@jayfong/x-server 1.21.0 → 1.24.0

package/CHANGELOG.md

@@ -2,6 +2,27 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.24.0](https://github.com/jfWorks/x-server/compare/v1.23.0...v1.24.0) (2022-05-02)
+
+
+### Features
+
+* add PayService ([c8d5ecc](https://github.com/jfWorks/x-server/commit/c8d5eccf2393c1a1bf98415564032b09ffb10497))
+
+## [1.23.0](https://github.com/jfWorks/x-server/compare/v1.22.0...v1.23.0) (2022-05-01)
+
+
+### Features
+
+* **captcha:** add generateDataUrl ([54205df](https://github.com/jfWorks/x-server/commit/54205df24d0cc397029d8c66ea17020d7cb5c5fd))
+
+## [1.22.0](https://github.com/jfWorks/x-server/compare/v1.21.0...v1.22.0) (2022-05-01)
+
+
+### Features
+
+* **cors:** allowAll ([5ce4b5d](https://github.com/jfWorks/x-server/commit/5ce4b5d9183f68a32173d77de569f00c5409ccdc))
+
 ## [1.21.0](https://github.com/jfWorks/x-server/compare/v1.20.1...v1.21.0) (2022-04-29)
 
 

package/lib/_cjs/index.js

@@ -178,6 +178,14 @@ Object.keys(_mail).forEach(function (key) {
   exports[key] = _mail[key];
 });
 
+var _pay = require("./services/pay");
+
+Object.keys(_pay).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (key in exports && exports[key] === _pay[key]) return;
+  exports[key] = _pay[key];
+});
+
 var _rate_limit = require("./services/rate_limit");
 
 Object.keys(_rate_limit).forEach(function (key) {

package/lib/_cjs/plugins/cors.js

@@ -21,9 +21,10 @@ class CorsPlugin {
 
   register(fastify) {
     const allows = this.options.allow.map(item => ({
-      type: item.startsWith('*.') ? 'endsWith' : 'equal',
+      type: item === '*' ? 'all' : item.startsWith('*.') ? 'endsWith' : 'equal',
       domain: item.startsWith('*.') ? item.replace('*.', '.') : item
     }));
+    const allowAll = allows.length === 1 && allows[0].type === 'all';
     const check = (0, _vtils.memoize)(origin => {
       let i = origin.indexOf(':');
       let j = origin.indexOf(':', i + 1);
@@ -34,7 +35,7 @@ class CorsPlugin {
       return pass;
     });
     fastify.register(_fastifyCors.default, {
-      origin: (origin, cb) => cb(null, origin ? check(origin) : true),
+      origin: (origin, cb) => allowAll ? cb(null, true) : cb(null, origin ? check(origin) : true),
       maxAge: (0, _date.ms)(this.options.ttl, true)
     });
   }

package/lib/_cjs/services/captcha.js

@@ -7,6 +7,8 @@ exports.CaptchaService = void 0;
 
 var _svgCaptcha = _interopRequireDefault(require("svg-captcha"));
 
+var _miniSvgDataUri = _interopRequireDefault(require("mini-svg-data-uri"));
+
 var _x = require("../x");
 
 class CaptchaService {
@@ -40,6 +42,20 @@ class CaptchaService {
     };
   }
 
+  async generateDataUrl() {
+    const {
+      token,
+      code,
+      svg
+    } = await this.generateImage();
+    const dataUrl = (0, _miniSvgDataUri.default)(svg);
+    return {
+      token: token,
+      code: code,
+      dataUrl: dataUrl
+    };
+  }
+
   async verify(options) {
     if (options.code.length !== this.options.size) {
       return false;

package/lib/_cjs/services/pay.js

@@ -0,0 +1,147 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+
+exports.__esModule = true;
+exports.PayService = void 0;
+
+var _form = _interopRequireDefault(require("alipay-sdk/lib/form"));
+
+var _alipaySdk = _interopRequireDefault(require("alipay-sdk"));
+
+var _crypto = _interopRequireDefault(require("crypto"));
+
+var _got = _interopRequireDefault(require("got"));
+
+var _x = require("../x");
+
+class PayService {
+  constructor(options) {
+    this.options = options;
+    this.serviceName = 'pay';
+    this.alipaySdk = void 0;
+  }
+
+  async prepareAlipay(options) {
+    if (!this.alipaySdk) {
+      this.alipaySdk = new _alipaySdk.default({
+        appId: this.options.alipay.appId,
+        privateKey: this.options.alipay.privateKey,
+        alipayPublicKey: this.options.alipay.publicKey
+      });
+    }
+
+    const token = await _x.x.cache.save('x', '1h');
+    const formData = new _form.default();
+    formData.setMethod('get');
+    formData.addField('notifyUrl', options.notifyUrl);
+    formData.addField('returnUrl', options.returnUrl);
+    formData.addField('bizContent', {
+      outTradeNo: options.tradeNumber,
+      productCode: 'FAST_INSTANT_TRADE_PAY',
+      totalAmount: options.totalMoney,
+      subject: options.goodsName,
+      goodsType: '0',
+      passbackParams: token
+    });
+    const payUrl = await this.alipaySdk.exec('alipay.trade.page.pay', {}, {
+      formData: formData
+    });
+    return {
+      payUrl: payUrl
+    };
+  }
+
+  async prepareWepay(options) {
+    const token = await _x.x.cache.save('x', '1h');
+    const res = await this.wepayRequest('https://api.mch.weixin.qq.com/v3/pay/transactions/jsapi', {
+      appid: this.options.wepay.appId,
+      mchid: this.options.wepay.merchantId,
+      description: options.goodsName,
+      out_trade_no: options.tradeNumber,
+      attach: token,
+      notify_url: options.notifyUrl,
+      amount: {
+        total: options.totalMoney * 100,
+        currency: 'CNY'
+      },
+      payer: {
+        openid: options.openid
+      }
+    });
+
+    if (!res || !res.prepay_id) {
+      const error = res && res.message || '支付错误';
+      throw new Error(error);
+    }
+
+    const params = {
+      appId: this.options.wepay.appId,
+      timestamp: String(Math.round(Date.now() / 1000)),
+      nonceStr: Math.random().toString().substr(2, 12),
+      package: `prepay_id=${res.prepay_id}`,
+      signType: 'RSA',
+      paySign: ''
+    };
+    params.paySign = this.wepaySign([params.appId, params.timestamp, params.nonceStr, params.package]);
+    return {
+      payParams: params
+    };
+  }
+
+  async verifyNotifyData(data) {
+    if (!data || typeof data !== 'object') return false;
+    const token = // 微信支付
+    data.resource ? JSON.parse(this.wepayDecrypt(data.resource)).attach : // 支付宝
+    data.passback_params;
+    if (!token) return false;
+    if ((await _x.x.cache.get(token)) == null) return false;
+    await _x.x.cache.remove(token);
+    return true;
+  }
+
+  wepaySign(data) {
+    return _crypto.default.createSign('RSA-SHA256').update(data.map(v => `${v}\n`).join('')).sign(this.options.wepay.privateKey, 'base64');
+  }
+
+  wepayDecrypt(payload) {
+    const ciphertextBuffer = Buffer.from(payload.ciphertext, 'base64');
+    const authTag = ciphertextBuffer.slice(ciphertextBuffer.length - 16);
+    const data = ciphertextBuffer.slice(0, ciphertextBuffer.length - 16);
+
+    const decipherIv = _crypto.default.createDecipheriv('aes-256-gcm', this.options.wepay.secretKey, payload.nonce);
+
+    decipherIv.setAuthTag(Buffer.from(authTag));
+    decipherIv.setAAD(Buffer.from(payload.associated_data));
+    const decryptStr = decipherIv.update(data, undefined, 'utf8');
+    decipherIv.final();
+    return decryptStr;
+  }
+
+  async wepayRequest(url, data) {
+    const path = url.replace(/^https?:\/\/[^/]+/, '');
+    const body = JSON.stringify(data);
+    const params = {
+      method: 'POST',
+      url: path,
+      time: String(Math.round(Date.now() / 1000)),
+      rand: Math.random().toString().substr(2, 12),
+      body: body,
+      signature: ''
+    };
+    params.signature = this.wepaySign([params.method, params.url, params.time, params.rand, params.body]);
+    const Authorization = [`WECHATPAY2-SHA256-RSA2048 `, `mchid="${this.options.wepay.merchantId}",`, `nonce_str="${params.rand}",`, `signature="${params.signature}",`, `timestamp="${params.time}",`, `serial_no="${this.options.wepay.certificateSerialNumber}"`].join('');
+    const res = await _got.default.post(url, {
+      json: data,
+      headers: {
+        Authorization
+      },
+      responseType: 'json',
+      resolveBodyOnly: true
+    });
+    return res;
+  }
+
+}
+
+exports.PayService = PayService;

package/lib/index.d.ts

@@ -20,6 +20,7 @@ export * from './services/captcha';
 export * from './services/dispose';
 export * from './services/jwt';
 export * from './services/mail';
+export * from './services/pay';
 export * from './services/rate_limit';
 export * from './services/redis';
 export * from './x';

package/lib/index.js

@@ -21,6 +21,7 @@ export * from "./services/captcha";
 export * from "./services/dispose";
 export * from "./services/jwt";
 export * from "./services/mail";
+export * from "./services/pay";
 export * from "./services/rate_limit";
 export * from "./services/redis";
 export * from "./x"; // @endindex

package/lib/plugins/cors.js

@@ -12,9 +12,10 @@ export class CorsPlugin {
 
   register(fastify) {
     const allows = this.options.allow.map(item => ({
-      type: item.startsWith('*.') ? 'endsWith' : 'equal',
+      type: item === '*' ? 'all' : item.startsWith('*.') ? 'endsWith' : 'equal',
       domain: item.startsWith('*.') ? item.replace('*.', '.') : item
     }));
+    const allowAll = allows.length === 1 && allows[0].type === 'all';
     const check = memoize(origin => {
       let i = origin.indexOf(':');
       let j = origin.indexOf(':', i + 1);
@@ -25,7 +26,7 @@ export class CorsPlugin {
       return pass;
     });
     fastify.register(FastifyCors, {
-      origin: (origin, cb) => cb(null, origin ? check(origin) : true),
+      origin: (origin, cb) => allowAll ? cb(null, true) : cb(null, origin ? check(origin) : true),
       maxAge: ms(this.options.ttl, true)
     });
   }

package/lib/services/captcha.d.ts

@@ -19,6 +19,11 @@ export interface CaptchaGenerateImageResult {
     code: string;
     svg: string;
 }
+export interface CaptchaGenerateDataUrlResult {
+    token: string;
+    code: string;
+    dataUrl: string;
+}
 export interface CaptchaVerifyOptions {
     token: string;
     code: string;
@@ -29,6 +34,7 @@ export declare class CaptchaService implements BaseService {
     constructor(options: CaptchaOptions);
     generate(): Promise<CaptchaGenerateResult>;
     generateImage(): Promise<CaptchaGenerateImageResult>;
+    generateDataUrl(): Promise<CaptchaGenerateDataUrlResult>;
     verify(options: CaptchaVerifyOptions): Promise<boolean>;
 }
 declare module '../x' {

package/lib/services/captcha.js

@@ -1,4 +1,5 @@
 import svgCaptcha from 'svg-captcha';
+import svgToDataUrl from 'mini-svg-data-uri';
 import { x } from "../x";
 export class CaptchaService {
   constructor(options) {
@@ -30,6 +31,20 @@ export class CaptchaService {
     };
   }
 
+  async generateDataUrl() {
+    const {
+      token,
+      code,
+      svg
+    } = await this.generateImage();
+    const dataUrl = svgToDataUrl(svg);
+    return {
+      token: token,
+      code: code,
+      dataUrl: dataUrl
+    };
+  }
+
   async verify(options) {
     if (options.code.length !== this.options.size) {
       return false;

package/lib/services/pay.d.ts

@@ -0,0 +1,81 @@
+import { BaseService } from './base';
+export interface PayOptions {
+    /** 支付宝 */
+    alipay?: {
+        /** 应用 ID */
+        appId: string;
+        /** 商户应用私钥 */
+        privateKey: string;
+        /** 支付宝公钥，用于对返回结果验签 */
+        publicKey: string;
+    };
+    /** 微信支付 */
+    wepay?: {
+        /** 公众号 APPID */
+        appId: string;
+        /** 商户 ID */
+        merchantId: string;
+        /** 商户应用私钥 */
+        privateKey: string;
+        /** 证书序列号 */
+        certificateSerialNumber: string;
+        /** 秘钥，用于解密请求平台证书、回调数据 */
+        secretKey: string;
+    };
+}
+export interface PayPrepareAlipayOptions {
+    /** 商品名称 */
+    goodsName: string;
+    /** 交易单号 */
+    tradeNumber: string;
+    /** 总金额 */
+    totalMoney: number;
+    /** 通知地址(POST) */
+    notifyUrl: string;
+    /** 返回地址 */
+    returnUrl: string;
+}
+export interface PayPrepareAlipayResult {
+    /** 支付地址，需跳转过去 */
+    payUrl: string;
+}
+export interface PayPrepareWepayOptions {
+    /** 商品名称 */
+    goodsName: string;
+    /** 交易单号 */
+    tradeNumber: string;
+    /** 总金额 */
+    totalMoney: number;
+    /** 通知地址(POST) */
+    notifyUrl: string;
+    /** 对应公众号用户的 openid */
+    openid: string;
+}
+export interface PayPrepareWepayResult {
+    /** 支付参数，可直接传给 JSSDK 调用 */
+    payParams: {
+        appId: string;
+        timestamp: string;
+        nonceStr: string;
+        package: string;
+        signType: string;
+        paySign: string;
+    };
+}
+export declare class PayService implements BaseService {
+    private options;
+    serviceName: string;
+    private alipaySdk;
+    constructor(options: PayOptions);
+    prepareAlipay(options: PayPrepareAlipayOptions): Promise<PayPrepareAlipayResult>;
+    prepareWepay(options: PayPrepareWepayOptions): Promise<PayPrepareWepayResult>;
+    verifyNotifyData(data: any): Promise<boolean>;
+    private wepaySign;
+    private wepayDecrypt;
+    private wepayRequest;
+}
+declare module '../x' {
+    interface X {
+        pay: PayService;
+    }
+}

package/lib/services/pay.js

@@ -0,0 +1,131 @@
+import AlipayFormData from 'alipay-sdk/lib/form';
+import AlipaySdk from 'alipay-sdk';
+import crypto from 'crypto';
+import got from 'got';
+import { x } from "../x";
+export class PayService {
+  constructor(options) {
+    this.options = options;
+    this.serviceName = 'pay';
+    this.alipaySdk = void 0;
+  }
+
+  async prepareAlipay(options) {
+    if (!this.alipaySdk) {
+      this.alipaySdk = new AlipaySdk({
+        appId: this.options.alipay.appId,
+        privateKey: this.options.alipay.privateKey,
+        alipayPublicKey: this.options.alipay.publicKey
+      });
+    }
+
+    const token = await x.cache.save('x', '1h');
+    const formData = new AlipayFormData();
+    formData.setMethod('get');
+    formData.addField('notifyUrl', options.notifyUrl);
+    formData.addField('returnUrl', options.returnUrl);
+    formData.addField('bizContent', {
+      outTradeNo: options.tradeNumber,
+      productCode: 'FAST_INSTANT_TRADE_PAY',
+      totalAmount: options.totalMoney,
+      subject: options.goodsName,
+      goodsType: '0',
+      passbackParams: token
+    });
+    const payUrl = await this.alipaySdk.exec('alipay.trade.page.pay', {}, {
+      formData: formData
+    });
+    return {
+      payUrl: payUrl
+    };
+  }
+
+  async prepareWepay(options) {
+    const token = await x.cache.save('x', '1h');
+    const res = await this.wepayRequest('https://api.mch.weixin.qq.com/v3/pay/transactions/jsapi', {
+      appid: this.options.wepay.appId,
+      mchid: this.options.wepay.merchantId,
+      description: options.goodsName,
+      out_trade_no: options.tradeNumber,
+      attach: token,
+      notify_url: options.notifyUrl,
+      amount: {
+        total: options.totalMoney * 100,
+        currency: 'CNY'
+      },
+      payer: {
+        openid: options.openid
+      }
+    });
+
+    if (!res || !res.prepay_id) {
+      const error = res && res.message || '支付错误';
+      throw new Error(error);
+    }
+
+    const params = {
+      appId: this.options.wepay.appId,
+      timestamp: String(Math.round(Date.now() / 1000)),
+      nonceStr: Math.random().toString().substr(2, 12),
+      package: `prepay_id=${res.prepay_id}`,
+      signType: 'RSA',
+      paySign: ''
+    };
+    params.paySign = this.wepaySign([params.appId, params.timestamp, params.nonceStr, params.package]);
+    return {
+      payParams: params
+    };
+  }
+
+  async verifyNotifyData(data) {
+    if (!data || typeof data !== 'object') return false;
+    const token = // 微信支付
+    data.resource ? JSON.parse(this.wepayDecrypt(data.resource)).attach : // 支付宝
+    data.passback_params;
+    if (!token) return false;
+    if ((await x.cache.get(token)) == null) return false;
+    await x.cache.remove(token);
+    return true;
+  }
+
+  wepaySign(data) {
+    return crypto.createSign('RSA-SHA256').update(data.map(v => `${v}\n`).join('')).sign(this.options.wepay.privateKey, 'base64');
+  }
+
+  wepayDecrypt(payload) {
+    const ciphertextBuffer = Buffer.from(payload.ciphertext, 'base64');
+    const authTag = ciphertextBuffer.slice(ciphertextBuffer.length - 16);
+    const data = ciphertextBuffer.slice(0, ciphertextBuffer.length - 16);
+    const decipherIv = crypto.createDecipheriv('aes-256-gcm', this.options.wepay.secretKey, payload.nonce);
+    decipherIv.setAuthTag(Buffer.from(authTag));
+    decipherIv.setAAD(Buffer.from(payload.associated_data));
+    const decryptStr = decipherIv.update(data, undefined, 'utf8');
+    decipherIv.final();
+    return decryptStr;
+  }
+
+  async wepayRequest(url, data) {
+    const path = url.replace(/^https?:\/\/[^/]+/, '');
+    const body = JSON.stringify(data);
+    const params = {
+      method: 'POST',
+      url: path,
+      time: String(Math.round(Date.now() / 1000)),
+      rand: Math.random().toString().substr(2, 12),
+      body: body,
+      signature: ''
+    };
+    params.signature = this.wepaySign([params.method, params.url, params.time, params.rand, params.body]);
+    const Authorization = [`WECHATPAY2-SHA256-RSA2048 `, `mchid="${this.options.wepay.merchantId}",`, `nonce_str="${params.rand}",`, `signature="${params.signature}",`, `timestamp="${params.time}",`, `serial_no="${this.options.wepay.certificateSerialNumber}"`].join('');
+    const res = await got.post(url, {
+      json: data,
+      headers: {
+        Authorization
+      },
+      responseType: 'json',
+      resolveBodyOnly: true
+    });
+    return res;
+  }
+
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jayfong/x-server",
-  "version": "1.21.0",
+  "version": "1.24.0",
   "license": "ISC",
   "sideEffects": false,
   "main": "lib/_cjs/index.js",
@@ -33,6 +33,7 @@
     "@types/jsonwebtoken": "^8.5.8",
     "@types/nodemailer": "^6.4.4",
     "@types/ws": "^8.5.3",
+    "alipay-sdk": "^3.2.0",
     "bufferutil": "^4.0.6",
     "bull": "^4.8.1",
     "chokidar": "^3.5.3",
@@ -50,9 +51,11 @@
     "fastify-multipart": "^5.3.1",
     "fastify-websocket": "^4.2.2",
     "fs-extra": "^10.0.1",
+    "got": "^11.8.2",
     "http-errors": "^1.8.1",
     "ioredis": "^4.28.5",
     "jsonwebtoken": "^8.5.1",
+    "mini-svg-data-uri": "^1.4.4",
     "node-ssh": "^12.0.4",
     "nodemailer": "^6.7.3",
     "pino-pretty": "^7.6.1",