dream-common 1.1.36 → 1.1.40

package/index.js

@@ -16,5 +16,7 @@ export default {
     ...require('./lib/json'),
     ...require('./lib/CryptoJS/Base58'),
     ...require('./lib/CryptoJS/HttpData'),
-    ...require('./lib/CryptoJS/AesUtils')
+    ...require('./lib/CryptoJS/AesUtils'),
+    ...require('./lib/CryptoJS/Base64Utils'),
+    ...require('./lib/CryptoJS/HttpRequest')
 }

package/lib/CryptoJS/Base64Utils.js

@@ -0,0 +1,115 @@
+// utils/Base64Utils.js
+
+/**
+ * 字符串 → Base64
+ * @param {string} str - UTF-8 字符串
+ * @returns {string} Base64 编码结果
+ */
+export const stringToBase64 = (str) => {
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(str, 'utf8').toString('base64');
+    }
+    // 浏览器环境
+    const encoder = new TextEncoder();
+    const bytes = encoder.encode(str);
+    let binary = '';
+    for (let i = 0; i < bytes.length; i++) {
+        binary += String.fromCharCode(bytes[i]);
+    }
+    return btoa(binary);
+}
+
+/**
+ * Base64 → 字符串
+ * @param {string} base64
+ * @returns {string} 原始 UTF-8 字符串
+ */
+export const base64ToString = (base64) => {
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(base64, 'base64').toString('utf8');
+    }
+    // 浏览器环境
+    const binary = atob(base64.replace(/[^A-Za-z0-9+/]/g, ''));
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    const decoder = new TextDecoder();
+    return decoder.decode(bytes);
+}
+
+/**
+ * Uint8Array → Base64
+ * @param {Uint8Array} bytes
+ * @returns {string}
+ */
+export const uint8ArrayToBase64 = (bytes) => {
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(bytes).toString('base64');
+    }
+    let binary = '';
+    for (let i = 0; i < bytes.length; i++) {
+        binary += String.fromCharCode(bytes[i]);
+    }
+    return btoa(binary);
+}
+
+/**
+ * Base64 → Uint8Array
+ * @param {string} base64
+ * @returns {Uint8Array}
+ */
+export const base64ToUint8Array = (base64) => {
+    if (typeof Buffer !== 'undefined') {
+        return new Uint8Array(Buffer.from(base64, 'base64'));
+    }
+    const binary = atob(base64.replace(/[^A-Za-z0-9+/]/g, ''));
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+
+/**
+ * Hex 字符串 → Uint8Array
+ * @param {string} hex - 如 'a1b2c3'
+ * @returns {Uint8Array}
+ */
+export const hexToUint8Array = (hex) => {
+    if (hex.length % 2 !== 0) throw new Error('Invalid hex length');
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(hex.substr(i * 2, 2), 16);
+    }
+    return bytes;
+}
+
+/**
+ * Uint8Array → 小写 Hex 字符串
+ * @param {Uint8Array} bytes
+ * @returns {string}
+ */
+export const uint8ArrayToHex = (bytes) => {
+    return Array.from(bytes, byte => byte.toString(16).padStart(2, '0')).join('');
+}
+
+/**
+ * Hex → Base64
+ * @param {string} hex
+ * @returns {string}
+ */
+export const hexToBase64 = (hex) => {
+    const bytes = this.hexToUint8Array(hex);
+    return this.uint8ArrayToBase64(bytes);
+}
+
+/**
+ * Base64 → Hex
+ * @param {string} base64
+ * @returns {string}
+ */
+export const base64ToHex = (base64) => {
+    const bytes = this.base64ToUint8Array(base64);
+    return this.uint8ArrayToHex(bytes);
+}

package/lib/CryptoJS/HttpRequest.js

@@ -0,0 +1,147 @@
+// utils/secureData.js
+
+import {
+	sm2,
+	sm4
+} from 'sm-crypto';
+import {base64ToHex, hexToBase64} from './Base64Utils.js';
+import {md5} from './md5.js';
+import {uuid} from '../uuid.js';
+
+
+/**
+ * 创建安全请求基础结构（支持传入部分字段进行覆盖）
+ * @param {Object} request - 可选：包含 appId、data 及其他可覆盖字段
+ * @returns {Object} 完整的 SecureBaseRequest 对象
+ */
+export function createSecureData(request = {})  {
+    const now = Date.now();
+    const defaults = {
+        version: '1.0.0',
+        signType: 'SM2',
+        encType: 'SM4',
+        timestamp: now,
+        nonceStr: uuid(),
+        encData: '',
+        signData: ''
+    };
+
+    return {
+        ...defaults,
+        ...request, // 👈 用传入的 request 覆盖默认值
+    };
+}
+
+/**
+ * 1️⃣ 打包安全数据：签名 + 加密
+ * @param request
+ * @param {string} privateKey - 64位十六进制 SM2 私钥
+ * @param {boolean} [useBase64=false] - encData 是否用 Base64 编码（否则为 hex）
+ * @returns {Object} 可直接发送的请求对象（不含 data 字段）
+ */
+export function encryptSecureData(request = {}, privateKey, useBase64 = true)  {
+    // 1. 生成签名原文（排除 encData, signData, data）
+    const signSource = objectToSignString(request, 'encData', 'signData', 'data');
+    // 2. SM2 签名（DER 格式，与 Java Bouncy Castle 兼容）
+    const signValueStr = sm2.doSignature(signSource, privateKey, {
+        der: true
+    }).toLowerCase();
+
+    const signValue = useBase64 ? hexToBase64(signValueStr) : signValueStr;
+    // 3. 生成 SM4 密钥和 IV（通过 MD5）
+    const keyHex = md5_32(signValue); // 32 hex → 16 bytes
+    const ivHex = md5_32(signSource); // 32 hex → 16 bytes
+
+    // 4. 序列化业务数据
+    const dataJson = typeof request.data === 'string' ? request.data : JSON.stringify(request.data);
+
+    // 5. SM4 加密（CBC + PKCS#7）
+    const encDataHex = sm4.encrypt(dataJson, keyHex, {
+        iv: ivHex,
+        mode: 'cbc',
+        padding: 'pkcs#7',
+        cipherType: 1, // hex output
+    });
+
+    // 6. 转换为最终格式（hex 或 base64）
+    const encData = useBase64 ? hexToBase64(encDataHex) : encDataHex;
+
+    // 7. 返回可传输对象（移除 data）
+    const {
+        data: _,
+        ...transmittable
+    } = {
+        ...request,
+        signData: signValue,
+        encData,
+    };
+    return transmittable;
+}
+
+/**
+ * 2️⃣ 验证签名（用于调试）
+ * @param {Object} request - 接收到的请求对象（含 signData, encData 等）
+ * @param {string} publicKey - 130位十六进制 SM2 公钥（以 "04" 开头）
+ * @param useBase64
+ * @returns {boolean}
+ */
+export function verifySecureSign(request, publicKey, useBase64 = true) {
+    const signSource = objectToSignString(request, 'encData', 'signData', 'data');
+    const signatureHex = useBase64 ? base64ToHex(request.signData) : request.signData;
+    return sm2.doVerifySignature(signSource, signatureHex, publicKey, {
+        der: true
+    }) // 验签结果
+
+}
+
+/**
+ * 3️⃣ 解包安全数据：解密并返回原始 data
+ * @param {Object} request - 接收到的请求对象
+ * @param {string} privateKey - 64位十六进制 SM2 私钥（用于重算 key/iv）
+ * @param {boolean} [useBase64=false] - encData 是否为 Base64 编码
+ * @returns {any} 原始 data（自动 JSON.parse，若失败则返回字符串）
+ */
+export function decryptSecureData(request, privateKey, useBase64 = true) {
+    // 1. 重算签名原文（用于生成 key/iv）
+    const signSource = objectToSignString(request, 'encData', 'signData', 'data');
+    const lvHax = md5_32(signSource);
+    const keyHax = md5_32(request.signData);
+
+    // 3. 处理 encData（base64 → hex）
+
+    const encDataHex = useBase64 ? base64ToHex(request.encData) : request.encData;
+
+    // 4. SM4 解密
+    const decrypted = sm4.decrypt(encDataHex, keyHax, {
+        iv: lvHax,
+        mode: 'cbc',
+        padding: 'pkcs#7',
+        cipherType: 1, // input is hex
+    });
+    // 5. 尝试解析 JSON
+    try {
+        return JSON.parse(decrypted);
+    } catch (e) {
+        return decrypted; // 原始字符串
+    }
+}
+
+
+/**
+ * 将对象转为签名字符串（排除指定字段 + 字典序）
+ */
+function objectToSignString(obj, ...excludeFields) {
+	const excludes = new Set(excludeFields);
+	return Object.keys(obj)
+		.filter(key => !excludes.has(key))
+		.sort()
+		.map(key => `${key}=${obj[key] != null ? String(obj[key]) : ''}`)
+		.join('&');
+}
+
+/**
+ * 生成 MD5（32位小写 hex）
+ */
+function md5_32(str) {
+	return md5(str);
+}

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "dream-common",
-  "version": "1.1.36",
+  "version": "1.1.40",
   "description": "",
   "main": "index.js",
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "check:updates": "npx npm-check-updates"
   },
   "repository": {
     "type": "git",
@@ -14,8 +15,7 @@
   "license": "ISC",
   "dependencies": {
     "bs58": "^6.0.0",
-    "crypto-js": "^4.2.0"
+    "crypto-js": "^4.2.0",
+    "sm-crypto": "^0.4.0"
   }
 }
-
-