fe / yohobuywap-node · Files

Go to a project
sign.js 2.27 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 
/**
 * 签名
 * @author: bikai
 * @date: 2016/5/6
 */

'use strict';

const _ = require('lodash');
const md5 = require('md5');

const privateKey = {
    android: 'fd4ad5fcfa0de589ef238c0e7331b585',
    iphone: 'a85bb0674e08986c6b115d5e3a4884fa',
    ipad: 'ad9fcda2e679cf9229e37feae2cdcf80',
    web: '0ed29744ed318fd28d2c07985d3ba633',
    yoho: 'fd4ad5fcsa0de589af23234ks1923ks',
    h5: 'fd4ad5fcfa0de589ef238c0e7331b585'
};

/**
 * 排序参数
 * @param  {Object} argument 需要排序的参数对象
 * @return {Object}          排序之后的参数对象
 */
const packageSort = argument => {
    var newObj = {};

    for (let k of Object.keys(argument).sort()) {
        newObj[k] = argument[k];
    }

    return newObj;
};

/**
 * 生成签名
 * @param  {Object} argument 需要签名的数据
 * @return {string}          生成的签名字符串
 */
const makeSign = argument => {
    var qs = [];

    _.forEach(argument, function(value, key) {
        qs.push(key + '=' + _.trim(value));
    });

    return md5(qs.join('&')).toLowerCase();
};

// 生成API签名,调用后端接口的时候有私钥校验
exports.apiSign = (params) => {

    /* eslint-disable */
    var sign = packageSort(Object.assign({
        client_type: 'h5',
        private_key: privateKey.h5,
        app_version: '3.8.2',
        os_version: 'yohobuy:h5',
        screen_size: '720x1280',
        v: '7'
    }, params));

    /* eslint-enable */

    return Object.assign(sign, {

        client_secret: makeSign(sign) // eslint-disable-line camelcase
    });
};

// 检查签名,APP 访问 H5 页面的时候需要检查
exports.checkSign = (params) => {
    var clientSecret = params.client_secret, // eslint-disable-line camelcase
        sortedParams;

    // 忽略部分参数
    delete params.client_secret;
    delete params.q;
    delete params.debug_data;
    delete params['/api'];

    params.private_key = privateKey[params.client_type]; // eslint-disable-line camelcase
    sortedParams = packageSort(params);

    return clientSecret === makeSign(sortedParams);
};

// 检查签名,APP 访问 H5 页面的时候需要检查, 有可能不同于上边的签名方式
exports.webSign = (params) => {
    var webPrivateKey = 'yohobuyapp';

    return params.key === md5(md5(webPrivateKey) + params.uid);
};