@lingxiteam/assets 0.7.30-alpha.28 → 0.7.30-alpha.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/es/security/fetch.d.ts +4 -0
- package/es/security/fetch.js +24 -0
- package/es/security/httpEncryption.js +14 -23
- package/es/security/index.d.ts +17 -0
- package/es/security/index.js +3 -1
- package/es/{utils → security}/sign.d.ts +0 -6
- package/es/{utils → security}/sign.js +16 -27
- package/package.json +1 -1
- package/es/utils/index.d.ts +0 -1
- package/es/utils/index.js +0 -1
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
|
|
2
|
+
|
|
3
|
+
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { _defineProperty(target, key, source[key]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } return target; }
|
|
4
|
+
|
|
5
|
+
function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
|
|
6
|
+
|
|
7
|
+
import { createHttpSignStr } from './sign';
|
|
8
|
+
var originFetch = window.fetch;
|
|
9
|
+
var envKey = process.env.LING_XI_HTTP_SIGN_HEADER_KEY || process.env.REACT_APP_HTTP_SIGN_HEADER_KEY || process.env.UMI_APP_HTTP_SIGN_HEADER_KEY || process.env.FISHX_APP_HTTP_SIGN_HEADER_KEY;
|
|
10
|
+
|
|
11
|
+
var fetch = function fetch(url) {
|
|
12
|
+
var fetchOptions = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
|
|
13
|
+
var config = arguments.length > 2 ? arguments[2] : undefined;
|
|
14
|
+
|
|
15
|
+
var opts = _objectSpread({}, fetchOptions);
|
|
16
|
+
|
|
17
|
+
if (!config || !config.mode || config.mode === 'signKey') {
|
|
18
|
+
opts.headers = _objectSpread(_objectSpread({}, opts.headers), {}, _defineProperty({}, envKey || 'X-SIGN', createHttpSignStr(url, fetchOptions)));
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
return originFetch(url, opts);
|
|
22
|
+
};
|
|
23
|
+
|
|
24
|
+
export default fetch;
|
|
@@ -1,25 +1,22 @@
|
|
|
1
|
-
function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
|
|
2
|
-
|
|
3
|
-
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { _defineProperty(target, key, source[key]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } return target; }
|
|
4
|
-
|
|
5
|
-
function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
|
|
6
|
-
|
|
7
1
|
/*
|
|
8
2
|
* @Author: 张国永 zhang.guoyong2@iwhalecloud.com
|
|
9
3
|
* @Date: 2022-08-08 15:08:58
|
|
10
|
-
* @LastEditors: 张国永 zhang.guoyong2@iwhalecloud.com
|
|
11
|
-
* @LastEditTime: 2022-08-08 17:48:49
|
|
12
|
-
* @FilePath: /lcdp-editor/packages/assets/src/security/http.js
|
|
13
4
|
* @Description: 一个简单的http请求安全加密处理
|
|
14
5
|
*/
|
|
15
|
-
// TODO 支持XMLHttpRequest
|
|
16
|
-
|
|
6
|
+
// TODO 支持XMLHttpRequest拦截、参数混淆、响应拦截
|
|
7
|
+
// 使用方式1: 使用fetch请求模块,start({ mode: signKey }),适应经过封装的fetch模块
|
|
8
|
+
// 使用方式2: 使用fetch请求模块,将window.fetch 替换成 fetch,适应自己封装的fetch模块
|
|
9
|
+
// 使用方式3: 不使用fetch请求模块,使用createHttpSignStr自己获取签名,自行在header上添加参数
|
|
10
|
+
import { createHttpSignStr } from './sign';
|
|
11
|
+
import fetch from './fetch';
|
|
17
12
|
var isHttpEncryption = false;
|
|
18
13
|
var originFetch = window.fetch;
|
|
19
14
|
|
|
20
15
|
function start(_ref) {
|
|
21
16
|
var _ref$mode = _ref.mode,
|
|
22
|
-
mode = _ref$mode === void 0 ? '' : _ref$mode
|
|
17
|
+
mode = _ref$mode === void 0 ? '' : _ref$mode,
|
|
18
|
+
_ref$signKeyOptions = _ref.signKeyOptions,
|
|
19
|
+
signKeyOptions = _ref$signKeyOptions === void 0 ? {} : _ref$signKeyOptions;
|
|
23
20
|
|
|
24
21
|
if (!mode) {
|
|
25
22
|
console.error('http加密开启失败,缺少mode参数');
|
|
@@ -35,17 +32,10 @@ function start(_ref) {
|
|
|
35
32
|
isHttpEncryption = true;
|
|
36
33
|
|
|
37
34
|
window.fetch = function (url) {
|
|
38
|
-
var
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
if (isHttpEncryption && options.isHttpEncryption !== false) {
|
|
43
|
-
opts.headers = _objectSpread(_objectSpread({}, opts.headers), {}, {
|
|
44
|
-
'X-SIGN': createHttpSignStr(url, options)
|
|
45
|
-
});
|
|
46
|
-
}
|
|
47
|
-
|
|
48
|
-
return originFetch(url, opts);
|
|
35
|
+
var fetchOptions = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
|
|
36
|
+
return fetch(url, fetchOptions, {
|
|
37
|
+
mode: mode
|
|
38
|
+
});
|
|
49
39
|
};
|
|
50
40
|
} else {
|
|
51
41
|
console.error('http加密开启失败,目前仅支持window.fetch方式');
|
|
@@ -70,5 +60,6 @@ function stop() {
|
|
|
70
60
|
export default {
|
|
71
61
|
start: start,
|
|
72
62
|
stop: stop,
|
|
63
|
+
fetch: fetch,
|
|
73
64
|
createHttpSignStr: createHttpSignStr
|
|
74
65
|
};
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
declare const _default: {
|
|
2
|
+
httpEncryption: {
|
|
3
|
+
start: ({ mode, signKeyOptions }: {
|
|
4
|
+
mode?: string | undefined;
|
|
5
|
+
signKeyOptions?: {} | undefined;
|
|
6
|
+
}) => boolean;
|
|
7
|
+
stop: () => void;
|
|
8
|
+
fetch: (url: any, fetchOptions?: any, config?: {
|
|
9
|
+
mode: string;
|
|
10
|
+
} | undefined) => Promise<Response>;
|
|
11
|
+
createHttpSignStr: (url: string, options: any) => string;
|
|
12
|
+
};
|
|
13
|
+
sign: {
|
|
14
|
+
createHttpSignStr: (url: string, options: any) => string;
|
|
15
|
+
};
|
|
16
|
+
};
|
|
17
|
+
export default _default;
|
package/es/security/index.js
CHANGED
|
@@ -1,15 +1,7 @@
|
|
|
1
1
|
function _typeof(obj) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) { return typeof obj; } : function (obj) { return obj && "function" == typeof Symbol && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; }, _typeof(obj); }
|
|
2
2
|
|
|
3
|
-
/*
|
|
4
|
-
* @Author: 张国永 zhang.guoyong2@iwhalecloud.com
|
|
5
|
-
* @Date: 2022-08-03 15:23:52
|
|
6
|
-
* @LastEditors: 张国永 zhang.guoyong2@iwhalecloud.com
|
|
7
|
-
* @LastEditTime: 2022-08-08 16:31:52
|
|
8
|
-
* @FilePath: /lcdp-editor/packages/assets/src/utils/sign.ts
|
|
9
|
-
* @Description: 这是默认设置,请设置`customMade`, 打开koroFileHeader查看配置 进行设置: https://github.com/OBKoro1/koro1FileHeader/wiki/%E9%85%8D%E7%BD%AE
|
|
10
|
-
*/
|
|
11
3
|
import { sha256 } from 'js-sha256';
|
|
12
|
-
var SIGN_KEY = process.env.
|
|
4
|
+
var SIGN_KEY = process.env.LING_XI_HTTP_SIGN_KEY || 'zrT5bi2escXilaH1fs653uZiH9RWfzCS'; // 1、签名算法:
|
|
13
5
|
// 通过对url、参数、秘钥拼接成字符串,然后对字符串使用算法SHA-256得到64个字符串,放到header, X-SIGN=XXXXXXX。
|
|
14
6
|
// 2、签名字符串拼接规则:
|
|
15
7
|
// a.get 请求:url+"#"+header+"#"+参数+"#"+秘钥
|
|
@@ -28,8 +20,15 @@ var SIGN_KEY = process.env.SIGN_KEY || 'zrT5bi2escXilaH1fs653uZiH9RWfzCS'; // 1
|
|
|
28
20
|
* @param {请求参数} options
|
|
29
21
|
* @returns
|
|
30
22
|
*/
|
|
23
|
+
// 由于X-B 的规则可能被业务网关使用,并往请求头增加内容,导致前后端加密不一致
|
|
24
|
+
// 2022.08.09 使用以下3个固定值 + X-LX-*匹配 方式
|
|
31
25
|
|
|
26
|
+
var hKeys = ['X-B-AUTH', 'X-B-TARGET-ID', 'APP-ID'];
|
|
32
27
|
export var createHttpSignStr = function createHttpSignStr(url, options) {
|
|
28
|
+
if (!url || !options) {
|
|
29
|
+
return '';
|
|
30
|
+
}
|
|
31
|
+
|
|
33
32
|
var method = options.method,
|
|
34
33
|
headers = options.headers,
|
|
35
34
|
body = options.body; // 获取参数1: 接口名称
|
|
@@ -39,32 +38,22 @@ export var createHttpSignStr = function createHttpSignStr(url, options) {
|
|
|
39
38
|
var headerParams = '';
|
|
40
39
|
var headersKeyArr = [];
|
|
41
40
|
Object.keys(headers).forEach(function (key) {
|
|
42
|
-
if (key.startsWith('X-')) {
|
|
43
|
-
headersKeyArr.push(key.toLowerCase());
|
|
41
|
+
if (key.startsWith('X-LX-') || hKeys.includes(key)) {
|
|
42
|
+
headersKeyArr.push("".concat(key.toLowerCase(), "=").concat(headers[key]));
|
|
44
43
|
}
|
|
45
44
|
});
|
|
46
|
-
|
|
47
|
-
if (headers['APP-ID']) {
|
|
48
|
-
headersKeyArr.push('APP-ID'.toLowerCase());
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
if (headersKeyArr.length > 0) {
|
|
52
|
-
var tmpHeader = JSON.parse(JSON.stringify(headers));
|
|
53
|
-
Object.keys(headers).forEach(function (key) {
|
|
54
|
-
tmpHeader[key.toLowerCase()] = headers[key];
|
|
55
|
-
});
|
|
56
|
-
headerParams = headersKeyArr.sort().map(function (key) {
|
|
57
|
-
return "".concat(key, "=").concat(tmpHeader[key]);
|
|
58
|
-
}).join(';');
|
|
59
|
-
} // 获取参数3:
|
|
60
|
-
|
|
45
|
+
headerParams = headersKeyArr.sort().join(';'); // 获取参数3: 请求参数
|
|
61
46
|
|
|
62
47
|
var params = '';
|
|
63
48
|
|
|
64
|
-
if (method === 'get') {
|
|
49
|
+
if (method.toLowerCase() === 'get') {
|
|
65
50
|
params = url.split('?')[1] || '';
|
|
66
51
|
} else {
|
|
67
52
|
params = _typeof(body) === 'object' ? JSON.stringify(body) : body;
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
if (window.signDebug) {
|
|
56
|
+
console.log('sign', [apiName, headerParams, params, SIGN_KEY].join('#'));
|
|
68
57
|
} // 生成约定签名
|
|
69
58
|
|
|
70
59
|
|
package/package.json
CHANGED
package/es/utils/index.d.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
|
package/es/utils/index.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
"use strict";
|