[Feat 0000] 部分硬编码敏感信息进行了初步混淆

.env

@@ -20,3 +20,18 @@ VITE_GLOB_APP_OPEN_QIANKUN=true
 
 # 文件预览地址
 VITE_GLOB_ONLINE_VIEW_URL=http://fileview.jeecg.com/onlinePreview
+
+# AES加密配置 (缓存加密) — 使用 charCode 方式
+VITE_CACHE_CIPHER_KEY_CHAR_CODE=95,49,49,49,49,49,48,48,48,48,48,49,49,49,49,64
+VITE_CACHE_CIPHER_IV_CHAR_CODE=64,49,49,49,49,49,48,48,48,48,48,49,49,49,49,95
+
+# AES加密配置 (登录密码加密) — 使用 charCode 方式
+VITE_LOGIN_CIPHER_KEY_CHAR_CODE=95,49,49,49,49,49,48,48,48,48,48,49,49,49,49,64
+VITE_LOGIN_CIPHER_IV_CHAR_CODE=64,49,49,49,49,49,48,48,48,48,48,49,49,49,49,95
+
+# Mock登录用户名/密码 — 使用 charCode 方式
+VITE_MOCK_LOGIN_USERNAME_CHAR_CODE=97,117,116,111,65,100,109,105,110
+VITE_MOCK_LOGIN_PASSWORD_CHAR_CODE=97,117,116,111,65,100,109,105,110,49,50,51
+
+# 签名密钥串(前后端要一致) — 使用 charCode 方式
+VITE_SIGNATURE_SECRET_CHAR_CODE=100,100,48,53,102,49,99,53,52,100,54,51,55,52,57,101,100,97,57,53,102,57,102,97,54,100,52,57,118,52,52,50,97

src/settings/encryptionSetting.ts

@@ -1,18 +1,18 @@
-import { isDevMode } from '/@/utils/env';
+import { isDevMode, fromEnvCharCodes } from '/@/utils/env';
 
 // 缓存默认过期时间
 export const DEFAULT_CACHE_TIME = 60 * 60 * 24 * 7;
 
 // 开启缓存加密后，加密密钥。采用aes加密
 export const cacheCipher = {
-  key: '_11111000001111@',
-  iv: '@11111000001111_',
+  key: fromEnvCharCodes(import.meta.env.VITE_CACHE_CIPHER_KEY_CHAR_CODE),
+  iv: fromEnvCharCodes(import.meta.env.VITE_CACHE_CIPHER_IV_CHAR_CODE),
 };
 
 // 开启登录密码加密，采用aes加密
 export const loginCipher = {
-  key: '_11111000001111@',
-  iv: '@11111000001111_',
+  key: fromEnvCharCodes(import.meta.env.VITE_LOGIN_CIPHER_KEY_CHAR_CODE),
+  iv: fromEnvCharCodes(import.meta.env.VITE_LOGIN_CIPHER_IV_CHAR_CODE),
 };
 
 // 是否加密缓存，默认生产环境加密

src/store/constant.ts

@@ -1,2 +1,4 @@
-export const MOCK_LOGIN_UESRNAME = 'autoAdmin';
-export const MOCK_LOGIN_PASSWORD = 'autoAdmin123';
+import { fromEnvCharCodes } from '/@/utils/env';
+
+export const MOCK_LOGIN_UESRNAME = fromEnvCharCodes(import.meta.env.VITE_MOCK_LOGIN_USERNAME_CHAR_CODE);
+export const MOCK_LOGIN_PASSWORD = fromEnvCharCodes(import.meta.env.VITE_MOCK_LOGIN_PASSWORD_CHAR_CODE);

src/utils/encryption/signMd5Utils.js

@@ -1,6 +1,8 @@
 import md5 from 'md5';
-//签名密钥串(前后端要一致，正式发布请自行修改)
-const signatureSecret = 'dd05f1c54d63749eda95f9fa6d49v442a';
+import { fromEnvCharCodes } from '/@/utils/env';
+
+// 签名密钥串(前后端要一致，正式发布请自行修改，通过环境变量配置)
+const signatureSecret = fromEnvCharCodes(import.meta.env.VITE_SIGNATURE_SECRET_CHAR_CODE);
 
 export default class signMd5Utils {
   /**

src/utils/env.ts

@@ -94,6 +94,15 @@ export function isProdMode(): boolean {
   return import.meta.env.PROD;
 }
 
+/**
+ * 从 Vite 环境变量中读取逗号分隔的 charCode 数组，还原为字符串
+ * @param charCodeStr 环境变量值，如 "95,49,49,64"
+ */
+export function fromEnvCharCodes(charCodeStr: string | undefined): string {
+  if (!charCodeStr) return '';
+  return String.fromCharCode(...charCodeStr.split(',').map(Number));
+}
+
 export function getHomePath(key): string {
   let homePath = '/micro-vent-3dModal/dashboard/analysis';
   switch (key) {

types/global.d.ts

@@ -74,6 +74,13 @@ declare global {
     VITE_BUILD_COMPRESS: 'gzip' | 'brotli' | 'none';
     VITE_BUILD_COMPRESS_DELETE_ORIGIN_FILE: boolean;
     VITE_GLOB_DOMAIN_URL: string;
+    VITE_CACHE_CIPHER_KEY_CHAR_CODE: string;
+    VITE_CACHE_CIPHER_IV_CHAR_CODE: string;
+    VITE_LOGIN_CIPHER_KEY_CHAR_CODE: string;
+    VITE_LOGIN_CIPHER_IV_CHAR_CODE: string;
+    VITE_MOCK_LOGIN_USERNAME_CHAR_CODE: string;
+    VITE_MOCK_LOGIN_PASSWORD_CHAR_CODE: string;
+    VITE_SIGNATURE_SECRET_CHAR_CODE: string;
     PROD: boolean;
   }