CN-121984738-A - Cross-platform non-invasive front-end data request secure encryption method

Abstract

The invention relates to a cross-platform non-invasive front end data request secure encryption method, which belongs to the technical field of front end secure communication, and comprises the steps of detecting a terminal environment of a client by a security component to identify the terminal environment, judging the current terminal environment as a browser environment or a WeChat applet environment, and realizing detection adaptation of the terminal environment; and the security component calls the request interceptor to perform the bottom API interception agent on the front-end data request and the server response data and execute the security encryption and decryption and anti-replay processing. The method of the invention can improve the development and test efficiency, reduce the risk of influencing the normal business process, increase the safety protection coverage of the front-end request and reduce the safety blind area.

Inventors

• LIN YANG

Assignees

• 天翼物联科技有限公司

Dates

Publication Date

20260505

Application Date

20260127

Claims (10)

1. 1. A method for securely encrypting a cross-platform non-invasive front end data request, comprising: S1, a service end introduces a security component, the security component detects the terminal environment of a client to distinguish the terminal environment, judges the current terminal environment as a browser environment or a WeChat applet environment, executes a corresponding wasm file loading strategy according to the type of the terminal environment, uniformly encapsulates an API and requests interception initialization of a bottom API, and realizes detection adaptation of the terminal environment; S2, setting corresponding types of request interceptors according to the detected terminal environment and data request modes, wherein the request modes of the browser side comprise XHR requests, fetchAPI requests, SSE requests and WebSocket requests, and corresponding types of request interceptors are respectively set; s3, the security component calls a request interceptor, performs a bottom API interception agent on front-end data request and server response data, and performs security encryption and decryption and anti-replay processing, including: When a client sends a data request, a request interceptor of a type corresponding to the data request is utilized to package a primary data request, an observable proxy object is created, webAssembly instantiations are executed at a service end, paths and request parameters in a URL are acquired, a security component encryption function in a before hook is called, token injection is executed, a WebAssembly technology is adopted to encrypt parameters, the encrypted parameters are sent to a service end, and response data is acquired; And executing WebAssembly ciphertext decryption and token refreshing on the response data by calling a security component decryption function in the after hook, and executing subsequent processing by taking the decrypted response data as parameters through a service code callback.
2. 2. The method for safely encrypting the cross-platform non-invasive front end data request according to claim 1, wherein in S1, when the terminal environment is judged to be a browser environment, HTMLSCRIPT tags are introduced and configuration attributes of the tags are analyzed, the browser environment is initialized, a wasm file loading strategy is adopted for FetchAPI streaming loading, and a storage unified interface localStorage synchronous API is utilized for initializing and packaging various types of request interceptors at a browser end.
3. 3. The method for securely encrypting the cross-platform non-invasive front end data request according to claim 1, wherein in S1, when the terminal environment is judged to be the applet environment, main.js is introduced, a security component is required to be loaded, a wx.isMiniProgram method is called for detection, the applet environment is initialized, a wasm file loading strategy is adopted for loading wx.downloadFile and wx.loadWasm, and a storage unified interface wx.setstorage asynchronous API is utilized for initializing and rewriting various types of request interceptors of the WeChat applet end.
4. 4. The method for secure encryption of cross-platform non-invasive front end data requests according to claim 1, wherein in S3, the data requests and the transmission data in the URL are symmetrically encrypted using SM4 encryption algorithm using WebAssembly technology, wherein the key and initialization vector of the symmetric encryption algorithm are randomly generated at the client, and the encryption is performed by the public key using SM2 asymmetric encryption algorithm.
5. 5. The method for encrypting the cross-platform non-invasive front end data request safely according to claim 1, wherein in S3, after the replay prevention function is started, token interfaces are obtained in batches and stored in the client, each time the client sends a data request, one token is consumed and used as an encryption parameter, the server receives the data request, and when the response is returned, a new token is carried in a return body and is supplemented to the client.
6. 6. The method for encrypting the cross-platform non-invasive front end data request according to claim 1, wherein in S3, when the browser sends an XHR request, a xhook wrapper is used for wrapping a native XMLHttpRequest request, an open/send method is rewritten, before the original method is executed, a security component encryption function in a before hook is called, token injection and security verification are executed, parameters are encrypted and then sent to the server, a onreadystatechange method is rewritten, a security component decryption function in the after hook is called, ciphertext decryption is executed, token refreshing and data formatting are executed, and decrypted response data is returned to a service code as callback parameters to execute subsequent processing.
7. 7. The method for securely encrypting a cross-platform non-invasive front-end data request according to claim 1, wherein in S3, when a browser sends FetchApi requests, an xhook wrapper is used to wrap native fetch requests, functions in a before hook and an after hook are wrapped into Promise functions and chained calls are performed; And transmitting the request parameters to a security component encryption function in an execution before hook, executing Token injection, after parameter encryption, calling the encryption parameters as parameters to an actual Fetch function to send a request, continuously executing the next method after the asynchronous request returns, calling a security component decryption function in the after hook to execute ciphertext decryption, executing Token refreshing and data formatting, and calling the next method to execute subsequent processing by taking the decrypted response data as parameter calling service codes.
8. 8. The method for safely encrypting the cross-platform non-invasive front end data request according to claim 1, wherein in S3, when the browser sends an SSE request, an SSE interceptor is utilized to package a primary EventSource object, obtain a path and a request parameter in URL, a security component encryption function in a before hook is called, token injection and parameter encryption are executed, the encrypted parameters are encoded into the agreed parameters of the URL, and the parameters are processed by the server; when onmessage event monitoring function of SSE request is triggered, a security component decryption function in the after hook is called, ciphertext decryption and token refreshing are executed, the token and decryption key are placed in a return body, the return body is decrypted by JS end decryption function transfer WebAssembly, and then the decrypted return body is used as a parameter to execute subsequent processing by service code callback.
9. 9. The method for safely encrypting the cross-platform non-invasive front-end data request according to claim 1, wherein in S3, when a browser sends a WebSocket request, a WebSocket interceptor is used for packaging a native WebSocket object, obtaining a path and a request parameter in a URL, a safety component encryption function in a beforeConnect hook is called, token injection is executed, handshake parameter encryption is carried out, the encrypted parameter is encoded into a handshake request header, and the handshake request header is processed by a server; When the service end calls websocket.send () to send message, the safety component encryption function in beforeSend hook is called to encrypt the message body in real time, when onmessage event monitoring function of WebSocket is triggered, the safety component decryption function in AFTERMESSAGE hook is called to execute ciphertext decryption and token refresh, the token and decryption key are placed in the message body, decrypted by JS end decryption function transfer WebAssembly, and then the decrypted message body is used as parameter to execute subsequent processing by service code callback.
10. 10. The method for securely encrypting a cross-platform non-invasive front-end data request according to claim 1, wherein in S3, when a WeChat applet end sends a wx.request, the wx.request method is rewritten by using a wrapper native wx.request API, request configuration parameters are obtained, a secure component encryption function in a before hook is called, token injection is performed, and an actual wx.request sending request is called after parameter encryption; When the request is successfully returned, triggering a callback function configured in the success parameter of the wx.request, packaging the callback function by a security component, calling a security component decryption function in an after hook, executing ciphertext decryption and token refreshing, transmitting a decrypted message body as a parameter to the callback function configured in the real success parameter, and executing subsequent processing.

Description

Cross-platform non-invasive front-end data request secure encryption method Technical Field The invention belongs to the technical field of front-end secure communication, and particularly relates to a cross-platform non-invasive front-end data request secure encryption method. Background With the development and popularization of Web technology and mobile terminal applications, more and more IT systems are constructed by selecting B/S architecture and mobile terminal application modes. For example, the terminal application of the internet of things system often adopts a combination of a management background based on a browser B/S architecture and a mobile terminal application based on a WeChat applet. At the same time, the front-end data security problem is also increasingly prominent. The conventional front-end request security encryption scheme often has the following technical defects when accessing such a system: 1. Business invasiveness is strong Existing secure encryption schemes typically require deep adaptation of the business layer, and developers must modify a large number of business codes to integrate the security functions. The strong invasiveness causes that the service side needs to reconstruct the relevant codes of the network request, the reconstruction cost is high, the security logic is deeply coupled with the service logic, and the security component upgrade can affect the service stability. 2. Strong frame dependency Existing security schemes tend to bind with a particular front end framework. For the front-end frameworks such as Vue/act/Angular and the like used by the service side and the popular front-end request libraries such as Axios/jQuery and the like, the adaptive versions need to be developed respectively. Once the service side changes the framework or upgrades the front-end framework and the front-end request library, the security component may fail, an adapted version needs to be developed, and the migration cost is high. 3. Request mode coverage is narrow The existing security scheme only covers the common XMLHttpRequest (XHR) request mode, and the support for the diversified communication modes in the modern front-end development is insufficient. For the newer FetchAPI, webSocket full duplex communication, server-SENTEVENTS (SSE) Server data stream pushing commonly used in artificial intelligent dialogue scene, and the wx.request used in the WeChat applet environment, the request modes are not included in the encryption range of the security component, and the comprehensive front-end request security protection cannot be provided. 4. Poor cross-platform compatibility Different terminal environments (browser/applet) employ different network APIs, and it is difficult for existing solutions to achieve uniform security protection. Therefore, the development cost is high, the security module needs to be independently developed for each platform, the maintenance cost is high, and the version management and the upgrading are difficult. Particularly, for cross-platform development frameworks such as uni-app/Taro and the like, a set of small program/H5 isomorphic application for code development is used, environments need to be distinguished, security modules of different platforms are introduced, and development and maintenance complexity is increased. 5. The encryption and decryption process has poor security and low performance The existing security scheme uses a front-end encryption and decryption method realized by traditional JavaScript, and source codes are exposed at a browser end and are easy to crack even though the encryption is confused. The JS calculation efficiency is low, the encryption process is blocked by the single thread, interface jamming is easy to cause, and user experience is affected. Disclosure of Invention In view of the shortcomings of the prior art, the invention aims to provide a cross-platform non-invasive front end data request secure encryption method, which can improve development and test efficiency, reduce risks affecting normal business processes, increase front end request secure protection coverage and reduce secure blind areas. The invention provides a cross-platform non-invasive front end data request secure encryption method, which comprises the following steps: S1, a service end introduces a security component, the security component detects the terminal environment of a client to distinguish the terminal environment, judges the current terminal environment as a browser environment or a WeChat applet environment, executes a corresponding wasm file loading strategy according to the type of the terminal environment, uniformly encapsulates an API and requests interception initialization of a bottom API, and realizes detection adaptation of the terminal environment; S2, setting corresponding types of request interceptors according to the detected terminal environment and data request modes, wherein the request modes of the browser side compr