npm - @lobehub/chat - Versions diffs - 1.105.1 → 1.105.2 - Mend

@lobehub/chat 1.105.1 → 1.105.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/CHANGELOG.md +35 -0
package/changelog/v1.json +9 -0
package/locales/ar/auth.json +54 -0
package/locales/bg-BG/auth.json +54 -0
package/locales/de-DE/auth.json +54 -0
package/locales/en-US/auth.json +54 -0
package/locales/es-ES/auth.json +54 -0
package/locales/fa-IR/auth.json +54 -0
package/locales/fr-FR/auth.json +54 -0
package/locales/it-IT/auth.json +54 -0
package/locales/ja-JP/auth.json +54 -0
package/locales/ko-KR/auth.json +54 -0
package/locales/nl-NL/auth.json +54 -0
package/locales/pl-PL/auth.json +54 -0
package/locales/pt-BR/auth.json +54 -0
package/locales/ru-RU/auth.json +54 -0
package/locales/tr-TR/auth.json +54 -0
package/locales/vi-VN/auth.json +54 -0
package/locales/zh-CN/auth.json +54 -0
package/locales/zh-TW/auth.json +54 -0
package/package.json +2 -2
package/src/app/(backend)/middleware/auth/index.test.ts +5 -5
package/src/app/(backend)/middleware/auth/index.ts +6 -6
package/src/app/(backend)/webapi/chat/[provider]/route.test.ts +11 -9
package/src/app/(backend)/webapi/plugin/gateway/route.ts +2 -2
package/src/app/sitemap.tsx +1 -10
package/src/config/aiModels/giteeai.ts +269 -2
package/src/config/aiModels/siliconcloud.ts +24 -2
package/src/config/aiModels/stepfun.ts +67 -2
package/src/config/aiModels/volcengine.ts +56 -2
package/src/config/aiModels/wenxin.ts +62 -2
package/src/config/aiModels/xai.ts +19 -2
package/src/const/auth.ts +2 -3
package/src/libs/model-runtime/ModelRuntime.test.ts +3 -3
package/src/libs/trpc/async/context.ts +3 -3
package/src/libs/trpc/edge/context.ts +7 -2
package/src/libs/trpc/edge/middleware/jwtPayload.test.ts +4 -4
package/src/libs/trpc/edge/middleware/jwtPayload.ts +2 -2
package/src/libs/trpc/lambda/context.ts +2 -2
package/src/libs/trpc/lambda/middleware/keyVaults.ts +2 -2
package/src/server/modules/AgentRuntime/index.test.ts +28 -25
package/src/server/modules/AgentRuntime/index.ts +3 -3
package/src/server/routers/async/caller.ts +2 -2
package/src/server/routers/lambda/market/index.ts +0 -14
package/src/server/routers/tools/search.test.ts +2 -2
package/src/server/services/chunk/index.ts +3 -3
package/src/server/services/discover/index.ts +0 -13
package/src/server/sitemap.test.ts +0 -52
package/src/server/sitemap.ts +1 -38
package/src/services/_auth.ts +3 -3
package/src/services/discover.ts +0 -4
package/src/store/discover/slices/mcp/action.ts +0 -8
package/src/utils/client/xor-obfuscation.test.ts +370 -0
package/src/utils/client/xor-obfuscation.ts +39 -0
package/src/utils/server/xor.test.ts +123 -0
package/src/utils/server/xor.ts +42 -0
package/src/utils/jwt.test.ts +0 -27
package/src/utils/jwt.ts +0 -37
package/src/utils/server/jwt.test.ts +0 -62
package/src/utils/server/jwt.ts +0 -28

package/src/server/sitemap.test.ts CHANGED Viewed

@@ -13,7 +13,6 @@ describe('Sitemap', () => {
       // Mock the page count methods to return specific values for testing
       vi.spyOn(sitemap, 'getPluginPageCount').mockResolvedValue(2);
       vi.spyOn(sitemap, 'getAssistantPageCount').mockResolvedValue(3);
-      vi.spyOn(sitemap, 'getMcpPageCount').mockResolvedValue(1);
       vi.spyOn(sitemap, 'getModelPageCount').mockResolvedValue(2);
       const index = await sitemap.getIndex();
@@ -31,7 +30,6 @@ describe('Sitemap', () => {
       expect(index).toContain(`<loc>${getCanonicalUrl('/sitemap/assistants-1.xml')}</loc>`);
       expect(index).toContain(`<loc>${getCanonicalUrl('/sitemap/assistants-2.xml')}</loc>`);
       expect(index).toContain(`<loc>${getCanonicalUrl('/sitemap/assistants-3.xml')}</loc>`);
-      expect(index).toContain(`<loc>${getCanonicalUrl('/sitemap/mcp-1.xml')}</loc>`);
       expect(index).toContain(`<loc>${getCanonicalUrl('/sitemap/models-1.xml')}</loc>`);
       expect(index).toContain(`<loc>${getCanonicalUrl('/sitemap/models-2.xml')}</loc>`);
@@ -218,46 +216,6 @@ describe('Sitemap', () => {
     });
   });
-  describe('getMcp', () => {
-    it('should return a valid mcp sitemap without pagination', async () => {
-      vi.spyOn(sitemap['discoverService'], 'getMcpIdentifiers').mockResolvedValue([
-        // @ts-ignore
-        { identifier: 'test-mcp', lastModified: '2023-01-01' },
-      ]);
-      const mcpSitemap = await sitemap.getMcp();
-      expect(mcpSitemap.length).toBe(15);
-      expect(mcpSitemap).toContainEqual(
-        expect.objectContaining({
-          url: getCanonicalUrl('/discover/mcp/test-mcp'),
-          lastModified: '2023-01-01T00:00:00.000Z',
-        }),
-      );
-      expect(mcpSitemap).toContainEqual(
-        expect.objectContaining({
-          url: getCanonicalUrl('/discover/mcp/test-mcp?hl=zh-CN'),
-          lastModified: '2023-01-01T00:00:00.000Z',
-        }),
-      );
-    });
-    it('should return a valid mcp sitemap with pagination', async () => {
-      const mockMcps = Array.from({ length: 80 }, (_, i) => ({
-        identifier: `test-mcp-${i}`,
-        lastModified: '2023-01-01',
-      }));
-      vi.spyOn(sitemap['discoverService'], 'getMcpIdentifiers').mockResolvedValue(
-        // @ts-ignore
-        mockMcps,
-      );
-      // Test first page (should have 80 items, all on first page)
-      const firstPageSitemap = await sitemap.getMcp(1);
-      expect(firstPageSitemap.length).toBe(80 * 15); // 80 items * 15 locales
-    });
-  });
   describe('getProviders', () => {
     it('should return a valid providers sitemap', async () => {
       vi.spyOn(sitemap['discoverService'], 'getProviderIdentifiers').mockResolvedValue([
@@ -303,16 +261,6 @@ describe('Sitemap', () => {
       expect(pageCount).toBe(3); // 250 items / 100 per page = ceil(2.5) = 3 pages
     });
-    it('should return correct mcp page count', async () => {
-      vi.spyOn(sitemap['discoverService'], 'getMcpIdentifiers').mockResolvedValue(
-        // @ts-ignore
-        Array.from({ length: 50 }, (_, i) => ({ identifier: `mcp-${i}` })),
-      );
-      const pageCount = await sitemap.getMcpPageCount();
-      expect(pageCount).toBe(1); // 50 items / 100 per page = 1 page
-    });
     it('should return correct model page count', async () => {
       vi.spyOn(sitemap['discoverService'], 'getModelIdentifiers').mockResolvedValue(
         // @ts-ignore

package/src/server/sitemap.ts CHANGED Viewed

@@ -52,12 +52,6 @@ export class Sitemap {
     return Math.ceil(list.length / ITEMS_PER_PAGE);
   }
-  // 获取MCP总页数
-  async getMcpPageCount(): Promise<number> {
-    const list = await this.discoverService.getMcpIdentifiers();
-    return Math.ceil(list.length / ITEMS_PER_PAGE);
-  }
   // 获取模型总页数
   async getModelPageCount(): Promise<number> {
     const list = await this.discoverService.getModelIdentifiers();
@@ -171,10 +165,9 @@ export class Sitemap {
     );
     // 获取需要分页的类型的页数
-    const [pluginPages, assistantPages, mcpPages, modelPages] = await Promise.all([
+    const [pluginPages, assistantPages, modelPages] = await Promise.all([
       this.getPluginPageCount(),
       this.getAssistantPageCount(),
-      this.getMcpPageCount(),
       this.getModelPageCount(),
     ]);
@@ -193,11 +186,6 @@ export class Sitemap {
           ),
         ),
       ),
-      ...Array.from({ length: mcpPages }, (_, i) =>
-        this._generateSitemapLink(
-          getCanonicalUrl(SITEMAP_BASE_URL, isDev ? `mcp-${i + 1}` : `mcp-${i + 1}.xml`),
-        ),
-      ),
       ...Array.from({ length: modelPages }, (_, i) =>
         this._generateSitemapLink(
           getCanonicalUrl(SITEMAP_BASE_URL, isDev ? `models-${i + 1}` : `models-${i + 1}.xml`),
@@ -239,31 +227,6 @@ export class Sitemap {
     return flatten(sitmap);
   }
-  async getMcp(page?: number): Promise<MetadataRoute.Sitemap> {
-    const list = await this.discoverService.getMcpIdentifiers();
-    if (page !== undefined) {
-      const startIndex = (page - 1) * ITEMS_PER_PAGE;
-      const endIndex = startIndex + ITEMS_PER_PAGE;
-      const pageMcps = list.slice(startIndex, endIndex);
-      const sitmap = pageMcps.map((item) =>
-        this._genSitemap(urlJoin('/discover/mcp', item.identifier), {
-          lastModified: item?.lastModified || LAST_MODIFIED,
-        }),
-      );
-      return flatten(sitmap);
-    }
-    // 如果没有指定页数，返回所有（向后兼容）
-    const sitmap = list.map((item) =>
-      this._genSitemap(urlJoin('/discover/mcp', item.identifier), {
-        lastModified: item?.lastModified || LAST_MODIFIED,
-      }),
-    );
-    return flatten(sitmap);
-  }
   async getPlugins(page?: number): Promise<MetadataRoute.Sitemap> {
     const list = await this.discoverService.getPluginIdentifiers();

package/src/services/_auth.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { JWTPayload, LOBE_CHAT_AUTH_HEADER } from '@/const/auth';
+import { ClientSecretPayload, LOBE_CHAT_AUTH_HEADER } from '@/const/auth';
 import { isDeprecatedEdition } from '@/const/version';
 import { ModelProvider } from '@/libs/model-runtime';
 import { aiProviderSelectors, useAiInfraStore } from '@/store/aiInfra';
@@ -10,7 +10,7 @@ import {
   CloudflareKeyVault,
   OpenAICompatibleKeyVault,
 } from '@/types/user/settings';
-import { createJWT } from '@/utils/jwt';
+import { obfuscatePayloadWithXOR } from '@/utils/client/xor-obfuscation';
 export const getProviderAuthPayload = (
   provider: string,
@@ -80,7 +80,7 @@ const createAuthTokenWithPayload = async (payload = {}) => {
   const accessCode = keyVaultsConfigSelectors.password(useUserStore.getState());
   const userId = userProfileSelectors.userId(useUserStore.getState());
-  return createJWT<JWTPayload>({ accessCode, userId, ...payload });
+  return obfuscatePayloadWithXOR<ClientSecretPayload>({ accessCode, userId, ...payload });
 };
 interface AuthParams {

package/src/services/discover.ts CHANGED Viewed

@@ -83,10 +83,6 @@ class DiscoverService {
     });
   };
-  getMcpIdentifiers = async (): Promise<IdentifiersResponse> => {
-    return lambdaClient.market.getMcpIdentifiers.query();
-  };
   getMcpList = async (params: McpQueryParams = {}): Promise<McpListResponse> => {
     const locale = globalHelpers.getCurrentLanguage();
     return lambdaClient.market.getMcpList.query({

package/src/store/discover/slices/mcp/action.ts CHANGED Viewed

@@ -8,7 +8,6 @@ import { DiscoverStore } from '@/store/discover';
 import { globalHelpers } from '@/store/global/helpers';
 import {
   DiscoverMcpDetail,
-  IdentifiersResponse,
   McpListResponse,
   McpQueryParams,
 } from '@/types/discover';
@@ -20,7 +19,6 @@ export interface MCPAction {
   }) => SWRResponse<DiscoverMcpDetail>;
   useFetchMcpList: (params: McpQueryParams) => SWRResponse<McpListResponse>;
   useMcpCategories: (params: CategoryListQuery) => SWRResponse<CategoryItem[]>;
-  useMcpIdentifiers: () => SWRResponse<IdentifiersResponse>;
 }
 export const createMCPSlice: StateCreator<
@@ -61,10 +59,4 @@ export const createMCPSlice: StateCreator<
       },
     );
   },
-  useMcpIdentifiers: () => {
-    return useClientDataSWR('mcp-identifiers', async () => discoverService.getMcpIdentifiers(), {
-      revalidateOnFocus: false,
-    });
-  },
 });

package/src/utils/client/xor-obfuscation.test.ts ADDED Viewed

@@ -0,0 +1,370 @@
+import { describe, expect, it } from 'vitest';
+import { SECRET_XOR_KEY } from '@/const/auth';
+import { obfuscatePayloadWithXOR } from './xor-obfuscation';
+describe('xor-obfuscation', () => {
+  describe('obfuscatePayloadWithXOR', () => {
+    it('应该对简单字符串进行混淆并返回Base64字符串', () => {
+      const payload = 'hello world';
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+      // 验证结果长度大于0
+      expect(result.length).toBeGreaterThan(0);
+    });
+    it('应该对JSON对象进行混淆', () => {
+      const payload = { name: 'test', value: 123, active: true };
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该对数组进行混淆', () => {
+      const payload = [1, 2, 3, 'test', { nested: true }];
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该对复杂嵌套对象进行混淆', () => {
+      const payload = {
+        user: {
+          id: 123,
+          profile: {
+            name: 'John Doe',
+            settings: {
+              theme: 'dark',
+              notifications: true,
+              preferences: ['email', 'sms'],
+            },
+          },
+        },
+        tokens: ['abc123', 'def456'],
+        metadata: null,
+      };
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('相同的输入应该产生相同的输出', () => {
+      const payload = { test: 'consistent' };
+      const result1 = obfuscatePayloadWithXOR(payload);
+      const result2 = obfuscatePayloadWithXOR(payload);
+      expect(result1).toBe(result2);
+    });
+    it('不同的输入应该产生不同的输出', () => {
+      const payload1 = { test: 'value1' };
+      const payload2 = { test: 'value2' };
+      const result1 = obfuscatePayloadWithXOR(payload1);
+      const result2 = obfuscatePayloadWithXOR(payload2);
+      expect(result1).not.toBe(result2);
+    });
+    it('应该处理包含特殊字符的字符串', () => {
+      const payload = 'Hello! @#$%^&*()_+-=[]{}|;:,.<>?/~`"\'\\';
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该处理包含Unicode字符的字符串', () => {
+      const payload = '你好世界 🌍 émojis 日本語 한국어';
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该处理空字符串', () => {
+      const payload = '';
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该处理空对象', () => {
+      const payload = {};
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该处理空数组', () => {
+      const result = obfuscatePayloadWithXOR([]);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该处理null值', () => {
+      const payload = null;
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该处理数字', () => {
+      const payload = 42;
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该处理布尔值', () => {
+      const payloadTrue = true;
+      const payloadFalse = false;
+      const resultTrue = obfuscatePayloadWithXOR(payloadTrue);
+      const resultFalse = obfuscatePayloadWithXOR(payloadFalse);
+      // 验证返回值是字符串
+      expect(typeof resultTrue).toBe('string');
+      expect(typeof resultFalse).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(resultTrue)).not.toThrow();
+      expect(() => atob(resultFalse)).not.toThrow();
+      // 验证不同布尔值产生不同结果
+      expect(resultTrue).not.toBe(resultFalse);
+    });
+    it('应该处理包含特殊JSON字符的对象', () => {
+      const payload = {
+        quotes: '"double quotes"',
+        singleQuotes: "'single quotes'",
+        backslash: 'back\\slash',
+        newline: 'line1\nline2',
+        tab: 'col1\tcol2',
+        unicode: '\u0041\u0042\u0043',
+      };
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该处理很长的字符串', () => {
+      const payload = 'a'.repeat(10000);
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+      // 验证结果长度合理（Base64编码后长度应该大约是原始长度的4/3）
+      expect(result.length).toBeGreaterThan(0);
+    });
+    it('应该产生不同长度输入的不同输出长度', () => {
+      const shortPayload = 'short';
+      const longPayload = 'this is a much longer string that should produce different output';
+      const shortResult = obfuscatePayloadWithXOR(shortPayload);
+      const longResult = obfuscatePayloadWithXOR(longPayload);
+      // 较长的输入应该产生较长的输出
+      expect(longResult.length).toBeGreaterThan(shortResult.length);
+    });
+    it('应该验证输出是有效的Base64格式', () => {
+      const payload = { test: 'base64 validation' };
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证Base64格式的正则表达式
+      const base64Regex = /^[A-Za-z0-9+/]*={0,2}$/;
+      expect(base64Regex.test(result)).toBe(true);
+    });
+    it('应该处理包含循环引用的对象（通过JSON.stringify处理）', () => {
+      // JSON.stringify 会抛出错误处理循环引用，但我们测试正常情况
+      const payload = {
+        id: 1,
+        name: 'test',
+        nested: {
+          back: 'reference',
+        },
+      };
+      const result = obfuscatePayloadWithXOR(payload);
+      expect(typeof result).toBe('string');
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该对undefined值进行处理', () => {
+      const payload = undefined;
+      const result = obfuscatePayloadWithXOR(payload);
+      // 验证返回值是字符串
+      expect(typeof result).toBe('string');
+      // 验证返回值是有效的Base64字符串
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该对包含函数的对象进行处理（函数会被JSON.stringify忽略）', () => {
+      const payload = {
+        name: 'test',
+        fn: function () {
+          return 'test';
+        },
+        arrow: () => 'arrow',
+        value: 123,
+      };
+      const result = obfuscatePayloadWithXOR(payload);
+      expect(typeof result).toBe('string');
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该确保XOR操作的确定性', () => {
+      const payload = 'deterministic test';
+      const results: any[] = [];
+      // 多次运行相同输入
+      for (let i = 0; i < 10; i++) {
+        results.push(obfuscatePayloadWithXOR(payload));
+      }
+      // 所有结果应该相同
+      expect(results.every((result) => result === results[0])).toBe(true);
+    });
+    it('应该处理包含日期对象的数据', () => {
+      const payload = {
+        timestamp: new Date('2024-01-01T00:00:00Z'),
+        created: new Date(),
+        name: 'date test',
+      };
+      const result = obfuscatePayloadWithXOR(payload);
+      expect(typeof result).toBe('string');
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该处理包含Symbol的对象（Symbol会被JSON.stringify忽略）', () => {
+      const sym = Symbol('test');
+      const payload = {
+        name: 'symbol test',
+        [sym]: 'symbol value',
+        normalKey: 'normal value',
+      };
+      const result = obfuscatePayloadWithXOR(payload);
+      expect(typeof result).toBe('string');
+      expect(() => atob(result)).not.toThrow();
+    });
+    it('应该验证混淆后的数据长度合理性', () => {
+      const originalPayload = { test: 'length check' };
+      const originalJSON = JSON.stringify(originalPayload);
+      const result = obfuscatePayloadWithXOR(originalPayload);
+      // Base64 编码后的长度通常是原始长度的 4/3 倍（向上取整到4的倍数）
+      const expectedMinLength = Math.ceil((originalJSON.length * 4) / 3 / 4) * 4;
+      expect(result.length).toBeGreaterThanOrEqual(expectedMinLength - 4); // 允许一些误差
+    });
+    it('应该验证XOR操作的正确性（通过逆向操作）', () => {
+      const originalPayload = { message: 'XOR test', value: 42 };
+      const obfuscatedResult = obfuscatePayloadWithXOR(originalPayload);
+      // 手动实现逆向操作来验证 XOR 操作的正确性
+      const base64Decoded = atob(obfuscatedResult);
+      const xoredBytes = new Uint8Array(base64Decoded.length);
+      for (let i = 0; i < base64Decoded.length; i++) {
+        xoredBytes[i] = base64Decoded.charCodeAt(i);
+      }
+      // 使用相同的密钥进行逆向 XOR 操作
+      const keyBytes = new TextEncoder().encode(SECRET_XOR_KEY);
+      const decodedBytes = new Uint8Array(xoredBytes.length);
+      for (let i = 0; i < xoredBytes.length; i++) {
+        decodedBytes[i] = xoredBytes[i] ^ keyBytes[i % keyBytes.length];
+      }
+      // 将结果转换回字符串
+      const decodedString = new TextDecoder().decode(decodedBytes);
+      const decodedPayload = JSON.parse(decodedString);
+      // 验证解码后的数据与原始数据相同
+      expect(decodedPayload).toEqual(originalPayload);
+    });
+    it('应该验证不同输入产生不同的Base64输出', () => {
+      const payloads = [
+        'test1',
+        'test2',
+        { key: 'value1' },
+        { key: 'value2' },
+        [1, 2, 3],
+        [4, 5, 6],
+      ];
+      const results = payloads.map((payload) => obfuscatePayloadWithXOR(payload));
+      // 验证所有结果都不相同
+      for (let i = 0; i < results.length; i++) {
+        for (let j = i + 1; j < results.length; j++) {
+          expect(results[i]).not.toBe(results[j]);
+        }
+      }
+    });
+  });
+});

package/src/utils/client/xor-obfuscation.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { SECRET_XOR_KEY } from '@/const/auth';
+/**
+ * 将字符串转换为 Uint8Array (UTF-8 编码)
+ */
+const stringToUint8Array = (str: string): Uint8Array => {
+  return new TextEncoder().encode(str);
+};
+/**
+ * 对 Uint8Array 进行 XOR 运算
+ * @param data 要处理的 Uint8Array
+ * @param key 用于 XOR 的密钥 (Uint8Array)
+ * @returns 经过 XOR 运算的 Uint8Array
+ */
+const xorProcess = (data: Uint8Array, key: Uint8Array): Uint8Array => {
+  const result = new Uint8Array(data.length);
+  for (const [i, datum] of data.entries()) {
+    result[i] = datum ^ key[i % key.length]; // 密钥循环使用
+  }
+  return result;
+};
+/**
+ * 对 payload 进行 XOR 混淆并 Base64 编码
+ * @param payload 要混淆的 JSON 对象
+ * @returns Base64 编码后的混淆字符串
+ */
+export const obfuscatePayloadWithXOR = <T>(payload: T): string => {
+  const jsonString = JSON.stringify(payload);
+  const dataBytes = stringToUint8Array(jsonString);
+  const keyBytes = stringToUint8Array(SECRET_XOR_KEY);
+  const xoredBytes = xorProcess(dataBytes, keyBytes);
+  // 将 Uint8Array 转换为 Base64 字符串
+  // 浏览器环境 btoa 只能处理 Latin-1 字符，所以需要先转换为适合 btoa 的字符串
+  return btoa(String.fromCharCode(...xoredBytes));
+};