@cloudbase/oauth 2.6.3-beta.0 → 2.6.5-beta.0

package/src/index.ts

@@ -1,33 +1,10 @@
 import { OAuth2Client } from './oauth2client/oauth2client'
-
 import { AuthOptions, Auth } from './auth/apis'
-
-import * as authModels from './auth/models'
-
-export { Syntax, ErrorType } from './oauth2client/consts'
-
-export {
-  defaultStorage,
-  defaultRequest,
-  ToResponseErrorOptions,
-  toResponseError,
-  generateRequestId,
-  OAuth2Client,
-} from './oauth2client/oauth2client'
-
-export { AuthClient, SimpleStorage } from './oauth2client/interface'
-
-export {
-  Credentials,
-  ResponseError,
-  OAuth2ClientOptions,
-  AuthClientRequestOptions,
-} from './oauth2client/models'
-
-export { AuthOptions, Auth } from './auth/apis'
-export { authModels }
-export {  ApiUrls } from './auth/consts'
-
+export { Auth } from './auth/apis'
+export * as authModels from './auth/models'
+export type { ProviderProfile } from './auth/models'
+export type { Credentials, OAuth2ClientOptions, ResponseError, AuthClientRequestOptions } from './oauth2client/models'
+export type { AuthOptions } from './auth/apis'
 
 export class CloudbaseOAuth {
   public oauth2client: OAuth2Client
@@ -53,4 +30,3 @@ export class CloudbaseOAuth {
     })
   }
 }
-

package/src/oauth2client/consts.ts

@@ -1,4 +1,4 @@
-import { ErrorType as _ErrorType } from '../auth/consts'
+export { ErrorType } from '../auth/consts'
 export enum Syntax {
   CLIENT_ID = 'client_id',
   CLIENT_SECRET = 'client_secret',
@@ -18,53 +18,3 @@ export enum Syntax {
   PASSWORD = 'password',
   REFRESH_TOKEN = 'refresh_token',
 }
-
-export enum ErrorType {
-  UNREACHABLE = 'unreachable',
-  LOCAL = 'local',
-  CANCELLED = 'cancelled',
-  UNKNOWN = 'unknown',
-  INVALID_ARGUMENT = 'invalid_argument',
-  DEADLINE_EXCEEDED = 'deadline_exceeded',
-  NOT_FOUND = 'not_found',
-  ALREADY_EXISTS = 'already_exists',
-  PERMISSION_DENIED = 'permission_denied',
-  UNAUTHENTICATED = 'unauthenticated',
-  RESOURCE_EXHAUSTED = 'resource_exhausted',
-  FAILED_PRECONDITION = 'failed_precondition',
-  ABORTED = 'aborted',
-  OUT_OF_RANGE = 'out_of_range',
-  UNIMPLEMENTED = 'unimplemented',
-  INTERNAL = 'internal',
-  UNAVAILABLE = 'unavailable',
-  DATA_LOSS = 'data_loss',
-  // CommonError
-  CAPTCHA_REQUIRED = _ErrorType.CAPTCHA_REQUIRED,
-  CAPTCHA_INVALID = _ErrorType.CAPTCHA_INVALID,
-  INVALID_PASSWORD = 'invalid_password',
-  INVALID_STATUS = 'invalid_status',
-  USER_PENDING = 'user_pending',
-  USER_BLOCKED = 'user_blocked',
-  INVALID_VERIFICATION_CODE = 'invalid_verification_code',
-  TWO_FACTOR_REQUIRED = 'two_factor_required',
-  INVALID_TWO_FACTOR = 'invalid_two_factor',
-  INVALID_TWO_FACTOR_RECOVERY = 'invalid_two_factor_recovery',
-  UNDER_REVIEW = 'under_review',
-  INVALID_REQUEST = 'invalid_request',
-  UNAUTHORIZED_CLIENT = 'unauthorized_client',
-  ACCESS_DENIED = 'access_denied',
-  UNSUPPORTED_RESPONSE_TYPE = 'unsupported_response_type',
-  INVALID_SCOPE = 'invalid_scope',
-  INVALID_GRANT = 'invalid_grant',
-  SERVER_ERROR = 'server_error',
-  TEMPORARILY_UNAVAILABLE = 'temporarily_unavailable',
-  INTERACTION_REQUIRED = 'interaction_required',
-  LOGIN_REQUIRED = 'login_required',
-  ACCOUNT_SELECTION_REQUIRED = 'account_selection_required',
-  CONSENT_REQUIRED = 'consent_required',
-  INVALID_REQUEST_URI = 'invalid_request_uri',
-  INVALID_REQUEST_OBJECT = 'invalid_request_object',
-  REQUEST_NOT_SUPPORTED = 'request_not_supported',
-  REQUEST_URI_NOT_SUPPORTED = 'request_uri_not_supported',
-  REGISTRATION_NOT_SUPPORTED = 'registration_not_supported',
-}

package/src/oauth2client/models.ts

@@ -41,6 +41,7 @@ export interface AuthClientRequestOptions extends RequestOptions {
     [key: string]: any;
   } | null;
   withCredentials?: boolean;
+  withBasicAuth?: boolean;
   retry?: number;
   useWxCloud?: boolean;
 

package/src/oauth2client/oauth2client.ts

@@ -1,6 +1,5 @@
 import { ErrorType } from './consts'
 import { ApiUrls, ApiUrlsV2 } from '../auth/consts'
-import adapterForWxMp from 'cloudbase-adapter-wx_mp'
 
 import { AuthClient, SimpleStorage } from './interface'
 
@@ -17,6 +16,8 @@ import { uuidv4 } from '../utils/uuid'
 import { getPathName } from '../utils/index'
 
 import { SinglePromise } from '../utils/function/single-promise'
+import { weBtoa } from '../utils/base64'
+import { isMatch } from '../utils/cloudbase-adapter-wx_mp'
 
 const RequestIdHeaderName = 'x-request-id'
 const DeviceIdHeaderName = 'x-device-id'
@@ -99,12 +100,20 @@ export function generateRequestId(): string {
  * Default Storage.
  */
 class DefaultStorage implements SimpleStorage {
+  /**
+   * 缓存key统一使用后缀区分
+   */
+  private readonly _env: string
+
+  constructor(opts?: { env: string }) {
+    this._env = opts?.env || ''
+  }
   /**
    * Get item.
    * @param {string} key
    */
   async getItem(key: string): Promise<string | null> {
-    return window.localStorage.getItem(key)
+    return window.localStorage.getItem(`${key}${this._env}`)
   }
 
   /**
@@ -112,7 +121,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} key
    */
   async removeItem(key: string): Promise<void> {
-    window.localStorage.removeItem(key)
+    window.localStorage.removeItem(`${key}${this._env}`)
   }
 
   /**
@@ -121,7 +130,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} value
    */
   async setItem(key: string, value: string): Promise<void> {
-    window.localStorage.setItem(key, value)
+    window.localStorage.setItem(`${key}${this._env}`, value)
   }
 
   /**
@@ -129,7 +138,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} key
    */
   getItemSync(key: string): string | null {
-    return window.localStorage.getItem(key)
+    return window.localStorage.getItem(`${key}${this._env}`)
   }
 
   /**
@@ -137,7 +146,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} key
    */
   removeItemSync(key: string): void {
-    window.localStorage.removeItem(key)
+    window.localStorage.removeItem(`${key}${this._env}`)
   }
 
   /**
@@ -146,7 +155,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} value
    */
   setItemSync(key: string, value: string): void {
-    window.localStorage.setItem(key, value)
+    window.localStorage.setItem(`${key}${this._env}`, value)
   }
 }
 
@@ -289,6 +298,7 @@ export class OAuth2Client implements AuthClient {
   private singlePromise: SinglePromise = new SinglePromise()
   private anonymousSignInFunc: (Credentials) => Promise<Credentials | void>
   private wxCloud: any
+  private basicAuth: string
 
   /**
    * constructor
@@ -312,9 +322,12 @@ export class OAuth2Client implements AuthClient {
       storage: this.storage,
     })
     this.clientSecret = options.clientSecret
+    if (options.clientId !== '') {
+      this.basicAuth = `Basic ${weBtoa(`${options.clientId}:${options.clientSecret}`)}`
+    }
     this.wxCloud = options.wxCloud
     try {
-      if (adapterForWxMp.isMatch() && this.wxCloud === undefined && options.env) {
+      if (isMatch() && this.wxCloud === undefined && options.env) {
         wx.cloud.init({ env: options.env })
         this.wxCloud = wx.cloud
       }
@@ -370,6 +383,9 @@ export class OAuth2Client implements AuthClient {
       const deviceId = await this.getDeviceId()
       options.headers[DeviceIdHeaderName] = deviceId
     }
+    if (options?.withBasicAuth && this.basicAuth) {
+      options.headers.Authorization = this.basicAuth
+    }
     if (options?.withCredentials) {
       const credentials = await this.getCredentials()
       if (credentials) {
@@ -416,10 +432,7 @@ export class OAuth2Client implements AuthClient {
     return response
   }
 
-  public async wxCloudCallFunction<T>(
-    url: string,
-    options?: RequestOptions,
-  ): Promise<T> {
+  public async wxCloudCallFunction<T>(url: string, options?: RequestOptions): Promise<T> {
     let result: T | null = null
     let responseError: ResponseError | null = null
     try {
@@ -462,6 +475,9 @@ export class OAuth2Client implements AuthClient {
    */
   public async getCredentials(): Promise<Credentials | null> {
     let credentials: Credentials = await this.localCredentials.getCredentials()
+    if (!credentials) {
+      return this.unAuthenticatedError('credentials not found')
+    }
     if (isCredentialsExpired(credentials)) {
       if (credentials && credentials.scope === 'anonymous') {
         if (this.anonymousSignInFunc) {
@@ -585,12 +601,10 @@ export class OAuth2Client implements AuthClient {
         return this.unAuthenticatedError('no anonymous in credentials')
       }
       try {
-        const newCredentials: Credentials = await this.request('/auth/v1/signin/anonymously', {
+        const newCredentials: Credentials = await this.request(ApiUrls.AUTH_SIGN_IN_ANONYMOUSLY_URL, {
           method: 'POST',
-          body: {
-            client_id: this.clientId,
-            client_secret: this.clientSecret,
-          },
+          withBasicAuth: true,
+          body: {},
         })
         await this.localCredentials.setCredentials(newCredentials)
         return newCredentials

package/src/utils/base64.ts

@@ -0,0 +1,100 @@
+/* eslint-disable */
+// weapp jwt-decode
+const b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
+const b64re = /^(?:[A-Za-z\d+/]{4})*?(?:[A-Za-z\d+/]{2}(?:==)?|[A-Za-z\d+/]{3}=?)?$/
+
+// btoa
+export function weBtoa(string: string) {
+  string = String(string)
+  let bitmap
+  let a
+  let b
+  let c
+  let result = ''
+  let i = 0
+  const rest = string.length % 3
+
+  for (; i < string.length;) {
+    if ((a = string.charCodeAt(i++)) > 255 || (b = string.charCodeAt(i++)) > 255 || (c = string.charCodeAt(i++)) > 255) throw new TypeError('Failed to execute \'btoa\' on \'Window\': The string to be encoded contains characters outside of the Latin1 range.',)
+
+    bitmap = (a << 16) | (b << 8) | c
+    result
+      += b64.charAt((bitmap >> 18) & 63)
+      + b64.charAt((bitmap >> 12) & 63)
+      + b64.charAt((bitmap >> 6) & 63)
+      + b64.charAt(bitmap & 63)
+  }
+
+  return rest ? result.slice(0, rest - 3) + '==='.substring(rest) : result
+}
+// atob
+export const weAtob = function (string: string) {
+  string = String(string).replace(/[\t\n\f\r ]+/g, '')
+  if (!b64re.test(string)) throw new TypeError('Failed to execute \'atob\' on \'Window\': The string to be decoded is not correctly encoded.')
+  string += '=='.slice(2 - (string.length & 3))
+  let bitmap
+  let result = ''
+  let r1
+  let r2
+  let i = 0
+  for (; i < string.length;) {
+    bitmap =      (b64.indexOf(string.charAt(i++)) << 18)
+      | (b64.indexOf(string.charAt(i++)) << 12)
+      | ((r1 = b64.indexOf(string.charAt(i++))) << 6)
+      | (r2 = b64.indexOf(string.charAt(i++)))
+
+    result
+      += r1 === 64
+        ? String.fromCharCode((bitmap >> 16) & 255)
+        : r2 === 64
+          ? String.fromCharCode((bitmap >> 16) & 255, (bitmap >> 8) & 255)
+          : String.fromCharCode((bitmap >> 16) & 255, (bitmap >> 8) & 255, bitmap & 255)
+  }
+  return result
+}
+
+function b64DecodeUnicode(str: string) {
+  return decodeURIComponent(weAtob(str).replace(/(.)/g, (p) => {
+    let code = p.charCodeAt(0).toString(16)
+      .toUpperCase()
+    if (code.length < 2) {
+      code = `0${code}`
+    }
+    return `%${code}`
+  }),)
+}
+
+export function base64_url_decode(str: string) {
+  let output = str.replace(/-/g, '+').replace(/_/g, '/')
+  switch (output.length % 4) {
+    case 0:
+      break
+    case 2:
+      output += '=='
+      break
+    case 3:
+      output += '='
+      break
+    default:
+      throw new Error('Illegal base64url string!')
+  }
+
+  try {
+    return b64DecodeUnicode(output)
+  } catch (err) {
+    return weAtob(output)
+  }
+}
+
+export function weappJwtDecode(token: string, options?: any) {
+  if (typeof token !== 'string') {
+    throw new Error('Invalid token specified')
+  }
+  options = options || {}
+  const pos = options.header === true ? 0 : 1
+  try {
+    return JSON.parse(base64_url_decode(token.split('.')[pos]))
+  } catch (e) {
+    throw new Error(`Invalid token specified: ${e}` ? (e as any).message : '')
+  }
+}

package/src/utils/cloudbase-adapter-wx_mp.ts

@@ -0,0 +1,42 @@
+/**
+ * 判断是否为小程序runtime
+ */
+declare const wx
+declare const Page
+export function isMatch(): boolean {
+  if (typeof wx === 'undefined') {
+    return false
+  }
+  if (typeof Page === 'undefined') {
+    return false
+  }
+  if (!wx.getSystemInfoSync) {
+    return false
+  }
+  if (!wx.getStorageSync) {
+    return false
+  }
+  if (!wx.setStorageSync) {
+    return false
+  }
+  if (!wx.connectSocket) {
+    return false
+  }
+  if (!wx.request) {
+    return false
+  }
+
+  try {
+    if (!wx.getSystemInfoSync()) {
+      return false
+    }
+
+    if (wx.getSystemInfoSync().AppPlatform === 'qq') {
+      return false
+    }
+  } catch (e) {
+    return false
+  }
+
+  return true
+}

package/src/utils/encrypt.ts

@@ -1,7 +1,9 @@
+/**
+ * 魔改的 encryptlong 版本， 只支持 encryptLong 方法
+ * 小程序上 JSEncrypt 为空不支持 @important
+ */
 import JSEncrypt from './encryptlong'
-// import HmacSHA256 from 'crypto-js/hmac-sha256'
-// import WordArray from 'crypto-js/lib-typedarrays'
-import { deepClone } from '.'
+import { deepClone } from './index'
 
 /**
  * 生成RSA公钥加密后的数据
@@ -9,13 +11,13 @@ import { deepClone } from '.'
  * @param param0.payload 加密前的数据
  * @returns {string} 加密后的数据
  */
-export const getEncryptInfo = ({ publicKey = '', payload = {} } = {}) => {
+export const getEncryptInfo = ({ publicKey = '', payload = {} as any } = {}) => {
   if (!publicKey) return ''
 
   try {
     const params = deepClone(payload)
     // 生成RSA实例
-    const rsaInstance = new JSEncrypt()
+    const rsaInstance = new JSEncrypt({})
     // 设置公钥
     rsaInstance.setPublicKey(publicKey)
     // 生成时间戳
@@ -31,7 +33,7 @@ export const getEncryptInfo = ({ publicKey = '', payload = {} } = {}) => {
     // params.nonce = nonce
     // params.signMethod = signMethod
     // rsa公钥加密
-    const encrypted = rsaInstance.encryptLong(JSON.stringify(params))
+    const encrypted = rsaInstance.encryptLong(typeof params === 'object' ? JSON.stringify(params) : params)
 
     return encrypted
   } catch (error) {