npm - wxpay-nodejs-sdk - Versions diffs - 0.2.2 → 0.2.3 - Mend

wxpay-nodejs-sdk 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js CHANGED Viewed

@@ -189,13 +189,8 @@ var CertificateManager = class {
     }
   }
 };
-var SDK_VERSION = "0.2.1";
-function getUserAgent() {
-  const platform = os__default.default.platform();
-  const arch = os__default.default.arch();
-  const nodeVersion = process.version;
-  return `wxpay-nodejs-sdk/${SDK_VERSION} (${platform} ${arch}) Node.js/${nodeVersion}`;
-}
+// src/utils/exceptions.ts
 var WxPayError = class extends Error {
   /** HTTP 状态码 */
   status;
@@ -218,7 +213,64 @@ var WxPayError = class extends Error {
   get isServerError() {
     return this.status >= 500 && this.status < 600;
   }
+  /**
+   * 判断是否为特定错误码
+   *
+   * @param code - 错误码
+   * @returns 是否匹配
+   */
+  isApiError(code) {
+    return this.detail.code === code;
+  }
+};
+var ServiceException = class extends WxPayError {
+  /** 微信支付业务错误码 */
+  errorCode;
+  /** 微信支付业务错误信息 */
+  errorMessage;
+  constructor(status, headers, detail) {
+    super(status, headers, detail);
+    this.name = "ServiceException";
+    this.errorCode = detail.code;
+    this.errorMessage = detail.message;
+  }
 };
+var HttpException = class extends WxPayError {
+  constructor(message, cause) {
+    super(0, {}, { code: "NETWORK_ERROR", message });
+    this.name = "HttpException";
+    if (cause) {
+      this.cause = cause;
+    }
+  }
+};
+var ValidationException = class extends WxPayError {
+  constructor(message) {
+    super(0, {}, { code: "SIGN_ERROR", message });
+    this.name = "ValidationException";
+  }
+};
+var DecryptionException = class extends WxPayError {
+  constructor(message) {
+    super(0, {}, { code: "DECRYPT_ERROR", message });
+    this.name = "DecryptionException";
+  }
+};
+var MalformedMessageException = class extends WxPayError {
+  constructor(message) {
+    super(0, {}, { code: "PARSE_ERROR", message });
+    this.name = "MalformedMessageException";
+  }
+};
+// src/utils/http.ts
+var SDK_VERSION = "0.2.1";
+function getUserAgent() {
+  const platform = os__default.default.platform();
+  const arch = os__default.default.arch();
+  const nodeVersion = process.version;
+  return `wxpay-nodejs-sdk/${SDK_VERSION} (${platform} ${arch}) Node.js/${nodeVersion}`;
+}
 function buildUrl(base, path, params) {
   const url = new URL(path, base);
   if (params) {
@@ -280,7 +332,7 @@ async function parseResponse(response, verify) {
         message: `HTTP ${response.status}: ${response.statusText}`
       };
     }
-    throw new WxPayError(response.status, headers, errorDetail);
+    throw new ServiceException(response.status, headers, errorDetail);
   }
   if (verify) {
     const signature = headers["wechatpay-signature"];
@@ -290,10 +342,7 @@ async function parseResponse(response, verify) {
     if (signature && timestamp && nonce && serial) {
       const valid = verify(rawBody, signature, timestamp, nonce, serial);
       if (!valid) {
-        throw new WxPayError(response.status, headers, {
-          code: "SIGN_ERROR",
-          message: "\u5E94\u7B54\u7B7E\u540D\u9A8C\u8BC1\u5931\u8D25"
-        });
+        throw new ValidationException("\u5E94\u7B54\u7B7E\u540D\u9A8C\u8BC1\u5931\u8D25");
       }
     }
   }
@@ -305,10 +354,9 @@ async function parseResponse(response, verify) {
     }
     data = parsed;
   } catch (error) {
-    throw new WxPayError(response.status, headers, {
-      code: "PARSE_ERROR",
-      message: error instanceof Error ? error.message : "\u54CD\u5E94\u6570\u636E\u89E3\u6790\u5931\u8D25"
-    });
+    throw new MalformedMessageException(
+      error instanceof Error ? error.message : "\u54CD\u5E94\u6570\u636E\u89E3\u6790\u5931\u8D25"
+    );
   }
   return {
     status: response.status,
@@ -326,6 +374,12 @@ ${body}
 `;
 }
 function sign(signString, privateKey) {
+  if (!signString) {
+    throw new Error("\u7B7E\u540D\u4E32\u4E0D\u80FD\u4E3A\u7A7A");
+  }
+  if (!privateKey) {
+    throw new Error("\u5546\u6237\u79C1\u94A5\u4E0D\u80FD\u4E3A\u7A7A");
+  }
   const signer = crypto2__default.default.createSign("RSA-SHA256");
   signer.update(signString);
   signer.end();
@@ -345,6 +399,18 @@ function isTimestampValid(timestamp) {
   return Math.abs(now - responseTime) < RESPONSE_EXPIRED_SECONDS;
 }
 function verifySignature(body, signature, timestamp, nonce, publicKey) {
+  if (!signature) {
+    throw new Error("\u7B7E\u540D\u503C(signature)\u4E0D\u80FD\u4E3A\u7A7A");
+  }
+  if (!timestamp) {
+    throw new Error("\u65F6\u95F4\u6233(timestamp)\u4E0D\u80FD\u4E3A\u7A7A");
+  }
+  if (!nonce) {
+    throw new Error("\u968F\u673A\u4E32(nonce)\u4E0D\u80FD\u4E3A\u7A7A");
+  }
+  if (!publicKey) {
+    throw new Error("\u516C\u94A5(publicKey)\u4E0D\u80FD\u4E3A\u7A7A");
+  }
   if (!isTimestampValid(timestamp)) {
     return false;
   }
@@ -358,6 +424,12 @@ ${body}
   return verifier.verify(publicKey, signature, "base64");
 }
 function oaepEncrypt(plaintext, publicKey) {
+  if (!publicKey) {
+    throw new Error("\u52A0\u5BC6\u516C\u94A5\u4E0D\u80FD\u4E3A\u7A7A");
+  }
+  if (!plaintext) {
+    return "";
+  }
   const encrypted = crypto2__default.default.publicEncrypt(
     {
       key: publicKey,
@@ -369,6 +441,12 @@ function oaepEncrypt(plaintext, publicKey) {
   return encrypted.toString("base64");
 }
 function oaepDecrypt(ciphertext, privateKey) {
+  if (!privateKey) {
+    throw new Error("\u89E3\u5BC6\u79C1\u94A5\u4E0D\u80FD\u4E3A\u7A7A");
+  }
+  if (!ciphertext) {
+    return "";
+  }
   const decrypted = crypto2__default.default.privateDecrypt(
     {
       key: privateKey,
@@ -783,6 +861,48 @@ var WxPayClient = class _WxPayClient {
     };
   }
 };
+// src/utils/sensitive.ts
+var sensitiveFields = /* @__PURE__ */ new Map();
+function registerSensitiveFields(typeName, fields) {
+  sensitiveFields.set(typeName, new Set(fields));
+}
+function getSensitiveFields(typeName) {
+  return sensitiveFields.get(typeName) ?? /* @__PURE__ */ new Set();
+}
+function encryptSensitiveFields(obj, typeName, publicKey) {
+  const fields = getSensitiveFields(typeName);
+  if (fields.size === 0) return obj;
+  const result = { ...obj };
+  for (const field of fields) {
+    const value = result[field];
+    if (typeof value === "string" && value.length > 0) {
+      result[field] = oaepEncrypt(value, publicKey);
+    }
+  }
+  return result;
+}
+function decryptSensitiveFields(obj, typeName, privateKey) {
+  const fields = getSensitiveFields(typeName);
+  if (fields.size === 0) return obj;
+  const result = { ...obj };
+  for (const field of fields) {
+    const value = result[field];
+    if (typeof value === "string" && value.length > 0) {
+      try {
+        result[field] = oaepDecrypt(value, privateKey);
+      } catch {
+      }
+    }
+  }
+  return result;
+}
+function encryptSensitiveFieldsInArray(arr, typeName, publicKey) {
+  return arr.map((item) => encryptSensitiveFields(item, typeName, publicKey));
+}
+function decryptSensitiveFieldsInArray(arr, typeName, privateKey) {
+  return arr.map((item) => decryptSensitiveFields(item, typeName, privateKey));
+}
 var CertificateService = class {
   client;
   apiV3Key;
@@ -2644,6 +2764,8 @@ var BillService = class {
   }
 };
 var SUPPORTED_SIGNATURE_TYPES = /* @__PURE__ */ new Set(["WECHATPAY2-SHA256-RSA2048"]);
+var DEFAULT_SIGNATURE_TYPE = "WECHATPAY2-SHA256-RSA2048";
+var SUPPORTED_ALGORITHMS = /* @__PURE__ */ new Set(["AEAD_AES_256_GCM"]);
 var CallbackHandler = class {
   apiV3Key;
   certificates;
@@ -2660,14 +2782,26 @@ var CallbackHandler = class {
    * @param headers - 回调请求头
    * @param body - 回调请求体（原始 JSON 字符串）
    * @returns 签名验证是否通过
-   * @throws 如果签名类型不支持或找不到对应的证书
+   * @throws 如果必填参数缺失、签名类型不支持或找不到对应的证书
    */
   verifySignature(headers, body) {
-    const signatureType = headers["wechatpay-signature-type"];
-    const serialNo = headers["wechatpay-serial"];
-    if (signatureType && !SUPPORTED_SIGNATURE_TYPES.has(signatureType)) {
+    if (!headers["wechatpay-serial"]) {
+      throw new Error("\u56DE\u8C03\u5934 wechatpay-serial \u4E0D\u80FD\u4E3A\u7A7A");
+    }
+    if (!headers["wechatpay-signature"]) {
+      throw new Error("\u56DE\u8C03\u5934 wechatpay-signature \u4E0D\u80FD\u4E3A\u7A7A");
+    }
+    if (!headers["wechatpay-timestamp"]) {
+      throw new Error("\u56DE\u8C03\u5934 wechatpay-timestamp \u4E0D\u80FD\u4E3A\u7A7A");
+    }
+    if (!headers["wechatpay-nonce"]) {
+      throw new Error("\u56DE\u8C03\u5934 wechatpay-nonce \u4E0D\u80FD\u4E3A\u7A7A");
+    }
+    const signatureType = headers["wechatpay-signature-type"] ?? DEFAULT_SIGNATURE_TYPE;
+    if (!SUPPORTED_SIGNATURE_TYPES.has(signatureType)) {
       throw new Error(`\u4E0D\u652F\u6301\u7684\u7B7E\u540D\u7C7B\u578B: ${signatureType}`);
     }
+    const serialNo = headers["wechatpay-serial"];
     const publicKey = this.certificates.getPublicKey(serialNo);
     if (!publicKey) {
       throw new Error(`\u672A\u627E\u5230\u5E8F\u5217\u53F7\u4E3A ${serialNo} \u7684\u5E73\u53F0\u8BC1\u4E66\uFF0C\u8BF7\u786E\u4FDD\u5DF2\u914D\u7F6E\u5E73\u53F0\u8BC1\u4E66`);
@@ -2687,10 +2821,22 @@ var CallbackHandler = class {
    *
    * @param notification - 回调通知 JSON 对象
    * @returns 解密后的业务数据
-   * @throws 如果解密后的数据为空或格式无效
+   * @throws 如果通知结构无效、算法不匹配或解密失败
    */
   decryptNotification(notification) {
     const { resource } = notification;
+    if (!resource.algorithm) {
+      throw new Error("\u56DE\u8C03\u901A\u77E5 resource \u7F3A\u5C11 algorithm \u5B57\u6BB5");
+    }
+    if (!resource.ciphertext) {
+      throw new Error("\u56DE\u8C03\u901A\u77E5 resource \u7F3A\u5C11 ciphertext \u5B57\u6BB5");
+    }
+    if (!resource.nonce) {
+      throw new Error("\u56DE\u8C03\u901A\u77E5 resource \u7F3A\u5C11 nonce \u5B57\u6BB5");
+    }
+    if (!SUPPORTED_ALGORITHMS.has(resource.algorithm)) {
+      throw new Error(`\u4E0D\u652F\u6301\u7684\u52A0\u5BC6\u7B97\u6CD5: ${resource.algorithm}`);
+    }
     const plaintext = this.aesGcmDecrypt(
       resource.ciphertext,
       resource.associated_data,
@@ -2938,10 +3084,23 @@ var CallbackHandler = class {
    * @param associatedData - 附加数据（用于 AEAD 认证）
    * @param nonce - 随机串
    * @returns 解密后的明文字符串
+   * @throws 如果密文格式无效或解密失败
    */
   aesGcmDecrypt(ciphertext, associatedData, nonce) {
+    if (!ciphertext) {
+      throw new Error("\u5BC6\u6587(ciphertext)\u4E0D\u80FD\u4E3A\u7A7A");
+    }
+    if (!nonce) {
+      throw new Error("\u968F\u673A\u4E32(nonce)\u4E0D\u80FD\u4E3A\u7A7A");
+    }
+    if (this.apiV3Key.length !== 32) {
+      throw new Error("APIv3 \u5BC6\u94A5\u65E0\u6548\uFF0C\u957F\u5EA6\u5FC5\u987B\u4E3A 32 \u4E2A\u5B57\u8282");
+    }
     const key = Buffer.from(this.apiV3Key, "utf-8");
     const ciphertextBuffer = Buffer.from(ciphertext, "base64");
+    if (ciphertextBuffer.length <= 16) {
+      throw new Error("\u5BC6\u6587\u957F\u5EA6\u65E0\u6548\uFF0C\u5FC5\u987B\u5927\u4E8E 16 \u5B57\u8282\uFF08\u542B AuthTag\uFF09");
+    }
     const authTag = ciphertextBuffer.subarray(-16);
     const encryptedData = ciphertextBuffer.subarray(0, -16);
     const decipher = crypto2__default.default.createDecipheriv("aes-256-gcm", key, Buffer.from(nonce, "utf-8"));
@@ -4737,10 +4896,13 @@ exports.CombineNativeService = CombineNativeService;
 exports.CombineService = CombineService;
 exports.ComplaintService = ComplaintService;
 exports.CouponService = CouponService;
+exports.DecryptionException = DecryptionException;
 exports.GoldPlanService = GoldPlanService;
 exports.H5Service = H5Service;
+exports.HttpException = HttpException;
 exports.JsapiService = JsapiService;
 exports.LoveFeastService = LoveFeastService;
+exports.MalformedMessageException = MalformedMessageException;
 exports.MedInsService = MedInsService;
 exports.MediaService = MediaService;
 exports.MerchantExclusiveCouponService = MerchantExclusiveCouponService;
@@ -4755,7 +4917,9 @@ exports.ProfitSharingService = ProfitSharingService;
 exports.RetailStoreService = RetailStoreService;
 exports.ScanAndRideService = ScanAndRideService;
 exports.SecurityService = SecurityService;
+exports.ServiceException = ServiceException;
 exports.SmartGuideService = SmartGuideService;
+exports.ValidationException = ValidationException;
 exports.WxPayClient = WxPayClient;
 exports.WxPayError = WxPayError;
 exports.buildAppBridgeConfig = buildAppBridgeConfig;
@@ -4779,6 +4943,10 @@ exports.buildPayScoreDetailMiniProgramBridgeConfig = buildPayScoreDetailMiniProg
 exports.buildPayScoreJsapiBridgeConfig = buildPayScoreJsapiBridgeConfig;
 exports.buildPayScoreMiniProgramBridgeConfig = buildPayScoreMiniProgramBridgeConfig;
 exports.buildSignString = buildSignString;
+exports.decryptSensitiveFields = decryptSensitiveFields;
+exports.decryptSensitiveFieldsInArray = decryptSensitiveFieldsInArray;
+exports.encryptSensitiveFields = encryptSensitiveFields;
+exports.encryptSensitiveFieldsInArray = encryptSensitiveFieldsInArray;
 exports.generateAppPaySign = generateAppPaySign;
 exports.generateNonce = generateNonce;
 exports.generateNonceStr = generateNonceStr;
@@ -4787,6 +4955,7 @@ exports.generatePaySign = generatePaySign;
 exports.isTimestampValid = isTimestampValid;
 exports.oaepDecrypt = oaepDecrypt;
 exports.oaepEncrypt = oaepEncrypt;
+exports.registerSensitiveFields = registerSensitiveFields;
 exports.sign = sign;
 exports.verifySignature = verifySignature;
 //# sourceMappingURL=index.js.map