@dofe/infra-common 0.1.49 → 0.1.51
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,14 +1,25 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* 加密服务
|
|
3
|
-
*
|
|
3
|
+
* 提供 AES-256-GCM 对称加密/解密功能,用于敏感数据保护。
|
|
4
|
+
*
|
|
5
|
+
* 加密格式: AES256:{iv_hex}:{authTag_hex}:{ciphertext_hex}
|
|
6
|
+
*
|
|
7
|
+
* 向后兼容: 不带 AES256: 前缀的数据被视为旧版明文,解密时原样返回。
|
|
8
|
+
* 如果未配置 ENCRYPTION_KEY 环境变量,则回退到透传模式(与旧版行为一致)。
|
|
4
9
|
*/
|
|
5
10
|
export declare class EncryptionService {
|
|
6
11
|
/**
|
|
7
|
-
*
|
|
12
|
+
* 获取加密密钥
|
|
13
|
+
*/
|
|
14
|
+
private getKey;
|
|
15
|
+
/**
|
|
16
|
+
* 加密数据 (AES-256-GCM)
|
|
17
|
+
* 未配置密钥时回退到透传模式
|
|
8
18
|
*/
|
|
9
19
|
encrypt(data: string): string;
|
|
10
20
|
/**
|
|
11
|
-
* 解密数据
|
|
21
|
+
* 解密数据 (AES-256-GCM)
|
|
22
|
+
* 不带 AES256: 前缀的数据视为旧版明文
|
|
12
23
|
*/
|
|
13
24
|
decrypt(encrypted: string): string;
|
|
14
25
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encryption.service.d.ts","sourceRoot":"","sources":["../../../packages/common/src/encryption.service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"encryption.service.d.ts","sourceRoot":"","sources":["../../../packages/common/src/encryption.service.ts"],"names":[],"mappings":"AAOA;;;;;;;;GAQG;AACH,qBACa,iBAAiB;IAC5B;;OAEG;IACH,OAAO,CAAC,MAAM;IAQd;;;OAGG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAa7B;;;OAGG;IACH,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;CA4BnC"}
|
|
@@ -1,31 +1,118 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
2
18
|
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
19
|
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
20
|
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
21
|
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
22
|
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
23
|
};
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
8
41
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
42
|
exports.EncryptionService = void 0;
|
|
10
43
|
const common_1 = require("@nestjs/common");
|
|
44
|
+
const crypto = __importStar(require("crypto"));
|
|
45
|
+
const AES_PREFIX = 'AES256:';
|
|
46
|
+
const KEY_LENGTH = 32; // 256-bit key
|
|
47
|
+
const IV_LENGTH = 16; // 128-bit IV for GCM
|
|
11
48
|
/**
|
|
12
49
|
* 加密服务
|
|
13
|
-
*
|
|
50
|
+
* 提供 AES-256-GCM 对称加密/解密功能,用于敏感数据保护。
|
|
51
|
+
*
|
|
52
|
+
* 加密格式: AES256:{iv_hex}:{authTag_hex}:{ciphertext_hex}
|
|
53
|
+
*
|
|
54
|
+
* 向后兼容: 不带 AES256: 前缀的数据被视为旧版明文,解密时原样返回。
|
|
55
|
+
* 如果未配置 ENCRYPTION_KEY 环境变量,则回退到透传模式(与旧版行为一致)。
|
|
14
56
|
*/
|
|
15
57
|
let EncryptionService = class EncryptionService {
|
|
16
58
|
/**
|
|
17
|
-
*
|
|
59
|
+
* 获取加密密钥
|
|
60
|
+
*/
|
|
61
|
+
getKey() {
|
|
62
|
+
const key = process.env.ENCRYPTION_KEY;
|
|
63
|
+
if (!key || key.length < KEY_LENGTH) {
|
|
64
|
+
return null;
|
|
65
|
+
}
|
|
66
|
+
return Buffer.from(key.slice(0, KEY_LENGTH), 'utf8');
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* 加密数据 (AES-256-GCM)
|
|
70
|
+
* 未配置密钥时回退到透传模式
|
|
18
71
|
*/
|
|
19
72
|
encrypt(data) {
|
|
20
|
-
|
|
21
|
-
|
|
73
|
+
if (data == null)
|
|
74
|
+
return data;
|
|
75
|
+
const key = this.getKey();
|
|
76
|
+
if (!key)
|
|
77
|
+
return data;
|
|
78
|
+
const iv = crypto.randomBytes(IV_LENGTH);
|
|
79
|
+
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
|
|
80
|
+
let encrypted = cipher.update(String(data), 'utf8', 'hex');
|
|
81
|
+
encrypted += cipher.final('hex');
|
|
82
|
+
const authTag = cipher.getAuthTag();
|
|
83
|
+
return `${AES_PREFIX}${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
|
|
22
84
|
}
|
|
23
85
|
/**
|
|
24
|
-
* 解密数据
|
|
86
|
+
* 解密数据 (AES-256-GCM)
|
|
87
|
+
* 不带 AES256: 前缀的数据视为旧版明文
|
|
25
88
|
*/
|
|
26
89
|
decrypt(encrypted) {
|
|
27
|
-
|
|
28
|
-
|
|
90
|
+
if (encrypted == null)
|
|
91
|
+
return encrypted;
|
|
92
|
+
if (typeof encrypted !== 'string' || !encrypted.startsWith(AES_PREFIX)) {
|
|
93
|
+
return encrypted;
|
|
94
|
+
}
|
|
95
|
+
const key = this.getKey();
|
|
96
|
+
if (!key)
|
|
97
|
+
return encrypted;
|
|
98
|
+
try {
|
|
99
|
+
const payload = encrypted.slice(AES_PREFIX.length);
|
|
100
|
+
const sep1 = payload.indexOf(':');
|
|
101
|
+
const sep2 = payload.indexOf(':', sep1 + 1);
|
|
102
|
+
if (sep1 === -1 || sep2 === -1)
|
|
103
|
+
return encrypted;
|
|
104
|
+
const iv = Buffer.from(payload.slice(0, sep1), 'hex');
|
|
105
|
+
const authTag = Buffer.from(payload.slice(sep1 + 1, sep2), 'hex');
|
|
106
|
+
const ciphertext = payload.slice(sep2 + 1);
|
|
107
|
+
const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
|
|
108
|
+
decipher.setAuthTag(authTag);
|
|
109
|
+
let decrypted = decipher.update(ciphertext, 'hex', 'utf8');
|
|
110
|
+
decrypted += decipher.final('utf8');
|
|
111
|
+
return decrypted;
|
|
112
|
+
}
|
|
113
|
+
catch {
|
|
114
|
+
return encrypted;
|
|
115
|
+
}
|
|
29
116
|
}
|
|
30
117
|
};
|
|
31
118
|
exports.EncryptionService = EncryptionService;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encryption.service.js","sourceRoot":"","sources":["../../../packages/common/src/encryption.service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"encryption.service.js","sourceRoot":"","sources":["../../../packages/common/src/encryption.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA4C;AAC5C,+CAAiC;AAEjC,MAAM,UAAU,GAAG,SAAS,CAAC;AAC7B,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,cAAc;AACrC,MAAM,SAAS,GAAG,EAAE,CAAC,CAAE,qBAAqB;AAE5C;;;;;;;;GAQG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAC5B;;OAEG;IACK,MAAM;QACZ,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACvC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,CAAC;IACvD,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,IAAY;QAClB,IAAI,IAAI,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC1B,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAEtB,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC7D,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC3D,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACpC,OAAO,GAAG,UAAU,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;IACtF,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,SAAiB;QACvB,IAAI,SAAS,IAAI,IAAI;YAAE,OAAO,SAAS,CAAC;QACxC,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACvE,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC1B,IAAI,CAAC,GAAG;YAAE,OAAO,SAAS,CAAC;QAE3B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACnD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC;YAC5C,IAAI,IAAI,KAAK,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC;gBAAE,OAAO,SAAS,CAAC;YAEjD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;YACtD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,EAAE,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;YAClE,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;YAE3C,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACjE,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAC7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC3D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACpC,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;CACF,CAAA;AA7DY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;GACA,iBAAiB,CA6D7B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@dofe/infra-common",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.51",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"exports": {
|
|
@@ -395,8 +395,8 @@
|
|
|
395
395
|
"uuid": "^14.0.0",
|
|
396
396
|
"winston": "^3.13.0",
|
|
397
397
|
"zod": "^4.3.6",
|
|
398
|
-
"@dofe/infra-
|
|
399
|
-
"@dofe/infra-
|
|
398
|
+
"@dofe/infra-redis": "^0.1.51",
|
|
399
|
+
"@dofe/infra-contracts": "^0.1.51"
|
|
400
400
|
},
|
|
401
401
|
"dependencies": {
|
|
402
402
|
"@dofe/infra-i18n": "^0.1.48",
|