npm - @tmsfe/tms-core - Versions diffs - 0.0.173 → 0.0.175 - Mend

@tmsfe/tms-core 0.0.173 → 0.0.175

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +1 -1
package/src/encrypt/{encrypt-util.js → encrypt-util.ts} +67 -47
package/src/encrypt/{index.js → index.ts} +58 -14
package/src/env.js +8 -8

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tmsfe/tms-core",
-  "version": "0.0.173",
+  "version": "0.0.175",
   "description": "tms运行时框架",
   "repository": {
     "type": "git",

package/src/encrypt/{encrypt-util.js → encrypt-util.ts} RENAMED Viewed

@@ -3,7 +3,7 @@
  * 暴露出来的工具函数封装原则：不可以向外throw错误，返回执行结果统一格式：{ success: boolean, msg: string, res: any }
  * https://iwiki.woa.com/p/4013041987#1.-RSA+AES-%E5%88%87%E6%8D%A2-Curve25519+XSalsa20%EF%BC%9A
  */
-import md5 from './md5.js';
+import md5 from './md5';
 /* eslint-disable @typescript-eslint/no-require-imports */
 const ecc = require('./nacl.min.js');
 const base64Util = require('./nacl-util.min.js');
@@ -11,6 +11,18 @@ const base64Util = require('./nacl-util.min.js');
 const logger = wx.getLogManager({});
+interface BaseResp<T> {
+  success: boolean,
+  msg: string,
+  res: T,
+}
+interface CryptoKeyInfo {
+  sharedByte: Uint8Array,
+  clientPublicKey: string,
+  serverPubId: string,
+}
 // 出行接口域名
 const SERVER_HOST_MAP = {
   production: 'https://tim.map.qq.com',               // 出行服务正式环境域名
@@ -22,9 +34,9 @@ const SERVER_HOST_MAP = {
 // 基础工具
 const baseUtil = {
-  _isObject: obj => Object.prototype.toString.call(obj) === '[object Object]',
+  _isObject: (obj: any): boolean => Object.prototype.toString.call(obj) === '[object Object]',
   // 统一格式化日志输出
-  _formatLog(args) {
+  _formatLog(args: any[]): any[] {
     // 小程序日志管理器都只是精确到秒，我们补上毫秒方便分析
     const time = new Date()
       .toISOString()
@@ -42,7 +54,7 @@ const baseUtil = {
     logger.log(...items);
   },
   // Uint8Array转为url安全的base64编码
-  encUrl: (input) => {
+  encUrl: (input: Uint8Array): string => {
     let base64 = base64Util.encode(input);
     base64 = base64
       .replace(/\+/g, '-')
@@ -51,7 +63,7 @@ const baseUtil = {
     return base64;
   },
   // url安全的base64解码
-  decUrl: (input) => {
+  decUrl: (input: string): Uint8Array => {
     let base64 = input.replace(/-/g, '+').replace(/_/g, '/');
     while (base64.length % 4) {
       base64 += '=';
@@ -59,7 +71,7 @@ const baseUtil = {
     return base64Util.decode(base64);
   },
   // header格式化，将header的key转换为小写
-  formatHeader: (header) => {
+  formatHeader: (header): any => {
     if (!header || !baseUtil._isObject(header)) {
       return {};
     }
@@ -69,7 +81,7 @@ const baseUtil = {
     });
     return formatHeader;
   },
-  formatGetData: (params) => {
+  formatGetData: (params: any): string => {
     if (!params || !baseUtil._isObject(params)) {
       return '';
     }
@@ -77,19 +89,19 @@ const baseUtil = {
       .map(key => `${encodeURIComponent(key)}=${encodeURIComponent(params[key])}`)
       .join('&');
   },
-  getSinanHost: () => {
+  getSinanHost: (): string => {
     if (wx.$_encryptEnvInfo) {
       return SERVER_HOST_MAP[wx.$_encryptEnvInfo.envName];
     }
     return '';
   },
-  getClientEncryptOpen: () => wx.$_encryptEnvInfo?.requestEncryptOpen,
-  BaseRespFac: class BaseRespFac {
-    success;
-    msg;
-    res;
+  getClientEncryptOpen: (): boolean => wx.$_encryptEnvInfo?.requestEncryptOpen,
+  BaseRespFac: class BaseRespFac<T> implements BaseResp<T> {
+    success: boolean;
+    msg: string;
+    res: T;
-    constructor(res, success, msg) {
+    constructor(res: T, success?: boolean, msg?: string) {
       this.success = success === undefined ? true : success;
       this.msg = msg === undefined ? '' : msg;
       this.res = res;
@@ -100,7 +112,7 @@ let composeParamsFunc = null; // 请求参数处理函数，加密初始化调
 // 加密工具
 const eccUtil = {
   _refreshPromise: null,
-  _refreshPubKeyInfo: async (forceRefresh) => {
+  _refreshPubKeyInfo: async (forceRefresh: boolean): Promise<boolean> => {
     // 未完成初始化，则不支持秘钥刷新
     if (!composeParamsFunc) {
       return false;
@@ -127,7 +139,7 @@ const eccUtil = {
     return eccUtil._refreshPromise;
   },
   // 解析resHeader详情，更新全局公钥信息
-  _updateGlobalPublicKeyInfo: (clear, resHeader) => {
+  _updateGlobalPublicKeyInfo: (clear: boolean, resHeader?: {[key: string]: any}): BaseResp<boolean> => {
     if (clear) {
       wx.$_publicKey = null;
       return;
@@ -142,7 +154,7 @@ const eccUtil = {
     return new baseUtil.BaseRespFac(success);
   },
   _privateKeyInfo: null,
-  getPrivateKeyInfo: (forceUpdate = false) => {
+  getPrivateKeyInfo: (forceUpdate = false): CryptoKeyInfo => {
     if (!wx.$_publicKey) return null;
     const serverPubInfo = wx.$_publicKey;
     if (forceUpdate || !eccUtil._privateKeyInfo || eccUtil._privateKeyInfo.serverPubId !== serverPubInfo.pubId) {
@@ -157,7 +169,7 @@ const eccUtil = {
   },
   // 解析gwCode
   /* eslint-disable complexity */
-  resolveGwCode: async (codeStr) => {
+  resolveGwCode: async (codeStr: string): Promise<{ retry: boolean, success: boolean }> => {
     if (!codeStr) return { retry: false, success: true };
     const code = parseInt(codeStr, 10);
     switch (code) {
@@ -190,7 +202,7 @@ const eccUtil = {
   },
   _getSignSharedByte: () => baseUtil.decUrl('mEufQpM1n5J8-OZZoJE7ucYMC2suTjfsHUq_6z5cyh8'),
   // 计算客户端加密签名
-  getClientCryptoSign: (data = {}, header = {}, sharedByte) => {
+  getClientCryptoSign: (data = {}, header = {}, sharedByte): string => {
     const obj = baseUtil.formatHeader(Object.assign({}, data, header));
     // 1. 生成签名前的字符串
     const str = Object.keys(obj).filter(item => obj[item])
@@ -211,12 +223,12 @@ const eccUtil = {
     return baseUtil.encUrl(combined);
   },
   // 验证服务端加密签名
-  verifyServerCryptoSign: (traceId, resHeader = {}) => {
+  verifyServerCryptoSign: (traceId: string, resHeader = {}): { verified: boolean; msg: string; } => {
     try {
       const formatHeader = baseUtil.formatHeader(resHeader);
       const signStr = formatHeader['x-crypto-sign'];
       if (!signStr) {
-        return false;
+        return { verified: false, msg: '服务端无签名信息' };
       }
       const obj = {
         'x-encrypt-key': formatHeader['x-encrypt-key'],
@@ -241,17 +253,17 @@ const eccUtil = {
           return pre;
         }, [])
         .join('&');
-      baseUtil.logInfo('---验证服务端的客户端签名---:before', str, traceId);
       const preHashArr = md5(str);
       const verified = preHashArr.length === decrypted.length && preHashArr.every((v, i) => v === decrypted[i]);
-      return verified;
+      return { verified, msg: `客户端验证签名before:${str}` };
     } catch (e) {
-      console.error('verifyServerCryptoSign error', e);
-      return false;
+      return { verified: false, msg: e.message };
     }
   },
   /* eslint-enable complexity */
-  execEncrypt: (input, ignoreNull = false) => {
+  execEncrypt: (input: string, ignoreNull = false): BaseResp<{
+    cryptoKeyInfo: CryptoKeyInfo,
+    encryptedContent: any } | null> => {
     try {
       const eccKeyInfo = eccUtil.getPrivateKeyInfo();
       if (!eccKeyInfo) {
@@ -276,7 +288,7 @@ const eccUtil = {
       return new baseUtil.BaseRespFac(null, false, `execEncrypt失败：${JSON.stringify(e)}`);
     }
   },
-  execDecrypt: (msg, cryptoKeyInfo) => {
+  execDecrypt: (msg: Uint8Array, cryptoKeyInfo: CryptoKeyInfo): BaseResp<string> => {
     try {
       const { sharedByte } = cryptoKeyInfo;
       const nonce = msg.slice(0, ecc.box.nonceLength);
@@ -288,12 +300,12 @@ const eccUtil = {
       return new baseUtil.BaseRespFac('', false, `execDecrypt失败：${JSON.stringify(err)}`);;
     }
   },
-  checkCryptoOpen: () => !!eccUtil._privateKeyInfo,
+  checkCryptoOpen: (): boolean => !!eccUtil._privateKeyInfo,
   closeCrypto: () => {
     eccUtil._privateKeyInfo = null;
     eccUtil._updateGlobalPublicKeyInfo(true);
   },
-  openCrypto: async () => {
+  openCrypto: async (): Promise<boolean> => {
     const genPubSuccess = await eccUtil._refreshPubKeyInfo(false); // 1. 获取公钥
     if (!genPubSuccess) return false;
     eccUtil.getPrivateKeyInfo();                              // 2. 生成私钥
@@ -303,9 +315,9 @@ const eccUtil = {
 // 加密规则判断工具
 const cryptRuleUtil = {
   // 远程加密服务是否开启
-  isServerOpen: () => !!wx.$_publicKey,
+  isServerOpen: (): boolean => !!wx.$_publicKey,
   // 检查path是否符合下发的路由前缀
-  pathInEnablePrefix: (path) => {
+  pathInEnablePrefix: (path: string): boolean => {
     if (!wx.$_publicKey) {
       return false;
     }
@@ -322,7 +334,7 @@ const cryptRuleUtil = {
     return false;
   },
   // 判断是否是性能埋点上报接口
-  isPerformanceReport: (path, params) => {
+  isPerformanceReport: (path: string, params: any): boolean => {
     // 如果是日志上报接口，需要过滤性能日志，不需要加密
     if (path.indexOf('basic/event/upload') > -1) {
       if (params.batch?.length === 1 && params.batch[0]?.[31] === 'tms-performance-log') {
@@ -366,13 +378,13 @@ const cryptRuleUtil = {
 };
 // 初始化加密工具
-const init = (composeFunc) => {
+const init = (composeFunc: Function): BaseResp<null> => {
   composeParamsFunc = (...args) => composeFunc(...args);            // 加密服务器公共参数
   return new baseUtil.BaseRespFac(null);
 };
 // 判断是否满足加密规则
-const isCryptoRuleMath = (path, reqData) => {
+const isCryptoRuleMath = (path: string, reqData: any): BaseResp<boolean> => {
   if (!wx.$_encryptEnvInfo.requestEncryptOpen) {
     return new baseUtil.BaseRespFac(false, false, '本地加密未开启');
   }
@@ -395,7 +407,12 @@ const isCryptoRuleMath = (path, reqData) => {
   return new baseUtil.BaseRespFac(true);;
 };
 // 请求加密
-const reqEncrypt = (method, data, header, encryptedResponseHeaderName) => {
+const reqEncrypt = (method: string, data: any, header: {
+  [key: string]: any }, encryptedResponseHeaderName: string): BaseResp<{
+  cryptoKeyInfo: CryptoKeyInfo,
+  header: any,
+  data: any,
+} | null> => {
   const reqHeader = baseUtil.formatHeader(header);
   if (reqHeader.contentType) {
     return new baseUtil.BaseRespFac(null, false, '户自定义了请求contentType');
@@ -446,7 +463,11 @@ const reqEncrypt = (method, data, header, encryptedResponseHeaderName) => {
   });
 };
 // 解密请求结果
-const resDecrypt = async (requestTraceId, header, data, cryptoKeyInfo) => {
+const resDecrypt = async (requestTraceId: string, header, data, cryptoKeyInfo: CryptoKeyInfo): Promise<BaseResp<{
+  retry: boolean,  // 是否需要明文重试
+  header: any,
+  data: any,
+}>> => {
   try {
     const formatHeader = baseUtil.formatHeader(header);
     const {
@@ -468,10 +489,10 @@ const resDecrypt = async (requestTraceId, header, data, cryptoKeyInfo) => {
     const { retry, success: gwSuccess } = await eccUtil.resolveGwCode(gatewayCode);
     if (!gwSuccess) {
       // 网关加密流程出现问题，需要验证网关签名
-      const verified = eccUtil.verifyServerCryptoSign(requestTraceId, header);
+      const { verified, msg } = eccUtil.verifyServerCryptoSign(requestTraceId, header);
       if (!verified) {
         // 验证失败，表示请求被篡改
-        return new baseUtil.BaseRespFac({ header: null, data: null, retry: false }, false, '响应被篡改');
+        return new baseUtil.BaseRespFac({ header: null, data: null, retry: false }, false, `响应被篡改:${msg}`);
       }
       return new baseUtil.BaseRespFac({ header: null, data: null, retry }, false, `网关返回错误码: ${gatewayCode}`);
     }
@@ -505,21 +526,20 @@ const resDecrypt = async (requestTraceId, header, data, cryptoKeyInfo) => {
 };
 // 处理接下来的请求开关
 let dealEncryptionSwitching = false;
-const dealEncryptionSwitch = async (path, traceId, resHeader) => {
+const dealEncryptionSwitch = async (path: string, traceId: string, resHeader): Promise<string> => {
   if ((!resHeader || dealEncryptionSwitching)) {
-    return;
+    return '';
   }
   dealEncryptionSwitching = true;
   const formatHeader = baseUtil.formatHeader(resHeader);
   // 加密关闭或者`login接口和lastkey接口`，都需要先执行验签
   const cryptoDisabled = formatHeader['x-crypto-enable'] === '0';
   if ((eccUtil.checkCryptoOpen() && cryptoDisabled)) {
-    const verified = eccUtil.verifyServerCryptoSign(traceId, formatHeader);
+    const { verified, msg } = eccUtil.verifyServerCryptoSign(traceId, formatHeader);
     if (!verified) {
       // 验签失败，表示响应被篡改
       dealEncryptionSwitching = false;
-      baseUtil.logInfo(`验签失败: ${path} : ${traceId}`);
-      return;
+      return `验签失败: ${msg}`;
     }
   }
   if (cryptoDisabled) {
@@ -528,7 +548,7 @@ const dealEncryptionSwitch = async (path, traceId, resHeader) => {
     await eccUtil.openCrypto();
   } // 0是关闭，1是开启, 2是保持
   dealEncryptionSwitching = false;
-  return;
+  return '';
 };
 /**
@@ -536,17 +556,17 @@ const dealEncryptionSwitch = async (path, traceId, resHeader) => {
  * @params path traceId resHeader reqData
  * @returns 是否需要根据响应内容处理加密开关
  */
-const dealRes = (path, traceId, resHeader, reqData) => {
+const dealRes = (path: string, traceId: string, resHeader, reqData): BaseResp<boolean> => {
   const specialPath = [
     `${baseUtil.getSinanHost()}/user/login`,
     `${baseUtil.getSinanHost()}/basic/crypto/lastkey2`,
   ].indexOf(path) > -1;
   if (specialPath) {
     const formatHeader = baseUtil.formatHeader(resHeader);
-    const verified = eccUtil.verifyServerCryptoSign(traceId, formatHeader);
+    const { verified, msg } = eccUtil.verifyServerCryptoSign(traceId, formatHeader);
     if (!verified) {
       // 验签失败，表示响应被篡改
-      return new baseUtil.BaseRespFac(false, false, `验签失败: ${path} : ${traceId}`);
+      return new baseUtil.BaseRespFac(false, false, `验签失败: ${msg}`);
     }
     eccUtil._updateGlobalPublicKeyInfo(false, resHeader);
   }

package/src/encrypt/{index.js → index.ts} RENAMED Viewed

@@ -7,7 +7,8 @@ const util = {
   reportFunc: (...args) => {
     util.logInfo('reportFunc init fail:', ...args);
   },
-  reqEncrypt: (obj) => {
+  reqEncrypt: (obj: { url: string, method: string, data: any, header: any }): {
+    data: any, header: any, msg: string, cryptoKeyInfo?: any } => {
     const { url, method, data, header = {} } = obj;
     // 判断请求是否满足加密要求，如果不满足则走默认请求
     const { success, msg } = encryptUtil.isCryptoRuleMath(url, data);
@@ -45,12 +46,13 @@ const requestInit = (utilFunc) => {
   }
 };
-function proxyWxRequest() {
+function proxyWxRequest(): void {
   Object.defineProperty(wx, 'request', {
     writable: true,
     enumerable: true,
     configurable: true,
-    value(options) {
+    value(options: any) {
+      const startTime = Date.now();
       const { url, method, data, header = {}, success, fail, complete, dataType, responseType } = options;
       const traceparent = genTraceparent();
       const traceId = traceparent.split('-')[1];
@@ -62,7 +64,9 @@ function proxyWxRequest() {
         originalRequestApi.call(this, {
           ...originalOptions,
           success: (res) => {
-            encryptUtil.dealEncryptionSwitch(url, traceId, res.header);
+            encryptUtil.dealEncryptionSwitch(url, traceId, res.header).then((msg) => {
+              msg && util.reportFunc(url, traceId, msg);
+            });
             success?.call(this, res);
           },
           header: { ...header, Traceparent: traceparent },
@@ -79,13 +83,16 @@ function proxyWxRequest() {
           ...originalOptions,
           success: async (res) => {
             const {
-              success: dealSuccess, res: needDealHeader } = encryptUtil.dealRes(url, traceId, res.header, formatData);
+              success: dealSuccess,
+              msg, res: needDealHeader } = encryptUtil.dealRes(url, traceId, res.header, formatData);
             // 性能埋点接口不走验签逻辑
             if (dealSuccess) {
-              needDealHeader && encryptUtil.dealEncryptionSwitch(url, traceId, res.header);
+              needDealHeader && encryptUtil.dealEncryptionSwitch(url, traceId, res.header).then((msg) => {
+                msg && util.reportFunc(url, traceId, msg);
+              });
               success?.call(this, res);
             } else {
-              util.reportFunc(url, traceparent, `加密验签不通过: ${JSON.stringify(res)}`);
+              util.reportFunc(url, traceparent, msg, `加密验签不通过: ${JSON.stringify(res)}`);
               fail?.call(this, new Error('加密验签不通过'));
             }
           },
@@ -105,9 +112,21 @@ function proxyWxRequest() {
         dataType: '其他',
         responseType: 'arraybuffer',
         success: async (result) => {
+          // 网络响应耗时
+          wx.reportEvent?.('cost_encrypt_statistic', {
+            period: 'receive_data',
+            cost: Date.now() - startTime,
+            path: originalOptions.url,
+          });
           const { header: resHeader, data: resData } = result;
           const { success: decSuccess, msg, res } = await encryptUtil
             .resDecrypt(traceId, resHeader, resData, cryptoKeyInfo);
+          // 解密响应耗时
+          wx.reportEvent?.('cost_encrypt_statistic', {
+            period: 'decrypt_data',
+            cost: Date.now() - startTime,
+            path: originalOptions.url,
+          });
           if (res.retry) { // 解密出现问题，需要明文重试
             util.reportFunc(url, traceparent, `解密失败：${msg}`);
             const newTraceparent = genTraceparent();
@@ -115,8 +134,16 @@ function proxyWxRequest() {
             originalRequestApi.call(this, {
               ...originalOptions,
               success: (res) => {
-                encryptUtil.dealEncryptionSwitch(url, traceId, res.header);
+                encryptUtil.dealEncryptionSwitch(url, traceId, res.header).then((msg) => {
+                  msg && util.reportFunc(url, traceId, msg);
+                });
                 success?.call(this, res);
+                // 接口重试耗时
+                wx.reportEvent?.('cost_encrypt_statistic', {
+                  period: 'retry_request',
+                  cost: Date.now() - startTime,
+                  path: originalOptions.url,
+                });
               },
               header: { ...header, Traceparent: newTraceparent },
             });
@@ -124,36 +151,50 @@ function proxyWxRequest() {
           }
           if (decSuccess) {
             // util.logInfo(url, traceparent, '解密成功');
-            encryptUtil.dealEncryptionSwitch(url, traceId, resHeader);
+            encryptUtil.dealEncryptionSwitch(url, traceId, resHeader).then((msg) => {
+              msg && util.reportFunc(url, traceId, msg);
+            });
             success?.call(this, res);
+            // 响应回调耗时
+            wx.reportEvent?.('cost_encrypt_statistic', {
+              period: 'response_callback',
+              cost: Date.now() - startTime,
+              path: originalOptions.url,
+            });
           } else { // 不支持明文重试，且解密失败
             util.reportFunc(url, traceparent, `解密失败：${msg}`);
             fail?.call(this, new Error(msg));
           }
-          const completeRes = await completePromp;
+          const completeRes: any = await completePromp;
           completeRes.header = resHeader;
           completeRes.data = resData;
           complete?.call(this, completeRes);
         },
         fail: async (err) => {
           fail?.call(this, err);
-          const completeRes = await completePromp;
+          const completeRes: any = await completePromp;
           complete?.call(this, completeRes);
         },
         complete: (res) => {
           completeResolver(res);
         },
       });
+      // 加密请求准备耗时
+      wx.reportEvent?.('cost_encrypt_statistic', {
+        period: 'before_request',
+        cost: Date.now() - startTime,
+        path: url,
+      });
     },
   });
 }
-function proxyWxUploadFile() {
+function proxyWxUploadFile(): void {
   Object.defineProperty(wx, 'uploadFile', {
     writable: true,
     enumerable: true,
     configurable: true,
-    value(options) {
+    value(options: any) {
       originalUploadFileApi.call(this, Object.assign(options, {
         header: { ...options.header, Traceparent: genTraceparent() },
       }));
@@ -161,7 +202,10 @@ function proxyWxUploadFile() {
   });
 }
-export const encryptObjInit = (utilFunc) => {
+export const encryptObjInit = (utilFunc: {
+  composeParamsFunc: Function,
+  report: Function,
+}) => {
   // 劫持wx.request和wx.uploadFile函数
   requestInit(utilFunc);
 };

package/src/env.js CHANGED Viewed

@@ -30,10 +30,10 @@ const getAuthInfoQueue = [];
  * @example
  * setAuthInfo({
     firstLogin: 0
-    openId: "ou8xs5Uo4MHCETZ_P7IUwOAxvr-M"
-    token: "d8ffecd9317376bd1de3b49e1fa0e3bb"
-    uid: "407210826"
-    unionId: "oFghpwpqGK18ixIlNGy34Y28gCb0"
+    openId: "xxx"
+    token: "xxx"
+    uid: "xxx"
+    unionId: "xxx"
  * })
  */
 export const setAuthInfo = (authInfo, err) => {
@@ -54,10 +54,10 @@ export const setAuthInfo = (authInfo, err) => {
  * const data = await getAuthInfo()
   {
     firstLogin: 0 // 是否第一次登录
-    openId: "ou8xs5Uo4MHCETZ_P7IUwOAxvr-M"
-    token: "d8ffecd9317376bd1de3b49e1fa0e3bb"
-    uid: "407210826"
-    unionId: "oFghpwpqGK18ixIlNGy34Y28gCb0"
+    openId: "xxx"
+    token: "xxx"
+    uid: "xxx"
+    unionId: "xxx"
   }
  */
 export const getAuthInfo = async () => {