@lightharu/krouter 1.8.0

package/out-server/main/registration/fingerprint.js

@@ -0,0 +1,352 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OrderedMap = void 0;
+exports.newFPContext = newFPContext;
+exports.resetPerfTiming = resetPerfTiming;
+exports.buildFingerprintData = buildFingerprintData;
+exports.generateFingerprint = generateFingerprint;
+const xxtea_1 = require("./xxtea");
+function randInt(max) {
+    return Math.floor(Math.random() * max);
+}
+function crc32Str(str) {
+    let crc = 0xffffffff >>> 0;
+    const table = getCrc32Table();
+    for (let i = 0; i < str.length; i++) {
+        crc = ((crc >>> 8) ^ table[(crc ^ str.charCodeAt(i)) & 0xff]) >>> 0;
+    }
+    return (crc ^ 0xffffffff) >>> 0;
+}
+let _t = null;
+function getCrc32Table() {
+    if (_t)
+        return _t;
+    _t = new Uint32Array(256);
+    for (let i = 0; i < 256; i++) {
+        let c = i >>> 0;
+        for (let j = 0; j < 8; j++)
+            c = c & 1 ? (0xedb88320 ^ (c >>> 1)) >>> 0 : c >>> 1;
+        _t[i] = c;
+    }
+    return _t;
+}
+// ============ OrderedMap ============
+class OrderedMap {
+    keys = [];
+    values = new Map();
+    set(key, value) {
+        if (!this.values.has(key))
+            this.keys.push(key);
+        this.values.set(key, value);
+    }
+    toJSON() {
+        const parts = [];
+        for (const k of this.keys) {
+            parts.push(`${JSON.stringify(k)}:${JSON.stringify(this.values.get(k))}`);
+        }
+        return `{${parts.join(',')}}`;
+    }
+}
+exports.OrderedMap = OrderedMap;
+function newFPContext(identity) {
+    const ts = Math.floor(Date.now() / 1000);
+    return {
+        identity,
+        canvasHash: identity.canvasHash,
+        histogramBins: [...identity.histogramBase],
+        lsUbidSignin: `${identity.lsubidPrefixSignin}-${String(randInt(10000000)).padStart(7, '0')}-${String(randInt(10000000)).padStart(7, '0')}:${ts}`,
+        lsUbidProfile: '',
+        perfTiming: null,
+        startTime: null
+    };
+}
+function resetPerfTiming(ctx) {
+    ctx.perfTiming = null;
+}
+function genPerfTiming(nowMs) {
+    const loadEventEnd = nowMs - (500 + randInt(1001));
+    const loadDuration = 2000 + randInt(2001);
+    const base = loadEventEnd - loadDuration;
+    const dnsOffset = 2 + randInt(8);
+    const connectEndOffset = 300 + randInt(300);
+    const responseOffset = connectEndOffset + 200 + randInt(400);
+    const domInteractiveOffset = loadDuration - (5 + randInt(11));
+    const domContentLoadedStart = domInteractiveOffset + randInt(3);
+    return {
+        connectStart: base + dnsOffset + 1 + randInt(3),
+        secureConnectionStart: base + dnsOffset + 3 + randInt(5),
+        unloadEventEnd: 0,
+        domainLookupStart: base + dnsOffset,
+        domainLookupEnd: base + dnsOffset + randInt(2),
+        responseStart: base + responseOffset,
+        connectEnd: base + connectEndOffset,
+        responseEnd: base + responseOffset + randInt(5),
+        requestStart: base + connectEndOffset,
+        domLoading: base + responseOffset + 2 + randInt(5),
+        redirectStart: 0,
+        loadEventEnd,
+        domComplete: loadEventEnd,
+        navigationStart: base,
+        loadEventStart: loadEventEnd,
+        domContentLoadedEventEnd: loadEventEnd,
+        unloadEventStart: 0,
+        redirectEnd: 0,
+        domInteractive: base + domInteractiveOffset,
+        fetchStart: base + dnsOffset,
+        domContentLoadedEventStart: base + domContentLoadedStart
+    };
+}
+function getPerfTiming(ctx, nowMs) {
+    if (!ctx.perfTiming)
+        ctx.perfTiming = genPerfTiming(nowMs);
+    return ctx.perfTiming;
+}
+function getLsUbid(ctx, pageType) {
+    if (pageType === 'profile') {
+        if (!ctx.lsUbidProfile) {
+            const ts = ctx.perfTiming
+                ? Math.floor(ctx.perfTiming.loadEventEnd / 1000)
+                : Math.floor(Date.now() / 1000);
+            ctx.lsUbidProfile = `${ctx.identity.lsubidPrefixProfile}-${String(randInt(10000000)).padStart(7, '0')}-${String(randInt(10000000)).padStart(7, '0')}:${ts}`;
+        }
+        return ctx.lsUbidProfile;
+    }
+    return ctx.lsUbidSignin;
+}
+function getStartTime(ctx, nowMs) {
+    if (ctx.startTime === null)
+        ctx.startTime = nowMs;
+    return ctx.startTime;
+}
+// ============ Metrics & Interaction ============
+function genMetricsFirstLoad(pageType) {
+    const m = {
+        el: 0, script: 0, h: 0, batt: 0, perf: 0, auto: 0,
+        tz: 0, fp2: 0, lsubid: 0, browser: 0, capabilities: 0,
+        gpu: 0, dnt: 0, math: 0, tts: 0, input: 0, canvas: 0,
+        captchainput: 0, pow: 0
+    };
+    switch (pageType) {
+        case 'profile':
+            m.batt = 5 + randInt(21);
+            m.fp2 = 1 + randInt(8);
+            m.browser = randInt(4);
+            m.capabilities = 1 + randInt(8);
+            m.dnt = randInt(4);
+            m.input = 8 + randInt(23);
+            m.canvas = 5 + randInt(16);
+            break;
+        case 'signup':
+            m.script = randInt(3);
+            m.batt = randInt(6);
+            m.fp2 = randInt(4);
+            m.gpu = 3 + randInt(6);
+            break;
+        default:
+            m.script = randInt(3);
+            m.auto = randInt(3);
+            m.browser = randInt(3);
+            m.gpu = 3 + randInt(6);
+    }
+    return m;
+}
+function genMetricsPageSubmit() {
+    return {
+        el: 0, script: 0, h: 0, batt: 0, perf: randInt(3),
+        auto: 0, tz: 0, fp2: 0, lsubid: 0, browser: 0,
+        capabilities: 0, gpu: 0, dnt: 0, math: 0, tts: 0,
+        input: 0, canvas: 0, captchainput: 0, pow: 0
+    };
+}
+function genInteraction(eventType) {
+    if (eventType === 'PageLoad' || eventType === 'first_load') {
+        return {
+            clicks: 0, touches: 0, keyPresses: 0,
+            cuts: 0, copies: 0, pastes: 0,
+            keyPressTimeIntervals: [], mouseClickPositions: [],
+            keyCycles: [], mouseCycles: [], touchCycles: []
+        };
+    }
+    const nClicks = 1 + randInt(3);
+    const nKeys = 3 + randInt(8);
+    const nIntervals = Math.max(1, Math.floor(nKeys / 3)) + randInt(Math.max(1, Math.floor(nKeys / 2) - Math.floor(nKeys / 3) + 1));
+    const nCycles = Math.max(2, Math.floor(nKeys / 2)) + randInt(Math.max(1, Math.floor(nKeys * 2 / 3) - Math.floor(nKeys / 2) + 1));
+    return {
+        clicks: nClicks, touches: 0, keyPresses: nKeys,
+        cuts: 0, copies: 0, pastes: 0,
+        keyPressTimeIntervals: Array.from({ length: nIntervals }, () => 80 + randInt(621)),
+        mouseClickPositions: Array.from({ length: nClicks }, () => `${400 + randInt(401)},${300 + randInt(201)}`),
+        keyCycles: Array.from({ length: nCycles }, () => 20 + randInt(281)),
+        mouseCycles: Array.from({ length: nClicks }, () => 50 + randInt(101)),
+        touchCycles: []
+    };
+}
+function genFormField(startMs, emailLen, email, interaction) {
+    const fieldTs = startMs - (10 + randInt(41));
+    const fieldRand = 1000 + randInt(9000);
+    const fieldName = `formField29-${fieldTs}-${fieldRand}`;
+    let nKeys = Math.max(3, Math.floor(emailLen / 3) + randInt(5) - 2);
+    const intervals = Array.from({ length: Math.min(nKeys - 1, 5) }, () => 80 + randInt(621));
+    const keyCycles = Array.from({ length: Math.min(nKeys, 6) }, () => 20 + randInt(231));
+    if (typeof interaction.keyPresses === 'number' && interaction.keyPresses > 0) {
+        nKeys = interaction.keyPresses;
+    }
+    const checksumStr = email || `user${1000 + randInt(9000)}@example.com`;
+    const cksum = crc32Str(checksumStr).toString(16).toUpperCase().padStart(8, '0');
+    return {
+        [fieldName]: {
+            clicks: 1, touches: 0, keyPresses: nKeys,
+            cuts: 0, copies: 0, pastes: 0,
+            keyPressTimeIntervals: intervals,
+            mouseClickPositions: [`${100 + randInt(151)}.5,${10 + randInt(11)}.5`],
+            keyCycles, mouseCycles: [80 + randInt(71)], touchCycles: [],
+            width: 180, height: 32, totalFocusTime: 0,
+            checksum: cksum, autocomplete: false, prefilled: false
+        }
+    };
+}
+// ============ Build Fingerprint ============
+function formatScreen(s) {
+    return `${s.width}-${s.height}-${s.availHeight}-${s.colorDepth}-*-*-*`;
+}
+function formatPlugins(plugins) {
+    return plugins.map((p) => p.name).join(' ');
+}
+function buildFingerprintData(identity, locationURL, referrer, nowMs, ctx, pageType, eventType, timeOnPage, emailLen, email) {
+    const canvasHash = ctx ? ctx.canvasHash : identity.canvasHash;
+    const histogram = ctx ? ctx.histogramBins : identity.histogramBase;
+    const perfTiming = ctx ? getPerfTiming(ctx, nowMs) : genPerfTiming(nowMs);
+    let lsUbid;
+    if (ctx) {
+        lsUbid = getLsUbid(ctx, pageType);
+    }
+    else {
+        lsUbid = `${identity.lsubidPrefixSignin}-${String(randInt(10000000)).padStart(7, '0')}-${String(randInt(10000000)).padStart(7, '0')}:${Math.floor(perfTiming.loadEventEnd / 1000)}`;
+    }
+    let dynamicURLs;
+    let scriptsElapsed;
+    let historyLength;
+    let isCompatible;
+    switch (pageType) {
+        case 'profile':
+            dynamicURLs = [`/dist/main/app_${identity.webpackHash}.min.js`];
+            scriptsElapsed = 0;
+            historyLength = (eventType === 'PageLoad' || eventType === 'first_load') ? 2 : 3;
+            isCompatible = true;
+            break;
+        case 'signup':
+            dynamicURLs = ['/assets/js/app.js'];
+            scriptsElapsed = 1;
+            historyLength = 5;
+            isCompatible = true;
+            break;
+        default:
+            dynamicURLs = ['/assets/js/app.js'];
+            scriptsElapsed = 1;
+            historyLength = 1;
+            isCompatible = false;
+    }
+    let metrics;
+    if (eventType === 'first_load' || (eventType === 'PageLoad' && pageType === 'profile')) {
+        metrics = genMetricsFirstLoad(pageType);
+    }
+    else {
+        metrics = genMetricsPageSubmit();
+    }
+    const interaction = genInteraction(eventType);
+    const endMs = nowMs + randInt(51);
+    let startTime;
+    if (eventType !== 'PageLoad' && eventType !== 'first_load' && timeOnPage > 0) {
+        startTime = endMs - timeOnPage;
+    }
+    else if (ctx) {
+        if (eventType === 'first_load') {
+            startTime = getStartTime(ctx, nowMs - (500 + randInt(501)));
+        }
+        else if (eventType === 'PageLoad' && pageType === 'profile') {
+            startTime = getStartTime(ctx, nowMs - (30 + randInt(51)));
+        }
+        else {
+            startTime = getStartTime(ctx, nowMs);
+        }
+    }
+    else {
+        startTime = nowMs;
+    }
+    const pluginsStr = formatPlugins(identity.plugins);
+    const screenStr = formatScreen(identity.screen);
+    const result = new OrderedMap();
+    result.set('metrics', metrics);
+    result.set('start', startTime);
+    result.set('interaction', interaction);
+    result.set('scripts', {
+        dynamicUrls: dynamicURLs, inlineHashes: [],
+        elapsed: scriptsElapsed, dynamicUrlCount: dynamicURLs.length, inlineHashesCount: 0
+    });
+    result.set('history', { length: historyLength });
+    result.set('battery', {});
+    result.set('performance', { timing: perfTiming });
+    result.set('automation', {
+        wd: { properties: { document: [], window: [], navigator: [] } },
+        phantom: { properties: { window: [] } }
+    });
+    result.set('end', endMs);
+    result.set('timeZone', 8);
+    result.set('flashVersion', null);
+    result.set('plugins', pluginsStr + ' ||' + screenStr);
+    result.set('dupedPlugins', pluginsStr + ' ||' + screenStr);
+    result.set('screenInfo', screenStr);
+    result.set('lsUbid', lsUbid);
+    result.set('referrer', referrer);
+    result.set('userAgent', identity.ua);
+    result.set('location', locationURL);
+    result.set('webDriver', false);
+    result.set('capabilities', {
+        css: {
+            textShadow: 1, WebkitTextStroke: 1, boxShadow: 1,
+            borderRadius: 1, borderImage: 1, opacity: 1,
+            transform: 1, transition: 1
+        },
+        js: {
+            audio: true, geolocation: true, localStorage: 'supported',
+            touch: false, video: true, webWorker: true
+        },
+        elapsed: 0
+    });
+    result.set('gpu', {
+        vendor: identity.gpuVendor, model: identity.gpuModel,
+        extensions: identity.webGLExts
+    });
+    result.set('dnt', null);
+    result.set('math', { tan: identity.mathTan, sin: identity.mathSin, cos: identity.mathCos });
+    if (pageType === 'profile') {
+        if (eventType === 'PageLoad' || eventType === 'first_load') {
+            result.set('timeToSubmit', 1 + randInt(5));
+        }
+        else if (timeOnPage > 0) {
+            result.set('timeToSubmit', timeOnPage);
+        }
+        else {
+            result.set('timeToSubmit', 2000 + randInt(4001));
+        }
+    }
+    if (pageType === 'profile' && eventType !== 'PageLoad' && eventType !== 'first_load' && emailLen > 0) {
+        result.set('form', genFormField(nowMs, emailLen, email, interaction));
+    }
+    else {
+        result.set('form', {});
+    }
+    result.set('canvas', { hash: canvasHash, emailHash: null, histogramBins: [...histogram] });
+    result.set('token', { isCompatible, pageHasCaptcha: 0 });
+    result.set('auth', { form: { method: 'get' } });
+    result.set('errors', []);
+    result.set('version', (0, xxtea_1.getTESVersion)());
+    return result;
+}
+/** 生成加密后的浏览器指纹字符串 */
+function generateFingerprint(identity, locationURL, referrer, ctx, pageType, eventType, timeOnPage, emailLen, email) {
+    const nowMs = Date.now();
+    const fpData = buildFingerprintData(identity, locationURL, referrer, nowMs, ctx, pageType, eventType, timeOnPage, emailLen, email);
+    const jsonStr = fpData.toJSON();
+    return (0, xxtea_1.encryptFingerprint)(jsonStr);
+}

package/out-server/main/registration/http-utils.js

@@ -0,0 +1,148 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_SEC_UA = exports.DEFAULT_UA = void 0;
+exports.visitorId = visitorId;
+exports.awsccc = awsccc;
+exports.ubidGen = ubidGen;
+exports.kiroVisitorId = kiroVisitorId;
+exports.pkce = pkce;
+exports.newUUID = newUUID;
+exports.gmtDate = gmtDate;
+exports.extractParam = extractParam;
+exports.splitAfter = splitAfter;
+exports.getNestedMap = getNestedMap;
+exports.getNestedStringMap = getNestedStringMap;
+exports.saveCookies = saveCookies;
+const crypto_1 = __importDefault(require("crypto"));
+exports.DEFAULT_UA = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36';
+exports.DEFAULT_SEC_UA = '"Chromium";v="146", "Not/A)Brand";v="24", "Google Chrome";v="146"';
+/** 生成 4 位随机十六进制 */
+function hex4() {
+    const chars = '0123456789abcdef';
+    let s = '';
+    for (let i = 0; i < 4; i++)
+        s += chars[Math.floor(Math.random() * 16)];
+    return s;
+}
+/** 生成随机 visitor ID (UUID v4-like) */
+function visitorId() {
+    return `${hex4()}${hex4()}-${hex4()}-7${hex4().slice(1)}-${hex4()}-${hex4()}${hex4()}${hex4()}`;
+}
+/** 生成 awsccc cookie 值 */
+function awsccc() {
+    const d = {
+        e: 1,
+        p: 1,
+        f: 1,
+        a: 1,
+        i: `${hex4()}${hex4()}-${hex4()}-4${hex4().slice(1)}-${hex4()}-${hex4()}${hex4()}${hex4()}`,
+        v: '1'
+    };
+    return Buffer.from(JSON.stringify(d)).toString('base64');
+}
+/** 生成 ubid cookie 值 */
+function ubidGen() {
+    const d7 = Array.from({ length: 7 }, () => Math.floor(Math.random() * 10)).join('');
+    const d6 = Array.from({ length: 6 }, () => Math.floor(Math.random() * 10)).join('');
+    return `186-${d7}-${d6}`;
+}
+/** 生成 Kiro visitor ID */
+function kiroVisitorId() {
+    const chars = '0123456789abcdefghijklmnopqrstuvwxyz';
+    let s = '';
+    for (let i = 0; i < 11; i++)
+        s += chars[Math.floor(Math.random() * chars.length)];
+    return `${Date.now()}-${s}`;
+}
+/** 生成 PKCE code_verifier 和 code_challenge */
+function pkce() {
+    const raw = crypto_1.default.randomBytes(32);
+    const verifier = raw.toString('base64url');
+    const hash = crypto_1.default.createHash('sha256').update(verifier).digest();
+    const challenge = hash.toString('base64url');
+    return { verifier, challenge };
+}
+/** 生成 UUID */
+function newUUID() {
+    const b = crypto_1.default.randomBytes(16);
+    return [
+        b.subarray(0, 4).toString('hex'),
+        b.subarray(4, 6).toString('hex'),
+        b.subarray(6, 8).toString('hex'),
+        b.subarray(8, 10).toString('hex'),
+        b.subarray(10, 16).toString('hex')
+    ].join('-');
+}
+/** 生成 GMT 日期字符串 */
+function gmtDate() {
+    return new Date().toUTCString();
+}
+/** 从 URL 中提取查询参数 */
+function extractParam(rawURL, key) {
+    try {
+        const u = new URL(rawURL);
+        return u.searchParams.get(key) || '';
+    }
+    catch {
+        return '';
+    }
+}
+/** 从字符串中提取分隔符后的内容 */
+function splitAfter(s, sep) {
+    const idx = s.indexOf(sep);
+    if (idx < 0)
+        return '';
+    const rest = s.slice(idx + sep.length);
+    const ampIdx = rest.indexOf('&');
+    return ampIdx >= 0 ? rest.slice(0, ampIdx) : rest;
+}
+/** 获取嵌套 map 值 */
+function getNestedMap(data, ...keys) {
+    let current = data;
+    for (const k of keys) {
+        if (typeof current !== 'object' || current === null)
+            return null;
+        current = current[k];
+    }
+    return typeof current === 'object' && current !== null
+        ? current
+        : null;
+}
+/** 获取嵌套的 string map */
+function getNestedStringMap(data, key) {
+    if (!data)
+        return null;
+    const nested = data[key];
+    if (typeof nested !== 'object' || nested === null)
+        return null;
+    const result = {};
+    for (const [k, v] of Object.entries(nested)) {
+        if (typeof v === 'string')
+            result[k] = v;
+    }
+    return Object.keys(result).length > 0 ? result : null;
+}
+/** 从 Set-Cookie 头中提取并保存 cookies */
+function saveCookies(cookies, headers) {
+    const skip = new Set(['path', 'domain', 'expires', 'max-age', 'secure', 'httponly', 'samesite']);
+    const setCookieHeader = headers['set-cookie'];
+    if (!setCookieHeader)
+        return;
+    const values = Array.isArray(setCookieHeader) ? setCookieHeader : [setCookieHeader];
+    for (const raw of values) {
+        if (!raw.includes('='))
+            continue;
+        const mainPart = raw.split(';')[0];
+        const eqIdx = mainPart.indexOf('=');
+        if (eqIdx < 0)
+            continue;
+        const k = mainPart.slice(0, eqIdx).trim();
+        const v = mainPart.slice(eqIdx + 1).trim();
+        if (!skip.has(k.toLowerCase()) && k) {
+            cookies.set(k, v);
+        }
+    }
+}

package/out-server/main/registration/jwe.js

@@ -0,0 +1,74 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptPassword = encryptPassword;
+const crypto_1 = __importDefault(require("crypto"));
+function b64url(data) {
+    return data.toString('base64url');
+}
+function jwkToPublicKey(jwk) {
+    const n = Buffer.from(jwk.n, 'base64url');
+    const e = Buffer.from(jwk.e, 'base64url');
+    return crypto_1.default.createPublicKey({
+        key: {
+            kty: 'RSA',
+            n: n.toString('base64url'),
+            e: e.toString('base64url')
+        },
+        format: 'jwk'
+    });
+}
+function genUUID() {
+    const b = crypto_1.default.randomBytes(16);
+    return [
+        b.subarray(0, 4).toString('hex'),
+        b.subarray(4, 6).toString('hex'),
+        b.subarray(6, 8).toString('hex'),
+        b.subarray(8, 10).toString('hex'),
+        b.subarray(10, 16).toString('hex')
+    ].join('-');
+}
+/** JWE 加密密码 (RSA-OAEP-256 + A256GCM) */
+function encryptPassword(password, publicKey, issuer, audience, region) {
+    // Header
+    const header = {
+        alg: 'RSA-OAEP-256',
+        kid: publicKey.kid,
+        enc: 'A256GCM',
+        cty: 'enc',
+        typ: 'application/aws+signin+jwe'
+    };
+    const headerJSON = Buffer.from(JSON.stringify(header));
+    const headerB64 = b64url(headerJSON);
+    // CEK (内容加密密钥)
+    const cek = crypto_1.default.randomBytes(32);
+    // RSA-OAEP-256 加密 CEK
+    const pubKey = jwkToPublicKey(publicKey);
+    const encryptedCEK = crypto_1.default.publicEncrypt({
+        key: pubKey,
+        padding: crypto_1.default.constants.RSA_PKCS1_OAEP_PADDING,
+        oaepHash: 'sha256'
+    }, cek);
+    // Claims
+    const now = Math.floor(Date.now() / 1000);
+    const claims = {
+        iss: `${region}.${issuer}`,
+        iat: now,
+        nbf: now,
+        jti: genUUID(),
+        exp: now + 300,
+        aud: `${region}.${audience}`,
+        password
+    };
+    const plaintext = Buffer.from(JSON.stringify(claims));
+    // AES-256-GCM 加密
+    const iv = crypto_1.default.randomBytes(12);
+    const cipher = crypto_1.default.createCipheriv('aes-256-gcm', cek, iv, { authTagLength: 16 });
+    cipher.setAAD(Buffer.from(headerB64, 'ascii'));
+    const ct = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    // JWE Compact: header.encKey.iv.ciphertext.tag
+    return `${headerB64}.${b64url(encryptedCEK)}.${b64url(iv)}.${b64url(ct)}.${b64url(tag)}`;
+}