@alibarbar/common 1.0.9 → 1.1.0

package/dist/storage.cjs

@@ -0,0 +1,943 @@
+'use strict';
+
+// src/helper/crypto/index.ts
+function base64Encode(data) {
+  if (typeof data === "string") {
+    return btoa(unescape(encodeURIComponent(data)));
+  }
+  const bytes = new Uint8Array(data);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary);
+}
+function base64Decode(data) {
+  try {
+    return decodeURIComponent(escape(atob(data)));
+  } catch {
+    throw new Error("Invalid Base64 string");
+  }
+}
+function generateRandomString(length, charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") {
+  let result = "";
+  for (let i = 0; i < length; i++) {
+    result += charset.charAt(Math.floor(Math.random() * charset.length));
+  }
+  return result;
+}
+async function generateRSAKeyPair(modulusLength = 2048) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const keyPair = await crypto.subtle.generateKey(
+    {
+      name: "RSA-OAEP",
+      modulusLength,
+      publicExponent: new Uint8Array([1, 0, 1]),
+      hash: "SHA-256"
+    },
+    true,
+    ["encrypt", "decrypt"]
+  );
+  return {
+    publicKey: keyPair.publicKey,
+    privateKey: keyPair.privateKey
+  };
+}
+async function rsaEncrypt(data, publicKey) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const encoder = new TextEncoder();
+  const dataBuffer = encoder.encode(data);
+  const maxChunkSize = 245;
+  const chunks = [];
+  for (let i = 0; i < dataBuffer.length; i += maxChunkSize) {
+    const chunk = dataBuffer.slice(i, i + maxChunkSize);
+    const encrypted = await crypto.subtle.encrypt(
+      {
+        name: "RSA-OAEP"
+      },
+      publicKey,
+      chunk
+    );
+    chunks.push(encrypted);
+  }
+  const totalLength = chunks.reduce((sum, chunk) => sum + chunk.byteLength, 0);
+  const merged = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const chunk of chunks) {
+    merged.set(new Uint8Array(chunk), offset);
+    offset += chunk.byteLength;
+  }
+  return base64Encode(merged.buffer);
+}
+async function rsaDecrypt(encryptedData, privateKey) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const binaryString = atob(encryptedData);
+  const encryptedArray = new Uint8Array(binaryString.length);
+  for (let i = 0; i < binaryString.length; i++) {
+    encryptedArray[i] = binaryString.charCodeAt(i);
+  }
+  const chunkSize = 256;
+  const chunks = [];
+  for (let i = 0; i < encryptedArray.length; i += chunkSize) {
+    const chunk = encryptedArray.slice(i, i + chunkSize);
+    const decrypted = await crypto.subtle.decrypt(
+      {
+        name: "RSA-OAEP"
+      },
+      privateKey,
+      chunk
+    );
+    const decoder = new TextDecoder();
+    chunks.push(decoder.decode(decrypted));
+  }
+  return chunks.join("");
+}
+async function exportPublicKey(publicKey) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const exported = await crypto.subtle.exportKey("spki", publicKey);
+  return base64Encode(exported);
+}
+async function exportPrivateKey(privateKey) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const exported = await crypto.subtle.exportKey("pkcs8", privateKey);
+  return base64Encode(exported);
+}
+async function importPublicKey(keyData) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const keyBuffer = base64Decode(keyData);
+  const keyArray = new Uint8Array(keyBuffer.split("").map((char) => char.charCodeAt(0)));
+  return crypto.subtle.importKey(
+    "spki",
+    keyArray.buffer,
+    {
+      name: "RSA-OAEP",
+      hash: "SHA-256"
+    },
+    true,
+    ["encrypt"]
+  );
+}
+async function importPrivateKey(keyData) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const keyBuffer = base64Decode(keyData);
+  const keyArray = new Uint8Array(keyBuffer.split("").map((char) => char.charCodeAt(0)));
+  return crypto.subtle.importKey(
+    "pkcs8",
+    keyArray.buffer,
+    {
+      name: "RSA-OAEP",
+      hash: "SHA-256"
+    },
+    true,
+    ["decrypt"]
+  );
+}
+async function generateHMACKey() {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  return crypto.subtle.generateKey(
+    {
+      name: "HMAC",
+      hash: "SHA-256"
+    },
+    true,
+    ["sign", "verify"]
+  );
+}
+async function computeHMAC(data, key) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const buffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
+  const signature = await crypto.subtle.sign("HMAC", key, buffer);
+  return base64Encode(signature);
+}
+async function verifyHMAC(data, signature, key) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  try {
+    const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
+    const signatureBuffer = new Uint8Array(
+      atob(signature).split("").map((char) => char.charCodeAt(0))
+    );
+    return await crypto.subtle.verify("HMAC", key, signatureBuffer, dataBuffer);
+  } catch {
+    return false;
+  }
+}
+async function deriveKeyFromPassword(password, salt, iterations = 1e5, keyLength = 256) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const saltBuffer = typeof salt === "string" ? new TextEncoder().encode(salt) : salt;
+  const passwordKey = await crypto.subtle.importKey(
+    "raw",
+    new TextEncoder().encode(password),
+    "PBKDF2",
+    false,
+    ["deriveBits", "deriveKey"]
+  );
+  return crypto.subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      salt: saltBuffer,
+      iterations,
+      hash: "SHA-256"
+    },
+    passwordKey,
+    {
+      name: "AES-GCM",
+      length: keyLength
+    },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+async function aesGCMEncrypt(data, key) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const encrypted = await crypto.subtle.encrypt(
+    {
+      name: "AES-GCM",
+      iv
+    },
+    key,
+    dataBuffer
+  );
+  return {
+    encrypted: base64Encode(encrypted),
+    iv: base64Encode(iv.buffer)
+  };
+}
+async function aesGCMDecrypt(encryptedData, iv, key) {
+  if (typeof crypto === "undefined" || !crypto.subtle) {
+    throw new Error("Web Crypto API is not available");
+  }
+  const encryptedBuffer = new Uint8Array(
+    atob(encryptedData).split("").map((char) => char.charCodeAt(0))
+  );
+  const ivBuffer = new Uint8Array(
+    atob(iv).split("").map((char) => char.charCodeAt(0))
+  );
+  const decrypted = await crypto.subtle.decrypt(
+    {
+      name: "AES-GCM",
+      iv: ivBuffer
+    },
+    key,
+    encryptedBuffer
+  );
+  return new TextDecoder().decode(decrypted);
+}
+
+// src/browser/SecureStorage/index.ts
+var globalKeyPair = null;
+var globalHMACKey = null;
+var keyPairInitialized = false;
+var initOptions = {
+  autoGenerateKeys: true,
+  persistKeys: false,
+  keyStorageKey: void 0,
+  // 将自动生成随机键名
+  keyEncryptionPassword: void 0,
+  pbkdf2Iterations: 1e5,
+  keyModulusLength: 2048,
+  enableHMAC: true,
+  enableTimestampValidation: true,
+  timestampMaxAge: 7 * 24 * 60 * 60 * 1e3,
+  // 7 天
+  isProduction: false
+};
+var actualKeyStorageKey = null;
+var keyUsageCount = 0;
+var initializationPromise = null;
+function generateKeyStorageKey() {
+  return `_sk_${generateRandomString(32)}_${Date.now()}`;
+}
+async function initializeStorageKeys(options = {}) {
+  if (options.forceReinitialize) {
+    globalKeyPair = null;
+    globalHMACKey = null;
+    keyPairInitialized = false;
+    actualKeyStorageKey = null;
+    keyUsageCount = 0;
+    initializationPromise = null;
+  } else if (keyPairInitialized && globalKeyPair) {
+    initOptions = { ...initOptions, ...options };
+    return;
+  }
+  initOptions = { ...initOptions, ...options };
+  if (initOptions.keyStorageKey) {
+    actualKeyStorageKey = initOptions.keyStorageKey;
+  } else {
+    actualKeyStorageKey = generateKeyStorageKey();
+  }
+  if (initOptions.persistKeys && typeof window !== "undefined" && window.localStorage) {
+    try {
+      const storedKeys = window.localStorage.getItem(actualKeyStorageKey);
+      if (storedKeys) {
+        const keyData = JSON.parse(storedKeys);
+        if (keyData.encrypted && keyData.privateKeyEncrypted && keyData.salt) {
+          if (!initOptions.keyEncryptionPassword) {
+            if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+              console.error("Encrypted keys found but no password provided");
+            }
+            throw new Error("Password required to decrypt stored keys");
+          }
+          const saltArray = new Uint8Array(
+            atob(keyData.salt).split("").map((char) => char.charCodeAt(0))
+          );
+          const iterations = keyData.pbkdf2Iterations || initOptions.pbkdf2Iterations;
+          const derivedKey = await deriveKeyFromPassword(
+            initOptions.keyEncryptionPassword,
+            saltArray.buffer,
+            iterations
+          );
+          const decryptedPrivateKey = await aesGCMDecrypt(
+            keyData.privateKeyEncrypted,
+            keyData.iv,
+            derivedKey
+          );
+          globalKeyPair = {
+            publicKey: await importPublicKey(keyData.publicKey),
+            privateKey: await importPrivateKey(decryptedPrivateKey)
+          };
+        } else if (keyData.publicKey && keyData.privateKey) {
+          if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+            console.warn(
+              "\u26A0\uFE0F SECURITY WARNING: Loading unencrypted keys from storage. Consider re-initializing with password encryption."
+            );
+          }
+          globalKeyPair = {
+            publicKey: await importPublicKey(keyData.publicKey),
+            privateKey: await importPrivateKey(keyData.privateKey)
+          };
+        }
+        if (globalKeyPair) {
+          keyPairInitialized = true;
+          if (initOptions.enableHMAC && !globalHMACKey) {
+            globalHMACKey = await generateHMACKey();
+          }
+          return;
+        }
+      }
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+        console.warn("Failed to load persisted keys, will generate new ones");
+      }
+    }
+  }
+  if (initOptions.autoGenerateKeys && !globalKeyPair) {
+    try {
+      globalKeyPair = await generateRSAKeyPair(initOptions.keyModulusLength);
+      if (initOptions.enableHMAC && !globalHMACKey) {
+        globalHMACKey = await generateHMACKey();
+      }
+      keyPairInitialized = true;
+      keyUsageCount = 0;
+      if (initOptions.persistKeys && typeof window !== "undefined" && window.localStorage) {
+        try {
+          const publicKeyStr = await exportPublicKey(globalKeyPair.publicKey);
+          if (initOptions.keyEncryptionPassword) {
+            const privateKeyStr = await exportPrivateKey(globalKeyPair.privateKey);
+            const salt = crypto.getRandomValues(new Uint8Array(16));
+            const derivedKey = await deriveKeyFromPassword(
+              initOptions.keyEncryptionPassword,
+              salt.buffer,
+              initOptions.pbkdf2Iterations
+            );
+            const { encrypted, iv } = await aesGCMEncrypt(privateKeyStr, derivedKey);
+            const keyData = {
+              encrypted: true,
+              publicKey: publicKeyStr,
+              privateKeyEncrypted: encrypted,
+              iv,
+              salt: base64Encode(salt.buffer),
+              pbkdf2Iterations: initOptions.pbkdf2Iterations
+            };
+            window.localStorage.setItem(actualKeyStorageKey, JSON.stringify(keyData));
+            if (!initOptions.isProduction && typeof console !== "undefined" && console.info) {
+              console.info("\u2705 Keys encrypted and stored securely");
+            }
+          } else {
+            if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+              console.warn(
+                "\u26A0\uFE0F SECURITY WARNING: Storing private keys without encryption! Private keys will be stored in plain text (Base64 encoded). Provide keyEncryptionPassword for secure storage."
+              );
+            }
+            const keyData = {
+              publicKey: publicKeyStr,
+              privateKey: await exportPrivateKey(globalKeyPair.privateKey)
+            };
+            window.localStorage.setItem(actualKeyStorageKey, JSON.stringify(keyData));
+          }
+        } catch (error) {
+          if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+            console.error("Failed to persist keys");
+          }
+        }
+      }
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("Failed to generate storage keys");
+      }
+      throw error;
+    }
+  }
+  if (initOptions.enableHMAC && !globalHMACKey) {
+    globalHMACKey = await generateHMACKey();
+  }
+}
+function setStorageKeyPair(keyPair) {
+  globalKeyPair = keyPair;
+  keyPairInitialized = true;
+}
+function getStorageKeyPair() {
+  return globalKeyPair;
+}
+function clearPersistedKeys() {
+  if (typeof window !== "undefined" && window.localStorage && actualKeyStorageKey) {
+    try {
+      window.localStorage.removeItem(actualKeyStorageKey);
+      actualKeyStorageKey = null;
+      keyPairInitialized = false;
+      globalKeyPair = null;
+      globalHMACKey = null;
+      keyUsageCount = 0;
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("Failed to clear persisted keys");
+      }
+    }
+  }
+}
+function getKeyUsageCount() {
+  return keyUsageCount;
+}
+function resetKeyUsageCount() {
+  keyUsageCount = 0;
+}
+async function ensureKeyPair() {
+  if (globalKeyPair) {
+    keyUsageCount++;
+    return;
+  }
+  if (!initOptions.autoGenerateKeys) {
+    return;
+  }
+  if (initializationPromise) {
+    await initializationPromise;
+    if (globalKeyPair) {
+      keyUsageCount++;
+    }
+    return;
+  }
+  initializationPromise = initializeStorageKeys();
+  try {
+    await initializationPromise;
+  } finally {
+    initializationPromise = null;
+  }
+  if (globalKeyPair) {
+    keyUsageCount++;
+  }
+}
+function safeParseJSON(jsonStr, expectedType) {
+  try {
+    const parsed = JSON.parse(jsonStr);
+    if (expectedType === "object" && (typeof parsed !== "object" || parsed === null || Array.isArray(parsed))) {
+      throw new Error("Expected object but got different type");
+    }
+    if (expectedType === "array" && !Array.isArray(parsed)) {
+      throw new Error("Expected array but got different type");
+    }
+    return parsed;
+  } catch (error) {
+    if (error instanceof SyntaxError) {
+      throw new Error(`Invalid JSON format: ${error.message}`);
+    }
+    throw error;
+  }
+}
+function validateTimestamp(timestamp, maxClockSkew = 5 * 60 * 1e3) {
+  if (!initOptions.enableTimestampValidation || !timestamp) {
+    return true;
+  }
+  if (initOptions.timestampMaxAge === 0) {
+    return true;
+  }
+  const now = Date.now();
+  const age = now - timestamp;
+  const maxAge = initOptions.timestampMaxAge || 7 * 24 * 60 * 60 * 1e3;
+  if (age < -maxClockSkew) {
+    return false;
+  }
+  return age >= -maxClockSkew && age <= maxAge;
+}
+async function encryptValue(value, publicKey, hmacKey) {
+  const encryptedData = await rsaEncrypt(value, publicKey);
+  if (hmacKey) {
+    const hmac = await computeHMAC(encryptedData, hmacKey);
+    const item = {
+      data: encryptedData,
+      hmac,
+      encrypted: true,
+      timestamp: Date.now()
+    };
+    return JSON.stringify(item);
+  }
+  return encryptedData;
+}
+async function handleDecryptError(error, encryptedStr, key) {
+  if (error instanceof Error && error.message.includes("HMAC verification failed")) {
+    if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+      console.error(
+        "\u26A0\uFE0F SECURITY ALERT: Data integrity check failed! Data may have been tampered with."
+      );
+    }
+    throw error;
+  }
+  if (error instanceof Error && error.message.includes("Data timestamp validation failed")) {
+    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+      console.warn("\u26A0\uFE0F SECURITY WARNING: Data timestamp validation failed");
+    }
+    throw error;
+  }
+  try {
+    const decryptedStr = base64Decode(encryptedStr);
+    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+      console.warn(
+        `\u26A0\uFE0F SECURITY WARNING: Reading unencrypted data for key "${key}". This may be a security risk if sensitive data was stored without encryption.`
+      );
+    }
+    return decryptedStr;
+  } catch {
+    throw error;
+  }
+}
+function handleNoKeyDecode(encryptedStr, key) {
+  try {
+    const decryptedStr = base64Decode(encryptedStr);
+    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+      console.warn(
+        `\u26A0\uFE0F SECURITY WARNING: Reading unencrypted data for key "${key}" without encryption keys.`
+      );
+    }
+    return decryptedStr;
+  } catch (error) {
+    throw new Error(`Failed to decode storage value for key "${key}"`);
+  }
+}
+async function decryptValue(encryptedValue, privateKey, hmacKey) {
+  try {
+    const item = JSON.parse(encryptedValue);
+    if (item.encrypted && item.data && item.hmac) {
+      if (hmacKey) {
+        const isValid = await verifyHMAC(item.data, item.hmac, hmacKey);
+        if (!isValid) {
+          throw new Error("HMAC verification failed: data may have been tampered with");
+        }
+      }
+      if (item.timestamp && !validateTimestamp(item.timestamp)) {
+        throw new Error("Data timestamp validation failed: data may be expired or replayed");
+      }
+      return await rsaDecrypt(item.data, privateKey);
+    }
+    return await rsaDecrypt(encryptedValue, privateKey);
+  } catch (error) {
+    if (error instanceof Error && error.message.includes("HMAC verification failed")) {
+      throw error;
+    }
+    throw new Error("Failed to decrypt storage value: invalid format or corrupted data");
+  }
+}
+var localStorage = {
+  /**
+   * 设置值
+   * @param key - 键
+   * @param value - 值
+   * @param options - 选项（过期时间、密钥等）
+   * @returns Promise<void>
+   */
+  async set(key, value, options = {}) {
+    if (typeof window === "undefined" || !window.localStorage) {
+      throw new Error("localStorage is not available");
+    }
+    const { expiry, publicKey } = options;
+    const item = {
+      value,
+      expiry: expiry ? Date.now() + expiry : void 0
+    };
+    try {
+      const jsonStr = JSON.stringify(item);
+      await ensureKeyPair();
+      const keyToUse = publicKey || globalKeyPair?.publicKey;
+      if (keyToUse) {
+        const encrypted = await encryptValue(jsonStr, keyToUse, globalHMACKey);
+        window.localStorage.setItem(key, encrypted);
+      } else {
+        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+          console.warn(
+            `\u26A0\uFE0F SECURITY WARNING: Storing data without encryption for key "${key}". Data is only Base64 encoded, not encrypted!`
+          );
+        }
+        const encoded = base64Encode(jsonStr);
+        window.localStorage.setItem(key, encoded);
+      }
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("localStorage.set error:", error);
+      }
+      throw error;
+    }
+  },
+  /**
+   * 获取值
+   * @param key - 键
+   * @param options - 选项（默认值、私钥等）
+   * @returns Promise<T | undefined> 值或默认值
+   */
+  async get(key, options = {}) {
+    if (typeof window === "undefined" || !window.localStorage) {
+      return options.defaultValue;
+    }
+    const { defaultValue, privateKey } = options;
+    try {
+      const encryptedStr = window.localStorage.getItem(key);
+      if (!encryptedStr) return defaultValue;
+      await ensureKeyPair();
+      let decryptedStr;
+      const keyToUse = privateKey || globalKeyPair?.privateKey;
+      if (keyToUse) {
+        try {
+          decryptedStr = await decryptValue(encryptedStr, keyToUse, globalHMACKey);
+        } catch (error) {
+          try {
+            decryptedStr = await handleDecryptError(error, encryptedStr, key);
+          } catch {
+            return defaultValue;
+          }
+        }
+      } else {
+        try {
+          decryptedStr = handleNoKeyDecode(encryptedStr, key);
+        } catch {
+          return defaultValue;
+        }
+      }
+      const item = safeParseJSON(decryptedStr, "object");
+      if (item.expiry && Date.now() > item.expiry) {
+        window.localStorage.removeItem(key);
+        return defaultValue;
+      }
+      return item.value;
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+        console.warn(`Failed to parse storage item for key "${key}"`);
+      }
+      return defaultValue;
+    }
+  },
+  /**
+   * 移除值
+   * @param key - 键
+   */
+  remove(key) {
+    if (typeof window === "undefined" || !window.localStorage) return;
+    try {
+      window.localStorage.removeItem(key);
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("localStorage.remove error");
+      }
+    }
+  },
+  /**
+   * 清空所有值
+   */
+  clear() {
+    if (typeof window === "undefined" || !window.localStorage) return;
+    try {
+      window.localStorage.clear();
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("localStorage.clear error");
+      }
+    }
+  },
+  /**
+   * 获取所有键
+   * @returns 键数组
+   */
+  keys() {
+    if (typeof window === "undefined" || !window.localStorage) return [];
+    const keys = [];
+    try {
+      for (let i = 0; i < window.localStorage.length; i++) {
+        const key = window.localStorage.key(i);
+        if (key) keys.push(key);
+      }
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("localStorage.keys error");
+      }
+    }
+    return keys;
+  }
+};
+var sessionStorage = {
+  /**
+   * 设置值
+   * @param key - 键
+   * @param value - 值
+   * @param options - 选项（公钥等）
+   * @returns Promise<void>
+   */
+  async set(key, value, options = {}) {
+    if (typeof window === "undefined" || !window.sessionStorage) {
+      throw new Error("sessionStorage is not available");
+    }
+    const { publicKey } = options;
+    try {
+      const jsonStr = JSON.stringify(value);
+      await ensureKeyPair();
+      const keyToUse = publicKey || globalKeyPair?.publicKey;
+      if (keyToUse) {
+        const encrypted = await encryptValue(jsonStr, keyToUse, globalHMACKey);
+        window.sessionStorage.setItem(key, encrypted);
+      } else {
+        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+          console.warn(
+            `\u26A0\uFE0F SECURITY WARNING: Storing data without encryption for key "${key}". Data is only Base64 encoded, not encrypted!`
+          );
+        }
+        const encoded = base64Encode(jsonStr);
+        window.sessionStorage.setItem(key, encoded);
+      }
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("sessionStorage.set error:", error);
+      }
+      throw error;
+    }
+  },
+  /**
+   * 获取值
+   * @param key - 键
+   * @param options - 选项（默认值、私钥等）
+   * @returns Promise<T | undefined> 值或默认值
+   */
+  async get(key, options = {}) {
+    if (typeof window === "undefined" || !window.sessionStorage) {
+      return options.defaultValue;
+    }
+    const { defaultValue, privateKey } = options;
+    try {
+      const encryptedStr = window.sessionStorage.getItem(key);
+      if (!encryptedStr) return defaultValue;
+      await ensureKeyPair();
+      let decryptedStr;
+      const keyToUse = privateKey || globalKeyPair?.privateKey;
+      if (keyToUse) {
+        try {
+          decryptedStr = await decryptValue(encryptedStr, keyToUse, globalHMACKey);
+        } catch (error) {
+          try {
+            decryptedStr = await handleDecryptError(error, encryptedStr, key);
+          } catch {
+            return defaultValue;
+          }
+        }
+      } else {
+        try {
+          decryptedStr = handleNoKeyDecode(encryptedStr, key);
+        } catch {
+          return defaultValue;
+        }
+      }
+      return safeParseJSON(decryptedStr);
+    } catch {
+      return defaultValue;
+    }
+  },
+  /**
+   * 移除值
+   * @param key - 键
+   */
+  remove(key) {
+    if (typeof window === "undefined" || !window.sessionStorage) return;
+    try {
+      window.sessionStorage.removeItem(key);
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("sessionStorage.remove error");
+      }
+    }
+  },
+  /**
+   * 清空所有值
+   */
+  clear() {
+    if (typeof window === "undefined" || !window.sessionStorage) return;
+    try {
+      window.sessionStorage.clear();
+    } catch (error) {
+      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
+        console.error("sessionStorage.clear error");
+      }
+    }
+  }
+};
+var cookie = {
+  /**
+   * 设置Cookie
+   * @param key - 键
+   * @param value - 值
+   * @param options - Cookie选项
+   */
+  set(key, value, options = {}) {
+    if (typeof document === "undefined") {
+      throw new Error("document is not available");
+    }
+    let cookieStr = `${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
+    if (options.expires) {
+      const expiresDate = options.expires instanceof Date ? options.expires : new Date(Date.now() + options.expires * 24 * 60 * 60 * 1e3);
+      cookieStr += `; expires=${expiresDate.toUTCString()}`;
+    }
+    if (options.path) cookieStr += `; path=${options.path}`;
+    if (options.domain) cookieStr += `; domain=${options.domain}`;
+    if (options.secure) cookieStr += "; secure";
+    if (options.sameSite) cookieStr += `; sameSite=${options.sameSite}`;
+    document.cookie = cookieStr;
+  },
+  /**
+   * 获取Cookie
+   * @param key - 键
+   * @returns Cookie值
+   */
+  get(key) {
+    if (typeof document === "undefined") return void 0;
+    const name = encodeURIComponent(key);
+    const cookies = document.cookie.split(";");
+    for (const cookieStr of cookies) {
+      const trimmed = cookieStr.trim();
+      const eqIndex = trimmed.indexOf("=");
+      if (eqIndex === -1) continue;
+      const cookieKey = trimmed.substring(0, eqIndex).trim();
+      const cookieValue = trimmed.substring(eqIndex + 1).trim();
+      if (cookieKey === name) {
+        return decodeURIComponent(cookieValue);
+      }
+    }
+    return void 0;
+  },
+  /**
+   * 移除Cookie
+   * @param key - 键
+   * @param options - Cookie选项
+   */
+  remove(key, options = {}) {
+    cookie.set(key, "", {
+      ...options,
+      expires: /* @__PURE__ */ new Date(0)
+    });
+  },
+  /**
+   * 获取所有Cookie
+   * @returns Cookie对象
+   */
+  getAll() {
+    if (typeof document === "undefined") return {};
+    const cookies = {};
+    document.cookie.split(";").forEach((cookieStr) => {
+      const trimmed = cookieStr.trim();
+      const eqIndex = trimmed.indexOf("=");
+      if (eqIndex === -1) return;
+      const key = trimmed.substring(0, eqIndex).trim();
+      const value = trimmed.substring(eqIndex + 1).trim();
+      if (key && value) {
+        cookies[decodeURIComponent(key)] = decodeURIComponent(value);
+      }
+    });
+    return cookies;
+  }
+};
+var storage = {
+  /**
+   * 设置值（优先使用localStorage，失败则使用sessionStorage）
+   * @param key - 键
+   * @param value - 值
+   * @param options - 选项（过期时间、公钥等）
+   * @returns Promise<void>
+   */
+  async set(key, value, options = {}) {
+    try {
+      await localStorage.set(key, value, options);
+    } catch {
+      try {
+        await sessionStorage.set(key, value, { publicKey: options.publicKey });
+      } catch {
+        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
+          console.warn("Both localStorage and sessionStorage are not available");
+        }
+      }
+    }
+  },
+  /**
+   * 获取值
+   * @param key - 键
+   * @param options - 选项（默认值、私钥等）
+   * @returns Promise<T | undefined> 值或默认值
+   */
+  async get(key, options = {}) {
+    const localValue = await localStorage.get(key, options);
+    if (localValue !== void 0) return localValue;
+    const sessionValue = await sessionStorage.get(key, options);
+    return sessionValue !== void 0 ? sessionValue : options.defaultValue;
+  },
+  /**
+   * 移除值
+   * @param key - 键
+   */
+  remove(key) {
+    localStorage.remove(key);
+    sessionStorage.remove(key);
+  },
+  /**
+   * 清空所有值
+   */
+  clear() {
+    localStorage.clear();
+    sessionStorage.clear();
+  }
+};
+
+exports.clearPersistedKeys = clearPersistedKeys;
+exports.cookie = cookie;
+exports.getKeyUsageCount = getKeyUsageCount;
+exports.getStorageKeyPair = getStorageKeyPair;
+exports.initializeStorageKeys = initializeStorageKeys;
+exports.localStorage = localStorage;
+exports.resetKeyUsageCount = resetKeyUsageCount;
+exports.sessionStorage = sessionStorage;
+exports.setStorageKeyPair = setStorageKeyPair;
+exports.storage = storage;