历史消息漏洞修改、uid删除暴露

李奇
Commit ffe851cd91a59cd21ca7a2798850b6742b8f91a2 1 parent 72a8a729
Showing 5 changed files with 31 additions and 61 deletions
apps/service/controllers/chat.js
apps/service/models/im-api.js
apps/service/views/action/chat/index.hbs
public/js/service/chat/index.js
public/js/service/chat/store.js
--- a/apps/service/controllers/chat.js
View file @ffe851c
+++ b/apps/service/controllers/chat.js
View file @ffe851c
@@ -42,7 +42,6 @@ exports.page = (req, res, next) => {
                 imCs: global.yoho.config.domains.imCs,
                 imSocket: global.yoho.config.domains.imSocket,
                 userData: {
-                     uid: uid,
                     encrypteduid: crypto.encryption(null, uid + ''),
                     avatar: helpers.image(userinfo.head_ico, 100, 100),
                     uname: userinfo.profile_name
@@ -80,15 +79,10 @@ exports.getOrders = (req, res, next) => {
  *
  */
 exports.fetchHistory = (req, res) => {
-     let uid = req.user.uid;
- 
-     if (!uid) {
-         uid = req.query.uid;
-     }
- 
-     const endTime = req.query.endTime;
+     const encryptedUid = req.body.encryptedUid;
+     const endTime = req.body.endTime;
 
-     imApi.fetchImHistory(uid, endTime).then(result => {
+     imApi.fetchImHistory(encryptedUid, endTime).then(result => {
         res.json(result);
     });
 };
@@ -115,16 +109,11 @@ exports.msghistory = (req, res) => {
  *      content    留言内容
  */
 exports.saveMSG = (req, res) => {
-     let uid = req.user.uid;
- 
-     if (!uid) {
-         uid = req.body.uid;
-     }
- 
+     let encryptedUid = req.body.encryptedUid;
     const conversationId = req.body.conversationId;
     const content = req.body.content;
 
-     imApi.saveMessage(uid, conversationId, content)
+     imApi.saveMessage(encryptedUid, conversationId, content)
         .then(result => {
             res.json(result);
         });
@@ -139,14 +128,9 @@ exports.saveMSG = (req, res) => {
  *      2.  失败情况
  */
 exports.fetchOrders = (req, res) => {
-     let uid = req.user.uid;
+     let encryptedUid = req.body.encryptedUid;
 
-     if (!uid) {
-         uid = req.query.uid;
-     }
- 
- 
-     imApi.fetchOrderList(uid)
+     imApi.fetchOrderList(encryptedUid)
         .then(result => {
             imModel.handleOrderList(result.data, 128, 170);
             res.json(result);
@@ -159,19 +143,13 @@ exports.fetchOrders = (req, res) => {
 };
 
 exports.saveEvalute = (req, res) => {
-     let uid = req.user.uid;
- 
-     if (!uid) {
-         uid = req.body.uid;
-     }
- 
- 
+     const encryptedUid = req.body.encryptedUid;
     const conversationId = req.body.conversationId;
     const promoter = req.body.promoter;
     const stars = req.body.stars;
     const reasonMsg = req.body.reasonMsg || '';
 
-     imApi.saveEvalute(uid, conversationId, promoter, stars, reasonMsg)
+     imApi.saveEvalute(encryptedUid, conversationId, promoter, stars, reasonMsg)
         .then(result => {
             return res.json(result);
         }).catch(() => {
@@ -184,12 +162,7 @@ exports.saveEvalute = (req, res) => {
 
 
 exports.queryGlobalOrder = (req, res) => {
-     let uid = req.user.uid;
- 
-     if (!uid) {
-         uid = req.query.uid;
-     }
- 
+     let encryptedUid = req.body.encryptedUid;
 
     let emptyOrder = {
         code: 200,
@@ -197,7 +170,7 @@ exports.queryGlobalOrder = (req, res) => {
         message: '获取失败'
     };
 
-     imApi.queryGlobalOrder(uid)
+     imApi.queryGlobalOrder(encryptedUid)
         .then(result=> {
             imModel.handleOrderList(result.data, 128, 170);
             res.json(result);
--- a/apps/service/models/im-api.js
View file @ffe851c
+++ b/apps/service/models/im-api.js
View file @ffe851c
@@ -16,15 +16,15 @@ const encryptedUid = uid => crypto.encryption(null, uid + '');
  *  新建留言信息
  *  path: {host}/leavemessage/saveLeavemessage
  *
-  *  @param {int} uid 用户id
+  *  @param {int} encryptedUid 加密用户id
  *  @param {int} conversationId 会话id
  *  @param {str} content 留言内容
  */
- exports.saveMessage = (uid, conversationId, content) => {
+ exports.saveMessage = (encryptedUid, conversationId, content) => {
     let params = {
         conversationId,
         content,
-         encryptedUid: encryptedUid(uid)
+         encryptedUid
     };
 
 
@@ -35,17 +35,17 @@ exports.saveMessage = (uid, conversationId, content) => {
 
 /**
  *  查询用户聊天记录
-  *  @param {int} uid 用户uid
+  *  @param {string} encryptedUid 加密用户uid
  *  @param [int] pageSize 每次加载的聊天记录
  *  @param [int] startTime
  *  @param [int] endTime
  */
- exports.fetchImHistory = (uid, endTime, pageSize, startTime) => {
+ exports.fetchImHistory = (encryptedUid, endTime, pageSize, startTime) => {
     pageSize = pageSize || 10;
 
     let params = {
         pageSize,
-         encryptedUid: encryptedUid(uid)
+         encryptedUid
     };
 
     _.forEach({startTime, endTime}, (val, key) => {
@@ -67,12 +67,12 @@ exports.fetchImHistory = (uid, endTime, pageSize, startTime) => {
 
 /**
  *  获取用户订单, 默认最近10笔
-  *  @param {int} uid 用户uid
+  *  @param {string} encryptedUid 用户加密uid
  *  @param {init} createTimeBegin 开始时间
  */
- exports.fetchOrderList = (uid, createTimeBegin) => {
+ exports.fetchOrderList = (encryptedUid, createTimeBegin) => {
     let params = {
-         encryptedUid: encryptedUid(uid),
+         encryptedUid,
         imgSize: '90x120',
     };
 
@@ -105,10 +105,10 @@ exports.fetchOrderList = (uid, createTimeBegin) => {
 | reasonMsg      | string | N    | 其他原因            |
 
  */
- exports.saveEvalute = (uid, conversationId, promoter, stars, reasonMsg) => {
+ exports.saveEvalute = (encryptedUid, conversationId, promoter, stars, reasonMsg) => {
     let params = {
         conversationId,
-         encryptedUid: encryptedUid(uid),
+         encryptedUid,
         promoter,
         stars,
         reasonMsg
@@ -122,9 +122,9 @@ exports.saveEvalute = (uid, conversationId, promoter, stars, reasonMsg) => {
  *  获取全球购的订单
  */
 
- exports.queryGlobalOrder = uid => {
+ exports.queryGlobalOrder = encryptedUid => {
     let params = {
-         encryptedUid: encryptedUid(uid)
+         encryptedUid
     };
 
     return ImService.post('/api/order/queryGlobalOrder', params);
--- a/apps/service/views/action/chat/index.hbs
View file @ffe851c
+++ b/apps/service/views/action/chat/index.hbs
View file @ffe851c
@@ -62,7 +62,6 @@
 
 <input type="hidden" id="js-im" name="im-server" value="{{imCs}}">
 {{#with userData}}
- <input type="hidden" id="js-uid" value="{{uid}}">
 <input type="hidden" id="js-eid" value="{{encrypteduid}}">
 <input type="hidden" id="js-avatar" value="{{avatar}}">
 <input type="hidden" id="js-uname" value="{{uname}}">
--- a/public/js/service/chat/index.js
View file @ffe851c
+++ b/public/js/service/chat/index.js
View file @ffe851c
@@ -39,7 +39,6 @@ const msgTypeMap = {
 };
 
 let userName = $('#js-uname').val();
- let uid = $('#js-uid').val() || 0;
 let encryptedUid = cmEntity.encryptedUid = $('#js-eid').val() || 0;
 let userAvatar = cmEntity.userHead = socketConf.defaultUserHead;
 
@@ -267,7 +266,6 @@ var chat = {
 
         this.$ratingView.on('click', '.submit', function() {
             self.ratingView.post({
-                 uid,
                 encryptedUid,
                 conversationId: cmEntity.conversationId,
             });
@@ -616,7 +614,7 @@ var chat = {
                 break;
             case allTypes.IN_QUNEUE:
                 this._sysInfo(chatMessage.content);
-                 break;    
+                 break;
             case allTypes.CS_CHANGE_STATE:
                 if (msgType === 5) { // 重复登陆
                     this._sysInfo(chatMessage.content);
@@ -762,7 +760,7 @@ var chat = {
             return $.Deferred().resolve(false); // eslint-disable-line
         }
 
-         return api.msghistory(uid, encryptedUid, msgHistory.endTime)
+         return api.msghistory(encryptedUid, msgHistory.endTime)
             .done(function(result) {
                 if (!result || result.code !== 200 || !result.data) {
                     return false;
--- a/public/js/service/chat/store.js
View file @ffe851c
+++ b/public/js/service/chat/store.js
View file @ffe851c
@@ -5,7 +5,7 @@ const socketConf = require('./socket-config');
 const conversation = socketConf.conversationMessage;
 const slice = Array.prototype.slice;
 
- let uid = $('#js-uid').val();
+ let encryptedUid = $('#js-eid').val();
 
 // EventEmitter
 //--------------------------------------------------------
@@ -55,7 +55,7 @@ let api = {
         return $.post('/service/leavemsg/save.json', {
             conversationId: conversation.conversationId,
             content,
-             uid
+             encryptedUid
         });
     },
 
@@ -67,11 +67,11 @@ let api = {
     fetchOrders: function(type) {
         let url = `/service/im/${type}-list`;
 
-         return $.post(url, {uid});
+         return $.post(url, {encryptedUid});
     },
 
     // 获取10条历史记录
-     msghistory: function(uid, encryptedUid, endTime) {
+     msghistory: function(encryptedUid, endTime) {
         let url = '/service/im/fetchHistory';
         let data = {
             encryptedUid
@@ -83,7 +83,7 @@ let api = {
     },
 
     saveEvalute: function(data) {
-         data.uid = uid;
+         data.encryptedUid = encryptedUid;
         return $.post('/service/im/saveEvalute', data);
     },