.response.status == 401){
alert('세션이 만료되었습니다.');
tokenSvc.removeToken();
// tokenSvc.removeToken();
window.top.location.href = '/login';
} else if (error.response.status == 418) {
tokenSvc.removeToken();
// tokenSvc.removeToken();
alert('세션이 만료되었습니다.');
window.top.location.href = '/login';
}else if (error.response.status == 500) {
if (error.response.data != null && error.response.data.message == '511 NETWORK_AUTHENTICATION_REQUIRED') {
alert('웹템플릿 IP가 브랜드포털에 등록이 필요합니다. 기술지원에 문의해주세요.');
return Promise.reject(error);
} else {
tokenSvc.removeToken();
// tokenSvc.removeToken();
window.top.location.href = '/login';
}
} else if (error.response.status == 511) {
@@ -120,7 +151,7 @@ httpClient.interceptors.response.use(
// return Promise.reject(error);
// }
else {
alert("else");
// alert("else");
console.log('response error:', error);
return Promise.reject(error);
}

61
frontend/src/common/token-service.js
View File

@@ -1,53 +1,28 @@
import * as utils from './utils';
import { consts } from './config';
// const KEY_TOKEN = 'access_token';
const tokenSvc = {
getToken() {
// return store.getters['login/getToken'];
// var payload = sessionStorage.getItem(KEY_TOKEN);
var jwtPart1 = utils.getCookie(consts.tokenPart1);
if (!jwtPart1)
return null;
var payload = utils.base64decode(jwtPart1.split('.').pop());
return JSON.parse(payload);
},
removeToken() {
var tokenNm1 = consts.tokenPart1;
var tokenNm2 = consts.tokenPart2;
var tokenNm3 = consts.tokenPart3;
var tokenNm4 = consts.tokenPart4;
document.cookie = tokenNm1+'=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
document.cookie = tokenNm2+'=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
document.cookie = tokenNm3+'=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
document.cookie = tokenNm4+'=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
},
getAuthorization(tokenKey){
var jwtPart = utils.getCookie(tokenKey);
if(!jwtPart){
var authToken = sessionStorage.getItem('authToken');
if(authToken == null){
return null;
}
return jwtPart;
var tokenArr = authToken.split('.');
var jwtToken = utils.base64decode(tokenArr[1]);
return JSON.parse(jwtToken);
},
// saveToken(jwtPart1) {
// if (!jwtPart1)
// return;
// var payload = utils.base64decode(jwtPart1.split('.').pop());
// console.log('save token:', payload);
// // store.commit('login/saveToken', token);
// sessionStorage.setItem(KEY_TOKEN, payload);
// },
// removeToken() {
// // store.commit('login/removeToken');
// sessionStorage.removeItem(KEY_TOKEN);
// }
removeToken() {
delete sessionStorage.authToken;
},
setAuthToken(token){
sessionStorage.authToken = token;
},
getAuthToken(){
var authToken = sessionStorage.authToken;
return authToken;
}
};
export default tokenSvc;

2
frontend/src/common/vue-mixins.js
View File

@@ -46,7 +46,7 @@ const coreUiMixin = {
*/
openLayer: function(layerId) {
if (layerId == undefined || layerId == null || layerId == '') {
alert('layerId를 설정해 주세요.');
// alert('layerId를 설정해 주세요.');
} else {
this.$emit('changeLayerId', layerId);
}