perf: 解决非本地环境必须使用https访问的问题

codeyunze · codeyunze · commit abab7409c26a · 2026-03-30T10:50:49.000+08:00
diff --git a/web/playground/src/store/auth.ts b/web/playground/src/store/auth.ts
@@ -42,10 +42,10 @@ export const useAuthStore = defineStore('auth', () => {
     let userInfo: null | UserInfo = null;
     try {
       loginLoading.value = true;
+
       const username = String(params?.username ?? '');
       const password = String(params?.password ?? '');
 
-      // 获取 RSA 临时公钥，前端加密后提交，避免明文密码上传
       const rsa = await getLoginRsaKeyApi();
       const encryptedPassword = await rsaOaepEncryptBase64(
         rsa.publicKey,
@@ -56,7 +56,6 @@ export const useAuthStore = defineStore('auth', () => {
         ...params,
         encryptedPassword,
         keyId: rsa.keyId,
-        // 不发送明文 password
         password: undefined,
         username,
       });
@@ -90,6 +89,21 @@ export const useAuthStore = defineStore('auth', () => {
           });
         }
       }
+    } catch (e: unknown) {
+      const isAxios =
+        typeof e === 'object' &&
+        e !== null &&
+        'isAxiosError' in e &&
+        (e as { isAxiosError?: boolean }).isAxiosError === true;
+      // Axios 错误通常已由请求拦截器 message.error，避免重复弹窗
+      if (!isAxios) {
+        notification.error({
+          message: '登录失败',
+          description: e instanceof Error ? e.message : String(e),
+          duration: 6,
+        });
+      }
+      throw e;
     } finally {
       loginLoading.value = false;
     }
diff --git a/web/playground/src/utils/rsa-oaep.ts b/web/playground/src/utils/rsa-oaep.ts
@@ -1,3 +1,10 @@
+/**
+ * 与后端 `cryptography` RSA-OAEP-SHA256（MGF1-SHA256、label 空）对齐的加密。
+ * - 安全上下文下优先用 Web Crypto（性能更好）
+ * - 纯 HTTP + 非 localhost 时无 crypto.subtle，使用 node-forge 纯 JS 实现，仍为非明文传输
+ */
+import forge from 'node-forge';
+
 function pemToArrayBuffer(pem: string): ArrayBuffer {
   const b64 = pem
     .replaceAll(/-----(BEGIN|END) PUBLIC KEY-----/g, '')
@@ -19,7 +26,19 @@ function arrayBufferToBase64(buf: ArrayBuffer): string {
   return btoa(binary);
 }
 
-export async function rsaOaepEncryptBase64(
+function rsaOaepEncryptForgeBase64(publicKeyPem: string, plaintext: string): string {
+  const publicKey = forge.pki.publicKeyFromPem(publicKeyPem);
+  const encoded = forge.util.encodeUtf8(plaintext);
+  const encrypted = publicKey.encrypt(encoded, 'RSA-OAEP', {
+    md: forge.md.sha256.create(),
+    mgf1: {
+      md: forge.md.sha256.create(),
+    },
+  });
+  return forge.util.encode64(encrypted);
+}
+
+async function rsaOaepEncryptSubtleBase64(
   publicKeyPem: string,
   plaintext: string,
 ): Promise<string> {
@@ -39,3 +58,13 @@ export async function rsaOaepEncryptBase64(
   );
   return arrayBufferToBase64(encrypted);
 }
+
+export async function rsaOaepEncryptBase64(
+  publicKeyPem: string,
+  plaintext: string,
+): Promise<string> {
+  if (typeof globalThis.crypto?.subtle !== 'undefined') {
+    return rsaOaepEncryptSubtleBase64(publicKeyPem, plaintext);
+  }
+  return rsaOaepEncryptForgeBase64(publicKeyPem, plaintext);
+}
diff --git a/web/playground/src/views/_core/authentication/register.vue b/web/playground/src/views/_core/authentication/register.vue
@@ -101,7 +101,6 @@ async function handleSubmit(value: Recordable<any>) {
       username: String(value.username || ''),
       encryptedPassword,
       keyId: rsa.keyId,
-      // 不发送明文密码
       password: undefined,
     });
     message.success('注册成功，请登录');
