@etsoo/appscript 1.1.67 → 1.1.68

package/lib/cjs/app/CoreApp.d.ts

@@ -3,6 +3,7 @@ import { ApiDataError, IApi, IPData } from '@etsoo/restclient';
 import { DataTypes, DateUtils } from '@etsoo/shared';
 import { AddressRegion } from '../address/AddressRegion';
 import { IActionResult } from '../result/IActionResult';
+import { InitCallResultData } from '../result/InitCallResult';
 import { IUserData } from '../state/User';
 import { IAppSettings } from './AppSettings';
 import { UserRole } from './UserRole';
@@ -87,10 +88,6 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * User data
      */
     userData?: IUserData;
-    /**
-     * Passphrase for encryption
-     */
-    passphrase?: string;
     /**
      * Search input element
      */
@@ -121,9 +118,10 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * Decrypt message
      * @param messageEncrypted Encrypted message
      * @param passphrase Secret passphrase
+     * @param durationSeconds Duration seconds, <= 12 will be considered as month
      * @returns Pure text
      */
-    decrypt(messageEncrypted: string, passphrase: string): string;
+    decrypt(messageEncrypted: string, passphrase?: string, durationSeconds?: number): string | undefined;
     /**
      * Detect IP data, call only one time
      * @param callback Callback will be called when the IP is ready
@@ -136,7 +134,7 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string, iterations?: number): string;
+    encrypt(message: string, passphrase?: string, iterations?: number): string;
     /**
      * Format date to string
      * @param input Input date
@@ -224,6 +222,13 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * @param passphrase Secret passphrase
      */
     hash(message: string, passphrase?: string): string;
+    /**
+     * Hash message Hex, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hashHex(message: string, passphrase?: string): string;
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -335,10 +340,6 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * User data
      */
     userData?: IUserData;
-    /**
-     * Passphrase for encryption
-     */
-    passphrase?: string;
     /**
      * Response token header field name
      */
@@ -363,6 +364,18 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * Token refresh count down seed
      */
     protected refreshCountdownSeed: number;
+    /**
+     * Device id field name
+     */
+    protected deviceIdField: string;
+    /**
+     * Device id
+     */
+    protected deviceId: string;
+    /**
+     * Passphrase for encryption
+     */
+    protected passphrase: string;
     /**
      * Protected constructor
      * @param settings Settings
@@ -372,6 +385,22 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      */
     protected constructor(settings: S, api: IApi, notifier: INotifier<N, C>, name: string);
     protected setApi(api: IApi): void;
+    /**
+     * Init call
+     * @returns Result
+     */
+    protected initCall(): Promise<void>;
+    /**
+     * Init call update
+     * @param data Result data
+     * @param timestamp Timestamp
+     */
+    protected initCallUpdate(data: InitCallResultData, timestamp: number): void;
+    /**
+     * Init call update fields in local storage
+     * @returns Fields
+     */
+    protected initCallUpdateFields(): string[];
     /**
      * Alert action result
      * @param result Action result
@@ -398,9 +427,10 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * Decrypt message
      * @param messageEncrypted Encrypted message
      * @param passphrase Secret passphrase
+     * @param durationSeconds Duration seconds, <= 12 will be considered as month
      * @returns Pure text
      */
-    decrypt(messageEncrypted: string, passphrase: string): string;
+    decrypt(messageEncrypted: string, passphrase?: string, durationSeconds?: number): string | undefined;
     /**
      * Detect IP data, call only one time
      * @param callback Callback will be called when the IP is ready
@@ -414,7 +444,7 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string, iterations?: number): string;
+    encrypt(message: string, passphrase?: string, iterations?: number): string;
     /**
      * Enchance secret passphrase
      * @param passphrase Secret passphrase
@@ -504,6 +534,13 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * @param passphrase Secret passphrase
      */
     hash(message: string, passphrase?: string): string;
+    /**
+     * Hash message Hex, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hashHex(message: string, passphrase?: string): string;
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check

package/lib/cjs/app/CoreApp.js

@@ -34,10 +34,19 @@ class CoreApp {
          * Token refresh count down seed
          */
         this.refreshCountdownSeed = 0;
+        /**
+         * Device id field name
+         */
+        this.deviceIdField = 'SmartERPDeviceId';
+        /**
+         * Passphrase for encryption
+         */
+        this.passphrase = '***';
         this.settings = settings;
         this.api = api;
         this.notifier = notifier;
         this.name = name;
+        this.deviceId = shared_1.StorageUtils.getLocalData(this.deviceIdField, '');
         this.setApi(api);
         const { currentCulture, currentRegion } = settings;
         this.changeCulture(currentCulture);
@@ -108,6 +117,81 @@ class CoreApp {
             }
         };
     }
+    /**
+     * Init call
+     * @returns Result
+     */
+    async initCall() {
+        var _a;
+        const data = {
+            timestamp: new Date().getTime(),
+            deviceId: this.deviceId === '' ? undefined : this.deviceId
+        };
+        const result = await this.api.put('Auth/WebInitCall', data);
+        if (result == null)
+            return;
+        if (result.data == null) {
+            this.notifier.alert(this.get('noData'));
+            return;
+        }
+        if (!result.ok) {
+            const seconds = result.data.seconds;
+            const validSeconds = result.data.validSeconds;
+            if (result.title === 'timeDifferenceInvalid' &&
+                seconds != null &&
+                validSeconds != null) {
+                const title = (_a = this.get('timeDifferenceInvalid')) === null || _a === void 0 ? void 0 : _a.format(seconds.toString(), validSeconds.toString());
+                this.notifier.alert(title);
+            }
+            else {
+                this.alertResult(result);
+            }
+            return;
+        }
+        this.initCallUpdate(result.data, data.timestamp);
+    }
+    /**
+     * Init call update
+     * @param data Result data
+     * @param timestamp Timestamp
+     */
+    initCallUpdate(data, timestamp) {
+        if (data.deviceId == null || data.passphrase == null)
+            return;
+        // Decrypt
+        // Should be done within 120 seconds after returning from the backend
+        const passphrase = this.decrypt(data.passphrase, timestamp.toString(), 120);
+        if (passphrase == null)
+            return;
+        // Update device id and cache it
+        this.deviceId = data.deviceId;
+        shared_1.StorageUtils.setLocalData(this.deviceIdField, this.deviceId);
+        // Current passphrase
+        this.passphrase = passphrase;
+        // Previous passphrase
+        if (data.previousPassphrase) {
+            const prev = this.decrypt(data.previousPassphrase, timestamp.toString(), 120);
+            // Update
+            const fields = this.initCallUpdateFields();
+            for (const field of fields) {
+                const currentValue = shared_1.StorageUtils.getLocalData(field, '');
+                if (currentValue === '' || currentValue.indexOf('+') === -1)
+                    continue;
+                const newValueSource = this.decrypt(currentValue, prev, 12);
+                if (newValueSource == null)
+                    continue;
+                const newValue = this.encrypt(newValueSource);
+                shared_1.StorageUtils.setLocalData(field, newValue);
+            }
+        }
+    }
+    /**
+     * Init call update fields in local storage
+     * @returns Fields
+     */
+    initCallUpdateFields() {
+        return [];
+    }
     /**
      * Alert action result
      * @param result Action result
@@ -200,19 +284,35 @@ class CoreApp {
      * Decrypt message
      * @param messageEncrypted Encrypted message
      * @param passphrase Secret passphrase
+     * @param durationSeconds Duration seconds, <= 12 will be considered as month
      * @returns Pure text
      */
-    decrypt(messageEncrypted, passphrase) {
+    decrypt(messageEncrypted, passphrase, durationSeconds) {
         // Timestamp splitter
         const pos = messageEncrypted.indexOf('+');
+        if (pos === -1 || messageEncrypted.length <= 66)
+            return undefined;
         const timestamp = messageEncrypted.substring(0, pos);
         const message = messageEncrypted.substring(pos + 1);
+        if (durationSeconds != null && durationSeconds > 0) {
+            const milseconds = shared_1.Utils.charsToNumber(timestamp);
+            if (isNaN(milseconds) || milseconds < 1)
+                return undefined;
+            const timespan = new Date().substract(new Date(milseconds));
+            if ((durationSeconds <= 12 &&
+                timespan.totalMonths > durationSeconds) ||
+                (durationSeconds > 12 &&
+                    timespan.totalSeconds > durationSeconds))
+                return undefined;
+        }
         // Iterations
         const iterations = parseInt(message.substring(0, 2), 10);
+        if (isNaN(iterations))
+            return undefined;
         const salt = crypto_js_1.enc.Hex.parse(message.substring(2, 34));
         const iv = crypto_js_1.enc.Hex.parse(message.substring(34, 66));
         const encrypted = message.substring(66);
-        const key = (0, crypto_js_1.PBKDF2)(this.encryptionEnhance(passphrase, timestamp), salt, {
+        const key = (0, crypto_js_1.PBKDF2)(this.encryptionEnhance(passphrase !== null && passphrase !== void 0 ? passphrase : this.passphrase, timestamp), salt, {
             keySize: 8,
             hasher: crypto_js_1.algo.SHA256,
             iterations: 1000 * iterations
@@ -270,7 +370,7 @@ class CoreApp {
         const timestamp = shared_1.Utils.numberToChars(new Date().getTime());
         const bits = 16; // 128 / 8
         const salt = crypto_js_1.lib.WordArray.random(bits);
-        const key = (0, crypto_js_1.PBKDF2)(this.encryptionEnhance(passphrase, timestamp), salt, {
+        const key = (0, crypto_js_1.PBKDF2)(this.encryptionEnhance(passphrase !== null && passphrase !== void 0 ? passphrase : this.passphrase, timestamp), salt, {
             keySize: 8,
             hasher: crypto_js_1.algo.SHA256,
             iterations: 1000 * iterations
@@ -295,10 +395,9 @@ class CoreApp {
      * @returns Enhanced passphrase
      */
     encryptionEnhance(passphrase, timestamp) {
-        var _a;
         passphrase += timestamp;
         passphrase += passphrase.length.toString();
-        return passphrase + ((_a = this.passphrase) !== null && _a !== void 0 ? _a : '');
+        return passphrase;
     }
     /**
      * Format date to string
@@ -360,7 +459,19 @@ class CoreApp {
      * @param forceToLocal Force to local labels
      */
     formatResult(result, forceToLocal) {
-        if ((result.title == null || forceToLocal) && result.type != null) {
+        const title = result.title;
+        if (title && /^\w+$/.test(title)) {
+            const key = title.formatInitial(false);
+            const localTitle = this.get(key);
+            if (localTitle) {
+                result.title = localTitle;
+                // Hold the original title in type when type is null
+                if (result.type == null)
+                    result.type = title;
+            }
+        }
+        else if ((title == null || forceToLocal) && result.type != null) {
+            // Get label from type
             const key = result.type.formatInitial(false);
             result.title = this.get(key);
         }
@@ -438,6 +549,18 @@ class CoreApp {
         else
             return (0, crypto_js_1.HmacSHA512)(message, passphrase).toString(crypto_js_1.enc.Base64);
     }
+    /**
+     * Hash message Hex, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hashHex(message, passphrase) {
+        if (passphrase == null)
+            return (0, crypto_js_1.SHA3)(message, { outputLength: 512 }).toString(crypto_js_1.enc.Hex);
+        else
+            return (0, crypto_js_1.HmacSHA512)(message, passphrase).toString(crypto_js_1.enc.Hex);
+    }
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -587,7 +710,6 @@ class CoreApp {
      */
     userLogin(user, refreshToken, keep = false) {
         this.userData = user;
-        this.passphrase = user.passphrase;
         this.authorize(user.token, refreshToken, keep);
     }
     /**

package/lib/cjs/dto/InitCallDto.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Init call dto
+ */
+export declare type InitCallDto = {
+    /**
+     * Device id
+     */
+    deviceId?: string;
+    /**
+     * Timestamp
+     */
+    timestamp: number;
+};

package/lib/cjs/dto/InitCallDto.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cjs/index.d.ts

@@ -16,6 +16,7 @@ export * from './def/ListItem';
 export * from './dto/IdDto';
 export * from './dto/IdLabelDto';
 export * from './dto/IdLabelPrimaryDto';
+export * from './dto/InitCallDto';
 export * from './dto/UpdateDto';
 export * from './i18n/enUS';
 export * from './i18n/zhCN';

package/lib/cjs/index.js

@@ -35,6 +35,7 @@ __exportStar(require("./def/ListItem"), exports);
 __exportStar(require("./dto/IdDto"), exports);
 __exportStar(require("./dto/IdLabelDto"), exports);
 __exportStar(require("./dto/IdLabelPrimaryDto"), exports);
+__exportStar(require("./dto/InitCallDto"), exports);
 __exportStar(require("./dto/UpdateDto"), exports);
 // i18n
 __exportStar(require("./i18n/enUS"), exports);

package/lib/cjs/result/IActionResult.d.ts

@@ -48,11 +48,11 @@ export interface IActionResult<D extends IResultData = IResultData> {
     /**
      * Trace id
      */
-    readonly traceId?: string;
+    traceId?: string;
     /**
      * Type
      */
-    readonly type: string;
+    type: string;
     /**
      * Success or not
      */

package/lib/cjs/result/InitCallResult.d.ts

@@ -1,20 +1,28 @@
 import { IActionResult, IResultData } from './IActionResult';
 /**
- * Result data with id, follow this style to extend for specific model
+ * Init call result data
  */
 export interface InitCallResultData extends IResultData {
+    /**
+     * Device id
+     */
+    deviceId?: string;
     /**
      * Secret passphrase
      */
-    passphrase: string;
+    passphrase?: string;
+    /**
+     * Previous secret passphrase
+     */
+    previousPassphrase?: string;
     /**
      * Actual seconds gap
      */
-    seconds: number;
+    seconds?: number;
     /**
      * Valid seconds gap
      */
-    validSeconds: number;
+    validSeconds?: number;
 }
 /**
  * Init call result

package/lib/cjs/state/User.d.ts

@@ -27,10 +27,6 @@ export interface IUserData {
      * Access token
      */
     readonly token: string;
-    /**
-     * Secret passphrase
-     */
-    readonly passphrase: string;
 }
 /**
  * User interface

package/lib/mjs/app/CoreApp.d.ts

@@ -3,6 +3,7 @@ import { ApiDataError, IApi, IPData } from '@etsoo/restclient';
 import { DataTypes, DateUtils } from '@etsoo/shared';
 import { AddressRegion } from '../address/AddressRegion';
 import { IActionResult } from '../result/IActionResult';
+import { InitCallResultData } from '../result/InitCallResult';
 import { IUserData } from '../state/User';
 import { IAppSettings } from './AppSettings';
 import { UserRole } from './UserRole';
@@ -87,10 +88,6 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * User data
      */
     userData?: IUserData;
-    /**
-     * Passphrase for encryption
-     */
-    passphrase?: string;
     /**
      * Search input element
      */
@@ -121,9 +118,10 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * Decrypt message
      * @param messageEncrypted Encrypted message
      * @param passphrase Secret passphrase
+     * @param durationSeconds Duration seconds, <= 12 will be considered as month
      * @returns Pure text
      */
-    decrypt(messageEncrypted: string, passphrase: string): string;
+    decrypt(messageEncrypted: string, passphrase?: string, durationSeconds?: number): string | undefined;
     /**
      * Detect IP data, call only one time
      * @param callback Callback will be called when the IP is ready
@@ -136,7 +134,7 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string, iterations?: number): string;
+    encrypt(message: string, passphrase?: string, iterations?: number): string;
     /**
      * Format date to string
      * @param input Input date
@@ -224,6 +222,13 @@ export interface ICoreApp<S extends IAppSettings, N, C extends NotificationCallP
      * @param passphrase Secret passphrase
      */
     hash(message: string, passphrase?: string): string;
+    /**
+     * Hash message Hex, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hashHex(message: string, passphrase?: string): string;
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -335,10 +340,6 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * User data
      */
     userData?: IUserData;
-    /**
-     * Passphrase for encryption
-     */
-    passphrase?: string;
     /**
      * Response token header field name
      */
@@ -363,6 +364,18 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * Token refresh count down seed
      */
     protected refreshCountdownSeed: number;
+    /**
+     * Device id field name
+     */
+    protected deviceIdField: string;
+    /**
+     * Device id
+     */
+    protected deviceId: string;
+    /**
+     * Passphrase for encryption
+     */
+    protected passphrase: string;
     /**
      * Protected constructor
      * @param settings Settings
@@ -372,6 +385,22 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      */
     protected constructor(settings: S, api: IApi, notifier: INotifier<N, C>, name: string);
     protected setApi(api: IApi): void;
+    /**
+     * Init call
+     * @returns Result
+     */
+    protected initCall(): Promise<void>;
+    /**
+     * Init call update
+     * @param data Result data
+     * @param timestamp Timestamp
+     */
+    protected initCallUpdate(data: InitCallResultData, timestamp: number): void;
+    /**
+     * Init call update fields in local storage
+     * @returns Fields
+     */
+    protected initCallUpdateFields(): string[];
     /**
      * Alert action result
      * @param result Action result
@@ -398,9 +427,10 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * Decrypt message
      * @param messageEncrypted Encrypted message
      * @param passphrase Secret passphrase
+     * @param durationSeconds Duration seconds, <= 12 will be considered as month
      * @returns Pure text
      */
-    decrypt(messageEncrypted: string, passphrase: string): string;
+    decrypt(messageEncrypted: string, passphrase?: string, durationSeconds?: number): string | undefined;
     /**
      * Detect IP data, call only one time
      * @param callback Callback will be called when the IP is ready
@@ -414,7 +444,7 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string, iterations?: number): string;
+    encrypt(message: string, passphrase?: string, iterations?: number): string;
     /**
      * Enchance secret passphrase
      * @param passphrase Secret passphrase
@@ -504,6 +534,13 @@ export declare abstract class CoreApp<S extends IAppSettings, N, C extends Notif
      * @param passphrase Secret passphrase
      */
     hash(message: string, passphrase?: string): string;
+    /**
+     * Hash message Hex, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hashHex(message: string, passphrase?: string): string;
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check

package/lib/mjs/app/CoreApp.js

@@ -31,10 +31,19 @@ export class CoreApp {
          * Token refresh count down seed
          */
         this.refreshCountdownSeed = 0;
+        /**
+         * Device id field name
+         */
+        this.deviceIdField = 'SmartERPDeviceId';
+        /**
+         * Passphrase for encryption
+         */
+        this.passphrase = '***';
         this.settings = settings;
         this.api = api;
         this.notifier = notifier;
         this.name = name;
+        this.deviceId = StorageUtils.getLocalData(this.deviceIdField, '');
         this.setApi(api);
         const { currentCulture, currentRegion } = settings;
         this.changeCulture(currentCulture);
@@ -105,6 +114,81 @@ export class CoreApp {
             }
         };
     }
+    /**
+     * Init call
+     * @returns Result
+     */
+    async initCall() {
+        var _a;
+        const data = {
+            timestamp: new Date().getTime(),
+            deviceId: this.deviceId === '' ? undefined : this.deviceId
+        };
+        const result = await this.api.put('Auth/WebInitCall', data);
+        if (result == null)
+            return;
+        if (result.data == null) {
+            this.notifier.alert(this.get('noData'));
+            return;
+        }
+        if (!result.ok) {
+            const seconds = result.data.seconds;
+            const validSeconds = result.data.validSeconds;
+            if (result.title === 'timeDifferenceInvalid' &&
+                seconds != null &&
+                validSeconds != null) {
+                const title = (_a = this.get('timeDifferenceInvalid')) === null || _a === void 0 ? void 0 : _a.format(seconds.toString(), validSeconds.toString());
+                this.notifier.alert(title);
+            }
+            else {
+                this.alertResult(result);
+            }
+            return;
+        }
+        this.initCallUpdate(result.data, data.timestamp);
+    }
+    /**
+     * Init call update
+     * @param data Result data
+     * @param timestamp Timestamp
+     */
+    initCallUpdate(data, timestamp) {
+        if (data.deviceId == null || data.passphrase == null)
+            return;
+        // Decrypt
+        // Should be done within 120 seconds after returning from the backend
+        const passphrase = this.decrypt(data.passphrase, timestamp.toString(), 120);
+        if (passphrase == null)
+            return;
+        // Update device id and cache it
+        this.deviceId = data.deviceId;
+        StorageUtils.setLocalData(this.deviceIdField, this.deviceId);
+        // Current passphrase
+        this.passphrase = passphrase;
+        // Previous passphrase
+        if (data.previousPassphrase) {
+            const prev = this.decrypt(data.previousPassphrase, timestamp.toString(), 120);
+            // Update
+            const fields = this.initCallUpdateFields();
+            for (const field of fields) {
+                const currentValue = StorageUtils.getLocalData(field, '');
+                if (currentValue === '' || currentValue.indexOf('+') === -1)
+                    continue;
+                const newValueSource = this.decrypt(currentValue, prev, 12);
+                if (newValueSource == null)
+                    continue;
+                const newValue = this.encrypt(newValueSource);
+                StorageUtils.setLocalData(field, newValue);
+            }
+        }
+    }
+    /**
+     * Init call update fields in local storage
+     * @returns Fields
+     */
+    initCallUpdateFields() {
+        return [];
+    }
     /**
      * Alert action result
      * @param result Action result
@@ -197,19 +281,35 @@ export class CoreApp {
      * Decrypt message
      * @param messageEncrypted Encrypted message
      * @param passphrase Secret passphrase
+     * @param durationSeconds Duration seconds, <= 12 will be considered as month
      * @returns Pure text
      */
-    decrypt(messageEncrypted, passphrase) {
+    decrypt(messageEncrypted, passphrase, durationSeconds) {
         // Timestamp splitter
         const pos = messageEncrypted.indexOf('+');
+        if (pos === -1 || messageEncrypted.length <= 66)
+            return undefined;
         const timestamp = messageEncrypted.substring(0, pos);
         const message = messageEncrypted.substring(pos + 1);
+        if (durationSeconds != null && durationSeconds > 0) {
+            const milseconds = Utils.charsToNumber(timestamp);
+            if (isNaN(milseconds) || milseconds < 1)
+                return undefined;
+            const timespan = new Date().substract(new Date(milseconds));
+            if ((durationSeconds <= 12 &&
+                timespan.totalMonths > durationSeconds) ||
+                (durationSeconds > 12 &&
+                    timespan.totalSeconds > durationSeconds))
+                return undefined;
+        }
         // Iterations
         const iterations = parseInt(message.substring(0, 2), 10);
+        if (isNaN(iterations))
+            return undefined;
         const salt = enc.Hex.parse(message.substring(2, 34));
         const iv = enc.Hex.parse(message.substring(34, 66));
         const encrypted = message.substring(66);
-        const key = PBKDF2(this.encryptionEnhance(passphrase, timestamp), salt, {
+        const key = PBKDF2(this.encryptionEnhance(passphrase !== null && passphrase !== void 0 ? passphrase : this.passphrase, timestamp), salt, {
             keySize: 8,
             hasher: algo.SHA256,
             iterations: 1000 * iterations
@@ -267,7 +367,7 @@ export class CoreApp {
         const timestamp = Utils.numberToChars(new Date().getTime());
         const bits = 16; // 128 / 8
         const salt = lib.WordArray.random(bits);
-        const key = PBKDF2(this.encryptionEnhance(passphrase, timestamp), salt, {
+        const key = PBKDF2(this.encryptionEnhance(passphrase !== null && passphrase !== void 0 ? passphrase : this.passphrase, timestamp), salt, {
             keySize: 8,
             hasher: algo.SHA256,
             iterations: 1000 * iterations
@@ -292,10 +392,9 @@ export class CoreApp {
      * @returns Enhanced passphrase
      */
     encryptionEnhance(passphrase, timestamp) {
-        var _a;
         passphrase += timestamp;
         passphrase += passphrase.length.toString();
-        return passphrase + ((_a = this.passphrase) !== null && _a !== void 0 ? _a : '');
+        return passphrase;
     }
     /**
      * Format date to string
@@ -357,7 +456,19 @@ export class CoreApp {
      * @param forceToLocal Force to local labels
      */
     formatResult(result, forceToLocal) {
-        if ((result.title == null || forceToLocal) && result.type != null) {
+        const title = result.title;
+        if (title && /^\w+$/.test(title)) {
+            const key = title.formatInitial(false);
+            const localTitle = this.get(key);
+            if (localTitle) {
+                result.title = localTitle;
+                // Hold the original title in type when type is null
+                if (result.type == null)
+                    result.type = title;
+            }
+        }
+        else if ((title == null || forceToLocal) && result.type != null) {
+            // Get label from type
             const key = result.type.formatInitial(false);
             result.title = this.get(key);
         }
@@ -435,6 +546,18 @@ export class CoreApp {
         else
             return HmacSHA512(message, passphrase).toString(enc.Base64);
     }
+    /**
+     * Hash message Hex, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hashHex(message, passphrase) {
+        if (passphrase == null)
+            return SHA3(message, { outputLength: 512 }).toString(enc.Hex);
+        else
+            return HmacSHA512(message, passphrase).toString(enc.Hex);
+    }
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -584,7 +707,6 @@ export class CoreApp {
      */
     userLogin(user, refreshToken, keep = false) {
         this.userData = user;
-        this.passphrase = user.passphrase;
         this.authorize(user.token, refreshToken, keep);
     }
     /**

package/lib/mjs/dto/InitCallDto.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Init call dto
+ */
+export declare type InitCallDto = {
+    /**
+     * Device id
+     */
+    deviceId?: string;
+    /**
+     * Timestamp
+     */
+    timestamp: number;
+};

package/lib/mjs/dto/InitCallDto.js

@@ -0,0 +1 @@
+export {};

package/lib/mjs/index.d.ts

@@ -16,6 +16,7 @@ export * from './def/ListItem';
 export * from './dto/IdDto';
 export * from './dto/IdLabelDto';
 export * from './dto/IdLabelPrimaryDto';
+export * from './dto/InitCallDto';
 export * from './dto/UpdateDto';
 export * from './i18n/enUS';
 export * from './i18n/zhCN';

package/lib/mjs/index.js

@@ -22,6 +22,7 @@ export * from './def/ListItem';
 export * from './dto/IdDto';
 export * from './dto/IdLabelDto';
 export * from './dto/IdLabelPrimaryDto';
+export * from './dto/InitCallDto';
 export * from './dto/UpdateDto';
 // i18n
 export * from './i18n/enUS';

package/lib/mjs/result/IActionResult.d.ts

@@ -48,11 +48,11 @@ export interface IActionResult<D extends IResultData = IResultData> {
     /**
      * Trace id
      */
-    readonly traceId?: string;
+    traceId?: string;
     /**
      * Type
      */
-    readonly type: string;
+    type: string;
     /**
      * Success or not
      */

package/lib/mjs/result/InitCallResult.d.ts

@@ -1,20 +1,28 @@
 import { IActionResult, IResultData } from './IActionResult';
 /**
- * Result data with id, follow this style to extend for specific model
+ * Init call result data
  */
 export interface InitCallResultData extends IResultData {
+    /**
+     * Device id
+     */
+    deviceId?: string;
     /**
      * Secret passphrase
      */
-    passphrase: string;
+    passphrase?: string;
+    /**
+     * Previous secret passphrase
+     */
+    previousPassphrase?: string;
     /**
      * Actual seconds gap
      */
-    seconds: number;
+    seconds?: number;
     /**
      * Valid seconds gap
      */
-    validSeconds: number;
+    validSeconds?: number;
 }
 /**
  * Init call result

package/lib/mjs/state/User.d.ts

@@ -27,10 +27,6 @@ export interface IUserData {
      * Access token
      */
     readonly token: string;
-    /**
-     * Secret passphrase
-     */
-    readonly passphrase: string;
 }
 /**
  * User interface

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@etsoo/appscript",
-    "version": "1.1.67",
+    "version": "1.1.68",
     "description": "Applications shared TypeScript framework",
     "main": "lib/cjs/index.js",
     "module": "lib/mjs/index.js",

package/src/app/CoreApp.ts

@@ -28,8 +28,10 @@ import {
 } from 'crypto-js';
 import { AddressRegion } from '../address/AddressRegion';
 import { AddressUtils } from '../address/AddressUtils';
+import { InitCallDto } from '../dto/InitCallDto';
 import { ActionResultError } from '../result/ActionResultError';
 import { IActionResult } from '../result/IActionResult';
+import { InitCallResult, InitCallResultData } from '../result/InitCallResult';
 import { IUserData } from '../state/User';
 import { IAppSettings } from './AppSettings';
 import { UserRole } from './UserRole';
@@ -140,11 +142,6 @@ export interface ICoreApp<
      */
     userData?: IUserData;
 
-    /**
-     * Passphrase for encryption
-     */
-    passphrase?: string;
-
     /**
      * Search input element
      */
@@ -180,9 +177,14 @@ export interface ICoreApp<
      * Decrypt message
      * @param messageEncrypted Encrypted message
      * @param passphrase Secret passphrase
+     * @param durationSeconds Duration seconds, <= 12 will be considered as month
      * @returns Pure text
      */
-    decrypt(messageEncrypted: string, passphrase: string): string;
+    decrypt(
+        messageEncrypted: string,
+        passphrase?: string,
+        durationSeconds?: number
+    ): string | undefined;
 
     /**
      * Detect IP data, call only one time
@@ -197,7 +199,7 @@ export interface ICoreApp<
      * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string, iterations?: number): string;
+    encrypt(message: string, passphrase?: string, iterations?: number): string;
 
     /**
      * Format date to string
@@ -309,6 +311,14 @@ export interface ICoreApp<
      */
     hash(message: string, passphrase?: string): string;
 
+    /**
+     * Hash message Hex, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hashHex(message: string, passphrase?: string): string;
+
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -457,11 +467,6 @@ export abstract class CoreApp<
      */
     userData?: IUserData;
 
-    /**
-     * Passphrase for encryption
-     */
-    passphrase?: string;
-
     /**
      * Response token header field name
      */
@@ -499,6 +504,21 @@ export abstract class CoreApp<
      */
     protected refreshCountdownSeed = 0;
 
+    /**
+     * Device id field name
+     */
+    protected deviceIdField: string = 'SmartERPDeviceId';
+
+    /**
+     * Device id
+     */
+    protected deviceId: string;
+
+    /**
+     * Passphrase for encryption
+     */
+    protected passphrase: string = '***';
+
     /**
      * Protected constructor
      * @param settings Settings
@@ -517,6 +537,11 @@ export abstract class CoreApp<
         this.notifier = notifier;
         this.name = name;
 
+        this.deviceId = StorageUtils.getLocalData<string>(
+            this.deviceIdField,
+            ''
+        );
+
         this.setApi(api);
 
         const { currentCulture, currentRegion } = settings;
@@ -561,6 +586,108 @@ export abstract class CoreApp<
         };
     }
 
+    /**
+     * Init call
+     * @returns Result
+     */
+    protected async initCall() {
+        const data: InitCallDto = {
+            timestamp: new Date().getTime(),
+            deviceId: this.deviceId === '' ? undefined : this.deviceId
+        };
+        const result = await this.api.put<InitCallResult>(
+            'Auth/WebInitCall',
+            data
+        );
+        if (result == null) return;
+
+        if (result.data == null) {
+            this.notifier.alert(this.get<string>('noData')!);
+            return;
+        }
+
+        if (!result.ok) {
+            const seconds = result.data.seconds;
+            const validSeconds = result.data.validSeconds;
+            if (
+                result.title === 'timeDifferenceInvalid' &&
+                seconds != null &&
+                validSeconds != null
+            ) {
+                const title = this.get('timeDifferenceInvalid')?.format(
+                    seconds.toString(),
+                    validSeconds.toString()
+                );
+                this.notifier.alert(title!);
+            } else {
+                this.alertResult(result);
+            }
+
+            return;
+        }
+
+        this.initCallUpdate(result.data, data.timestamp);
+    }
+
+    /**
+     * Init call update
+     * @param data Result data
+     * @param timestamp Timestamp
+     */
+    protected initCallUpdate(data: InitCallResultData, timestamp: number) {
+        if (data.deviceId == null || data.passphrase == null) return;
+
+        // Decrypt
+        // Should be done within 120 seconds after returning from the backend
+        const passphrase = this.decrypt(
+            data.passphrase,
+            timestamp.toString(),
+            120
+        );
+        if (passphrase == null) return;
+
+        // Update device id and cache it
+        this.deviceId = data.deviceId;
+        StorageUtils.setLocalData(this.deviceIdField, this.deviceId);
+
+        // Current passphrase
+        this.passphrase = passphrase;
+
+        // Previous passphrase
+        if (data.previousPassphrase) {
+            const prev = this.decrypt(
+                data.previousPassphrase,
+                timestamp.toString(),
+                120
+            );
+
+            // Update
+            const fields = this.initCallUpdateFields();
+            for (const field of fields) {
+                const currentValue = StorageUtils.getLocalData<string>(
+                    field,
+                    ''
+                );
+                if (currentValue === '' || currentValue.indexOf('+') === -1)
+                    continue;
+
+                const newValueSource = this.decrypt(currentValue, prev, 12);
+                if (newValueSource == null) continue;
+
+                const newValue = this.encrypt(newValueSource);
+                StorageUtils.setLocalData(field, newValue);
+            }
+        }
+    }
+
+    /**
+     * Init call update fields in local storage
+     * @returns Fields
+     */
+    protected initCallUpdateFields(): string[] {
+        return [];
+    }
+
     /**
      * Alert action result
      * @param result Action result
@@ -676,23 +803,44 @@ export abstract class CoreApp<
      * Decrypt message
      * @param messageEncrypted Encrypted message
      * @param passphrase Secret passphrase
+     * @param durationSeconds Duration seconds, <= 12 will be considered as month
      * @returns Pure text
      */
-    decrypt(messageEncrypted: string, passphrase: string) {
+    decrypt(
+        messageEncrypted: string,
+        passphrase?: string,
+        durationSeconds?: number
+    ) {
         // Timestamp splitter
         const pos = messageEncrypted.indexOf('+');
+        if (pos === -1 || messageEncrypted.length <= 66) return undefined;
+
         const timestamp = messageEncrypted.substring(0, pos);
         const message = messageEncrypted.substring(pos + 1);
 
+        if (durationSeconds != null && durationSeconds > 0) {
+            const milseconds = Utils.charsToNumber(timestamp);
+            if (isNaN(milseconds) || milseconds < 1) return undefined;
+            const timespan = new Date().substract(new Date(milseconds));
+            if (
+                (durationSeconds <= 12 &&
+                    timespan.totalMonths > durationSeconds) ||
+                (durationSeconds > 12 &&
+                    timespan.totalSeconds > durationSeconds)
+            )
+                return undefined;
+        }
+
         // Iterations
         const iterations = parseInt(message.substring(0, 2), 10);
+        if (isNaN(iterations)) return undefined;
 
         const salt = enc.Hex.parse(message.substring(2, 34));
         const iv = enc.Hex.parse(message.substring(34, 66));
         const encrypted = message.substring(66);
 
         const key = PBKDF2(
-            this.encryptionEnhance(passphrase, timestamp),
+            this.encryptionEnhance(passphrase ?? this.passphrase, timestamp),
             salt,
             {
                 keySize: 8, // 256 / 32
@@ -755,7 +903,7 @@ export abstract class CoreApp<
      * @param iterations Iterations, 1000 times, 1 - 99
      * @returns Result
      */
-    encrypt(message: string, passphrase: string, iterations?: number) {
+    encrypt(message: string, passphrase?: string, iterations?: number) {
         // Default 1 * 1000
         iterations ??= 1;
 
@@ -765,7 +913,7 @@ export abstract class CoreApp<
         const bits = 16; // 128 / 8
         const salt = lib.WordArray.random(bits);
         const key = PBKDF2(
-            this.encryptionEnhance(passphrase, timestamp),
+            this.encryptionEnhance(passphrase ?? this.passphrase, timestamp),
             salt,
             {
                 keySize: 8, // 256 / 32
@@ -798,7 +946,7 @@ export abstract class CoreApp<
     protected encryptionEnhance(passphrase: string, timestamp: string) {
         passphrase += timestamp;
         passphrase += passphrase.length.toString();
-        return passphrase + (this.passphrase ?? '');
+        return passphrase;
     }
 
     /**
@@ -880,7 +1028,18 @@ export abstract class CoreApp<
      * @param forceToLocal Force to local labels
      */
     formatResult(result: IActionResult, forceToLocal?: boolean) {
-        if ((result.title == null || forceToLocal) && result.type != null) {
+        const title = result.title;
+        if (title && /^\w+$/.test(title)) {
+            const key = title.formatInitial(false);
+            const localTitle = this.get(key);
+            if (localTitle) {
+                result.title = localTitle;
+
+                // Hold the original title in type when type is null
+                if (result.type == null) result.type = title;
+            }
+        } else if ((title == null || forceToLocal) && result.type != null) {
+            // Get label from type
             const key = result.type.formatInitial(false);
             result.title = this.get(key);
         }
@@ -918,7 +1077,10 @@ export abstract class CoreApp<
      * @returns Cached token
      */
     getCacheToken(): string | null {
-        let refreshToken = StorageUtils.getLocalData(this.headerTokenField, '');
+        let refreshToken = StorageUtils.getLocalData<string>(
+            this.headerTokenField,
+            ''
+        );
         if (refreshToken === '')
             refreshToken = StorageUtils.getSessionData(
                 this.headerTokenField,
@@ -971,6 +1133,18 @@ export abstract class CoreApp<
         else return HmacSHA512(message, passphrase).toString(enc.Base64);
     }
 
+    /**
+     * Hash message Hex, SHA3 or HmacSHA512, 512 as Base64
+     * https://cryptojs.gitbook.io/docs/
+     * @param message Message
+     * @param passphrase Secret passphrase
+     */
+    hashHex(message: string, passphrase?: string) {
+        if (passphrase == null)
+            return SHA3(message, { outputLength: 512 }).toString(enc.Hex);
+        else return HmacSHA512(message, passphrase).toString(enc.Hex);
+    }
+
     /**
      * Check use has the specific role permission or not
      * @param roles Roles to check
@@ -1139,7 +1313,6 @@ export abstract class CoreApp<
      */
     userLogin(user: IUserData, refreshToken: string, keep: boolean = false) {
         this.userData = user;
-        this.passphrase = user.passphrase;
         this.authorize(user.token, refreshToken, keep);
     }
 

package/src/dto/InitCallDto.ts

@@ -0,0 +1,14 @@
+/**
+ * Init call dto
+ */
+export type InitCallDto = {
+    /**
+     * Device id
+     */
+    deviceId?: string;
+
+    /**
+     * Timestamp
+     */
+    timestamp: number;
+};

package/src/index.ts

@@ -27,6 +27,7 @@ export * from './def/ListItem';
 export * from './dto/IdDto';
 export * from './dto/IdLabelDto';
 export * from './dto/IdLabelPrimaryDto';
+export * from './dto/InitCallDto';
 export * from './dto/UpdateDto';
 
 // i18n

package/src/result/IActionResult.ts

@@ -56,12 +56,12 @@ export interface IActionResult<D extends IResultData = IResultData> {
     /**
      * Trace id
      */
-    readonly traceId?: string;
+    traceId?: string;
 
     /**
      * Type
      */
-    readonly type: string;
+    type: string;
 
     /**
      * Success or not

package/src/result/InitCallResult.ts

@@ -1,23 +1,33 @@
 import { IActionResult, IResultData } from './IActionResult';
 
 /**
- * Result data with id, follow this style to extend for specific model
+ * Init call result data
  */
 export interface InitCallResultData extends IResultData {
+    /**
+     * Device id
+     */
+    deviceId?: string;
+
     /**
      * Secret passphrase
      */
-    passphrase: string;
+    passphrase?: string;
+
+    /**
+     * Previous secret passphrase
+     */
+    previousPassphrase?: string;
 
     /**
      * Actual seconds gap
      */
-    seconds: number;
+    seconds?: number;
 
     /**
      * Valid seconds gap
      */
-    validSeconds: number;
+    validSeconds?: number;
 }
 
 /**

package/src/state/User.ts

@@ -33,11 +33,6 @@ export interface IUserData {
      * Access token
      */
     readonly token: string;
-
-    /**
-     * Secret passphrase
-     */
-    readonly passphrase: string;
 }
 
 /**