1

src/api/login/index.ts

@@ -2,7 +2,7 @@ import request from '/@/utils/request';
 import { Session } from '/@/utils/storage';
 import { validateNull } from '/@/utils/validate';
 import { useUserInfo } from '/@/stores/userInfo';
-import other from '/@/utils/other';
+import other, { sm2Encrypt } from '/@/utils/other';
 
 /**
  * https://www.ietf.org/rfc/rfc6749.txt
@@ -10,6 +10,11 @@ import other from '/@/utils/other';
  */
 const FORM_CONTENT_TYPE = 'application/x-www-form-urlencoded';
 
+/** 登录是否使用 SM2 加密密码（需后端配置 SM2 私钥并支持 Enc-Flag: sm2） */
+const LOGIN_SM2_ENABLE = import.meta.env.VITE_LOGIN_SM2_ENABLE === 'true';
+/** SM2 公钥（十六进制，与后端私钥成对），用于前端加密密码 */
+const SM2_PUBLIC_KEY = import.meta.env.VITE_SM2_PUBLIC_KEY || '';
+
 // 登录方式
 export enum LoginTypeEnum {
 	PASSWORD,
@@ -47,8 +52,15 @@ export enum SocialLoginEnum {
 export const login = (data: any) => {
 	const basicAuth = 'Basic ' + window.btoa(import.meta.env.VITE_OAUTH2_PASSWORD_CLIENT);
 	Session.set('basicAuth', basicAuth);
-	// 密码加密
-	const encPassword = other.encryption(data.password, import.meta.env.VITE_PWD_ENC_KEY);
+	let encPassword: string;
+	let encFlag: string;
+	if (LOGIN_SM2_ENABLE && SM2_PUBLIC_KEY) {
+		encPassword = sm2Encrypt(data.password, SM2_PUBLIC_KEY);
+		encFlag = 'sm2';
+	} else {
+		encPassword = other.encryption(data.password, import.meta.env.VITE_PWD_ENC_KEY);
+		encFlag = 'false';
+	}
 	const { username, randomStr, code, grant_type, scope } = data;
 	return request({
 		url: '/auth/oauth2/token',
@@ -59,7 +71,7 @@ export const login = (data: any) => {
 			skipToken: true,
 			Authorization: basicAuth,
 			'Content-Type': FORM_CONTENT_TYPE,
-			"Enc-Flag": "false",
+			'Enc-Flag': encFlag,
 		},
 	});
 };