npm - @alibarbar/common - Versions diffs - 1.1.2 → 1.1.4 - Mend

@alibarbar/common 1.1.2 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/README.md +10 -0
package/dist/crypto.cjs +184 -252
package/dist/crypto.d.mts +50 -103
package/dist/crypto.d.ts +50 -103
package/dist/crypto.js +170 -238
package/dist/{index-DchqyDBQ.d.mts → index-j5EqxJaC.d.mts} +8 -2
package/dist/{index-DchqyDBQ.d.ts → index-j5EqxJaC.d.ts} +8 -2
package/dist/index.cjs +488 -1008
package/dist/index.d.mts +4 -3
package/dist/index.d.ts +4 -3
package/dist/index.js +479 -986
package/dist/services.cjs +82 -60
package/dist/services.d.mts +1 -1
package/dist/services.d.ts +1 -1
package/dist/services.js +82 -60
package/dist/storage.cjs +328 -894
package/dist/storage.d.mts +69 -127
package/dist/storage.d.ts +69 -127
package/dist/storage.js +320 -887
package/dist/upload.cjs +56 -14
package/dist/upload.d.mts +1 -1
package/dist/upload.d.ts +1 -1
package/dist/upload.js +56 -14
package/package.json +11 -3

package/dist/index.js CHANGED Viewed

@@ -1,3 +1,5 @@
+import JSEncrypt from 'jsencrypt';
+import CryptoJS from 'crypto-js';
 import Qs from 'qs';
 import axios from 'axios';
@@ -762,8 +764,8 @@ function parseUrl(url) {
   }
 }
 function buildUrl(parts) {
-  const { protocol = "https:", host = "", pathname = "/", search = "", hash: hash2 = "" } = parts;
-  return `${protocol}//${host}${pathname}${search}${hash2}`;
+  const { protocol = "https:", host = "", pathname = "/", search = "", hash = "" } = parts;
+  return `${protocol}//${host}${pathname}${search}${hash}`;
 }
 function getQueryParams(url) {
   const searchParams = url ? new URL(url).searchParams : new URLSearchParams(window.location.search);
@@ -1137,6 +1139,8 @@ var ChunkUploader = class {
     this.uploadedChunks = /* @__PURE__ */ new Set();
     this.status = "pending" /* PENDING */;
     this.abortController = null;
+    /** 进度流专用 AbortController，用于在上传结束/取消时关闭流 */
+    this.progressStreamAbortController = null;
     this.file = file;
     this.options = {
       chunkSize: options.chunkSize || 2 * 1024 * 1024,
@@ -1244,7 +1248,6 @@ var ChunkUploader = class {
       });
       if (response.code === 200 && response.data.success) {
         this.uploadedChunks.add(chunkInfo.index);
-        await this.updateProgress();
       } else {
         throw new Error(response.message || "\u5206\u7247\u4E0A\u4F20\u5931\u8D25");
       }
@@ -1279,23 +1282,60 @@ var ChunkUploader = class {
     await Promise.all(tasks);
   }
   /**
-   * 更新上传进度（仅用于回调前端显示）
+   * 启动进度流式接口（单次请求，通过 ReadableStream 消费多条 SSE 事件）
    */
-  async updateProgress() {
+  startProgressStream() {
     if (!this.taskId) return;
-    try {
-      const response = await this.request(
-        `/api/files/common/progress/${this.taskId}`,
-        {
-          method: "GET",
-          headers: this.options.headers
+    this.progressStreamAbortController = new AbortController();
+    const url = `${this.options.baseURL}/api/files/common/progress/${this.taskId}`;
+    fetch(url, {
+      method: "GET",
+      headers: {
+        Accept: "text/event-stream",
+        ...this.options.headers
+      },
+      signal: this.progressStreamAbortController.signal
+    }).then(async (response) => {
+      if (!response.ok || !response.body) return;
+      const reader = response.body.getReader();
+      const decoder = new TextDecoder();
+      let buffer = "";
+      try {
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) break;
+          buffer += decoder.decode(value, { stream: true });
+          const lines = buffer.split("\n");
+          buffer = lines.pop() ?? "";
+          for (const line of lines) {
+            if (line.startsWith("data: ")) {
+              const jsonStr = line.slice(6).trim();
+              if (!jsonStr) continue;
+              try {
+                const apiRes = JSON.parse(jsonStr);
+                if (apiRes.code === 200 && apiRes.data) {
+                  this.options.onProgress(apiRes.data);
+                }
+              } catch {
+              }
+            }
+          }
         }
-      );
-      if (response.code === 200 && response.data) {
-        this.options.onProgress(response.data);
+      } finally {
+        reader.releaseLock();
       }
-    } catch (error) {
-      console.warn("\u83B7\u53D6\u4E0A\u4F20\u8FDB\u5EA6\u5931\u8D25:", error);
+    }).catch((error) => {
+      if (error?.name === "AbortError") return;
+      console.warn("\u8FDB\u5EA6\u6D41\u5F0F\u63A5\u53E3\u5F02\u5E38:", error);
+    });
+  }
+  /**
+   * 关闭进度流
+   */
+  closeProgressStream() {
+    if (this.progressStreamAbortController) {
+      this.progressStreamAbortController.abort();
+      this.progressStreamAbortController = null;
     }
   }
   /**
@@ -1368,6 +1408,7 @@ var ChunkUploader = class {
         this.options.onComplete(result);
         return result;
       }
+      this.startProgressStream();
       console.log("[\u4E0A\u4F20\u6D41\u7A0B] 2. \u51C6\u5907\u5206\u7247");
       this.prepareChunks();
       const totalChunks = this.chunks.length;
@@ -1411,6 +1452,8 @@ var ChunkUploader = class {
       this.options.onError(err);
       console.error("[\u4E0A\u4F20\u6D41\u7A0B] \u274C \u4E0A\u4F20\u5931\u8D25:", err);
       throw err;
+    } finally {
+      this.closeProgressStream();
     }
   }
   /**
@@ -1437,6 +1480,7 @@ var ChunkUploader = class {
    * 取消上传
    */
   async cancel() {
+    this.closeProgressStream();
     if (this.taskId && this.status === "uploading" /* UPLOADING */) {
       try {
         await this.request(`/api/files/common/cancel/${this.taskId}`, {
@@ -1493,14 +1537,6 @@ async function uploadFile(file, options) {
   const uploader = createUploader(file, options);
   return uploader.upload();
 }
-// src/helper/crypto/index.ts
-async function sha256(data) {
-  const buffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const hashBuffer = await crypto.subtle.digest("SHA-256", buffer);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
-}
 function base64Encode(data) {
   if (typeof data === "string") {
     return btoa(unescape(encodeURIComponent(data)));
@@ -1512,1009 +1548,444 @@ function base64Encode(data) {
   }
   return btoa(binary);
 }
-function base64Decode(data) {
-  try {
-    return decodeURIComponent(escape(atob(data)));
-  } catch {
-    throw new Error("Invalid Base64 string");
-  }
-}
-function generateUUID() {
-  if (typeof crypto !== "undefined" && crypto.randomUUID) {
-    return crypto.randomUUID();
-  }
-  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
-    const r = Math.random() * 16 | 0;
-    const v = c === "x" ? r : r & 3 | 8;
-    return v.toString(16);
-  });
-}
-function generateRandomString(length, charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") {
-  let result = "";
-  for (let i = 0; i < length; i++) {
-    result += charset.charAt(Math.floor(Math.random() * charset.length));
-  }
-  return result;
+function generateRandomAESKeyString() {
+  return CryptoJS.lib.WordArray.random(256 / 8).toString();
 }
-function hash(data) {
-  let hashValue = 0;
-  for (let i = 0; i < data.length; i++) {
-    const char = data.charCodeAt(i);
-    hashValue = (hashValue << 5) - hashValue + char;
-    hashValue = hashValue & hashValue;
+function encryptJsonWithAES(data, aesKey) {
+  try {
+    const jsonString = JSON.stringify(data);
+    return CryptoJS.AES.encrypt(jsonString, aesKey).toString();
+  } catch (error) {
+    throw new Error(
+      "[encryption] AES encryptJsonWithAES failed: " + (error instanceof Error ? error.message : String(error))
+    );
   }
-  return Math.abs(hashValue);
 }
-async function generateRSAKeyPair(modulusLength = 2048) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+function decryptJsonWithAES(encryptedData, aesKey) {
+  try {
+    const decrypted = CryptoJS.AES.decrypt(encryptedData, aesKey);
+    const jsonString = decrypted.toString(CryptoJS.enc.Utf8);
+    if (!jsonString) {
+      throw new Error("decrypted JSON string is empty");
+    }
+    return JSON.parse(jsonString);
+  } catch (error) {
+    throw new Error(
+      "[encryption] AES decryptJsonWithAES failed: " + (error instanceof Error ? error.message : String(error))
+    );
   }
-  const keyPair = await crypto.subtle.generateKey(
-    {
-      name: "RSA-OAEP",
-      modulusLength,
-      publicExponent: new Uint8Array([1, 0, 1]),
-      hash: "SHA-256"
-    },
-    true,
-    ["encrypt", "decrypt"]
-  );
-  return {
-    publicKey: keyPair.publicKey,
-    privateKey: keyPair.privateKey
-  };
 }
-async function rsaEncrypt(data, publicKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const encoder = new TextEncoder();
-  const dataBuffer = encoder.encode(data);
-  const algo = publicKey.algorithm;
-  const modulusLength = typeof algo.modulusLength === "number" ? algo.modulusLength : 2048;
-  const hashName = typeof algo.hash === "object" && "name" in algo.hash ? algo.hash.name : "SHA-256";
-  const hashLength = hashName === "SHA-1" ? 20 : 32;
-  const maxChunkSize = Math.max(Math.floor(modulusLength / 8 - 2 * hashLength - 2), 1);
-  const chunks = [];
-  for (let i = 0; i < dataBuffer.length; i += maxChunkSize) {
-    const chunk2 = dataBuffer.slice(i, i + maxChunkSize);
-    const encrypted = await crypto.subtle.encrypt(
-      {
-        name: "RSA-OAEP"
-      },
-      publicKey,
-      chunk2
+function getEnvPublicKey() {
+  const key = import.meta.env.VITE_RSA_PUBLIC_KEY?.trim();
+  if (!key) {
+    throw new Error(
+      "[encryption] VITE_RSA_PUBLIC_KEY is not set. Please configure RSA public key in environment variables."
     );
-    chunks.push(encrypted);
   }
-  const totalLength = chunks.reduce((sum, chunk2) => sum + chunk2.byteLength, 0);
-  const merged = new Uint8Array(totalLength);
-  let offset = 0;
-  for (const chunk2 of chunks) {
-    merged.set(new Uint8Array(chunk2), offset);
-    offset += chunk2.byteLength;
-  }
-  return base64Encode(merged.buffer);
+  return key;
 }
-async function rsaDecrypt(encryptedData, privateKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const binaryString = atob(encryptedData);
-  const encryptedArray = new Uint8Array(binaryString.length);
-  for (let i = 0; i < binaryString.length; i++) {
-    encryptedArray[i] = binaryString.charCodeAt(i);
-  }
-  const chunkSize = 256;
-  const chunks = [];
-  for (let i = 0; i < encryptedArray.length; i += chunkSize) {
-    const chunk2 = encryptedArray.slice(i, i + chunkSize);
-    const decrypted = await crypto.subtle.decrypt(
-      {
-        name: "RSA-OAEP"
-      },
-      privateKey,
-      chunk2
+function getEnvPrivateKey() {
+  const key = import.meta.env.VITE_RSA_PRIVATE_KEY?.trim();
+  if (!key) {
+    throw new Error(
+      "[encryption] VITE_RSA_PRIVATE_KEY is not set. Please configure RSA private key in environment variables."
     );
-    const decoder = new TextDecoder();
-    chunks.push(decoder.decode(decrypted));
   }
-  return chunks.join("");
+  return key;
 }
-async function exportPublicKey(publicKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+function base64ToPem(base64Key, type) {
+  const chunks = [];
+  for (let i = 0; i < base64Key.length; i += 64) {
+    chunks.push(base64Key.slice(i, i + 64));
   }
-  const exported = await crypto.subtle.exportKey("spki", publicKey);
-  return base64Encode(exported);
+  const body = chunks.join("\n");
+  const header = type === "PUBLIC" ? "-----BEGIN PUBLIC KEY-----" : "-----BEGIN PRIVATE KEY-----";
+  const footer = type === "PUBLIC" ? "-----END PUBLIC KEY-----" : "-----END PRIVATE KEY-----";
+  return `${header}
+${body}
+${footer}`;
 }
-async function exportPrivateKey(privateKey) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+async function rsaEncrypt(plain, publicKeyPem) {
+  try {
+    const encrypt = new JSEncrypt();
+    let publicKeyString;
+    if (typeof publicKeyPem === "string") {
+      const trimmedKey = publicKeyPem.trim();
+      if (!trimmedKey) {
+        throw new Error("Public key string is empty");
+      }
+      if (trimmedKey.includes("-----BEGIN")) {
+        publicKeyString = trimmedKey;
+      } else {
+        publicKeyString = base64ToPem(trimmedKey, "PUBLIC");
+      }
+    } else if (publicKeyPem instanceof CryptoJS.lib.WordArray) {
+      const base64Key = publicKeyPem.toString();
+      publicKeyString = base64ToPem(base64Key, "PUBLIC");
+    } else {
+      try {
+        const exported = await crypto.subtle.exportKey("spki", publicKeyPem);
+        const base64Key = base64Encode(exported);
+        publicKeyString = base64ToPem(base64Key, "PUBLIC");
+      } catch (error) {
+        throw new Error(
+          "Failed to export CryptoKey. In non-HTTPS environment, use string publicKey (Base64 or PEM) directly. " + (error instanceof Error ? error.message : String(error))
+        );
+      }
+    }
+    encrypt.setPublicKey(publicKeyString);
+    const MAX_ENCRYPT_LENGTH = 200;
+    if (plain.length > MAX_ENCRYPT_LENGTH) {
+      const chunks = [];
+      for (let i = 0; i < plain.length; i += MAX_ENCRYPT_LENGTH) {
+        const chunk2 = plain.slice(i, i + MAX_ENCRYPT_LENGTH);
+        const encrypted2 = encrypt.encrypt(chunk2);
+        if (!encrypted2) {
+          throw new Error(
+            `RSA encryption failed for chunk ${i / MAX_ENCRYPT_LENGTH + 1}. Public key may be invalid or JSEncrypt may not be loaded correctly.`
+          );
+        }
+        chunks.push(encrypted2);
+      }
+      return chunks.join("|");
+    }
+    const encrypted = encrypt.encrypt(plain);
+    if (!encrypted) {
+      throw new Error(
+        `RSA encryption failed. Public key may be invalid or JSEncrypt may not be loaded correctly. Plain text length: ${plain.length} bytes.`
+      );
+    }
+    return encrypted;
+  } catch (error) {
+    if (error instanceof Error) {
+      if (error.message.includes("RSA encryption failed") || error.message.includes("Public key")) {
+        throw error;
+      }
+      throw new Error(`[encryption] rsaEncrypt failed: ${error.message}`);
+    }
+    throw new Error(`[encryption] rsaEncrypt failed: ${String(error)}`);
   }
-  const exported = await crypto.subtle.exportKey("pkcs8", privateKey);
-  return base64Encode(exported);
 }
-async function importPublicKey(keyData) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+async function rsaDecrypt(cipher, privateKeyPem) {
+  const decrypt = new JSEncrypt();
+  let privateKeyString;
+  if (typeof privateKeyPem === "string") {
+    if (privateKeyPem.includes("-----BEGIN")) {
+      privateKeyString = privateKeyPem.trim();
+    } else {
+      const trimmed = privateKeyPem.trim();
+      privateKeyString = base64ToPem(trimmed, "PRIVATE");
+    }
+  } else if (privateKeyPem instanceof CryptoJS.lib.WordArray) {
+    const base64Key = privateKeyPem.toString();
+    privateKeyString = base64ToPem(base64Key, "PRIVATE");
+  } else {
+    try {
+      const exported = await crypto.subtle.exportKey("pkcs8", privateKeyPem);
+      const base64Key = base64Encode(exported);
+      privateKeyString = base64ToPem(base64Key, "PRIVATE");
+    } catch (error) {
+      throw new Error(
+        "[encryption] rsaDecrypt: failed to export CryptoKey. In non-HTTPS environment, use PEM string directly."
+      );
+    }
   }
-  const keyBuffer = base64Decode(keyData);
-  const keyArray = new Uint8Array(keyBuffer.split("").map((char) => char.charCodeAt(0)));
-  return crypto.subtle.importKey(
-    "spki",
-    keyArray.buffer,
-    {
-      name: "RSA-OAEP",
-      hash: "SHA-256"
-    },
-    true,
-    ["encrypt"]
-  );
-}
-async function importPrivateKey(keyData) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
+  decrypt.setPrivateKey(privateKeyString);
+  const chunks = cipher.split("|");
+  const decryptedChunks = [];
+  for (const chunk2 of chunks) {
+    const decrypted = decrypt.decrypt(chunk2);
+    if (!decrypted) {
+      throw new Error("[encryption] rsaDecrypt: RSA decryption failed");
+    }
+    decryptedChunks.push(decrypted);
   }
-  const keyBuffer = base64Decode(keyData);
-  const keyArray = new Uint8Array(keyBuffer.split("").map((char) => char.charCodeAt(0)));
-  return crypto.subtle.importKey(
-    "pkcs8",
-    keyArray.buffer,
-    {
-      name: "RSA-OAEP",
-      hash: "SHA-256"
-    },
-    true,
-    ["decrypt"]
-  );
+  return decryptedChunks.join("");
 }
-async function generateHMACKey() {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  return crypto.subtle.generateKey(
-    {
-      name: "HMAC",
-      hash: "SHA-256"
-    },
-    true,
-    ["sign", "verify"]
-  );
+async function encryptWithEnvPublicKey(plain) {
+  const publicKey = getEnvPublicKey();
+  return rsaEncrypt(plain, publicKey);
 }
-async function computeHMAC(data, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const buffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const signature = await crypto.subtle.sign("HMAC", key, buffer);
-  return base64Encode(signature);
+async function decryptWithEnvPrivateKey(cipher) {
+  const privateKey = getEnvPrivateKey();
+  return rsaDecrypt(cipher, privateKey);
 }
-async function verifyHMAC(data, signature, key) {
+async function generateRSAKeyPair(modulusLength = 2048) {
   if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  try {
-    const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-    const signatureBuffer = new Uint8Array(
-      atob(signature).split("").map((char) => char.charCodeAt(0))
+    throw new Error(
+      "[encryption] Web Crypto API is not available. Cannot generate RSA key pair. Please use fixed key pair from environment variables."
     );
-    return await crypto.subtle.verify("HMAC", key, signatureBuffer, dataBuffer);
-  } catch {
-    return false;
   }
-}
-async function deriveKeyFromPassword(password, salt, iterations = 1e5, keyLength = 256) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const saltBuffer = typeof salt === "string" ? new TextEncoder().encode(salt) : salt;
-  const passwordKey = await crypto.subtle.importKey(
-    "raw",
-    new TextEncoder().encode(password),
-    "PBKDF2",
-    false,
-    ["deriveBits", "deriveKey"]
-  );
-  return crypto.subtle.deriveKey(
+  const keyPair = await crypto.subtle.generateKey(
     {
-      name: "PBKDF2",
-      salt: saltBuffer,
-      iterations,
+      name: "RSA-OAEP",
+      modulusLength,
+      publicExponent: new Uint8Array([1, 0, 1]),
       hash: "SHA-256"
     },
-    passwordKey,
-    {
-      name: "AES-GCM",
-      length: keyLength
-    },
-    false,
+    true,
     ["encrypt", "decrypt"]
   );
-}
-async function aesGCMEncrypt(data, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const dataBuffer = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  const iv = crypto.getRandomValues(new Uint8Array(12));
-  const encrypted = await crypto.subtle.encrypt(
-    {
-      name: "AES-GCM",
-      iv
-    },
-    key,
-    dataBuffer
-  );
+  const publicKeyDer = await crypto.subtle.exportKey("spki", keyPair.publicKey);
+  const privateKeyDer = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
+  const publicKeyBase64 = base64Encode(publicKeyDer);
+  const privateKeyBase64 = base64Encode(privateKeyDer);
   return {
-    encrypted: base64Encode(encrypted),
-    iv: base64Encode(iv.buffer)
+    publicKey: base64ToPem(publicKeyBase64, "PUBLIC"),
+    privateKey: base64ToPem(privateKeyBase64, "PRIVATE")
   };
 }
-async function aesGCMDecrypt(encryptedData, iv, key) {
-  if (typeof crypto === "undefined" || !crypto.subtle) {
-    throw new Error("Web Crypto API is not available");
-  }
-  const encryptedBuffer = new Uint8Array(
-    atob(encryptedData).split("").map((char) => char.charCodeAt(0))
-  );
-  const ivBuffer = new Uint8Array(
-    atob(iv).split("").map((char) => char.charCodeAt(0))
-  );
-  const decrypted = await crypto.subtle.decrypt(
-    {
-      name: "AES-GCM",
-      iv: ivBuffer
-    },
-    key,
-    encryptedBuffer
-  );
-  return new TextDecoder().decode(decrypted);
-}
 // src/browser/SecureStorage/index.ts
-var globalKeyPair = null;
-var globalHMACKey = null;
-var keyPairInitialized = false;
-var initOptions = {
-  autoGenerateKeys: true,
-  persistKeys: false,
-  keyStorageKey: void 0,
-  // 将自动生成随机键名
-  keyEncryptionPassword: void 0,
-  pbkdf2Iterations: 1e5,
-  keyModulusLength: 2048,
-  enableHMAC: true,
-  enableTimestampValidation: true,
-  timestampMaxAge: 7 * 24 * 60 * 60 * 1e3,
-  // 7 天
-  isProduction: false
+var CONFIG = {
+  NAMESPACE: "sec_b_",
+  DEFAULT_EXPIRE: null
 };
-var actualKeyStorageKey = null;
-var keyUsageCount = 0;
-var initializationPromise = null;
-var KEY_STORAGE_KEY_REGISTRY = "__SECURE_STORAGE_KEY__";
-function generateKeyStorageKey() {
-  return `_sk_${generateRandomString(32)}_${Date.now()}`;
-}
-async function initializeStorageKeys(options = {}) {
-  if (options.forceReinitialize) {
-    globalKeyPair = null;
-    globalHMACKey = null;
-    keyPairInitialized = false;
-    actualKeyStorageKey = null;
-    keyUsageCount = 0;
-    initializationPromise = null;
-  } else if (keyPairInitialized && globalKeyPair) {
-    initOptions = { ...initOptions, ...options };
-    return;
-  }
-  initOptions = { ...initOptions, ...options };
-  if (initOptions.keyStorageKey) {
-    actualKeyStorageKey = initOptions.keyStorageKey;
-  } else if (!actualKeyStorageKey) {
-    if (typeof window !== "undefined" && window.localStorage) {
-      const savedKeyName = window.localStorage.getItem(KEY_STORAGE_KEY_REGISTRY);
-      if (savedKeyName) {
-        actualKeyStorageKey = savedKeyName;
-      } else {
-        actualKeyStorageKey = generateKeyStorageKey();
-        window.localStorage.setItem(KEY_STORAGE_KEY_REGISTRY, actualKeyStorageKey);
-      }
-    } else {
-      actualKeyStorageKey = generateKeyStorageKey();
-    }
-  }
-  if (initOptions.persistKeys && typeof window !== "undefined" && window.localStorage) {
-    try {
-      const storedKeys = window.localStorage.getItem(actualKeyStorageKey);
-      if (storedKeys) {
-        const keyData = JSON.parse(storedKeys);
-        if (keyData.encrypted && keyData.privateKeyEncrypted && keyData.salt) {
-          if (!initOptions.keyEncryptionPassword) {
-            if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-              console.error("Encrypted keys found but no password provided");
-            }
-            throw new Error("Password required to decrypt stored keys");
-          }
-          const saltArray = new Uint8Array(
-            atob(keyData.salt).split("").map((char) => char.charCodeAt(0))
-          );
-          const iterations = keyData.pbkdf2Iterations || initOptions.pbkdf2Iterations;
-          const derivedKey = await deriveKeyFromPassword(
-            initOptions.keyEncryptionPassword,
-            saltArray.buffer,
-            iterations
-          );
-          const decryptedPrivateKey = await aesGCMDecrypt(
-            keyData.privateKeyEncrypted,
-            keyData.iv,
-            derivedKey
-          );
-          globalKeyPair = {
-            publicKey: await importPublicKey(keyData.publicKey),
-            privateKey: await importPrivateKey(decryptedPrivateKey)
-          };
-        } else if (keyData.publicKey && keyData.privateKey) {
-          if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-            console.warn(
-              "\u26A0\uFE0F SECURITY WARNING: Loading unencrypted keys from storage. Consider re-initializing with password encryption."
-            );
-          }
-          globalKeyPair = {
-            publicKey: await importPublicKey(keyData.publicKey),
-            privateKey: await importPrivateKey(keyData.privateKey)
-          };
-        }
-        if (globalKeyPair) {
-          keyPairInitialized = true;
-          if (initOptions.enableHMAC && !globalHMACKey) {
-            globalHMACKey = await generateHMACKey();
-          }
-          return;
-        }
-      }
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-        console.warn("Failed to load persisted keys, will generate new ones");
-      }
-    }
-  }
-  if (initOptions.autoGenerateKeys && !globalKeyPair) {
-    try {
-      globalKeyPair = await generateRSAKeyPair(initOptions.keyModulusLength);
-      if (initOptions.enableHMAC && !globalHMACKey) {
-        globalHMACKey = await generateHMACKey();
-      }
-      keyPairInitialized = true;
-      keyUsageCount = 0;
-      if (initOptions.persistKeys && typeof window !== "undefined" && window.localStorage) {
-        try {
-          const publicKeyStr = await exportPublicKey(globalKeyPair.publicKey);
-          if (initOptions.keyEncryptionPassword) {
-            const privateKeyStr = await exportPrivateKey(globalKeyPair.privateKey);
-            const salt = crypto.getRandomValues(new Uint8Array(16));
-            const derivedKey = await deriveKeyFromPassword(
-              initOptions.keyEncryptionPassword,
-              salt.buffer,
-              initOptions.pbkdf2Iterations
-            );
-            const { encrypted, iv } = await aesGCMEncrypt(privateKeyStr, derivedKey);
-            const keyData = {
-              encrypted: true,
-              publicKey: publicKeyStr,
-              privateKeyEncrypted: encrypted,
-              iv,
-              salt: base64Encode(salt.buffer),
-              pbkdf2Iterations: initOptions.pbkdf2Iterations
-            };
-            window.localStorage.setItem(actualKeyStorageKey, JSON.stringify(keyData));
-            if (!initOptions.isProduction && typeof console !== "undefined" && console.info) {
-              console.info("\u2705 Keys encrypted and stored securely");
-            }
-          } else {
-            if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-              console.warn(
-                "\u26A0\uFE0F SECURITY WARNING: Storing private keys without encryption! Private keys will be stored in plain text (Base64 encoded). Provide keyEncryptionPassword for secure storage."
-              );
-            }
-            const keyData = {
-              publicKey: publicKeyStr,
-              privateKey: await exportPrivateKey(globalKeyPair.privateKey)
-            };
-            window.localStorage.setItem(actualKeyStorageKey, JSON.stringify(keyData));
-          }
-        } catch (error) {
-          if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-            console.error("Failed to persist keys");
-          }
-        }
-      }
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("Failed to generate storage keys");
-      }
-      throw error;
-    }
-  }
-  if (initOptions.enableHMAC && !globalHMACKey) {
-    globalHMACKey = await generateHMACKey();
-  }
-}
-function setStorageKeyPair(keyPair) {
-  globalKeyPair = keyPair;
-  keyPairInitialized = true;
-}
-function getStorageKeyPair() {
-  return globalKeyPair;
-}
-function clearPersistedKeys() {
-  if (typeof window !== "undefined" && window.localStorage && actualKeyStorageKey) {
-    try {
-      window.localStorage.removeItem(actualKeyStorageKey);
-      actualKeyStorageKey = null;
-      keyPairInitialized = false;
-      globalKeyPair = null;
-      globalHMACKey = null;
-      keyUsageCount = 0;
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("Failed to clear persisted keys");
-      }
-    }
-  }
-}
-function getKeyUsageCount() {
-  return keyUsageCount;
-}
-function resetKeyUsageCount() {
-  keyUsageCount = 0;
-}
-async function ensureKeyPair() {
-  if (globalKeyPair) {
-    keyUsageCount++;
-    return;
-  }
-  if (!initOptions.autoGenerateKeys) {
-    return;
-  }
-  if (initializationPromise) {
-    await initializationPromise;
-    if (globalKeyPair) {
-      keyUsageCount++;
+var SecureStorage = class _SecureStorage {
+  static get instances() {
+    if (!this._instances) {
+      this._instances = /* @__PURE__ */ new Map();
     }
-    return;
-  }
-  initializationPromise = initializeStorageKeys();
-  try {
-    await initializationPromise;
-  } finally {
-    initializationPromise = null;
+    return this._instances;
   }
-  if (globalKeyPair) {
-    keyUsageCount++;
-  }
-}
-function safeParseJSON(jsonStr, expectedType) {
-  try {
-    const parsed = JSON.parse(jsonStr);
-    if (expectedType === "object" && (typeof parsed !== "object" || parsed === null || Array.isArray(parsed))) {
-      throw new Error("Expected object but got different type");
-    }
-    if (expectedType === "array" && !Array.isArray(parsed)) {
-      throw new Error("Expected array but got different type");
-    }
-    return parsed;
-  } catch (error) {
-    if (error instanceof SyntaxError) {
-      throw new Error(`Invalid JSON format: ${error.message}`);
+  constructor(options) {
+    const storageType = options.storage === window.sessionStorage ? "session" : "local";
+    const namespace = options.namespace || CONFIG.NAMESPACE;
+    const instanceKey = `${storageType}_${namespace}`;
+    const existingInstance = _SecureStorage.instances.get(instanceKey);
+    if (existingInstance) {
+      return existingInstance;
     }
-    throw error;
-  }
-}
-function validateTimestamp(timestamp, maxClockSkew = 5 * 60 * 1e3) {
-  if (!initOptions.enableTimestampValidation || !timestamp) {
-    return true;
-  }
-  if (initOptions.timestampMaxAge === 0) {
-    return true;
-  }
-  const now = Date.now();
-  const age = now - timestamp;
-  const maxAge = initOptions.timestampMaxAge || 7 * 24 * 60 * 60 * 1e3;
-  if (age < -maxClockSkew) {
-    return false;
+    this.namespace = namespace;
+    this.storage = options.storage || window.localStorage;
+    this.defaultExpire = options.defaultExpire ?? CONFIG.DEFAULT_EXPIRE;
+    this.instanceKey = instanceKey;
+    _SecureStorage.instances.set(instanceKey, this);
   }
-  return age >= -maxClockSkew && age <= maxAge;
-}
-async function encryptValue(value, publicKey, hmacKey) {
-  const encryptedData = await rsaEncrypt(value, publicKey);
-  if (hmacKey) {
-    const hmac = await computeHMAC(encryptedData, hmacKey);
-    const item = {
-      data: encryptedData,
-      hmac,
-      encrypted: true,
-      timestamp: Date.now()
-    };
-    return JSON.stringify(item);
-  }
-  return encryptedData;
-}
-async function handleDecryptError(error, encryptedStr, key) {
-  if (error instanceof Error && error.message.includes("HMAC verification failed")) {
-    if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-      console.error(
-        "\u26A0\uFE0F SECURITY ALERT: Data integrity check failed! Data may have been tampered with."
-      );
-    }
-    throw error;
+  /**
+   * 获取单例实例（静态方法）
+   */
+  static getInstance(options) {
+    return new _SecureStorage(options);
   }
-  if (error instanceof Error && error.message.includes("Data timestamp validation failed")) {
-    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-      console.warn("\u26A0\uFE0F SECURITY WARNING: Data timestamp validation failed");
-    }
-    throw error;
+  /**
+   * 清除所有单例实例（用于测试或重置）
+   */
+  static clearInstances() {
+    _SecureStorage.instances.clear();
   }
-  try {
-    const decryptedStr = base64Decode(encryptedStr);
-    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-      console.warn(
-        `\u26A0\uFE0F SECURITY WARNING: Reading unencrypted data for key "${key}". This may be a security risk if sensitive data was stored without encryption.`
-      );
-    }
-    return decryptedStr;
-  } catch {
-    throw error;
+  /**
+   * 获取当前所有实例的数量（用于调试）
+   */
+  static getInstanceCount() {
+    return _SecureStorage.instances.size;
   }
-}
-function handleNoKeyDecode(encryptedStr, key) {
-  try {
-    const decryptedStr = base64Decode(encryptedStr);
-    if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-      console.warn(
-        `\u26A0\uFE0F SECURITY WARNING: Reading unencrypted data for key "${key}" without encryption keys.`
-      );
-    }
-    return decryptedStr;
-  } catch (error) {
-    throw new Error(`Failed to decode storage value for key "${key}"`);
+  /**
+   * 获取完整键名（带命名空间）
+   */
+  _getFullKey(key) {
+    return `${this.namespace}${key}`;
   }
-}
-async function decryptValue(encryptedValue, privateKey, hmacKey) {
-  try {
-    const item = JSON.parse(encryptedValue);
-    if (item.encrypted && item.data && item.hmac) {
-      if (hmacKey) {
-        const isValid = await verifyHMAC(item.data, item.hmac, hmacKey);
-        if (!isValid) {
-          throw new Error("HMAC verification failed: data may have been tampered with");
-        }
-      }
-      if (item.timestamp && !validateTimestamp(item.timestamp)) {
-        throw new Error("Data timestamp validation failed: data may be expired or replayed");
-      }
-      return await rsaDecrypt(item.data, privateKey);
-    }
-    return await rsaDecrypt(encryptedValue, privateKey);
-  } catch (error) {
-    if (error instanceof Error && error.message.includes("HMAC verification failed")) {
-      throw error;
-    }
-    throw new Error("Failed to decrypt storage value: invalid format or corrupted data");
+  /**
+   * 检查数据是否过期
+   */
+  _isExpired(expire) {
+    if (!expire) return false;
+    return Date.now() > expire;
   }
-}
-var localStorage = {
   /**
    * 设置值
-   * @param key - 键
-   * @param value - 值
-   * @param options - 选项（过期时间、密钥等）
-   * @returns Promise<void>
    */
-  async set(key, value, options = {}) {
-    if (typeof window === "undefined" || !window.localStorage) {
-      throw new Error("localStorage is not available");
-    }
-    const { expiry, publicKey } = options;
-    const item = {
-      value,
-      expiry: expiry ? Date.now() + expiry : void 0
-    };
+  async set(key, value, expire = this.defaultExpire) {
     try {
-      const jsonStr = JSON.stringify(item);
-      await ensureKeyPair();
-      const keyToUse = publicKey || globalKeyPair?.publicKey;
-      if (keyToUse) {
-        const encrypted = await encryptValue(jsonStr, keyToUse, globalHMACKey);
-        window.localStorage.setItem(key, encrypted);
-      } else {
-        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-          console.warn(
-            `\u26A0\uFE0F SECURITY WARNING: Storing data without encryption for key "${key}". Data is only Base64 encoded, not encrypted!`
-          );
-        }
-        const encoded = base64Encode(jsonStr);
-        window.localStorage.setItem(key, encoded);
-      }
+      const fullKey = this._getFullKey(key);
+      const aesKey = generateRandomAESKeyString();
+      const storageData = {
+        value,
+        expire: expire ? Date.now() + expire : null,
+        timestamp: Date.now()
+      };
+      const encryptedData = encryptJsonWithAES(storageData, aesKey);
+      const encryptedKey = await encryptWithEnvPublicKey(aesKey);
+      const finalData = {
+        data: encryptedData,
+        key: encryptedKey,
+        version: "1.0"
+      };
+      this.storage.setItem(fullKey, JSON.stringify(finalData));
+      return true;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("localStorage.set error:", error);
-      }
-      throw error;
+      console.error("[SecureStorage] \u4FDD\u5B58\u5931\u8D25:", error);
+      return false;
     }
-  },
+  }
   /**
    * 获取值
-   * @param key - 键
-   * @param options - 选项（默认值、私钥等）
-   * @returns Promise<T | undefined> 值或默认值
    */
-  async get(key, options = {}) {
-    if (typeof window === "undefined" || !window.localStorage) {
-      return options.defaultValue;
-    }
-    const { defaultValue, privateKey } = options;
+  async get(key, defaultValue = null) {
     try {
-      const encryptedStr = window.localStorage.getItem(key);
-      if (!encryptedStr) return defaultValue;
-      await ensureKeyPair();
-      let decryptedStr;
-      const keyToUse = privateKey || globalKeyPair?.privateKey;
-      if (keyToUse) {
-        try {
-          decryptedStr = await decryptValue(encryptedStr, keyToUse, globalHMACKey);
-        } catch (error) {
-          try {
-            decryptedStr = await handleDecryptError(error, encryptedStr, key);
-          } catch {
-            return defaultValue;
-          }
-        }
-      } else {
-        try {
-          decryptedStr = handleNoKeyDecode(encryptedStr, key);
-        } catch {
-          return defaultValue;
-        }
+      const fullKey = this._getFullKey(key);
+      const storedData = this.storage.getItem(fullKey);
+      if (!storedData) {
+        return defaultValue;
       }
-      const item = safeParseJSON(decryptedStr, "object");
-      if (item.expiry && Date.now() > item.expiry) {
-        window.localStorage.removeItem(key);
+      const finalData = JSON.parse(storedData);
+      const aesKey = await decryptWithEnvPrivateKey(finalData.key);
+      const storageData = decryptJsonWithAES(finalData.data, aesKey);
+      if (this._isExpired(storageData.expire)) {
+        this.remove(key);
         return defaultValue;
       }
-      return item.value;
+      return storageData.value;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-        console.warn(`Failed to parse storage item for key "${key}"`);
-      }
+      console.error("[SecureStorage] \u8BFB\u53D6\u5931\u8D25:", error);
       return defaultValue;
     }
-  },
+  }
   /**
-   * 移除值
-   * @param key - 键
+   * 删除值
    */
   remove(key) {
-    if (typeof window === "undefined" || !window.localStorage) return;
     try {
-      window.localStorage.removeItem(key);
+      const fullKey = this._getFullKey(key);
+      this.storage.removeItem(fullKey);
+      return true;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("localStorage.remove error");
-      }
+      console.error("[SecureStorage] \u79FB\u9664\u5931\u8D25:", error);
+      return false;
     }
-  },
+  }
   /**
-   * 清空所有值
+   * 检查键是否存在
    */
-  clear() {
-    if (typeof window === "undefined" || !window.localStorage) return;
+  async has(key) {
     try {
-      window.localStorage.clear();
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("localStorage.clear error");
+      const fullKey = this._getFullKey(key);
+      const storedData = this.storage.getItem(fullKey);
+      if (!storedData) return false;
+      const finalData = JSON.parse(storedData);
+      const aesKey = await decryptWithEnvPrivateKey(finalData.key);
+      const storageData = decryptJsonWithAES(finalData.data, aesKey);
+      if (this._isExpired(storageData.expire)) {
+        this.remove(key);
+        return false;
       }
+      return true;
+    } catch (error) {
+      return false;
     }
-  },
+  }
   /**
-   * 获取所有键
-   * @returns 键数组
+   * 清空所有数据
    */
-  keys() {
-    if (typeof window === "undefined" || !window.localStorage) return [];
-    const keys2 = [];
+  clear() {
     try {
-      for (let i = 0; i < window.localStorage.length; i++) {
-        const key = window.localStorage.key(i);
-        if (key) keys2.push(key);
+      let count = 0;
+      const keys2 = [];
+      for (let i = 0; i < this.storage.length; i++) {
+        const key = this.storage.key(i);
+        if (key && key.startsWith(this.namespace)) {
+          keys2.push(key);
+        }
       }
+      keys2.forEach((key) => {
+        this.storage.removeItem(key);
+        count++;
+      });
+      return count;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("localStorage.keys error");
-      }
+      console.error("[SecureStorage] \u6E05\u7A7A\u5931\u8D25:", error);
+      return 0;
     }
-    return keys2;
   }
-};
-var sessionStorage = {
   /**
-   * 设置值
-   * @param key - 键
-   * @param value - 值
-   * @param options - 选项（公钥等）
-   * @returns Promise<void>
+   * 获取所有键名
    */
-  async set(key, value, options = {}) {
-    if (typeof window === "undefined" || !window.sessionStorage) {
-      throw new Error("sessionStorage is not available");
-    }
-    const { publicKey } = options;
+  keys() {
     try {
-      const jsonStr = JSON.stringify(value);
-      await ensureKeyPair();
-      const keyToUse = publicKey || globalKeyPair?.publicKey;
-      if (keyToUse) {
-        const encrypted = await encryptValue(jsonStr, keyToUse, globalHMACKey);
-        window.sessionStorage.setItem(key, encrypted);
-      } else {
-        if (!initOptions.isProduction && typeof console !== "undefined" && console.warn) {
-          console.warn(
-            `\u26A0\uFE0F SECURITY WARNING: Storing data without encryption for key "${key}". Data is only Base64 encoded, not encrypted!`
-          );
+      const keys2 = [];
+      for (let i = 0; i < this.storage.length; i++) {
+        const key = this.storage.key(i);
+        if (key && key.startsWith(this.namespace)) {
+          keys2.push(key.substring(this.namespace.length));
         }
-        const encoded = base64Encode(jsonStr);
-        window.sessionStorage.setItem(key, encoded);
       }
+      return keys2;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("sessionStorage.set error:", error);
-      }
-      throw error;
+      console.error("[SecureStorage] \u83B7\u53D6\u952E\u540D\u5931\u8D25:", error);
+      return [];
     }
-  },
+  }
   /**
-   * 获取值
-   * @param key - 键
-   * @param options - 选项（默认值、私钥等）
-   * @returns Promise<T | undefined> 值或默认值
+   * 获取数据条数
    */
-  async get(key, options = {}) {
-    if (typeof window === "undefined" || !window.sessionStorage) {
-      return options.defaultValue;
-    }
-    const { defaultValue, privateKey } = options;
+  size() {
+    return this.keys().length;
+  }
+  /**
+   * 清理过期数据
+   */
+  async clearExpired() {
     try {
-      const encryptedStr = window.sessionStorage.getItem(key);
-      if (!encryptedStr) return defaultValue;
-      await ensureKeyPair();
-      let decryptedStr;
-      const keyToUse = privateKey || globalKeyPair?.privateKey;
-      if (keyToUse) {
+      let count = 0;
+      const keys2 = this.keys();
+      for (const key of keys2) {
+        const fullKey = this._getFullKey(key);
         try {
-          decryptedStr = await decryptValue(encryptedStr, keyToUse, globalHMACKey);
-        } catch (error) {
-          try {
-            decryptedStr = await handleDecryptError(error, encryptedStr, key);
-          } catch {
-            return defaultValue;
+          const storedData = this.storage.getItem(fullKey);
+          if (storedData) {
+            const finalData = JSON.parse(storedData);
+            const aesKey = await decryptWithEnvPrivateKey(finalData.key);
+            const storageData = decryptJsonWithAES(finalData.data, aesKey);
+            if (this._isExpired(storageData.expire)) {
+              this.remove(key);
+              count++;
+            }
           }
+        } catch (error) {
+          this.remove(key);
+          count++;
         }
-      } else {
-        try {
-          decryptedStr = handleNoKeyDecode(encryptedStr, key);
-        } catch {
-          return defaultValue;
-        }
-      }
-      return safeParseJSON(decryptedStr);
-    } catch {
-      return defaultValue;
-    }
-  },
-  /**
-   * 移除值
-   * @param key - 键
-   */
-  remove(key) {
-    if (typeof window === "undefined" || !window.sessionStorage) return;
-    try {
-      window.sessionStorage.removeItem(key);
-    } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("sessionStorage.remove error");
       }
-    }
-  },
-  /**
-   * 清空所有值
-   */
-  clear() {
-    if (typeof window === "undefined" || !window.sessionStorage) return;
-    try {
-      window.sessionStorage.clear();
+      return count;
     } catch (error) {
-      if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-        console.error("sessionStorage.clear error");
-      }
+      console.error("[SecureStorage] \u6E05\u7406\u8FC7\u671F\u6570\u636E\u5931\u8D25:", error);
+      return 0;
     }
   }
-};
-var cookie = {
-  /**
-   * 设置Cookie
-   * @param key - 键
-   * @param value - 值
-   * @param options - Cookie选项
-   */
-  set(key, value, options = {}) {
-    if (typeof document === "undefined") {
-      throw new Error("document is not available");
-    }
-    let cookieStr = `${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
-    if (options.expires) {
-      const expiresDate = options.expires instanceof Date ? options.expires : new Date(Date.now() + options.expires * 24 * 60 * 60 * 1e3);
-      cookieStr += `; expires=${expiresDate.toUTCString()}`;
-    }
-    if (options.path) cookieStr += `; path=${options.path}`;
-    if (options.domain) cookieStr += `; domain=${options.domain}`;
-    if (options.secure) cookieStr += "; secure";
-    if (options.sameSite) cookieStr += `; sameSite=${options.sameSite}`;
-    document.cookie = cookieStr;
-  },
-  /**
-   * 获取Cookie
-   * @param key - 键
-   * @returns Cookie值
-   */
-  get(key) {
-    if (typeof document === "undefined") return void 0;
-    const name = encodeURIComponent(key);
-    const cookies = document.cookie.split(";");
-    for (const cookieStr of cookies) {
-      const trimmed = cookieStr.trim();
-      const eqIndex = trimmed.indexOf("=");
-      if (eqIndex === -1) continue;
-      const cookieKey = trimmed.substring(0, eqIndex).trim();
-      const cookieValue = trimmed.substring(eqIndex + 1).trim();
-      if (cookieKey === name) {
-        const decoded = decodeURIComponent(cookieValue);
-        return decoded === "" ? void 0 : decoded;
-      }
-    }
-    return void 0;
-  },
   /**
-   * 移除Cookie
-   * @param key - 键
-   * @param options - Cookie选项
+   * 获取实例的唯一标识
    */
-  remove(key, options = {}) {
-    cookie.set(key, "", {
-      ...options,
-      expires: /* @__PURE__ */ new Date(0)
-    });
-  },
+  getInstanceKey() {
+    return this.instanceKey;
+  }
   /**
-   * 获取所有Cookie
-   * @returns Cookie对象
+   * 检查是否为单例实例
    */
-  getAll() {
-    if (typeof document === "undefined") return {};
-    const cookies = {};
-    document.cookie.split(";").forEach((cookieStr) => {
-      const trimmed = cookieStr.trim();
-      if (!trimmed) return;
-      const eqIndex = trimmed.indexOf("=");
-      if (eqIndex === -1) return;
-      const key = trimmed.substring(0, eqIndex).trim();
-      const value = trimmed.substring(eqIndex + 1).trim();
-      if (key && value) {
-        const decodedKey = decodeURIComponent(key);
-        const decodedValue = decodeURIComponent(value);
-        if (decodedValue !== "") {
-          cookies[decodedKey] = decodedValue;
-        }
-      }
-    });
-    return cookies;
+  isSingleton() {
+    return _SecureStorage.instances.has(this.instanceKey);
   }
 };
-function createBackendAdapter(type) {
-  switch (type) {
-    case "local":
-      return {
-        async set(key, value, options) {
-          await localStorage.set(key, value, {
-            expiry: options?.expiry,
-            publicKey: options?.publicKey
-          });
-        },
-        async get(key, options) {
-          return localStorage.get(key, {
-            defaultValue: options?.defaultValue,
-            privateKey: options?.privateKey
-          });
-        },
-        remove(key) {
-          localStorage.remove(key);
-        },
-        clear() {
-          localStorage.clear();
-        },
-        keys() {
-          return localStorage.keys();
-        }
-      };
-    case "session":
-      return {
-        async set(key, value, options) {
-          await sessionStorage.set(key, value, {
-            publicKey: options?.publicKey
-          });
-        },
-        async get(key, options) {
-          return sessionStorage.get(key, {
-            defaultValue: options?.defaultValue,
-            privateKey: options?.privateKey
-          });
-        },
-        remove(key) {
-          sessionStorage.remove(key);
-        },
-        clear() {
-          sessionStorage.clear();
-        },
-        keys() {
-          if (typeof window === "undefined" || !window.sessionStorage) return [];
-          const keys2 = [];
-          try {
-            for (let i = 0; i < window.sessionStorage.length; i++) {
-              const key = window.sessionStorage.key(i);
-              if (key) keys2.push(key);
-            }
-          } catch (error) {
-            if (!initOptions.isProduction && typeof console !== "undefined" && console.error) {
-              console.error("sessionStorage.keys error");
-            }
-          }
-          return keys2;
-        }
-      };
-    case "cookie":
-      return {
-        async set(key, value) {
-          cookie.set(key, String(value));
-        },
-        async get(key, options) {
-          const value = cookie.get(key);
-          if (value === void 0) return options?.defaultValue;
-          try {
-            return JSON.parse(value);
-          } catch {
-            return value;
-          }
-        },
-        remove(key) {
-          cookie.remove(key);
-        },
-        clear() {
-          const all = cookie.getAll();
-          Object.keys(all).forEach((k) => cookie.remove(k));
-        },
-        keys() {
-          return Object.keys(cookie.getAll());
-        }
-      };
-    default:
-      return createBackendAdapter("local");
+var _defaultSecureStorage = null;
+function _getDefaultSecureStorage() {
+  if (typeof window === "undefined") {
+    throw new Error("[SecureStorage] secureStorage is only available in browser environments.");
   }
+  if (!_defaultSecureStorage) {
+    _defaultSecureStorage = new SecureStorage({});
+  }
+  return _defaultSecureStorage;
 }
-function createSecureStorage(type = "local") {
-  return createBackendAdapter(type);
-}
-var secureStorage = createSecureStorage("local");
+var secureStorage = new Proxy({}, {
+  get(_target, prop) {
+    const instance = _getDefaultSecureStorage();
+    const value = instance[prop];
+    if (typeof value === "function") {
+      return value.bind(instance);
+    }
+    return value;
+  }
+});
 // src/browser/network/index.ts
 async function fetchWithRetry(url, options = {}, retryCount = 3, retryDelay = 1e3) {
@@ -4110,6 +3581,48 @@ function setCommonParams(params) {
 async function flush() {
   await getTracker().flush();
 }
+function convertRes2Blob(response) {
+  const contentDisposition = response.headers["content-disposition"];
+  let fileName = "file.xlsx";
+  if (contentDisposition) {
+    const rfc5987Match = contentDisposition.match(/filename\*=UTF-8''([^;]+)/i);
+    if (rfc5987Match) {
+      fileName = decodeURIComponent(rfc5987Match[1]);
+    } else {
+      const standardMatch = contentDisposition.match(/filename[^;=\n]*=((['"]).*?\2|[^;\n]*)/i);
+      if (standardMatch) {
+        fileName = standardMatch[1];
+        fileName = fileName.replace(/^['"]|['"]$/g, "");
+        try {
+          fileName = decodeURIComponent(fileName);
+        } catch (e) {
+          try {
+            fileName = decodeURI(fileName);
+          } catch (e2) {
+          }
+        }
+      }
+    }
+    fileName = fileName.trim().replace(/^_+|_+$/g, "");
+  }
+  const blob = new Blob([response.data], { type: "application/vnd.ms-excel;charset=utf-8" });
+  if (typeof window.navigator.msSaveBlob !== "undefined") {
+    window.navigator.msSaveBlob(blob, fileName);
+  } else {
+    const blobURL = window.URL.createObjectURL(blob);
+    const tempLink = document.createElement("a");
+    tempLink.style.display = "none";
+    tempLink.href = blobURL;
+    tempLink.setAttribute("download", fileName);
+    if (typeof tempLink.download === "undefined") {
+      tempLink.setAttribute("target", "_blank");
+    }
+    document.body.appendChild(tempLink);
+    tempLink.click();
+    document.body.removeChild(tempLink);
+    window.URL.revokeObjectURL(blobURL);
+  }
+}
 var serviceEventHandlers = {
   message: null
 };
@@ -4143,11 +3656,28 @@ function filterEmptyKey(params, emptyString) {
     }
   });
 }
+function isFileUpload(data) {
+  if (!data) return false;
+  if (data instanceof FormData) return true;
+  if (data instanceof File) return true;
+  if (data instanceof Blob) return true;
+  if (data instanceof ArrayBuffer) return true;
+  if (typeof data === "object" && data !== null && !Array.isArray(data)) {
+    const obj = data;
+    return Object.values(obj).some(
+      (value) => value instanceof File || value instanceof Blob || value instanceof FormData
+    );
+  }
+  return false;
+}
 function getTransformRequest(contentType) {
   if (!contentType) {
     return (data) => Qs.stringify(data);
   }
   const normalizedType = contentType.toLowerCase().trim();
+  if (normalizedType.startsWith("multipart/form-data")) {
+    return void 0;
+  }
   if (normalizedType.startsWith("application/json")) {
     return (data) => JSON.stringify(data);
   }
@@ -4168,6 +3698,15 @@ var service = axios.create({
 });
 service.interceptors.request.use(
   async (config) => {
+    const isFileUploadRequest = isFileUpload(config.data);
+    if (isFileUploadRequest) {
+      if (config.headers) {
+        delete config.headers["Content-Type"];
+        delete config.headers["content-type"];
+      }
+      config.transformRequest = void 0;
+      return config;
+    }
     const contentType = config.headers?.["Content-Type"] || config.headers?.["content-type"];
     if (!config.transformRequest && contentType) {
       const transformRequest = getTransformRequest(
@@ -4180,9 +3719,11 @@ service.interceptors.request.use(
       config.transformRequest = (data) => Qs.stringify(data);
     }
     if (config.method === "post" || config.method === "put" || config.method === "patch") {
-      const params = { ...config.data || {} };
-      filterEmptyKey(params, config.emptyParams ?? false);
-      config.data = params;
+      if (config.data && typeof config.data === "object" && !isFileUploadRequest) {
+        const params = { ...config.data || {} };
+        filterEmptyKey(params, config.emptyParams ?? false);
+        config.data = params;
+      }
     } else if (config.method === "get" || config.method === "delete") {
       if (!config.disableTimestamp) {
         config.params = {
@@ -4266,19 +3807,7 @@ service.interceptors.response.use(
       if (status === 401) {
         handle401Error(config, error);
       }
-      if (isAborted && config && !config._noAutoRetry) {
-        config._retryCount = config._retryCount || 0;
-        if (config._retryCount < 2) {
-          config._retryCount++;
-          console.debug(
-            `[request] aborted, retry attempt #${config._retryCount} -> ${config.url || ""}`
-          );
-          return new Promise((resolve) => setTimeout(resolve, 300)).then(
-            () => service.request(config)
-          );
-        }
-      }
-      if (!config?.hidden && !isAborted) {
+      if (!config?.hidden && !isAborted && status !== 401) {
         let friendly = messageText;
         if (status === 403) friendly = "No permission";
         else if (status === 502) friendly = "System is upgrading or unavailable";
@@ -4304,7 +3833,7 @@ service.json = function(url, params, config) {
   };
   return service.post(
     url,
-    Array.isArray(params) ? params : params,
+    params,
     newConfig
   );
 };
@@ -4313,7 +3842,13 @@ service.put = function(url, params, config) {
     headers: { "Content-Type": "application/json", ...config?.headers },
     ...config
   };
-  return service.put(url, Array.isArray(params) ? params : params, newConfig).then((res) => res);
+  const data = Array.isArray(params) ? params : params;
+  return service.request({
+    url,
+    method: "put",
+    data,
+    ...newConfig
+  }).then((res) => res);
 };
 service.arrayGet = function(url, config) {
   if (config) {
@@ -4342,47 +3877,5 @@ service.download = function(url, config = {}) {
     return service.post(url, params, newConfig).then(() => void 0);
   }
 };
-function convertRes2Blob(response) {
-  const contentDisposition = response.headers["content-disposition"];
-  let fileName = "file.xlsx";
-  if (contentDisposition) {
-    const rfc5987Match = contentDisposition.match(/filename\*=UTF-8''([^;]+)/i);
-    if (rfc5987Match) {
-      fileName = decodeURIComponent(rfc5987Match[1]);
-    } else {
-      const standardMatch = contentDisposition.match(/filename[^;=\n]*=((['"]).*?\2|[^;\n]*)/i);
-      if (standardMatch) {
-        fileName = standardMatch[1];
-        fileName = fileName.replace(/^['"]|['"]$/g, "");
-        try {
-          fileName = decodeURIComponent(fileName);
-        } catch (e) {
-          try {
-            fileName = decodeURI(fileName);
-          } catch (e2) {
-          }
-        }
-      }
-    }
-    fileName = fileName.trim().replace(/^_+|_+$/g, "");
-  }
-  const blob = new Blob([response.data], { type: "application/vnd.ms-excel;charset=utf-8" });
-  if (typeof window.navigator.msSaveBlob !== "undefined") {
-    window.navigator.msSaveBlob(blob, fileName);
-  } else {
-    const blobURL = window.URL.createObjectURL(blob);
-    const tempLink = document.createElement("a");
-    tempLink.style.display = "none";
-    tempLink.href = blobURL;
-    tempLink.setAttribute("download", fileName);
-    if (typeof tempLink.download === "undefined") {
-      tempLink.setAttribute("target", "_blank");
-    }
-    document.body.appendChild(tempLink);
-    tempLink.click();
-    document.body.removeChild(tempLink);
-    window.URL.revokeObjectURL(blobURL);
-  }
-}
-export { $, $$, BinaryTree, ChunkUploader, DataQueue, Graph, LRUCache, LinkedList, Queue, Stack, Tracker, UploadStatus, addClass, addDays, addMonths, addYears, aesGCMDecrypt, aesGCMEncrypt, base64Decode, base64Encode, batch, binarySearch, bubbleSort, buildUrl, calculateBlobMD5, calculateFileMD5, camelCase, capitalize, ceil, checkOnline, chunk, clamp, clearPersistedKeys, compact, computeHMAC, contrast, cookie, copyToClipboard, createSecureStorage, createTracker, createTranslator, createUploader, csvToJson, darken, debounce, deepClone, deepMerge, defaults, deriveKeyFromPassword, diffDays, difference, downloadFile, drop, dropWhile, endOfDay, escapeHtml, exportPrivateKey, exportPublicKey, factorial, fetchWithRetry, fetchWithTimeout, fibonacci, fibonacciSequence, findIndexBy, flatten, floor, flush, formatBytes, formatCurrency, formatCurrencyI18n, formatDate, formatDateI18n, formatFileSize, formatNumber, formatNumberI18n, formatRelativeTime, gcd, generateHMACKey, generateRSAKeyPair, generateRandomString, generateUUID, get, getDateFormatByGMT, getElementOffset, getFileExtension, getFileNameWithoutExtension, getKeyUsageCount, getLocale, getQuarter, getQueryParams, getRelativeTime, getScrollPosition, getStorageKeyPair, getStyle, getTimeFromGMT, getTracker, getWeekNumber, groupBy, hash, hexToRgb, highlight, hslToRgb, importPrivateKey, importPublicKey, initTracker, initializeStorageKeys, intersection, invert, isAbsoluteUrl, isBetween, isEmpty, isEmptyObject, isEqual, isFloat, isInViewport, isInteger, isNumeric, isToday, isValidDomain, isValidEmail, isValidHexColor, isValidIP, isValidIdCard, isValidJSON, isValidPhone, isValidUUID, isValidUrl, isWeekday, isWeekend, isYesterday, joinUrl, jsonToCsv, jsonToXml, jsonToYaml, kebabCase, keys, lcm, lighten, mapKeys, mapValues, mask, maskEmail, maskPhone, memoize, merge, mergeSort, mix, normalizeUrl, omit, omitBy, once, parseNumber, parseUrl, partition, pascalCase, percent, pick, pickBy, pluralize, quickSort, random, removeAccents, removeClass, removeQueryParams, request, resetKeyUsageCount, retry, rgbToHex, rgbToHsl, round, rsaDecrypt, rsaEncrypt, sample, scrollTo, secureStorage, set, setCommonParams, setQueryParams, setServiceEventHandlers, setStorageKeyPair, setStyle, setUserInfo, sha256, shuffle, slugify, snakeCase, sortBy, splitFileIntoChunks, startOfDay, take, takeWhile, template, throttle, timeout, toFixed, toggleClass, trackClick, trackEvent, trackExposure, trackPageView, transform, translate, truncate, unescapeHtml, union, unique, unzip, updateQueryParams, uploadFile, values, verifyHMAC, xmlToJson, yamlToJson, zip };
+export { $, $$, BinaryTree, ChunkUploader, DataQueue, Graph, LRUCache, LinkedList, Queue, SecureStorage, Stack, Tracker, UploadStatus, addClass, addDays, addMonths, addYears, base64Encode, batch, binarySearch, bubbleSort, buildUrl, calculateBlobMD5, calculateFileMD5, camelCase, capitalize, ceil, checkOnline, chunk, clamp, compact, contrast, copyToClipboard, createTracker, createTranslator, createUploader, csvToJson, darken, debounce, decryptJsonWithAES, decryptWithEnvPrivateKey, deepClone, deepMerge, defaults, diffDays, difference, downloadFile, drop, dropWhile, encryptJsonWithAES, encryptWithEnvPublicKey, endOfDay, escapeHtml, factorial, fetchWithRetry, fetchWithTimeout, fibonacci, fibonacciSequence, findIndexBy, flatten, floor, flush, formatBytes, formatCurrency, formatCurrencyI18n, formatDate, formatDateI18n, formatFileSize, formatNumber, formatNumberI18n, formatRelativeTime, gcd, generateRSAKeyPair, generateRandomAESKeyString, get, getDateFormatByGMT, getElementOffset, getEnvPrivateKey, getEnvPublicKey, getFileExtension, getFileNameWithoutExtension, getLocale, getQuarter, getQueryParams, getRelativeTime, getScrollPosition, getStyle, getTimeFromGMT, getTracker, getWeekNumber, groupBy, hexToRgb, highlight, hslToRgb, initTracker, intersection, invert, isAbsoluteUrl, isBetween, isEmpty, isEmptyObject, isEqual, isFloat, isInViewport, isInteger, isNumeric, isToday, isValidDomain, isValidEmail, isValidHexColor, isValidIP, isValidIdCard, isValidJSON, isValidPhone, isValidUUID, isValidUrl, isWeekday, isWeekend, isYesterday, joinUrl, jsonToCsv, jsonToXml, jsonToYaml, kebabCase, keys, lcm, lighten, mapKeys, mapValues, mask, maskEmail, maskPhone, memoize, merge, mergeSort, mix, normalizeUrl, omit, omitBy, once, parseNumber, parseUrl, partition, pascalCase, percent, pick, pickBy, pluralize, quickSort, random, removeAccents, removeClass, removeQueryParams, request, retry, rgbToHex, rgbToHsl, round, rsaDecrypt, rsaEncrypt, sample, scrollTo, secureStorage, set, setCommonParams, setQueryParams, setServiceEventHandlers, setStyle, setUserInfo, shuffle, slugify, snakeCase, sortBy, splitFileIntoChunks, startOfDay, take, takeWhile, template, throttle, timeout, toFixed, toggleClass, trackClick, trackEvent, trackExposure, trackPageView, transform, translate, truncate, unescapeHtml, union, unique, unzip, updateQueryParams, uploadFile, values, xmlToJson, yamlToJson, zip };