@alibarbar/common 1.1.2 → 1.1.3

package/README.md

@@ -15,6 +15,16 @@ yarn add @alibarbar/common
 pnpm add @alibarbar/common
 ```
 
+### 可选依赖
+
+如果使用 `SecureStorage` 的纯 JS RSA 加密功能（非 HTTPS 环境），需要额外安装 `node-forge`：
+
+```bash
+pnpm add node-forge
+```
+
+**注意**：如果在 Vite 项目中使用，请参考 [Vite 配置说明](./VITE_NODE_FORGE_FIX.md) 进行配置。
+
 ## 配置 npm 源
 
 项目已配置使用淘宝镜像源（速度更快）。如需修改，请编辑 `.npmrc` 文件。

package/dist/crypto.cjs

@@ -1,12 +1,16 @@
 'use strict';
 
-// src/helper/crypto/index.ts
-async function sha256(data) {
-  const buffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const hashBuffer = await crypto.subtle.digest("SHA-256", buffer);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
-}
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var JSEncrypt = require('jsencrypt');
+var CryptoJS = require('crypto-js');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var JSEncrypt__default = /*#__PURE__*/_interopDefault(JSEncrypt);
+var CryptoJS__default = /*#__PURE__*/_interopDefault(CryptoJS);
+
+// src/helper/encryption/index.ts
 function base64Encode(data) {
   if (typeof data === "string") {
     return btoa(unescape(encodeURIComponent(data)));
@@ -18,282 +22,210 @@ function base64Encode(data) {
   }
   return btoa(binary);
 }
-function base64Decode(data) {
-  try {
-    return decodeURIComponent(escape(atob(data)));
-  } catch {
-    throw new Error("Invalid Base64 string");
-  }
-}
-function generateUUID() {
-  if (typeof crypto !== "undefined" && crypto.randomUUID) {
-    return crypto.randomUUID();
-  }
-  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
-    const r = Math.random() * 16 | 0;
-    const v = c === "x" ? r : r & 3 | 8;
-    return v.toString(16);
-  });
+function generateRandomAESKeyString() {
+  return CryptoJS__default.default.lib.WordArray.random(256 / 8).toString();
 }
-function generateRandomString(length, charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") {
-  let result = "";
-  for (let i = 0; i < length; i++) {
-    result += charset.charAt(Math.floor(Math.random() * charset.length));
+function encryptJsonWithAES(data, aesKey) {
+  try {
+    const jsonString = JSON.stringify(data);
+    return CryptoJS__default.default.AES.encrypt(jsonString, aesKey).toString();
+  } catch (error) {
+    throw new Error(
+      "[encryption] AES encryptJsonWithAES failed: " + (error instanceof Error ? error.message : String(error))
+    );
   }
-  return result;
 }
-function hash(data) {
-  let hashValue = 0;
-  for (let i = 0; i < data.length; i++) {
-    const char = data.charCodeAt(i);
-    hashValue = (hashValue << 5) - hashValue + char;
-    hashValue = hashValue & hashValue;
+function decryptJsonWithAES(encryptedData, aesKey) {
+  try {
+    const decrypted = CryptoJS__default.default.AES.decrypt(encryptedData, aesKey);
+    const jsonString = decrypted.toString(CryptoJS__default.default.enc.Utf8);
+    if (!jsonString) {
+      throw new Error("decrypted JSON string is empty");
+    }
+    return JSON.parse(jsonString);
+  } catch (error) {
+    throw new Error(
+      "[encryption] AES decryptJsonWithAES failed: " + (error instanceof Error ? error.message : String(error))
+    );
   }
-  return Math.abs(hashValue);
 }
-async function generateRSAKeyPair(modulusLength = 2048) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+function getEnvPublicKey() {
+  const key = undefined.VITE_RSA_PUBLIC_KEY?.trim();
+  if (!key) {
+    throw new Error(
+      "[encryption] VITE_RSA_PUBLIC_KEY is not set. Please configure RSA public key in environment variables."
+    );
   }
-  const keyPair = await crypto.subtle.generateKey(
-    {
-      name: "RSA-OAEP",
-      modulusLength,
-      publicExponent: new Uint8Array([1, 0, 1]),
-      hash: "SHA-256"
-    },
-    true,
-    ["encrypt", "decrypt"]
-  );
-  return {
-    publicKey: keyPair.publicKey,
-    privateKey: keyPair.privateKey
-  };
+  return key;
 }
-async function rsaEncrypt(data, publicKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const encoder = new TextEncoder();
-  const dataBuffer = encoder.encode(data);
-  const algo = publicKey.algorithm;
-  const modulusLength = typeof algo.modulusLength === "number" ? algo.modulusLength : 2048;
-  const hashName = typeof algo.hash === "object" && "name" in algo.hash ? algo.hash.name : "SHA-256";
-  const hashLength = hashName === "SHA-1" ? 20 : 32;
-  const maxChunkSize = Math.max(Math.floor(modulusLength / 8 - 2 * hashLength - 2), 1);
-  const chunks = [];
-  for (let i = 0; i < dataBuffer.length; i += maxChunkSize) {
-    const chunk = dataBuffer.slice(i, i + maxChunkSize);
-    const encrypted = await crypto.subtle.encrypt(
-      {
-        name: "RSA-OAEP"
-      },
-      publicKey,
-      chunk
+function getEnvPrivateKey() {
+  const key = undefined.VITE_RSA_PRIVATE_KEY?.trim();
+  if (!key) {
+    throw new Error(
+      "[encryption] VITE_RSA_PRIVATE_KEY is not set. Please configure RSA private key in environment variables."
     );
-    chunks.push(encrypted);
-  }
-  const totalLength = chunks.reduce((sum, chunk) => sum + chunk.byteLength, 0);
-  const merged = new Uint8Array(totalLength);
-  let offset = 0;
-  for (const chunk of chunks) {
-    merged.set(new Uint8Array(chunk), offset);
-    offset += chunk.byteLength;
   }
-  return base64Encode(merged.buffer);
+  return key;
 }
-async function rsaDecrypt(encryptedData, privateKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const binaryString = atob(encryptedData);
-  const encryptedArray = new Uint8Array(binaryString.length);
-  for (let i = 0; i < binaryString.length; i++) {
-    encryptedArray[i] = binaryString.charCodeAt(i);
-  }
-  const chunkSize = 256;
+function base64ToPem(base64Key, type) {
   const chunks = [];
-  for (let i = 0; i < encryptedArray.length; i += chunkSize) {
-    const chunk = encryptedArray.slice(i, i + chunkSize);
-    const decrypted = await crypto.subtle.decrypt(
-      {
-        name: "RSA-OAEP"
-      },
-      privateKey,
-      chunk
-    );
-    const decoder = new TextDecoder();
-    chunks.push(decoder.decode(decrypted));
+  for (let i = 0; i < base64Key.length; i += 64) {
+    chunks.push(base64Key.slice(i, i + 64));
   }
-  return chunks.join("");
+  const body = chunks.join("\n");
+  const header = type === "PUBLIC" ? "-----BEGIN PUBLIC KEY-----" : "-----BEGIN PRIVATE KEY-----";
+  const footer = type === "PUBLIC" ? "-----END PUBLIC KEY-----" : "-----END PRIVATE KEY-----";
+  return `${header}
+${body}
+${footer}`;
 }
-async function exportPublicKey(publicKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+async function rsaEncrypt(plain, publicKeyPem) {
+  try {
+    const encrypt = new JSEncrypt__default.default();
+    let publicKeyString;
+    if (typeof publicKeyPem === "string") {
+      const trimmedKey = publicKeyPem.trim();
+      if (!trimmedKey) {
+        throw new Error("Public key string is empty");
+      }
+      if (trimmedKey.includes("-----BEGIN")) {
+        publicKeyString = trimmedKey;
+      } else {
+        publicKeyString = base64ToPem(trimmedKey, "PUBLIC");
+      }
+    } else if (publicKeyPem instanceof CryptoJS__default.default.lib.WordArray) {
+      const base64Key = publicKeyPem.toString();
+      publicKeyString = base64ToPem(base64Key, "PUBLIC");
+    } else {
+      try {
+        const exported = await crypto.subtle.exportKey("spki", publicKeyPem);
+        const base64Key = base64Encode(exported);
+        publicKeyString = base64ToPem(base64Key, "PUBLIC");
+      } catch (error) {
+        throw new Error(
+          "Failed to export CryptoKey. In non-HTTPS environment, use string publicKey (Base64 or PEM) directly. " + (error instanceof Error ? error.message : String(error))
+        );
+      }
+    }
+    encrypt.setPublicKey(publicKeyString);
+    const MAX_ENCRYPT_LENGTH = 200;
+    if (plain.length > MAX_ENCRYPT_LENGTH) {
+      const chunks = [];
+      for (let i = 0; i < plain.length; i += MAX_ENCRYPT_LENGTH) {
+        const chunk = plain.slice(i, i + MAX_ENCRYPT_LENGTH);
+        const encrypted2 = encrypt.encrypt(chunk);
+        if (!encrypted2) {
+          throw new Error(
+            `RSA encryption failed for chunk ${i / MAX_ENCRYPT_LENGTH + 1}. Public key may be invalid or JSEncrypt may not be loaded correctly.`
+          );
+        }
+        chunks.push(encrypted2);
+      }
+      return chunks.join("|");
+    }
+    const encrypted = encrypt.encrypt(plain);
+    if (!encrypted) {
+      throw new Error(
+        `RSA encryption failed. Public key may be invalid or JSEncrypt may not be loaded correctly. Plain text length: ${plain.length} bytes.`
+      );
+    }
+    return encrypted;
+  } catch (error) {
+    if (error instanceof Error) {
+      if (error.message.includes("RSA encryption failed") || error.message.includes("Public key")) {
+        throw error;
+      }
+      throw new Error(`[encryption] rsaEncrypt failed: ${error.message}`);
+    }
+    throw new Error(`[encryption] rsaEncrypt failed: ${String(error)}`);
+  }
+}
+async function rsaDecrypt(cipher, privateKeyPem) {
+  const decrypt = new JSEncrypt__default.default();
+  let privateKeyString;
+  if (typeof privateKeyPem === "string") {
+    if (privateKeyPem.includes("-----BEGIN")) {
+      privateKeyString = privateKeyPem.trim();
+    } else {
+      const trimmed = privateKeyPem.trim();
+      privateKeyString = base64ToPem(trimmed, "PRIVATE");
+    }
+  } else if (privateKeyPem instanceof CryptoJS__default.default.lib.WordArray) {
+    const base64Key = privateKeyPem.toString();
+    privateKeyString = base64ToPem(base64Key, "PRIVATE");
+  } else {
+    try {
+      const exported = await crypto.subtle.exportKey("pkcs8", privateKeyPem);
+      const base64Key = base64Encode(exported);
+      privateKeyString = base64ToPem(base64Key, "PRIVATE");
+    } catch (error) {
+      throw new Error(
+        "[encryption] rsaDecrypt: failed to export CryptoKey. In non-HTTPS environment, use PEM string directly."
+      );
+    }
+  }
+  decrypt.setPrivateKey(privateKeyString);
+  const chunks = cipher.split("|");
+  const decryptedChunks = [];
+  for (const chunk of chunks) {
+    const decrypted = decrypt.decrypt(chunk);
+    if (!decrypted) {
+      throw new Error("[encryption] rsaDecrypt: RSA decryption failed");
+    }
+    decryptedChunks.push(decrypted);
   }
-  const exported = await crypto.subtle.exportKey("spki", publicKey);
-  return base64Encode(exported);
+  return decryptedChunks.join("");
 }
-async function exportPrivateKey(privateKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const exported = await crypto.subtle.exportKey("pkcs8", privateKey);
-  return base64Encode(exported);
+async function encryptWithEnvPublicKey(plain) {
+  const publicKey = getEnvPublicKey();
+  return rsaEncrypt(plain, publicKey);
 }
-async function importPublicKey(keyData) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const keyBuffer = base64Decode(keyData);
-  const keyArray = new Uint8Array(keyBuffer.split("").map((char) => char.charCodeAt(0)));
-  return crypto.subtle.importKey(
-    "spki",
-    keyArray.buffer,
-    {
-      name: "RSA-OAEP",
-      hash: "SHA-256"
-    },
-    true,
-    ["encrypt"]
-  );
+async function decryptWithEnvPrivateKey(cipher) {
+  const privateKey = getEnvPrivateKey();
+  return rsaDecrypt(cipher, privateKey);
 }
-async function importPrivateKey(keyData) {
+async function generateRSAKeyPair(modulusLength = 2048) {
   if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+    throw new Error(
+      "[encryption] Web Crypto API is not available. Cannot generate RSA key pair. Please use fixed key pair from environment variables."
+    );
   }
-  const keyBuffer = base64Decode(keyData);
-  const keyArray = new Uint8Array(keyBuffer.split("").map((char) => char.charCodeAt(0)));
-  return crypto.subtle.importKey(
-    "pkcs8",
-    keyArray.buffer,
+  const keyPair = await crypto.subtle.generateKey(
     {
       name: "RSA-OAEP",
+      modulusLength,
+      publicExponent: new Uint8Array([1, 0, 1]),
       hash: "SHA-256"
     },
     true,
-    ["decrypt"]
-  );
-}
-async function generateHMACKey() {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  return crypto.subtle.generateKey(
-    {
-      name: "HMAC",
-      hash: "SHA-256"
-    },
-    true,
-    ["sign", "verify"]
-  );
-}
-async function computeHMAC(data, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const buffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const signature = await crypto.subtle.sign("HMAC", key, buffer);
-  return base64Encode(signature);
-}
-async function verifyHMAC(data, signature, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  try {
-    const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-    const signatureBuffer = new Uint8Array(
-      atob(signature).split("").map((char) => char.charCodeAt(0))
-    );
-    return await crypto.subtle.verify("HMAC", key, signatureBuffer, dataBuffer);
-  } catch {
-    return false;
-  }
-}
-async function deriveKeyFromPassword(password, salt, iterations = 1e5, keyLength = 256) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const saltBuffer = typeof salt === "string" ? new TextEncoder().encode(salt) : salt;
-  const passwordKey = await crypto.subtle.importKey(
-    "raw",
-    new TextEncoder().encode(password),
-    "PBKDF2",
-    false,
-    ["deriveBits", "deriveKey"]
-  );
-  return crypto.subtle.deriveKey(
-    {
-      name: "PBKDF2",
-      salt: saltBuffer,
-      iterations,
-      hash: "SHA-256"
-    },
-    passwordKey,
-    {
-      name: "AES-GCM",
-      length: keyLength
-    },
-    false,
     ["encrypt", "decrypt"]
   );
-}
-async function aesGCMEncrypt(data, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const iv = crypto.getRandomValues(new Uint8Array(12));
-  const encrypted = await crypto.subtle.encrypt(
-    {
-      name: "AES-GCM",
-      iv
-    },
-    key,
-    dataBuffer
-  );
+  const publicKeyDer = await crypto.subtle.exportKey("spki", keyPair.publicKey);
+  const privateKeyDer = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
+  const publicKeyBase64 = base64Encode(publicKeyDer);
+  const privateKeyBase64 = base64Encode(privateKeyDer);
   return {
-    encrypted: base64Encode(encrypted),
-    iv: base64Encode(iv.buffer)
+    publicKey: base64ToPem(publicKeyBase64, "PUBLIC"),
+    privateKey: base64ToPem(privateKeyBase64, "PRIVATE")
   };
 }
-async function aesGCMDecrypt(encryptedData, iv, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const encryptedBuffer = new Uint8Array(
-    atob(encryptedData).split("").map((char) => char.charCodeAt(0))
-  );
-  const ivBuffer = new Uint8Array(
-    atob(iv).split("").map((char) => char.charCodeAt(0))
-  );
-  const decrypted = await crypto.subtle.decrypt(
-    {
-      name: "AES-GCM",
-      iv: ivBuffer
-    },
-    key,
-    encryptedBuffer
-  );
-  return new TextDecoder().decode(decrypted);
-}
+var rsaEnv = {
+  encrypt: encryptWithEnvPublicKey,
+  decrypt: decryptWithEnvPrivateKey,
+  getPublicKey: getEnvPublicKey,
+  getPrivateKey: getEnvPrivateKey
+};
+var encryption_default = rsaEnv;
 
-exports.aesGCMDecrypt = aesGCMDecrypt;
-exports.aesGCMEncrypt = aesGCMEncrypt;
-exports.base64Decode = base64Decode;
 exports.base64Encode = base64Encode;
-exports.computeHMAC = computeHMAC;
-exports.deriveKeyFromPassword = deriveKeyFromPassword;
-exports.exportPrivateKey = exportPrivateKey;
-exports.exportPublicKey = exportPublicKey;
-exports.generateHMACKey = generateHMACKey;
+exports.decryptJsonWithAES = decryptJsonWithAES;
+exports.decryptWithEnvPrivateKey = decryptWithEnvPrivateKey;
+exports.default = encryption_default;
+exports.encryptJsonWithAES = encryptJsonWithAES;
+exports.encryptWithEnvPublicKey = encryptWithEnvPublicKey;
 exports.generateRSAKeyPair = generateRSAKeyPair;
-exports.generateRandomString = generateRandomString;
-exports.generateUUID = generateUUID;
-exports.hash = hash;
-exports.importPrivateKey = importPrivateKey;
-exports.importPublicKey = importPublicKey;
+exports.generateRandomAESKeyString = generateRandomAESKeyString;
+exports.getEnvPrivateKey = getEnvPrivateKey;
+exports.getEnvPublicKey = getEnvPublicKey;
 exports.rsaDecrypt = rsaDecrypt;
 exports.rsaEncrypt = rsaEncrypt;
-exports.sha256 = sha256;
-exports.verifyHMAC = verifyHMAC;