@shijiu/jsview 2.2.201 → 2.2.373

package/tools/jsview-post-build.mjs

@@ -12,6 +12,7 @@ import {
   parseArguments,
   Logger,
 } from './jsview-common.mjs';
+import { assert } from 'node:console';
 
 // npm run build 时检查jsview-dom是否处于Debug模式。
 async function checkDomDebugDisabled(options) {
@@ -24,15 +25,52 @@ async function checkDomDebugDisabled(options) {
   }
 }
 
-// main.js处理AppData信息
-async function prepareMainAppData(options, fileMd5)
+function getEntryFilePath(options)
+{
+  let jsEntryFilePath;
+  const jsFileNames = fs.readdirSync(options.distJsDir);
+  for(const fileName of jsFileNames) {
+    if (fileName.startsWith('main.jsv') && fileName.endsWith('.js')) {
+      jsEntryFilePath = path.resolve(options.distJsDir, fileName);
+      break;
+    }
+  };
+
+  return jsEntryFilePath;
+}
+
+function getEncryptBase64(appPrivKey, appPubKey, plainText)
+{
+  // 编码md5值
+  const encryptBase64 = crypto.privateEncrypt({
+      key: appPrivKey,
+      padding: crypto.constants.RSA_PKCS1_PADDING
+    },
+    Buffer.from(plainText)
+  ).toString('base64');
+
+  // 校验publicKey是否是配对的
+  const decryptText = crypto.publicDecrypt({
+      key: appPubKey,
+      padding: crypto.constants.RSA_PKCS1_PADDING
+    },
+    Buffer.from(encryptBase64, 'base64')
+  ).toString();
+  if (decryptText !== plainText) {
+    Logger.ErrorAndExit('public key dismath to private key!');
+  }
+
+  return encryptBase64;
+}
+
+function updateOptions(options)
 {
   // 加载私钥文件
   if (!fs.existsSync(options.appPrivKeyFile)) {
     Logger.ErrorAndExit('Failed to open private key file from ' + options.appPrivKeyFile);
   }
-  const privateKeyText = fs.readFileSync(options.appPrivKeyFile);
-  if (privateKeyText.indexOf('-----BEGIN PRIVATE KEY-----') < 0) {
+  const privKey = fs.readFileSync(options.appPrivKeyFile);
+  if (privKey.indexOf('-----BEGIN PRIVATE KEY-----') < 0) {
     Logger.ErrorAndExit('Get private from src/appConfig/app_sign_private_key.crt failed.');
   }
 
@@ -40,40 +78,62 @@ async function prepareMainAppData(options, fileMd5)
   if (!fs.existsSync(options.appPubKeyFile)) {
     Logger.ErrorAndExit('Failed to open public key file from ' + options.appPubKeyFile);
   }
-  const publicKeyText = fs.readFileSync(options.appPubKeyFile);
-  if (publicKeyText.indexOf('-----BEGIN PUBLIC KEY-----') < 0) {
+  const pubKey = fs.readFileSync(options.appPubKeyFile);
+  if (pubKey.indexOf('-----BEGIN PUBLIC KEY-----') < 0) {
     Logger.ErrorAndExit('Get private from src/appConfig/app_sign_public_key.pem failed.');
   }
-  // 公钥格式转化pem -> der，因为java中的解码处理只识别der格式
-  let publicKeyDerText = publicKeyText.toString();
-  if (publicKeyDerText.indexOf('\r') >= 0) {
-    publicKeyDerText = publicKeyDerText.replace(/\r/g, '');
-  }        
-  if (publicKeyDerText.indexOf('\n') >= 0) {
-    publicKeyDerText = publicKeyDerText.replace(/\n/g, '');
-  }
-  publicKeyDerText = publicKeyDerText.replace('-----BEGIN PUBLIC KEY-----', '');
-  publicKeyDerText = publicKeyDerText.replace('-----END PUBLIC KEY-----', '');
-
-  // 编码md5值
-  const encryptCodeBase64 = crypto.privateEncrypt({
-      key: privateKeyText, 
-      padding: crypto.constants.RSA_PKCS1_PADDING
-    }, 
-    Buffer.from(fileMd5)
-  ).toString('base64');
 
   // 校验publicKey是否是配对的
-  const decryptCode = crypto.publicDecrypt({
-      key: publicKeyText,
-      padding: crypto.constants.RSA_PKCS1_PADDING
-    }, 
-    Buffer.from(encryptCodeBase64, 'base64')
-  ).toString();
-  if (decryptCode !== fileMd5) {
-    Logger.ErrorAndExit('public key dismath to private key!');
+  const encryptBase64 = getEncryptBase64(privKey, pubKey, 'crypto-test');
+  assert(encryptBase64)
+
+  const appEntryFilePath = getEntryFilePath(options);
+  const appEntryContent = fs.readFileSync(appEntryFilePath, 'utf8');
+  const appEntryMd5 = crypto.createHash('md5').update(appEntryContent).digest('hex');
+
+  options.appPrivKey = privKey;
+  options.appPubKey = pubKey;
+  options.appEntryMd5 = appEntryMd5;
+}
+
+function getOtherSignVerifyKeys(options)
+{
+  const signVerifyKeys = {};
+  const signVerifyKeyFiles = fs.readdirSync(options.appConfigSVKeysDir);
+  for (const keyName of signVerifyKeyFiles) {
+    const filePath = path.resolve(options.appConfigSVKeysDir, keyName);
+    if (keyName == '.gitkeep') {
+      continue;
+    } else if (!keyName.endsWith('.pem')) {
+      Logger.Warn(`Ignore to append invalid signature verification key: ${filePath}`);
+      continue;
+    }
+
+    const keyValue = fs.readFileSync(filePath, 'utf8');
+    signVerifyKeys[keyName] = keyValue;
   }
 
+  return signVerifyKeys;
+}
+
+function publicPemToDer(pubKeyPem)
+{
+    let pubKeyDer = pubKeyPem.toString();
+    if (pubKeyDer.indexOf('\r') >= 0) {
+      pubKeyDer = pubKeyDer.replace(/\r/g, '');
+    }        
+    if (pubKeyDer.indexOf('\n') >= 0) {
+      pubKeyDer = pubKeyDer.replace(/\n/g, '');
+    }
+    pubKeyDer = pubKeyDer.replace('-----BEGIN PUBLIC KEY-----', '');
+    pubKeyDer = pubKeyDer.replace('-----END PUBLIC KEY-----', '');
+
+    return pubKeyDer;
+}
+
+// main.js处理AppData信息
+async function prepareMainAppData(options)
+{
   // 获取AppData信息
   const appConfigFilePath = path.resolve(options.appConfigDir, 'app.config.mjs');
   if (!fs.existsSync(appConfigFilePath)) {
@@ -82,29 +142,47 @@ async function prepareMainAppData(options, fileMd5)
   const appConfigFileUrl = url.pathToFileURL(appConfigFilePath);
   const { default: appConfig } = await import(appConfigFileUrl);
 
-  // 获取 chunk.jsv的map
-  const chunkHash = {};
+  // 获取PublickKey数组
+  const publicKeys = [publicPemToDer(options.appPubKey)];
+  // TODO: 验签PubKey的安全性尚需考虑
+  // const signVerifyKeys = getOtherSignVerifyKeys(options);
+  // for(const [keyName, keyValue] of Object.entries(signVerifyKeys)) {
+  //   Logger.Info(` -> Append ${keyName} to jsvapp.`)
+  //   publicKeys.push(publicPemToDer(keyValue));
+  // }
+
+  // 获取密文
+  const encryptBase64 = getEncryptBase64(options.appPrivKey, options.appPubKey, options.appEntryMd5);
+
+  // 获取 预加载的文件名
+  const filterKeys = [
+    'domNativePath',
+    'NativePlatformDomBridge',
+    'ForgeExtension',
+    'CodeRevision',
+    '__vue_app__',
+    'mount("#app")',
+  ];
+  const preloadChunks = [];
   const jsFileNames = fs.readdirSync(options.distJsDir);
   for(const fileName of jsFileNames) {
     if (!fileName.startsWith('chunk.jsv') || !fileName.endsWith('.js')) {
       continue;
     }
 
-    const hash = fileName.replace(/.*chunk\.jsv.([a-fA-F0-9].*).js/, '$1');
-
     const filePath = path.resolve(options.distJsDir, fileName);
     const sourceContent = fs.readFileSync(filePath, 'utf8');
-    const md5 = sourceContent.replace(/\n/g, '').replace(/.*\/\*jsvmd5:([a-fA-F0-9]{8})[a-fA-F0-9]*\*\/.*/, '$1');
+    if(filterKeys.some(it => sourceContent.includes(it)) == false) {
+      continue;
+    }
 
-    chunkHash[hash] = md5;
+    preloadChunks.push(fileName);
   }
 
   // 组装AppData
-  appConfig.PublicKeys = [publicKeyDerText]; // 使用签名数组，支持后续追加签名
-  appConfig.EncryptCodes = [encryptCodeBase64]; // 同样使用数组，支持后续追加
-  appConfig.ChunkHash = chunkHash;
-
-
+  appConfig.PublicKeys = publicKeys; // 使用签名数组，支持后续追加签名
+  appConfig.EncryptCodes = [encryptBase64]; // 同样使用数组，支持后续追加
+  appConfig.PreloadChunks = preloadChunks;
 
   return JSON.stringify(appConfig);
 }
@@ -146,20 +224,31 @@ async function signApp(options)
 
     var sourceContent = fs.readFileSync(filePath, 'utf8');
 
-    sourceContent += '\n'; // 把\n归入算进md5计算中
+    const jsvMd5 = crypto.createHash('md5').update(sourceContent).digest('hex');
+
+    // 获取签名并验签
+    const cryptoSigner = crypto.createSign('sha256').update(jsvMd5).end();
+    const cryptoVerifier = crypto.createVerify('sha256').update(jsvMd5).end();
+    const jsvSign = cryptoSigner.sign(options.appPrivKey, 'hex');
+    const verified = cryptoVerifier.verify(options.appPubKey, jsvSign, 'hex');
+    if(!verified) {
+      Logger.ErrorAndExit('Failed to create signature verification.');
+    }
 
-    const jsvAppMd5 = crypto.createHash('md5').update(sourceContent).digest('hex');
     let appDataInfo = '';
     if (fileName.indexOf('main.jsv.') >= 0) {
       // 对main文件加入应用头信息
-      appDataInfo = await prepareMainAppData(options, jsvAppMd5);
+      appDataInfo = await prepareMainAppData(options, jsvMd5);
 
       // 格式化jsvapp信息 /*jsvapp:内容长度:{内容}*/
       // 使用TextEncoder解决中文长度问题
       const infoLen = new TextEncoder().encode(appDataInfo).length;
       appDataInfo = '/*jsvapp:' + infoLen + ':' + appDataInfo + ':' + infoLen + ':jsvapp*/';
     }
-    sourceContent = sourceContent + appDataInfo + '/*jsvmd5:' + jsvAppMd5 + '*/';
+    sourceContent = sourceContent + appDataInfo;
+
+    sourceContent = sourceContent + '/*jsvsign:' + jsvSign + '*/';
+
     fs.writeFileSync(filePath, sourceContent, 'utf8');
   }
 }
@@ -182,6 +271,9 @@ function redirectSourceMappingURL(options)
       '# sourceMappingURL=', '# sourceMappingURL=http://localhost:57245/map/');
     sourceContent = sourceContent.substring(0, mapUrlOffset) + mapUrlStr;
 
+    //添加一个回车，后续把\n归入算进md5计算中
+    sourceContent += '\n';
+
     fs.writeFileSync(filePath, sourceContent, 'utf8');
   };
 }
@@ -192,41 +284,35 @@ function makeMainJsvMjs(options, framework)
     return;
   }
 
-  let jsEntryFilePath;
-  const jsFileNames = fs.readdirSync(options.distJsDir);
-  for(const fileName of jsFileNames) {
-    if (fileName.startsWith('main.jsv') && fileName.endsWith('.js')) {
-      jsEntryFilePath = path.resolve(options.distJsDir, fileName);
-      break;
-    }
-  };
-
-  const sourceContent = fs.readFileSync(jsEntryFilePath, 'utf8');
-  const md5 = sourceContent.replace(/\n/g, '').replace(/.*\/\*jsvmd5:([a-fA-F0-9]{8})[a-fA-F0-9]*\*\/.*/, '$1');
-  const newEntryFileName = `main.jsv.${md5}.js`;
+  // 更新entry hash
+  const jsEntryFilePath = getEntryFilePath(options);
+  const newEntryFileName = `main.jsv.${options.appEntryMd5.slice(0, 8)}.js`;
   const newEntryFilePath = path.resolve(path.dirname(jsEntryFilePath), newEntryFileName);
   Logger.Info(' -> ' + path.relative(options.projectDir, newEntryFilePath));
   fs.renameSync(jsEntryFilePath, newEntryFilePath);
 
+  // 更新index.html hash
   var indexContent = fs.readFileSync(options.distJsIndexFile, 'utf8');
   indexContent = indexContent.replace(path.basename(jsEntryFilePath), newEntryFileName);
   Logger.Info(' -> ' + path.relative(options.projectDir, options.distJsIndexFile));
   fs.writeFileSync(options.distJsIndexFile, indexContent, 'utf8');
 
+  // 创建JsView 加载用的 mjs entry
   const moduleEntryFilePath = newEntryFilePath.replace(/\.js$/, '.mjs');
   fs.copyFileSync(newEntryFilePath, moduleEntryFilePath);
+
+  // 创建JsView Debug用的 mjs entry
+  const debugEntryFilePath = path.resolve(options.distJsDir, 'main.jsv.mjs');
+  Logger.Info(' -> ' + path.relative(options.projectDir, debugEntryFilePath));
+  fs.copyFileSync(newEntryFilePath, debugEntryFilePath);
 }
 
 function makeDebugMap(options, framework)
 {
   fs.mkdirSync(options.distDebugMapDir, { recursive: true });
 
-  let jsEntryFilePath;
   const jsFileNames = fs.readdirSync(options.distJsDir);
   for(const fileName of jsFileNames) {
-    if (fileName.startsWith('main.jsv') && fileName.endsWith('.mjs')) {
-      jsEntryFilePath = path.resolve(options.distJsDir, fileName);
-    }
     if (!fileName.endsWith('.map')) {
       continue;
     }
@@ -237,16 +323,6 @@ function makeDebugMap(options, framework)
     fs.renameSync(from, to);
   };
 
-  if (jsEntryFilePath) {
-    let extName = path.extname(jsEntryFilePath);
-    if (framework == 'vue') {
-      extName = '.mjs'
-    }
-    const to = path.resolve(options.distJsDir, 'main.jsv' + extName);
-    Logger.Info(' -> ' + path.relative(options.projectDir, to));
-    fs.copyFileSync(jsEntryFilePath, to);
-  }
-
   const jsmapServeName = 'jsview-jsmap-serve.mjs';
   const jsmapServePath = path.resolve(options.jsviewToolsDir, jsmapServeName);
   if (!fs.existsSync(jsmapServePath)) {
@@ -335,6 +411,9 @@ async function main(argv)
   redirectSourceMappingURL(options)
   Logger.Info('Redirected JsView source map...');
 
+  // EntryMd5 要放在sourcemap更新之后
+  updateOptions(options);
+
   Logger.Info('Checking JsView app config...');
   await checkAppConfig(options);
   Logger.Info('Checked JsView app config...');

package/tools/jsview-vue-devtools.mjs

@@ -55,8 +55,10 @@ async function runVueDevtoolsStandalone(options)
 
         const exportElectronMirror = exportPrefix + ' ELECTRON_MIRROR=http://cdn.release.qcast.cn/RN_devtools/electron-env/'
         let cmdline = exportElectronMirror + ' && npm install --package-lock-only --save-exact --save-dev electron@21.4.4 @vue/devtools@6.5.1'
+        cmdline = cmdline.replace(' &&', '&&'); // 解决window系统设置后多了一个空格的问题
         execCommand(cmdline);
         cmdline = exportElectronMirror + ' && npm ci'
+        cmdline = cmdline.replace(' &&', '&&'); // 解决window系统设置后多了一个空格的问题
         execCommand(cmdline);
         
         console.log()