@cloudbase/oauth 2.5.36-beta.0 → 2.5.38-beta.0

package/src/auth/apis.ts

@@ -41,13 +41,15 @@ import {
   CheckIfUserExistRequest,
   CheckIfUserExistResponse,
   WithSudoRequest,
+  PublicKey,
+  EncryptParams,
 } from './models'
 import { SimpleStorage, RequestFunction } from '../oauth2client/interface'
 import { OAuth2Client, defaultStorage } from '../oauth2client/oauth2client'
 import { Credentials } from '../oauth2client/models'
 import { Captcha } from '../captcha/captcha'
 import { deepClone } from '../utils'
-
+import { getEncryptInfo } from '../utils/encrypt'
 
 export interface AuthOptions {
   apiOrigin: string;
@@ -55,7 +57,7 @@ export interface AuthOptions {
   credentialsClient?: OAuth2Client;
   request?: RequestFunction;
   storage?: SimpleStorage;
-  anonymousSignInFunc?: (Credentials) => Promise<Credentials | void>
+  anonymousSignInFunc?: (Credentials) => Promise<Credentials | void>;
 }
 
 /**
@@ -137,14 +139,18 @@ export class Auth {
       delete res.params.query
     }
 
+    const body = await this.getEncryptParams(res.params)
     const credentials: Credentials = await this.config.request<Credentials>(
       res.url,
       {
         method: 'POST',
-        body: res.params,
-      },
+        body,
+      }
     )
-    await this.config.credentialsClient.setCredentials({ ...credentials, version })
+    await this.config.credentialsClient.setCredentials({
+      ...credentials,
+      version,
+    })
     return Promise.resolve(credentials)
   }
 
@@ -153,14 +159,14 @@ export class Auth {
    * @return {Promise<Credentials>} A Promise<Credentials> object.
    */
   public async signInAnonymously(data: {
-    provider_token?: string
+    provider_token?: string;
   } = {}): Promise<Credentials> {
     const credentials: Credentials = await this.config.request<Credentials>(
       ApiUrls.AUTH_SIGN_IN_ANONYMOUSLY_URL,
       {
         method: 'POST',
         body: data,
-      },
+      }
     )
     await this.config.credentialsClient.setCredentials(credentials)
     return Promise.resolve(credentials)
@@ -177,7 +183,7 @@ export class Auth {
       {
         method: 'POST',
         body: params,
-      },
+      }
     )
     await this.config.credentialsClient.setCredentials(data)
     return Promise.resolve(data)
@@ -188,7 +194,7 @@ export class Auth {
    * @return {Object} A Promise<void> object.
    */
   public async signOut(): Promise<any> {
-    const accessToken: string = await this.config.credentialsClient.getAccessToken()
+    const accessToken: string =      await this.config.credentialsClient.getAccessToken()
     const data = await this.config.request(ApiUrls.AUTH_REVOKE_URL, {
       method: 'POST',
       body: {
@@ -204,7 +210,7 @@ export class Auth {
    * @param {GetVerificationRequest} params A GetVerificationRequest Object.
    * @return {Promise<GetVerificationResponse>} A Promise<GetVerificationResponse> object.
    */
-  public async getVerification(params: GetVerificationRequest,): Promise<GetVerificationResponse> {
+  public async getVerification(params: GetVerificationRequest): Promise<GetVerificationResponse> {
     let withCredentials = false
     // 发送短信时，如果时给当前用户发，则需要带上鉴权信息
     if (params.target === 'CUR_USER') {
@@ -222,7 +228,7 @@ export class Auth {
         body: params,
         withCaptcha: true,
         withCredentials,
-      },
+      }
     )
   }
 
@@ -239,7 +245,10 @@ export class Auth {
     })
 
     if (params?.version === 'v2') {
-      await this.config.credentialsClient.setCredentials({ ...data, version: 'v2' })
+      await this.config.credentialsClient.setCredentials({
+        ...data,
+        version: 'v2',
+      })
     }
 
     return data
@@ -250,9 +259,10 @@ export class Auth {
    * @param {GenProviderRedirectUriRequest} params A GenProviderRedirectUriRequest object.
    * @return {Promise<GenProviderRedirectUriResponse>} A Promise<GenProviderRedirectUriResponse> object.
    */
-  public async genProviderRedirectUri(params: GenProviderRedirectUriRequest,): Promise<GenProviderRedirectUriResponse> {
-    let url = `${ApiUrls.PROVIDER_URI_URL}?client_id=${this.config.clientId
-    }&provider_id=${params.provider_id}&redirect_uri=${encodeURIComponent(params.provider_redirect_uri,)}&state=${params.state}`
+  public async genProviderRedirectUri(params: GenProviderRedirectUriRequest): Promise<GenProviderRedirectUriResponse> {
+    let url = `${ApiUrls.PROVIDER_URI_URL}?client_id=${
+      this.config.clientId
+    }&provider_id=${params.provider_id}&redirect_uri=${encodeURIComponent(params.provider_redirect_uri)}&state=${params.state}`
     const { other_params: otherParams } = params
     if (otherParams) {
       if (
@@ -272,13 +282,13 @@ export class Auth {
    * @param {GrantProviderTokenRequest} params A GrantProviderTokenRequest object.
    * @return {Promise<GrantProviderTokenResponse>} A Promise<GrantProviderTokenResponse> object.
    */
-  public async grantProviderToken(params: GrantProviderTokenRequest,): Promise<GrantProviderTokenResponse> {
+  public async grantProviderToken(params: GrantProviderTokenRequest): Promise<GrantProviderTokenResponse> {
     return this.config.request<GrantProviderTokenResponse>(
       ApiUrls.PROVIDER_TOKEN_URL,
       {
         method: 'POST',
         body: params,
-      },
+      }
     )
   }
 
@@ -287,13 +297,13 @@ export class Auth {
    * @param {PatchProviderTokenRequest} params A PatchProviderTokenRequest object.
    * @return {Promise<PatchProviderTokenResponse>} A Promise<PatchProviderTokenResponse> object.
    */
-  public async patchProviderToken(params: PatchProviderTokenRequest,): Promise<PatchProviderTokenResponse> {
+  public async patchProviderToken(params: PatchProviderTokenRequest): Promise<PatchProviderTokenResponse> {
     return this.config.request<PatchProviderTokenResponse>(
       ApiUrls.PROVIDER_TOKEN_URL,
       {
         method: 'PATCH',
         body: params,
-      },
+      }
     )
   }
 
@@ -302,16 +312,22 @@ export class Auth {
    * @param {SignInWithProviderRequest} params A SignInWithProviderRequest object.
    * @return {Promise<Credentials>} A Promise<Credentials> object.
    */
-  public async signInWithProvider(params: SignInWithProviderRequest,): Promise<Credentials> {
-    const res = this.getParamsByVersion(params, 'AUTH_SIGN_IN_WITH_PROVIDER_URL')
+  public async signInWithProvider(params: SignInWithProviderRequest): Promise<Credentials> {
+    const res = this.getParamsByVersion(
+      params,
+      'AUTH_SIGN_IN_WITH_PROVIDER_URL'
+    )
     const credentials: Credentials = await this.config.request<Credentials>(
       res.url,
       {
         method: 'POST',
         body: res.params,
-      },
+      }
     )
-    await this.config.credentialsClient.setCredentials({ ...credentials, version: params?.version || 'v1' })
+    await this.config.credentialsClient.setCredentials({
+      ...credentials,
+      version: params?.version || 'v1',
+    })
     return Promise.resolve(credentials)
   }
 
@@ -320,7 +336,7 @@ export class Auth {
    * @param {BindWithProviderRequest} params A BindWithProviderRequest object.
    * @return {Promise<void>} A Promise<any> object.
    */
-  public async bindWithProvider(params: BindWithProviderRequest,): Promise<void> {
+  public async bindWithProvider(params: BindWithProviderRequest): Promise<void> {
     return this.config.request<any>(ApiUrls.PROVIDER_BIND_URL, {
       method: 'POST',
       body: params,
@@ -332,7 +348,9 @@ export class Auth {
    * Get the user profile.
    * @return {Promise<UserProfile>} A Promise<UserProfile> object.
    */
-  public async getUserProfile(params: { version?: string }): Promise<UserProfile> {
+  public async getUserProfile(params: {
+    version?: string;
+  }): Promise<UserProfile> {
     return this.getUserInfo(params)
   }
 
@@ -340,7 +358,7 @@ export class Auth {
    * Get the user info.
    * @return {Promise<UserInfo>} A Promise<UserProfile> object.
    */
-  public async getUserInfo(params: { version?: string, query?: string } = {}): Promise<UserInfo> {
+  public async getUserInfo(params: { version?: string; query?: string } = {}): Promise<UserInfo> {
     const res = this.getParamsByVersion(params, 'USER_ME_URL')
 
     if (res.params?.query) {
@@ -373,9 +391,9 @@ export class Auth {
   }
 
   /**
-     * Delete me
-     * @param params
-     */
+   * Delete me
+   * @param params
+   */
   public async deleteMe(params: WithSudoRequest): Promise<UserProfile> {
     const res = this.getParamsByVersion(params, 'USER_ME_URL')
     const url = `${res.url}?${Auth.parseParamsToSearch(res.params)}`
@@ -412,14 +430,14 @@ export class Auth {
    * @param {TransByProviderRequest} params A TransByProviderRequest object.
    * @return {Promise<Credentials>} A Promise<Credentials> object.
    */
-  public async transByProvider(params: TransByProviderRequest,): Promise<Credentials> {
+  public async transByProvider(params: TransByProviderRequest): Promise<Credentials> {
     return this.config.request<Credentials>(
       ApiUrls.USER_TRANS_BY_PROVIDER_URL,
       {
         method: 'PATCH',
         body: params,
         withCredentials: true,
-      },
+      }
     )
   }
 
@@ -458,7 +476,7 @@ export class Auth {
       {
         method: 'DELETE',
         withCredentials: true,
-      },
+      }
     )
   }
 
@@ -515,10 +533,10 @@ export class Auth {
   }
 
   /**
- * updatePasswordByOld 使用旧密码修改密码，如果已经绑定手机号，请先：sudo，再修改密码
- * @param {SetPasswordrRequest} params
- * @return {Promise<any>}
- */
+   * updatePasswordByOld 使用旧密码修改密码，如果已经绑定手机号，请先：sudo，再修改密码
+   * @param {SetPasswordrRequest} params
+   * @return {Promise<any>}
+   */
   public async updatePasswordByOld(params: UpdatePasswordRequest): Promise<void> {
     const sudoToken = await this.sudo({ password: params.old_password })
     return this.setPassword({
@@ -527,7 +545,6 @@ export class Auth {
     })
   }
 
-
   /**
    * sudo
    * @param {sudo} params
@@ -546,7 +563,7 @@ export class Auth {
    * @param {GetVerificationRequest} params A GetVerificationRequest Object.
    * @return {Promise<GetVerificationResponse>} A Promise<GetVerificationResponse> object.
    */
-  public async getCurUserVerification(params: GetVerificationRequest,): Promise<GetVerificationResponse> {
+  public async getCurUserVerification(params: GetVerificationRequest): Promise<GetVerificationResponse> {
     params.target = 'CUR_USER'
     return this.config.request<GetVerificationResponse>(
       ApiUrls.VERIFICATION_URL,
@@ -555,7 +572,7 @@ export class Auth {
         body: params,
         withCredentials: true,
         withCaptcha: true,
-      },
+      }
     )
   }
 
@@ -564,7 +581,7 @@ export class Auth {
    * @param {GetVerificationRequest} params A GetVerificationRequest Object.
    * @return {Promise<GetVerificationResponse>} A Promise<GetVerificationResponse> object.
    */
-  public async changeBindedProvider(params: ChangeBindedProviderRequest,): Promise<ChangeBindedProviderResponse> {
+  public async changeBindedProvider(params: ChangeBindedProviderRequest): Promise<ChangeBindedProviderResponse> {
     return this.config.request<ChangeBindedProviderResponse>(
       `${ApiUrls.PROVIDER_LIST}/${params.provider_id}/trans`,
       {
@@ -573,7 +590,7 @@ export class Auth {
           provider_trans_token: params.trans_token,
         },
         withCredentials: true,
-      },
+      }
     )
   }
 
@@ -595,14 +612,17 @@ export class Auth {
    * @param {QueryUserProfileReq} appended_params A QueryUserProfileReq Object.
    * @return {Promise<UserProfile>} A Promise<UserProfile> object.
    */
-  public async queryUserProfile(params: QueryUserProfileRequest,): Promise<QueryUserProfileResponse> {
+  public async queryUserProfile(params: QueryUserProfileRequest): Promise<QueryUserProfileResponse> {
     // let url = new URL(ApiUrls.USER_QUERY_URL);
     const searchParams = new URLSearchParams(params as any)
     // url.search = searchParams.toString();
-    return this.config.request<QueryUserProfileResponse>(`${ApiUrls.USER_QUERY_URL}?${searchParams.toString()}`, {
-      method: 'GET',
-      withCredentials: true,
-    })
+    return this.config.request<QueryUserProfileResponse>(
+      `${ApiUrls.USER_QUERY_URL}?${searchParams.toString()}`,
+      {
+        method: 'GET',
+        withCredentials: true,
+      }
+    )
   }
 
   /**
@@ -617,7 +637,9 @@ export class Auth {
    * SignInWithCustomTicket custom signIn
    * @constructor
    */
-  public async signInWithCustomTicket(params?: { version?: string}): Promise<Credentials> {
+  public async signInWithCustomTicket(params?: {
+    version?: string;
+  }): Promise<Credentials> {
     const customTicket = await this.getCustomSignTicketFn()
     return this.signInWithProvider({
       ...params,
@@ -665,9 +687,12 @@ export class Auth {
   public async checkIfUserExist(params: CheckIfUserExistRequest): Promise<CheckIfUserExistResponse> {
     const searchParams = new URLSearchParams(params as any)
 
-    return this.config.request<CheckIfUserExistResponse>(`${ApiUrls.CHECK_IF_USER_EXIST}?${searchParams.toString()}`, {
-      method: 'GET',
-    })
+    return this.config.request<CheckIfUserExistResponse>(
+      `${ApiUrls.CHECK_IF_USER_EXIST}?${searchParams.toString()}`,
+      {
+        method: 'GET',
+      }
+    )
   }
 
   public async loginScope(): Promise<string> {
@@ -678,12 +703,59 @@ export class Auth {
     return this.config.credentialsClient.getGroups()
   }
 
-  public async refreshTokenForce(params: { version?: string}) {
-    const credentials: Credentials = await this.config.credentialsClient.getCredentials()
-    return await this.config.credentialsClient.refreshToken({ ...credentials, version: params?.version || 'v1' })
+  public async refreshTokenForce(params: { version?: string }) {
+    const credentials: Credentials =      await this.config.credentialsClient.getCredentials()
+    return await this.config.credentialsClient.refreshToken({
+      ...credentials,
+      version: params?.version || 'v1',
+    })
   }
 
   public async getCredentials() {
     return this.config.credentialsClient.getCredentials()
   }
+
+  /**
+   * get public key for request params encryption
+   * @returns
+   */
+  public async getPublicKey(): Promise<PublicKey> {
+    return this.config.request<PublicKey>(ApiUrlsV2.AUTH_PUBLIC_KEY, {
+      method: 'POST',
+      body: {},
+    })
+  }
+
+  /**
+   * encrypt request params
+   * @param params
+   * @returns
+   */
+  public async getEncryptParams(params: Record<any, any>): Promise<EncryptParams> {
+    const payload = deepClone(params)
+
+    if (!payload.isEncrypt) {
+      return params
+    }
+
+    let publicKey = ''
+    let public_key_thumbprint = ''
+
+    try {
+      const res = await this.getPublicKey()
+      publicKey = res.public_key
+      public_key_thumbprint = res.public_key_thumbprint
+    } catch (error) {}
+
+    if (!publicKey || !public_key_thumbprint) {
+      throw new Error('public_key or public_key_thumbprint is empty')
+    }
+
+    delete payload.isEncrypt
+
+    return {
+      params: getEncryptInfo({ publicKey, payload }),
+      public_key_thumbprint,
+    }
+  }
 }

package/src/auth/consts.ts

@@ -32,7 +32,8 @@ export enum ApiUrlsV2 {
   AUTH_TOKEN_URL = '/auth/v2/token',
   USER_ME_URL = '/auth/v2/user/me',
   VERIFY_URL = '/auth/v2/signin/verificationcode',
-  AUTH_SIGN_IN_WITH_PROVIDER_URL = '/auth/v2/signin/with/provider'
+  AUTH_SIGN_IN_WITH_PROVIDER_URL = '/auth/v2/signin/with/provider',
+  AUTH_PUBLIC_KEY = '/auth/v2/signin/publichkey'
 }
 
 export enum VerificationUsages {

package/src/auth/models.ts

@@ -4,7 +4,7 @@ interface BaseRequest {
 
 export type GetCustomSignTicketFn = () => Promise<string>;
 
-export interface SignInRequest extends BaseRequest {
+export interface SignInRequest extends BaseRequest, EncryptParams  {
   username?: string;
   password?: string;
   verification_token?: string;
@@ -453,3 +453,14 @@ export interface CheckIfUserExistRequest {
 export interface CheckIfUserExistResponse {
   exist: boolean;
 }
+
+export interface PublicKey {
+  public_key: string; // 加密的公钥
+  public_key_thumbprint: string; // 加密的公钥指纹
+}
+
+export interface EncryptParams {
+  isEncrypt?: boolean; // 是否需要加密
+  public_key_thumbprint?: string; // 加密的公钥指纹
+  params?: string; // 加密的数据
+}

package/src/utils/encrypt.ts

@@ -0,0 +1,42 @@
+import JSEncrypt from 'encryptlong'
+import HmacSHA256 from 'crypto-js/hmac-sha256'
+import WordArray from 'crypto-js/lib-typedarrays'
+import { deepClone } from '.'
+
+/**
+ * 生成RSA公钥加密后的数据
+ * @param param0.publicKey RSA公钥
+ * @param param0.payload 加密前的数据
+ * @returns {string} 加密后的数据
+ */
+export const getEncryptInfo = ({ publicKey = '', payload = {} } = {}) => {
+  if (!publicKey) return ''
+
+  try {
+    const params = deepClone(payload)
+    // 生成RSA实例
+    const rsaInstance = new JSEncrypt()
+    // 设置公钥
+    rsaInstance.setPublicKey(publicKey)
+    // 生成时间戳
+    params.timestamp = +new Date()
+    // 确定签名算法
+    const signMethod = 'HmacSHA256'
+    // 生成随机数
+    const nonce = WordArray.random(16).toString()
+    // 生成签名：基本参数、时间戳 + 随机数
+    const signature = HmacSHA256(JSON.stringify(params), nonce).toString()
+    // 将签名放入参数中
+    params.signature = signature
+    params.nonce = nonce
+    params.signMethod = signMethod
+    // rsa公钥加密
+    const encrypted = rsaInstance.encryptLong(JSON.stringify(params))
+
+    return encrypted
+  } catch (error) {
+    //
+  }
+
+  return ''
+}