-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
WxCrypto.ts
156 lines (143 loc) · 4.38 KB
/
WxCrypto.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
import { randomBytes } from 'crypto'
import { type BuildXMLOptions, type ParserXMLOptions, buildXML, parseXML } from './xml'
import { aes256Decrypt, aes256Encrypt } from './aes256'
import sha1 from './sha1'
const debug = require('debug')('wxcrypto')
export interface Options {
// Convert camel to underscore delimited
normalizeTags?: boolean
// see: https://github.com/Leonidas-from-XIV/node-xml2js/blob/master/README.md#options-for-the-builder-class
buildXmlOptions?: BuildXMLOptions
// see: https://github.com/Leonidas-from-XIV/node-xml2js/blob/master/README.md#options
xmlOptions?: ParserXMLOptions
}
export interface withXMLProp<T> {
xml: T
}
/**
* 微信消息加解密nodejs版本
*
* @example
* ```
* const WxCrypto = require('node-wxcrypto');
* const wxCrypto = new WxCrypto(token, encodingAESKey, appID);
*
* var [err, encryptedXML] = wx.encrypt(xml, timestamp, nonce);
*
* var [err, decryptedXML] = wx.decrypt(signature, timestamp, nonce, encrypted);
* ```
*/
class WxCrypto {
token: string
key: Buffer
iv: Buffer
appID: string
options: Options
constructor(token: string, encodingAESKey: string, appID: string, options: Options = {}) {
if (!token || !encodingAESKey || !appID) {
throw new Error('please check arguments')
}
const AESKey = Buffer.from(encodingAESKey + '=', 'base64')
if (AESKey.length !== 32) {
throw new Error('encodingAESKey invalid')
}
this.token = token
this.appID = appID
this.key = AESKey
this.iv = AESKey.subarray(0, 16)
this.options = options
debug(
'weixin crypto class initialize with token=',
token,
'key=',
AESKey,
'appID=',
appID,
'iv=',
this.iv
)
}
/**
* mergeXmlOptions
*
* @param options - options
* @returns xml - xmData, eg. \{ ComponentVerifyTicket: 'xxxx', ..., AppId: 'xxxx' \}
*/
mergeXmlOptions(options: Options = {}): ParserXMLOptions | undefined {
options = Object.assign(this.options, options)
// normalize tags
if (options.normalizeTags) {
const sep = typeof options.normalizeTags === 'string' ? options.normalizeTags : '_'
if (!options.xmlOptions) options.xmlOptions = {}
options.xmlOptions.tagNameProcessors = [
name =>
name
.replace(/([A-Z]+)/g, sep + '$1')
.replace(new RegExp('^' + sep), '')
.toLocaleLowerCase()
]
}
return options.xmlOptions
}
/**
* encrypt
* Base64Encode(AES256Encrypt[RandomString(16B) + ContentLength(4B) + Content + appID])
*
* @param data - xml data String, eg. \{ ComponentVerifyTicket: 'xxxx', ..., AppId: 'xxxx' \}
* @param options - options
* @returns encrypt - encrypt string, eg. oVMc1Y6qP86YfAa.../QGgk503Q68Q==
*/
async encrypt(data: Record<string, unknown>, options: Options = {}) {
const xmlString = await buildXML(
data,
options.buildXmlOptions || this.options.buildXmlOptions
)
// 16B RandomString
const randomStr = randomBytes(16)
const content = Buffer.from(xmlString)
const appID = Buffer.from(this.appID)
// Get the network byte order of the content length of 4B
const contentLength = Buffer.alloc(4)
contentLength.writeUInt32BE(content.length, 0)
const ciphered = aes256Encrypt(
[randomStr, contentLength, content, appID],
this.key,
this.iv
)
debug('encrypt: ', ciphered.toString('base64'))
return ciphered.toString('base64')
}
/**
* decrypt
*
* @param data - encrypt string, eg. oVMc1Y6qP86YfAa.../QGgk503Q68Q==
* @param timestamp - timestamp
* @param nonce - nonce
* @param options - options
* @returns xml - xmData, eg. \{ ComponentVerifyTicket: 'xxxx', ..., AppId: 'xxxx' \}
*/
async decrypt(
data: string,
timestamp: string | number,
nonce: string | number,
options: Options = {}
) {
// unused
const signature = sha1(this.token, String(timestamp), String(nonce), data)
// console.info('signature: ', signature)
debug('signature', signature)
const deciphered = aes256Decrypt(data, this.key, this.iv)
// AES256Encrypt => [RandomString(16B) + ContentLength(4B) + Content + CorpID]
// Remove 16b random string
const content = deciphered.subarray(16)
const length = content.subarray(0, 4).readUInt32BE(0)
const decryptedXML = content.subarray(4, length + 4).toString()
const decryptedAppID = content.subarray(length + 4).toString()
// parsing xml
const xml = parseXML(decryptedXML, this.mergeXmlOptions(options))
debug('decrypt:xml', xml)
debug('decrypt:appID', decryptedAppID)
return xml
}
}
export default WxCrypto