dream-common 1.1.35 → 1.1.39

package/index.js

@@ -16,5 +16,7 @@ export default {
     ...require('./lib/json'),
     ...require('./lib/CryptoJS/Base58'),
     ...require('./lib/CryptoJS/HttpData'),
-    ...require('./lib/CryptoJS/AesUtils')
+    ...require('./lib/CryptoJS/AesUtils'),
+    ...require('./lib/CryptoJS/Base64Utils'),
+    ...require('./lib/CryptoJS/HttpRequest')
 }

package/lib/CryptoJS/Base64Utils.js

@@ -0,0 +1,123 @@
+// utils/Base64Utils.js
+
+/**
+ * Base64 编码/解码 & 二进制互转工具类
+ * 支持：String ↔ Base64 ↔ Uint8Array ↔ Hex
+ */
+class Base64Utils {
+	/**
+	 * 字符串 → Base64
+	 * @param {string} str - UTF-8 字符串
+	 * @returns {string} Base64 编码结果
+	 */
+	static stringToBase64(str) {
+		if (typeof Buffer !== 'undefined') {
+			return Buffer.from(str, 'utf8').toString('base64');
+		}
+		// 浏览器环境
+		const encoder = new TextEncoder();
+		const bytes = encoder.encode(str);
+		let binary = '';
+		for (let i = 0; i < bytes.length; i++) {
+			binary += String.fromCharCode(bytes[i]);
+		}
+		return btoa(binary);
+	}
+
+	/**
+	 * Base64 → 字符串
+	 * @param {string} base64
+	 * @returns {string} 原始 UTF-8 字符串
+	 */
+	static base64ToString(base64) {
+		if (typeof Buffer !== 'undefined') {
+			return Buffer.from(base64, 'base64').toString('utf8');
+		}
+		// 浏览器环境
+		const binary = atob(base64.replace(/[^A-Za-z0-9+/]/g, ''));
+		const bytes = new Uint8Array(binary.length);
+		for (let i = 0; i < binary.length; i++) {
+			bytes[i] = binary.charCodeAt(i);
+		}
+		const decoder = new TextDecoder();
+		return decoder.decode(bytes);
+	}
+
+	/**
+	 * Uint8Array → Base64
+	 * @param {Uint8Array} bytes
+	 * @returns {string}
+	 */
+	static uint8ArrayToBase64(bytes) {
+		if (typeof Buffer !== 'undefined') {
+			return Buffer.from(bytes).toString('base64');
+		}
+		let binary = '';
+		for (let i = 0; i < bytes.length; i++) {
+			binary += String.fromCharCode(bytes[i]);
+		}
+		return btoa(binary);
+	}
+
+	/**
+	 * Base64 → Uint8Array
+	 * @param {string} base64
+	 * @returns {Uint8Array}
+	 */
+	static base64ToUint8Array(base64) {
+		if (typeof Buffer !== 'undefined') {
+			return new Uint8Array(Buffer.from(base64, 'base64'));
+		}
+		const binary = atob(base64.replace(/[^A-Za-z0-9+/]/g, ''));
+		const bytes = new Uint8Array(binary.length);
+		for (let i = 0; i < binary.length; i++) {
+			bytes[i] = binary.charCodeAt(i);
+		}
+		return bytes;
+	}
+
+	/**
+	 * Hex 字符串 → Uint8Array
+	 * @param {string} hex - 如 'a1b2c3'
+	 * @returns {Uint8Array}
+	 */
+	static hexToUint8Array(hex) {
+		if (hex.length % 2 !== 0) throw new Error('Invalid hex length');
+		const bytes = new Uint8Array(hex.length / 2);
+		for (let i = 0; i < bytes.length; i++) {
+			bytes[i] = parseInt(hex.substr(i * 2, 2), 16);
+		}
+		return bytes;
+	}
+
+	/**
+	 * Uint8Array → 小写 Hex 字符串
+	 * @param {Uint8Array} bytes
+	 * @returns {string}
+	 */
+	static uint8ArrayToHex(bytes) {
+		return Array.from(bytes, byte => byte.toString(16).padStart(2, '0')).join('');
+	}
+
+	/**
+	 * Hex → Base64
+	 * @param {string} hex
+	 * @returns {string}
+	 */
+	static hexToBase64(hex) {
+		const bytes = this.hexToUint8Array(hex);
+		return this.uint8ArrayToBase64(bytes);
+	}
+
+	/**
+	 * Base64 → Hex
+	 * @param {string} base64
+	 * @returns {string}
+	 */
+	static base64ToHex(base64) {
+		const bytes = this.base64ToUint8Array(base64);
+		return this.uint8ArrayToHex(bytes);
+	}
+}
+
+export default Base64Utils;

package/lib/CryptoJS/HttpData.js

@@ -1,30 +1,29 @@
-import {md5_48,md5_16} from "./md5";
-import {aesEncrypt,aesDecrypt} from "./AesUtils";
-import {decodeBase58,encodeBase58} from "./Base58";
+import {md5_48, md5_16} from "./md5";
+import {aesEncrypt, aesDecrypt} from "./AesUtils";
+import {decodeBase58, encodeBase58} from "./Base58";
+
 export const reqEncrypt = (orgId, content) => {
-    return reqDataEncrypt(orgId,"1.0.0","MD5","AES", content);
+    return reqDataEncrypt(orgId, "1.0.0", "MD5", "AES", content);
 }
-export const respDecrypt = (respData  = {})  => {
+export const respDecrypt = (respData = {}) => {
     try {
         if (respData.encType === "NONE") {
             return respData.data;
         } else {
             let signData = respData.signData.toString();
-            let encData  = respData.encData.toString();
-            let timestamp  = respData.timestamp.toString();
-            let orgId  = respData.orgId.toString();
-            encData = aesDecrypt(md5_16(orgId + signData + timestamp),encData);
-            let params = new URLSearchParams(encData);
-            console.log(params);
+            let encData = respData.encData.toString();
+            let timestamp = respData.timestamp.toString();
+            let orgId = respData.orgId.toString();
+            encData = aesDecrypt(md5_16(orgId + signData + timestamp), encData);
+            const params = encData.split(/&(?=[^&]+=)/); // 智能分割，避免值中的 & 干扰
             let obj = {}
             // 遍历所有键值对
-            for (let [key, value] of params.entries()) {
-                obj[key] = value;
+            for (let pair of params) {
+                const [key, ...rest] = pair.split('=');
+                obj[key] = rest.join('=');
             }
-
             try {
-                let data = decodeBase58(obj.data)
-                return JSON.parse(data);
+                return JSON.parse(obj.data);
             } catch (e) {
                 return obj.data || null;
             }
@@ -38,13 +37,13 @@ export const respDecrypt = (respData  = {})  => {
 }
 
 
-export const reqDataEncrypt = (orgId,version,signType,encType, content) => {
+export const reqDataEncrypt = (orgId, version, signType, encType, content) => {
     let timestamp = new Date().getTime().toString();
     let obj = {
         "orgId": orgId || "Client",
-        "version": version|| "1.0.0",
+        "version": version || "1.0.0",
         "signType": signType || "NONE",
-        "encType": encType|| "NONE",
+        "encType": encType || "NONE",
     };
     if (encType === "NONE") {
         obj.data = content;
@@ -82,8 +81,8 @@ export const reqDataEncrypt = (orgId,version,signType,encType, content) => {
         return obj;
     } catch (e) {
         console.log(e);
-        obj.signType ="NONE";
-        obj.encType ="NONE";
+        obj.signType = "NONE";
+        obj.encType = "NONE";
         obj.data = content;
         obj.timestamp = timestamp;
         return obj;

package/lib/CryptoJS/HttpRequest.js

@@ -0,0 +1,150 @@
+// utils/secureData.js
+
+import {
+	sm2,
+	sm4
+} from 'sm-crypto';
+import Base64Utils from './Base64Utils.js';
+import {md5} from './md5.js';
+import {uuid} from '../uuid.js';
+
+class HttpRequest {
+
+    /**
+     * 创建安全请求基础结构（支持传入部分字段进行覆盖）
+     * @param {Object} request - 可选：包含 appId、data 及其他可覆盖字段
+     * @returns {Object} 完整的 SecureBaseRequest 对象
+     */
+    static createData(request = {}) {
+        const now = Date.now();
+        const defaults = {
+            version: '1.0.0',
+            signType: 'SM2',
+            encType: 'SM4',
+            timestamp: now,
+            nonceStr: uuid(),
+            encData: '',
+            signData: ''
+        };
+
+        return {
+            ...defaults,
+            ...request, // 👈 用传入的 request 覆盖默认值
+        };
+    }
+
+    /**
+     * 1️⃣ 打包安全数据：签名 + 加密
+     * @param request
+     * @param {string} privateKey - 64位十六进制 SM2 私钥
+     * @param {boolean} [useBase64=false] - encData 是否用 Base64 编码（否则为 hex）
+     * @returns {Object} 可直接发送的请求对象（不含 data 字段）
+     */
+    static encryptData(request = {}, privateKey, useBase64 = true) {
+        // 1. 生成签名原文（排除 encData, signData, data）
+        const signSource = objectToSignString(request, 'encData', 'signData', 'data');
+        // 2. SM2 签名（DER 格式，与 Java Bouncy Castle 兼容）
+        const signValueStr = sm2.doSignature(signSource, privateKey, {
+            der: true
+        }).toLowerCase();
+
+        const signValue = useBase64 ? Base64Utils.hexToBase64(signValueStr) : signValueStr;
+        // 3. 生成 SM4 密钥和 IV（通过 MD5）
+        const keyHex = md5_32(signValue); // 32 hex → 16 bytes
+        const ivHex = md5_32(signSource); // 32 hex → 16 bytes
+
+        // 4. 序列化业务数据
+        const dataJson = typeof request.data === 'string' ? request.data : JSON.stringify(request.data);
+
+        // 5. SM4 加密（CBC + PKCS#7）
+        const encDataHex = sm4.encrypt(dataJson, keyHex, {
+            iv: ivHex,
+            mode: 'cbc',
+            padding: 'pkcs#7',
+            cipherType: 1, // hex output
+        });
+
+        // 6. 转换为最终格式（hex 或 base64）
+        const encData = useBase64 ? Base64Utils.hexToBase64(encDataHex) : encDataHex;
+
+        // 7. 返回可传输对象（移除 data）
+        const {
+            data: _,
+            ...transmittable
+        } = {
+            ...request,
+            signData: signValue,
+            encData,
+        };
+        return transmittable;
+    }
+
+    /**
+     * 2️⃣ 验证签名（用于调试）
+     * @param {Object} request - 接收到的请求对象（含 signData, encData 等）
+     * @param {string} publicKey - 130位十六进制 SM2 公钥（以 "04" 开头）
+     * @param useBase64
+     * @returns {boolean}
+     */
+    static verifySignData(request, publicKey, useBase64 = true) {
+        const signSource = objectToSignString(request, 'encData', 'signData', 'data');
+        const signatureHex = useBase64 ? Base64Utils.base64ToHex(request.signData) : request.signData;
+        return sm2.doVerifySignature(signSource, signatureHex, publicKey, {
+            der: true
+        }) // 验签结果
+
+    }
+
+    /**
+     * 3️⃣ 解包安全数据：解密并返回原始 data
+     * @param {Object} request - 接收到的请求对象
+     * @param {string} privateKey - 64位十六进制 SM2 私钥（用于重算 key/iv）
+     * @param {boolean} [useBase64=false] - encData 是否为 Base64 编码
+     * @returns {any} 原始 data（自动 JSON.parse，若失败则返回字符串）
+     */
+    static decryptData(request, privateKey, useBase64 = true) {
+        // 1. 重算签名原文（用于生成 key/iv）
+        const signSource = objectToSignString(request, 'encData', 'signData', 'data');
+        const lvHax = md5_32(signSource);
+        const keyHax = md5_32(request.signData);
+
+        // 3. 处理 encData（base64 → hex）
+
+        const encDataHex = useBase64 ? Base64Utils.base64ToHex(request.encData) : request.encData;
+
+        // 4. SM4 解密
+        const decrypted = sm4.decrypt(encDataHex, keyHax, {
+            iv: lvHax,
+            mode: 'cbc',
+            padding: 'pkcs#7',
+            cipherType: 1, // input is hex
+        });
+        // 5. 尝试解析 JSON
+        try {
+            return JSON.parse(decrypted);
+        } catch (e) {
+            return decrypted; // 原始字符串
+        }
+    }
+}
+
+
+/**
+ * 将对象转为签名字符串（排除指定字段 + 字典序）
+ */
+function objectToSignString(obj, ...excludeFields) {
+	const excludes = new Set(excludeFields);
+	return Object.keys(obj)
+		.filter(key => !excludes.has(key))
+		.sort()
+		.map(key => `${key}=${obj[key] != null ? String(obj[key]) : ''}`)
+		.join('&');
+}
+
+/**
+ * 生成 MD5（32位小写 hex）
+ */
+function md5_32(str) {
+	return md5(str);
+}
+export default HttpRequest;

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "dream-common",
-  "version": "1.1.35",
+  "version": "1.1.39",
   "description": "",
   "main": "index.js",
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "check:updates": "npx npm-check-updates"
   },
   "repository": {
     "type": "git",
@@ -15,6 +16,6 @@
   "dependencies": {
     "bs58": "^6.0.0",
     "crypto-js": "^4.2.0",
-    "js-base64": "^3.7.7"
+    "sm-crypto": "^0.4.0"
   }
 }