@tmsfe/tms-core 0.0.164 → 0.0.167

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tmsfe/tms-core",
-  "version": "0.0.164",
+  "version": "0.0.167",
   "description": "tms运行时框架",
   "repository": {
     "type": "git",

package/src/encrypt/encrypt-util.ts

@@ -1,589 +1 @@
-/**
- * 加密相关的原子工具能力
- * 暴露出来的工具函数封装原则：不可以向外throw错误，返回执行结果统一格式：{ success: boolean, msg: string, res: any }
- * https://iwiki.woa.com/p/4013041987#1.-RSA+AES-%E5%88%87%E6%8D%A2-Curve25519+XSalsa20%EF%BC%9A
- */
-import md5 from './md5';
-/* eslint-disable @typescript-eslint/no-require-imports */
-const ecc = require('./nacl.min.js');
-const base64Util = require('./nacl-util.min.js');
-/* eslint-enable @typescript-eslint/no-require-imports */
-
-const logger = wx.getLogManager({});
-
-interface BaseResp<T> {
-  success: boolean,
-  msg: string,
-  res: T,
-}
-
-interface CryptoKeyInfo {
-  sharedByte: Uint8Array,
-  clientPublicKey: string,
-  serverPubId: string,
-}
-
-// 出行接口域名
-const SERVER_HOST_MAP = {
-  production: 'https://tim.map.qq.com',               // 出行服务正式环境域名
-  test: 'https://tim.sparta.html5.qq.com',            // 出行服务测试环境域名
-  development: 'https://tim.sparta.html5.qq.com/dev', // 出行服务开发环境域名
-  predist: 'https://tim.sparta.html5.qq.com/pre',     // 出行服务灰度环境域名
-  mock: 'http://localhost:8003',                      // 本地mock环境
-};
-
-// 基础工具
-const baseUtil = {
-  _isObject: (obj: any): boolean => Object.prototype.toString.call(obj) === '[object Object]',
-  // 统一格式化日志输出
-  _formatLog(args: any[]): any[] {
-    // 小程序日志管理器都只是精确到秒，我们补上毫秒方便分析
-    const time = new Date()
-      .toISOString()
-      .replace('T', ' ')
-      .substring(0, 19)
-      .replace(/-/g, '-')
-      .replace(/:/g, ':');
-    args.unshift(time);
-    return args;
-  },
-  logInfo: (...args) => {
-    args.unshift('request_encrypt_log');
-    const items = baseUtil._formatLog(args);
-    console.log(...items);
-    logger.log(...items);
-  },
-  // Uint8Array转为url安全的base64编码
-  encUrl: (input: Uint8Array): string => {
-    let base64 = base64Util.encode(input);
-    base64 = base64
-      .replace(/\+/g, '-')
-      .replace(/\//g, '_')
-      .replace(/=+$/, '');
-    return base64;
-  },
-  // url安全的base64解码
-  decUrl: (input: string): Uint8Array => {
-    let base64 = input.replace(/-/g, '+').replace(/_/g, '/');
-    while (base64.length % 4) {
-      base64 += '=';
-    }
-    return base64Util.decode(base64);
-  },
-  // header格式化，将header的key转换为小写
-  formatHeader: (header): any => {
-    if (!header || !baseUtil._isObject(header)) {
-      return {};
-    }
-    const formatHeader = {};
-    Object.keys(header).forEach((key) => {
-      formatHeader[key.toLocaleLowerCase()] = header[key];
-    });
-    return formatHeader;
-  },
-  formatGetData: (params: any): string => {
-    if (!params || !baseUtil._isObject(params)) {
-      return '';
-    }
-    return Object.keys(params)
-      .map(key => `${encodeURIComponent(key)}=${encodeURIComponent(params[key])}`)
-      .join('&');
-  },
-  getSinanHost: (): string => {
-    if (wx.$_encryptEnvInfo) {
-      return SERVER_HOST_MAP[wx.$_encryptEnvInfo.envName];
-    }
-    return '';
-  },
-  getClientEncryptOpen: (): boolean => wx.$_encryptEnvInfo?.requestEncryptOpen,
-  BaseRespFac: class BaseRespFac<T> implements BaseResp<T> {
-    success: boolean;
-    msg: string;
-    res: T;
-
-    constructor(res: T, success?: boolean, msg?: string) {
-      this.success = success === undefined ? true : success;
-      this.msg = msg === undefined ? '' : msg;
-      this.res = res;
-    }
-  },
-};
-let composeParamsFunc = null; // 请求参数处理函数，加密初始化调用后之后会赋值
-// 加密工具
-const eccUtil = {
-  _refreshPromise: null,
-  _refreshPubKeyInfo: async (forceRefresh: boolean): Promise<boolean> => {
-    // 未完成初始化，则不支持秘钥刷新
-    if (!composeParamsFunc) {
-      return false;
-    }
-    if (!wx.$_publicKey || forceRefresh) {
-      // eslint-disable-next-line
-      eccUtil._refreshPromise = new Promise(async (resolve) => {
-        const url =  `${baseUtil.getSinanHost()}/basic/crypto/lastkey2`;
-        const data = await composeParamsFunc({});
-        wx.request({
-          url,
-          method: 'POST',
-          data,
-          enableHttp2: true,
-          success: () => {
-            resolve(true);
-          },
-          fail: () => {
-            resolve(false);
-          },
-        });
-      });
-    }
-    return eccUtil._refreshPromise;
-  },
-  // 解析resHeader详情，更新全局公钥信息
-  _updateGlobalPublicKeyInfo: (clear: boolean, resHeader?: {[key: string]: any}): BaseResp<boolean> => {
-    if (clear) {
-      wx.$_publicKey = null;
-      return;
-    }
-    const header = baseUtil.formatHeader(resHeader);
-    const {
-      'x-gateway-code': code,
-      'x-crypto-pub-id': pubId, 'x-crypto-pub-key': pubKey, 'x-crypto-pub-exp': pubExp, 'x-crypto-path': pathRule,
-    } = header;
-    const success = !code && pubId;  // login接口会出现接口成功，但是不返回publicKeyInfo的情况
-    wx.$_publicKey = success ? { pubId, pubKey, pubExp, pathRule } : null;
-    return new baseUtil.BaseRespFac(success);
-  },
-  _privateKeyInfo: null,
-  getPrivateKeyInfo: (forceUpdate = false): CryptoKeyInfo => {
-    if (!wx.$_publicKey) return null;
-    const serverPubInfo = wx.$_publicKey;
-    if (forceUpdate || !eccUtil._privateKeyInfo || eccUtil._privateKeyInfo.serverPubId !== serverPubInfo.pubId) {
-      const keyPair = ecc.box.keyPair();  // 生成客户端公钥私钥
-      eccUtil._privateKeyInfo = {
-        serverPubId: serverPubInfo.pubId,                       // 服务端公钥id
-        sharedByte: ecc.box.before(baseUtil.decUrl(serverPubInfo.pubKey), keyPair.secretKey),  // 共享秘钥
-        clientPublicKey: baseUtil.encUrl(keyPair.publicKey),    // base64 url safe 编码后的客户端公钥
-      };
-    }
-    return eccUtil._privateKeyInfo;
-  },
-  // 解析gwCode
-  /* eslint-disable complexity */
-  resolveGwCode: async (codeStr: string): Promise<{ retry: boolean, success: boolean }> => {
-    if (!codeStr) return { retry: false, success: true };
-    const code = parseInt(codeStr, 10);
-    switch (code) {
-      case 0:
-        return { retry: false, success: true };
-      case 11305:    // 公钥id无效
-      case 11306:  { // 公钥过期
-        // 1. 获取公钥
-        eccUtil._refreshPubKeyInfo(true).then((genPubSuccess) => {
-          genPubSuccess && eccUtil.getPrivateKeyInfo();   // 2. 生成私钥
-        });
-        return { retry: true, success: false };
-      }
-      case 11308:  { // 密钥对有问题
-        eccUtil.getPrivateKeyInfo(true);                   // 重新生成私钥
-        return { retry: true, success: false };
-      }
-      case 11300:  // 解密失败
-      case 11301:
-      case 11302:
-      case 11303:
-      case 11304:
-      case 11307:  // 加密未开启
-        return { retry: true, success: false };
-      case 11309:
-        return { retry: false, success: false };
-      default:     // 其他网关错误码
-        return { retry: false, success: true };
-    }
-  },
-  _getSignSharedByte: () => baseUtil.decUrl('mEufQpM1n5J8-OZZoJE7ucYMC2suTjfsHUq_6z5cyh8'),
-  // 计算客户端加密签名
-  getClientCryptoSign: (data = {}, header = {}, sharedByte): string => {
-    const obj = baseUtil.formatHeader(Object.assign({}, data, header));
-    // 1. 生成签名前的字符串
-    const str = Object.keys(obj).filter(item => obj[item])
-      .sort()
-      .reduce((pre, cur) => {
-        pre.push(`${cur}=${obj[cur]}`);
-        return pre;
-      }, [])
-      .join('&');
-    baseUtil.logInfo('---客户端签名---:before', str);
-    // 2. md5
-    const md5Str = md5(str);
-    const nonce = ecc.randomBytes(ecc.box.nonceLength);
-    const encrypted = ecc.box.after(md5Str, nonce, sharedByte);
-    const combined = new Uint8Array(nonce.length + encrypted.length);
-    combined.set(nonce);
-    combined.set(encrypted, nonce.length);
-    return baseUtil.encUrl(combined);
-  },
-  // 验证服务端加密签名
-  verifyServerCryptoSign: (traceId: string, resHeader = {}): boolean => {
-    try {
-      const formatHeader = baseUtil.formatHeader(resHeader);
-      const signStr = formatHeader['x-crypto-sign'];
-      if (!signStr) {
-        return false;
-      }
-      const obj = {
-        'x-encrypt-key': formatHeader['x-encrypt-key'],
-        'x-encrypt-response': formatHeader['x-encrypt-response'],
-        'x-response-header-name': formatHeader['x-response-header-name'],
-        'x-encrypted-headers': formatHeader['x-encrypted-headers'],
-        'x-crypto-enable': formatHeader['x-crypto-enable'],
-        // 'content-type': formatHeader['content-type'],
-        'x-gateway-code': formatHeader['x-gateway-code'],
-        'x-crypto-pub-id': formatHeader['x-crypto-pub-id'],
-        'x-crypto-pub-key': formatHeader['x-crypto-pub-key'],
-        'x-crypto-pub-exp': formatHeader['x-crypto-pub-exp'],
-        'x-crypto-path': formatHeader['x-crypto-path'],
-        'x-trace-id': traceId,
-      };
-      const msg = baseUtil.decUrl(signStr);
-      const decrypted = ecc.sign.open(msg, eccUtil._getSignSharedByte());
-      const str = Object.keys(obj).filter(item => obj[item])
-        .sort()
-        .reduce((pre, cur) => {
-          pre.push(`${cur}=${obj[cur]}`);
-          return pre;
-        }, [])
-        .join('&');
-      baseUtil.logInfo('---验证服务端的客户端签名---:before', str, traceId);
-      const preHashArr = md5(str);
-      const verified = preHashArr.length === decrypted.length && preHashArr.every((v, i) => v === decrypted[i]);
-      return verified;
-    } catch (e) {
-      console.error('verifyServerCryptoSign error', e);
-      return false;
-    }
-  },
-  /* eslint-enable complexity */
-  execEncrypt: (input: string, ignoreNull = false): BaseResp<{
-    cryptoKeyInfo: CryptoKeyInfo,
-    encryptedContent: any } | null> => {
-    try {
-      const eccKeyInfo = eccUtil.getPrivateKeyInfo();
-      if (!eccKeyInfo) {
-        return new baseUtil.BaseRespFac(null, false, '加密失败：无加密秘钥信息');
-      }
-      const cryptoKeyInfo = Object.assign({}, eccKeyInfo);  // 因为这里的加密数据要在后续流程中复用，所以需要值拷贝
-      if (ignoreNull && (!input || input === '{}')) {       // 如果需要忽略空值
-        return new baseUtil.BaseRespFac({ cryptoKeyInfo, encryptedContent: '' });
-      }
-      const { sharedByte } = cryptoKeyInfo;
-      const nonce = ecc.randomBytes(ecc.box.nonceLength);
-      const encrypted = ecc.box.after(base64Util.decodeUTF8(input), nonce, sharedByte);
-      const combined = new Uint8Array(nonce.length + encrypted.length);
-      combined.set(nonce);
-      combined.set(encrypted, nonce.length);
-      const encryptedStr = baseUtil.encUrl(combined);
-      return new baseUtil.BaseRespFac({
-        cryptoKeyInfo,
-        encryptedContent: encryptedStr,
-      });
-    } catch (e) {
-      return new baseUtil.BaseRespFac(null, false, `execEncrypt失败：${JSON.stringify(e)}`);
-    }
-  },
-  execDecrypt: (msg: Uint8Array, cryptoKeyInfo: CryptoKeyInfo): BaseResp<string> => {
-    try {
-      const { sharedByte } = cryptoKeyInfo;
-      const nonce = msg.slice(0, ecc.box.nonceLength);
-      const encrypted = msg.slice(ecc.box.nonceLength);
-      const decrypted = ecc.box.open.after(encrypted, nonce, sharedByte);
-      const decryptedStr = base64Util.encodeUTF8(decrypted);
-      return new baseUtil.BaseRespFac(decryptedStr);
-    } catch (err) {
-      return new baseUtil.BaseRespFac('', false, `execDecrypt失败：${JSON.stringify(err)}`);;
-    }
-  },
-  checkCryptoOpen: (): boolean => !!eccUtil._privateKeyInfo,
-  closeCrypto: () => {
-    eccUtil._privateKeyInfo = null;
-    eccUtil._updateGlobalPublicKeyInfo(true);
-  },
-  openCrypto: async (): Promise<boolean> => {
-    const genPubSuccess = await eccUtil._refreshPubKeyInfo(false); // 1. 获取公钥
-    if (!genPubSuccess) return false;
-    eccUtil.getPrivateKeyInfo();                              // 2. 生成私钥
-    return true;
-  },
-};
-// 加密规则判断工具
-const cryptRuleUtil = {
-  // 远程加密服务是否开启
-  isServerOpen: (): boolean => !!wx.$_publicKey,
-  // 检查path是否符合下发的路由前缀
-  pathInEnablePrefix: (path: string): boolean => {
-    if (!wx.$_publicKey) {
-      return false;
-    }
-    const { pathRule } = wx.$_publicKey;
-    if (pathRule === '*') {
-      return true;
-    }
-    const prefixArr = pathRule.split(',').map(item => item.trim());
-    for (let i = 0, len = prefixArr.length; i < len; i++) {
-      if (path.indexOf(prefixArr[i]) > -1) {
-        return true;
-      }
-    }
-    return false;
-  },
-  // 判断是否是性能埋点上报接口
-  isPerformanceReport: (path: string, params: any): boolean => {
-    // 如果是日志上报接口，需要过滤性能日志，不需要加密
-    if (path.indexOf('basic/event/upload') > -1) {
-      if (params.batch?.length === 1 && params.batch[0]?.[31] === 'tms-performance-log') {
-        return true;
-      }
-      return false;
-    }
-    return false;
-  },
-  // 不参与加密的请求路径规则: { 允许的域名： 不需要加密的path }
-  _encryptPathRule: {
-    'tim.map.qq.com': ['^/user/login', '^/api/getClientConfigs', '^/basic/crypto/lastkey2'],
-    'tim.sparta.html5.qq.com': [
-      '^/user/login',
-      '^/cnabroad', '^~/ReChargeCard/', '^/gasolinerecharge/v2/', '^/gasolinerecharge/rechargecard/',
-      '^/tde', '^/basic/crypto/lastkey2',
-    ],
-  },
-  isHostValid: (url) => {
-    // 使用正则表达式解析URL
-    const urlPattern = /^(https?:\/\/)?([^/?#]+)([/?#].*)?$/;
-    const matches = url.match(urlPattern);
-    if (!matches) {
-      console.error('Invalid URL:', url);
-      return false; // 如果URL无效，默认返回false
-    }
-    const domain = matches[2];
-    const path = matches[3] || '/';
-    if (cryptRuleUtil._encryptPathRule[domain]) {
-      const pathRules = cryptRuleUtil._encryptPathRule[domain];
-      for (const rule of pathRules) {
-        const regex = new RegExp(rule);
-        if (regex.test(path)) {
-          return false; // 匹配到规则，不需要加密
-        }
-      }
-      return true;      // 此域名下，默认需要加密
-    }
-    return false; // 没有匹配到规则，不需要加密
-  },
-};
-
-// 初始化加密工具
-const init = (composeFunc: Function): BaseResp<null> => {
-  composeParamsFunc = (...args) => composeFunc(...args);            // 加密服务器公共参数
-  return new baseUtil.BaseRespFac(null);
-};
-
-// 判断是否满足加密规则
-const isCryptoRuleMath = (path: string, reqData: any): BaseResp<boolean> => {
-  if (!wx.$_encryptEnvInfo.requestEncryptOpen) {
-    return new baseUtil.BaseRespFac(false, false, '本地加密未开启');
-  }
-  // 如果服务端下发的加密开关关闭，不走加密
-  if (!cryptRuleUtil.isServerOpen()) {
-    return new baseUtil.BaseRespFac(false, false, '服务端加密未开启');
-  }
-  // 请求路由不满足服务端下发的加密规则，不走加密
-  if (!cryptRuleUtil.pathInEnablePrefix(path)) {
-    return new baseUtil.BaseRespFac(false, false, '未命中服务端加密规则');
-  }
-  // 请求接口是加密性能埋点上报接口，不加密
-  if (cryptRuleUtil.isPerformanceReport(path, reqData)) {
-    return new baseUtil.BaseRespFac(false, false, '性能埋点');
-  }
-  // 请求路由不走sinan网关，不加密
-  if (!cryptRuleUtil.isHostValid(path)) {
-    return new baseUtil.BaseRespFac(false, false, '非sinan网关加密接口');
-  }
-  return new baseUtil.BaseRespFac(true);;
-};
-// 请求加密
-const reqEncrypt = (method: string, data: any, header: {
-  [key: string]: any }, encryptedResponseHeaderName: string): BaseResp<{
-  cryptoKeyInfo: CryptoKeyInfo,
-  header: any,
-  data: any,
-} | null> => {
-  const reqHeader = baseUtil.formatHeader(header);
-  if (reqHeader.contentType) {
-    return new baseUtil.BaseRespFac(null, false, '户自定义了请求contentType');
-  }
-  let finalData = {};
-  // 1. 处理请求参数
-  if (method.toUpperCase() === 'GET') {
-    const searchParams = baseUtil.formatGetData(data);
-    if (!searchParams) {
-      return new baseUtil.BaseRespFac(null, false, `GET请求参数不满足加密的规则: ${JSON.stringify(data)}`);
-    }
-    const { success, msg, res } = eccUtil.execEncrypt(searchParams);
-    if (!success) {
-      return new baseUtil.BaseRespFac(null, false, `GET请求参数加密失败: ${msg}`);
-    }
-    finalData = { tmsec: res.encryptedContent };
-  } else {
-    const { success, msg, res } = eccUtil.execEncrypt(JSON.stringify(data));
-    if (!success) {
-      return new baseUtil.BaseRespFac(null, false, `${method}请求参数加密失败: ${msg}`);
-    }
-    finalData = res.encryptedContent;
-  }
-  // 2. 处理Headers
-  const { success, msg, res } = eccUtil.execEncrypt(JSON.stringify(header), true);
-  if (!success) {
-    return new baseUtil.BaseRespFac(null, false, `请求Header加密失败: ${msg}`);
-  }
-  const cryptoHeader = {
-    'X-Crypto-Mode': '2',  // ecc加密模式
-    'X-Encrypted-Headers': res.encryptedContent,
-    'X-Encrypt-Pub': res.cryptoKeyInfo.serverPubId,
-    'X-Encrypt-Key': res.cryptoKeyInfo.clientPublicKey,
-    'X-Encrypt-Response': '3',                 // 加密，二进制
-    'X-Response-Header-Name': encryptedResponseHeaderName,
-  };
-  const cryptoSign = eccUtil.getClientCryptoSign(baseUtil._isObject(finalData) ? finalData : {
-    body: finalData,
-  }, cryptoHeader, res.cryptoKeyInfo.sharedByte);
-  return new baseUtil.BaseRespFac({
-    cryptoKeyInfo: res.cryptoKeyInfo,
-    data: finalData,
-    header: {
-      ...cryptoHeader,
-      'Content-Type': 'text/plain',
-      'X-Crypto-Sign': cryptoSign,
-    },
-  });
-};
-// 解密请求结果
-const resDecrypt = async (requestTraceId: string, header, data, cryptoKeyInfo: CryptoKeyInfo): Promise<BaseResp<{
-  retry: boolean,  // 是否需要明文重试
-  header: any,
-  data: any,
-}>> => {
-  try {
-    const formatHeader = baseUtil.formatHeader(header);
-    const {
-      // 'x-encrypt-key': clientPublicKey,                    // base64 url safe编码后的客户端公钥
-      'x-encrypt-response': encryptResponseMode,              // 期望的响应加密模式 2: 加密、不压缩 3: 加密、二进制
-      'x-response-header-name': encryptedResponseHeaderName,  // 需要加密的响应Header: X-Header1,X-Header2
-      'x-encrypted-headers': encryptedHeaders,                // 加密后的Header信息
-      'x-gateway-code': gatewayCode,                          // 网关返回的错误码
-      'content-type': contentType,                            // 响应内容类型
-    } = formatHeader;
-    if (!encryptResponseMode || encryptResponseMode === '0') { // 不需要解密，直接返回
-      const dataStr = base64Util.encodeUTF8(new Uint8Array(data));
-      return new baseUtil.BaseRespFac({
-        header,
-        data: JSON.parse(dataStr),
-        retry: false,
-      });
-    }
-    const { retry, success: gwSuccess } = await eccUtil.resolveGwCode(gatewayCode);
-    if (!gwSuccess) {
-      // 网关加密流程出现问题，需要验证网关签名
-      const verified = eccUtil.verifyServerCryptoSign(requestTraceId, header);
-      if (!verified) {
-        // 验证失败，表示请求被篡改
-        return new baseUtil.BaseRespFac({ header: null, data: null, retry: false }, false, '响应被篡改');
-      }
-      return new baseUtil.BaseRespFac({ header: null, data: null, retry }, false, `网关返回错误码: ${gatewayCode}`);
-    }
-    let decryptedHeaders = {};
-    if (encryptedResponseHeaderName) {                         // 解密响应Header
-      const { success, msg, res } = eccUtil.execDecrypt(baseUtil.decUrl(encryptedHeaders), cryptoKeyInfo);
-      if (!success) {
-        return new baseUtil.BaseRespFac({ header: null, data: null, retry: true }, false, `解密响应Header失败: ${msg}`);
-      }
-      decryptedHeaders = JSON.parse(res);
-    }
-    const needDecode = contentType.indexOf('text/plain') > -1;
-    const cipher = needDecode ? baseUtil.decUrl(data) : new Uint8Array(data);
-    const { success, msg, res } = eccUtil.execDecrypt(cipher, cryptoKeyInfo);
-    if (!success) {
-      return new baseUtil.BaseRespFac({ header: null, data: null, retry: true }, false, `解密响应Body失败: ${msg}`);
-    }
-    const decryptedBody = JSON.parse(res); // 解密响应Body
-    return new baseUtil.BaseRespFac({
-      retry: false,
-      header: {
-        ...header,
-        ...decryptedHeaders,
-      },
-      data: decryptedBody,
-    });
-  } catch (e) {
-    // 因为上面的逻辑有parse, 所以这里再加一个catch
-    return new baseUtil.BaseRespFac({ header: null, data: null, retry: true }, false, `解密响应Body失败: ${JSON.stringify(e)}`);
-  }
-};
-// 处理接下来的请求开关
-let dealEncryptionSwitching = false;
-const dealEncryptionSwitch = async (path: string, traceId: string, resHeader): Promise<void> => {
-  if ((!resHeader || dealEncryptionSwitching)) {
-    return;
-  }
-  dealEncryptionSwitching = true;
-  const formatHeader = baseUtil.formatHeader(resHeader);
-  // 加密关闭或者`login接口和lastkey接口`，都需要先执行验签
-  const cryptoDisabled = formatHeader['x-crypto-enable'] === '0';
-  if ((eccUtil.checkCryptoOpen() && cryptoDisabled)) {
-    const verified = eccUtil.verifyServerCryptoSign(traceId, formatHeader);
-    if (!verified) {
-      // 验签失败，表示响应被篡改
-      dealEncryptionSwitching = false;
-      baseUtil.logInfo(`验签失败: ${path} : ${traceId}`);
-      return;
-    }
-  }
-  if (cryptoDisabled) {
-    eccUtil.closeCrypto();
-  } else if (formatHeader['x-crypto-enable'] === '1') {
-    await eccUtil.openCrypto();
-  } // 0是关闭，1是开启, 2是保持
-  dealEncryptionSwitching = false;
-  return;
-};
-
-/**
- * 处理非加密请求的响应
- * @params path traceId resHeader reqData 
- * @returns 是否需要根据响应内容处理加密开关
- */
-const dealRes = (path: string, traceId: string, resHeader, reqData): BaseResp<boolean> => {
-  const specialPath = [
-    `${baseUtil.getSinanHost()}/user/login`,
-    `${baseUtil.getSinanHost()}/basic/crypto/lastkey2`,
-  ].indexOf(path) > -1;
-  if (specialPath) {
-    const formatHeader = baseUtil.formatHeader(resHeader);
-    const verified = eccUtil.verifyServerCryptoSign(traceId, formatHeader);
-    if (!verified) {
-      // 验签失败，表示响应被篡改
-      return new baseUtil.BaseRespFac(false, false, `验签失败: ${path} : ${traceId}`);
-    }
-    eccUtil._updateGlobalPublicKeyInfo(false, resHeader);
-  }
-  return new baseUtil.BaseRespFac(!cryptRuleUtil.isPerformanceReport(path, reqData));
-}
-
-const encryptUtil = {
-  init,                       // 初始化加密工具
-  isCryptoRuleMath,           // 请求是否符合加密规则
-  logInfo: baseUtil.logInfo,  // 本地日志打印
-  dealRes,                    // 处理不加密请求的响应
-  reqEncrypt,                 // 请求加密：header和data
-  resDecrypt,                 // 响应解密
-  dealEncryptionSwitch,       // 处理加密开关
-};
-
-export default encryptUtil;
+import md5 from'./md5';const ecc=require('./nacl.min.js');const base64Util=require('./nacl-util.min.js');const logger=wx.getLogManager({});const SERVER_HOST_MAP={production:'https://tim.map.qq.com',test:'https://tim.sparta.html5.qq.com',development:'https://tim.sparta.html5.qq.com/dev',predist:'https://tim.sparta.html5.qq.com/pre',mock:'http://localhost:8003',};const baseUtil={_isObject:obj=>Object.prototype.toString.call(obj)==='[object Object]',_formatLog(args){const time=new Date().toISOString().replace('T',' ').substring(0,19).replace(/-/g,'-').replace(/:/g,':');args.unshift(time);return args},logInfo:(...args)=>{args.unshift('request_encrypt_log');const items=baseUtil._formatLog(args);console.log(...items);logger.log(...items)},encUrl:input=>{let base64=base64Util.encode(input);return base64.replace(/\+/g,'-').replace(/\//g,'_').replace(/=+$/,'')},decUrl:input=>{let base64=input.replace(/-/g,'+').replace(/_/g,'/');while(base64.length%4)base64+='=';return base64Util.decode(base64)},formatHeader:header=>{if(!header||!baseUtil._isObject(header))return{};const formatHeader={};Object.keys(header).forEach(key=>{formatHeader[key.toLowerCase()]=header[key]});return formatHeader},formatGetData:params=>{if(!params||!baseUtil._isObject(params))return'';return Object.keys(params).map(key=>`${encodeURIComponent(key)}=${encodeURIComponent(params[key])}`).join('&')},getSinanHost:()=>wx.$_encryptEnvInfo?SERVER_HOST_MAP[wx.$_encryptEnvInfo.envName]:'',getClientEncryptOpen:()=>wx.$_encryptEnvInfo?.requestEncryptOpen,BaseRespFac:class BaseRespFac{constructor(res,success=true,msg=''){this.success=success;this.msg=msg;this.res=res}}};let composeParamsFunc=null;const eccUtil={_refreshPromise:null,_refreshPubKeyInfo:async forceRefresh=>{if(!composeParamsFunc)return false;if(!wx.$_publicKey||forceRefresh){eccUtil._refreshPromise=new Promise(async resolve=>{const url=`${baseUtil.getSinanHost()}/basic/crypto/lastkey2`;const data=await composeParamsFunc({});wx.request({url,method:'POST',data,enableHttp2:true,success:()=>resolve(true),fail:()=>resolve(false)})})}return eccUtil._refreshPromise},_updateGlobalPublicKeyInfo:(clear,resHeader)=>{if(clear){wx.$_publicKey=null;return}const header=baseUtil.formatHeader(resHeader);const{'x-gateway-code':code,'x-crypto-pub-id':pubId,'x-crypto-pub-key':pubKey,'x-crypto-pub-exp':pubExp,'x-crypto-path':pathRule}=header;const success=!code&&pubId;wx.$_publicKey=success?{pubId,pubKey,pubExp,pathRule}:null;return new baseUtil.BaseRespFac(success)},_privateKeyInfo:null,getPrivateKeyInfo:forceUpdate=>{if(!wx.$_publicKey)return null;const serverPubInfo=wx.$_publicKey;if(forceUpdate||!eccUtil._privateKeyInfo||eccUtil._privateKeyInfo.serverPubId!==serverPubInfo.pubId){const keyPair=ecc.box.keyPair();eccUtil._privateKeyInfo={serverPubId:serverPubInfo.pubId,sharedByte:ecc.box.before(baseUtil.decUrl(serverPubInfo.pubKey),keyPair.secretKey),clientPublicKey:baseUtil.encUrl(keyPair.publicKey)}}return eccUtil._privateKeyInfo},resolveGwCode:async codeStr=>{if(!codeStr)return{retry:false,success:true};const code=parseInt(codeStr,10);switch(code){case 0:return{retry:false,success:true};case 11305:case 11306:{eccUtil._refreshPubKeyInfo(true).then(genPubSuccess=>{genPubSuccess&&eccUtil.getPrivateKeyInfo()});return{retry:true,success:false}}case 11308:{eccUtil.getPrivateKeyInfo(true);return{retry:true,success:false}}case 11300:case 11301:case 11302:case 11303:case 11304:case 11307:return{retry:true,success:false};case 11309:return{retry:false,success:false};default:return{retry:false,success:true}}},_getSignSharedByte:()=>baseUtil.decUrl('mEufQpM1n5J8-OZZoJE7ucYMC2suTjfsHUq_6z5cyh8'),getClientCryptoSign:(data={},header={},sharedByte)=>{const obj=baseUtil.formatHeader(Object.assign({},data,header));const str=Object.keys(obj).filter(item=>obj[item]).sort().reduce((pre,cur)=>{pre.push(`${cur}=${obj[cur]}`);return pre},[]).join('&');baseUtil.logInfo('---客户端签名---:before',str);const md5Str=md5(str);const nonce=ecc.randomBytes(ecc.box.nonceLength);const encrypted=ecc.box.after(md5Str,nonce,sharedByte);const combined=new Uint8Array(nonce.length+encrypted.length);combined.set(nonce);combined.set(encrypted,nonce.length);return baseUtil.encUrl(combined)},verifyServerCryptoSign:(traceId,resHeader={})=>{try{const formatHeader=baseUtil.formatHeader(resHeader);const signStr=formatHeader['x-crypto-sign'];if(!signStr)return false;const obj={'x-encrypt-key':formatHeader['x-encrypt-key'],'x-encrypt-response':formatHeader['x-encrypt-response'],'x-response-header-name':formatHeader['x-response-header-name'],'x-encrypted-headers':formatHeader['x-encrypted-headers'],'x-crypto-enable':formatHeader['x-crypto-enable'],'x-gateway-code':formatHeader['x-gateway-code'],'x-crypto-pub-id':formatHeader['x-crypto-pub-id'],'x-crypto-pub-key':formatHeader['x-crypto-pub-key'],'x-crypto-pub-exp':formatHeader['x-crypto-pub-exp'],'x-crypto-path':formatHeader['x-crypto-path'],'x-trace-id':traceId};const msg=baseUtil.decUrl(signStr);const decrypted=ecc.sign.open(msg,eccUtil._getSignSharedByte());const str=Object.keys(obj).filter(item=>obj[item]).sort().reduce((pre,cur)=>{pre.push(`${cur}=${obj[cur]}`);return pre},[]).join('&');baseUtil.logInfo('---验证服务端的客户端签名---:before',str,traceId);const preHashArr=md5(str);return preHashArr.length===decrypted.length&&preHashArr.every((v,i)=>v===decrypted[i])}catch(e){console.error('verifyServerCryptoSign error',e);return false}},execEncrypt:(input,ignoreNull=false)=>{try{const eccKeyInfo=eccUtil.getPrivateKeyInfo();if(!eccKeyInfo)return new baseUtil.BaseRespFac(null,false,'加密失败：无加密秘钥信息');const cryptoKeyInfo=Object.assign({},eccKeyInfo);if(ignoreNull&&(!input||input==='{}'))return new baseUtil.BaseRespFac({cryptoKeyInfo,encryptedContent:''});const{sharedByte}=cryptoKeyInfo;const nonce=ecc.randomBytes(ecc.box.nonceLength);const encrypted=ecc.box.after(base64Util.decodeUTF8(input),nonce,sharedByte);const combined=new Uint8Array(nonce.length+encrypted.length);combined.set(nonce);combined.set(encrypted,nonce.length);const encryptedStr=baseUtil.encUrl(combined);return new baseUtil.BaseRespFac({cryptoKeyInfo,encryptedContent:encryptedStr})}catch(e){return new baseUtil.BaseRespFac(null,false,`execEncrypt失败：${JSON.stringify(e)}`)}},execDecrypt:(msg,cryptoKeyInfo)=>{try{const{sharedByte}=cryptoKeyInfo;const nonce=msg.slice(0,ecc.box.nonceLength);const encrypted=msg.slice(ecc.box.nonceLength);const decrypted=ecc.box.open.after(encrypted,nonce,sharedByte);const decryptedStr=base64Util.encodeUTF8(decrypted);return new baseUtil.BaseRespFac(decryptedStr)}catch(err){return new baseUtil.BaseRespFac('',false,`execDecrypt失败：${JSON.stringify(err)}`)}},checkCryptoOpen:()=>!!eccUtil._privateKeyInfo,closeCrypto:()=>{eccUtil._privateKeyInfo=null;eccUtil._updateGlobalPublicKeyInfo(true)},openCrypto:async()=>{const genPubSuccess=await eccUtil._refreshPubKeyInfo(false);if(!genPubSuccess)return false;eccUtil.getPrivateKeyInfo();return true}};const cryptRuleUtil={isServerOpen:()=>!!wx.$_publicKey,pathInEnablePrefix:path=>{if(!wx.$_publicKey)return false;const{pathRule}=wx.$_publicKey;if(pathRule==='*')return true;const prefixArr=pathRule.split(',').map(item=>item.trim());for(let i=0,len=prefixArr.length;i<len;i++){if(path.indexOf(prefixArr[i])>-1)return true}return false},isPerformanceReport:(path,params)=>{if(path.indexOf('basic/event/upload')>-1){if(params.batch?.length===1&&params.batch[0]?.[31]==='tms-performance-log')return true;return false}return false},_encryptPathRule:{'tim.map.qq.com':['^/user/login','^/api/getClientConfigs','^/basic/crypto/lastkey2'],'tim.sparta.html5.qq.com':['^/user/login','^/cnabroad','^~/ReChargeCard/','^/gasolinerecharge/v2/','^/gasolinerecharge/rechargecard/','^/tde','^/basic/crypto/lastkey2']},isHostValid:url=>{const urlPattern=/^(https?:\/\/)?([^/?#]+)([/?#].*)?$/;const matches=url.match(urlPattern);if(!matches){console.error('Invalid URL:',url);return false}const domain=matches[2];const path=matches[3]||'/';if(cryptRuleUtil._encryptPathRule[domain]){const pathRules=cryptRuleUtil._encryptPathRule[domain];for(const rule of pathRules){const regex=new RegExp(rule);if(regex.test(path))return false}return true}return false}};const init=composeFunc=>{composeParamsFunc=(...args)=>composeFunc(...args);return new baseUtil.BaseRespFac(null)};const isCryptoRuleMath=(path,reqData)=>{if(!wx.$_encryptEnvInfo.requestEncryptOpen)return new baseUtil.BaseRespFac(false,false,'本地加密未开启');if(!cryptRuleUtil.isServerOpen())return new baseUtil.BaseRespFac(false,false,'服务端加密未开启');if(!cryptRuleUtil.pathInEnablePrefix(path))return new baseUtil.BaseRespFac(false,false,'未命中服务端加密规则');if(cryptRuleUtil.isPerformanceReport(path,reqData))return new baseUtil.BaseRespFac(false,false,'性能埋点');if(!cryptRuleUtil.isHostValid(path))return new baseUtil.BaseRespFac(false,false,'非sinan网关加密接口');return new baseUtil.BaseRespFac(true)};const reqEncrypt=(method,data,header,encryptedResponseHeaderName)=>{const reqHeader=baseUtil.formatHeader(header);if(reqHeader.contentType)return new baseUtil.BaseRespFac(null,false,'户自定义了请求contentType');let finalData={};if(method.toUpperCase()==='GET'){const searchParams=baseUtil.formatGetData(data);if(!searchParams)return new baseUtil.BaseRespFac(null,false,`GET请求参数不满足加密的规则:${JSON.stringify(data)}`);const{success,msg,res}=eccUtil.execEncrypt(searchParams);if(!success)return new baseUtil.BaseRespFac(null,false,`GET请求参数加密失败:${msg}`);finalData={tmsec:res.encryptedContent}}else{const{success,msg,res}=eccUtil.execEncrypt(JSON.stringify(data));if(!success)return new baseUtil.BaseRespFac(null,false,`${method}请求参数加密失败:${msg}`);finalData=res.encryptedContent}const{success,msg,res}=eccUtil.execEncrypt(JSON.stringify(header),true);if(!success)return new baseUtil.BaseRespFac(null,false,`请求Header加密失败:${msg}`);const cryptoHeader={'X-Crypto-Mode':'2','X-Encrypted-Headers':res.encryptedContent,'X-Encrypt-Pub':res.cryptoKeyInfo.serverPubId,'X-Encrypt-Key':res.cryptoKeyInfo.clientPublicKey,'X-Encrypt-Response':'3','X-Response-Header-Name':encryptedResponseHeaderName};const cryptoSign=eccUtil.getClientCryptoSign(baseUtil._isObject(finalData)?finalData:{body:finalData},cryptoHeader,res.cryptoKeyInfo.sharedByte);return new baseUtil.BaseRespFac({cryptoKeyInfo:res.cryptoKeyInfo,data:finalData,header:{...cryptoHeader,'Content-Type':'text/plain','X-Crypto-Sign':cryptoSign}})};const resDecrypt=async(requestTraceId,header,data,cryptoKeyInfo)=>{try{const formatHeader=baseUtil.formatHeader(header);const{'x-encrypt-response':encryptResponseMode,'x-response-header-name':encryptedResponseHeaderName,'x-encrypted-headers':encryptedHeaders,'x-gateway-code':gatewayCode,'content-type':contentType}=formatHeader;if(!encryptResponseMode||encryptResponseMode==='0'){const dataStr=base64Util.encodeUTF8(new Uint8Array(data));return new baseUtil.BaseRespFac({header,data:JSON.parse(dataStr),retry:false})}const{retry,success:gwSuccess}=await eccUtil.resolveGwCode(gatewayCode);if(!gwSuccess){const verified=eccUtil.verifyServerCryptoSign(requestTraceId,header);if(!verified)return new baseUtil.BaseRespFac({header:null,data:null,retry:false},false,'响应被篡改');return new baseUtil.BaseRespFac({header:null,data:null,retry},false,`网关返回错误码:${gatewayCode}`)}let decryptedHeaders={};if(encryptedResponseHeaderName){const{success,msg,res}=eccUtil.execDecrypt(baseUtil.decUrl(encryptedHeaders),cryptoKeyInfo);if(!success)return new baseUtil.BaseRespFac({header:null,data:null,retry:true},false,`解密响应Header失败:${msg}`);decryptedHeaders=JSON.parse(res)}const needDecode=contentType.indexOf('text/plain')>-1;const cipher=needDecode?baseUtil.decUrl(data):new Uint8Array(data);const{success,msg,res}=eccUtil.execDecrypt(cipher,cryptoKeyInfo);if(!success)return new baseUtil.BaseRespFac({header:null,data:null,retry:true},false,`解密响应Body失败:${msg}`);const decryptedBody=JSON.parse(res);return new baseUtil.BaseRespFac({retry:false,header:{...header,...decryptedHeaders},data:decryptedBody})}catch(e){return new baseUtil.BaseRespFac({header:null,data:null,retry:true},false,`解密响应Body失败:${JSON

package/src/encrypt/index.ts

@@ -1,172 +1 @@
-import encryptUtil from './encrypt-util';
-import { genTraceparent } from './traceUtils';
-
-
-const util = {
-  logInfo: (...args) => encryptUtil.logInfo(...args),
-  reportFunc: (...args) => {
-    util.logInfo('reportFunc init fail:', ...args);
-  },
-  reqEncrypt: (obj: { url: string, method: string, data: any, header: any }): {
-    data: any, header: any, msg: string, cryptoKeyInfo?: any } => {
-    const { url, method, data, header = {} } = obj;
-    // 判断请求是否满足加密要求，如果不满足则走默认请求
-    const { success, msg } = encryptUtil.isCryptoRuleMath(url, data);
-    if (!success) {
-      return { data, header, msg };
-    }
-    // 加密请求数据
-    const reqEncryptRes = encryptUtil.reqEncrypt(method, data, header, '');
-    if (!reqEncryptRes.success) {
-      return { data, header, msg };
-    }
-    return Object.assign({ msg }, reqEncryptRes.res);
-  },
-};
-let originalRequestApi;
-let originalUploadFileApi;
-// 劫持wx.request和wx.uploadFile函数
-const requestInit = (utilFunc) => {
-  if (!wx.request.cryptoFlag) {
-    originalRequestApi = wx.request;
-    // 初始化参数加签函数和性能上报函数
-    const { report, composeParamsFunc } = utilFunc;
-    encryptUtil.init(composeParamsFunc);
-    util.reportFunc = (...args) => {
-      util.logInfo(...args);
-      report('request_encrypt_log', ...args);
-    };
-    proxyWxRequest();
-    wx.request.cryptoFlag = true;
-  }
-  if (!wx.uploadFile.cryptoFlag) {
-    originalUploadFileApi = wx.uploadFile;
-    proxyWxUploadFile();
-    wx.uploadFile.cryptoFlag = true;
-  }
-};
-
-function proxyWxRequest(): void {
-  Object.defineProperty(wx, 'request', {
-    writable: true,
-    enumerable: true,
-    configurable: true,
-    value(options: any) {
-      const { url, method, data, header = {}, success, fail, complete, dataType, responseType } = options;
-      const traceparent = genTraceparent();
-      const traceId = traceparent.split('-')[1];
-      const originalOptions = { ...options };
-
-      // 如果用户自定义了dataType或者responseType，则不做处理
-      if (dataType || responseType) {
-        util.reportFunc(url, traceparent, '用户自定义了dataType和responseType');
-        originalRequestApi.call(this, {
-          ...originalOptions,
-          success: (res) => {
-            encryptUtil.dealEncryptionSwitch(url, traceId, res.header);
-            success?.call(this, res);
-          },
-          header: { ...header, Traceparent: traceparent },
-        });
-        return;
-      }
-      // 加密请求数据
-      const { data: formatData, header: formatHeader, msg, cryptoKeyInfo } = util
-        .reqEncrypt({ url, method, data, header });
-      if (!cryptoKeyInfo) {
-        // 如果没有加密信息，则不走加密
-        util.logInfo(url, traceparent, msg);
-        originalRequestApi.call(this, {
-          ...originalOptions,
-          success: async (res) => {
-            const { success: dealSuccess, res: needDealHeader } = encryptUtil.dealRes(url, traceId,
-              res.header, formatData);
-            // 性能埋点接口不走验签逻辑
-            if (dealSuccess) {
-              needDealHeader && encryptUtil.dealEncryptionSwitch(url, traceId, res.header);
-              success?.call(this, res);
-            } else {
-              util.reportFunc(url, traceparent, `加密验签不通过: ${JSON.stringify(res)}`);
-              fail?.call(this, new Error('加密验签不通过'));
-            }
-          },
-          header: { ...header, Traceparent: traceparent },
-        });
-        return;
-      }
-
-      let completeResolver;
-      const completePromp = new Promise((resolve) => {
-        completeResolver = resolve;
-      });
-      originalRequestApi.call(this, {
-        ...originalOptions,
-        data: formatData,
-        header: { ...formatHeader, Traceparent: traceparent },
-        dataType: '其他',
-        responseType: 'arraybuffer',
-        success: async (result) => {
-          const { header: resHeader, data: resData } = result;
-          const { success: decSuccess, msg, res } = await encryptUtil
-            .resDecrypt(traceId, resHeader, resData, cryptoKeyInfo);
-          if (res.retry) { // 解密出现问题，需要明文重试
-            util.reportFunc(url, traceparent, `解密失败：${msg}`);
-            const newTraceparent = genTraceparent();
-            const traceId = newTraceparent.split('-')[1];
-            originalRequestApi.call(this, {
-              ...originalOptions,
-              success: (res) => {
-                encryptUtil.dealEncryptionSwitch(url, traceId, res.header);
-                success?.call(this, res);
-              },
-              header: { ...header, Traceparent: newTraceparent },
-            });
-            return;
-          }
-          if (decSuccess) {
-            // util.logInfo(url, traceparent, '解密成功');
-            encryptUtil.dealEncryptionSwitch(url, traceId, resHeader);
-            success?.call(this, res);
-          } else { // 不支持明文重试，且解密失败
-            util.reportFunc(url, traceparent, `解密失败：${msg}`);
-            fail?.call(this, new Error(msg));
-          }
-          const completeRes: any = await completePromp;
-          completeRes.header = resHeader;
-          completeRes.data = resData;
-          complete?.call(this, completeRes);
-        },
-        fail: async (err) => {
-          fail?.call(this, err);
-          const completeRes: any = await completePromp;
-          complete?.call(this, completeRes);
-        },
-        complete: (res) => {
-          completeResolver(res);
-        },
-      });
-    },
-  });
-}
-
-function proxyWxUploadFile(): void {
-  Object.defineProperty(wx, 'uploadFile', {
-    writable: true,
-    enumerable: true,
-    configurable: true,
-    value(options: any) {
-      originalUploadFileApi.call(this, Object.assign(options, {
-        header: { ...options.header, Traceparent: genTraceparent() },
-      }));
-    },
-  });
-}
-
-export const encryptObjInit = (utilFunc: {
-  composeParamsFunc: Function,
-  report: Function,
-}) => {
-  // 劫持wx.request和wx.uploadFile函数
-  requestInit(utilFunc);
-};
-
+import encryptUtil from'./encrypt-util';import{genTraceparent}from'./traceUtils';const util={logInfo:(...args)=>encryptUtil.logInfo(...args),reportFunc:(...args)=>{util.logInfo('reportFunc init fail:',...args)},reqEncrypt:({url,method,data,header={}})=>{const{success,msg}=encryptUtil.isCryptoRuleMath(url,data);if(!success)return{data,header,msg};const reqEncryptRes=encryptUtil.reqEncrypt(method,data,header,'');if(!reqEncryptRes.success)return{data,header,msg};return Object.assign({msg},reqEncryptRes.res)},};let originalRequestApi,originalUploadFileApi;const requestInit=(utilFunc)=>{if(!wx.reqCryptoFlag){originalRequestApi=wx.request;const{report,composeParamsFunc}=utilFunc;encryptUtil.init(composeParamsFunc);util.reportFunc=(...args)=>{util.logInfo(...args);report('request_encrypt_log',...args)};proxyWxRequest();wx.reqCryptoFlag=true}if(!wx.uploadFileCryptoFlag){originalUploadFileApi=wx.uploadFile;proxyWxUploadFile();wx.uploadFileCryptoFlag=true}};function proxyWxRequest(){Object.defineProperty(wx,'request',{writable:true,enumerable:true,configurable:true,value(options){const{url,method,data,header={},success,fail,complete,dataType,responseType}=options;const traceparent=genTraceparent();const traceId=traceparent.split('-')[1];const originalOptions={...options};if(dataType||responseType){util.reportFunc(url,traceparent,'用户自定义了dataType和responseType');originalRequestApi.call(this,{...originalOptions,success:(res)=>{encryptUtil.dealEncryptionSwitch(url,traceId,res.header);success?.call(this,res)},header:{...header,Traceparent:traceparent},});return}const{data:formatData,header:formatHeader,msg,cryptoKeyInfo}=util.reqEncrypt({url,method,data,header});if(!cryptoKeyInfo){originalRequestApi.call(this,{...originalOptions,success:async(res)=>{const{success:dealSuccess,res:needDealHeader}=encryptUtil.dealRes(url,traceId,res.header,formatData);if(dealSuccess){needDealHeader&&encryptUtil.dealEncryptionSwitch(url,traceId,res.header);success?.call(this,res)}else{util.reportFunc(url,traceparent,`加密验签不通过:${JSON.stringify(res)}`);fail?.call(this,new Error('加密验签不通过'))}},header:{...header,Traceparent:traceparent},});return}let completeResolver;const completePromp=new Promise((resolve)=>{completeResolver=resolve});originalRequestApi.call(this,{...originalOptions,data:formatData,header:{...formatHeader,Traceparent:traceparent},dataType:'其他',responseType:'arraybuffer',success:async(result)=>{const{header:resHeader,data:resData}=result;const{success:decSuccess,msg,res}=await encryptUtil.resDecrypt(traceId,resHeader,resData,cryptoKeyInfo);if(res.retry){util.reportFunc(url,traceparent,`解密失败：${msg}`);const newTraceparent=genTraceparent();const newTraceId=newTraceparent.split('-')[1];originalRequestApi.call(this,{...originalOptions,success:(res)=>{encryptUtil.dealEncryptionSwitch(url,newTraceId,res.header);success?.call(this,res)},header:{...header,Traceparent:newTraceparent},});return}if(decSuccess){encryptUtil.dealEncryptionSwitch(url,traceId,resHeader);success?.call(this,res)}else{util.reportFunc(url,traceparent,`解密失败：${msg}`);fail?.call(this,new Error(msg))}const completeRes=await completePromp;completeRes.header=resHeader;completeRes.data=resData;complete?.call(this,completeRes)},fail:async(err)=>{fail?.call(this,err);const completeRes=await completePromp;complete?.call(this,completeRes)},complete:(res)=>{completeResolver(res)},})},})}function proxyWxUploadFile(){Object.defineProperty(wx,'uploadFile',{writable:true,enumerable:true,configurable:true,value(options){originalUploadFileApi.call(this,{...options,header:{...options.header,Traceparent:genTraceparent()}})},})}export const encryptObjInit=(utilFunc)=>{requestInit(utilFunc)};

package/src/encrypt/md5.js

@@ -1,2 +1,2 @@
 /* eslint-disable */
-function safeAdd(x,y){const lsw=(x&0xffff)+(y&0xffff);const msw=(x>>16)+(y>>16)+(lsw>>16);return(msw<<16)|(lsw&0xffff)}function bitRotateLeft(num,cnt){return(num<<cnt)|(num>>>(32-cnt))}function md5cmn(q,a,b,x,s,t){return safeAdd(bitRotateLeft(safeAdd(safeAdd(a,q),safeAdd(x,t)),s),b)}function md5ff(a,b,c,d,x,s,t){return md5cmn((b&c)|(~b&d),a,b,x,s,t)}function md5gg(a,b,c,d,x,s,t){return md5cmn((b&d)|(c&~d),a,b,x,s,t)}function md5hh(a,b,c,d,x,s,t){return md5cmn(b^c^d,a,b,x,s,t)}function md5ii(a,b,c,d,x,s,t){return md5cmn(c^(b|~d),a,b,x,s,t)}function binlMD5(x,len){x[len>>5]|=0x80<<len%32;x[(((len+64)>>>9)<<4)+14]=len;let a=1732584193;let b=-271733879;let c=-1732584194;let d=271733878;for(let i=0;i<x.length;i+=16){const olda=a;const oldb=b;const oldc=c;const oldd=d;a=md5ff(a,b,c,d,x[i],7,-680876936);d=md5ff(d,a,b,c,x[i+1],12,-389564586);c=md5ff(c,d,a,b,x[i+2],17,606105819);b=md5ff(b,c,d,a,x[i+3],22,-1044525330);a=md5ff(a,b,c,d,x[i+4],7,-176418897);d=md5ff(d,a,b,c,x[i+5],12,1200080426);c=md5ff(c,d,a,b,x[i+6],17,-1473231341);b=md5ff(b,c,d,a,x[i+7],22,-45705983);a=md5ff(a,b,c,d,x[i+8],7,1770035416);d=md5ff(d,a,b,c,x[i+9],12,-1958414417);c=md5ff(c,d,a,b,x[i+10],17,-42063);b=md5ff(b,c,d,a,x[i+11],22,-1990404162);a=md5ff(a,b,c,d,x[i+12],7,1804603682);d=md5ff(d,a,b,c,x[i+13],12,-40341101);c=md5ff(c,d,a,b,x[i+14],17,-1502002290);b=md5ff(b,c,d,a,x[i+15],22,1236535329);a=md5gg(a,b,c,d,x[i+1],5,-165796510);d=md5gg(d,a,b,c,x[i+6],9,-1069501632);c=md5gg(c,d,a,b,x[i+11],14,643717713);b=md5gg(b,c,d,a,x[i],20,-373897302);a=md5gg(a,b,c,d,x[i+5],5,-701558691);d=md5gg(d,a,b,c,x[i+10],9,38016083);c=md5gg(c,d,a,b,x[i+15],14,-660478335);b=md5gg(b,c,d,a,x[i+4],20,-405537848);a=md5gg(a,b,c,d,x[i+9],5,568446438);d=md5gg(d,a,b,c,x[i+14],9,-1019803690);c=md5gg(c,d,a,b,x[i+3],14,-187363961);b=md5gg(b,c,d,a,x[i+8],20,1163531501);a=md5gg(a,b,c,d,x[i+13],5,-1444681467);d=md5gg(d,a,b,c,x[i+2],9,-51403784);c=md5gg(c,d,a,b,x[i+7],14,1735328473);b=md5gg(b,c,d,a,x[i+12],20,-1926607734);a=md5hh(a,b,c,d,x[i+5],4,-378558);d=md5hh(d,a,b,c,x[i+8],11,-2022574463);c=md5hh(c,d,a,b,x[i+11],16,1839030562);b=md5hh(b,c,d,a,x[i+14],23,-35309556);a=md5hh(a,b,c,d,x[i+1],4,-1530992060);d=md5hh(d,a,b,c,x[i+4],11,1272893353);c=md5hh(c,d,a,b,x[i+7],16,-155497632);b=md5hh(b,c,d,a,x[i+10],23,-1094730640);a=md5hh(a,b,c,d,x[i+13],4,681279174);d=md5hh(d,a,b,c,x[i],11,-358537222);c=md5hh(c,d,a,b,x[i+3],16,-722521979);b=md5hh(b,c,d,a,x[i+6],23,76029189);a=md5hh(a,b,c,d,x[i+9],4,-640364487);d=md5hh(d,a,b,c,x[i+12],11,-421815835);c=md5hh(c,d,a,b,x[i+15],16,530742520);b=md5hh(b,c,d,a,x[i+2],23,-995338651);a=md5ii(a,b,c,d,x[i],6,-198630844);d=md5ii(d,a,b,c,x[i+7],10,1126891415);c=md5ii(c,d,a,b,x[i+14],15,-1416354905);b=md5ii(b,c,d,a,x[i+5],21,-57434055);a=md5ii(a,b,c,d,x[i+12],6,1700485571);d=md5ii(d,a,b,c,x[i+3],10,-1894986606);c=md5ii(c,d,a,b,x[i+10],15,-1051523);b=md5ii(b,c,d,a,x[i+1],21,-2054922799);a=md5ii(a,b,c,d,x[i+8],6,1873313359);d=md5ii(d,a,b,c,x[i+15],10,-30611744);c=md5ii(c,d,a,b,x[i+6],15,-1560198380);b=md5ii(b,c,d,a,x[i+13],21,1309151649);a=md5ii(a,b,c,d,x[i+4],6,-145523070);d=md5ii(d,a,b,c,x[i+11],10,-1120210379);c=md5ii(c,d,a,b,x[i+2],15,718787259);b=md5ii(b,c,d,a,x[i+9],21,-343485551);a=safeAdd(a,olda);b=safeAdd(b,oldb);c=safeAdd(c,oldc);d=safeAdd(d,oldd)}return[a,b,c,d]}function binl2rstr(input){let output='';const length32=input.length*32;for(let i=0;i<length32;i+=8){output+=String.fromCharCode((input[i>>5]>>>i%32)&0xff)}return output}function rstr2binl(input){const output=[];output[(input.length>>2)-1]=undefined;for(let i=0;i<output.length;i+=1){output[i]=0}const length8=input.length*8;for(let i=0;i<length8;i+=8){output[i>>5]|=(input.charCodeAt(i/8)&0xff)<<i%32}return output}function rstrMD5(s){return binl2rstr(binlMD5(rstr2binl(s),s.length*8))}function str2rstrUTF8(input){return unescape(encodeURIComponent(input))}function rawMD5(s){return rstrMD5(str2rstrUTF8(s))}function rstr2uint8array(input){const output=new Uint8Array(input.length);for(let i=0;i<input.length;i++){output[i]=input.charCodeAt(i)}return output}function md5(string){return rstr2uint8array(rawMD5(string))}export default md5;
+function safeAdd(x,y){const lsw=(x&0xffff)+(y&0xffff);const msw=(x>>16)+(y>>16)+(lsw>>16);return(msw<<16)|(lsw&0xffff)}function bitRotateLeft(num,cnt){return(num<<cnt)|(num>>>(32-cnt))}function md5cmn(q,a,b,x,s,t){return safeAdd(bitRotateLeft(safeAdd(safeAdd(a,q),safeAdd(x,t)),s),b)}function md5ff(a,b,c,d,x,s,t){return md5cmn((b&c)|(~b&d),a,b,x,s,t)}function md5gg(a,b,c,d,x,s,t){return md5cmn((b&d)|(c&~d),a,b,x,s,t)}function md5hh(a,b,c,d,x,s,t){return md5cmn(b^c^d,a,b,x,s,t)}function md5ii(a,b,c,d,x,s,t){return md5cmn(c^(b|~d),a,b,x,s,t)}function binlMD5(x,len){x[len>>5]|=0x80<<len%32;x[(((len+64)>>>9)<<4)+14]=len;let a=1732584193,b=-271733879,c=-1732584194,d=271733878;for(let i=0;i<x.length;i+=16){const olda=a,oldb=b,oldc=c,oldd=d;a=md5ff(a,b,c,d,x[i],7,-680876936);a=safeAdd(a,olda);b=safeAdd(b,oldb);c=safeAdd(c,oldc);d=safeAdd(d,oldd)}return[a,b,c,d]}function binl2rstr(input){let output='';const length32=input.length*32;for(let i=0;i<length32;i+=8){output+=String.fromCharCode((input[i>>5]>>>i%32)&0xff)}return output}function rstrMD5(s){return binl2rstr(binlMD5(rstr2binl(s),s.length*8))}function str2rstrUTF8(input){return unescape(encodeURIComponent(input))}function rawMD5(s){return rstrMD5(str2rstrUTF8(s))}function rstr2uint8array(input){const output=new Uint8Array(input.length);for(let i=0;i<input.length;i++){output[i]=input.charCodeAt(i)}return output}function md5(string){return rstr2uint8array(rawMD5(string))}export default md5;