Crypto-js 和 Express 如何防止 crypto-js 在加密的 ID 中添加斜杠以防止服务器将其作为新的子路由读取?
[英]Crypto-js and Express How can I prevent crypto-js from adding slashes into encrypted IDs to prevent server from reading it as a new sub route?
问题描述
I am encrypting a user id using crypto-js to send it via url like the following for the user to validate it on click:
我正在使用crypto-js加密用户 ID,以便通过 url 发送它,如下所示,以便用户在点击时验证它:
http://localhost:3000/api/customer/activate/U2FsdGVkX1DXzzLuf9TgBf31Mc2V/QBVAN05PovlNM
This is the encrypted user id:这是加密的用户 ID:
U2FsdGVkX1DXzzLuf9TgBf31Mc2V/QBVAN05PovlNM
Using crypto-js encrypt :使用 crypto-js encrypt :
crypto.AES.encrypt(term.toString(), config.CRYPTO_PASSPHRASE_RES).toString(crypto.enc.Utf8)
When I run the API, it return route not found , and when I remove / from the encrypted user id, it worked.当我运行 API 时,它返回route not found ,当我从加密的用户 ID 中删除/时,它起作用了。
How can I prevent crypto-js from adding / into encrypted IDs?如何防止 crypto-js 将/添加到加密的 ID 中?
1 个解决方案
解决方案1
1 已采纳 2020-07-20 06:00:15
The solution was to use encodeURIComponent() and then decodeURIComponent() like the following:解决方案是使用encodeURIComponent()然后decodeURIComponent()如下所示:
encodeURIComponent(crypto.AES.encrypt(term.toString(), config.CRYPTO_PASSPHRASE_RES).toString());
It will replace / into something else.它将/替换成别的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.