@foxone/passport
Advanced tools
@foxone/passport SDK 是Fox.One API 的接口的封装。
Fox.One API 的接口都需要签名和生成动态的Token, PassportSDK 同时提供了访问API 的签名函数
yarn add @foxone/passport
Passport 不会存储 Session 和用户信息,由使用 @foxone/passport 的接入方自行存储 Passport 登陆后获取到的数据结构大致如下,session为后续接入方发送请求时签名的必要字段
{
"user":
{
//...
},
"session": {
"key": "xxxx",
"secret":"xxx"
}
}
用户登陆模块
import { Passport } from '@foxone/passport';
// 实例化 Passport
const passport = new Passport({
host: constants.passportHost,
merchantId: constants.merchantId,
});
// 获取滑块
passport.getCaptcha()
// 获取注册验证码 邮箱 手机二选一
passport.requestRegister({regionCode,
mobile,
captchaId,
captchaCode,
email})
return {token:''}
// 注册 name可不传
passport.register({
name,
code,
password,
token,
})
return {user:{},session:{}}
// 获取手机登录验证码
passport.requestLoginSMS({
regionCode,
mobile,
captchaId,
captchaCode
})
return {token:''}
// 手机登陆
passport.mobileLogin({
token,
mobileCode,
})
return {user:{},session:{}}
// 账户密码登陆
// mobile 或者邮箱为选填字段
passport.login({ password: rawPassword, mobile, email })
return {user:{},session:{}}
// 获取用户信息
passport.getUserDetail({secret, key})
return {user:{}}
商户模块
import { Admin } from '@foxone/passport';
const admin = new Admin({
host: constants.adminHost,
});
// 商户登陆
admin.login({ password: rawPassword, username})
return {admin:{},session:{}}
签名函数
import { generateSignRequest, generateSignAndJWT } from '@foxone/passport';
const signData = generateSignRequest({ method: 'get', url: pathAndQuery, body: options.body });
return { uri, body, sign }
生成请求的Token
import { generateToken, decodeToken } from '@foxone/passport';
const token = await generateToken({ key: session.key, secret: session.secret, requestSign: signData.sign });
密码加盐
import { passwordSalt } from '@foxone/passport';
const salePassword = passwordSalt(password);
当业务方为 User,Maker 时必须在 Http Header里添加请求头 'fox-merchant-id':'xxxxxxx'
所有的业务方在有用户session时,发送的请求都需要默认的加上
"Authorization": Bearer ${token} }
token 为上述 Token 章节生成的动态token,每次都不一样,需要每次创建新的Token
Dev https://dev-gateway.fox.one/ Product https://openapi.fox.one/
一个具体实际的例子,传入的url为完整的url,函数正则截取 host 对host 之后的path进行签名和请求
const regexSt = new RegExp('^https://[a-zA-Z0-9.-]*/');
async function signAndRequest(session, url, options) {
let host = url.match(regexSt)[0];
host = host.substring(0, host.length - 1);
const pathAndQuery = url.replace(regexSt, '/');
const signData = generateSignRequest({ method: options.method, url: pathAndQuery, body: options.body });
const token = await generateToken({ key: session.key, secret: session.secret, requestSign: signData.sign });
const finalUrl = `${host}${signData.uri}`;
const headers = {
...options.headers,
Authorization: `Bearer ${token}`,
};
const newOptions = {
...options,
method: options.method,
body: JSON.stringify(signData.body),
headers,
};
return window.fetch(finalUrl, newOptions);
}
以下为已集成了 passportsdk 的模版 FoxOne Admin 模版 FoxONE Maker 模板工程
Passport 提供了实用 PKCS1 格式封装的 RSA密钥对PIN进行加密。
对于加密提供了方法
function encryptPIN(pin: string, pem: string): Promise<string>;
如果需要对加密和解密进行测试 提供了方法
对加密的文本进行解密
function decryptPIN(pin: string, pem: string): Promise<string>;
验证公钥加密私钥解密
function verifyPEM(pin: string, pem: string, privatePem: string): Promise<string>;
Example: 以下例子来自单元测试 sign.test.ts
import { decryptPIN, encryptPIN } from "@foxone/passport";
const pem = `
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysHUv9wZvKMsqkJoYCKliX1D2HaN2NSTx/2FlqGR6BqSurdzWOPpeyJHztBbpTMldA4sTLLMY8xKrL0b98LxWn/EQgmuW8/YHdpNLoex7OdEXdQsu+J5iO7DEwfWmxuWrnCN+/7LDX/ssoRiOtaESZwYhnwkQ7sZM2ThQFxkSpX/ykBEMHvrFvEG2oJ43jim02q0CpRDlPpolRPJ4++FQPPDmpFFwrFurhHtl0h3Ct74g8NpHVxklAHm7s/WA2sDcC4YHfRKwXAefSNh29+seh06aRZAqjxz0l98Sy2JrmFGEfy7zdzq+5Ot1Ee712hbtHJbKmHv7uaBoiQo69F6awIDAQAB-----END RSA PUBLIC KEY-----
`;
const pripem = `
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAysHUv9wZvKMsqkJoYCKliX1D2HaN2NSTx/2FlqGR6BqSurdzWOPpeyJHztBbpTMldA4sTLLMY8xKrL0b98LxWn/EQgmuW8/YHdpNLoex7OdEXdQsu+J5iO7DEwfWmxuWrnCN+/7LDX/ssoRiOtaESZwYhnwkQ7sZM2ThQFxkSpX/ykBEMHvrFvEG2oJ43jim02q0CpRDlPpolRPJ4++FQPPDmpFFwrFurhHtl0h3Ct74g8NpHVxklAHm7s/WA2sDcC4YHfRKwXAefSNh29+seh06aRZAqjxz0l98Sy2JrmFGEfy7zdzq+5Ot1Ee712hbtHJbKmHv7uaBoiQo69F6awIDAQABAoIBAEoaLTcxqfZXbKuNObho8TceoP0r1wu4JYqiDYDP7BN4Isg6491I7rwh+zyKyfPGjZms1GPztN+EeoZHV0Fl7e+1YnUANMk5XTML5clrrot2unXQZckFLIXvPTxnUPe/TYLTgBDpPizg5BEacQwv+oksk4oTNO3MI5m09N4g5kabhJDmWa/aSi5iAVmVLlCAe0eMCqwtrFB8CKWgW2X/pVLTvwU0QTnXUsjxSr9KwFAMAymowzn/3f9yXxSFjOAGzE5BQzf7MbjG/k3Tj2WUi09+iONKjG1pU9FGj8Aai2G/2SE+4kAPR8aUv+pwQfUPOKn1CygVeQKzTNIOOF3wawECgYEA9901/6nt7Do7Mzm2R6z40F7VEGoWvZuDXXFYI9UdWxYAKZpOOxJ038kXakOM2T/HhAj35roGG7K2sY/leqSKb6lb01xp9KGq8Jndtgddfle4yR87LxNp/OREJA3TzyROWLz/HU+6xdZXDJZBj9JXeqGtlTg6yKJH/e8KB9vQB5kCgYEA0WmWuUIb01VP6InQCnvSb+92JlxW9KMEMveEOxwKpcfXMcLVss9wlLS15inyr3Z7Si4OPGp8gVH8DBWA1GKZpdl8v5zKXGiyonbVLVtkaklG8H/blbGb5lB/M+ohWBP1Oe6kULHuwj1i3cm8gXehEFg5ASVHHtUfoZGjKq4YRKMCgYBh3Enclifks5z5/Zg1NlrKUhbHM0ulMsgr1XtaMmMzujz4L/8hHYldbZS8FM2AXMkWHUBbLSkKOIYfFtQgluQ9b91cVslSl53Y/rbljoTgRBwl9Bm23XBkM2+f2IG+7/Oq33vOA9OXFqgpxQ0/jmmRdlIFbzzuR/wqiv0n2yaISQKBgARqe5kwgbG1LNg0f8SY09k0bYNlkxfZkC8a9RjiAH96dVlBSIxav38DSIqv+8QjdXoc+oPfovx/JBeFJJBV+/N5YJ4Rylqkgo/WfaxVLwrmvK45pAHGGwmCTQxlNYrL8PHlzGU/O0+xR7JxnJ4GTckwcxNJG/TUfbREg/JUdYKNAoGAeCxO4kf7y9i+0ll1wPyfIFctJrwicXoH43L4CsDr4Ed0RI6V7qeY3k2zZY/OLgVkjF4fQeEVXrVvMA/dRlmjhciKS8ahUZTrPStegv73y573JN46D1fvF7rrt7Uu4QvQd5iGP5w/DIERB4sfANycTqJiyaQhNpla38Nd4AuSC4E=-----END RSA PRIVATE KEY-----
`
const encrtypPIN = await encryptPIN('123456', pem);
console.log(encrtypPIN);
const message = await decryptPIN(encrtypPIN, pripem);
console.log(message);
对于需要自己携带 PIN 的请求,如不在请求时的 body 里传入值,那么需要在 JWT 里放入 PIN,生成带 PIN 的 JWT 的例子如下
const encrtypPIN = await encryptPIN('123456', pem);
const token = await generateTokenWithPIN({ key: KEY, secret: SECRET, requestSign: SIGN, pin: encrtypPIN });
FAQs
@foxone/passport SDK 是Fox.One API 的接口的封装。
We found that @foxone/passport demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.