@etsoo/appscript 1.1.63 → 1.1.67

package/__tests__/app/CoreApp.ts

@@ -0,0 +1,124 @@
+import {
+    INotificaseBase,
+    INotification,
+    Notification,
+    NotificationCallProps,
+    NotificationContainer,
+    NotificationRenderProps
+} from '@etsoo/notificationbase';
+import { ApiAuthorizationScheme, createClient } from '@etsoo/restclient';
+import { DataTypes, DomUtils, Utils } from '@etsoo/shared';
+import { AddressUtils } from '../../src/address/AddressUtils';
+import { IAppSettings } from '../../src/app/AppSettings';
+import { CoreApp } from '../../src/app/CoreApp';
+import { zhCN } from '../../src/i18n/zhCN';
+
+// Detected country or region
+const { detectedCountry } = DomUtils;
+
+// Detected culture
+const { detectedCulture } = DomUtils;
+
+// Supported cultures
+const supportedCultures: DataTypes.CultureDefinition[] = [zhCN({})];
+
+// Supported regions
+const supportedRegions = ['CN'];
+
+// Class implementation for tests
+class NotificationTest extends Notification<any, NotificationCallProps> {
+    render(props: NotificationRenderProps, className?: string, options?: any) {
+        throw new Error('Method not implemented.');
+    }
+}
+
+class NotificationContainerTest extends NotificationContainer<
+    any,
+    NotificationCallProps
+> {
+    protected addRaw(
+        data: INotificaseBase<any, NotificationCallProps>
+    ): INotification<any, NotificationCallProps> {
+        throw new Error('Method not implemented.');
+    }
+}
+
+// Container
+var container = new NotificationContainerTest((update) => {});
+
+// Arrange
+class CoreAppTest extends CoreApp<IAppSettings, {}, NotificationCallProps> {
+    /**
+     * Constructor
+     * @param settings Settings
+     * @param name Application name
+     */
+    constructor() {
+        super(
+            {
+                /**
+                 * Endpoint of the API service
+                 */
+                endpoint: 'http://{hostname}/com.etsoo.SmartERPApi/api/',
+
+                /**
+                 * App root url
+                 */
+                homepage: '',
+
+                /**
+                 * Web url of the cloud
+                 */
+                webUrl: 'http://localhost',
+
+                // Authorization scheme
+                authScheme: ApiAuthorizationScheme.Bearer,
+
+                // Detected culture
+                detectedCulture,
+
+                // Supported cultures
+                cultures: supportedCultures,
+
+                // Supported regions
+                regions: supportedRegions,
+
+                // Browser's time zone
+                timeZone: Utils.getTimeZone(),
+
+                // Current country or region
+                currentRegion: AddressUtils.getRegion(
+                    supportedRegions,
+                    detectedCountry,
+                    detectedCulture
+                ),
+
+                // Current culture
+                currentCulture: DomUtils.getCulture(
+                    supportedCultures,
+                    detectedCulture
+                )!
+            },
+            createClient(),
+            container,
+            'SmartERP'
+        );
+    }
+
+    freshCountdownUI(callback?: () => PromiseLike<unknown>): void {
+        throw new Error('Method not implemented.');
+    }
+}
+
+const app = new CoreAppTest();
+
+test('Tests for encrypt / decrypt', () => {
+    // Arrange
+    const input = 'Hello, world!';
+    const passphrase = 'My password';
+
+    // Act
+    const encrypted = app.encrypt(input, passphrase);
+    const plain = app.decrypt(encrypted, passphrase);
+    expect(plain).toEqual(input);
+});

package/lib/cjs/app/CoreApp.d.ts

@@ -133,9 +133,10 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * Encrypt message
      * @param message Message
      * @param passphrase Secret passphrase
+     * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string): string;
+    encrypt(message: string, passphrase: string, iterations?: number): string;
     /**
      * Format date to string
      * @param input Input date
@@ -216,6 +217,13 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * @returns Time zone
      */
     getTimeZone(): string | undefined;
+    /**
+     * Hash message, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hash(message: string, passphrase?: string): string;
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -403,16 +411,17 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * Encrypt message
      * @param message Message
      * @param passphrase Secret passphrase
+     * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string): string;
+    encrypt(message: string, passphrase: string, iterations?: number): string;
     /**
      * Enchance secret passphrase
      * @param passphrase Secret passphrase
-     * @param miliseconds Miliseconds
+     * @param timestamp Timestamp
      * @returns Enhanced passphrase
      */
-    protected encryptionEnhance(passphrase: string, miliseconds: number): string;
+    protected encryptionEnhance(passphrase: string, timestamp: string): string;
     /**
      * Format date to string
      * @param input Input date
@@ -488,6 +497,13 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * @returns Time zone
      */
     getTimeZone(): string | undefined;
+    /**
+     * Hash message, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hash(message: string, passphrase?: string): string;
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check

package/lib/cjs/app/CoreApp.js

@@ -203,10 +203,25 @@ class CoreApp {
      * @returns Pure text
      */
     decrypt(messageEncrypted, passphrase) {
-        const pos = messageEncrypted.indexOf('M');
-        const miliseconds = parseInt(messageEncrypted.substring(0, pos));
+        // Timestamp splitter
+        const pos = messageEncrypted.indexOf('+');
+        const timestamp = messageEncrypted.substring(0, pos);
         const message = messageEncrypted.substring(pos + 1);
-        return crypto_js_1.AES.decrypt(message, this.encryptionEnhance(passphrase, miliseconds)).toString();
+        // Iterations
+        const iterations = parseInt(message.substring(0, 2), 10);
+        const salt = crypto_js_1.enc.Hex.parse(message.substring(2, 34));
+        const iv = crypto_js_1.enc.Hex.parse(message.substring(34, 66));
+        const encrypted = message.substring(66);
+        const key = (0, crypto_js_1.PBKDF2)(this.encryptionEnhance(passphrase, timestamp), salt, {
+            keySize: 8,
+            hasher: crypto_js_1.algo.SHA256,
+            iterations: 1000 * iterations
+        });
+        return crypto_js_1.AES.decrypt(encrypted, key, {
+            iv,
+            padding: crypto_js_1.pad.Pkcs7,
+            mode: crypto_js_1.mode.CBC
+        }).toString(crypto_js_1.enc.Utf8);
     }
     /**
      * Detect IP data, call only one time
@@ -245,23 +260,43 @@ class CoreApp {
      * Encrypt message
      * @param message Message
      * @param passphrase Secret passphrase
+     * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message, passphrase) {
-        const miliseconds = new Date().getUTCMilliseconds();
-        return (miliseconds +
-            'M' +
-            crypto_js_1.AES.encrypt(message, this.encryptionEnhance(passphrase, miliseconds)).toString());
+    encrypt(message, passphrase, iterations) {
+        // Default 1 * 1000
+        iterations !== null && iterations !== void 0 ? iterations : (iterations = 1);
+        // Timestamp
+        const timestamp = shared_1.Utils.numberToChars(new Date().getTime());
+        const bits = 16; // 128 / 8
+        const salt = crypto_js_1.lib.WordArray.random(bits);
+        const key = (0, crypto_js_1.PBKDF2)(this.encryptionEnhance(passphrase, timestamp), salt, {
+            keySize: 8,
+            hasher: crypto_js_1.algo.SHA256,
+            iterations: 1000 * iterations
+        });
+        const iv = crypto_js_1.lib.WordArray.random(bits);
+        return (timestamp +
+            '+' +
+            iterations.toString().padStart(2, '0') +
+            salt.toString(crypto_js_1.enc.Hex) +
+            iv.toString(crypto_js_1.enc.Hex) +
+            crypto_js_1.AES.encrypt(message, key, {
+                iv,
+                padding: crypto_js_1.pad.Pkcs7,
+                mode: crypto_js_1.mode.CBC
+            }).toString() // enc.Base64
+        );
     }
     /**
      * Enchance secret passphrase
      * @param passphrase Secret passphrase
-     * @param miliseconds Miliseconds
+     * @param timestamp Timestamp
      * @returns Enhanced passphrase
      */
-    encryptionEnhance(passphrase, miliseconds) {
+    encryptionEnhance(passphrase, timestamp) {
         var _a;
-        passphrase += miliseconds.toString();
+        passphrase += timestamp;
         passphrase += passphrase.length.toString();
         return passphrase + ((_a = this.passphrase) !== null && _a !== void 0 ? _a : '');
     }
@@ -391,6 +426,18 @@ class CoreApp {
         // settings.timeZone = Utils.getTimeZone()
         return (_a = this.settings.timeZone) !== null && _a !== void 0 ? _a : (_b = this.ipData) === null || _b === void 0 ? void 0 : _b.timezone;
     }
+    /**
+     * Hash message, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hash(message, passphrase) {
+        if (passphrase == null)
+            return (0, crypto_js_1.SHA3)(message, { outputLength: 512 }).toString(crypto_js_1.enc.Base64);
+        else
+            return (0, crypto_js_1.HmacSHA512)(message, passphrase).toString(crypto_js_1.enc.Base64);
+    }
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -540,6 +587,7 @@ class CoreApp {
      */
     userLogin(user, refreshToken, keep = false) {
         this.userData = user;
+        this.passphrase = user.passphrase;
         this.authorize(user.token, refreshToken, keep);
     }
     /**

package/lib/cjs/i18n/en-US.json

@@ -59,6 +59,7 @@
     "status": "Status",
     "submit": "Submit",
     "success": "Success",
+    "timeDifferenceInvalid": "The time difference between the device and the server is {0}, which exceeds the limit of {1} seconds. Please adjust the device time. If it is abnormal, please inform the administrator",
     "tokenExpiry": "Your session is about to expire. Click the Cancel button to continue",
     "yes": "Yes",
     "unknownError": "Unknown Error",

package/lib/cjs/i18n/zh-CN.json

@@ -59,6 +59,7 @@
     "status": "状态",
     "submit": "提交",
     "success": "成功",
+    "timeDifferenceInvalid": "设备时间和服务器时间差为{0}，超过{1}秒的限制，请调整设备时间，如果异常请告知管理员",
     "tokenExpiry": "您的会话即将过期。点击 取消 按钮继续使用",
     "yes": "是",
     "unknownError": "未知错误",

package/lib/cjs/i18n/zh-HK.json

@@ -59,6 +59,7 @@
     "status": "狀態",
     "submit": "提交",
     "success": "成功",
+    "timeDifferenceInvalid": "設備時間和服務器時間差為{0}，超過{1}秒的限制，請調整設備時間，如果異常請告知管理員",
     "tokenExpiry": "您的會話即將過期。點擊 取消 按鈕繼續使用",
     "yes": "是",
     "unknownError": "未知錯誤",

package/lib/cjs/index.d.ts

@@ -25,6 +25,7 @@ export type { IApi, IApiPayload } from '@etsoo/restclient';
 export * from './result/ActionResult';
 export * from './result/ActionResultError';
 export * from './result/IActionResult';
+export * from './result/InitCallResult';
 export * from './state/Culture';
 export * from './state/State';
 export * from './state/User';

package/lib/cjs/index.js

@@ -48,6 +48,7 @@ Object.defineProperty(exports, "createClient", { enumerable: true, get: function
 __exportStar(require("./result/ActionResult"), exports);
 __exportStar(require("./result/ActionResultError"), exports);
 __exportStar(require("./result/IActionResult"), exports);
+__exportStar(require("./result/InitCallResult"), exports);
 // state
 __exportStar(require("./state/Culture"), exports);
 __exportStar(require("./state/State"), exports);

package/lib/cjs/result/InitCallResult.d.ts

@@ -0,0 +1,22 @@
+import { IActionResult, IResultData } from './IActionResult';
+/**
+ * Result data with id, follow this style to extend for specific model
+ */
+export interface InitCallResultData extends IResultData {
+    /**
+     * Secret passphrase
+     */
+    passphrase: string;
+    /**
+     * Actual seconds gap
+     */
+    seconds: number;
+    /**
+     * Valid seconds gap
+     */
+    validSeconds: number;
+}
+/**
+ * Init call result
+ */
+export declare type InitCallResult = IActionResult<InitCallResultData>;

package/lib/cjs/result/InitCallResult.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cjs/state/User.d.ts

@@ -27,6 +27,10 @@ export interface IUserData {
      * Access token
      */
     readonly token: string;
+    /**
+     * Secret passphrase
+     */
+    readonly passphrase: string;
 }
 /**
  * User interface

package/lib/mjs/app/CoreApp.d.ts

@@ -133,9 +133,10 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * Encrypt message
      * @param message Message
      * @param passphrase Secret passphrase
+     * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string): string;
+    encrypt(message: string, passphrase: string, iterations?: number): string;
     /**
      * Format date to string
      * @param input Input date
@@ -216,6 +217,13 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * @returns Time zone
      */
     getTimeZone(): string | undefined;
+    /**
+     * Hash message, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hash(message: string, passphrase?: string): string;
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -403,16 +411,17 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * Encrypt message
      * @param message Message
      * @param passphrase Secret passphrase
+     * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string): string;
+    encrypt(message: string, passphrase: string, iterations?: number): string;
     /**
      * Enchance secret passphrase
      * @param passphrase Secret passphrase
-     * @param miliseconds Miliseconds
+     * @param timestamp Timestamp
      * @returns Enhanced passphrase
      */
-    protected encryptionEnhance(passphrase: string, miliseconds: number): string;
+    protected encryptionEnhance(passphrase: string, timestamp: string): string;
     /**
      * Format date to string
      * @param input Input date
@@ -488,6 +497,13 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * @returns Time zone
      */
     getTimeZone(): string | undefined;
+    /**
+     * Hash message, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hash(message: string, passphrase?: string): string;
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check

package/lib/mjs/app/CoreApp.js

@@ -1,7 +1,7 @@
 import { NotificationAlign, NotificationMessageType } from '@etsoo/notificationbase';
 import { ApiDataError } from '@etsoo/restclient';
-import { DateUtils, DomUtils, NumberUtils, StorageUtils } from '@etsoo/shared';
-import { AES } from 'crypto-js';
+import { DateUtils, DomUtils, NumberUtils, StorageUtils, Utils } from '@etsoo/shared';
+import { AES, algo, enc, HmacSHA512, lib, mode, pad, PBKDF2, SHA3 } from 'crypto-js';
 import { AddressRegion } from '../address/AddressRegion';
 import { AddressUtils } from '../address/AddressUtils';
 import { ActionResultError } from '../result/ActionResultError';
@@ -200,10 +200,25 @@ export class CoreApp {
      * @returns Pure text
      */
     decrypt(messageEncrypted, passphrase) {
-        const pos = messageEncrypted.indexOf('M');
-        const miliseconds = parseInt(messageEncrypted.substring(0, pos));
+        // Timestamp splitter
+        const pos = messageEncrypted.indexOf('+');
+        const timestamp = messageEncrypted.substring(0, pos);
         const message = messageEncrypted.substring(pos + 1);
-        return AES.decrypt(message, this.encryptionEnhance(passphrase, miliseconds)).toString();
+        // Iterations
+        const iterations = parseInt(message.substring(0, 2), 10);
+        const salt = enc.Hex.parse(message.substring(2, 34));
+        const iv = enc.Hex.parse(message.substring(34, 66));
+        const encrypted = message.substring(66);
+        const key = PBKDF2(this.encryptionEnhance(passphrase, timestamp), salt, {
+            keySize: 8,
+            hasher: algo.SHA256,
+            iterations: 1000 * iterations
+        });
+        return AES.decrypt(encrypted, key, {
+            iv,
+            padding: pad.Pkcs7,
+            mode: mode.CBC
+        }).toString(enc.Utf8);
     }
     /**
      * Detect IP data, call only one time
@@ -242,23 +257,43 @@ export class CoreApp {
      * Encrypt message
      * @param message Message
      * @param passphrase Secret passphrase
+     * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message, passphrase) {
-        const miliseconds = new Date().getUTCMilliseconds();
-        return (miliseconds +
-            'M' +
-            AES.encrypt(message, this.encryptionEnhance(passphrase, miliseconds)).toString());
+    encrypt(message, passphrase, iterations) {
+        // Default 1 * 1000
+        iterations !== null && iterations !== void 0 ? iterations : (iterations = 1);
+        // Timestamp
+        const timestamp = Utils.numberToChars(new Date().getTime());
+        const bits = 16; // 128 / 8
+        const salt = lib.WordArray.random(bits);
+        const key = PBKDF2(this.encryptionEnhance(passphrase, timestamp), salt, {
+            keySize: 8,
+            hasher: algo.SHA256,
+            iterations: 1000 * iterations
+        });
+        const iv = lib.WordArray.random(bits);
+        return (timestamp +
+            '+' +
+            iterations.toString().padStart(2, '0') +
+            salt.toString(enc.Hex) +
+            iv.toString(enc.Hex) +
+            AES.encrypt(message, key, {
+                iv,
+                padding: pad.Pkcs7,
+                mode: mode.CBC
+            }).toString() // enc.Base64
+        );
     }
     /**
      * Enchance secret passphrase
      * @param passphrase Secret passphrase
-     * @param miliseconds Miliseconds
+     * @param timestamp Timestamp
      * @returns Enhanced passphrase
      */
-    encryptionEnhance(passphrase, miliseconds) {
+    encryptionEnhance(passphrase, timestamp) {
         var _a;
-        passphrase += miliseconds.toString();
+        passphrase += timestamp;
         passphrase += passphrase.length.toString();
         return passphrase + ((_a = this.passphrase) !== null && _a !== void 0 ? _a : '');
     }
@@ -388,6 +423,18 @@ export class CoreApp {
         // settings.timeZone = Utils.getTimeZone()
         return (_a = this.settings.timeZone) !== null && _a !== void 0 ? _a : (_b = this.ipData) === null || _b === void 0 ? void 0 : _b.timezone;
     }
+    /**
+     * Hash message, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hash(message, passphrase) {
+        if (passphrase == null)
+            return SHA3(message, { outputLength: 512 }).toString(enc.Base64);
+        else
+            return HmacSHA512(message, passphrase).toString(enc.Base64);
+    }
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -537,6 +584,7 @@ export class CoreApp {
      */
     userLogin(user, refreshToken, keep = false) {
         this.userData = user;
+        this.passphrase = user.passphrase;
         this.authorize(user.token, refreshToken, keep);
     }
     /**

package/lib/mjs/i18n/en-US.json

@@ -59,6 +59,7 @@
     "status": "Status",
     "submit": "Submit",
     "success": "Success",
+    "timeDifferenceInvalid": "The time difference between the device and the server is {0}, which exceeds the limit of {1} seconds. Please adjust the device time. If it is abnormal, please inform the administrator",
     "tokenExpiry": "Your session is about to expire. Click the Cancel button to continue",
     "yes": "Yes",
     "unknownError": "Unknown Error",

package/lib/mjs/i18n/zh-CN.json

@@ -59,6 +59,7 @@
     "status": "状态",
     "submit": "提交",
     "success": "成功",
+    "timeDifferenceInvalid": "设备时间和服务器时间差为{0}，超过{1}秒的限制，请调整设备时间，如果异常请告知管理员",
     "tokenExpiry": "您的会话即将过期。点击 取消 按钮继续使用",
     "yes": "是",
     "unknownError": "未知错误",

package/lib/mjs/i18n/zh-HK.json

@@ -59,6 +59,7 @@
     "status": "狀態",
     "submit": "提交",
     "success": "成功",
+    "timeDifferenceInvalid": "設備時間和服務器時間差為{0}，超過{1}秒的限制，請調整設備時間，如果異常請告知管理員",
     "tokenExpiry": "您的會話即將過期。點擊 取消 按鈕繼續使用",
     "yes": "是",
     "unknownError": "未知錯誤",

package/lib/mjs/index.d.ts

@@ -25,6 +25,7 @@ export type { IApi, IApiPayload } from '@etsoo/restclient';
 export * from './result/ActionResult';
 export * from './result/ActionResultError';
 export * from './result/IActionResult';
+export * from './result/InitCallResult';
 export * from './state/Culture';
 export * from './state/State';
 export * from './state/User';

package/lib/mjs/index.js

@@ -33,6 +33,7 @@ export { ApiAuthorizationScheme, createClient } from '@etsoo/restclient';
 export * from './result/ActionResult';
 export * from './result/ActionResultError';
 export * from './result/IActionResult';
+export * from './result/InitCallResult';
 // state
 export * from './state/Culture';
 export * from './state/State';

package/lib/mjs/result/InitCallResult.d.ts

@@ -0,0 +1,22 @@
+import { IActionResult, IResultData } from './IActionResult';
+/**
+ * Result data with id, follow this style to extend for specific model
+ */
+export interface InitCallResultData extends IResultData {
+    /**
+     * Secret passphrase
+     */
+    passphrase: string;
+    /**
+     * Actual seconds gap
+     */
+    seconds: number;
+    /**
+     * Valid seconds gap
+     */
+    validSeconds: number;
+}
+/**
+ * Init call result
+ */
+export declare type InitCallResult = IActionResult<InitCallResultData>;

package/lib/mjs/result/InitCallResult.js

@@ -0,0 +1 @@
+export {};

package/lib/mjs/state/User.d.ts

@@ -27,6 +27,10 @@ export interface IUserData {
      * Access token
      */
     readonly token: string;
+    /**
+     * Secret passphrase
+     */
+    readonly passphrase: string;
 }
 /**
  * User interface

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@etsoo/appscript",
-    "version": "1.1.63",
+    "version": "1.1.67",
     "description": "Applications shared TypeScript framework",
     "main": "lib/cjs/index.js",
     "module": "lib/mjs/index.js",
@@ -23,7 +23,7 @@
         "testMatch": [
             "<rootDir>/__tests__/**/*.ts"
         ],
-        "testEnvironment": "node",
+        "testEnvironment": "jsdom",
         "transform": {
             ".+\\.jsx?$": "babel-jest",
             ".+\\.tsx?$": "ts-jest"
@@ -54,7 +54,7 @@
     "dependencies": {
         "@etsoo/notificationbase": "^1.0.94",
         "@etsoo/restclient": "^1.0.62",
-        "@etsoo/shared": "^1.0.75",
+        "@etsoo/shared": "^1.0.76",
         "@types/crypto-js": "^4.0.2",
         "crypto-js": "^4.1.1"
     },
@@ -65,13 +65,13 @@
         "@babel/preset-env": "^7.16.4",
         "@babel/runtime-corejs3": "^7.16.3",
         "@types/jest": "^27.0.3",
-        "@typescript-eslint/eslint-plugin": "^5.5.0",
-        "@typescript-eslint/parser": "^5.5.0",
-        "eslint": "^8.4.0",
+        "@typescript-eslint/eslint-plugin": "^5.6.0",
+        "@typescript-eslint/parser": "^5.6.0",
+        "eslint": "^8.4.1",
         "eslint-config-airbnb-base": "^15.0.0",
         "eslint-plugin-import": "^2.25.3",
         "jest": "^27.4.3",
-        "ts-jest": "^27.0.7",
+        "ts-jest": "^27.1.0",
         "typescript": "^4.5.2"
     }
 }

package/src/app/CoreApp.ts

@@ -12,9 +12,20 @@ import {
     DateUtils,
     DomUtils,
     NumberUtils,
-    StorageUtils
+    StorageUtils,
+    Utils
 } from '@etsoo/shared';
-import { AES } from 'crypto-js';
+import {
+    AES,
+    algo,
+    enc,
+    HmacSHA512,
+    lib,
+    mode,
+    pad,
+    PBKDF2,
+    SHA3
+} from 'crypto-js';
 import { AddressRegion } from '../address/AddressRegion';
 import { AddressUtils } from '../address/AddressUtils';
 import { ActionResultError } from '../result/ActionResultError';
@@ -183,9 +194,10 @@ export interface ICoreApp<
      * Encrypt message
      * @param message Message
      * @param passphrase Secret passphrase
+     * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string): string;
+    encrypt(message: string, passphrase: string, iterations?: number): string;
 
     /**
      * Format date to string
@@ -289,6 +301,14 @@ export interface ICoreApp<
      */
     getTimeZone(): string | undefined;
 
+    /**
+     * Hash message, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hash(message: string, passphrase?: string): string;
+
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -659,13 +679,33 @@ export abstract class CoreApp<
      * @returns Pure text
      */
     decrypt(messageEncrypted: string, passphrase: string) {
-        const pos = messageEncrypted.indexOf('M');
-        const miliseconds = parseInt(messageEncrypted.substring(0, pos));
+        // Timestamp splitter
+        const pos = messageEncrypted.indexOf('+');
+        const timestamp = messageEncrypted.substring(0, pos);
         const message = messageEncrypted.substring(pos + 1);
-        return AES.decrypt(
-            message,
-            this.encryptionEnhance(passphrase, miliseconds)
-        ).toString();
+
+        // Iterations
+        const iterations = parseInt(message.substring(0, 2), 10);
+
+        const salt = enc.Hex.parse(message.substring(2, 34));
+        const iv = enc.Hex.parse(message.substring(34, 66));
+        const encrypted = message.substring(66);
+
+        const key = PBKDF2(
+            this.encryptionEnhance(passphrase, timestamp),
+            salt,
+            {
+                keySize: 8, // 256 / 32
+                hasher: algo.SHA256,
+                iterations: 1000 * iterations
+            }
+        );
+
+        return AES.decrypt(encrypted, key, {
+            iv,
+            padding: pad.Pkcs7,
+            mode: mode.CBC
+        }).toString(enc.Utf8);
     }
 
     /**
@@ -712,28 +752,51 @@ export abstract class CoreApp<
      * Encrypt message
      * @param message Message
      * @param passphrase Secret passphrase
+     * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string) {
-        const miliseconds = new Date().getUTCMilliseconds();
+    encrypt(message: string, passphrase: string, iterations?: number) {
+        // Default 1 * 1000
+        iterations ??= 1;
+
+        // Timestamp
+        const timestamp = Utils.numberToChars(new Date().getTime());
+
+        const bits = 16; // 128 / 8
+        const salt = lib.WordArray.random(bits);
+        const key = PBKDF2(
+            this.encryptionEnhance(passphrase, timestamp),
+            salt,
+            {
+                keySize: 8, // 256 / 32
+                hasher: algo.SHA256,
+                iterations: 1000 * iterations
+            }
+        );
+        const iv = lib.WordArray.random(bits);
+
         return (
-            miliseconds +
-            'M' +
-            AES.encrypt(
-                message,
-                this.encryptionEnhance(passphrase, miliseconds)
-            ).toString()
+            timestamp +
+            '+' +
+            iterations.toString().padStart(2, '0') +
+            salt.toString(enc.Hex) +
+            iv.toString(enc.Hex) +
+            AES.encrypt(message, key, {
+                iv,
+                padding: pad.Pkcs7,
+                mode: mode.CBC
+            }).toString() // enc.Base64
         );
     }
 
     /**
      * Enchance secret passphrase
      * @param passphrase Secret passphrase
-     * @param miliseconds Miliseconds
+     * @param timestamp Timestamp
      * @returns Enhanced passphrase
      */
-    protected encryptionEnhance(passphrase: string, miliseconds: number) {
-        passphrase += miliseconds.toString();
+    protected encryptionEnhance(passphrase: string, timestamp: string) {
+        passphrase += timestamp;
         passphrase += passphrase.length.toString();
         return passphrase + (this.passphrase ?? '');
     }
@@ -896,6 +959,18 @@ export abstract class CoreApp<
         return this.settings.timeZone ?? this.ipData?.timezone;
     }
 
+    /**
+     * Hash message, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hash(message: string, passphrase?: string) {
+        if (passphrase == null)
+            return SHA3(message, { outputLength: 512 }).toString(enc.Base64);
+        else return HmacSHA512(message, passphrase).toString(enc.Base64);
+    }
+
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -1064,6 +1139,7 @@ export abstract class CoreApp<
      */
     userLogin(user: IUserData, refreshToken: string, keep: boolean = false) {
         this.userData = user;
+        this.passphrase = user.passphrase;
         this.authorize(user.token, refreshToken, keep);
     }
 

package/src/i18n/en-US.json

@@ -59,6 +59,7 @@
     "status": "Status",
     "submit": "Submit",
     "success": "Success",
+    "timeDifferenceInvalid": "The time difference between the device and the server is {0}, which exceeds the limit of {1} seconds. Please adjust the device time. If it is abnormal, please inform the administrator",
     "tokenExpiry": "Your session is about to expire. Click the Cancel button to continue",
     "yes": "Yes",
     "unknownError": "Unknown Error",

package/src/i18n/zh-CN.json

@@ -59,6 +59,7 @@
     "status": "状态",
     "submit": "提交",
     "success": "成功",
+    "timeDifferenceInvalid": "设备时间和服务器时间差为{0}，超过{1}秒的限制，请调整设备时间，如果异常请告知管理员",
     "tokenExpiry": "您的会话即将过期。点击 取消 按钮继续使用",
     "yes": "是",
     "unknownError": "未知错误",

package/src/i18n/zh-HK.json

@@ -59,6 +59,7 @@
     "status": "狀態",
     "submit": "提交",
     "success": "成功",
+    "timeDifferenceInvalid": "設備時間和服務器時間差為{0}，超過{1}秒的限制，請調整設備時間，如果異常請告知管理員",
     "tokenExpiry": "您的會話即將過期。點擊 取消 按鈕繼續使用",
     "yes": "是",
     "unknownError": "未知錯誤",

package/src/index.ts

@@ -42,6 +42,7 @@ export type { IApi, IApiPayload } from '@etsoo/restclient';
 export * from './result/ActionResult';
 export * from './result/ActionResultError';
 export * from './result/IActionResult';
+export * from './result/InitCallResult';
 
 // state
 export * from './state/Culture';

package/src/result/InitCallResult.ts

@@ -0,0 +1,26 @@
+import { IActionResult, IResultData } from './IActionResult';
+
+/**
+ * Result data with id, follow this style to extend for specific model
+ */
+export interface InitCallResultData extends IResultData {
+    /**
+     * Secret passphrase
+     */
+    passphrase: string;
+
+    /**
+     * Actual seconds gap
+     */
+    seconds: number;
+
+    /**
+     * Valid seconds gap
+     */
+    validSeconds: number;
+}
+
+/**
+ * Init call result
+ */
+export type InitCallResult = IActionResult<InitCallResultData>;

package/src/state/User.ts

@@ -33,6 +33,11 @@ export interface IUserData {
      * Access token
      */
     readonly token: string;
+
+    /**
+     * Secret passphrase
+     */
+    readonly passphrase: string;
 }
 
 /**