hik-iot-sdk 1.0.0

package/dist/core/auth.js

@@ -0,0 +1,292 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthManager = void 0;
+const axios_1 = __importDefault(require("axios"));
+const zod_1 = require("zod");
+const pino_1 = __importDefault(require("pino"));
+const errors_1 = require("./errors");
+const crypto_1 = require("./crypto");
+const logger = (0, pino_1.default)({ name: 'hik-auth' });
+const AppTokenResponseSchema = zod_1.z.object({
+    code: zod_1.z.number(),
+    msg: zod_1.z.string(),
+    data: zod_1.z.object({
+        appKey: zod_1.z.string(),
+        appAccessToken: zod_1.z.string(),
+        expiresIn: zod_1.z.number(),
+        refreshAppToken: zod_1.z.string(),
+    }).optional(),
+});
+const AuthCodeResponseSchema = zod_1.z.object({
+    code: zod_1.z.number(),
+    msg: zod_1.z.string(),
+    data: zod_1.z.object({
+        appKey: zod_1.z.string(),
+        redirectUrl: zod_1.z.string(),
+        authCode: zod_1.z.string(),
+    }).optional(),
+});
+const UserTokenResponseSchema = zod_1.z.object({
+    code: zod_1.z.number(),
+    msg: zod_1.z.string(),
+    data: zod_1.z.object({
+        appKey: zod_1.z.string(),
+        userAccessToken: zod_1.z.string(),
+        refreshUserToken: zod_1.z.string(),
+        expiresIn: zod_1.z.string(),
+        teamNo: zod_1.z.string(),
+        personNo: zod_1.z.string(),
+        accountNo: zod_1.z.string(),
+    }).optional(),
+});
+class AuthManager {
+    constructor(config, userCredentials) {
+        this.appTokenInfo = null;
+        this.userTokenInfo = null;
+        this.appTokenPromise = null;
+        this.userTokenPromise = null;
+        this.config = config;
+        this.userCredentials = userCredentials;
+        this.crypto = new crypto_1.HikCrypto(config.appSecret);
+        this.httpClient = axios_1.default.create({
+            baseURL: config.baseUrl,
+            timeout: config.timeout,
+            headers: {
+                'Content-Type': 'application/json',
+            },
+        });
+    }
+    encryptBody(data) {
+        if (!this.config.enableEncrypt) {
+            return data;
+        }
+        return this.crypto.encryptBody(data);
+    }
+    decryptResponse(response) {
+        if (!this.config.enableEncrypt || !response.data || typeof response.data !== 'string') {
+            return response;
+        }
+        try {
+            const decryptedData = this.crypto.decrypt(response.data);
+            return {
+                ...response,
+                data: JSON.parse(decryptedData),
+            };
+        }
+        catch {
+            return response;
+        }
+    }
+    async getUserAccessToken() {
+        if (this.userTokenInfo && this.isUserTokenValid()) {
+            return this.userTokenInfo.userAccessToken;
+        }
+        return this.fetchUserToken();
+    }
+    isUserTokenValid() {
+        if (!this.userTokenInfo)
+            return false;
+        const bufferTime = 60 * 60 * 1000;
+        return Date.now() < this.userTokenInfo.expiresAt - bufferTime;
+    }
+    async getAppAccessToken() {
+        if (this.appTokenInfo && this.isAppTokenValid()) {
+            return this.appTokenInfo.appAccessToken;
+        }
+        if (this.appTokenInfo && this.shouldRefreshAppToken()) {
+            return this.refreshAppToken();
+        }
+        return this.fetchNewAppToken();
+    }
+    isAppTokenValid() {
+        if (!this.appTokenInfo)
+            return false;
+        const bufferTime = 10 * 60 * 1000;
+        return Date.now() < this.appTokenInfo.expiresAt - bufferTime;
+    }
+    shouldRefreshAppToken() {
+        if (!this.appTokenInfo)
+            return false;
+        const oneHourMs = 60 * 60 * 1000;
+        return Date.now() > this.appTokenInfo.expiresAt - oneHourMs;
+    }
+    async fetchNewAppToken() {
+        if (this.appTokenPromise) {
+            const info = await this.appTokenPromise;
+            return info.appAccessToken;
+        }
+        this.appTokenPromise = this.doFetchAppToken();
+        try {
+            const info = await this.appTokenPromise;
+            return info.appAccessToken;
+        }
+        finally {
+            this.appTokenPromise = null;
+        }
+    }
+    async doFetchAppToken() {
+        logger.debug('Fetching new app access token');
+        // 认证接口不需要加密
+        const response = await this.httpClient.post('/auth/exchangeAppToken', {
+            appKey: this.config.appKey,
+            appSecret: this.config.appSecret,
+        });
+        const result = AppTokenResponseSchema.parse(response.data);
+        if (result.code !== 0 || !result.data) {
+            throw new errors_1.HikAuthError(result.msg);
+        }
+        const expiresInMs = result.data.expiresIn * 60 * 60 * 1000;
+        this.appTokenInfo = {
+            appAccessToken: result.data.appAccessToken,
+            refreshAppToken: result.data.refreshAppToken,
+            expiresAt: Date.now() + expiresInMs,
+        };
+        logger.debug({ expiresIn: result.data.expiresIn }, 'App token fetched successfully');
+        return this.appTokenInfo;
+    }
+    async refreshAppToken() {
+        if (!this.appTokenInfo) {
+            return this.fetchNewAppToken();
+        }
+        if (this.appTokenPromise) {
+            const info = await this.appTokenPromise;
+            return info.appAccessToken;
+        }
+        this.appTokenPromise = this.doRefreshAppToken();
+        try {
+            const info = await this.appTokenPromise;
+            return info.appAccessToken;
+        }
+        finally {
+            this.appTokenPromise = null;
+        }
+    }
+    async doRefreshAppToken() {
+        if (!this.appTokenInfo) {
+            return this.doFetchAppToken();
+        }
+        logger.debug('Refreshing app access token');
+        try {
+            // 认证接口不需要加密
+            const response = await this.httpClient.post('/auth/refreshAppToken', {
+                appAccessToken: this.appTokenInfo.appAccessToken,
+                refreshAppToken: this.appTokenInfo.refreshAppToken,
+            });
+            const result = AppTokenResponseSchema.parse(response.data);
+            if (result.code !== 0 || !result.data) {
+                logger.warn('App token refresh failed, fetching new token');
+                return this.doFetchAppToken();
+            }
+            const expiresInMs = result.data.expiresIn * 60 * 60 * 1000;
+            this.appTokenInfo = {
+                appAccessToken: result.data.appAccessToken,
+                refreshAppToken: result.data.refreshAppToken,
+                expiresAt: Date.now() + expiresInMs,
+            };
+            logger.debug({ expiresIn: result.data.expiresIn }, 'App token refreshed successfully');
+            return this.appTokenInfo;
+        }
+        catch (error) {
+            logger.warn({ error }, 'App token refresh error, fetching new token');
+            return this.doFetchAppToken();
+        }
+    }
+    async fetchUserToken() {
+        if (this.userTokenPromise) {
+            const info = await this.userTokenPromise;
+            return info.userAccessToken;
+        }
+        this.userTokenPromise = this.doFetchUserToken();
+        try {
+            const info = await this.userTokenPromise;
+            return info.userAccessToken;
+        }
+        finally {
+            this.userTokenPromise = null;
+        }
+    }
+    async doFetchUserToken() {
+        logger.debug('Fetching user access token');
+        const authCode = await this.applyAuthCode();
+        const appAccessToken = await this.getAppAccessToken();
+        // GET 请求参数需要加密
+        let url = '/auth/third/code2Token';
+        if (this.config.enableEncrypt) {
+            const querySecret = this.crypto.encryptParams({ authCode });
+            url = `/auth/third/code2Token?querySecret=${encodeURIComponent(querySecret)}`;
+        }
+        else {
+            url = `/auth/third/code2Token?authCode=${authCode}`;
+        }
+        const response = await this.httpClient.get(url, {
+            headers: {
+                'App-Access-Token': appAccessToken,
+            },
+        });
+        // 解密响应数据
+        let responseData = response.data;
+        if (this.config.enableEncrypt && responseData.data && typeof responseData.data === 'string') {
+            try {
+                const decryptedData = this.crypto.decrypt(responseData.data);
+                responseData = {
+                    ...responseData,
+                    data: JSON.parse(decryptedData),
+                };
+            }
+            catch (error) {
+                logger.warn({ error }, 'Failed to decrypt user token response');
+            }
+        }
+        const result = UserTokenResponseSchema.parse(responseData);
+        if (result.code !== 0 || !result.data) {
+            throw new errors_1.HikAuthError(result.msg);
+        }
+        const expiresInDays = parseInt(result.data.expiresIn, 10);
+        const expiresInMs = expiresInDays * 24 * 60 * 60 * 1000;
+        this.userTokenInfo = {
+            userAccessToken: result.data.userAccessToken,
+            refreshUserToken: result.data.refreshUserToken,
+            expiresAt: Date.now() + expiresInMs,
+            teamNo: result.data.teamNo,
+            personNo: result.data.personNo,
+            accountNo: result.data.accountNo,
+        };
+        logger.debug({ expiresIn: result.data.expiresIn }, 'User token fetched successfully');
+        return this.userTokenInfo;
+    }
+    async applyAuthCode() {
+        logger.debug('Applying auth code');
+        // 认证接口不需要加密
+        const response = await this.httpClient.post('/auth/third/applyAuthCode', {
+            appKey: this.config.appKey,
+            userName: this.userCredentials.userName,
+            password: this.userCredentials.password,
+            redirectUrl: this.userCredentials.redirectUrl,
+        });
+        const result = AuthCodeResponseSchema.parse(response.data);
+        if (result.code !== 0 || !result.data) {
+            throw new errors_1.HikAuthError(result.msg);
+        }
+        logger.debug('Auth code obtained successfully');
+        return result.data.authCode;
+    }
+    clearAppToken() {
+        this.appTokenInfo = null;
+    }
+    clearUserToken() {
+        this.userTokenInfo = null;
+    }
+    getUserInfo() {
+        if (!this.userTokenInfo)
+            return null;
+        return {
+            teamNo: this.userTokenInfo.teamNo,
+            personNo: this.userTokenInfo.personNo,
+            accountNo: this.userTokenInfo.accountNo,
+        };
+    }
+}
+exports.AuthManager = AuthManager;

package/dist/core/config.d.ts

@@ -0,0 +1,31 @@
+import { z } from 'zod';
+export declare const HikConfigSchema: z.ZodObject<{
+    appKey: z.ZodString;
+    appSecret: z.ZodString;
+    baseUrl: z.ZodDefault<z.ZodString>;
+    enableEncrypt: z.ZodDefault<z.ZodBoolean>;
+    timeout: z.ZodDefault<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    appKey: string;
+    appSecret: string;
+    baseUrl: string;
+    enableEncrypt: boolean;
+    timeout: number;
+}, {
+    appKey: string;
+    appSecret: string;
+    baseUrl?: string | undefined;
+    enableEncrypt?: boolean | undefined;
+    timeout?: number | undefined;
+}>;
+export type HikConfig = z.infer<typeof HikConfigSchema>;
+export interface HikSdkOptions {
+    appKey: string;
+    appSecret: string;
+    userName: string;
+    password: string;
+    redirectUrl?: string;
+    baseUrl?: string;
+    enableEncrypt?: boolean;
+    timeout?: number;
+}

package/dist/core/config.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HikConfigSchema = void 0;
+const zod_1 = require("zod");
+exports.HikConfigSchema = zod_1.z.object({
+    appKey: zod_1.z.string().min(1, 'appKey is required'),
+    appSecret: zod_1.z.string().min(1, 'appSecret is required'),
+    baseUrl: zod_1.z.string().url().default('https://open-api.hikiot.com'),
+    enableEncrypt: zod_1.z.boolean().default(true), // 海康互联默认开启加密
+    timeout: zod_1.z.number().positive().default(30000),
+});

package/dist/core/crypto.d.ts

@@ -0,0 +1,12 @@
+export declare class HikCrypto {
+    private readonly privateKeyPem;
+    constructor(appSecret: string);
+    private formatPrivateKey;
+    private formatBase64;
+    encrypt(data: string): string;
+    decrypt(data: string): string;
+    encryptParams(params: Record<string, string | number | boolean>): string;
+    encryptBody(body: Record<string, unknown>): {
+        bodySecret: string;
+    };
+}

package/dist/core/crypto.js

@@ -0,0 +1,88 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HikCrypto = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const node_forge_1 = __importDefault(require("node-forge"));
+class HikCrypto {
+    constructor(appSecret) {
+        // appSecret 是 PKCS#8 格式的私钥 base64 编码
+        this.privateKeyPem = this.formatPrivateKey(appSecret);
+    }
+    formatPrivateKey(appSecret) {
+        // 如果已经是 PEM 格式，直接返回
+        if (appSecret.includes('-----BEGIN')) {
+            return appSecret;
+        }
+        // 海康的 appSecret 是 PKCS#8 格式的私钥
+        // 需要添加正确的 PEM 头部
+        // 先尝试 PKCS#8 格式
+        const pkcs8Pem = `-----BEGIN PRIVATE KEY-----\n${this.formatBase64(appSecret)}\n-----END PRIVATE KEY-----`;
+        try {
+            // 验证是否是有效的私钥
+            crypto_1.default.createPrivateKey(pkcs8Pem);
+            return pkcs8Pem;
+        }
+        catch {
+            // 如果 PKCS#8 失败，尝试 PKCS#1 格式
+            return `-----BEGIN RSA PRIVATE KEY-----\n${this.formatBase64(appSecret)}\n-----END RSA PRIVATE KEY-----`;
+        }
+    }
+    formatBase64(base64) {
+        // 将 base64 字符串按 64 字符换行
+        const lines = [];
+        for (let i = 0; i < base64.length; i += 64) {
+            lines.push(base64.slice(i, i + 64));
+        }
+        return lines.join('\n');
+    }
+    encrypt(data) {
+        const chunkSize = 117; // RSA 1024 位密钥最大加密长度（字节）
+        const encryptedChunks = [];
+        const dataBuffer = Buffer.from(data, 'utf-8');
+        for (let i = 0; i < dataBuffer.length; i += chunkSize) {
+            const chunk = dataBuffer.slice(i, i + chunkSize);
+            const encryptedChunk = crypto_1.default.privateEncrypt({
+                key: this.privateKeyPem,
+                padding: crypto_1.default.constants.RSA_PKCS1_PADDING,
+            }, chunk);
+            encryptedChunks.push(encryptedChunk);
+        }
+        return Buffer.concat(encryptedChunks).toString('base64');
+    }
+    decrypt(data) {
+        const decodedData = Buffer.from(data, 'base64');
+        const pki = node_forge_1.default.pki;
+        const key = pki.privateKeyFromPem(this.privateKeyPem);
+        const chunkSize = 128; // RSA 1024 位密钥加密后的块大小
+        const decryptedChunks = [];
+        for (let i = 0; i < decodedData.length; i += chunkSize) {
+            const chunk = decodedData.slice(i, i + chunkSize);
+            const forgeBuffer = node_forge_1.default.util.createBuffer(chunk.toString('binary'));
+            const decryptedChunk = key.decrypt(forgeBuffer.getBytes(), 'RSAES-PKCS1-V1_5');
+            decryptedChunks.push(Buffer.from(decryptedChunk, 'binary'));
+        }
+        const decryptedBuffer = Buffer.concat(decryptedChunks);
+        const rawString = decryptedBuffer.toString('utf-8');
+        // 海康返回的数据是 URL 编码的
+        try {
+            return decodeURIComponent(rawString);
+        }
+        catch {
+            return rawString;
+        }
+    }
+    encryptParams(params) {
+        const queryString = Object.entries(params)
+            .map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(String(value))}`)
+            .join('&');
+        return this.encrypt(queryString);
+    }
+    encryptBody(body) {
+        const jsonString = JSON.stringify(body);
+        return { bodySecret: this.encrypt(jsonString) };
+    }
+}
+exports.HikCrypto = HikCrypto;

package/dist/core/errors.d.ts

@@ -0,0 +1,45 @@
+export declare class HikError extends Error {
+    readonly code: number;
+    readonly detail?: string;
+    constructor(code: number, message: string, detail?: string);
+    static fromResponse(response: {
+        code: number;
+        msg: string;
+        detail?: string;
+    }): HikError;
+}
+export declare class HikAuthError extends HikError {
+    constructor(message: string);
+}
+export declare class HikDeviceError extends HikError {
+    constructor(code: number, message: string, detail?: string);
+}
+export declare const ERROR_CODES: {
+    readonly SUCCESS: 0;
+    readonly SYSTEM_ERROR: 400000;
+    readonly API_NOT_FOUND: 400001;
+    readonly RATE_LIMIT: 400002;
+    readonly API_DISABLED: 400003;
+    readonly NO_PERMISSION: 400004;
+    readonly INVALID_APP_KEY: 400005;
+    readonly MISSING_APP_KEY: 400006;
+    readonly MISSING_TEAM_NO: 400007;
+    readonly APP_NOT_EXIST: 400008;
+    readonly INVALID_APP_ACCESS_TOKEN: 400015;
+    readonly INVALID_USER_ACCESS_TOKEN: 400019;
+    readonly DEVICE_NOT_EXIST: 160001;
+    readonly REQUEST_TIMEOUT: 160099;
+    readonly DEVICE_OFFLINE: 160101;
+    readonly DEVICE_TIMEOUT: 160102;
+    readonly DEVICE_SETTING_ERROR: 160103;
+    readonly DEVICE_NOT_SUPPORT: 160104;
+    readonly CARD_LIMIT_REACHED: 160111;
+    readonly PERSON_DELETED: 160112;
+    readonly FACE_TOO_SMALL: 160113;
+    readonly FACE_INVALID: 160114;
+    readonly FACE_DOWNLOAD_FAILED: 160115;
+    readonly PERSON_LIMIT_REACHED: 160116;
+    readonly FACE_NOT_DETECTED: 160117;
+    readonly REMOTE_OPEN_NOT_SUPPORT: 160119;
+    readonly DOOR_OFFLINE: 160120;
+};

package/dist/core/errors.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ERROR_CODES = exports.HikDeviceError = exports.HikAuthError = exports.HikError = void 0;
+class HikError extends Error {
+    constructor(code, message, detail) {
+        super(message);
+        this.name = 'HikError';
+        this.code = code;
+        this.detail = detail;
+        Object.setPrototypeOf(this, HikError.prototype);
+    }
+    static fromResponse(response) {
+        return new HikError(response.code, response.msg, response.detail);
+    }
+}
+exports.HikError = HikError;
+class HikAuthError extends HikError {
+    constructor(message) {
+        super(400015, message);
+        this.name = 'HikAuthError';
+        Object.setPrototypeOf(this, HikAuthError.prototype);
+    }
+}
+exports.HikAuthError = HikAuthError;
+class HikDeviceError extends HikError {
+    constructor(code, message, detail) {
+        super(code, message, detail);
+        this.name = 'HikDeviceError';
+        Object.setPrototypeOf(this, HikDeviceError.prototype);
+    }
+}
+exports.HikDeviceError = HikDeviceError;
+exports.ERROR_CODES = {
+    SUCCESS: 0,
+    SYSTEM_ERROR: 400000,
+    API_NOT_FOUND: 400001,
+    RATE_LIMIT: 400002,
+    API_DISABLED: 400003,
+    NO_PERMISSION: 400004,
+    INVALID_APP_KEY: 400005,
+    MISSING_APP_KEY: 400006,
+    MISSING_TEAM_NO: 400007,
+    APP_NOT_EXIST: 400008,
+    INVALID_APP_ACCESS_TOKEN: 400015,
+    INVALID_USER_ACCESS_TOKEN: 400019,
+    DEVICE_NOT_EXIST: 160001,
+    REQUEST_TIMEOUT: 160099,
+    DEVICE_OFFLINE: 160101,
+    DEVICE_TIMEOUT: 160102,
+    DEVICE_SETTING_ERROR: 160103,
+    DEVICE_NOT_SUPPORT: 160104,
+    CARD_LIMIT_REACHED: 160111,
+    PERSON_DELETED: 160112,
+    FACE_TOO_SMALL: 160113,
+    FACE_INVALID: 160114,
+    FACE_DOWNLOAD_FAILED: 160115,
+    PERSON_LIMIT_REACHED: 160116,
+    FACE_NOT_DETECTED: 160117,
+    REMOTE_OPEN_NOT_SUPPORT: 160119,
+    DOOR_OFFLINE: 160120,
+};

package/dist/core/http.d.ts

@@ -0,0 +1,29 @@
+import { z } from 'zod';
+import type { HikConfig } from './config';
+import type { AuthManager } from './auth';
+export type BaseResponse<T = unknown> = {
+    code: number;
+    msg: string;
+    data?: T;
+    detail?: string | null;
+    count?: number;
+};
+export declare class HttpClient {
+    private readonly client;
+    private readonly authManager;
+    private readonly config;
+    private readonly crypto;
+    constructor(config: HikConfig, authManager: AuthManager);
+    private setupInterceptors;
+    post<T>(path: string, data?: object, schema?: z.ZodType<T>): Promise<T>;
+    get<T>(path: string, config?: {
+        params?: Record<string, string | number | boolean>;
+        headers?: Record<string, string>;
+    }, schema?: z.ZodType<T>): Promise<T>;
+    private handleResponse;
+}
+declare module 'axios' {
+    interface AxiosRequestConfig {
+        _retry?: boolean;
+    }
+}