@lingxiteam/ebe-utils 0.0.33 → 0.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/es/index.d.ts +5 -1
  2. package/es/index.js +107 -62
  3. package/lib/public/src/services/api/engine.ts +0 -2
  4. package/lib/public/src/utils/Security/clientCapabilities.ts +8 -0
  5. package/lib/public/src/utils/Security/config.ts +56 -49
  6. package/lib/public/src/utils/Security/const.ts +38 -127
  7. package/lib/public/src/utils/Security/debug/data.ts +86 -0
  8. package/lib/public/src/utils/Security/debug/index.ts +21 -0
  9. package/lib/public/src/utils/Security/encipher/sign.ts +25 -56
  10. package/lib/public/src/utils/Security/html.ts +52 -0
  11. package/lib/public/src/utils/Security/httpEncryption.ts +42 -23
  12. package/lib/public/src/utils/Security/index.ts +15 -7
  13. package/lib/public/src/utils/Security/requester/fetch.ts +87 -52
  14. package/lib/public/src/utils/Security/requester/wx.ts +60 -11
  15. package/lib/public/src/utils/Security/requester/xhr.ts +194 -40
  16. package/lib/public/src/utils/Security/types.ts +8 -90
  17. package/lib/public/src/utils/Security/urlEncryption.ts +108 -0
  18. package/lib/public/src/utils/Security/utils/atob.ts +34 -0
  19. package/lib/public/src/utils/Security/utils/caseInsensitive.ts +25 -0
  20. package/lib/public/src/utils/Security/utils/check.ts +27 -3
  21. package/lib/public/src/utils/Security/utils/cookie.ts +101 -53
  22. package/lib/public/src/utils/Security/utils/encrypted.ts +190 -43
  23. package/lib/public/src/utils/Security/utils/random.ts +21 -0
  24. package/lib/public/src/utils/Security/utils/storge.ts +22 -0
  25. package/lib/public/src/utils/Security/utils/url.ts +30 -5
  26. package/lib/public/src/utils/getSceneCode.ts +51 -0
  27. package/package.json +2 -2
@@ -2,9 +2,14 @@ import config from '../config';
2
2
  import { lxKey } from '../const';
3
3
  import { AESDecrypt, AESEncrypt } from '../encipher/aes';
4
4
  import { RSADecrypt, RSAEncrypt } from '../encipher/rsa';
5
- import { MODE } from '../types';
6
- import message from './message';
5
+ import { MODE, requester } from '../types';
6
+ import { getObjectValue } from './caseInsensitive';
7
7
 
8
+ /**
9
+ * 预置内部加密函数,将秘钥进行加密使用
10
+ * @param str 待加密内容
11
+ * @returns
12
+ */
8
13
  export function lxEncrypt(str: string) {
9
14
  if (config.keyEncrypt) {
10
15
  return AESEncrypt(str, lxKey) || str;
@@ -12,6 +17,11 @@ export function lxEncrypt(str: string) {
12
17
  return str;
13
18
  }
14
19
 
20
+ /**
21
+ * 预置内部解密函数
22
+ * @param str 待加密内容
23
+ * @returns
24
+ */
15
25
  function lxDecrypt(str: string) {
16
26
  if (config.keyEncrypt) {
17
27
  return AESDecrypt(str, lxKey) || str;
@@ -19,6 +29,12 @@ function lxDecrypt(str: string) {
19
29
  return str;
20
30
  }
21
31
 
32
+ /**
33
+ * 统一加密函数
34
+ * @param str 待加密内容
35
+ * @param type 加密类型
36
+ * @returns string 加密后内容
37
+ */
22
38
  export function encryptedStr(str: string, type: string): string {
23
39
  if (type === MODE.AES) {
24
40
  return AESEncrypt(
@@ -36,17 +52,17 @@ export function encryptedStr(str: string, type: string): string {
36
52
  ) || ''
37
53
  );
38
54
  }
39
- if (type === MODE.DES) {
40
- message.warn('DES encryption is no longer supported');
41
- }
42
55
  return str;
43
56
  }
44
57
 
45
- export function decryptedStr(
46
- str: string,
47
- type: string,
48
- config: any = {},
49
- ): string {
58
+ /**
59
+ * 统一解密函数
60
+ * @param str 待解密内容
61
+ * @param type 加密类型
62
+ * @param config 配置项(自定义秘钥和解密方法)
63
+ * @returns string 解密后的内容
64
+ */
65
+ export function decryptedStr(str: string, type: string): string {
50
66
  if (type === MODE.AES) {
51
67
  return AESDecrypt(
52
68
  str,
@@ -63,59 +79,190 @@ export function decryptedStr(
63
79
  ) || ''
64
80
  );
65
81
  }
66
- if (type === MODE.DES) {
67
- message.warn('DES encryption is no longer supported');
68
- }
69
82
  return str;
70
83
  }
71
84
 
85
+ /**
86
+ * 将url参数加密,如: a=1&b=2 -> a=XAZYt1dl43v0gYUlNM6wEg%3D%3D&b=rbsCqzqEZvsUn41oxNsJ%2FQ%3D%3D
87
+ * @param search url参数, 如: a=1&b=2
88
+ * @param mode 加密模式
89
+ * @returns string 加密后数据
90
+ */
91
+ export const encryptedStrForSearchParams = (
92
+ search: string,
93
+ mode: '2.0' | '3.0',
94
+ ) => {
95
+ const params = search.split('&').map((param) => {
96
+ const [k, v] = param.split('=');
97
+ return `${encodeURIComponent(k)}=${encodeURIComponent(
98
+ encryptedStr(v, mode),
99
+ )}`;
100
+ });
101
+ return params.join('&');
102
+ };
103
+
104
+ /**
105
+ * 将url参数解密
106
+ * @param search url参数, 如: a=XAZYt1dl43v0gYUlNM6wEg%3D%3D&b=rbsCqzqEZvsUn41oxNsJ%2FQ%3D%3D
107
+ * @param mode 加密模式
108
+ * @returns string 解密后数据
109
+ */
110
+ export const decryptedStrForSearchParams = (
111
+ search: string,
112
+ mode: '2.0' | '3.0',
113
+ ) => {
114
+ const params = search.split('&').map((param) => {
115
+ const [k, v] = param.split('=');
116
+ return `${decodeURIComponent(k)}=${decryptedStr(
117
+ decodeURIComponent(v),
118
+ mode,
119
+ )}`;
120
+ });
121
+ return params.join('&');
122
+ };
123
+
124
+ /**
125
+ * 将对象数据value字段加密, 如: { a: 1, b: 2 } -> { a: 'XAZYt1dl43v0gYUlNM6wEg', b: 'XAZYt1dl43v0gYUlNM6wEg' }
126
+ * @param data 对象数据
127
+ * @param mode 加密模式
128
+ * @returns string 加密后数据
129
+ */
130
+ const encryptedStrForObjectBody = (
131
+ data: Record<any, any>,
132
+ mode: '2.0' | '3.0',
133
+ ) => {
134
+ return Object.keys(data).reduce(
135
+ (
136
+ previousValue: Record<string, string>,
137
+ key: string,
138
+ ): Record<string, string> => {
139
+ if (typeof data[key] === 'object') {
140
+ previousValue[key] = encryptedStr(JSON.stringify(data[key]), mode);
141
+ } else {
142
+ previousValue[key] = encryptedStr(String(data[key]), mode);
143
+ }
144
+ return previousValue;
145
+ },
146
+ {},
147
+ );
148
+ };
149
+
72
150
  interface optsType {
73
151
  body?: any;
74
152
  headers?: any;
75
153
  }
76
154
  type returnType = [string, { body?: any; headers?: any }];
77
155
 
78
- // 统一请求参数加密
156
+ /**
157
+ * 统一请求参数加密,对url参数、body参数进行加密
158
+ * @param url 请求url地址
159
+ * @param opts 请求配置,包含 headers、body
160
+ * @param mode 加密模式,2.0:rsa,3.0:aes
161
+ * @param requester 请求程序,"fetch" | "xhr" | "wxRequest"
162
+ * @returns [加密处理后的url, 加密处理后的数据(header、body)]
163
+ */
79
164
  export const encryptedRequestParams = (
80
165
  url: string,
81
166
  opts: optsType,
82
- type: string,
167
+ mode: '2.0' | '3.0',
168
+ requester: requester,
83
169
  ): returnType => {
84
- const isFormData = opts.body instanceof FormData;
170
+ const encryptedOpts = Object.assign({}, opts);
85
171
 
86
- // search 部分加密
172
+ // 在请求头增加‘模式’字段,告知后端解密方式
173
+ encryptedOpts.headers = {
174
+ ...(opts.headers || {}),
175
+ [config.securityHeaderKey as string]: mode,
176
+ };
177
+
178
+ // url search 部分参数加密
87
179
  const encryptedUrl =
88
180
  url.indexOf('?') !== -1
89
- ? url.replace(/[^?]+$/g, (search: string) => {
90
- const params = search.split('&').map((param) => {
91
- const [k, v] = param.split('=');
92
- return `${encodeURIComponent(k)}=${encodeURIComponent(
93
- encryptedStr(v, type),
94
- )}`;
95
- });
96
- return params.join('&');
97
- })
181
+ ? url.replace(/[^?]+$/g, (data) =>
182
+ encryptedStrForSearchParams(data, mode),
183
+ )
98
184
  : url;
99
185
 
100
- // body参数加密
101
- const encryptedOpts = Object.assign({}, opts);
102
- encryptedOpts.headers = {
103
- ...(opts.headers || {}),
104
- [config.securityHeaderKey as string]: type,
105
- };
186
+ /**
187
+ * body参数加密
188
+ * body 数据类型:
189
+ * - Fetch: a string | ArrayBuffer | Blob | DataView | File | FormData | TypedArray | URLSearchParams see: https://developer.mozilla.org/en-US/docs/Web/API/RequestInit#body
190
+ * - XHR: a string | Blob | FormData | URLSearchParams | Document | null see: https://developer.mozilla.org/zh-CN/docs/Web/API/XMLHttpRequest/send
191
+ * - wx.request: a string | object | ArrayBuffer see: https://developers.weixin.qq.com/miniprogram/dev/api/network/request/wx.request.html
192
+ *
193
+ * 入参数据为: opts.body, 数据来源于
194
+ * fetch请求的 options.body
195
+ * xhr请求 send方法入参
196
+ * wx请求的 options.data
197
+ *
198
+ * 加密原则:
199
+ * 1. 对于表单数据只加密value部分
200
+ * 2. json或文本类型整个body加密
201
+ * 3. 其他类型(File、Blob...)不加密
202
+ */
203
+ if (opts.body) {
204
+ const defaultContentType: Record<requester, string> = {
205
+ xhr: 'application/x-www-form-urlencoded',
206
+ fetch: 'text/plain',
207
+ wxRequest: 'application/json',
208
+ };
209
+ const contentType =
210
+ getObjectValue(opts.headers, 'Content-Type') ||
211
+ defaultContentType[requester];
212
+ const method = opts.headers?.method?.toUpperCase() || 'GET';
213
+ const isFormData =
214
+ typeof FormData !== 'undefined' && opts.body instanceof FormData;
215
+ const isURLSearchParams =
216
+ typeof URLSearchParams !== 'undefined' &&
217
+ opts.body instanceof URLSearchParams;
106
218
 
107
- if (isFormData) {
108
- // formData 加密
109
- const formData = new FormData();
110
- const reqBody = opts.body;
111
- for (const key of (reqBody as any).keys()) {
112
- const value = reqBody.get(key);
113
- formData.append(key, encryptedStr(value, type));
219
+ /* 1. 优先根据body数据类型来处理 */
220
+ if (isFormData || isURLSearchParams) {
221
+ const newObjData = isFormData ? new FormData() : new URLSearchParams();
222
+ const reqBody = opts.body;
223
+ for (const key of (reqBody as any).keys()) {
224
+ const value = reqBody.get(key);
225
+ // 只加密文本类型数据,文件数据不处理
226
+ if (typeof value === 'string') {
227
+ newObjData.append(key, encryptedStr(value, mode));
228
+ } else {
229
+ newObjData.append(key, value as any);
230
+ }
231
+ }
232
+ encryptedOpts.body = newObjData;
233
+ } /* 2. 根据contentType类型来处理 */ else if (
234
+ contentType.indexOf('application/json') !== -1
235
+ ) {
236
+ // wx.request 可以为对象类型
237
+ if (typeof opts.body === 'object') {
238
+ try {
239
+ if (method === 'GET') {
240
+ // get请求时,body数据将通过url参数传递
241
+ encryptedOpts.body = encryptedStrForObjectBody(opts.body, mode);
242
+ } else {
243
+ encryptedOpts.body = encryptedStr(JSON.stringify(opts.body), mode);
244
+ }
245
+ } catch {
246
+ encryptedOpts.body = opts.body;
247
+ }
248
+ } else {
249
+ encryptedOpts.body = encryptedStr(opts.body, mode);
250
+ }
251
+ } else if (
252
+ contentType.indexOf('application/x-www-form-urlencoded') !== -1
253
+ ) {
254
+ if (typeof opts.body === 'object') {
255
+ encryptedOpts.body = encryptedStrForObjectBody(opts.body, mode);
256
+ } else {
257
+ encryptedOpts.body = encryptedStrForSearchParams(opts.body, mode);
258
+ }
259
+ } else if (typeof opts.body === 'string') {
260
+ // 文本数据 加密
261
+ encryptedOpts.body = encryptedStr(opts.body, mode);
262
+ } else {
263
+ // 其他类型数据不处理
264
+ encryptedOpts.body = opts.body;
114
265
  }
115
- encryptedOpts.body = formData;
116
- } else if (opts.body) {
117
- // 文本加密
118
- encryptedOpts.body = encryptedStr(opts.body, type);
119
266
  }
120
267
 
121
268
  return [encryptedUrl, encryptedOpts];
@@ -0,0 +1,21 @@
1
+ /* eslint-disable no-restricted-properties */
2
+
3
+ /**
4
+ * 生成随机整数
5
+ * @param numDigits 随机数位数
6
+ * @returns 随机数
7
+ */
8
+
9
+ function generateRandomNumber(numDigits: number) {
10
+ // 确保输入的位数为正整数
11
+ const _numDigits = Math.floor(Math.abs(numDigits));
12
+
13
+ // 生成指定位数的最小值和最大值
14
+ const min = Math.pow(10, _numDigits - 1);
15
+ const max = Math.pow(10, _numDigits) - 1;
16
+
17
+ // 生成随机数并返回
18
+ return Math.floor(Math.random() * (max - min + 1)) + min;
19
+ }
20
+
21
+ export default generateRandomNumber;
@@ -0,0 +1,22 @@
1
+ import capabilities from '../clientCapabilities';
2
+
3
+ const storageUtil = {
4
+ /**
5
+ * 获取本地存储数据
6
+ * @param key 数据key
7
+ * @returns string 存储的数据值
8
+ */
9
+ get: (key: string): string => {
10
+ if (capabilities.localStorage) {
11
+ const v = localStorage.getItem(key);
12
+ return v === null ? '' : v;
13
+ }
14
+ if (capabilities.wxStorage) {
15
+ const v = wx.getStorageSync(key);
16
+ return typeof v === 'object' ? JSON.stringify(v) : String(v);
17
+ }
18
+ return '';
19
+ },
20
+ };
21
+
22
+ export default storageUtil;
@@ -5,15 +5,20 @@
5
5
  */
6
6
  export const obj2QueryString = (params: any) => {
7
7
  const queryString = Object.keys(params)
8
- .map(
9
- (key) => `${encodeURIComponent(key)}=${encodeURIComponent(params[key])}`,
10
- )
8
+ .map((key) => {
9
+ if (typeof params[key] === 'object') {
10
+ return `${encodeURIComponent(key)}=${encodeURIComponent(
11
+ JSON.stringify(params[key]),
12
+ )}`;
13
+ }
14
+ return `${encodeURIComponent(key)}=${encodeURIComponent(params[key])}`;
15
+ })
11
16
  .join('&');
12
17
  return queryString;
13
18
  };
14
19
 
15
20
  /**
16
- * 将url参数进行编码转换
21
+ * 将url参数进行编码转换(解码)
17
22
  * @param queryStr 待处理url参数
18
23
  * @returns
19
24
  */
@@ -45,7 +50,7 @@ export const getSearchObj = (url: string) => {
45
50
 
46
51
  /**
47
52
  * 移除URL指定参数
48
- * @param url url地址
53
+ * @param url 待处理的url地址
49
54
  * @param paramsToRemove 需要移除的参数列表
50
55
  * @returns 处理后的url
51
56
  */
@@ -76,3 +81,23 @@ export const removeURLParameters = (
76
81
 
77
82
  return result;
78
83
  };
84
+
85
+ /**
86
+ * 往url地址添加参数
87
+ * @param url 待处理的url地址
88
+ * @param params 待添加的参数数据
89
+ */
90
+ export const addUrlParameters = (
91
+ url: string,
92
+ params: Record<any, any>,
93
+ ): string => {
94
+ const paramsString = Object.keys(params)
95
+ .map((key) => {
96
+ if (typeof params[key] === 'object') {
97
+ return `${key}=${JSON.stringify(params[key])}`;
98
+ }
99
+ return `${key}=${params[key]}`;
100
+ })
101
+ .join('&');
102
+ return url + (url.indexOf('?') !== -1 ? '&' : '?') + paramsString;
103
+ };
@@ -0,0 +1,51 @@
1
+ /**
2
+ * getSceneCode.js
3
+ * params: 弹窗配置参数
4
+ * sceneCode: 组件直接传入的 sceneCode
5
+ * urlParam:url 参数
6
+ * pageData:页面数据中配置的参数
7
+ * modalInstId:弹窗实例 id,用于区分是一个弹窗实例,还是一个页面
8
+ */
9
+
10
+ type getSceneCodeFn = (options: {
11
+ params?: {
12
+ sceneCode?: string;
13
+ };
14
+ sceneCode?: string;
15
+ urlParam?: {
16
+ sceneCode?: string;
17
+ };
18
+ pageData?: {
19
+ chooseSceneObjec?: {
20
+ sceneCode?: string;
21
+ };
22
+ };
23
+ modalInstId?: number | string;
24
+ }) => string;
25
+
26
+ const getSceneCode: getSceneCodeFn = (options) => {
27
+ const {
28
+ params: modalParams,
29
+ sceneCode: propsSceneCode,
30
+ urlParam,
31
+ pageData,
32
+ modalInstId,
33
+ } = options;
34
+ let newSceneCode = '';
35
+ if (modalInstId) {
36
+ newSceneCode =
37
+ modalParams?.sceneCode ||
38
+ propsSceneCode ||
39
+ pageData?.chooseSceneObjec?.sceneCode ||
40
+ '';
41
+ } else {
42
+ newSceneCode =
43
+ urlParam?.sceneCode ||
44
+ propsSceneCode ||
45
+ pageData?.chooseSceneObjec?.sceneCode ||
46
+ '';
47
+ }
48
+ return newSceneCode || '';
49
+ };
50
+
51
+ export default getSceneCode;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lingxiteam/ebe-utils",
3
- "version": "0.0.33",
3
+ "version": "0.0.37",
4
4
  "description": "",
5
5
  "keywords": [],
6
6
  "author": "",
@@ -19,7 +19,7 @@
19
19
  "@babel/types": "^7.12.12",
20
20
  "cac": "^6.7.14",
21
21
  "fs-extra": "9.x",
22
- "@lingxiteam/ebe": "0.0.33"
22
+ "@lingxiteam/ebe": "0.0.37"
23
23
  },
24
24
  "publishConfig": {
25
25
  "access": "public"