@tmsfe/tms-core 0.0.163 → 0.0.166
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/encrypt/encrypt-util.ts +31 -16
- package/src/encrypt/index.ts +9 -7
package/package.json
CHANGED
|
@@ -127,9 +127,8 @@ const eccUtil = {
|
|
|
127
127
|
method: 'POST',
|
|
128
128
|
data,
|
|
129
129
|
enableHttp2: true,
|
|
130
|
-
success: (
|
|
131
|
-
|
|
132
|
-
resolve(success);
|
|
130
|
+
success: () => {
|
|
131
|
+
resolve(true);
|
|
133
132
|
},
|
|
134
133
|
fail: () => {
|
|
135
134
|
resolve(false);
|
|
@@ -529,43 +528,59 @@ const resDecrypt = async (requestTraceId: string, header, data, cryptoKeyInfo: C
|
|
|
529
528
|
};
|
|
530
529
|
// 处理接下来的请求开关
|
|
531
530
|
let dealEncryptionSwitching = false;
|
|
532
|
-
const dealEncryptionSwitch = async (path: string, traceId: string, resHeader): Promise<
|
|
531
|
+
const dealEncryptionSwitch = async (path: string, traceId: string, resHeader): Promise<void> => {
|
|
533
532
|
if ((!resHeader || dealEncryptionSwitching)) {
|
|
534
|
-
return
|
|
533
|
+
return;
|
|
535
534
|
}
|
|
536
535
|
dealEncryptionSwitching = true;
|
|
537
536
|
const formatHeader = baseUtil.formatHeader(resHeader);
|
|
538
537
|
// 加密关闭或者`login接口和lastkey接口`,都需要先执行验签
|
|
539
538
|
const cryptoDisabled = formatHeader['x-crypto-enable'] === '0';
|
|
540
|
-
|
|
541
|
-
`${baseUtil.getSinanHost()}/user/login`,
|
|
542
|
-
`${baseUtil.getSinanHost()}/basic/crypto/lastkey2`,
|
|
543
|
-
].indexOf(path) > -1;
|
|
544
|
-
if ((eccUtil.checkCryptoOpen() && cryptoDisabled) || specialPath) {
|
|
539
|
+
if ((eccUtil.checkCryptoOpen() && cryptoDisabled)) {
|
|
545
540
|
const verified = eccUtil.verifyServerCryptoSign(traceId, formatHeader);
|
|
546
541
|
if (!verified) {
|
|
547
542
|
// 验签失败,表示响应被篡改
|
|
548
543
|
dealEncryptionSwitching = false;
|
|
549
|
-
|
|
544
|
+
baseUtil.logInfo(`验签失败: ${path} : ${traceId}`);
|
|
545
|
+
return;
|
|
550
546
|
}
|
|
551
547
|
}
|
|
552
548
|
if (cryptoDisabled) {
|
|
553
549
|
eccUtil.closeCrypto();
|
|
554
550
|
} else if (formatHeader['x-crypto-enable'] === '1') {
|
|
555
|
-
if (specialPath) {
|
|
556
|
-
eccUtil._updateGlobalPublicKeyInfo(false, formatHeader);
|
|
557
|
-
}
|
|
558
551
|
await eccUtil.openCrypto();
|
|
559
552
|
} // 0是关闭,1是开启, 2是保持
|
|
560
553
|
dealEncryptionSwitching = false;
|
|
561
|
-
return
|
|
554
|
+
return;
|
|
555
|
+
};
|
|
556
|
+
|
|
557
|
+
/**
|
|
558
|
+
* 处理非加密请求的响应
|
|
559
|
+
* @params path traceId resHeader reqData
|
|
560
|
+
* @returns 是否需要根据响应内容处理加密开关
|
|
561
|
+
*/
|
|
562
|
+
const dealRes = (path: string, traceId: string, resHeader, reqData): BaseResp<boolean> => {
|
|
563
|
+
const specialPath = [
|
|
564
|
+
`${baseUtil.getSinanHost()}/user/login`,
|
|
565
|
+
`${baseUtil.getSinanHost()}/basic/crypto/lastkey2`,
|
|
566
|
+
].indexOf(path) > -1;
|
|
567
|
+
if (specialPath) {
|
|
568
|
+
const formatHeader = baseUtil.formatHeader(resHeader);
|
|
569
|
+
const verified = eccUtil.verifyServerCryptoSign(traceId, formatHeader);
|
|
570
|
+
if (!verified) {
|
|
571
|
+
// 验签失败,表示响应被篡改
|
|
572
|
+
return new baseUtil.BaseRespFac(false, false, `验签失败: ${path} : ${traceId}`);
|
|
573
|
+
}
|
|
574
|
+
eccUtil._updateGlobalPublicKeyInfo(false, resHeader);
|
|
575
|
+
}
|
|
576
|
+
return new baseUtil.BaseRespFac(!cryptRuleUtil.isPerformanceReport(path, reqData));
|
|
562
577
|
};
|
|
563
578
|
|
|
564
579
|
const encryptUtil = {
|
|
565
580
|
init, // 初始化加密工具
|
|
566
581
|
isCryptoRuleMath, // 请求是否符合加密规则
|
|
567
|
-
isPerformanceRuleMath: cryptRuleUtil.isPerformanceReport, // 请求是否符合性能规则
|
|
568
582
|
logInfo: baseUtil.logInfo, // 本地日志打印
|
|
583
|
+
dealRes, // 处理不加密请求的响应
|
|
569
584
|
reqEncrypt, // 请求加密:header和data
|
|
570
585
|
resDecrypt, // 响应解密
|
|
571
586
|
dealEncryptionSwitch, // 处理加密开关
|
package/src/encrypt/index.ts
CHANGED
|
@@ -27,7 +27,7 @@ let originalRequestApi;
|
|
|
27
27
|
let originalUploadFileApi;
|
|
28
28
|
// 劫持wx.request和wx.uploadFile函数
|
|
29
29
|
const requestInit = (utilFunc) => {
|
|
30
|
-
if (!wx.
|
|
30
|
+
if (!wx.reqCryptoFlag) {
|
|
31
31
|
originalRequestApi = wx.request;
|
|
32
32
|
// 初始化参数加签函数和性能上报函数
|
|
33
33
|
const { report, composeParamsFunc } = utilFunc;
|
|
@@ -37,12 +37,12 @@ const requestInit = (utilFunc) => {
|
|
|
37
37
|
report('request_encrypt_log', ...args);
|
|
38
38
|
};
|
|
39
39
|
proxyWxRequest();
|
|
40
|
-
wx.
|
|
40
|
+
wx.reqCryptoFlag = true;
|
|
41
41
|
}
|
|
42
|
-
if (!wx.
|
|
42
|
+
if (!wx.uploadFileCryptoFlag) {
|
|
43
43
|
originalUploadFileApi = wx.uploadFile;
|
|
44
44
|
proxyWxUploadFile();
|
|
45
|
-
wx.
|
|
45
|
+
wx.uploadFileCryptoFlag = true;
|
|
46
46
|
}
|
|
47
47
|
};
|
|
48
48
|
|
|
@@ -79,9 +79,11 @@ function proxyWxRequest(): void {
|
|
|
79
79
|
originalRequestApi.call(this, {
|
|
80
80
|
...originalOptions,
|
|
81
81
|
success: async (res) => {
|
|
82
|
-
const
|
|
82
|
+
const {
|
|
83
|
+
success: dealSuccess, res: needDealHeader } = encryptUtil.dealRes(url, traceId, res.header, formatData);
|
|
83
84
|
// 性能埋点接口不走验签逻辑
|
|
84
|
-
if (dealSuccess
|
|
85
|
+
if (dealSuccess) {
|
|
86
|
+
needDealHeader && encryptUtil.dealEncryptionSwitch(url, traceId, res.header);
|
|
85
87
|
success?.call(this, res);
|
|
86
88
|
} else {
|
|
87
89
|
util.reportFunc(url, traceparent, `加密验签不通过: ${JSON.stringify(res)}`);
|
|
@@ -122,7 +124,7 @@ function proxyWxRequest(): void {
|
|
|
122
124
|
return;
|
|
123
125
|
}
|
|
124
126
|
if (decSuccess) {
|
|
125
|
-
util.logInfo(url, traceparent, '解密成功');
|
|
127
|
+
// util.logInfo(url, traceparent, '解密成功');
|
|
126
128
|
encryptUtil.dealEncryptionSwitch(url, traceId, resHeader);
|
|
127
129
|
success?.call(this, res);
|
|
128
130
|
} else { // 不支持明文重试,且解密失败
|