@tmsfe/tms-core 0.0.161 → 0.0.163

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tmsfe/tms-core",
-  "version": "0.0.161",
+  "version": "0.0.163",
   "description": "tms运行时框架",
   "repository": {
     "type": "git",

package/src/encrypt/encrypt-util.ts

@@ -9,6 +9,8 @@ const ecc = require('./nacl.min.js');
 const base64Util = require('./nacl-util.min.js');
 /* eslint-enable @typescript-eslint/no-require-imports */
 
+const logger = wx.getLogManager({});
+
 interface BaseResp<T> {
   success: boolean,
   msg: string,
@@ -33,6 +35,24 @@ const SERVER_HOST_MAP = {
 // 基础工具
 const baseUtil = {
   _isObject: (obj: any): boolean => Object.prototype.toString.call(obj) === '[object Object]',
+  // 统一格式化日志输出
+  _formatLog(args: any[]): any[] {
+    // 小程序日志管理器都只是精确到秒，我们补上毫秒方便分析
+    const time = new Date()
+      .toISOString()
+      .replace('T', ' ')
+      .substring(0, 19)
+      .replace(/-/g, '-')
+      .replace(/:/g, ':');
+    args.unshift(time);
+    return args;
+  },
+  logInfo: (...args) => {
+    args.unshift('request_encrypt_log');
+    const items = baseUtil._formatLog(args);
+    console.log(...items);
+    logger.log(...items);
+  },
   // Uint8Array转为url安全的base64编码
   encUrl: (input: Uint8Array): string => {
     let base64 = base64Util.encode(input);
@@ -107,8 +127,9 @@ const eccUtil = {
           method: 'POST',
           data,
           enableHttp2: true,
-          success: () => {
-            resolve(true);
+          success: (res) => {
+            const success = eccUtil._updateGlobalPublicKeyInfo(false, res.header);
+            resolve(success);
           },
           fail: () => {
             resolve(false);
@@ -192,6 +213,7 @@ const eccUtil = {
         return pre;
       }, [])
       .join('&');
+    baseUtil.logInfo('---客户端签名---:before', str);
     // 2. md5
     const md5Str = md5(str);
     const nonce = ecc.randomBytes(ecc.box.nonceLength);
@@ -215,7 +237,7 @@ const eccUtil = {
         'x-response-header-name': formatHeader['x-response-header-name'],
         'x-encrypted-headers': formatHeader['x-encrypted-headers'],
         'x-crypto-enable': formatHeader['x-crypto-enable'],
-        'content-type': formatHeader['content-type'],
+        // 'content-type': formatHeader['content-type'],
         'x-gateway-code': formatHeader['x-gateway-code'],
         'x-crypto-pub-id': formatHeader['x-crypto-pub-id'],
         'x-crypto-pub-key': formatHeader['x-crypto-pub-key'],
@@ -232,6 +254,7 @@ const eccUtil = {
           return pre;
         }, [])
         .join('&');
+      baseUtil.logInfo('---验证服务端的客户端签名---:before', str, traceId);
       const preHashArr = md5(str);
       const verified = preHashArr.length === decrypted.length && preHashArr.every((v, i) => v === decrypted[i]);
       return verified;
@@ -239,7 +262,6 @@ const eccUtil = {
       console.error('verifyServerCryptoSign error', e);
       return false;
     }
-    
   },
   /* eslint-enable complexity */
   execEncrypt: (input: string, ignoreNull = false): BaseResp<{
@@ -281,9 +303,7 @@ const eccUtil = {
       return new baseUtil.BaseRespFac('', false, `execDecrypt失败：${JSON.stringify(err)}`);;
     }
   },
-  checkCryptoOpen: (): boolean => {
-    return !!eccUtil._privateKeyInfo;
-  },
+  checkCryptoOpen: (): boolean => !!eccUtil._privateKeyInfo,
   closeCrypto: () => {
     eccUtil._privateKeyInfo = null;
     eccUtil._updateGlobalPublicKeyInfo(true);
@@ -431,7 +451,6 @@ const reqEncrypt = (method: string, data: any, header: {
     'X-Encrypt-Key': res.cryptoKeyInfo.clientPublicKey,
     'X-Encrypt-Response': '3',                 // 加密，二进制
     'X-Response-Header-Name': encryptedResponseHeaderName,
-    'Content-Type': 'text/plain',
   };
   const cryptoSign = eccUtil.getClientCryptoSign(baseUtil._isObject(finalData) ? finalData : {
     body: finalData,
@@ -441,6 +460,7 @@ const reqEncrypt = (method: string, data: any, header: {
     data: finalData,
     header: {
       ...cryptoHeader,
+      'Content-Type': 'text/plain',
       'X-Crypto-Sign': cryptoSign,
     },
   });
@@ -487,7 +507,7 @@ const resDecrypt = async (requestTraceId: string, header, data, cryptoKeyInfo: C
       }
       decryptedHeaders = JSON.parse(res);
     }
-    const needDecode = contentType === 'text/plain';
+    const needDecode = contentType.indexOf('text/plain') > -1;
     const cipher = needDecode ? baseUtil.decUrl(data) : new Uint8Array(data);
     const { success, msg, res } = eccUtil.execDecrypt(cipher, cryptoKeyInfo);
     if (!success) {
@@ -511,7 +531,7 @@ const resDecrypt = async (requestTraceId: string, header, data, cryptoKeyInfo: C
 let dealEncryptionSwitching = false;
 const dealEncryptionSwitch = async (path: string, traceId: string, resHeader): Promise<boolean> => {
   if ((!resHeader || dealEncryptionSwitching)) {
-    return;
+    return true;
   }
   dealEncryptionSwitching = true;
   const formatHeader = baseUtil.formatHeader(resHeader);
@@ -521,7 +541,7 @@ const dealEncryptionSwitch = async (path: string, traceId: string, resHeader): P
     `${baseUtil.getSinanHost()}/user/login`,
     `${baseUtil.getSinanHost()}/basic/crypto/lastkey2`,
   ].indexOf(path) > -1;
-  if ((eccUtil.checkCryptoOpen() && cryptoDisabled) || specialPath ) {
+  if ((eccUtil.checkCryptoOpen() && cryptoDisabled) || specialPath) {
     const verified = eccUtil.verifyServerCryptoSign(traceId, formatHeader);
     if (!verified) {
       // 验签失败，表示响应被篡改
@@ -544,6 +564,8 @@ const dealEncryptionSwitch = async (path: string, traceId: string, resHeader): P
 const encryptUtil = {
   init,                       // 初始化加密工具
   isCryptoRuleMath,           // 请求是否符合加密规则
+  isPerformanceRuleMath: cryptRuleUtil.isPerformanceReport,     // 请求是否符合性能规则
+  logInfo: baseUtil.logInfo,  // 本地日志打印
   reqEncrypt,                 // 请求加密：header和data
   resDecrypt,                 // 响应解密
   dealEncryptionSwitch,       // 处理加密开关

package/src/encrypt/index.ts

@@ -1,26 +1,9 @@
 import encryptUtil from './encrypt-util';
 import { genTraceparent } from './traceUtils';
 
-const logger = wx.getLogManager({});
+
 const util = {
-  // 统一格式化日志输出
-  formatLog(args: any[]): any[] {
-    // 小程序日志管理器都只是精确到秒，我们补上毫秒方便分析
-    const time = new Date()
-      .toISOString()
-      .replace('T', ' ')
-      .substring(0, 19)
-      .replace(/-/g, '-')
-      .replace(/:/g, ':');
-    args.unshift(time);
-    return args;
-  },
-  logInfo: (...args) => {
-    args.unshift('request_encrypt_log');
-    const items = util.formatLog(args);
-    console.log(...items);
-    logger.log(...items);
-  },
+  logInfo: (...args) => encryptUtil.logInfo(...args),
   reportFunc: (...args) => {
     util.logInfo('reportFunc init fail:', ...args);
   },
@@ -97,7 +80,8 @@ function proxyWxRequest(): void {
           ...originalOptions,
           success: async (res) => {
             const dealSuccess = await encryptUtil.dealEncryptionSwitch(url, traceId, res.header);
-            if (dealSuccess) {
+            // 性能埋点接口不走验签逻辑
+            if (dealSuccess || encryptUtil.isPerformanceRuleMath(url, formatData)) {
               success?.call(this, res);
             } else {
               util.reportFunc(url, traceparent, `加密验签不通过: ${JSON.stringify(res)}`);