更新csrf防范、session设置

app/extend/helper.js

@@ -273,7 +273,7 @@ module.exports = {
 
         // 然后再验证是否有多余的数据
         const postData = this.ctx.request.body;
-        delete postData._csrf;
+        delete postData._csrf_j;
 
         const postDataKey = Object.keys(postData);
         const ruleKey = Object.keys(rule);

app/lib/analysis_excel.js

@@ -11,7 +11,7 @@ const _ = require('lodash');
 const colDefineType = {
     match: 1,
     pos: 2,
-}
+};
 const aeUtils = {
     toNumber: function (value) {
         let num = _.toNumber(value);
@@ -205,7 +205,7 @@ class ImportBaseTree {
         }
     }
 
-    _assignRelaField(temp, node) {
+    static _assignRelaField(temp, node) {
         _.assignInWith(temp, node,
             (objValue, srcValue, key) => { return ['name', 'unit'].indexOf(key) > -1 ? objValue : srcValue; });
     }
@@ -471,13 +471,13 @@ class AnalysisExcelTree {
         };
     }
 
-    _isMatch11(tempData) {
+    static _isMatch11(tempData) {
         return _.find(tempData, x => {
             return x.code.indexOf('-') > 0;
         })
     }
 
-    _isMatch18(tempData) {
+    static _isMatch18(tempData) {
         return _.every(tempData, x => {
             return !x.code || !!x.code.match(mainReg);
         });

app/public/js/change_approval.js

@@ -122,8 +122,8 @@ const postDataWithAsync = function (url, data, successCallback, errorCallBack, s
         async: false,
         timeout: 60000,
         beforeSend: function(xhr) {
-            let csrfToken = Cookies.get('csrfToken');
-            xhr.setRequestHeader('x-csrf-token', csrfToken);
+            let csrfToken = Cookies.get('csrfToken_j');
+            xhr.setRequestHeader('x-csrf-token_j', csrfToken);
         },
         success: function(result){
             if (result.err === 0) {

app/public/js/change_detail.js

@@ -204,7 +204,7 @@ $(document).ready(() => {
         const btn = $(this);
 
         $.ajax({
-            url: '/profile/code?_csrf=' + csrf,
+            url: '/profile/code?_csrf_j=' + csrf,
             type: 'post',
             data: { mobile: authMobile, type: 'shenpi' },
             dataTye: 'json',

app/public/js/change_information_approval.js

@@ -382,8 +382,8 @@ const postDataWithAsync = function (url, data, successCallback, errorCallBack, s
         async: false,
         timeout: 60000,
         beforeSend: function(xhr) {
-            let csrfToken = Cookies.get('csrfToken');
-            xhr.setRequestHeader('x-csrf-token', csrfToken);
+            let csrfToken = Cookies.get('csrfToken_j');
+            xhr.setRequestHeader('x-csrf-token_j', csrfToken);
         },
         success: function(result){
             if (result.err === 0) {

app/public/js/change_information_show.js

@@ -188,7 +188,7 @@ $(document).ready(() => {
         const btn = $(this);
 
         $.ajax({
-            url: '/profile/code?_csrf=' + csrf,
+            url: '/profile/code?_csrf_j=' + csrf,
             type: 'post',
             data: { mobile: authMobile, type: 'shenpi' },
             dataTye: 'json',

app/public/js/common_ajax.js

@@ -127,7 +127,7 @@ var CommonAjax = {
             async: isAsync,
             timeout: dftTimeOutMilSec,
             beforeSend: function (xhr) {
-                xhr.setRequestHeader('x-csrf-token', csrfToken);
+                xhr.setRequestHeader('x-csrf-token_j', csrfToken);
             },
             success: function(result){
                 if (result) {

app/public/js/draw.js

@@ -220,7 +220,7 @@ Draw.prototype = {
     formData.append('image', blob, 'sign');
 
     xhr.open('POST', url, true);
-    xhr.setRequestHeader("x-csrf-token", csrf);
+    xhr.setRequestHeader("x-csrf-token_j", csrf);
     xhr.onload = () => {
       if ((xhr.status >= 200 && xhr.status < 300) || xhr.status === 304) {
         success(xhr.responseText);

app/public/js/global.js

@@ -151,8 +151,8 @@ const postData = function (url, data, successCallback, errorCallBack, showWaitin
         cache: false,
         timeout: 60000,
         beforeSend: function(xhr) {
-            let csrfToken = Cookies.get('csrfToken');
-            xhr.setRequestHeader('x-csrf-token', csrfToken);
+            let csrfToken = Cookies.get('csrfToken_j');
+            xhr.setRequestHeader('x-csrf-token_j', csrfToken);
         },
         success: function(result){
             if (result.err === 0) {
@@ -200,8 +200,8 @@ const postDataCompress = function (url, data, successCallback, errorCallBack, ht
         cache: false,
         timeout: 80000, // 导入清单Excel（10w行）预计需要时间
         beforeSend: function(xhr) {
-            let csrfToken = Cookies.get('csrfToken');
-            xhr.setRequestHeader('x-csrf-token', csrfToken);
+            let csrfToken = Cookies.get('csrfToken_j');
+            xhr.setRequestHeader('x-csrf-token_j', csrfToken);
         },
         success: function(result){
             if (htype === 'progress') doneProgress();
@@ -260,8 +260,8 @@ const postDataWithFile = function (url, formData, successCallback, errorCallBack
         processData: false,
         timeout: 60000,
         beforeSend: function(xhr) {
-            let csrfToken = Cookies.get('csrfToken');
-            xhr.setRequestHeader('x-csrf-token', csrfToken);
+            let csrfToken = Cookies.get('csrfToken_j');
+            xhr.setRequestHeader('x-csrf-token_j', csrfToken);
         },
         success: function(result){
             if (result.err === 0) {
@@ -304,8 +304,8 @@ const postDataWithFileProgress = function (url, formData, successCallback, error
         // 告诉jQuery不要去处理发送的数据
         processData: false,
         beforeSend: function(xhr) {
-            let csrfToken = Cookies.get('csrfToken');
-            xhr.setRequestHeader('x-csrf-token', csrfToken);
+            let csrfToken = Cookies.get('csrfToken_j');
+            xhr.setRequestHeader('x-csrf-token_j', csrfToken);
         },
         success: function(result){
             doneProgress();

app/public/js/login.js

@@ -94,7 +94,7 @@ $(document).ready(function() {
                 dataType: 'json',
                 beforeSend: function(xhr) {
                     let csrfToken = csrf;
-                    xhr.setRequestHeader('x-csrf-token', csrfToken);
+                    xhr.setRequestHeader('x-csrf-token_j', csrfToken);
                 },
                 success: function (result) {
                     if (result.err === 1) {

app/public/js/profile.js

@@ -52,7 +52,7 @@ $(document).ready(function() {
             const btn = $(this);
 
             $.ajax({
-                url: '/profile/code?_csrf=' + csrf,
+                url: '/profile/code?_csrf_j=' + csrf,
                 type: 'post',
                 data: { mobile: mobile },
                 dataTye: 'json',
@@ -92,7 +92,7 @@ $(document).ready(function() {
                 return false;
             }
             $.ajax({
-                url: '/profile/bind?_csrf=' + csrf,
+                url: '/profile/bind?_csrf_j=' + csrf,
                 type: 'post',
                 data: { auth_mobile: mobile, code: code },
                 dataTye: 'json',

app/public/js/setting.js

@@ -84,8 +84,8 @@ $(document).ready(() => {
                     throw '网络错误!';
                 },
                 beforeSend: function(xhr) {
-                    let csrfToken = Cookies.get('csrfToken');
-                    xhr.setRequestHeader('x-csrf-token', csrfToken);
+                    let csrfToken = Cookies.get('csrfToken_j');
+                    xhr.setRequestHeader('x-csrf-token_j', csrfToken);
                     isChange = true;
                     btn.html('<i class="fa fa-spinner fa-pulse"></i>');
                 },

app/public/js/stage_audit.js

@@ -218,7 +218,7 @@ $(document).ready(function () {
         const btn = $(this);
 
         $.ajax({
-            url: '/profile/code?_csrf=' + csrf,
+            url: '/profile/code?_csrf_j=' + csrf,
             type: 'post',
             data: { mobile: authMobile, type: 'shenpi' },
             dataTye: 'json',

app/public/js/wap/global.js

@@ -24,8 +24,8 @@ const postData = function (url, data, successCallback, errorCallBack, showWaitin
         cache: false,
         timeout: 60000,
         beforeSend: function(xhr) {
-            let csrfToken = Cookies.get('csrfToken');
-            xhr.setRequestHeader('x-csrf-token', csrfToken);
+            let csrfToken = Cookies.get('csrfToken_j');
+            xhr.setRequestHeader('x-csrf-token_j', csrfToken);
         },
         success: function(result){
             if (result.err === 0) {

app/public/report/js/rpt_main.js

@@ -362,7 +362,7 @@ let zTreeOprObj = {
             params.needWaterMark = false;
         }
         $.bootstrapLoading.start();
-        CommonAjax.postXsrfEx("/tender/report_api/getReport", params, 300000, true, getCookie('csrfToken'),
+        CommonAjax.postXsrfEx("/tender/report_api/getReport", params, 300000, true, getCookie('csrfToken_j'),
             function(result){
                 $.bootstrapLoading.end();
                 let pageRst = result.data;
@@ -572,7 +572,7 @@ let rptControlObj = {
             if (chkNodes.length > 0) {
                 delete params.orientation; // 打印时有勾选的话，不需要提供方向
             }
-            CommonAjax.postXsrfEx("/tender/report_api/createExcelFilesInOneBook", params, WAIT_TIME_EXPORT, true, getCookie('csrfToken'), function(result){
+            CommonAjax.postXsrfEx("/tender/report_api/createExcelFilesInOneBook", params, WAIT_TIME_EXPORT, true, getCookie('csrfToken_j'), function(result){
                     if (result) {
                         let uuIdUrls = [];
                         let uuIdUrl =  "/getFileByUUID/" + result.data[0].uuid + "/" + stringUtil.replaceAll(result.data[0].reportName, "#", "_") + "/xlsx";
@@ -604,7 +604,7 @@ let rptControlObj = {
                 delete params.orientation; // 打印时有勾选的话，不需要提供方向
             }
 
-            CommonAjax.postXsrfEx("/tender/report_api/createExcelFiles", params, WAIT_TIME_EXPORT, true, getCookie('csrfToken'), function(result){
+            CommonAjax.postXsrfEx("/tender/report_api/createExcelFiles", params, WAIT_TIME_EXPORT, true, getCookie('csrfToken_j'), function(result){
                     if (result) {
                         let uuIdUrls = [];
                         for (let uuIdObj of result.data) {
@@ -699,7 +699,7 @@ let rptControlObj = {
                 } else {
                     params.needWaterMark = false;
                 }
-                CommonAjax.postXsrfEx("/tender/report_api/getMultiReports", params, WAIT_TIME_EXPORT, true, getCookie('csrfToken'),
+                CommonAjax.postXsrfEx("/tender/report_api/getMultiReports", params, WAIT_TIME_EXPORT, true, getCookie('csrfToken_j'),
                     function(result){
                         // closeWaitingView();
                         $.bootstrapLoading.end();

app/public/report/js/rpt_preview_common.js

@@ -29,7 +29,7 @@ function printPageLoading() {
     let closeWaterMark = parseInt(sessionStorage.closeWaterMark);
     let refRptTplIds = JSON.parse(sessionStorage.refRptTplIds);
     let scaleFactor = 1;
-    CommonAjax.postXsrfEx("/tender/report_api/getMultiReports", params, 60000, true, getCookie('csrfToken'),
+    CommonAjax.postXsrfEx("/tender/report_api/getMultiReports", params, 60000, true, getCookie('csrfToken_j'),
         function(result){
             const signatureRelArr = [];
             STAGE_AUDIT = result.stageAudit;

app/public/report/js/rpt_print.js

@@ -48,7 +48,7 @@ let rptPrintHelper = {
             } else {
                 params.needWaterMark = false;
             }
-            CommonAjax.postXsrfEx("/tender/report_api/getMultiReports", params, 60000, true, getCookie('csrfToken'),
+            CommonAjax.postXsrfEx("/tender/report_api/getMultiReports", params, 60000, true, getCookie('csrfToken_j'),
                 function(result){
                     const signatureRelArr = [];
                     for (const signatureRel of result.signatureRelInfo) {

app/public/report/js/rpt_signature.js

@@ -171,7 +171,7 @@ let rptSignatureHelper = {
             params.uid = userAcc.id;
             params.prj_id = PROJECT_ID;
             params.tender_id = TENDER_ID;
-            CommonAjax.postXsrfEx("/tender/report_api/updateSignatureUsed", params, 10000, true, getCookie('csrfToken'),
+            CommonAjax.postXsrfEx("/tender/report_api/updateSignatureUsed", params, 10000, true, getCookie('csrfToken_j'),
                 function(result){
                     console.log(result);
                     USED_LIST = result.data;
@@ -443,7 +443,7 @@ let rptSignatureHelper = {
         params.rel_content = ROLE_REL_LIST;
         params.selectedTenders = selectedTenders;
         rptSignatureHelper.originalRoleRelList = JSON.parse(JSON.stringify(ROLE_REL_LIST));
-        CommonAjax.postXsrfEx("/tender/report_api/updateMultiRoleRelationship", params, 10000, true, getCookie('csrfToken'),
+        CommonAjax.postXsrfEx("/tender/report_api/updateMultiRoleRelationship", params, 10000, true, getCookie('csrfToken_j'),
             function(result){
                 console.log(result);
                 if (result.data && result.data.insertId > 0) {
@@ -484,7 +484,7 @@ let rptSignatureHelper = {
         // rptSignatureHelper.originalRoleRelList = [];
         // rptSignatureHelper.originalRoleRelList = rptSignatureHelper.originalRoleRelList.concat(ROLE_REL_LIST);
         rptSignatureHelper.originalRoleRelList = JSON.parse(JSON.stringify(ROLE_REL_LIST));
-        CommonAjax.postXsrfEx("/tender/report_api/updateRoleRelationship", params, 10000, true, getCookie('csrfToken'),
+        CommonAjax.postXsrfEx("/tender/report_api/updateRoleRelationship", params, 10000, true, getCookie('csrfToken_j'),
             function(result){
                 console.log(result);
                 if (result.data && result.data.insertId > 0) {
@@ -513,7 +513,7 @@ let rptSignatureHelper = {
             params.bind_acc_id = selectedAcc.id;
             params.prj_id = PROJECT_ID;
             params.tender_id = TENDER_ID;
-            CommonAjax.postXsrfEx("/tender/report_api/createSignatureRole", params, 10000, true, getCookie('csrfToken'),
+            CommonAjax.postXsrfEx("/tender/report_api/createSignatureRole", params, 10000, true, getCookie('csrfToken_j'),
                 function(result){
                     console.log(result);
                     const newRole = {};

app/service/customer.js

@@ -121,7 +121,7 @@ module.exports = app => {
         async boot(postData) {
             const sessionUser = this.ctx.session.sessionUser;
 
-            delete postData._csrf;
+            delete postData._csrf_j;
             const result = await this.update(postData, { email: sessionUser.account });
 
             return result;

app/service/message.js

@@ -96,8 +96,8 @@ module.exports = app => {
          * @return {Boolean} - 返回修改结果
          */
         async save(id, data, user, projectId) {
-            if (data._csrf !== undefined) {
-                delete data._csrf;
+            if (data._csrf_j !== undefined) {
+                delete data._csrf_j;
             }
             if (id > 0) {
                 // 修改操作时

app/service/project_account.js

@@ -384,8 +384,8 @@ module.exports = app => {
          * @return {Boolean} - 返回修改结果
          */
         async save(data) {
-            if (data._csrf !== undefined) {
-                delete data._csrf;
+            if (data._csrf_j !== undefined) {
+                delete data._csrf_j;
             }
             const id = data.id !== undefined ? parseInt(data.id) : 0;
             if (id > 0) {
@@ -425,8 +425,8 @@ module.exports = app => {
          * @return {Boolean} - 返回修改结果
          */
         async saveInfo(data, id) {
-            if (data._csrf !== undefined) {
-                delete data._csrf;
+            if (data._csrf_j !== undefined) {
+                delete data._csrf_j;
             }
             data.id = parseInt(id);
             const operate = await this.db.update(this.tableName, data);
@@ -620,8 +620,8 @@ module.exports = app => {
          * @return {Boolean} - 返回权限修改结果
          */
         async permissionSave(id, data) {
-            if (data._csrf !== undefined) {
-                delete data._csrf;
+            if (data._csrf_j !== undefined) {
+                delete data._csrf_j;
             }
             const updateData = {
                 id,
@@ -650,8 +650,8 @@ module.exports = app => {
          * @return {Boolean} - 返回修改结果
          */
         async noticeTypeSet(id, data) {
-            if (data._csrf !== undefined) {
-                delete data._csrf;
+            if (data._csrf_j !== undefined) {
+                delete data._csrf_j;
             }
             const type = parseInt(data.type) === 1 ? 1 : 0; // 对应微信通知和短信通知设置
             delete data.type;

app/service/version.js

@@ -55,7 +55,7 @@ module.exports = app => {
         async save(data, id = 0) {
             id = parseInt(id);
             id = isNaN(id) ? 0 : id;
-            delete data._csrf;
+            delete data._csrf_j;
 
             if (id > 0) {
                 delete data.create_time;

app/view/account/index.ejs

@@ -144,7 +144,7 @@ $(document).ready(function() {
         }
 
         $.ajax({
-            url: '/project/account/permission/' + currentId + "?_csrf=<%= ctx.csrf %>",
+            url: '/project/account/permission/' + currentId + "?_csrf_j=<%= ctx.csrf %>",
             type: 'post',
             data: { permission: selectPermission.join(',') },
             error: function() {

app/view/advance/index.ejs

@@ -31,7 +31,7 @@
             <div class="ml-auto">
                 <% if(showAddBtn) { %>
                     <form action="<%- preUrl %>" method="POST">
-                        <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                        <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                         <button type="submit" class="btn btn-primary btn-sm">开始新一期</button>
                     </form>
                     <!-- <a id="advance_add" href="" class="btn btn-primary btn-sm pull-right"></a> -->

app/view/advance/modal_audit.ejs

@@ -400,7 +400,7 @@
                     </div>
                     <div class="modal-footer">
                         <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                        <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                        <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                         <input type="hidden" name="checkType" value="<%= auditConst.status.checked %>" />
                         <button type="submit" class="btn btn-success btn-sm">确认通过</button>
                     </div>
@@ -635,7 +635,7 @@
                     </div>
                     <div class="modal-footer">
                         <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                        <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                        <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                         <button type="submit" class="btn btn-warning btn-sm">确认退回</button>
                     </div>
                 </form>

app/view/boot/index.ejs

@@ -76,7 +76,7 @@
                                 </div>
                             </div>
                             <div class="form-group">
-                                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>"/>
+                                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>"/>
                                 <button class="btn btn-primary btn-sm btn-block" type="submit">下一步</button>
                             </div>
                         </form>

app/view/change/info.ejs

@@ -188,7 +188,7 @@
             <div class="sjs-height-0 container-fluid">
             <!--变更信息-->
             <% if (auditStatus === 1 || auditStatus === 2) { %>
-            <form action="/tender/<%- change.tid %>/change/save?_csrf=<%= ctx.csrf %>" method="post" id="change_form">
+            <form action="/tender/<%- change.tid %>/change/save?_csrf_j=<%= ctx.csrf %>" method="post" id="change_form">
                 <div class="row">
                     <div class="col-md-4">
                         <div class="form-group">

app/view/change/info_modal.ejs

@@ -430,7 +430,7 @@
     <!--审批通过-->
     <div class="modal fade sp-location-list" id="sp-done" data-backdrop="static">
         <div class="modal-dialog modal-lg" role="document">
-            <form class="modal-content" action="/tender/<%- tender.id %>/change/approval?_csrf=<%= ctx.csrf %>" method="post" id="success-approval">
+            <form class="modal-content" action="/tender/<%- tender.id %>/change/approval?_csrf_j=<%= ctx.csrf %>" method="post" id="success-approval">
                 <div class="modal-header">
                     <h5 class="modal-title">审批通过</h5>
                 </div>
@@ -666,7 +666,7 @@
     <!--审批退回-->
     <div class="modal fade sp-location-list" id="sp-back" data-backdrop="static">
         <div class="modal-dialog modal-lg" role="document">
-            <form class="modal-content" action="/tender/<%- tender.id %>/change/approval?_csrf=<%= ctx.csrf %>" method="post" id="fail-approval">
+            <form class="modal-content" action="/tender/<%- tender.id %>/change/approval?_csrf_j=<%= ctx.csrf %>" method="post" id="fail-approval">
                 <div class="modal-header">
                     <h5 class="modal-title">审批退回</h5>
                 </div>
@@ -974,7 +974,7 @@
             </div>
             <div class="modal-footer">
                 <input type="hidden" name="cid" value="<%= change.cid %>">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                 <button type="button" id="re-shenpi-btn" class="btn btn-warning btn-sm" <% if (ctx.session.sessionUser.loginStatus === 0) { %>disabled<% } %>>确定重审</button>
             </div>
@@ -1089,7 +1089,7 @@
         data.code = code;
         <% } %>
         $.ajax({
-            url: '/tender/<%- tender.id %>/change/check/again?_csrf=' + csrf,
+            url: '/tender/<%- tender.id %>/change/check/again?_csrf_j=' + csrf,
             type: 'post',
             data: data,
             dataTye: 'json',

app/view/change/information.ejs

@@ -96,7 +96,7 @@
                     <div class="tab-pane active" id="bgxinxi">
                         <div class="sjs-sh-1" style="overflow-y: auto;">
                             <% if (auditStatus === 1 || auditStatus === 2) { %>
-                            <form class="p-2" action="/tender/<%- change.tid %>/change/<%- change.cid %>/information/save?_csrf=<%= ctx.csrf %>" method="post" id="change_form">
+                            <form class="p-2" action="/tender/<%- change.tid %>/change/<%- change.cid %>/information/save?_csrf_j=<%= ctx.csrf %>" method="post" id="change_form">
                                 <div class="form-group">
                                     <label><b class="text-danger">*&nbsp;</b>申请编号</label>
                                     <a href="javascript:void(0);" class="pull-right reduction-code" data-toggle="tooltip" data-placement="bottom" title="" data-code="<%- change.code %>" data-original-title="重置"><i class="fa fa-repeat"></i></a>

app/view/change/information_modal.ejs

@@ -93,7 +93,7 @@
             </div>
             <form class="modal-footer" method="post" action="<%- preUrl %>/audit/start" onsubmit="return checkChangeFrom()">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <button type="submit" class="btn btn-primary btn-sm">确认上报</button>
             </form>
         </div>
@@ -280,7 +280,7 @@
                 </div>
                 <form class="modal-footer" method="post" action="<%- preUrl %>/audit/start" onsubmit="return checkChangeFrom()">
                     <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                    <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                    <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                     <button type="submit" class="btn btn-primary btn-sm">确认上报</button>
                 </form>
             </div>
@@ -424,7 +424,7 @@
     <!--审批通过-->
     <div class="modal fade sp-location-list" id="sp-done" data-backdrop="static">
         <div class="modal-dialog modal-lg" role="document">
-            <form class="modal-content" action="/tender/<%- tender.id %>/change/approval?_csrf=<%= ctx.csrf %>" method="post" id="success-approval">
+            <form class="modal-content" action="/tender/<%- tender.id %>/change/approval?_csrf_j=<%= ctx.csrf %>" method="post" id="success-approval">
                 <div class="modal-header">
                     <h5 class="modal-title">审批通过</h5>
                 </div>
@@ -660,7 +660,7 @@
     <!--审批退回-->
     <div class="modal fade sp-location-list" id="sp-back" data-backdrop="static">
         <div class="modal-dialog modal-lg" role="document">
-            <form class="modal-content" action="/tender/<%- tender.id %>/change/approval?_csrf=<%= ctx.csrf %>" method="post" id="fail-approval">
+            <form class="modal-content" action="/tender/<%- tender.id %>/change/approval?_csrf_j=<%= ctx.csrf %>" method="post" id="fail-approval">
                 <div class="modal-header">
                     <h5 class="modal-title">审批退回</h5>
                 </div>
@@ -968,7 +968,7 @@
             </div>
             <div class="modal-footer">
                 <input type="hidden" name="cid" value="<%= change.cid %>">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                 <button type="button" id="re-shenpi-btn" class="btn btn-warning btn-sm" <% if (ctx.session.sessionUser.loginStatus === 0) { %>disabled<% } %>>确定重审</button>
             </div>
@@ -1084,7 +1084,7 @@
         data.code = code;
         <% } %>
         $.ajax({
-            url: '/tender/<%- tender.id %>/change/check/again?_csrf=' + csrf,
+            url: '/tender/<%- tender.id %>/change/check/again?_csrf_j=' + csrf,
             type: 'post',
             data: data,
             dataTye: 'json',

app/view/change/modal.ejs

@@ -10,7 +10,7 @@
             </div>
             <form class="modal-footer" action="/tender/<%- tender.id %>/change/delete" method="post">
                 <input type="hidden" name="cid" id="delete-cid" value="">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">取消</button>
                 <button type="submit" class="btn btn-danger btn-sm">确定删除</button>
             </form>

app/view/dashboard/msg_add.ejs

@@ -27,7 +27,7 @@
                     <div class="col-3 bd-toc">
                         <div class="card">
                             <div class="card-body">
-                                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                                 <% if (msgInfo.id === undefined) { %>
                                     <button type="submit" class="btn btn-primary">确认添加</button>
                                 <% } else { %>

app/view/ledger/audit_modal.ejs

@@ -183,7 +183,7 @@
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <input type="hidden" name="checkType" value="<%= auditConst.status.checked %>" />
                 <button type="submit" class="btn btn-success btn-sm">确认通过</button>
             </div>
@@ -378,7 +378,7 @@
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <input type="hidden" name="checkType" value="<%= auditConst.status.checkNo %>" />
                 <button type="submit" class="btn btn-warning btn-sm">确认退回</button>
             </div>
@@ -561,7 +561,7 @@
                 </div>
             </div>
             <form class="modal-footer" method="post" action="<%- preUrl %>/ledger/audit/start" onsubmit="return checkAuditorFrom()">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                 <% if(tender.ledger_status === auditConst.status.checkNo && ctx.session.sessionUser.accountId === tender.user_id) { %>
                     <button class="btn btn-primary btn-sm sp-list-item" type="submit">确认上报</button>

app/view/ledger/explode_modal.ejs

@@ -151,7 +151,7 @@
             </div>
             <form class="modal-footer" method="post" action="<%- preUrl %>/ledger/audit/start" name="audit-start">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <button class="btn btn-primary btn-sm" type="submit" >确认上报</button>
             </form>
         </div>
@@ -334,7 +334,7 @@
                 </div>
             </div>
             <form class="modal-footer" method="post" action="<%- preUrl %>/ledger/audit/start" name="audit-start">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                 <% if(tender.ledger_status === auditConst.status.checkNo && ctx.session.sessionUser.accountId === tender.user_id) { %>
                     <button class="btn btn-primary btn-sm sp-list-item" type="submit">确认上报</button>

app/view/login/login.ejs

@@ -68,7 +68,7 @@
                     </div>
                     <div class="form-group">
                         <button class="btn btn-primary btn-block" type="submit">登录</button>
-                        <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                        <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                         <input type="hidden" name="type" value="2" />
                     </div>
                     <div class="pt-1 d-flex justify-content-end">

app/view/login/login_port.ejs

@@ -44,7 +44,7 @@
                             <h5>单位：<span class="text-danger"><%- accountData.company %></span></h5>
                             <h5>职称：<span class="text-danger"><%- accountData.role %></span></h5>
                             <div class="form-group mt-4">
-                                <input type="hidden" value="<%= ctx.csrf %>" name="_csrf" >
+                                <input type="hidden" value="<%= ctx.csrf %>" name="_csrf_j" >
                                 <input type="hidden" value="3" name="type" >
                                 <input type="hidden" value="<%= projectData.code %>" name="code" >
                                 <input type="hidden" value="<%= accountData.id %>" name="accountId" >

app/view/material/audit_modal.ejs

@@ -59,7 +59,7 @@
             </div>
             <form class="modal-footer" method="post" action="<%- preUrl %>/audit/start" onsubmit="return checkAuditorFrom()">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <button class="btn btn-primary btn-sm" type="submit">确认上报</button>
             </form>
         </div>
@@ -242,7 +242,7 @@
                 </div>
             </div>
             <form class="modal-footer" method="post" action="<%- preUrl %>/audit/start" onsubmit="return checkAuditorFrom()">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                 <% if(ctx.material.status === auditConst.status.checkNo && ctx.session.sessionUser.accountId === ctx.material.user_id) { %>
                     <button class="btn btn-primary btn-sm sp-list-item" type="submit">确认上报</button>
@@ -437,7 +437,7 @@
                     </div>
                     <div class="modal-footer">
                         <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                        <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                        <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                         <input type="hidden" name="checkType" value="<%= auditConst.status.checked %>" />
                         <button type="submit" class="btn btn-success btn-sm">确认通过</button>
                     </div>
@@ -672,7 +672,7 @@
                     </div>
                     <div class="modal-footer">
                         <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                        <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                        <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                         <button type="submit" class="btn btn-warning btn-sm">确认退回</button>
                     </div>
                 </form>

app/view/material/modal.ejs

@@ -27,7 +27,7 @@
                 </div>
             </div>
             <div class="modal-footer">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <input type="hidden" name="s_order" value="" id="s_order" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                 <button type="submit" id="addMaterial" class="btn btn-primary btn-sm">确定添加</button>
@@ -50,7 +50,7 @@
             </div>
             <div class="modal-footer">
                 <input type="hidden" name="material_id" value="<%= materials[0].id %>">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">取消</button>
                 <button type="submit" class="btn btn-danger btn-sm">确定删除</button>
             </div>

app/view/measure/audit_modal.ejs

@@ -30,7 +30,7 @@
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <input type="hidden" name="mid" value="<%- measure.mid %>" />
                 <input type="hidden" name="checkType" value="<%= auditConst.status.checked %>" />
                 <button type="submit" class="btn btn-success btn-sm" >确认通过</button>
@@ -69,7 +69,7 @@
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <input type="hidden" name="mid" value="<%- measure.mid %>" />
                 <input type="hidden" name="checkType" value="<%= auditConst.status.checkNo %>" />
                 <button type="submit" class="btn btn-warning btn-sm" >确认退回</button>

app/view/measure/stage_modal.ejs

@@ -39,7 +39,7 @@
                 </div>
             </div>
             <div class="modal-footer">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                 <button type="submit" class="btn btn-primary btn-sm" id="add-stage-btn">确定添加</button>
             </div>
@@ -95,7 +95,7 @@
                 </div>
             </div>
             <div class="modal-footer">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <input type="hidden" name="order" id="edit-order" value="<%- stages[0].order %>">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                 <button type="submit" class="btn btn-primary btn-sm" id="edit-ok" >确定修改</button>

app/view/profile/info.ejs

@@ -18,7 +18,7 @@
                             <input-text label="角色/职称" value="<%= accountData.role %>" name="role"></input-text>
                             <input-text label="手机" value="<%= accountData.mobile %>" name="mobile" maxlength="11" :readonly="<%= accountData.bind === 1 %>" msg="已绑定第三方平台，无法修改"></input-text>
                             <input-text label="电话" value="<%= accountData.telephone %>" name="telephone"></input-text>
-                            <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                            <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                             <button type="submit" class="btn btn-primary btn-sm" id="base-submit">确认修改</button>
                         </form>
                     </div>

app/view/profile/safe.ejs

@@ -16,7 +16,7 @@
                                 <input-text label="旧密码" password="true" name="password"></input-text>
                                 <input-text label="新密码" password="true" name="new_password" id="new_password"></input-text>
                                 <input-text label="确认新密码" password="true" name="confirm_password"></input-text>
-                                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                                 <button type="submit" class="btn btn-primary btn-sm" id="modify-password">修改密码</button>
                             <% } else { %>
                                 <p>SSO用户请到<a href="#">此处</a>修改密码</p>

app/view/profile/sms.ejs

@@ -37,7 +37,7 @@
                         <div class="form-group">
                             <div class="input-group mb-3">
                                 <input class="form-control form-control-sm" type="text" readonly="readonly" name="code" placeholder="输入短信中的6位验证码" />
-                                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                             </div>
                         </div>
                         <button type="button" class="btn btn-secondary btn-sm disabled" id="bind-btn">确认绑定</button>
@@ -48,7 +48,7 @@
                         <h4>通知类型</h4>
                         <p class="text-muted">勾选您需要接收的短信类型。</p>
                         <form id="sms-form" method="post" action="/profile/sms/type?csrf=<%- ctx.csrf %>">
-                            <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                            <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                             <% const user_smsType = accountData.sms_type !== '' ? JSON.parse(accountData.sms_type) : null; %>
                             <% for (const s in smsType) { %>
                             <% if (smsType[s].sms) { %>

app/view/profile/wechat.ejs

@@ -34,7 +34,7 @@
                         <h4>通知类型</h4>
                         <p class="text-muted">勾选您需要接收的微信类型。</p>
                         <form id="sms-form" method="post" action="/profile/sms/type">
-                            <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                            <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                             <% const user_wxType = accountData.wx_type !== '' ? JSON.parse(accountData.wx_type) : null; %>
                             <% for (const s in smsType) { %>
                             <% if (smsType[s].wechat) { %>

app/view/profile/wechat_modal.ejs

@@ -13,7 +13,7 @@
                 <h6>解绑后无法在微信接收通知。</h6>
             </div>
             <div class="modal-footer">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <button type="button" class="btn btn-sm btn-secondary" data-dismiss="modal">取消</button>
                 <button type="submit" class="btn btn-sm btn-primary">确定解绑</button>
             </div>

app/view/project/info.ejs

@@ -35,7 +35,7 @@
                         
                         <input-text value="<%= moment(projectData.create_time * 1000).format('YYYY-MM-DD HH:mm:ss') %>"
                             label="创建时间" readonly="readonly" name="create_time"></input-text>
-                        <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                        <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                     </form>
                 </div>
             </div>

app/view/report/rpt_all_popup.ejs

@@ -673,7 +673,7 @@
             }
         }
         $.bootstrapLoading.start();
-        CommonAjax.postXsrfEx("/tender/report_api/getMultiRoleRelationships", params, 30000, true, getCookie('csrfToken'),
+        CommonAjax.postXsrfEx("/tender/report_api/getMultiRoleRelationships", params, 30000, true, getCookie('csrfToken_j'),
             function(result){
                 $.bootstrapLoading.end();
                 let relArr = result.data;
@@ -816,7 +816,7 @@
     function updateCustRptCfg(){
         let params = {};
         params.nodeItems = CUST_TREE_NODES;
-        CommonAjax.postXsrfEx("/tender/report_api/updateCustNode", params, 60000, true, getCookie('csrfToken'),
+        CommonAjax.postXsrfEx("/tender/report_api/updateCustNode", params, 60000, true, getCookie('csrfToken_j'),
             function(result){
                 try {
                     // console.log(result);

app/view/revise/info_modal.ejs

@@ -95,7 +95,7 @@
             <form class="modal-footer" method="post" action="/tender/<%- ctx.tender.id %>/revise/audit/start"
                 name="revise-start">
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <button class="btn btn-primary btn-sm" type="submit">确认上报</button>
             </form>
         </div>
@@ -288,7 +288,7 @@
                 </div>
                 <div class="modal-footer">
                     <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                    <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                    <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                     <input type="hidden" name="checkType" value="<%= auditConst.status.checked %>" />
                     <button type="submit" class="btn btn-success btn-sm">确认通过</button>
                 </div>
@@ -524,7 +524,7 @@
                 </div>
                 <div class="modal-footer">
                     <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                    <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                    <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                     <button type="submit" class="btn btn-warning btn-sm">确认退回</button>
                 </div>
             </form>
@@ -707,7 +707,7 @@
                 </div>
                 <form class="modal-footer" method="post" action="<%- preUrl %>/revise/audit/start"
                     name="revise-start">
-                    <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                    <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                     <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                     <% if(revise.status === auditConst.status.checkNo && ctx.session.sessionUser.accountId === revise.uid) { %>
                     <button class="btn btn-primary btn-sm sp-list-item" type="submit">确认上报</button>

app/view/revise/modal.ejs

@@ -9,7 +9,7 @@
                 <h5>创建修订后，本期计量将暂时锁定，锁定后本期计量无法计量和上报，需修订完成后，才能解锁。</h5>
             </div>
             <div class="modal-footer">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                 <button id="add-ok" type="submit" class="btn btn-primary btn-sm">确定新建</button>
             </div>
@@ -60,7 +60,7 @@
                 </div>
             </div>
             <div class="modal-footer">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal" >取消</button>
                 <button type="submit" class="btn btn-danger btn-sm">确认作废</button>
             </div>

app/view/setting/info.ejs

@@ -12,7 +12,7 @@
             <div class="sjs-height-0">
                 <div class="row m-0 mt-3">
                     <div class="col-5">
-                        <% if (projectData.user_account === ctx.session.sessionUser.account) { %><form id="info-form" action="/<%= ctx.controllerName %>/updateinfo/<%= projectData.id === undefined ? 0 : projectData.id %>?_csrf=<%= ctx.csrf %>" method="post"><% } %>
+                        <% if (projectData.user_account === ctx.session.sessionUser.account) { %><form id="info-form" action="/<%= ctx.controllerName %>/updateinfo/<%= projectData.id === undefined ? 0 : projectData.id %>?_csrf_j=<%= ctx.csrf %>" method="post"><% } %>
                             <div class="form-group">
                                 <label>项目编号</label>
                                 <input class="form-control form-control-sm" value="<%= projectData.code%>" type="text" readonly>

app/view/setting/user_modal.ejs

@@ -5,7 +5,7 @@
             <div class="modal-header">
                 <h5 class="modal-title">添加账号</h5>
             </div>
-            <form method="post" action="/setting/user/add?_csrf=<%= ctx.csrf %>" onsubmit="return checkUserForm('add');">
+            <form method="post" action="/setting/user/add?_csrf_j=<%= ctx.csrf %>" onsubmit="return checkUserForm('add');">
             <div class="modal-body">
                 <div class="form-group">
                     <label><b class="text-danger">*</b>账号组</label>
@@ -69,7 +69,7 @@
             <div class="modal-header">
                 <h5 class="modal-title">编辑账号</h5>
             </div>
-            <form method="post" action="/setting/user/update?_csrf=<%= ctx.csrf %>" onsubmit="return checkUserForm('update');">
+            <form method="post" action="/setting/user/update?_csrf_j=<%= ctx.csrf %>" onsubmit="return checkUserForm('update');">
             <div class="modal-body">
                 <div class="form-group">
                     <label>账号组<b class="text-danger">*</b></label>
@@ -167,7 +167,7 @@
                 <h4>确认解除 <span id="bind_account">陈特 15812644017</span> 的绑定状态？</h4>
             </div>
             <form method="post" action="/setting/user/unbind" class="modal-footer">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <input type="hidden" name="id" id="account_id" value="">
                 <button type="button" class="btn btn-sm btn-secondary" data-dismiss="modal">关闭</button>
                 <button type="submit" class="btn btn-sm btn-sm btn-primary">确定解绑</button>
@@ -206,7 +206,7 @@
                 <div class="alert alert-warning py-1 px-2">若修改登录账号，必须重新设置新密码。新密码会发送至已认证手机。</div>
             </div>
             <div class="modal-footer">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                 <input type="hidden" name="id" value="">
                 <button type="button" class="btn btn-sm btn-secondary" data-dismiss="modal">关闭</button>
                 <button type="submit" class="btn btn-sm btn-primary">提交修改</button>

app/view/setting/user_permission_modal.ejs

@@ -5,7 +5,7 @@
             <div class="modal-header">
                 <h5 class="modal-title">添加账号</h5>
             </div>
-            <form method="post" action="/setting/user/add?_csrf=<%= ctx.csrf %>" onsubmit="return checkUserForm('add');">
+            <form method="post" action="/setting/user/add?_csrf_j=<%= ctx.csrf %>" onsubmit="return checkUserForm('add');">
             <div class="modal-body">
                 <div class="form-group">
                     <label><b class="text-danger">*</b>账号组</label>
@@ -69,7 +69,7 @@
             <div class="modal-header">
                 <h5 class="modal-title">编辑权限</h5>
             </div>
-            <form method="post" action="/setting/user/permission?_csrf=<%= ctx.csrf %>">
+            <form method="post" action="/setting/user/permission?_csrf_j=<%= ctx.csrf %>">
             <div class="modal-body">
                 <% let index = 0; %>
                 <% for (const pm in permission) { %>

app/view/stage/audit_modal.ejs

@@ -59,7 +59,7 @@
                 </div>
                 <form class="modal-footer" method="post" action="<%- preUrl %>/audit/start" name="stage-start">
                     <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                    <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                    <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                     <button class="btn btn-primary btn-sm" type="submit">确认上报</button>
                 </form>
             </div>
@@ -246,7 +246,7 @@
                     </div>
                 </div>
                 <form class="modal-footer" method="post" action="<%- preUrl %>/audit/start" name="stage-start">
-                    <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
+                    <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>">
                     <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
                     <% if(ctx.stage.status === auditConst.status.checkNo && ctx.session.sessionUser.accountId === ctx.stage.user_id) { %>
                     <button class="btn btn-primary btn-sm sp-list-item" type="submit">确认上报</button>
@@ -442,7 +442,7 @@
                 </div>
                 <div class="modal-footer">
                     <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                    <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                    <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                     <input type="hidden" name="checkType" value="<%= auditConst.status.checked %>" />
                     <button type="submit" class="btn btn-success btn-sm">确认通过</button>
                 </div>
@@ -673,7 +673,7 @@
                 </div>
                 <div class="modal-footer">
                     <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">关闭</button>
-                    <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                    <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                     <button type="submit" class="btn btn-warning btn-sm">确认退回</button>
                 </div>
             </form>
@@ -782,7 +782,7 @@
             </div>
             <div class="modal-footer">
                 <input type="hidden" name="stage_id" value="<%= ctx.stage.id %>">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">取消</button>
                 <button type="submit" class="btn btn-danger btn-sm">确定删除</button>
             </div>

app/view/stage/manager_modal.ejs

@@ -30,7 +30,7 @@
                 <p class="mb-2"><input type="text" name="confirm" class="form-control form-control-sm" placeholder="输入文本，确认删除"></p>
             </div>
             <div class="modal-footer">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-sm btn-secondary" data-dismiss="modal">取消</button>
                 <button type="submit" class="btn btn-sm btn-danger">确认删除</button>
             </div>
@@ -71,7 +71,7 @@
             <div class="modal-footer">
                 <input type="hidden" name="stage_id" value="<%= lastStage.id %>">
                 <input type="hidden" name="stage_order" value="<%- ctx.stage.order %>">
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal">取消</button>
                 <button type="submit" class="btn btn-danger btn-sm">确定删除</button>
             </div>

app/view/wap/login.ejs

@@ -51,7 +51,7 @@
                     </div>
                     <div class="form-group mb-3">
                         <button class="btn btn-primary btn-block" type="submit">登录</button>
-                        <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                        <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                         <input type="hidden" name="type" value="2" />
                     </div>
                     <div class="pt-1 d-flex justify-content-end">

app/view/wap/shenpi_change.ejs

@@ -217,7 +217,7 @@
 <!--审批通过弹窗-->
 <div class="modal" tabindex="-1" role="dialog" id="sp-done">
     <div class="modal-dialog" role="document">
-        <form class="modal-content" action="/wap/tender/<%- tender.id %>/change/approval?_csrf=<%= ctx.csrf %>" method="post" id="success-approval">
+        <form class="modal-content" action="/wap/tender/<%- tender.id %>/change/approval?_csrf_j=<%= ctx.csrf %>" method="post" id="success-approval">
             <div class="modal-header">
                 <h5 class="modal-title">审批通过</h5>
                 <button type="button" class="close" data-dismiss="modal" aria-label="Close">
@@ -254,7 +254,7 @@
 <!--审批退回弹窗-->
 <div class="modal" tabindex="-1" role="dialog" id="sp-back">
     <div class="modal-dialog" role="document">
-        <form class="modal-content" action="/wap/tender/<%- tender.id %>/change/approval?_csrf=<%= ctx.csrf %>" method="post" id="fail-approval">
+        <form class="modal-content" action="/wap/tender/<%- tender.id %>/change/approval?_csrf_j=<%= ctx.csrf %>" method="post" id="fail-approval">
             <div class="modal-header">
                 <h5 class="modal-title">审批退回</h5>
                 <button type="button" class="close" data-dismiss="modal" aria-label="Close">
@@ -366,8 +366,8 @@
             async: false,
             timeout: 60000,
             beforeSend: function(xhr) {
-                let csrfToken = Cookies.get('csrfToken');
-                xhr.setRequestHeader('x-csrf-token', csrfToken);
+                let csrfToken = Cookies.get('csrfToken_j');
+                xhr.setRequestHeader('x-csrf-token_j', csrfToken);
             },
             success: function(result){
                 if (result.err === 0) {

app/view/wap/shenpi_stage.ejs

@@ -169,7 +169,7 @@
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-secondary" data-dismiss="modal">取消</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <input type="hidden" name="checkType" value="<%= auditConst.status.checked %>" />
                 <button type="submit" class="btn btn-success">审批通过</button>
             </div>
@@ -207,7 +207,7 @@
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-secondary" data-dismiss="modal">取消</button>
-                <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                 <button type="submit" class="btn btn-warning">确认退回</button>
             </div>
         </form>

app/view/wechat/bind.ejs

@@ -51,7 +51,7 @@
                     </div>
                     <div class="form-group mb-3">
                         <button class="btn btn-primary btn-block" type="submit">绑定微信</button>
-                        <input type="hidden" name="_csrf" value="<%= ctx.csrf %>" />
+                        <input type="hidden" name="_csrf_j" value="<%= ctx.csrf %>" />
                     </div>
                 </div>
             </form>

config/config.default.js

@@ -86,6 +86,11 @@ module.exports = appInfo => {
     config.security = {
         csrf: {
             ignoreJSON: false, // 默认为 false，当设置为 true 时，将会放过所有 content-type 为 `application/json` 的请求
+            cookieName: 'csrfToken_j',    // csrf token's cookie name
+            sessionName: 'csrfToken_j',   // csrf token's session name
+            headerName: 'x-csrf-token_j', // request csrf token's name in header
+            bodyName: '_csrf_j',          // request csrf token's name in body
+            queryName: '_csrf_j',         // request csrf token's name in query
         },
     };