@tmsfe/tms-core 0.0.161 → 0.0.162

package/src/request.js

@@ -11,10 +11,12 @@
 import md5 from './md5';
 import { getEnvInfo, getAuthInfo } from './env';
 import { safeJsonParse } from './objUtils';
-import { encryptObjInit } from './encrypt/index';
+import encryptObj from './encrypt';
 import reporter from './report/index';
+import { genTraceparent } from './traceUtils';
 
 const logger = wx.getLogManager({});
+let refreshPromise = null;
 
 /**
  * 用于序列化需要签名的参数
@@ -159,16 +161,7 @@ export default class Request {
    */
   static defaultSecretKey = '';
 
-  static encryptInit(secretKey) {
-    // 加密模块初始化
-    encryptObjInit({
-      composeParamsFunc: async (data) => {
-        const params = await composeParam(data, true, {});
-        return sign(params, secretKey);
-      },
-      report: (...args) => reporter.reportPerformance(...args),
-    });
-  }
+  static requestEncryptOpen = true;
 
   static getInstance() {
     if (reqInstance === null) {
@@ -355,6 +348,94 @@ export default class Request {
     return Promise.resolve({ url });
   }
 
+  // wx请求封装成promise
+  async wxRequest(path, method, header = {}, data, needReport, seqId) {
+    if (needReport && path.indexOf('basic/event/upload') < 0) {
+      logger.log(
+        'tms-performance-log',
+        'request_encrypt_log', 'main', 'send_unencrypt_request', seqId,
+        !!wx.$_publicKey, Request.requestEncryptOpen, path,
+      );
+    }
+    // 如果是获取pubKey的接口，但是没带userId, 则需要取消这次请求
+    if (path.indexOf('basic/crypto/lastkey') > -1 && !data.userId) {
+      return;
+    }
+    return new Promise((resolve, reject) => {
+      wx.request({
+        url: path,
+        header: { ...header, 'X-Seq-Id': seqId, Traceparent: genTraceparent() },
+        method,
+        data,
+        enableHttp2: true,
+        success: (res) => {
+          resolve(res);
+        },
+        fail: (err) => {
+          reject(err);
+        },
+      });
+    });
+  }
+
+  async refreshEncryptKey() {
+    if (wx.$_encrypt_refreshDisable) {
+      return false;
+    }
+    if (!refreshPromise) {
+      refreshPromise = new Promise(async (resolve) => {
+        try {
+          const requestParam = await composeParam({}, true, {});
+          const data = sign(requestParam, this.secretKey);
+          const finalUrl = this.makeUrl('basic/crypto/lastkey');
+          const res = await this.wxRequest(finalUrl, 'GET', {}, data, true, data.seqId);
+          const success = res.data.errCode === 0;
+          if (!success) {
+            // 如果请求失败，则停止刷新加密秘钥，运行时永久关闭
+            wx.$_encrypt_refreshDisable = true;
+          }
+          encryptObj.updateDecryptKey(res.data.resData);
+          resolve(success);
+        } catch (e) {
+          encryptObj.updateDecryptKey(null);
+          resolve(false);
+        }
+        refreshPromise = null;
+      });
+    }
+    return refreshPromise;
+  }
+
+  // 如果全局请求加密开关关闭 || 当前请求内容不满足加密规则（publickey不为空且走sinan网关且非性能上报埋点）
+  checkIfNeedEncrypt(url, data) {
+    if (!Request.requestEncryptOpen || !encryptObj.needsEncryption(url, data)) {
+      return false;
+    }
+    return true;
+  }
+
+  async dealEncryptionSwitch(resHeader, forceRefresh = false) {
+    if (!forceRefresh && (!resHeader || this.dealEncryptionSwitching)) {
+      return false;
+    }
+    this.dealEncryptionSwitching = true;
+    const formatHeader = {};
+    Object.keys(resHeader).forEach(key => formatHeader[key.toLowerCase()] = resHeader[key]);
+    const encryptionAvaliable = formatHeader['x-encryption-available'] === '0';
+    if (encryptionAvaliable) {
+      // 关闭接下来请求的加密开关
+      wx.$_publicKey = null;
+      return false;
+    }
+    let refreshSuccess = true;
+    // 打开开关，如果当前是关闭状态，则需要刷新加密key
+    if (forceRefresh || !wx.$_publicKey) {
+      refreshSuccess = await this.refreshEncryptKey();
+    }
+    this.dealEncryptionSwitching = false;
+    return refreshSuccess;
+  }
+
   /**
    * 创建发送请求任务
    * @memberof Request
@@ -364,61 +445,95 @@ export default class Request {
    * @param {object} header 自定义的请求头
    * @returns {Promise} 接口返回结果
    */
-  async createRequestTask(path, param = {}, method = 'POST', header = {}) {
+  async createRequestTask(path, param = {}, method = 'POST', header = {}, doEncrypt = true, retryTimes = 0) {
     const requestParam = await composeParam(param, this.withAuth, this.baseParam);
     const data = sign(requestParam, this.secretKey);
-    return new Promise((resolve, reject) => {
-      const requestTime = Date.now();
-      const printLog = (isSuccess, res) => {
-        // 埋点已经单独打日志了，接口请求数据日志太长影响分析
-        if (path.indexOf('basic/event/upload') !== -1) {
-          return;
-        }
-
-        // 打车、代驾日志不截断，方便用于回放
-        const fullApi = path.indexOf('/takecar/') !== -1 || path.indexOf('dd/api/v2/order') !== -1;
+    const finalUrl = this.makeUrl(path);
+    const requestTime = Date.now();
+    const printLog = (isSuccess, res) => {
+      // 埋点已经单独打日志了，接口请求数据日志太长影响分析
+      if (path.indexOf('basic/event/upload') !== -1) {
+        return;
+      }
 
-        let result = JSON.stringify(res);
-        if (isSuccess && !fullApi && result.length > 500) {
-          result = `${result.substring(0, 500)} 内容太长被截断`;
-        }
+      // 打车、代驾日志不截断，方便用于回放
+      const fullApi = path.indexOf('/takecar/') !== -1 || path.indexOf('dd/api/v2/order') !== -1;
 
-        const obj = {
-          path,
-          method,
-          header: JSON.stringify(header),
-          params: JSON.stringify(data),
-          duration: Date.now() - requestTime,
-        };
-        if (isSuccess) {
-          obj.res = result;
-        } else {
-          obj.err = result;
-        }
+      let result = JSON.stringify(res);
+      if (isSuccess && !fullApi && result.length > 500) {
+        result = `${result.substring(0, 500)} 内容太长被截断`;
+      }
 
-        const str = JSON.stringify(obj, null, 2).replace(/\\"/ig, '\'');
-        if (isSuccess) {
-          logger.log(`接口请求成功：\n${str}`);
-        } else {
-          logger.warn(`接口请求失败：\n${str}`);
-        }
+      const obj = {
+        path,
+        method,
+        header: JSON.stringify(header),
+        params: JSON.stringify(data),
+        duration: Date.now() - requestTime,
       };
+      if (isSuccess) {
+        obj.res = result;
+      } else {
+        obj.err = result;
+      }
 
-      wx.request({
-        url: this.makeUrl(path),
-        header,
-        method,
-        data,
-        enableHttp2: true,
-        success: (res) => {
-          printLog(true, res.data);
-          resolve(res);
-        },
-        fail: (err) => {
-          printLog(false, err);
-          reject(err);
-        },
-      });
-    });
+      const str = JSON.stringify(obj, null, 2).replace(/\\"/ig, '\'');
+      if (isSuccess) {
+        logger.log(`接口请求成功：\n${str}`);
+      } else {
+        logger.warn(`接口请求失败：\n${str}`);
+      }
+    };
+    const { seqId } = data;
+    try {
+      // 当前请求不加密 || 不满足加密前提
+      if (!doEncrypt || !this.checkIfNeedEncrypt(finalUrl, data)) {
+        const result = await this.wxRequest(finalUrl, method, header, data, true, seqId);
+        const { header: resHeader, data: resData } = result;
+        // 根据返回的响应头来控制接下来运行时的加密开关
+        this.dealEncryptionSwitch(resHeader);
+        printLog(true, resData);
+        return result;
+      }
+      // 1. 加密请求
+      const {
+        header: encryptHeader, data: encryptData, aesKey,
+      } = encryptObj.reqEncrypt(method, data, header, '');
+      // 2. 发送请求
+      encryptHeader['content-type'] = 'text/plain';
+      const result = await this.wxRequest(finalUrl, method, encryptHeader, encryptData, false, seqId);
+      const { header: resHeader, data: resData } = result;
+      // 3. 解密响应
+      const { success, header: decryptHeader, data: decryptData } = encryptObj.resDecrypt(aesKey, resHeader, resData);
+      if (!success) {
+        reporter.reportPerformance('request_encrypt_log', 'main', 'local_response_decrypt_fail', seqId);
+        return this.createRequestTask(path, param, method, header, false);
+      }
+      // 4. 处理解密失败的响应
+      const errCodeType = encryptObj.getErrcodeType(decryptData.errCode, decryptData.errMsg);
+      if (errCodeType === encryptObj.reqErrType.pubKeyInvalid) {  // 秘钥失效
+        const encryptSwitch = await this.dealEncryptionSwitch(resHeader, true);
+        if (retryTimes > 2) {
+          throw new Error('解密失败，请重试');
+        }
+        return this.createRequestTask(path, param, method, header, encryptSwitch, retryTimes + 1);
+      }
+      if (errCodeType === encryptObj.reqErrType.decryptError) { // 解密失败
+        return this.createRequestTask(path, param, method, header, false);
+      }
+      if (errCodeType === encryptObj.reqErrType.cryptoDisabled) { // 加密关闭
+        wx.$_publicKey = null;
+        return this.createRequestTask(path, param, method, header, false);
+      }
+      result.header = decryptHeader;
+      result.data = decryptData;
+      printLog(true, result.data);
+      // 根据返回的响应头来控制接下来运行时的加密开关
+      this.dealEncryptionSwitch(resHeader);
+      return result;
+    } catch (err) {
+      printLog(false, err);
+      throw err;
+    }
   }
 }

package/src/runtime/login.ts

@@ -55,6 +55,8 @@ const loginFn = async () => {
         }
         if (userData.errCode === 0) {
           userInfo = userData.resData.userInfo;
+          // 全局挂载公钥数据
+          wx.$_publicKey = userData.resData.publicKey;
           // 缓存登录信息
           wx.setStorageSync('sinanCacheUserInfo', userInfo);
         }

package/src/traceUtils.js

@@ -0,0 +1,23 @@
+/**
+ * 生成traceparent Id
+ * 用途：用于生成version - trace-id - parent-id/span-id - trace-flags规则的id，方便链路追踪
+ */
+import { CryptoJS } from './aes';
+
+// 生成随机的16字节trace-id和8字节parent-id/span-id
+function generateRandomHex(size) {
+  return CryptoJS.lib.WordArray.random(size).toString(CryptoJS.enc.Hex);
+}
+
+// 生成traceparent ID
+function genTraceparent() {
+  const version = '00';
+  const traceId = generateRandomHex(16); // 16字节的trace-id
+  const parentId = generateRandomHex(8); // 8字节的parent-id/span-id
+  const traceFlags = '01'; // 示例标志，表示采样
+  return `${version}-${traceId}-${parentId}-${traceFlags}`;
+}
+
+export {
+  genTraceparent,
+};