@pengzi/kms 1.0.0

package/dist/client.js

@@ -0,0 +1,266 @@
+"use strict";
+/**
+ * KMS客户端主类
+ * 对外API接口
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KMSClient = void 0;
+const mongodb_1 = require("mongodb");
+const crypto_service_1 = require("./core/crypto.service");
+const project_repository_1 = require("./repositories/project.repository");
+const key_repository_1 = require("./repositories/key.repository");
+const user_repository_1 = require("./repositories/user.repository");
+const audit_repository_1 = require("./repositories/audit.repository");
+const project_service_1 = require("./services/project.service");
+const key_service_1 = require("./services/key.service");
+const auth_service_1 = require("./services/auth.service");
+const permission_service_1 = require("./services/permission.service");
+const audit_service_1 = require("./services/audit.service");
+const error_handler_1 = require("./utils/error-handler");
+const asymmetric_crypto_1 = require("./core/asymmetric-crypto");
+/**
+ * KMS客户端类
+ */
+class KMSClient {
+    options;
+    mongoClient;
+    db;
+    cryptoService;
+    projectRepo;
+    keyRepo;
+    userRepo;
+    auditRepo;
+    projectService;
+    keyService;
+    authService;
+    permissionService;
+    auditService;
+    connected = false;
+    currentUserId = null;
+    constructor(options) {
+        this.options = options;
+        const connectionString = this.resolveConnectionString(options);
+        this.mongoClient = new mongodb_1.MongoClient(connectionString, {
+            connectTimeoutMS: this.options.connectionOptions?.connectTimeoutMS || 10000,
+            socketTimeoutMS: this.options.connectionOptions?.socketTimeoutMS || 30000,
+            serverSelectionTimeoutMS: this.options.connectionOptions?.serverSelectionTimeoutMS || 10000,
+            maxPoolSize: this.options.connectionOptions?.maxPoolSize || 10,
+            minPoolSize: this.options.connectionOptions?.minPoolSize || 0,
+        });
+    }
+    /**
+     * 解析连接字符串（支持加密配置）
+     */
+    resolveConnectionString(options) {
+        // 如果是加密配置，先解密
+        if ('encryptedConnectionString' in options) {
+            const encrypted = JSON.parse(options.encryptedConnectionString);
+            const privateKey = options.privateKey || process.env.KMS_PRIVATE_KEY;
+            if (!privateKey) {
+                throw (0, error_handler_1.createKMSError)(error_handler_1.ErrorCode.CONNECTION_FAILED, 'Private key is required for encrypted connection string. Set KMS_PRIVATE_KEY environment variable or pass privateKey option.');
+            }
+            const passphrase = options.privateKeyPassphrase || process.env.KMS_PRIVATE_KEY_PASSPHRASE;
+            return (0, asymmetric_crypto_1.parseEncryptedConnectionStringConfig)({ encryptedConnectionString: options.encryptedConnectionString }, privateKey, passphrase);
+        }
+        // 普通配置直接返回连接字符串
+        return options.connectionString;
+    }
+    /**
+     * 连接到数据库
+     */
+    async connect() {
+        if (this.connected) {
+            return;
+        }
+        try {
+            await this.mongoClient.connect();
+            this.db = this.mongoClient.db(this.options.databaseName);
+            this.connected = true;
+            // 初始化服务和仓储
+            this.initializeServices();
+            // 创建索引
+            await this.initializeIndexes();
+        }
+        catch (error) {
+            throw (0, error_handler_1.createKMSError)(error_handler_1.ErrorCode.CONNECTION_FAILED, error instanceof Error ? error.message : 'Failed to connect to database');
+        }
+    }
+    /**
+     * 断开数据库连接
+     */
+    async disconnect() {
+        if (this.connected) {
+            await this.mongoClient.close();
+            this.connected = false;
+        }
+    }
+    /**
+     * 初始化服务
+     */
+    initializeServices() {
+        this.cryptoService = new crypto_service_1.CryptoService();
+        this.projectRepo = new project_repository_1.ProjectRepository(this.db);
+        this.keyRepo = new key_repository_1.KeyRepository(this.db);
+        this.userRepo = new user_repository_1.UserRepository(this.db);
+        this.auditRepo = new audit_repository_1.AuditRepository(this.db);
+        this.auditService = new audit_service_1.AuditService(this.auditRepo);
+        this.permissionService = new permission_service_1.PermissionService(this.userRepo, this.auditService);
+        this.projectService = new project_service_1.ProjectService(this.projectRepo, this.userRepo, this.auditService, this.cryptoService);
+        this.authService = new auth_service_1.AuthService(this.userRepo, this.auditService);
+        this.keyService = new key_service_1.KeyService(this.keyRepo, this.auditService, this.permissionService, this.cryptoService);
+    }
+    /**
+     * 初始化数据库索引
+     */
+    async initializeIndexes() {
+        // 索引在Repository的构造函数中自动创建
+    }
+    /**
+     * 设置当前用户（用于权限验证）
+     */
+    setCurrentUser(userId) {
+        this.currentUserId = userId;
+    }
+    /**
+     * 获取当前用户ID
+     */
+    getCurrentUserId() {
+        if (!this.currentUserId) {
+            throw (0, error_handler_1.createKMSError)(error_handler_1.ErrorCode.AUTHENTICATION_FAILED, 'No user context set');
+        }
+        return this.currentUserId;
+    }
+    // ============ 项目管理 ============
+    /**
+     * 创建项目
+     */
+    async createProject(projectName, masterPassword, metadata) {
+        await this.ensureConnected();
+        const userId = this.getCurrentUserId();
+        return await this.projectService.createProject({ projectName, masterPassword, metadata }, userId);
+    }
+    /**
+     * 获取项目
+     */
+    async getProject(projectId) {
+        await this.ensureConnected();
+        return await this.projectService.getProject(projectId);
+    }
+    /**
+     * 列出所有项目
+     */
+    async listProjects() {
+        await this.ensureConnected();
+        return await this.projectService.listProjects();
+    }
+    /**
+     * 删除项目
+     */
+    async deleteProject(projectId) {
+        await this.ensureConnected();
+        const userId = this.getCurrentUserId();
+        await this.projectService.deleteProject(projectId, userId);
+    }
+    // ============ 密钥管理 ============
+    /**
+     * 创建密钥
+     */
+    async createKey(projectId, masterPassword, keyData) {
+        await this.ensureConnected();
+        const userId = this.getCurrentUserId();
+        return await this.keyService.createKey(projectId, userId, masterPassword, keyData);
+    }
+    /**
+     * 获取密钥（解密）
+     */
+    async getKey(projectId, masterPassword, keyId) {
+        await this.ensureConnected();
+        const userId = this.getCurrentUserId();
+        return await this.keyService.getKey(projectId, userId, masterPassword, keyId);
+    }
+    /**
+     * 列出密钥
+     */
+    async listKeys(projectId, filters, options) {
+        await this.ensureConnected();
+        const userId = this.getCurrentUserId();
+        return await this.keyService.listKeys(projectId, userId, filters, options);
+    }
+    /**
+     * 更新密钥
+     */
+    async updateKey(projectId, masterPassword, keyId, updates) {
+        await this.ensureConnected();
+        const userId = this.getCurrentUserId();
+        return await this.keyService.updateKey(projectId, userId, masterPassword, keyId, updates);
+    }
+    /**
+     * 删除密钥
+     */
+    async deleteKey(projectId, keyId) {
+        await this.ensureConnected();
+        const userId = this.getCurrentUserId();
+        await this.keyService.deleteKey(projectId, userId, keyId);
+    }
+    // ============ 用户管理 ============
+    /**
+     * 创建用户
+     */
+    async createUser(projectId, userData) {
+        await this.ensureConnected();
+        const userId = this.getCurrentUserId();
+        return await this.authService.createUser(projectId, userId, userData);
+    }
+    /**
+     * 用户登录
+     */
+    async login(projectId, username, password) {
+        await this.ensureConnected();
+        const result = await this.authService.login(projectId, { username, password });
+        if (result.success && result.user) {
+            this.setCurrentUser(result.user.userId);
+        }
+        return result.success;
+    }
+    /**
+     * 授予角色
+     */
+    async grantRole(projectId, userId, role) {
+        await this.ensureConnected();
+        const currentUserId = this.getCurrentUserId();
+        await this.permissionService.grantRole(projectId, currentUserId, userId, role);
+    }
+    /**
+     * 撤销角色
+     */
+    async revokeRole(projectId, userId, role) {
+        await this.ensureConnected();
+        const currentUserId = this.getCurrentUserId();
+        await this.permissionService.revokeRole(projectId, currentUserId, userId, role);
+    }
+    // ============ 审计日志 ============
+    /**
+     * 获取审计日志
+     */
+    async getAuditLogs(projectId, query) {
+        await this.ensureConnected();
+        return await this.auditService.getAuditLogs(projectId, query);
+    }
+    /**
+     * 获取最近的审计日志
+     */
+    async getRecentLogs(projectId, limit = 100) {
+        await this.ensureConnected();
+        return await this.auditService.getRecentLogs(projectId, limit);
+    }
+    /**
+     * 确保已连接
+     */
+    async ensureConnected() {
+        if (!this.connected) {
+            throw (0, error_handler_1.createKMSError)(error_handler_1.ErrorCode.CONNECTION_FAILED, 'Client not connected. Call connect() first.');
+        }
+    }
+}
+exports.KMSClient = KMSClient;
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,qCAA0C;AAgB1C,0DAAsD;AACtD,0EAAsE;AACtE,kEAA8D;AAC9D,oEAAgE;AAChE,sEAAkE;AAClE,gEAA4D;AAC5D,wDAAoD;AACpD,0DAAsD;AACtD,sEAAkE;AAClE,4DAAwD;AAExD,yDAAkE;AAClE,gEAGkC;AAElC;;GAEG;AACH,MAAa,SAAS;IAgBA;IAfZ,WAAW,CAAc;IACzB,EAAE,CAAM;IACR,aAAa,CAAiB;IAC9B,WAAW,CAAqB;IAChC,OAAO,CAAiB;IACxB,QAAQ,CAAkB;IAC1B,SAAS,CAAmB;IAC5B,cAAc,CAAkB;IAChC,UAAU,CAAc;IACxB,WAAW,CAAe;IAC1B,iBAAiB,CAAqB;IACtC,YAAY,CAAgB;IAC5B,SAAS,GAAY,KAAK,CAAC;IAC3B,aAAa,GAAkB,IAAI,CAAC;IAE5C,YAAoB,OAAqD;QAArD,YAAO,GAAP,OAAO,CAA8C;QACvE,MAAM,gBAAgB,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QAC/D,IAAI,CAAC,WAAW,GAAG,IAAI,qBAAW,CAAC,gBAAgB,EAAE;YACnD,gBAAgB,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,gBAAgB,IAAI,KAAK;YAC3E,eAAe,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,eAAe,IAAI,KAAK;YACzE,wBAAwB,EACtB,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,wBAAwB,IAAI,KAAK;YACnE,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,WAAW,IAAI,EAAE;YAC9D,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,WAAW,IAAI,CAAC;SAC9D,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,OAAqD;QACnF,cAAc;QACd,IAAI,2BAA2B,IAAI,OAAO,EAAE,CAAC;YAC3C,MAAM,SAAS,GAA8B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;YAC3F,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;YACrE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAA,8BAAc,EAClB,yBAAS,CAAC,iBAAiB,EAC3B,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YACD,MAAM,UAAU,GAAG,OAAO,CAAC,oBAAoB,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;YAC1F,OAAO,IAAA,wDAAoC,EACzC,EAAE,yBAAyB,EAAE,OAAO,CAAC,yBAAyB,EAAE,EAChE,UAAU,EACV,UAAU,CACX,CAAC;QACJ,CAAC;QACD,gBAAgB;QAChB,OAAO,OAAO,CAAC,gBAAgB,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YACzD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;YAEtB,WAAW;YACX,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAE1B,OAAO;YACP,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,8BAAc,EAClB,yBAAS,CAAC,iBAAiB,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,+BAA+B,CACzE,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;YAC/B,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,kBAAkB;QACxB,IAAI,CAAC,aAAa,GAAG,IAAI,8BAAa,EAAE,CAAC;QACzC,IAAI,CAAC,WAAW,GAAG,IAAI,sCAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,IAAI,8BAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ,GAAG,IAAI,gCAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,kCAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,YAAY,GAAG,IAAI,4BAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrD,IAAI,CAAC,iBAAiB,GAAG,IAAI,sCAAiB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACjF,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CACtC,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,aAAa,CACnB,CAAC;QACF,IAAI,CAAC,WAAW,GAAG,IAAI,0BAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACrE,IAAI,CAAC,UAAU,GAAG,IAAI,wBAAU,CAC9B,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,aAAa,CACnB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB;QAC7B,0BAA0B;IAC5B,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAc;QAC3B,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;IAC9B,CAAC;IAED;;OAEG;IACK,gBAAgB;QACtB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAA,8BAAc,EAAC,yBAAS,CAAC,qBAAqB,EAAE,qBAAqB,CAAC,CAAC;QAC/E,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,iCAAiC;IAEjC;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,WAAmB,EACnB,cAAsB,EACtB,QAA8B;QAE9B,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvC,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAC5C,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,EACzC,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB;QACnC,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvC,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC7D,CAAC;IAED,iCAAiC;IAEjC;;OAEG;IACH,KAAK,CAAC,SAAS,CACb,SAAiB,EACjB,cAAsB,EACtB,OAAsB;QAEtB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;IACrF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,cAAsB,EACtB,KAAa;QAEb,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,CAAC,CAAC;IAChF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CACZ,SAAiB,EACjB,OAAoB,EACpB,OAA2C;QAE3C,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CACb,SAAiB,EACjB,cAAsB,EACtB,KAAa,EACb,OAAsB;QAEtB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IAC5F,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,SAAiB,EAAE,KAAa;QAC9C,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvC,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5D,CAAC;IAED,iCAAiC;IAEjC;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,SAAiB,EACjB,QAAwB;QAExB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvC,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,SAAiB,EAAE,QAAgB,EAAE,QAAgB;QAC/D,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QAE/E,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,MAAO,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,SAAiB,EAAE,MAAc,EAAE,IAAU;QAC3D,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IACjF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB,EAAE,MAAc,EAAE,IAAU;QAC5D,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,MAAM,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IAClF,CAAC;IAED,iCAAiC;IAEjC;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,SAAiB,EACjB,KAAiB;QAEjB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAChE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,QAAgB,GAAG;QACxD,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe;QAC3B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAA,8BAAc,EAAC,yBAAS,CAAC,iBAAiB,EAAE,6CAA6C,CAAC,CAAC;QACnG,CAAC;IACH,CAAC;CACF;AA5UD,8BA4UC"}

package/dist/config.d.ts

@@ -0,0 +1,20 @@
+/**
+ * 配置管理
+ */
+import { KMSClientOptions } from './types';
+/**
+ * 默认配置
+ */
+export declare const DEFAULT_CONFIG: Partial<KMSClientOptions>;
+/**
+ * 合并配置
+ */
+export declare function mergeConfig(userConfig: KMSClientOptions): KMSClientOptions;
+/**
+ * 验证配置
+ */
+export declare function validateConfig(config: KMSClientOptions): {
+    valid: boolean;
+    errors: string[];
+};
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAG3C;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,OAAO,CAAC,gBAAgB,CASpD,CAAC;AAEF;;GAEG;AACH,wBAAgB,WAAW,CAAC,UAAU,EAAE,gBAAgB,GAAG,gBAAgB,CAS1E;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,gBAAgB,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAmB7F"}

package/dist/config.js

@@ -0,0 +1,54 @@
+"use strict";
+/**
+ * 配置管理
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_CONFIG = void 0;
+exports.mergeConfig = mergeConfig;
+exports.validateConfig = validateConfig;
+/**
+ * 默认配置
+ */
+exports.DEFAULT_CONFIG = {
+    databaseName: 'kms',
+    connectionOptions: {
+        connectTimeoutMS: 10000,
+        socketTimeoutMS: 30000,
+        serverSelectionTimeoutMS: 10000,
+        maxPoolSize: 10,
+        minPoolSize: 0,
+    },
+};
+/**
+ * 合并配置
+ */
+function mergeConfig(userConfig) {
+    return {
+        ...exports.DEFAULT_CONFIG,
+        ...userConfig,
+        connectionOptions: {
+            ...exports.DEFAULT_CONFIG.connectionOptions,
+            ...userConfig.connectionOptions,
+        },
+    };
+}
+/**
+ * 验证配置
+ */
+function validateConfig(config) {
+    const errors = [];
+    if (!config.connectionString) {
+        errors.push('Connection string is required');
+    }
+    if (!config.databaseName) {
+        errors.push('Database name is required');
+    }
+    if (config.connectionString && !config.connectionString.startsWith('mongodb')) {
+        errors.push('Invalid connection string format');
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAsBH,kCASC;AAKD,wCAmBC;AAlDD;;GAEG;AACU,QAAA,cAAc,GAA8B;IACvD,YAAY,EAAE,KAAK;IACnB,iBAAiB,EAAE;QACjB,gBAAgB,EAAE,KAAK;QACvB,eAAe,EAAE,KAAK;QACtB,wBAAwB,EAAE,KAAK;QAC/B,WAAW,EAAE,EAAE;QACf,WAAW,EAAE,CAAC;KACf;CACF,CAAC;AAEF;;GAEG;AACH,SAAgB,WAAW,CAAC,UAA4B;IACtD,OAAO;QACL,GAAG,sBAAc;QACjB,GAAG,UAAU;QACb,iBAAiB,EAAE;YACjB,GAAG,sBAAc,CAAC,iBAAiB;YACnC,GAAG,UAAU,CAAC,iBAAiB;SAChC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAAwB;IACrD,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9E,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAClD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/core/asymmetric-crypto.d.ts

@@ -0,0 +1,81 @@
+/**
+ * 非对称加密服务
+ * 使用 RSA-OAEP 加密敏感数据（如数据库连接字符串）
+ * 特点：
+ * - 公钥加密，私钥解密
+ * - 即使加密数据泄露，没有私钥也无法解密
+ * - 私钥可以使用密码保护
+ */
+/**
+ * RSA 密钥对
+ */
+export interface RSAKeyPair {
+    publicKey: string;
+    privateKey: string;
+}
+/**
+ * 加密后的连接字符串
+ */
+export interface EncryptedConnectionString {
+    encrypted: string;
+    algorithm: string;
+    keyId?: string;
+}
+/**
+ * 生成 RSA 密钥对
+ * @param passphrase 私钥密码（可选，但强烈推荐）
+ * @returns RSA 密钥对
+ */
+export declare function generateRSAKeyPair(passphrase?: string): RSAKeyPair;
+/**
+ * 使用公钥加密连接字符串
+ * @param connectionString 明文连接字符串
+ * @param publicKeyPem PEM 格式公钥
+ * @returns 加密后的连接字符串
+ */
+export declare function encryptConnectionString(connectionString: string, publicKeyPem: string): EncryptedConnectionString;
+/**
+ * 使用私钥解密连接字符串
+ * @param encryptedData 加密的连接字符串
+ * @param privateKeyPem PEM 格式私钥
+ * @param passphrase 私钥密码（如果私钥有密码保护）
+ * @returns 明文连接字符串
+ */
+export declare function decryptConnectionString(encryptedData: EncryptedConnectionString, privateKeyPem: string, passphrase?: string): string;
+/**
+ * 从环境变量安全地获取私钥密码
+ * @returns 密码字符串
+ */
+export declare function getPrivateKeyPassphrase(): string | undefined;
+/**
+ * 验证 PEM 格式的密钥
+ * @param pem PEM 格式密钥
+ * @returns 是否有效
+ */
+export declare function isValidPEMKey(pem: string): boolean;
+/**
+ * 生成密钥 ID（用于密钥轮换）
+ * @returns 密钥 ID
+ */
+export declare function generateKeyId(): string;
+/**
+ * 创建加密的连接字符串配置对象
+ * @param connectionString 明文连接字符串
+ * @param publicKeyPem 公钥
+ * @param keyId 密钥标识（可选）
+ * @returns 加密配置
+ */
+export declare function createEncryptedConnectionStringConfig(connectionString: string, publicKeyPem: string, keyId?: string): {
+    encryptedConnectionString: string;
+};
+/**
+ * 从加密配置解析连接字符串
+ * @param config 配置对象
+ * @param privateKeyPem 私钥
+ * @param passphrase 私钥密码
+ * @returns 明文连接字符串
+ */
+export declare function parseEncryptedConnectionStringConfig(config: {
+    encryptedConnectionString: string;
+}, privateKeyPem: string, passphrase?: string): string;
+//# sourceMappingURL=asymmetric-crypto.d.ts.map

package/dist/core/asymmetric-crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"asymmetric-crypto.d.ts","sourceRoot":"","sources":["../../src/core/asymmetric-crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAsBD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,UAAU,CAsBlE;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,gBAAgB,EAAE,MAAM,EACxB,YAAY,EAAE,MAAM,GACnB,yBAAyB,CAoB3B;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,aAAa,EAAE,yBAAyB,EACxC,aAAa,EAAE,MAAM,EACrB,UAAU,CAAC,EAAE,MAAM,GAClB,MAAM,CAmBR;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,GAAG,SAAS,CAG5D;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAWlD;AAED;;;GAGG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAItC;AAED;;;;;;GAMG;AACH,wBAAgB,qCAAqC,CACnD,gBAAgB,EAAE,MAAM,EACxB,YAAY,EAAE,MAAM,EACpB,KAAK,CAAC,EAAE,MAAM,GACb;IAAE,yBAAyB,EAAE,MAAM,CAAA;CAAE,CAQvC;AAED;;;;;;GAMG;AACH,wBAAgB,oCAAoC,CAClD,MAAM,EAAE;IAAE,yBAAyB,EAAE,MAAM,CAAA;CAAE,EAC7C,aAAa,EAAE,MAAM,EACrB,UAAU,CAAC,EAAE,MAAM,GAClB,MAAM,CAGR"}

package/dist/core/asymmetric-crypto.js

@@ -0,0 +1,171 @@
+"use strict";
+/**
+ * 非对称加密服务
+ * 使用 RSA-OAEP 加密敏感数据（如数据库连接字符串）
+ * 特点：
+ * - 公钥加密，私钥解密
+ * - 即使加密数据泄露，没有私钥也无法解密
+ * - 私钥可以使用密码保护
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateRSAKeyPair = generateRSAKeyPair;
+exports.encryptConnectionString = encryptConnectionString;
+exports.decryptConnectionString = decryptConnectionString;
+exports.getPrivateKeyPassphrase = getPrivateKeyPassphrase;
+exports.isValidPEMKey = isValidPEMKey;
+exports.generateKeyId = generateKeyId;
+exports.createEncryptedConnectionStringConfig = createEncryptedConnectionStringConfig;
+exports.parseEncryptedConnectionStringConfig = parseEncryptedConnectionStringConfig;
+const crypto_1 = require("crypto");
+const types_1 = require("../types");
+/**
+ * RSA 加密配置
+ */
+const RSA_CONFIG = {
+    algorithm: 'rsa',
+    modulusLength: 4096, // 4096 位密钥（更安全）
+    publicKeyEncoding: {
+        type: 'spki',
+        format: 'pem'
+    },
+    privateKeyEncoding: {
+        type: 'pkcs8',
+        format: 'pem',
+        cipher: 'aes-256-cbc', // 私钥加密算法
+        passphrase: undefined
+    },
+    padding: crypto_1.constants.RSA_PKCS1_OAEP_PADDING,
+    oaepHash: 'sha256'
+};
+/**
+ * 生成 RSA 密钥对
+ * @param passphrase 私钥密码（可选，但强烈推荐）
+ * @returns RSA 密钥对
+ */
+function generateRSAKeyPair(passphrase) {
+    try {
+        const options = {
+            ...RSA_CONFIG,
+            privateKeyEncoding: {
+                ...RSA_CONFIG.privateKeyEncoding,
+                passphrase: passphrase
+            }
+        };
+        const { publicKey, privateKey } = (0, crypto_1.generateKeyPairSync)('rsa', options);
+        return {
+            publicKey,
+            privateKey
+        };
+    }
+    catch (error) {
+        throw new types_1.CryptoError(`Failed to generate RSA key pair: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+/**
+ * 使用公钥加密连接字符串
+ * @param connectionString 明文连接字符串
+ * @param publicKeyPem PEM 格式公钥
+ * @returns 加密后的连接字符串
+ */
+function encryptConnectionString(connectionString, publicKeyPem) {
+    try {
+        // RSA OAEP 加密
+        const encrypted = (0, crypto_1.publicEncrypt)({
+            key: publicKeyPem,
+            padding: RSA_CONFIG.padding,
+            oaepHash: RSA_CONFIG.oaepHash
+        }, Buffer.from(connectionString, 'utf-8'));
+        return {
+            encrypted: encrypted.toString('base64'),
+            algorithm: 'RSA-OAEP-4096',
+            keyId: undefined
+        };
+    }
+    catch (error) {
+        throw new types_1.CryptoError(`Failed to encrypt connection string: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+/**
+ * 使用私钥解密连接字符串
+ * @param encryptedData 加密的连接字符串
+ * @param privateKeyPem PEM 格式私钥
+ * @param passphrase 私钥密码（如果私钥有密码保护）
+ * @returns 明文连接字符串
+ */
+function decryptConnectionString(encryptedData, privateKeyPem, passphrase) {
+    try {
+        const encryptedBuffer = Buffer.from(encryptedData.encrypted, 'base64');
+        // RSA OAEP 解密
+        const decrypted = (0, crypto_1.privateDecrypt)({
+            key: privateKeyPem,
+            passphrase: passphrase,
+            padding: RSA_CONFIG.padding,
+            oaepHash: RSA_CONFIG.oaepHash
+        }, encryptedBuffer);
+        return decrypted.toString('utf-8');
+    }
+    catch (error) {
+        throw new types_1.CryptoError(`Failed to decrypt connection string: ${error instanceof Error ? error.message : 'Invalid password or corrupted data'}`);
+    }
+}
+/**
+ * 从环境变量安全地获取私钥密码
+ * @returns 密码字符串
+ */
+function getPrivateKeyPassphrase() {
+    const passphrase = process.env.KMS_PRIVATE_KEY_PASSPHRASE;
+    return passphrase?.trim() || undefined;
+}
+/**
+ * 验证 PEM 格式的密钥
+ * @param pem PEM 格式密钥
+ * @returns 是否有效
+ */
+function isValidPEMKey(pem) {
+    try {
+        const trimmed = pem.trim();
+        return (trimmed.includes('-----BEGIN') &&
+            trimmed.includes('-----END') &&
+            trimmed.includes('KEY-----'));
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * 生成密钥 ID（用于密钥轮换）
+ * @returns 密钥 ID
+ */
+function generateKeyId() {
+    const timestamp = Date.now().toString(36);
+    const random = (0, crypto_1.randomBytes)(4).toString('hex');
+    return `key_${timestamp}_${random}`;
+}
+/**
+ * 创建加密的连接字符串配置对象
+ * @param connectionString 明文连接字符串
+ * @param publicKeyPem 公钥
+ * @param keyId 密钥标识（可选）
+ * @returns 加密配置
+ */
+function createEncryptedConnectionStringConfig(connectionString, publicKeyPem, keyId) {
+    const encrypted = encryptConnectionString(connectionString, publicKeyPem);
+    if (keyId) {
+        encrypted.keyId = keyId;
+    }
+    return {
+        encryptedConnectionString: JSON.stringify(encrypted)
+    };
+}
+/**
+ * 从加密配置解析连接字符串
+ * @param config 配置对象
+ * @param privateKeyPem 私钥
+ * @param passphrase 私钥密码
+ * @returns 明文连接字符串
+ */
+function parseEncryptedConnectionStringConfig(config, privateKeyPem, passphrase) {
+    const encrypted = JSON.parse(config.encryptedConnectionString);
+    return decryptConnectionString(encrypted, privateKeyPem, passphrase);
+}
+//# sourceMappingURL=asymmetric-crypto.js.map

package/dist/core/asymmetric-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"asymmetric-crypto.js","sourceRoot":"","sources":["../../src/core/asymmetric-crypto.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AA+CH,gDAsBC;AAQD,0DAuBC;AASD,0DAuBC;AAMD,0DAGC;AAOD,sCAWC;AAMD,sCAIC;AASD,sFAYC;AASD,oFAOC;AA5MD,mCAAoG;AACpG,oCAAuC;AAmBvC;;GAEG;AACH,MAAM,UAAU,GAAG;IACjB,SAAS,EAAE,KAAK;IAChB,aAAa,EAAE,IAAI,EAAe,gBAAgB;IAClD,iBAAiB,EAAE;QACjB,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,KAAK;KACd;IACD,kBAAkB,EAAE;QAClB,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,aAAa,EAAW,SAAS;QACzC,UAAU,EAAE,SAA+B;KAC5C;IACD,OAAO,EAAE,kBAAS,CAAC,sBAAsB;IACzC,QAAQ,EAAE,QAAiB;CAC5B,CAAC;AAEF;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,UAAmB;IACpD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG;YACd,GAAG,UAAU;YACb,kBAAkB,EAAE;gBAClB,GAAG,UAAU,CAAC,kBAAkB;gBAChC,UAAU,EAAE,UAAU;aACvB;SACF,CAAC;QAEF,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAA,4BAAmB,EACnD,KAAK,EACL,OAAc,CACf,CAAC;QAEF,OAAO;YACL,SAAS;YACT,UAAU;SACX,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,mBAAW,CAAC,oCAAoC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IACxH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,uBAAuB,CACrC,gBAAwB,EACxB,YAAoB;IAEpB,IAAI,CAAC;QACH,cAAc;QACd,MAAM,SAAS,GAAG,IAAA,sBAAa,EAC7B;YACE,GAAG,EAAE,YAAY;YACjB,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,QAAQ,EAAE,UAAU,CAAC,QAAQ;SAC9B,EACD,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CACvC,CAAC;QAEF,OAAO;YACL,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACvC,SAAS,EAAE,eAAe;YAC1B,KAAK,EAAE,SAAS;SACjB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,mBAAW,CAAC,wCAAwC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IAC5H,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,aAAwC,EACxC,aAAqB,EACrB,UAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEvE,cAAc;QACd,MAAM,SAAS,GAAG,IAAA,uBAAc,EAC9B;YACE,GAAG,EAAE,aAAa;YAClB,UAAU,EAAE,UAAU;YACtB,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,QAAQ,EAAE,UAAU,CAAC,QAAQ;SAC9B,EACD,eAAe,CAChB,CAAC;QAEF,OAAO,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,mBAAW,CAAC,wCAAwC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oCAAoC,EAAE,CAAC,CAAC;IACjJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,uBAAuB;IACrC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC1D,OAAO,UAAU,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,OAAO,CACL,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;YAC9B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAC7B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa;IAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9C,OAAO,OAAO,SAAS,IAAI,MAAM,EAAE,CAAC;AACtC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,qCAAqC,CACnD,gBAAwB,EACxB,YAAoB,EACpB,KAAc;IAEd,MAAM,SAAS,GAAG,uBAAuB,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC;IAC1E,IAAI,KAAK,EAAE,CAAC;QACV,SAAS,CAAC,KAAK,GAAG,KAAK,CAAC;IAC1B,CAAC;IACD,OAAO;QACL,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;KACrD,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,oCAAoC,CAClD,MAA6C,EAC7C,aAAqB,EACrB,UAAmB;IAEnB,MAAM,SAAS,GAA8B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC;IAC1F,OAAO,uBAAuB,CAAC,SAAS,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;AACvE,CAAC"}

package/dist/core/crypto.d.ts

@@ -0,0 +1,37 @@
+/**
+ * 加密/解密工具函数
+ */
+import { EncryptedData } from '../types';
+/**
+ * 生成随机字节
+ */
+export declare function generateRandomBytes(length: number): Buffer;
+/**
+ * 生成随机IV
+ */
+export declare function generateIV(): Buffer;
+/**
+ * 使用AES-256-GCM加密数据
+ */
+export declare function encryptAES256GCM(plaintext: string, key: Buffer): EncryptedData;
+/**
+ * 使用AES-256-GCM解密数据
+ */
+export declare function decryptAES256GCM(encryptedData: string, iv: string, authTag: string, key: Buffer): string;
+/**
+ * 比较两个恒定时间字符串（防止时序攻击）
+ */
+export declare function timingSafeEqual(a: string, b: string): boolean;
+/**
+ * 生成随机密钥
+ */
+export declare function generateRandomKey(): Buffer;
+/**
+ * 从十六进制字符串转换为Buffer
+ */
+export declare function hexToBuffer(hex: string): Buffer;
+/**
+ * 将Buffer转换为十六进制字符串
+ */
+export declare function bufferToHex(buffer: Buffer): string;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/core/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/core/crypto.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,aAAa,EAAe,MAAM,UAAU,CAAC;AAGtD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,aAAa,CAkB9E;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,aAAa,EAAE,MAAM,EACrB,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,MAAM,GACV,MAAM,CAiBR;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAkB7D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAElD"}