@pubinfo-pr/module-pinia-crypto 0.1.1

package/dist/runtime.d.ts

@@ -0,0 +1,12 @@
+import { PiniaPersistHookBasePayload, PiniaPersistReadHookPayload, PiniaPersistWriteHookPayload } from 'pubinfo-pr';
+import { PiniaCryptoCipher, PiniaCryptoOptions } from './types';
+interface PiniaCryptoRuntime {
+    enabled: boolean;
+    cipher?: PiniaCryptoCipher;
+    match: (payload: PiniaPersistHookBasePayload) => boolean;
+    logError: (phase: 'encrypt' | 'decrypt', payload: PiniaPersistHookBasePayload, error: unknown) => void;
+}
+export declare function createPiniaCryptoRuntime(options?: PiniaCryptoOptions): PiniaCryptoRuntime;
+export declare function encryptPayload(payload: PiniaPersistWriteHookPayload, runtime: PiniaCryptoRuntime): PiniaPersistWriteHookPayload;
+export declare function decryptPayload(payload: PiniaPersistReadHookPayload, runtime: PiniaCryptoRuntime): PiniaPersistReadHookPayload;
+export {};

package/dist/types.d.ts

@@ -0,0 +1,26 @@
+import { PiniaPersistHookBasePayload, PiniaPersistReadHookPayload, PiniaPersistWriteHookPayload } from 'pubinfo-pr';
+export type StoreMatcher = string | RegExp | ((payload: PiniaPersistHookBasePayload) => boolean);
+export interface PiniaCryptoCipher {
+    encrypt: (payload: PiniaPersistWriteHookPayload) => string;
+    decrypt: (payload: PiniaPersistReadHookPayload) => string;
+}
+export interface PiniaAesCipherOptions {
+    /** AES 秘钥，自动补齐/截断为 32 字节 */
+    secret?: string;
+    /** CBC 模式下的初始化向量，自动补齐/截断为 16 字节 */
+    iv?: string;
+    /** 加密模式，默认 CBC */
+    mode?: 'cbc' | 'ecb';
+}
+export interface PiniaCryptoOptions extends PiniaAesCipherOptions {
+    /** 是否启用插件 */
+    enable?: boolean;
+    /** 仅对匹配的 store 应用加密 */
+    include?: StoreMatcher | StoreMatcher[];
+    /** 排除不需要加密的 store */
+    exclude?: StoreMatcher | StoreMatcher[];
+    /** 自定义加密器（优先级高于 secret 配置） */
+    cipher?: PiniaCryptoCipher;
+    /** 开启后会输出详细日志 */
+    debug?: boolean;
+}

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "@pubinfo-pr/module-pinia-crypto",
+  "version": "0.1.1",
+  "description": "pubinfo 框架的加密集成",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    },
+    "./style.css": "./dist/index.css"
+  },
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "src"
+  ],
+  "engines": {
+    "node": "^20.19.0 || >=22.12.0"
+  },
+  "peerDependencies": {
+    "pubinfo-pr": "0.1.1"
+  },
+  "dependencies": {
+    "crypto-js": "^4.2.0"
+  },
+  "devDependencies": {
+    "@types/crypto-js": "^4.2.2",
+    "pubinfo-pr": "0.1.1"
+  },
+  "scripts": {
+    "dev": "pubinfo build -w --sourcemap",
+    "build": "pubinfo build",
+    "openapi": "pnpx @pubinfo/openapi generate"
+  }
+}

package/src/cipher.ts

@@ -0,0 +1,66 @@
+import type { PiniaAesCipherOptions, PiniaCryptoCipher } from './types';
+import CryptoJS from 'crypto-js';
+
+const DEFAULT_SECRET = 'pubinfo-pinia-secret';
+const DEFAULT_IV = 'pubinfo-pinia-iv';
+
+export function createPiniaAesCipher(options: PiniaAesCipherOptions = {}): PiniaCryptoCipher {
+  const {
+    secret = DEFAULT_SECRET,
+    iv = DEFAULT_IV,
+    mode = 'cbc',
+  } = options;
+
+  const keyWordArray = CryptoJS.enc.Utf8.parse(normalizeLength(secret, 32));
+  const ivWordArray = mode === 'cbc' ? CryptoJS.enc.Utf8.parse(normalizeLength(iv, 16)) : undefined;
+  const cryptoMode = mode === 'ecb' ? CryptoJS.mode.ECB : CryptoJS.mode.CBC;
+
+  const buildConfig = () => ({
+    mode: cryptoMode,
+    padding: CryptoJS.pad.Pkcs7,
+    ...(ivWordArray ? { iv: ivWordArray } : {}),
+  });
+
+  return {
+    encrypt: ({ value }) => CryptoJS.AES.encrypt(value, keyWordArray, buildConfig()).toString(),
+    decrypt: ({ value }) => {
+      const decrypted = CryptoJS.AES.decrypt(value, keyWordArray, buildConfig()).toString(CryptoJS.enc.Utf8);
+      return isLikelyJson(decrypted) ? decrypted : value;
+    },
+  };
+}
+
+function normalizeLength(value: string, size: number) {
+  if (!value) {
+    return ''.padEnd(size, '0');
+  }
+  if (value.length === size) {
+    return value;
+  }
+  if (value.length > size) {
+    return value.slice(0, size);
+  }
+  return value.padEnd(size, '0');
+}
+
+function isLikelyJson(value: string) {
+  if (!value) {
+    return false;
+  }
+  const trimmed = value.trim();
+  if (!trimmed) {
+    return false;
+  }
+  const first = trimmed[0];
+  const validStarters = new Set(['{', '[', '"', 't', 'f', 'n', '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9']);
+  if (!validStarters.has(first)) {
+    return false;
+  }
+  try {
+    JSON.parse(trimmed);
+    return true;
+  }
+  catch {
+    return false;
+  }
+}

package/src/index.ts

@@ -0,0 +1,20 @@
+import type { ModuleOptions } from 'pubinfo-pr';
+import type { PiniaCryptoOptions } from './types';
+import { createPiniaCryptoRuntime, decryptPayload, encryptPayload } from './runtime';
+import 'uno.css';
+
+export function piniaCrypto(options: PiniaCryptoOptions = {}): ModuleOptions {
+  const runtime = createPiniaCryptoRuntime(options);
+
+  return {
+    name: 'pubinfo:pinia-crypto',
+    enforce: 'pre',
+    hooks: {
+      'pinia:persist:write': payload => encryptPayload(payload, runtime),
+      'pinia:persist:read': payload => decryptPayload(payload, runtime),
+    },
+  };
+}
+
+export { createPiniaAesCipher } from './cipher';
+export type { PiniaAesCipherOptions, PiniaCryptoCipher, PiniaCryptoOptions, StoreMatcher } from './types';

package/src/runtime.ts

@@ -0,0 +1,105 @@
+import type {
+  PiniaPersistHookBasePayload,
+  PiniaPersistReadHookPayload,
+  PiniaPersistWriteHookPayload,
+} from 'pubinfo-pr';
+import type { PiniaCryptoCipher, PiniaCryptoOptions, StoreMatcher } from './types';
+import { createPiniaAesCipher } from './cipher';
+
+interface PiniaCryptoRuntime {
+  enabled: boolean
+  cipher?: PiniaCryptoCipher
+  match: (payload: PiniaPersistHookBasePayload) => boolean
+  logError: (phase: 'encrypt' | 'decrypt', payload: PiniaPersistHookBasePayload, error: unknown) => void
+}
+
+export function createPiniaCryptoRuntime(options: PiniaCryptoOptions = {}): PiniaCryptoRuntime {
+  const enabled = options.enable ?? true;
+  const include = normalizeMatchers(options.include);
+  const exclude = normalizeMatchers(options.exclude);
+  const cipher = options.cipher ?? createPiniaAesCipher({
+    secret: options.secret,
+    iv: options.iv,
+    mode: options.mode,
+  });
+  const debug = options.debug ?? false;
+
+  return {
+    enabled,
+    cipher,
+    match: (payload) => {
+      if (include.length && !include.some(matcher => matchStore(matcher, payload))) {
+        return false;
+      }
+      if (exclude.length && exclude.some(matcher => matchStore(matcher, payload))) {
+        return false;
+      }
+      return true;
+    },
+    logError: (phase, payload, error) => {
+      if (!debug) {
+        return;
+      }
+      console.error(`[pinia-crypto] ${phase} failed for store "${payload.storeId}"`, error);
+    },
+  };
+}
+
+export function encryptPayload(
+  payload: PiniaPersistWriteHookPayload,
+  runtime: PiniaCryptoRuntime,
+) {
+  if (!shouldProcess(payload, runtime)) {
+    return payload;
+  }
+  try {
+    const encrypted = runtime.cipher!.encrypt(payload);
+    if (typeof encrypted === 'string') {
+      payload.value = encrypted;
+    }
+  }
+  catch (error) {
+    runtime.logError('encrypt', payload, error);
+  }
+  return payload;
+}
+
+export function decryptPayload(
+  payload: PiniaPersistReadHookPayload,
+  runtime: PiniaCryptoRuntime,
+) {
+  if (!shouldProcess(payload, runtime)) {
+    return payload;
+  }
+  try {
+    const decrypted = runtime.cipher!.decrypt(payload);
+    if (typeof decrypted === 'string') {
+      payload.value = decrypted;
+    }
+  }
+  catch (error) {
+    runtime.logError('decrypt', payload, error);
+  }
+  return payload;
+}
+
+function shouldProcess(payload: PiniaPersistHookBasePayload, runtime: PiniaCryptoRuntime) {
+  return runtime.enabled && Boolean(runtime.cipher) && runtime.match(payload);
+}
+
+function normalizeMatchers(value?: StoreMatcher | StoreMatcher[]) {
+  if (!value) {
+    return [] as StoreMatcher[];
+  }
+  return Array.isArray(value) ? value : [value];
+}
+
+function matchStore(matcher: StoreMatcher, payload: PiniaPersistHookBasePayload) {
+  if (typeof matcher === 'string') {
+    return matcher === payload.storeId;
+  }
+  if (matcher instanceof RegExp) {
+    return matcher.test(payload.storeId);
+  }
+  return matcher(payload);
+}

package/src/types.ts

@@ -0,0 +1,34 @@
+import type {
+  PiniaPersistHookBasePayload,
+  PiniaPersistReadHookPayload,
+  PiniaPersistWriteHookPayload,
+} from 'pubinfo-pr';
+
+export type StoreMatcher = string | RegExp | ((payload: PiniaPersistHookBasePayload) => boolean);
+
+export interface PiniaCryptoCipher {
+  encrypt: (payload: PiniaPersistWriteHookPayload) => string
+  decrypt: (payload: PiniaPersistReadHookPayload) => string
+}
+
+export interface PiniaAesCipherOptions {
+  /** AES 秘钥，自动补齐/截断为 32 字节 */
+  secret?: string
+  /** CBC 模式下的初始化向量，自动补齐/截断为 16 字节 */
+  iv?: string
+  /** 加密模式，默认 CBC */
+  mode?: 'cbc' | 'ecb'
+}
+
+export interface PiniaCryptoOptions extends PiniaAesCipherOptions {
+  /** 是否启用插件 */
+  enable?: boolean
+  /** 仅对匹配的 store 应用加密 */
+  include?: StoreMatcher | StoreMatcher[]
+  /** 排除不需要加密的 store */
+  exclude?: StoreMatcher | StoreMatcher[]
+  /** 自定义加密器（优先级高于 secret 配置） */
+  cipher?: PiniaCryptoCipher
+  /** 开启后会输出详细日志 */
+  debug?: boolean
+}