iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(miniprogram): Token XOR 混淆存储
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details

Browse Source 
- 新增 secure-storage 工具:XOR + Base64 混淆 token 存储
- request.ts 和 auth.ts 中所有 access_token/refresh_token 存取
  均通过 secure-storage,避免明文暴露在 Storage 中
This commit is contained in:
iven
2026-04-24 12:52:20 +08:00
parent 37ff907815
commit 60a8a591a8
3 changed files with 58 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
apps/miniprogram/src/stores/auth.ts
View File

@@ -1,6 +1,7 @@
import { create } from 'zustand';
import Taro from '@tarojs/taro';
import * as authApi from '@/services/auth';
import { secureGet, secureSet, secureRemove } from '@/utils/secure-storage';
interface BindPhoneResp {
access_token: string;
@@ -33,8 +34,8 @@ export const useAuthStore = create<AuthState>((set, get) => ({
loading: false,
restore: () => {
const token = Taro.getStorageSync('access_token') || null;
const refreshToken = Taro.getStorageSync('refresh_token') || null;
const token = secureGet('access_token') || null;
const refreshToken = secureGet('refresh_token') || null;
const user = Taro.getStorageSync('user') || null;
const currentPatient = Taro.getStorageSync('current_patient') || null;
set({ token, refreshToken, user, currentPatient });
@@ -46,8 +47,8 @@ export const useAuthStore = create<AuthState>((set, get) => ({
const resp = await authApi.wechatLogin(code);
if (resp.bound && resp.token) {
const { access_token, refresh_token, user } = resp.token;
Taro.setStorageSync('access_token', access_token);
Taro.setStorageSync('refresh_token', refresh_token);
secureSet('access_token', access_token);
secureSet('refresh_token', refresh_token);
Taro.setStorageSync('user', user);
Taro.setStorageSync('tenant_id', user.tenant_id || '');
set({ token: access_token, refreshToken: refresh_token, user, loading: false });
@@ -73,8 +74,8 @@ export const useAuthStore = create<AuthState>((set, get) => ({
}
const resp = await authApi.wechatBindPhone(openid, encryptedData, iv) as BindPhoneResp;
const { access_token, refresh_token, user } = resp;
Taro.setStorageSync('access_token', access_token);
Taro.setStorageSync('refresh_token', refresh_token);
secureSet('access_token', access_token);
secureSet('refresh_token', refresh_token);
Taro.setStorageSync('user', user);
Taro.setStorageSync('tenant_id', user.tenant_id || '');
Taro.removeStorageSync('wechat_openid');
@@ -105,8 +106,8 @@ export const useAuthStore = create<AuthState>((set, get) => ({
},
logout: () => {
Taro.removeStorageSync('access_token');
Taro.removeStorageSync('refresh_token');
secureRemove('access_token');
secureRemove('refresh_token');
Taro.removeStorageSync('user');
Taro.removeStorageSync('current_patient');
Taro.removeStorageSync('current_patient_id');