@alibarbar/common 1.0.10 → 1.1.1

package/dist/storage.js

@@ -1,36 +1,4 @@
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __esm = (fn, res) => function __init() {
-  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-
-// src/helper/crypto.ts
-var crypto_exports = {};
-__export(crypto_exports, {
-  base64Decode: () => base64Decode,
-  base64Encode: () => base64Encode,
-  exportPrivateKey: () => exportPrivateKey,
-  exportPublicKey: () => exportPublicKey,
-  generateRSAKeyPair: () => generateRSAKeyPair,
-  generateRandomString: () => generateRandomString,
-  generateUUID: () => generateUUID,
-  hash: () => hash,
-  importPrivateKey: () => importPrivateKey,
-  importPublicKey: () => importPublicKey,
-  rsaDecrypt: () => rsaDecrypt,
-  rsaEncrypt: () => rsaEncrypt,
-  sha256: () => sha256
-});
-async function sha256(data) {
-  const buffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const hashBuffer = await crypto.subtle.digest("SHA-256", buffer);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
-}
+// src/helper/crypto/index.ts
 function base64Encode(data) {
   if (typeof data === "string") {
     return btoa(unescape(encodeURIComponent(data)));
@@ -49,16 +17,6 @@ function base64Decode(data) {
     throw new Error("Invalid Base64 string");
   }
 }
-function generateUUID() {
-  if (typeof crypto !== "undefined" && crypto.randomUUID) {
-    return crypto.randomUUID();
-  }
-  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
-    const r = Math.random() * 16 | 0;
-    const v = c === "x" ? r : r & 3 | 8;
-    return v.toString(16);
-  });
-}
 function generateRandomString(length, charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") {
   let result = "";
   for (let i = 0; i < length; i++) {
@@ -66,15 +24,6 @@ function generateRandomString(length, charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcde
   }
   return result;
 }
-function hash(data) {
-  let hashValue = 0;
-  for (let i = 0; i < data.length; i++) {
-    const char = data.charCodeAt(i);
-    hashValue = (hashValue << 5) - hashValue + char;
-    hashValue = hashValue & hashValue;
-  }
-  return Math.abs(hashValue);
-}
 async function generateRSAKeyPair(modulusLength = 2048) {
   if (typeof crypto === "undefined" || !crypto.subtle) {
     throw new Error("Web Crypto API is not available");
@@ -195,33 +144,428 @@ async function importPrivateKey(keyData) {
     ["decrypt"]
   );
 }
-var init_crypto = __esm({
-  "src/helper/crypto.ts"() {
+async function generateHMACKey() {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
   }
-});
+  return crypto.subtle.generateKey(
+    {
+      name: "HMAC",
+      hash: "SHA-256"
+    },
+    true,
+    ["sign", "verify"]
+  );
+}
+async function computeHMAC(data, key) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const buffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
+  const signature = await crypto.subtle.sign("HMAC", key, buffer);
+  return base64Encode(signature);
+}
+async function verifyHMAC(data, signature, key) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  try {
+    const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
+    const signatureBuffer = new Uint8Array(
+      atob(signature).split("").map((char) => char.charCodeAt(0))
+    );
+    return await crypto.subtle.verify("HMAC", key, signatureBuffer, dataBuffer);
+  } catch {
+    return false;
+  }
+}
+async function deriveKeyFromPassword(password, salt, iterations = 1e5, keyLength = 256) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const saltBuffer = typeof salt === "string" ? new TextEncoder().encode(salt) : salt;
+  const passwordKey = await crypto.subtle.importKey(
+    "raw",
+    new TextEncoder().encode(password),
+    "PBKDF2",
+    false,
+    ["deriveBits", "deriveKey"]
+  );
+  return crypto.subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      salt: saltBuffer,
+      iterations,
+      hash: "SHA-256"
+    },
+    passwordKey,
+    {
+      name: "AES-GCM",
+      length: keyLength
+    },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+async function aesGCMEncrypt(data, key) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const encrypted = await crypto.subtle.encrypt(
+    {
+      name: "AES-GCM",
+      iv
+    },
+    key,
+    dataBuffer
+  );
+  return {
+    encrypted: base64Encode(encrypted),
+    iv: base64Encode(iv.buffer)
+  };
+}
+async function aesGCMDecrypt(encryptedData, iv, key) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const encryptedBuffer = new Uint8Array(
+    atob(encryptedData).split("").map((char) => char.charCodeAt(0))
+  );
+  const ivBuffer = new Uint8Array(
+    atob(iv).split("").map((char) => char.charCodeAt(0))
+  );
+  const decrypted = await crypto.subtle.decrypt(
+    {
+      name: "AES-GCM",
+      iv: ivBuffer
+    },
+    key,
+    encryptedBuffer
+  );
+  return new TextDecoder().decode(decrypted);
+}
 
-// src/browser/storage.ts
-init_crypto();
+// src/browser/SecureStorage/index.ts
 var globalKeyPair = null;
+var globalHMACKey = null;
+var keyPairInitialized = false;
+var initOptions = {
+  autoGenerateKeys: true,
+  persistKeys: false,
+  keyStorageKey: void 0,
+  // 将自动生成随机键名
+  keyEncryptionPassword: void 0,
+  pbkdf2Iterations: 1e5,
+  keyModulusLength: 2048,
+  enableHMAC: true,
+  enableTimestampValidation: true,
+  timestampMaxAge: 7 * 24 * 60 * 60 * 1e3,
+  // 7 天
+  isProduction: false
+};
+var actualKeyStorageKey = null;
+var keyUsageCount = 0;
+var initializationPromise = null;
+function generateKeyStorageKey() {
+  return `_sk_${generateRandomString(32)}_${Date.now()}`;
+}
+async function initializeStorageKeys(options = {}) {
+  if (options.forceReinitialize) {
+    globalKeyPair = null;
+    globalHMACKey = null;
+    keyPairInitialized = false;
+    actualKeyStorageKey = null;
+    keyUsageCount = 0;
+    initializationPromise = null;
+  } else if (keyPairInitialized && globalKeyPair) {
+    initOptions = { ...initOptions, ...options };
+    return;
+  }
+  initOptions = { ...initOptions, ...options };
+  if (initOptions.keyStorageKey) {
+    actualKeyStorageKey = initOptions.keyStorageKey;
+  } else {
+    actualKeyStorageKey = generateKeyStorageKey();
+  }
+  if (initOptions.persistKeys && typeof window !== "undefined" && window.localStorage) {
+    try {
+      const storedKeys = window.localStorage.getItem(actualKeyStorageKey);
+      if (storedKeys) {
+        const keyData = JSON.parse(storedKeys);
+        if (keyData.encrypted && keyData.privateKeyEncrypted && keyData.salt) {
+          if (!initOptions.keyEncryptionPassword) {
+            if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+              console.error("Encrypted keys found but no password provided");
+            }
+            throw new Error("Password required to decrypt stored keys");
+          }
+          const saltArray = new Uint8Array(
+            atob(keyData.salt).split("").map((char) => char.charCodeAt(0))
+          );
+          const iterations = keyData.pbkdf2Iterations || initOptions.pbkdf2Iterations;
+          const derivedKey = await deriveKeyFromPassword(
+            initOptions.keyEncryptionPassword,
+            saltArray.buffer,
+            iterations
+          );
+          const decryptedPrivateKey = await aesGCMDecrypt(
+            keyData.privateKeyEncrypted,
+            keyData.iv,
+            derivedKey
+          );
+          globalKeyPair = {
+            publicKey: await importPublicKey(keyData.publicKey),
+            privateKey: await importPrivateKey(decryptedPrivateKey)
+          };
+        } else if (keyData.publicKey && keyData.privateKey) {
+          if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+            console.warn(
+              "\u26A0\uFE0F SECURITY WARNING: Loading unencrypted keys from storage. Consider re-initializing with password encryption."
+            );
+          }
+          globalKeyPair = {
+            publicKey: await importPublicKey(keyData.publicKey),
+            privateKey: await importPrivateKey(keyData.privateKey)
+          };
+        }
+        if (globalKeyPair) {
+          keyPairInitialized = true;
+          if (initOptions.enableHMAC && !globalHMACKey) {
+            globalHMACKey = await generateHMACKey();
+          }
+          return;
+        }
+      }
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+        console.warn("Failed to load persisted keys, will generate new ones");
+      }
+    }
+  }
+  if (initOptions.autoGenerateKeys && !globalKeyPair) {
+    try {
+      globalKeyPair = await generateRSAKeyPair(initOptions.keyModulusLength);
+      if (initOptions.enableHMAC && !globalHMACKey) {
+        globalHMACKey = await generateHMACKey();
+      }
+      keyPairInitialized = true;
+      keyUsageCount = 0;
+      if (initOptions.persistKeys && typeof window !== "undefined" && window.localStorage) {
+        try {
+          const publicKeyStr = await exportPublicKey(globalKeyPair.publicKey);
+          if (initOptions.keyEncryptionPassword) {
+            const privateKeyStr = await exportPrivateKey(globalKeyPair.privateKey);
+            const salt = crypto.getRandomValues(new Uint8Array(16));
+            const derivedKey = await deriveKeyFromPassword(
+              initOptions.keyEncryptionPassword,
+              salt.buffer,
+              initOptions.pbkdf2Iterations
+            );
+            const { encrypted, iv } = await aesGCMEncrypt(privateKeyStr, derivedKey);
+            const keyData = {
+              encrypted: true,
+              publicKey: publicKeyStr,
+              privateKeyEncrypted: encrypted,
+              iv,
+              salt: base64Encode(salt.buffer),
+              pbkdf2Iterations: initOptions.pbkdf2Iterations
+            };
+            window.localStorage.setItem(actualKeyStorageKey, JSON.stringify(keyData));
+            if (!initOptions.isProduction && typeof console !== "undefined" && console.info) {
+              console.info("\u2705 Keys encrypted and stored securely");
+            }
+          } else {
+            if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+              console.warn(
+                "\u26A0\uFE0F SECURITY WARNING: Storing private keys without encryption! Private keys will be stored in plain text (Base64 encoded). Provide keyEncryptionPassword for secure storage."
+              );
+            }
+            const keyData = {
+              publicKey: publicKeyStr,
+              privateKey: await exportPrivateKey(globalKeyPair.privateKey)
+            };
+            window.localStorage.setItem(actualKeyStorageKey, JSON.stringify(keyData));
+          }
+        } catch (error) {
+          if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+            console.error("Failed to persist keys");
+          }
+        }
+      }
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("Failed to generate storage keys");
+      }
+      throw error;
+    }
+  }
+  if (initOptions.enableHMAC && !globalHMACKey) {
+    globalHMACKey = await generateHMACKey();
+  }
+}
 function setStorageKeyPair(keyPair) {
   globalKeyPair = keyPair;
+  keyPairInitialized = true;
 }
 function getStorageKeyPair() {
   return globalKeyPair;
 }
-async function encryptValue(value, publicKey) {
-  return rsaEncrypt(value, publicKey);
+function clearPersistedKeys() {
+  if (typeof window !== "undefined" && window.localStorage && actualKeyStorageKey) {
+    try {
+      window.localStorage.removeItem(actualKeyStorageKey);
+      actualKeyStorageKey = null;
+      keyPairInitialized = false;
+      globalKeyPair = null;
+      globalHMACKey = null;
+      keyUsageCount = 0;
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("Failed to clear persisted keys");
+      }
+    }
+  }
+}
+function getKeyUsageCount() {
+  return keyUsageCount;
+}
+function resetKeyUsageCount() {
+  keyUsageCount = 0;
 }
-async function decryptValue(encryptedValue, privateKey) {
+async function ensureKeyPair() {
+  if (globalKeyPair) {
+    keyUsageCount++;
+    return;
+  }
+  if (!initOptions.autoGenerateKeys) {
+    return;
+  }
+  if (initializationPromise) {
+    await initializationPromise;
+    if (globalKeyPair) {
+      keyUsageCount++;
+    }
+    return;
+  }
+  initializationPromise = initializeStorageKeys();
   try {
-    return await rsaDecrypt(encryptedValue, privateKey);
+    await initializationPromise;
+  } finally {
+    initializationPromise = null;
+  }
+  if (globalKeyPair) {
+    keyUsageCount++;
+  }
+}
+function safeParseJSON(jsonStr, expectedType) {
+  try {
+    const parsed = JSON.parse(jsonStr);
+    if (expectedType === "object" && (typeof parsed !== "object" || parsed === null || Array.isArray(parsed))) {
+      throw new Error("Expected object but got different type");
+    }
+    if (expectedType === "array" && !Array.isArray(parsed)) {
+      throw new Error("Expected array but got different type");
+    }
+    return parsed;
+  } catch (error) {
+    if (error instanceof SyntaxError) {
+      throw new Error(`Invalid JSON format: ${error.message}`);
+    }
+    throw error;
+  }
+}
+function validateTimestamp(timestamp, maxClockSkew = 5 * 60 * 1e3) {
+  if (!initOptions.enableTimestampValidation || !timestamp) {
+    return true;
+  }
+  if (initOptions.timestampMaxAge === 0) {
+    return true;
+  }
+  const now = Date.now();
+  const age = now - timestamp;
+  const maxAge = initOptions.timestampMaxAge || 7 * 24 * 60 * 60 * 1e3;
+  if (age < -maxClockSkew) {
+    return false;
+  }
+  return age >= -maxClockSkew && age <= maxAge;
+}
+async function encryptValue(value, publicKey, hmacKey) {
+  const encryptedData = await rsaEncrypt(value, publicKey);
+  if (hmacKey) {
+    const hmac = await computeHMAC(encryptedData, hmacKey);
+    const item = {
+      data: encryptedData,
+      hmac,
+      encrypted: true,
+      timestamp: Date.now()
+    };
+    return JSON.stringify(item);
+  }
+  return encryptedData;
+}
+async function handleDecryptError(error, encryptedStr, key) {
+  if (error instanceof Error && error.message.includes("HMAC verification failed")) {
+    if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+      console.error(
+        "\u26A0\uFE0F SECURITY ALERT: Data integrity check failed! Data may have been tampered with."
+      );
+    }
+    throw error;
+  }
+  if (error instanceof Error && error.message.includes("Data timestamp validation failed")) {
+    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+      console.warn("\u26A0\uFE0F SECURITY WARNING: Data timestamp validation failed");
+    }
+    throw error;
+  }
+  try {
+    const decryptedStr = base64Decode(encryptedStr);
+    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+      console.warn(
+        `\u26A0\uFE0F SECURITY WARNING: Reading unencrypted data for key "${key}". This may be a security risk if sensitive data was stored without encryption.`
+      );
+    }
+    return decryptedStr;
   } catch {
-    try {
-      JSON.parse(encryptedValue);
-      return encryptedValue;
-    } catch {
-      throw new Error("Failed to decrypt storage value");
+    throw error;
+  }
+}
+function handleNoKeyDecode(encryptedStr, key) {
+  try {
+    const decryptedStr = base64Decode(encryptedStr);
+    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+      console.warn(
+        `\u26A0\uFE0F SECURITY WARNING: Reading unencrypted data for key "${key}" without encryption keys.`
+      );
+    }
+    return decryptedStr;
+  } catch (error) {
+    throw new Error(`Failed to decode storage value for key "${key}"`);
+  }
+}
+async function decryptValue(encryptedValue, privateKey, hmacKey) {
+  try {
+    const item = JSON.parse(encryptedValue);
+    if (item.encrypted && item.data && item.hmac) {
+      if (hmacKey) {
+        const isValid = await verifyHMAC(item.data, item.hmac, hmacKey);
+        if (!isValid) {
+          throw new Error("HMAC verification failed: data may have been tampered with");
+        }
+      }
+      if (item.timestamp && !validateTimestamp(item.timestamp)) {
+        throw new Error("Data timestamp validation failed: data may be expired or replayed");
+      }
+      return await rsaDecrypt(item.data, privateKey);
+    }
+    return await rsaDecrypt(encryptedValue, privateKey);
+  } catch (error) {
+    if (error instanceof Error && error.message.includes("HMAC verification failed")) {
+      throw error;
     }
+    throw new Error("Failed to decrypt storage value: invalid format or corrupted data");
   }
 }
 var localStorage = {
@@ -243,17 +587,24 @@ var localStorage = {
     };
     try {
       const jsonStr = JSON.stringify(item);
+      await ensureKeyPair();
       const keyToUse = publicKey || globalKeyPair?.publicKey;
       if (keyToUse) {
-        const encrypted = await encryptValue(jsonStr, keyToUse);
+        const encrypted = await encryptValue(jsonStr, keyToUse, globalHMACKey);
         window.localStorage.setItem(key, encrypted);
       } else {
-        const { base64Encode: base64Encode2 } = await Promise.resolve().then(() => (init_crypto(), crypto_exports));
-        const encoded = base64Encode2(jsonStr);
+        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+          console.warn(
+            `\u26A0\uFE0F SECURITY WARNING: Storing data without encryption for key "${key}". Data is only Base64 encoded, not encrypted!`
+          );
+        }
+        const encoded = base64Encode(jsonStr);
         window.localStorage.setItem(key, encoded);
       }
     } catch (error) {
-      console.error("localStorage.set error:", error);
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("localStorage.set error:", error);
+      }
       throw error;
     }
   },
@@ -271,34 +622,36 @@ var localStorage = {
     try {
       const encryptedStr = window.localStorage.getItem(key);
       if (!encryptedStr) return defaultValue;
+      await ensureKeyPair();
       let decryptedStr;
       const keyToUse = privateKey || globalKeyPair?.privateKey;
       if (keyToUse) {
         try {
-          decryptedStr = await decryptValue(encryptedStr, keyToUse);
-        } catch {
-          const { base64Decode: base64Decode2 } = await Promise.resolve().then(() => (init_crypto(), crypto_exports));
+          decryptedStr = await decryptValue(encryptedStr, keyToUse, globalHMACKey);
+        } catch (error) {
           try {
-            decryptedStr = base64Decode2(encryptedStr);
+            decryptedStr = await handleDecryptError(error, encryptedStr, key);
           } catch {
             return defaultValue;
           }
         }
       } else {
-        const { base64Decode: base64Decode2 } = await Promise.resolve().then(() => (init_crypto(), crypto_exports));
         try {
-          decryptedStr = base64Decode2(encryptedStr);
+          decryptedStr = handleNoKeyDecode(encryptedStr, key);
         } catch {
           return defaultValue;
         }
       }
-      const item = JSON.parse(decryptedStr);
+      const item = safeParseJSON(decryptedStr, "object");
       if (item.expiry && Date.now() > item.expiry) {
         window.localStorage.removeItem(key);
         return defaultValue;
       }
       return item.value;
-    } catch {
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+        console.warn(`Failed to parse storage item for key "${key}"`);
+      }
       return defaultValue;
     }
   },
@@ -311,7 +664,9 @@ var localStorage = {
     try {
       window.localStorage.removeItem(key);
     } catch (error) {
-      console.error("localStorage.remove error:", error);
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("localStorage.remove error");
+      }
     }
   },
   /**
@@ -322,7 +677,9 @@ var localStorage = {
     try {
       window.localStorage.clear();
     } catch (error) {
-      console.error("localStorage.clear error:", error);
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("localStorage.clear error");
+      }
     }
   },
   /**
@@ -338,7 +695,9 @@ var localStorage = {
         if (key) keys.push(key);
       }
     } catch (error) {
-      console.error("localStorage.keys error:", error);
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("localStorage.keys error");
+      }
     }
     return keys;
   }
@@ -358,17 +717,24 @@ var sessionStorage = {
     const { publicKey } = options;
     try {
       const jsonStr = JSON.stringify(value);
+      await ensureKeyPair();
       const keyToUse = publicKey || globalKeyPair?.publicKey;
       if (keyToUse) {
-        const encrypted = await encryptValue(jsonStr, keyToUse);
+        const encrypted = await encryptValue(jsonStr, keyToUse, globalHMACKey);
         window.sessionStorage.setItem(key, encrypted);
       } else {
-        const { base64Encode: base64Encode2 } = await Promise.resolve().then(() => (init_crypto(), crypto_exports));
-        const encoded = base64Encode2(jsonStr);
+        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+          console.warn(
+            `\u26A0\uFE0F SECURITY WARNING: Storing data without encryption for key "${key}". Data is only Base64 encoded, not encrypted!`
+          );
+        }
+        const encoded = base64Encode(jsonStr);
         window.sessionStorage.setItem(key, encoded);
       }
     } catch (error) {
-      console.error("sessionStorage.set error:", error);
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("sessionStorage.set error:", error);
+      }
       throw error;
     }
   },
@@ -386,28 +752,27 @@ var sessionStorage = {
     try {
       const encryptedStr = window.sessionStorage.getItem(key);
       if (!encryptedStr) return defaultValue;
+      await ensureKeyPair();
       let decryptedStr;
       const keyToUse = privateKey || globalKeyPair?.privateKey;
       if (keyToUse) {
         try {
-          decryptedStr = await decryptValue(encryptedStr, keyToUse);
-        } catch {
-          const { base64Decode: base64Decode2 } = await Promise.resolve().then(() => (init_crypto(), crypto_exports));
+          decryptedStr = await decryptValue(encryptedStr, keyToUse, globalHMACKey);
+        } catch (error) {
           try {
-            decryptedStr = base64Decode2(encryptedStr);
+            decryptedStr = await handleDecryptError(error, encryptedStr, key);
           } catch {
             return defaultValue;
           }
         }
       } else {
-        const { base64Decode: base64Decode2 } = await Promise.resolve().then(() => (init_crypto(), crypto_exports));
         try {
-          decryptedStr = base64Decode2(encryptedStr);
+          decryptedStr = handleNoKeyDecode(encryptedStr, key);
         } catch {
           return defaultValue;
         }
       }
-      return JSON.parse(decryptedStr);
+      return safeParseJSON(decryptedStr);
     } catch {
       return defaultValue;
     }
@@ -421,7 +786,9 @@ var sessionStorage = {
     try {
       window.sessionStorage.removeItem(key);
     } catch (error) {
-      console.error("sessionStorage.remove error:", error);
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("sessionStorage.remove error");
+      }
     }
   },
   /**
@@ -432,7 +799,9 @@ var sessionStorage = {
     try {
       window.sessionStorage.clear();
     } catch (error) {
-      console.error("sessionStorage.clear error:", error);
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("sessionStorage.clear error");
+      }
     }
   }
 };
@@ -467,10 +836,15 @@ var cookie = {
     if (typeof document === "undefined") return void 0;
     const name = encodeURIComponent(key);
     const cookies = document.cookie.split(";");
-    for (const cookie2 of cookies) {
-      const [cookieKey, cookieValue] = cookie2.trim().split("=");
+    for (const cookieStr of cookies) {
+      const trimmed = cookieStr.trim();
+      const eqIndex = trimmed.indexOf("=");
+      if (eqIndex === -1) continue;
+      const cookieKey = trimmed.substring(0, eqIndex).trim();
+      const cookieValue = trimmed.substring(eqIndex + 1).trim();
       if (cookieKey === name) {
-        return decodeURIComponent(cookieValue);
+        const decoded = decodeURIComponent(cookieValue);
+        return decoded === "" ? void 0 : decoded;
       }
     }
     return void 0;
@@ -494,15 +868,24 @@ var cookie = {
     if (typeof document === "undefined") return {};
     const cookies = {};
     document.cookie.split(";").forEach((cookieStr) => {
-      const [key, value] = cookieStr.trim().split("=");
+      const trimmed = cookieStr.trim();
+      if (!trimmed) return;
+      const eqIndex = trimmed.indexOf("=");
+      if (eqIndex === -1) return;
+      const key = trimmed.substring(0, eqIndex).trim();
+      const value = trimmed.substring(eqIndex + 1).trim();
       if (key && value) {
-        cookies[decodeURIComponent(key)] = decodeURIComponent(value);
+        const decodedKey = decodeURIComponent(key);
+        const decodedValue = decodeURIComponent(value);
+        if (decodedValue !== "") {
+          cookies[decodedKey] = decodedValue;
+        }
       }
     });
     return cookies;
   }
 };
-var storage = {
+var secureStorage = {
   /**
    * 设置值（优先使用localStorage，失败则使用sessionStorage）
    * @param key - 键
@@ -517,7 +900,9 @@ var storage = {
       try {
         await sessionStorage.set(key, value, { publicKey: options.publicKey });
       } catch {
-        console.warn("Both localStorage and sessionStorage are not available");
+        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+          console.warn("Both localStorage and sessionStorage are not available");
+        }
       }
     }
   },
@@ -547,7 +932,25 @@ var storage = {
   clear() {
     localStorage.clear();
     sessionStorage.clear();
+  },
+  /**
+   * 获取所有键名
+   * @returns 键名数组
+   */
+  keys() {
+    const localKeys = localStorage.keys();
+    const sessionKeys = [];
+    if (typeof window !== "undefined" && window.sessionStorage) {
+      try {
+        for (let i = 0; i < window.sessionStorage.length; i++) {
+          const key = window.sessionStorage.key(i);
+          if (key) sessionKeys.push(key);
+        }
+      } catch (error) {
+      }
+    }
+    return Array.from(/* @__PURE__ */ new Set([...localKeys, ...sessionKeys]));
   }
 };
 
-export { cookie, getStorageKeyPair, localStorage, sessionStorage, setStorageKeyPair, storage };
+export { clearPersistedKeys, cookie, getKeyUsageCount, getStorageKeyPair, initializeStorageKeys, resetKeyUsageCount, secureStorage, setStorageKeyPair };