feat(安全): 增加验证码和安全验证功能

refactor(XSS): 重构XSS过滤逻辑并添加JSON反序列化过滤 feat(防重放): 前端添加防重放攻击机制 fix(验证码): 优化验证码生成和异常处理 style: 格式化代码并修复部分警告
2026-03-03 18:45:08 +08:00
parent 61aeba9c65
commit 07454a28d2
11 changed files with 485 additions and 102 deletions
--- a/biji-qianduan/src/components/home/dialogs/UpdatePasswordDialog.vue
+++ b/biji-qianduan/src/components/home/dialogs/UpdatePasswordDialog.vue
@@ -19,9 +19,17 @@
    </el-form>
    <template #footer>
      <el-button @click="handleClose">取消</el-button>
-      <el-button type="primary" @click="handleSubmit">确定</el-button>
+      <el-button type="primary" @click="handleSubmit" :loading="loading">确定</el-button>
    </template>
  </el-dialog>
+
+  <!-- 验证码弹窗 -->
+  <CaptchaDialog
+    v-model="captchaVisible"
+    description="修改密码需要安全验证"
+    @confirm="handleCaptchaConfirm"
+    @cancel="handleCaptchaCancel"
+  />
 </template>

 <script setup>
@@ -30,6 +38,7 @@ import { ElMessage } from 'element-plus';
 import { updatePassword } from '@/api/CommonApi.js';
 import { useUserStore } from '@/stores/user';
 import { useRouter } from 'vue-router';
+import CaptchaDialog from '@/components/CaptchaDialog.vue';

 const props = defineProps({
  visible: {
@@ -43,6 +52,10 @@ const userStore = useUserStore();
 const router = useRouter();

 const formRef = ref(null);
+const loading = ref(false);
+const captchaVisible = ref(false);
+const pendingFormData = ref(null);
+
 const form = ref({
  oldPassword: '',
  newPassword: '',
@@ -68,6 +81,7 @@ const rules = ref({
 watch(() => props.visible, (newVal) => {
  if (!newVal && formRef.value) {
    formRef.value.resetFields();
+    pendingFormData.value = null;
  }
 });

@@ -79,19 +93,36 @@ const handleSubmit = async () => {
  if (!formRef.value) return;
  await formRef.value.validate(async (valid) => {
    if (valid) {
-      try {
-        await updatePassword({
-          oldPassword: form.value.oldPassword,
-          newPassword: form.value.newPassword,
-        });
-        ElMessage.success('密码修改成功，请重新登录');
-        emit('password-updated');
-        handleClose();
-        // Logout logic will be handled by the parent component
-      } catch (error) {
-        ElMessage.error('密码修改失败: ' + error.message);
-      }
+      // 保存表单数据，显示验证码弹窗
+      pendingFormData.value = {
+        oldPassword: form.value.oldPassword,
+        newPassword: form.value.newPassword,
+      };
+      captchaVisible.value = true;
    }
  });
 };
+
+// 验证码确认
+const handleCaptchaConfirm = async ({ captchaId, captchaCode }) => {
+  if (!pendingFormData.value) return;
+  
+  loading.value = true;
+  try {
+    await updatePassword(pendingFormData.value, captchaId, captchaCode);
+    ElMessage.success('密码修改成功，请重新登录');
+    captchaVisible.value = false;
+    emit('password-updated');
+    handleClose();
+  } catch (error) {
+    ElMessage.error('密码修改失败: ' + (error.response?.data?.msg || error.message));
+  } finally {
+    loading.value = false;
+  }
+};
+
+// 验证码取消
+const handleCaptchaCancel = () => {
+  pendingFormData.value = null;
+};
 </script>