sign.js 2.75 KB
/**
 * 签名
 * @author: bikai
 * @date: 2016/5/6
 */

'use strict';
const _ = require('lodash');
const md5 = require('md5');

const privateKey = {
    android: 'fd4ad5fcfa0de589ef238c0e7331b585',
    iphone: 'a85bb0674e08986c6b115d5e3a4884fa',
    ipad: 'ad9fcda2e679cf9229e37feae2cdcf80',
    web: '0ed29744ed318fd28d2c07985d3ba633',
    yoho: 'fd4ad5fcsa0de589af23234ks1923ks',
    h5: 'fd4ad5fcfa0de589ef238c0e7331b585'
};

/**
 * 排序参数
 * @param  {Object} argument 需要排序的参数对象
 * @return {Object}          排序之后的参数对象
 */
const packageSort = argument => {
    const newObj = {};

    for (const k of Object.keys(argument).sort()) {
        newObj[k] = argument[k];
    }

    return newObj;
};

/**
 * 生成签名
 * @param  {Object} argument 需要签名的数据
 * @return {string}          生成的签名字符串
 */
const makeSign = argument => {
    const qs = [];

    _.forEach(argument, (value, key) => {
        value = _.trim(value);
        qs.push(`${key}=${value}`);
        argument[key] = value;
    });

    return md5(qs.join('&')).toLowerCase();
};

// 生成API签名,调用后端接口的时候有私钥校验
exports.apiSign = (params, app, appVersion, signExtend) => {
    const clientType = params.client_type || app;

    appVersion = appVersion || '4.6.0';
    signExtend = signExtend || {};

    /* eslint-disable */
    let sign = packageSort(Object.assign({
        client_type: clientType,
        private_key: privateKey[clientType],
        app_version: appVersion,
        os_version: `yohobuy:${app}`,
        screen_size: '720x1280',
        v: '7'
    }, signExtend, params));
    /* eslint-enable */

    sign = Object.assign(sign, {
        client_secret: makeSign(sign) // eslint-disable-line camelcase
    });
    delete sign.private_key;
    return sign;
};

// 检查签名,APP 访问 H5 页面的时候需要检查
exports.checkSign = (params) => {
    const clientSecret = params.client_secret; // eslint-disable-line camelcase

    let sortedParams;

    // 忽略部分参数
    delete params.client_secret;
    delete params.q;
    delete params.debug_data;
    delete params['/api'];

    params.private_key = privateKey[params.client_type]; // eslint-disable-line camelcase
    sortedParams = packageSort(params);

    return clientSecret === makeSign(sortedParams);
};

// 检查签名,APP 访问 H5 页面的时候需要检查, 有可能不同于上边的签名方式
exports.webSign = (params) => {
    const webPrivateKey = 'yohobuyapp';

    return params.key === md5(md5(webPrivateKey) + params.uid);
};

// 生成 token
exports.makeToken = (string) => {
    return md5(md5(string + '#@!@#'));
};

// 校验 token
exports.verifyToken = (string, token) => {
    return exports.makeToken(string) === token;
};