From fd994edf3e78cab76bf16a927700805c50a020d2 Mon Sep 17 00:00:00 2001 From: iven Date: Thu, 21 May 2026 22:34:14 +0800 Subject: [PATCH] =?UTF-8?q?fix(mp):=20=E5=AD=98=E5=82=A8=E5=B1=82=E8=AF=AD?= =?UTF-8?q?=E4=B9=89=E7=BB=9F=E4=B8=80=20+=20UTF-16=20=E6=88=AA=E6=96=AD?= =?UTF-8?q?=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - secureGet: 增加 TextEncoder/TextDecoder 替代 charCodeAt 避免 UTF-16 截断 - secureGet: _es_ 前缀键返回空时增加明文键 fallback(对齐 storageGet 语义) - request.ts safeGet / auth.ts storageGet: 简化为直接委托 secureGet --- apps/miniprogram/src/services/request.ts | 6 +----- apps/miniprogram/src/stores/auth.ts | 6 ++---- apps/miniprogram/src/utils/secure-storage.ts | 22 +++++++++----------- 3 files changed, 13 insertions(+), 21 deletions(-) diff --git a/apps/miniprogram/src/services/request.ts b/apps/miniprogram/src/services/request.ts index dc7444b..1789df8 100644 --- a/apps/miniprogram/src/services/request.ts +++ b/apps/miniprogram/src/services/request.ts @@ -21,11 +21,7 @@ const ERROR_CODE_MAP: Record = { }; function safeGet(key: string): string { - try { - return secureGet(key); - } catch { - return Taro.getStorageSync(key) || ''; - } + return secureGet(key); } // --- Concurrency limiter --- diff --git a/apps/miniprogram/src/stores/auth.ts b/apps/miniprogram/src/stores/auth.ts index 002c196..ecd4f57 100644 --- a/apps/miniprogram/src/stores/auth.ts +++ b/apps/miniprogram/src/stores/auth.ts @@ -4,11 +4,9 @@ import * as authApi from '@/services/auth'; import { secureGet, secureSet, secureRemove } from '@/utils/secure-storage'; import { clearRequestCache, markLoggingOut, clearLoggingOut, setCachedPatientId } from '@/services/request'; -// secureGet fallback: _es_ 加密键为空时尝试明文键(兼容 MCP 注入等场景) +// secureGet 已内置明文键 fallback,无需再手动 fallback function storageGet(key: string): string { - const val = secureGet(key); - if (val) return val; - return Taro.getStorageSync(key) || ''; + return secureGet(key); } import { resetAllStores } from './index'; diff --git a/apps/miniprogram/src/utils/secure-storage.ts b/apps/miniprogram/src/utils/secure-storage.ts index 70479a5..0e4b77c 100644 --- a/apps/miniprogram/src/utils/secure-storage.ts +++ b/apps/miniprogram/src/utils/secure-storage.ts @@ -12,11 +12,9 @@ function xorEncrypt(data: string, key: string): string { function toBase64(str: string): string { try { - const buffer = new Uint8Array(str.length); - for (let i = 0; i < str.length; i++) { - buffer[i] = str.charCodeAt(i); - } - return Taro.arrayBufferToBase64(buffer.buffer); + const encoder = new TextEncoder(); + const uint8 = encoder.encode(str); + return Taro.arrayBufferToBase64(uint8.buffer as ArrayBuffer); } catch { return ''; } @@ -25,12 +23,8 @@ function toBase64(str: string): string { function fromBase64(b64: string): string { try { const buffer = Taro.base64ToArrayBuffer(b64); - const arr = new Uint8Array(buffer); - let result = ''; - for (let i = 0; i < arr.length; i++) { - result += String.fromCharCode(arr[i]); - } - return result; + const decoder = new TextDecoder(); + return decoder.decode(new Uint8Array(buffer)); } catch { return ''; } @@ -55,7 +49,11 @@ export function secureSet(key: string, value: string): void { export function secureGet(key: string): string { const prefixedKey = STORAGE_PREFIX + key; const raw = Taro.getStorageSync(prefixedKey); - if (!raw || typeof raw !== 'string') return ''; + if (!raw || typeof raw !== 'string') { + // fallback: 尝试读取明文键(兼容 MCP 注入等场景) + const plain = Taro.getStorageSync(key); + return (plain && typeof plain === 'string') ? plain : ''; + } // 始终尝试 base64 解码 + XOR 解密(secureSet 的写入格式) try {