@alibarbar/common 1.1.2 → 1.1.4

package/dist/index.cjs

@@ -1,10 +1,14 @@
 'use strict';
 
+var JSEncrypt = require('jsencrypt');
+var CryptoJS = require('crypto-js');
 var Qs = require('qs');
 var axios = require('axios');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
+var JSEncrypt__default = /*#__PURE__*/_interopDefault(JSEncrypt);
+var CryptoJS__default = /*#__PURE__*/_interopDefault(CryptoJS);
 var Qs__default = /*#__PURE__*/_interopDefault(Qs);
 var axios__default = /*#__PURE__*/_interopDefault(axios);
 
@@ -769,8 +773,8 @@ function parseUrl(url) {
   }
 }
 function buildUrl(parts) {
-  const { protocol = "https:", host = "", pathname = "/", search = "", hash: hash2 = "" } = parts;
-  return `${protocol}//${host}${pathname}${search}${hash2}`;
+  const { protocol = "https:", host = "", pathname = "/", search = "", hash = "" } = parts;
+  return `${protocol}//${host}${pathname}${search}${hash}`;
 }
 function getQueryParams(url) {
   const searchParams = url ? new URL(url).searchParams : new URLSearchParams(window.location.search);
@@ -1144,6 +1148,8 @@ var ChunkUploader = class {
     this.uploadedChunks = /* @__PURE__ */ new Set();
     this.status = "pending" /* PENDING */;
     this.abortController = null;
+    /** 进度流专用 AbortController，用于在上传结束/取消时关闭流 */
+    this.progressStreamAbortController = null;
     this.file = file;
     this.options = {
       chunkSize: options.chunkSize || 2 * 1024 * 1024,
@@ -1251,7 +1257,6 @@ var ChunkUploader = class {
       });
       if (response.code === 200 && response.data.success) {
         this.uploadedChunks.add(chunkInfo.index);
-        await this.updateProgress();
       } else {
         throw new Error(response.message || "\u5206\u7247\u4E0A\u4F20\u5931\u8D25");
       }
@@ -1286,23 +1291,60 @@ var ChunkUploader = class {
     await Promise.all(tasks);
   }
   /**
-   * 更新上传进度（仅用于回调前端显示）
+   * 启动进度流式接口（单次请求，通过 ReadableStream 消费多条 SSE 事件）
    */
-  async updateProgress() {
+  startProgressStream() {
     if (!this.taskId) return;
-    try {
-      const response = await this.request(
-        `/api/files/common/progress/${this.taskId}`,
-        {
-          method: "GET",
-          headers: this.options.headers
+    this.progressStreamAbortController = new AbortController();
+    const url = `${this.options.baseURL}/api/files/common/progress/${this.taskId}`;
+    fetch(url, {
+      method: "GET",
+      headers: {
+        Accept: "text/event-stream",
+        ...this.options.headers
+      },
+      signal: this.progressStreamAbortController.signal
+    }).then(async (response) => {
+      if (!response.ok || !response.body) return;
+      const reader = response.body.getReader();
+      const decoder = new TextDecoder();
+      let buffer = "";
+      try {
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) break;
+          buffer += decoder.decode(value, { stream: true });
+          const lines = buffer.split("\n");
+          buffer = lines.pop() ?? "";
+          for (const line of lines) {
+            if (line.startsWith("data: ")) {
+              const jsonStr = line.slice(6).trim();
+              if (!jsonStr) continue;
+              try {
+                const apiRes = JSON.parse(jsonStr);
+                if (apiRes.code === 200 && apiRes.data) {
+                  this.options.onProgress(apiRes.data);
+                }
+              } catch {
+              }
+            }
+          }
         }
-      );
-      if (response.code === 200 && response.data) {
-        this.options.onProgress(response.data);
+      } finally {
+        reader.releaseLock();
       }
-    } catch (error) {
-      console.warn("\u83B7\u53D6\u4E0A\u4F20\u8FDB\u5EA6\u5931\u8D25:", error);
+    }).catch((error) => {
+      if (error?.name === "AbortError") return;
+      console.warn("\u8FDB\u5EA6\u6D41\u5F0F\u63A5\u53E3\u5F02\u5E38:", error);
+    });
+  }
+  /**
+   * 关闭进度流
+   */
+  closeProgressStream() {
+    if (this.progressStreamAbortController) {
+      this.progressStreamAbortController.abort();
+      this.progressStreamAbortController = null;
     }
   }
   /**
@@ -1375,6 +1417,7 @@ var ChunkUploader = class {
         this.options.onComplete(result);
         return result;
       }
+      this.startProgressStream();
       console.log("[\u4E0A\u4F20\u6D41\u7A0B] 2. \u51C6\u5907\u5206\u7247");
       this.prepareChunks();
       const totalChunks = this.chunks.length;
@@ -1418,6 +1461,8 @@ var ChunkUploader = class {
       this.options.onError(err);
       console.error("[\u4E0A\u4F20\u6D41\u7A0B] \u274C \u4E0A\u4F20\u5931\u8D25:", err);
       throw err;
+    } finally {
+      this.closeProgressStream();
     }
   }
   /**
@@ -1444,6 +1489,7 @@ var ChunkUploader = class {
    * 取消上传
    */
   async cancel() {
+    this.closeProgressStream();
     if (this.taskId && this.status === "uploading" /* UPLOADING */) {
       try {
         await this.request(`/api/files/common/cancel/${this.taskId}`, {
@@ -1500,14 +1546,6 @@ async function uploadFile(file, options) {
   const uploader = createUploader(file, options);
   return uploader.upload();
 }
-
-// src/helper/crypto/index.ts
-async function sha256(data) {
-  const buffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const hashBuffer = await crypto.subtle.digest("SHA-256", buffer);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
-}
 function base64Encode(data) {
   if (typeof data === "string") {
     return btoa(unescape(encodeURIComponent(data)));
@@ -1519,1009 +1557,444 @@ function base64Encode(data) {
   }
   return btoa(binary);
 }
-function base64Decode(data) {
-  try {
-    return decodeURIComponent(escape(atob(data)));
-  } catch {
-    throw new Error("Invalid Base64 string");
-  }
-}
-function generateUUID() {
-  if (typeof crypto !== "undefined" && crypto.randomUUID) {
-    return crypto.randomUUID();
-  }
-  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
-    const r = Math.random() * 16 | 0;
-    const v = c === "x" ? r : r & 3 | 8;
-    return v.toString(16);
-  });
-}
-function generateRandomString(length, charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") {
-  let result = "";
-  for (let i = 0; i < length; i++) {
-    result += charset.charAt(Math.floor(Math.random() * charset.length));
-  }
-  return result;
+function generateRandomAESKeyString() {
+  return CryptoJS__default.default.lib.WordArray.random(256 / 8).toString();
 }
-function hash(data) {
-  let hashValue = 0;
-  for (let i = 0; i < data.length; i++) {
-    const char = data.charCodeAt(i);
-    hashValue = (hashValue << 5) - hashValue + char;
-    hashValue = hashValue & hashValue;
+function encryptJsonWithAES(data, aesKey) {
+  try {
+    const jsonString = JSON.stringify(data);
+    return CryptoJS__default.default.AES.encrypt(jsonString, aesKey).toString();
+  } catch (error) {
+    throw new Error(
+      "[encryption] AES encryptJsonWithAES failed: " + (error instanceof Error ? error.message : String(error))
+    );
   }
-  return Math.abs(hashValue);
 }
-async function generateRSAKeyPair(modulusLength = 2048) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+function decryptJsonWithAES(encryptedData, aesKey) {
+  try {
+    const decrypted = CryptoJS__default.default.AES.decrypt(encryptedData, aesKey);
+    const jsonString = decrypted.toString(CryptoJS__default.default.enc.Utf8);
+    if (!jsonString) {
+      throw new Error("decrypted JSON string is empty");
+    }
+    return JSON.parse(jsonString);
+  } catch (error) {
+    throw new Error(
+      "[encryption] AES decryptJsonWithAES failed: " + (error instanceof Error ? error.message : String(error))
+    );
   }
-  const keyPair = await crypto.subtle.generateKey(
-    {
-      name: "RSA-OAEP",
-      modulusLength,
-      publicExponent: new Uint8Array([1, 0, 1]),
-      hash: "SHA-256"
-    },
-    true,
-    ["encrypt", "decrypt"]
-  );
-  return {
-    publicKey: keyPair.publicKey,
-    privateKey: keyPair.privateKey
-  };
 }
-async function rsaEncrypt(data, publicKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const encoder = new TextEncoder();
-  const dataBuffer = encoder.encode(data);
-  const algo = publicKey.algorithm;
-  const modulusLength = typeof algo.modulusLength === "number" ? algo.modulusLength : 2048;
-  const hashName = typeof algo.hash === "object" && "name" in algo.hash ? algo.hash.name : "SHA-256";
-  const hashLength = hashName === "SHA-1" ? 20 : 32;
-  const maxChunkSize = Math.max(Math.floor(modulusLength / 8 - 2 * hashLength - 2), 1);
-  const chunks = [];
-  for (let i = 0; i < dataBuffer.length; i += maxChunkSize) {
-    const chunk2 = dataBuffer.slice(i, i + maxChunkSize);
-    const encrypted = await crypto.subtle.encrypt(
-      {
-        name: "RSA-OAEP"
-      },
-      publicKey,
-      chunk2
+function getEnvPublicKey() {
+  const key = undefined.VITE_RSA_PUBLIC_KEY?.trim();
+  if (!key) {
+    throw new Error(
+      "[encryption] VITE_RSA_PUBLIC_KEY is not set. Please configure RSA public key in environment variables."
     );
-    chunks.push(encrypted);
   }
-  const totalLength = chunks.reduce((sum, chunk2) => sum + chunk2.byteLength, 0);
-  const merged = new Uint8Array(totalLength);
-  let offset = 0;
-  for (const chunk2 of chunks) {
-    merged.set(new Uint8Array(chunk2), offset);
-    offset += chunk2.byteLength;
-  }
-  return base64Encode(merged.buffer);
+  return key;
 }
-async function rsaDecrypt(encryptedData, privateKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const binaryString = atob(encryptedData);
-  const encryptedArray = new Uint8Array(binaryString.length);
-  for (let i = 0; i < binaryString.length; i++) {
-    encryptedArray[i] = binaryString.charCodeAt(i);
-  }
-  const chunkSize = 256;
-  const chunks = [];
-  for (let i = 0; i < encryptedArray.length; i += chunkSize) {
-    const chunk2 = encryptedArray.slice(i, i + chunkSize);
-    const decrypted = await crypto.subtle.decrypt(
-      {
-        name: "RSA-OAEP"
-      },
-      privateKey,
-      chunk2
+function getEnvPrivateKey() {
+  const key = undefined.VITE_RSA_PRIVATE_KEY?.trim();
+  if (!key) {
+    throw new Error(
+      "[encryption] VITE_RSA_PRIVATE_KEY is not set. Please configure RSA private key in environment variables."
     );
-    const decoder = new TextDecoder();
-    chunks.push(decoder.decode(decrypted));
   }
-  return chunks.join("");
+  return key;
 }
-async function exportPublicKey(publicKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+function base64ToPem(base64Key, type) {
+  const chunks = [];
+  for (let i = 0; i < base64Key.length; i += 64) {
+    chunks.push(base64Key.slice(i, i + 64));
   }
-  const exported = await crypto.subtle.exportKey("spki", publicKey);
-  return base64Encode(exported);
+  const body = chunks.join("\n");
+  const header = type === "PUBLIC" ? "-----BEGIN PUBLIC KEY-----" : "-----BEGIN PRIVATE KEY-----";
+  const footer = type === "PUBLIC" ? "-----END PUBLIC KEY-----" : "-----END PRIVATE KEY-----";
+  return `${header}
+${body}
+${footer}`;
 }
-async function exportPrivateKey(privateKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+async function rsaEncrypt(plain, publicKeyPem) {
+  try {
+    const encrypt = new JSEncrypt__default.default();
+    let publicKeyString;
+    if (typeof publicKeyPem === "string") {
+      const trimmedKey = publicKeyPem.trim();
+      if (!trimmedKey) {
+        throw new Error("Public key string is empty");
+      }
+      if (trimmedKey.includes("-----BEGIN")) {
+        publicKeyString = trimmedKey;
+      } else {
+        publicKeyString = base64ToPem(trimmedKey, "PUBLIC");
+      }
+    } else if (publicKeyPem instanceof CryptoJS__default.default.lib.WordArray) {
+      const base64Key = publicKeyPem.toString();
+      publicKeyString = base64ToPem(base64Key, "PUBLIC");
+    } else {
+      try {
+        const exported = await crypto.subtle.exportKey("spki", publicKeyPem);
+        const base64Key = base64Encode(exported);
+        publicKeyString = base64ToPem(base64Key, "PUBLIC");
+      } catch (error) {
+        throw new Error(
+          "Failed to export CryptoKey. In non-HTTPS environment, use string publicKey (Base64 or PEM) directly. " + (error instanceof Error ? error.message : String(error))
+        );
+      }
+    }
+    encrypt.setPublicKey(publicKeyString);
+    const MAX_ENCRYPT_LENGTH = 200;
+    if (plain.length > MAX_ENCRYPT_LENGTH) {
+      const chunks = [];
+      for (let i = 0; i < plain.length; i += MAX_ENCRYPT_LENGTH) {
+        const chunk2 = plain.slice(i, i + MAX_ENCRYPT_LENGTH);
+        const encrypted2 = encrypt.encrypt(chunk2);
+        if (!encrypted2) {
+          throw new Error(
+            `RSA encryption failed for chunk ${i / MAX_ENCRYPT_LENGTH + 1}. Public key may be invalid or JSEncrypt may not be loaded correctly.`
+          );
+        }
+        chunks.push(encrypted2);
+      }
+      return chunks.join("|");
+    }
+    const encrypted = encrypt.encrypt(plain);
+    if (!encrypted) {
+      throw new Error(
+        `RSA encryption failed. Public key may be invalid or JSEncrypt may not be loaded correctly. Plain text length: ${plain.length} bytes.`
+      );
+    }
+    return encrypted;
+  } catch (error) {
+    if (error instanceof Error) {
+      if (error.message.includes("RSA encryption failed") || error.message.includes("Public key")) {
+        throw error;
+      }
+      throw new Error(`[encryption] rsaEncrypt failed: ${error.message}`);
+    }
+    throw new Error(`[encryption] rsaEncrypt failed: ${String(error)}`);
   }
-  const exported = await crypto.subtle.exportKey("pkcs8", privateKey);
-  return base64Encode(exported);
 }
-async function importPublicKey(keyData) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+async function rsaDecrypt(cipher, privateKeyPem) {
+  const decrypt = new JSEncrypt__default.default();
+  let privateKeyString;
+  if (typeof privateKeyPem === "string") {
+    if (privateKeyPem.includes("-----BEGIN")) {
+      privateKeyString = privateKeyPem.trim();
+    } else {
+      const trimmed = privateKeyPem.trim();
+      privateKeyString = base64ToPem(trimmed, "PRIVATE");
+    }
+  } else if (privateKeyPem instanceof CryptoJS__default.default.lib.WordArray) {
+    const base64Key = privateKeyPem.toString();
+    privateKeyString = base64ToPem(base64Key, "PRIVATE");
+  } else {
+    try {
+      const exported = await crypto.subtle.exportKey("pkcs8", privateKeyPem);
+      const base64Key = base64Encode(exported);
+      privateKeyString = base64ToPem(base64Key, "PRIVATE");
+    } catch (error) {
+      throw new Error(
+        "[encryption] rsaDecrypt: failed to export CryptoKey. In non-HTTPS environment, use PEM string directly."
+      );
+    }
   }
-  const keyBuffer = base64Decode(keyData);
-  const keyArray = new Uint8Array(keyBuffer.split("").map((char) => char.charCodeAt(0)));
-  return crypto.subtle.importKey(
-    "spki",
-    keyArray.buffer,
-    {
-      name: "RSA-OAEP",
-      hash: "SHA-256"
-    },
-    true,
-    ["encrypt"]
-  );
-}
-async function importPrivateKey(keyData) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+  decrypt.setPrivateKey(privateKeyString);
+  const chunks = cipher.split("|");
+  const decryptedChunks = [];
+  for (const chunk2 of chunks) {
+    const decrypted = decrypt.decrypt(chunk2);
+    if (!decrypted) {
+      throw new Error("[encryption] rsaDecrypt: RSA decryption failed");
+    }
+    decryptedChunks.push(decrypted);
   }
-  const keyBuffer = base64Decode(keyData);
-  const keyArray = new Uint8Array(keyBuffer.split("").map((char) => char.charCodeAt(0)));
-  return crypto.subtle.importKey(
-    "pkcs8",
-    keyArray.buffer,
-    {
-      name: "RSA-OAEP",
-      hash: "SHA-256"
-    },
-    true,
-    ["decrypt"]
-  );
+  return decryptedChunks.join("");
 }
-async function generateHMACKey() {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  return crypto.subtle.generateKey(
-    {
-      name: "HMAC",
-      hash: "SHA-256"
-    },
-    true,
-    ["sign", "verify"]
-  );
+async function encryptWithEnvPublicKey(plain) {
+  const publicKey = getEnvPublicKey();
+  return rsaEncrypt(plain, publicKey);
 }
-async function computeHMAC(data, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const buffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const signature = await crypto.subtle.sign("HMAC", key, buffer);
-  return base64Encode(signature);
+async function decryptWithEnvPrivateKey(cipher) {
+  const privateKey = getEnvPrivateKey();
+  return rsaDecrypt(cipher, privateKey);
 }
-async function verifyHMAC(data, signature, key) {
+async function generateRSAKeyPair(modulusLength = 2048) {
   if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  try {
-    const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-    const signatureBuffer = new Uint8Array(
-      atob(signature).split("").map((char) => char.charCodeAt(0))
+    throw new Error(
+      "[encryption] Web Crypto API is not available. Cannot generate RSA key pair. Please use fixed key pair from environment variables."
     );
-    return await crypto.subtle.verify("HMAC", key, signatureBuffer, dataBuffer);
-  } catch {
-    return false;
   }
-}
-async function deriveKeyFromPassword(password, salt, iterations = 1e5, keyLength = 256) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const saltBuffer = typeof salt === "string" ? new TextEncoder().encode(salt) : salt;
-  const passwordKey = await crypto.subtle.importKey(
-    "raw",
-    new TextEncoder().encode(password),
-    "PBKDF2",
-    false,
-    ["deriveBits", "deriveKey"]
-  );
-  return crypto.subtle.deriveKey(
+  const keyPair = await crypto.subtle.generateKey(
     {
-      name: "PBKDF2",
-      salt: saltBuffer,
-      iterations,
+      name: "RSA-OAEP",
+      modulusLength,
+      publicExponent: new Uint8Array([1, 0, 1]),
       hash: "SHA-256"
     },
-    passwordKey,
-    {
-      name: "AES-GCM",
-      length: keyLength
-    },
-    false,
+    true,
     ["encrypt", "decrypt"]
   );
-}
-async function aesGCMEncrypt(data, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const iv = crypto.getRandomValues(new Uint8Array(12));
-  const encrypted = await crypto.subtle.encrypt(
-    {
-      name: "AES-GCM",
-      iv
-    },
-    key,
-    dataBuffer
-  );
+  const publicKeyDer = await crypto.subtle.exportKey("spki", keyPair.publicKey);
+  const privateKeyDer = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
+  const publicKeyBase64 = base64Encode(publicKeyDer);
+  const privateKeyBase64 = base64Encode(privateKeyDer);
   return {
-    encrypted: base64Encode(encrypted),
-    iv: base64Encode(iv.buffer)
+    publicKey: base64ToPem(publicKeyBase64, "PUBLIC"),
+    privateKey: base64ToPem(privateKeyBase64, "PRIVATE")
   };
 }
-async function aesGCMDecrypt(encryptedData, iv, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const encryptedBuffer = new Uint8Array(
-    atob(encryptedData).split("").map((char) => char.charCodeAt(0))
-  );
-  const ivBuffer = new Uint8Array(
-    atob(iv).split("").map((char) => char.charCodeAt(0))
-  );
-  const decrypted = await crypto.subtle.decrypt(
-    {
-      name: "AES-GCM",
-      iv: ivBuffer
-    },
-    key,
-    encryptedBuffer
-  );
-  return new TextDecoder().decode(decrypted);
-}
 
 // src/browser/SecureStorage/index.ts
-var globalKeyPair = null;
-var globalHMACKey = null;
-var keyPairInitialized = false;
-var initOptions = {
-  autoGenerateKeys: true,
-  persistKeys: false,
-  keyStorageKey: void 0,
-  // 将自动生成随机键名
-  keyEncryptionPassword: void 0,
-  pbkdf2Iterations: 1e5,
-  keyModulusLength: 2048,
-  enableHMAC: true,
-  enableTimestampValidation: true,
-  timestampMaxAge: 7 * 24 * 60 * 60 * 1e3,
-  // 7 天
-  isProduction: false
+var CONFIG = {
+  NAMESPACE: "sec_b_",
+  DEFAULT_EXPIRE: null
 };
-var actualKeyStorageKey = null;
-var keyUsageCount = 0;
-var initializationPromise = null;
-var KEY_STORAGE_KEY_REGISTRY = "__SECURE_STORAGE_KEY__";
-function generateKeyStorageKey() {
-  return `_sk_${generateRandomString(32)}_${Date.now()}`;
-}
-async function initializeStorageKeys(options = {}) {
-  if (options.forceReinitialize) {
-    globalKeyPair = null;
-    globalHMACKey = null;
-    keyPairInitialized = false;
-    actualKeyStorageKey = null;
-    keyUsageCount = 0;
-    initializationPromise = null;
-  } else if (keyPairInitialized && globalKeyPair) {
-    initOptions = { ...initOptions, ...options };
-    return;
-  }
-  initOptions = { ...initOptions, ...options };
-  if (initOptions.keyStorageKey) {
-    actualKeyStorageKey = initOptions.keyStorageKey;
-  } else if (!actualKeyStorageKey) {
-    if (typeof window !== "undefined" && window.localStorage) {
-      const savedKeyName = window.localStorage.getItem(KEY_STORAGE_KEY_REGISTRY);
-      if (savedKeyName) {
-        actualKeyStorageKey = savedKeyName;
-      } else {
-        actualKeyStorageKey = generateKeyStorageKey();
-        window.localStorage.setItem(KEY_STORAGE_KEY_REGISTRY, actualKeyStorageKey);
-      }
-    } else {
-      actualKeyStorageKey = generateKeyStorageKey();
-    }
-  }
-  if (initOptions.persistKeys && typeof window !== "undefined" && window.localStorage) {
-    try {
-      const storedKeys = window.localStorage.getItem(actualKeyStorageKey);
-      if (storedKeys) {
-        const keyData = JSON.parse(storedKeys);
-        if (keyData.encrypted && keyData.privateKeyEncrypted && keyData.salt) {
-          if (!initOptions.keyEncryptionPassword) {
-            if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-              console.error("Encrypted keys found but no password provided");
-            }
-            throw new Error("Password required to decrypt stored keys");
-          }
-          const saltArray = new Uint8Array(
-            atob(keyData.salt).split("").map((char) => char.charCodeAt(0))
-          );
-          const iterations = keyData.pbkdf2Iterations || initOptions.pbkdf2Iterations;
-          const derivedKey = await deriveKeyFromPassword(
-            initOptions.keyEncryptionPassword,
-            saltArray.buffer,
-            iterations
-          );
-          const decryptedPrivateKey = await aesGCMDecrypt(
-            keyData.privateKeyEncrypted,
-            keyData.iv,
-            derivedKey
-          );
-          globalKeyPair = {
-            publicKey: await importPublicKey(keyData.publicKey),
-            privateKey: await importPrivateKey(decryptedPrivateKey)
-          };
-        } else if (keyData.publicKey && keyData.privateKey) {
-          if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-            console.warn(
-              "\u26A0\uFE0F SECURITY WARNING: Loading unencrypted keys from storage. Consider re-initializing with password encryption."
-            );
-          }
-          globalKeyPair = {
-            publicKey: await importPublicKey(keyData.publicKey),
-            privateKey: await importPrivateKey(keyData.privateKey)
-          };
-        }
-        if (globalKeyPair) {
-          keyPairInitialized = true;
-          if (initOptions.enableHMAC && !globalHMACKey) {
-            globalHMACKey = await generateHMACKey();
-          }
-          return;
-        }
-      }
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-        console.warn("Failed to load persisted keys, will generate new ones");
-      }
-    }
-  }
-  if (initOptions.autoGenerateKeys && !globalKeyPair) {
-    try {
-      globalKeyPair = await generateRSAKeyPair(initOptions.keyModulusLength);
-      if (initOptions.enableHMAC && !globalHMACKey) {
-        globalHMACKey = await generateHMACKey();
-      }
-      keyPairInitialized = true;
-      keyUsageCount = 0;
-      if (initOptions.persistKeys && typeof window !== "undefined" && window.localStorage) {
-        try {
-          const publicKeyStr = await exportPublicKey(globalKeyPair.publicKey);
-          if (initOptions.keyEncryptionPassword) {
-            const privateKeyStr = await exportPrivateKey(globalKeyPair.privateKey);
-            const salt = crypto.getRandomValues(new Uint8Array(16));
-            const derivedKey = await deriveKeyFromPassword(
-              initOptions.keyEncryptionPassword,
-              salt.buffer,
-              initOptions.pbkdf2Iterations
-            );
-            const { encrypted, iv } = await aesGCMEncrypt(privateKeyStr, derivedKey);
-            const keyData = {
-              encrypted: true,
-              publicKey: publicKeyStr,
-              privateKeyEncrypted: encrypted,
-              iv,
-              salt: base64Encode(salt.buffer),
-              pbkdf2Iterations: initOptions.pbkdf2Iterations
-            };
-            window.localStorage.setItem(actualKeyStorageKey, JSON.stringify(keyData));
-            if (!initOptions.isProduction && typeof console !== "undefined" && console.info) {
-              console.info("\u2705 Keys encrypted and stored securely");
-            }
-          } else {
-            if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-              console.warn(
-                "\u26A0\uFE0F SECURITY WARNING: Storing private keys without encryption! Private keys will be stored in plain text (Base64 encoded). Provide keyEncryptionPassword for secure storage."
-              );
-            }
-            const keyData = {
-              publicKey: publicKeyStr,
-              privateKey: await exportPrivateKey(globalKeyPair.privateKey)
-            };
-            window.localStorage.setItem(actualKeyStorageKey, JSON.stringify(keyData));
-          }
-        } catch (error) {
-          if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-            console.error("Failed to persist keys");
-          }
-        }
-      }
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("Failed to generate storage keys");
-      }
-      throw error;
-    }
-  }
-  if (initOptions.enableHMAC && !globalHMACKey) {
-    globalHMACKey = await generateHMACKey();
-  }
-}
-function setStorageKeyPair(keyPair) {
-  globalKeyPair = keyPair;
-  keyPairInitialized = true;
-}
-function getStorageKeyPair() {
-  return globalKeyPair;
-}
-function clearPersistedKeys() {
-  if (typeof window !== "undefined" && window.localStorage && actualKeyStorageKey) {
-    try {
-      window.localStorage.removeItem(actualKeyStorageKey);
-      actualKeyStorageKey = null;
-      keyPairInitialized = false;
-      globalKeyPair = null;
-      globalHMACKey = null;
-      keyUsageCount = 0;
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("Failed to clear persisted keys");
-      }
-    }
-  }
-}
-function getKeyUsageCount() {
-  return keyUsageCount;
-}
-function resetKeyUsageCount() {
-  keyUsageCount = 0;
-}
-async function ensureKeyPair() {
-  if (globalKeyPair) {
-    keyUsageCount++;
-    return;
-  }
-  if (!initOptions.autoGenerateKeys) {
-    return;
-  }
-  if (initializationPromise) {
-    await initializationPromise;
-    if (globalKeyPair) {
-      keyUsageCount++;
+var SecureStorage = class _SecureStorage {
+  static get instances() {
+    if (!this._instances) {
+      this._instances = /* @__PURE__ */ new Map();
     }
-    return;
-  }
-  initializationPromise = initializeStorageKeys();
-  try {
-    await initializationPromise;
-  } finally {
-    initializationPromise = null;
+    return this._instances;
   }
-  if (globalKeyPair) {
-    keyUsageCount++;
-  }
-}
-function safeParseJSON(jsonStr, expectedType) {
-  try {
-    const parsed = JSON.parse(jsonStr);
-    if (expectedType === "object" && (typeof parsed !== "object" || parsed === null || Array.isArray(parsed))) {
-      throw new Error("Expected object but got different type");
-    }
-    if (expectedType === "array" && !Array.isArray(parsed)) {
-      throw new Error("Expected array but got different type");
-    }
-    return parsed;
-  } catch (error) {
-    if (error instanceof SyntaxError) {
-      throw new Error(`Invalid JSON format: ${error.message}`);
+  constructor(options) {
+    const storageType = options.storage === window.sessionStorage ? "session" : "local";
+    const namespace = options.namespace || CONFIG.NAMESPACE;
+    const instanceKey = `${storageType}_${namespace}`;
+    const existingInstance = _SecureStorage.instances.get(instanceKey);
+    if (existingInstance) {
+      return existingInstance;
     }
-    throw error;
-  }
-}
-function validateTimestamp(timestamp, maxClockSkew = 5 * 60 * 1e3) {
-  if (!initOptions.enableTimestampValidation || !timestamp) {
-    return true;
-  }
-  if (initOptions.timestampMaxAge === 0) {
-    return true;
-  }
-  const now = Date.now();
-  const age = now - timestamp;
-  const maxAge = initOptions.timestampMaxAge || 7 * 24 * 60 * 60 * 1e3;
-  if (age < -maxClockSkew) {
-    return false;
+    this.namespace = namespace;
+    this.storage = options.storage || window.localStorage;
+    this.defaultExpire = options.defaultExpire ?? CONFIG.DEFAULT_EXPIRE;
+    this.instanceKey = instanceKey;
+    _SecureStorage.instances.set(instanceKey, this);
   }
-  return age >= -maxClockSkew && age <= maxAge;
-}
-async function encryptValue(value, publicKey, hmacKey) {
-  const encryptedData = await rsaEncrypt(value, publicKey);
-  if (hmacKey) {
-    const hmac = await computeHMAC(encryptedData, hmacKey);
-    const item = {
-      data: encryptedData,
-      hmac,
-      encrypted: true,
-      timestamp: Date.now()
-    };
-    return JSON.stringify(item);
-  }
-  return encryptedData;
-}
-async function handleDecryptError(error, encryptedStr, key) {
-  if (error instanceof Error && error.message.includes("HMAC verification failed")) {
-    if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-      console.error(
-        "\u26A0\uFE0F SECURITY ALERT: Data integrity check failed! Data may have been tampered with."
-      );
-    }
-    throw error;
+  /**
+   * 获取单例实例（静态方法）
+   */
+  static getInstance(options) {
+    return new _SecureStorage(options);
   }
-  if (error instanceof Error && error.message.includes("Data timestamp validation failed")) {
-    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-      console.warn("\u26A0\uFE0F SECURITY WARNING: Data timestamp validation failed");
-    }
-    throw error;
+  /**
+   * 清除所有单例实例（用于测试或重置）
+   */
+  static clearInstances() {
+    _SecureStorage.instances.clear();
   }
-  try {
-    const decryptedStr = base64Decode(encryptedStr);
-    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-      console.warn(
-        `\u26A0\uFE0F SECURITY WARNING: Reading unencrypted data for key "${key}". This may be a security risk if sensitive data was stored without encryption.`
-      );
-    }
-    return decryptedStr;
-  } catch {
-    throw error;
+  /**
+   * 获取当前所有实例的数量（用于调试）
+   */
+  static getInstanceCount() {
+    return _SecureStorage.instances.size;
   }
-}
-function handleNoKeyDecode(encryptedStr, key) {
-  try {
-    const decryptedStr = base64Decode(encryptedStr);
-    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-      console.warn(
-        `\u26A0\uFE0F SECURITY WARNING: Reading unencrypted data for key "${key}" without encryption keys.`
-      );
-    }
-    return decryptedStr;
-  } catch (error) {
-    throw new Error(`Failed to decode storage value for key "${key}"`);
+  /**
+   * 获取完整键名（带命名空间）
+   */
+  _getFullKey(key) {
+    return `${this.namespace}${key}`;
   }
-}
-async function decryptValue(encryptedValue, privateKey, hmacKey) {
-  try {
-    const item = JSON.parse(encryptedValue);
-    if (item.encrypted && item.data && item.hmac) {
-      if (hmacKey) {
-        const isValid = await verifyHMAC(item.data, item.hmac, hmacKey);
-        if (!isValid) {
-          throw new Error("HMAC verification failed: data may have been tampered with");
-        }
-      }
-      if (item.timestamp && !validateTimestamp(item.timestamp)) {
-        throw new Error("Data timestamp validation failed: data may be expired or replayed");
-      }
-      return await rsaDecrypt(item.data, privateKey);
-    }
-    return await rsaDecrypt(encryptedValue, privateKey);
-  } catch (error) {
-    if (error instanceof Error && error.message.includes("HMAC verification failed")) {
-      throw error;
-    }
-    throw new Error("Failed to decrypt storage value: invalid format or corrupted data");
+  /**
+   * 检查数据是否过期
+   */
+  _isExpired(expire) {
+    if (!expire) return false;
+    return Date.now() > expire;
   }
-}
-var localStorage = {
   /**
    * 设置值
-   * @param key - 键
-   * @param value - 值
-   * @param options - 选项（过期时间、密钥等）
-   * @returns Promise<void>
    */
-  async set(key, value, options = {}) {
-    if (typeof window === "undefined" || !window.localStorage) {
-      throw new Error("localStorage is not available");
-    }
-    const { expiry, publicKey } = options;
-    const item = {
-      value,
-      expiry: expiry ? Date.now() + expiry : void 0
-    };
+  async set(key, value, expire = this.defaultExpire) {
     try {
-      const jsonStr = JSON.stringify(item);
-      await ensureKeyPair();
-      const keyToUse = publicKey || globalKeyPair?.publicKey;
-      if (keyToUse) {
-        const encrypted = await encryptValue(jsonStr, keyToUse, globalHMACKey);
-        window.localStorage.setItem(key, encrypted);
-      } else {
-        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-          console.warn(
-            `\u26A0\uFE0F SECURITY WARNING: Storing data without encryption for key "${key}". Data is only Base64 encoded, not encrypted!`
-          );
-        }
-        const encoded = base64Encode(jsonStr);
-        window.localStorage.setItem(key, encoded);
-      }
+      const fullKey = this._getFullKey(key);
+      const aesKey = generateRandomAESKeyString();
+      const storageData = {
+        value,
+        expire: expire ? Date.now() + expire : null,
+        timestamp: Date.now()
+      };
+      const encryptedData = encryptJsonWithAES(storageData, aesKey);
+      const encryptedKey = await encryptWithEnvPublicKey(aesKey);
+      const finalData = {
+        data: encryptedData,
+        key: encryptedKey,
+        version: "1.0"
+      };
+      this.storage.setItem(fullKey, JSON.stringify(finalData));
+      return true;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("localStorage.set error:", error);
-      }
-      throw error;
+      console.error("[SecureStorage] \u4FDD\u5B58\u5931\u8D25:", error);
+      return false;
     }
-  },
+  }
   /**
    * 获取值
-   * @param key - 键
-   * @param options - 选项（默认值、私钥等）
-   * @returns Promise<T | undefined> 值或默认值
    */
-  async get(key, options = {}) {
-    if (typeof window === "undefined" || !window.localStorage) {
-      return options.defaultValue;
-    }
-    const { defaultValue, privateKey } = options;
+  async get(key, defaultValue = null) {
     try {
-      const encryptedStr = window.localStorage.getItem(key);
-      if (!encryptedStr) return defaultValue;
-      await ensureKeyPair();
-      let decryptedStr;
-      const keyToUse = privateKey || globalKeyPair?.privateKey;
-      if (keyToUse) {
-        try {
-          decryptedStr = await decryptValue(encryptedStr, keyToUse, globalHMACKey);
-        } catch (error) {
-          try {
-            decryptedStr = await handleDecryptError(error, encryptedStr, key);
-          } catch {
-            return defaultValue;
-          }
-        }
-      } else {
-        try {
-          decryptedStr = handleNoKeyDecode(encryptedStr, key);
-        } catch {
-          return defaultValue;
-        }
+      const fullKey = this._getFullKey(key);
+      const storedData = this.storage.getItem(fullKey);
+      if (!storedData) {
+        return defaultValue;
       }
-      const item = safeParseJSON(decryptedStr, "object");
-      if (item.expiry && Date.now() > item.expiry) {
-        window.localStorage.removeItem(key);
+      const finalData = JSON.parse(storedData);
+      const aesKey = await decryptWithEnvPrivateKey(finalData.key);
+      const storageData = decryptJsonWithAES(finalData.data, aesKey);
+      if (this._isExpired(storageData.expire)) {
+        this.remove(key);
         return defaultValue;
       }
-      return item.value;
+      return storageData.value;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-        console.warn(`Failed to parse storage item for key "${key}"`);
-      }
+      console.error("[SecureStorage] \u8BFB\u53D6\u5931\u8D25:", error);
       return defaultValue;
     }
-  },
+  }
   /**
-   * 移除值
-   * @param key - 键
+   * 删除值
    */
   remove(key) {
-    if (typeof window === "undefined" || !window.localStorage) return;
     try {
-      window.localStorage.removeItem(key);
+      const fullKey = this._getFullKey(key);
+      this.storage.removeItem(fullKey);
+      return true;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("localStorage.remove error");
-      }
+      console.error("[SecureStorage] \u79FB\u9664\u5931\u8D25:", error);
+      return false;
     }
-  },
+  }
   /**
-   * 清空所有值
+   * 检查键是否存在
    */
-  clear() {
-    if (typeof window === "undefined" || !window.localStorage) return;
+  async has(key) {
     try {
-      window.localStorage.clear();
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("localStorage.clear error");
+      const fullKey = this._getFullKey(key);
+      const storedData = this.storage.getItem(fullKey);
+      if (!storedData) return false;
+      const finalData = JSON.parse(storedData);
+      const aesKey = await decryptWithEnvPrivateKey(finalData.key);
+      const storageData = decryptJsonWithAES(finalData.data, aesKey);
+      if (this._isExpired(storageData.expire)) {
+        this.remove(key);
+        return false;
       }
+      return true;
+    } catch (error) {
+      return false;
     }
-  },
+  }
   /**
-   * 获取所有键
-   * @returns 键数组
+   * 清空所有数据
    */
-  keys() {
-    if (typeof window === "undefined" || !window.localStorage) return [];
-    const keys2 = [];
+  clear() {
     try {
-      for (let i = 0; i < window.localStorage.length; i++) {
-        const key = window.localStorage.key(i);
-        if (key) keys2.push(key);
+      let count = 0;
+      const keys2 = [];
+      for (let i = 0; i < this.storage.length; i++) {
+        const key = this.storage.key(i);
+        if (key && key.startsWith(this.namespace)) {
+          keys2.push(key);
+        }
       }
+      keys2.forEach((key) => {
+        this.storage.removeItem(key);
+        count++;
+      });
+      return count;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("localStorage.keys error");
-      }
+      console.error("[SecureStorage] \u6E05\u7A7A\u5931\u8D25:", error);
+      return 0;
     }
-    return keys2;
   }
-};
-var sessionStorage = {
   /**
-   * 设置值
-   * @param key - 键
-   * @param value - 值
-   * @param options - 选项（公钥等）
-   * @returns Promise<void>
+   * 获取所有键名
    */
-  async set(key, value, options = {}) {
-    if (typeof window === "undefined" || !window.sessionStorage) {
-      throw new Error("sessionStorage is not available");
-    }
-    const { publicKey } = options;
+  keys() {
     try {
-      const jsonStr = JSON.stringify(value);
-      await ensureKeyPair();
-      const keyToUse = publicKey || globalKeyPair?.publicKey;
-      if (keyToUse) {
-        const encrypted = await encryptValue(jsonStr, keyToUse, globalHMACKey);
-        window.sessionStorage.setItem(key, encrypted);
-      } else {
-        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-          console.warn(
-            `\u26A0\uFE0F SECURITY WARNING: Storing data without encryption for key "${key}". Data is only Base64 encoded, not encrypted!`
-          );
+      const keys2 = [];
+      for (let i = 0; i < this.storage.length; i++) {
+        const key = this.storage.key(i);
+        if (key && key.startsWith(this.namespace)) {
+          keys2.push(key.substring(this.namespace.length));
         }
-        const encoded = base64Encode(jsonStr);
-        window.sessionStorage.setItem(key, encoded);
       }
+      return keys2;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("sessionStorage.set error:", error);
-      }
-      throw error;
+      console.error("[SecureStorage] \u83B7\u53D6\u952E\u540D\u5931\u8D25:", error);
+      return [];
     }
-  },
+  }
   /**
-   * 获取值
-   * @param key - 键
-   * @param options - 选项（默认值、私钥等）
-   * @returns Promise<T | undefined> 值或默认值
+   * 获取数据条数
    */
-  async get(key, options = {}) {
-    if (typeof window === "undefined" || !window.sessionStorage) {
-      return options.defaultValue;
-    }
-    const { defaultValue, privateKey } = options;
+  size() {
+    return this.keys().length;
+  }
+  /**
+   * 清理过期数据
+   */
+  async clearExpired() {
     try {
-      const encryptedStr = window.sessionStorage.getItem(key);
-      if (!encryptedStr) return defaultValue;
-      await ensureKeyPair();
-      let decryptedStr;
-      const keyToUse = privateKey || globalKeyPair?.privateKey;
-      if (keyToUse) {
+      let count = 0;
+      const keys2 = this.keys();
+      for (const key of keys2) {
+        const fullKey = this._getFullKey(key);
         try {
-          decryptedStr = await decryptValue(encryptedStr, keyToUse, globalHMACKey);
-        } catch (error) {
-          try {
-            decryptedStr = await handleDecryptError(error, encryptedStr, key);
-          } catch {
-            return defaultValue;
+          const storedData = this.storage.getItem(fullKey);
+          if (storedData) {
+            const finalData = JSON.parse(storedData);
+            const aesKey = await decryptWithEnvPrivateKey(finalData.key);
+            const storageData = decryptJsonWithAES(finalData.data, aesKey);
+            if (this._isExpired(storageData.expire)) {
+              this.remove(key);
+              count++;
+            }
           }
+        } catch (error) {
+          this.remove(key);
+          count++;
         }
-      } else {
-        try {
-          decryptedStr = handleNoKeyDecode(encryptedStr, key);
-        } catch {
-          return defaultValue;
-        }
-      }
-      return safeParseJSON(decryptedStr);
-    } catch {
-      return defaultValue;
-    }
-  },
-  /**
-   * 移除值
-   * @param key - 键
-   */
-  remove(key) {
-    if (typeof window === "undefined" || !window.sessionStorage) return;
-    try {
-      window.sessionStorage.removeItem(key);
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("sessionStorage.remove error");
       }
-    }
-  },
-  /**
-   * 清空所有值
-   */
-  clear() {
-    if (typeof window === "undefined" || !window.sessionStorage) return;
-    try {
-      window.sessionStorage.clear();
+      return count;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("sessionStorage.clear error");
-      }
+      console.error("[SecureStorage] \u6E05\u7406\u8FC7\u671F\u6570\u636E\u5931\u8D25:", error);
+      return 0;
     }
   }
-};
-var cookie = {
-  /**
-   * 设置Cookie
-   * @param key - 键
-   * @param value - 值
-   * @param options - Cookie选项
-   */
-  set(key, value, options = {}) {
-    if (typeof document === "undefined") {
-      throw new Error("document is not available");
-    }
-    let cookieStr = `${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
-    if (options.expires) {
-      const expiresDate = options.expires instanceof Date ? options.expires : new Date(Date.now() + options.expires * 24 * 60 * 60 * 1e3);
-      cookieStr += `; expires=${expiresDate.toUTCString()}`;
-    }
-    if (options.path) cookieStr += `; path=${options.path}`;
-    if (options.domain) cookieStr += `; domain=${options.domain}`;
-    if (options.secure) cookieStr += "; secure";
-    if (options.sameSite) cookieStr += `; sameSite=${options.sameSite}`;
-    document.cookie = cookieStr;
-  },
-  /**
-   * 获取Cookie
-   * @param key - 键
-   * @returns Cookie值
-   */
-  get(key) {
-    if (typeof document === "undefined") return void 0;
-    const name = encodeURIComponent(key);
-    const cookies = document.cookie.split(";");
-    for (const cookieStr of cookies) {
-      const trimmed = cookieStr.trim();
-      const eqIndex = trimmed.indexOf("=");
-      if (eqIndex === -1) continue;
-      const cookieKey = trimmed.substring(0, eqIndex).trim();
-      const cookieValue = trimmed.substring(eqIndex + 1).trim();
-      if (cookieKey === name) {
-        const decoded = decodeURIComponent(cookieValue);
-        return decoded === "" ? void 0 : decoded;
-      }
-    }
-    return void 0;
-  },
   /**
-   * 移除Cookie
-   * @param key - 键
-   * @param options - Cookie选项
+   * 获取实例的唯一标识
    */
-  remove(key, options = {}) {
-    cookie.set(key, "", {
-      ...options,
-      expires: /* @__PURE__ */ new Date(0)
-    });
-  },
+  getInstanceKey() {
+    return this.instanceKey;
+  }
   /**
-   * 获取所有Cookie
-   * @returns Cookie对象
+   * 检查是否为单例实例
    */
-  getAll() {
-    if (typeof document === "undefined") return {};
-    const cookies = {};
-    document.cookie.split(";").forEach((cookieStr) => {
-      const trimmed = cookieStr.trim();
-      if (!trimmed) return;
-      const eqIndex = trimmed.indexOf("=");
-      if (eqIndex === -1) return;
-      const key = trimmed.substring(0, eqIndex).trim();
-      const value = trimmed.substring(eqIndex + 1).trim();
-      if (key && value) {
-        const decodedKey = decodeURIComponent(key);
-        const decodedValue = decodeURIComponent(value);
-        if (decodedValue !== "") {
-          cookies[decodedKey] = decodedValue;
-        }
-      }
-    });
-    return cookies;
+  isSingleton() {
+    return _SecureStorage.instances.has(this.instanceKey);
   }
 };
-function createBackendAdapter(type) {
-  switch (type) {
-    case "local":
-      return {
-        async set(key, value, options) {
-          await localStorage.set(key, value, {
-            expiry: options?.expiry,
-            publicKey: options?.publicKey
-          });
-        },
-        async get(key, options) {
-          return localStorage.get(key, {
-            defaultValue: options?.defaultValue,
-            privateKey: options?.privateKey
-          });
-        },
-        remove(key) {
-          localStorage.remove(key);
-        },
-        clear() {
-          localStorage.clear();
-        },
-        keys() {
-          return localStorage.keys();
-        }
-      };
-    case "session":
-      return {
-        async set(key, value, options) {
-          await sessionStorage.set(key, value, {
-            publicKey: options?.publicKey
-          });
-        },
-        async get(key, options) {
-          return sessionStorage.get(key, {
-            defaultValue: options?.defaultValue,
-            privateKey: options?.privateKey
-          });
-        },
-        remove(key) {
-          sessionStorage.remove(key);
-        },
-        clear() {
-          sessionStorage.clear();
-        },
-        keys() {
-          if (typeof window === "undefined" || !window.sessionStorage) return [];
-          const keys2 = [];
-          try {
-            for (let i = 0; i < window.sessionStorage.length; i++) {
-              const key = window.sessionStorage.key(i);
-              if (key) keys2.push(key);
-            }
-          } catch (error) {
-            if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-              console.error("sessionStorage.keys error");
-            }
-          }
-          return keys2;
-        }
-      };
-    case "cookie":
-      return {
-        async set(key, value) {
-          cookie.set(key, String(value));
-        },
-        async get(key, options) {
-          const value = cookie.get(key);
-          if (value === void 0) return options?.defaultValue;
-          try {
-            return JSON.parse(value);
-          } catch {
-            return value;
-          }
-        },
-        remove(key) {
-          cookie.remove(key);
-        },
-        clear() {
-          const all = cookie.getAll();
-          Object.keys(all).forEach((k) => cookie.remove(k));
-        },
-        keys() {
-          return Object.keys(cookie.getAll());
-        }
-      };
-    default:
-      return createBackendAdapter("local");
+var _defaultSecureStorage = null;
+function _getDefaultSecureStorage() {
+  if (typeof window === "undefined") {
+    throw new Error("[SecureStorage] secureStorage is only available in browser environments.");
   }
+  if (!_defaultSecureStorage) {
+    _defaultSecureStorage = new SecureStorage({});
+  }
+  return _defaultSecureStorage;
 }
-function createSecureStorage(type = "local") {
-  return createBackendAdapter(type);
-}
-var secureStorage = createSecureStorage("local");
+var secureStorage = new Proxy({}, {
+  get(_target, prop) {
+    const instance = _getDefaultSecureStorage();
+    const value = instance[prop];
+    if (typeof value === "function") {
+      return value.bind(instance);
+    }
+    return value;
+  }
+});
 
 // src/browser/network/index.ts
 async function fetchWithRetry(url, options = {}, retryCount = 3, retryDelay = 1e3) {
@@ -4117,6 +3590,48 @@ function setCommonParams(params) {
 async function flush() {
   await getTracker().flush();
 }
+function convertRes2Blob(response) {
+  const contentDisposition = response.headers["content-disposition"];
+  let fileName = "file.xlsx";
+  if (contentDisposition) {
+    const rfc5987Match = contentDisposition.match(/filename\*=UTF-8''([^;]+)/i);
+    if (rfc5987Match) {
+      fileName = decodeURIComponent(rfc5987Match[1]);
+    } else {
+      const standardMatch = contentDisposition.match(/filename[^;=\n]*=((['"]).*?\2|[^;\n]*)/i);
+      if (standardMatch) {
+        fileName = standardMatch[1];
+        fileName = fileName.replace(/^['"]|['"]$/g, "");
+        try {
+          fileName = decodeURIComponent(fileName);
+        } catch (e) {
+          try {
+            fileName = decodeURI(fileName);
+          } catch (e2) {
+          }
+        }
+      }
+    }
+    fileName = fileName.trim().replace(/^_+|_+$/g, "");
+  }
+  const blob = new Blob([response.data], { type: "application/vnd.ms-excel;charset=utf-8" });
+  if (typeof window.navigator.msSaveBlob !== "undefined") {
+    window.navigator.msSaveBlob(blob, fileName);
+  } else {
+    const blobURL = window.URL.createObjectURL(blob);
+    const tempLink = document.createElement("a");
+    tempLink.style.display = "none";
+    tempLink.href = blobURL;
+    tempLink.setAttribute("download", fileName);
+    if (typeof tempLink.download === "undefined") {
+      tempLink.setAttribute("target", "_blank");
+    }
+    document.body.appendChild(tempLink);
+    tempLink.click();
+    document.body.removeChild(tempLink);
+    window.URL.revokeObjectURL(blobURL);
+  }
+}
 var serviceEventHandlers = {
   message: null
 };
@@ -4150,11 +3665,28 @@ function filterEmptyKey(params, emptyString) {
     }
   });
 }
+function isFileUpload(data) {
+  if (!data) return false;
+  if (data instanceof FormData) return true;
+  if (data instanceof File) return true;
+  if (data instanceof Blob) return true;
+  if (data instanceof ArrayBuffer) return true;
+  if (typeof data === "object" && data !== null && !Array.isArray(data)) {
+    const obj = data;
+    return Object.values(obj).some(
+      (value) => value instanceof File || value instanceof Blob || value instanceof FormData
+    );
+  }
+  return false;
+}
 function getTransformRequest(contentType) {
   if (!contentType) {
     return (data) => Qs__default.default.stringify(data);
   }
   const normalizedType = contentType.toLowerCase().trim();
+  if (normalizedType.startsWith("multipart/form-data")) {
+    return void 0;
+  }
   if (normalizedType.startsWith("application/json")) {
     return (data) => JSON.stringify(data);
   }
@@ -4175,6 +3707,15 @@ var service = axios__default.default.create({
 });
 service.interceptors.request.use(
   async (config) => {
+    const isFileUploadRequest = isFileUpload(config.data);
+    if (isFileUploadRequest) {
+      if (config.headers) {
+        delete config.headers["Content-Type"];
+        delete config.headers["content-type"];
+      }
+      config.transformRequest = void 0;
+      return config;
+    }
     const contentType = config.headers?.["Content-Type"] || config.headers?.["content-type"];
     if (!config.transformRequest && contentType) {
       const transformRequest = getTransformRequest(
@@ -4187,9 +3728,11 @@ service.interceptors.request.use(
       config.transformRequest = (data) => Qs__default.default.stringify(data);
     }
     if (config.method === "post" || config.method === "put" || config.method === "patch") {
-      const params = { ...config.data || {} };
-      filterEmptyKey(params, config.emptyParams ?? false);
-      config.data = params;
+      if (config.data && typeof config.data === "object" && !isFileUploadRequest) {
+        const params = { ...config.data || {} };
+        filterEmptyKey(params, config.emptyParams ?? false);
+        config.data = params;
+      }
     } else if (config.method === "get" || config.method === "delete") {
       if (!config.disableTimestamp) {
         config.params = {
@@ -4273,19 +3816,7 @@ service.interceptors.response.use(
       if (status === 401) {
         handle401Error(config, error);
       }
-      if (isAborted && config && !config._noAutoRetry) {
-        config._retryCount = config._retryCount || 0;
-        if (config._retryCount < 2) {
-          config._retryCount++;
-          console.debug(
-            `[request] aborted, retry attempt #${config._retryCount} -> ${config.url || ""}`
-          );
-          return new Promise((resolve) => setTimeout(resolve, 300)).then(
-            () => service.request(config)
-          );
-        }
-      }
-      if (!config?.hidden && !isAborted) {
+      if (!config?.hidden && !isAborted && status !== 401) {
         let friendly = messageText;
         if (status === 403) friendly = "No permission";
         else if (status === 502) friendly = "System is upgrading or unavailable";
@@ -4311,7 +3842,7 @@ service.json = function(url, params, config) {
   };
   return service.post(
     url,
-    Array.isArray(params) ? params : params,
+    params,
     newConfig
   );
 };
@@ -4320,7 +3851,13 @@ service.put = function(url, params, config) {
     headers: { "Content-Type": "application/json", ...config?.headers },
     ...config
   };
-  return service.put(url, Array.isArray(params) ? params : params, newConfig).then((res) => res);
+  const data = Array.isArray(params) ? params : params;
+  return service.request({
+    url,
+    method: "put",
+    data,
+    ...newConfig
+  }).then((res) => res);
 };
 service.arrayGet = function(url, config) {
   if (config) {
@@ -4349,48 +3886,6 @@ service.download = function(url, config = {}) {
     return service.post(url, params, newConfig).then(() => void 0);
   }
 };
-function convertRes2Blob(response) {
-  const contentDisposition = response.headers["content-disposition"];
-  let fileName = "file.xlsx";
-  if (contentDisposition) {
-    const rfc5987Match = contentDisposition.match(/filename\*=UTF-8''([^;]+)/i);
-    if (rfc5987Match) {
-      fileName = decodeURIComponent(rfc5987Match[1]);
-    } else {
-      const standardMatch = contentDisposition.match(/filename[^;=\n]*=((['"]).*?\2|[^;\n]*)/i);
-      if (standardMatch) {
-        fileName = standardMatch[1];
-        fileName = fileName.replace(/^['"]|['"]$/g, "");
-        try {
-          fileName = decodeURIComponent(fileName);
-        } catch (e) {
-          try {
-            fileName = decodeURI(fileName);
-          } catch (e2) {
-          }
-        }
-      }
-    }
-    fileName = fileName.trim().replace(/^_+|_+$/g, "");
-  }
-  const blob = new Blob([response.data], { type: "application/vnd.ms-excel;charset=utf-8" });
-  if (typeof window.navigator.msSaveBlob !== "undefined") {
-    window.navigator.msSaveBlob(blob, fileName);
-  } else {
-    const blobURL = window.URL.createObjectURL(blob);
-    const tempLink = document.createElement("a");
-    tempLink.style.display = "none";
-    tempLink.href = blobURL;
-    tempLink.setAttribute("download", fileName);
-    if (typeof tempLink.download === "undefined") {
-      tempLink.setAttribute("target", "_blank");
-    }
-    document.body.appendChild(tempLink);
-    tempLink.click();
-    document.body.removeChild(tempLink);
-    window.URL.revokeObjectURL(blobURL);
-  }
-}
 
 exports.$ = $;
 exports.$$ = $$;
@@ -4401,6 +3896,7 @@ exports.Graph = Graph;
 exports.LRUCache = LRUCache;
 exports.LinkedList = LinkedList;
 exports.Queue = Queue;
+exports.SecureStorage = SecureStorage;
 exports.Stack = Stack;
 exports.Tracker = Tracker;
 exports.UploadStatus = UploadStatus;
@@ -4408,9 +3904,6 @@ exports.addClass = addClass;
 exports.addDays = addDays;
 exports.addMonths = addMonths;
 exports.addYears = addYears;
-exports.aesGCMDecrypt = aesGCMDecrypt;
-exports.aesGCMEncrypt = aesGCMEncrypt;
-exports.base64Decode = base64Decode;
 exports.base64Encode = base64Encode;
 exports.batch = batch;
 exports.binarySearch = binarySearch;
@@ -4424,32 +3917,29 @@ exports.ceil = ceil;
 exports.checkOnline = checkOnline;
 exports.chunk = chunk;
 exports.clamp = clamp;
-exports.clearPersistedKeys = clearPersistedKeys;
 exports.compact = compact;
-exports.computeHMAC = computeHMAC;
 exports.contrast = contrast;
-exports.cookie = cookie;
 exports.copyToClipboard = copyToClipboard;
-exports.createSecureStorage = createSecureStorage;
 exports.createTracker = createTracker;
 exports.createTranslator = createTranslator;
 exports.createUploader = createUploader;
 exports.csvToJson = csvToJson;
 exports.darken = darken;
 exports.debounce = debounce;
+exports.decryptJsonWithAES = decryptJsonWithAES;
+exports.decryptWithEnvPrivateKey = decryptWithEnvPrivateKey;
 exports.deepClone = deepClone;
 exports.deepMerge = deepMerge;
 exports.defaults = defaults;
-exports.deriveKeyFromPassword = deriveKeyFromPassword;
 exports.diffDays = diffDays;
 exports.difference = difference;
 exports.downloadFile = downloadFile;
 exports.drop = drop;
 exports.dropWhile = dropWhile;
+exports.encryptJsonWithAES = encryptJsonWithAES;
+exports.encryptWithEnvPublicKey = encryptWithEnvPublicKey;
 exports.endOfDay = endOfDay;
 exports.escapeHtml = escapeHtml;
-exports.exportPrivateKey = exportPrivateKey;
-exports.exportPublicKey = exportPublicKey;
 exports.factorial = factorial;
 exports.fetchWithRetry = fetchWithRetry;
 exports.fetchWithTimeout = fetchWithTimeout;
@@ -4469,35 +3959,29 @@ exports.formatNumber = formatNumber;
 exports.formatNumberI18n = formatNumberI18n;
 exports.formatRelativeTime = formatRelativeTime;
 exports.gcd = gcd;
-exports.generateHMACKey = generateHMACKey;
 exports.generateRSAKeyPair = generateRSAKeyPair;
-exports.generateRandomString = generateRandomString;
-exports.generateUUID = generateUUID;
+exports.generateRandomAESKeyString = generateRandomAESKeyString;
 exports.get = get;
 exports.getDateFormatByGMT = getDateFormatByGMT;
 exports.getElementOffset = getElementOffset;
+exports.getEnvPrivateKey = getEnvPrivateKey;
+exports.getEnvPublicKey = getEnvPublicKey;
 exports.getFileExtension = getFileExtension;
 exports.getFileNameWithoutExtension = getFileNameWithoutExtension;
-exports.getKeyUsageCount = getKeyUsageCount;
 exports.getLocale = getLocale;
 exports.getQuarter = getQuarter;
 exports.getQueryParams = getQueryParams;
 exports.getRelativeTime = getRelativeTime;
 exports.getScrollPosition = getScrollPosition;
-exports.getStorageKeyPair = getStorageKeyPair;
 exports.getStyle = getStyle;
 exports.getTimeFromGMT = getTimeFromGMT;
 exports.getTracker = getTracker;
 exports.getWeekNumber = getWeekNumber;
 exports.groupBy = groupBy;
-exports.hash = hash;
 exports.hexToRgb = hexToRgb;
 exports.highlight = highlight;
 exports.hslToRgb = hslToRgb;
-exports.importPrivateKey = importPrivateKey;
-exports.importPublicKey = importPublicKey;
 exports.initTracker = initTracker;
-exports.initializeStorageKeys = initializeStorageKeys;
 exports.intersection = intersection;
 exports.invert = invert;
 exports.isAbsoluteUrl = isAbsoluteUrl;
@@ -4557,7 +4041,6 @@ exports.removeAccents = removeAccents;
 exports.removeClass = removeClass;
 exports.removeQueryParams = removeQueryParams;
 exports.request = request;
-exports.resetKeyUsageCount = resetKeyUsageCount;
 exports.retry = retry;
 exports.rgbToHex = rgbToHex;
 exports.rgbToHsl = rgbToHsl;
@@ -4571,10 +4054,8 @@ exports.set = set;
 exports.setCommonParams = setCommonParams;
 exports.setQueryParams = setQueryParams;
 exports.setServiceEventHandlers = setServiceEventHandlers;
-exports.setStorageKeyPair = setStorageKeyPair;
 exports.setStyle = setStyle;
 exports.setUserInfo = setUserInfo;
-exports.sha256 = sha256;
 exports.shuffle = shuffle;
 exports.slugify = slugify;
 exports.snakeCase = snakeCase;
@@ -4602,7 +4083,6 @@ exports.unzip = unzip;
 exports.updateQueryParams = updateQueryParams;
 exports.uploadFile = uploadFile;
 exports.values = values;
-exports.verifyHMAC = verifyHMAC;
 exports.xmlToJson = xmlToJson;
 exports.yamlToJson = yamlToJson;
 exports.zip = zip;