sign.js 2.38 KB
/**
 * 签名
 * @author: bikai
 * @date: 2016/5/6
 */

'use strict';
const _ = require('lodash');
const md5 = require('md5');

const privateKey = {
    android: 'fd4ad5fcfa0de589ef238c0e7331b585',
    iphone: 'a85bb0674e08986c6b115d5e3a4884fa',
    ipad: 'ad9fcda2e679cf9229e37feae2cdcf80',
    web: '0ed29744ed318fd28d2c07985d3ba633',
    yoho: 'fd4ad5fcsa0de589af23234ks1923ks',
    h5: 'fd4ad5fcfa0de589ef238c0e7331b585'
};

/**
 * 排序参数
 * @param  {Object} argument 需要排序的参数对象
 * @return {Object}          排序之后的参数对象
 */
const packageSort = argument => {
    let newObj = {};

    for (let k of Object.keys(argument).sort()) {
        newObj[k] = argument[k];
    }

    return newObj;
};

/**
 * 生成签名
 * @param  {Object} argument 需要签名的数据
 * @return {string}          生成的签名字符串
 */
const makeSign = argument => {
    let qs = [];

    _.forEach(argument, function(value, key) {
        qs.push(key + '=' + _.trim(value));
    });

    return md5(qs.join('&')).toLowerCase();
};

// 生成API签名,调用后端接口的时候有私钥校验
exports.apiSign = (params) => {
    const clientType = params.client_type || 'h5';
    /* eslint-disable */
    let sign = packageSort(Object.assign({
        client_type: clientType,
        private_key: privateKey[clientType],
        app_version: '4.3.0',
        os_version: 'yohobuy:h5',
        screen_size: '720x1280',
        v: '7'
    }, params));
    /* eslint-enable */

    sign = Object.assign(sign, {
        client_secret: makeSign(sign) // eslint-disable-line camelcase
    });
    delete sign.private_key;
    return sign;
};

// 检查签名,APP 访问 H5 页面的时候需要检查
exports.checkSign = (params) => {
    let clientSecret = params.client_secret, // eslint-disable-line camelcase
        sortedParams;

    // 忽略部分参数
    delete params.client_secret;
    delete params.q;
    delete params.debug_data;
    delete params['/api'];

    params.private_key = privateKey[params.client_type]; // eslint-disable-line camelcase
    sortedParams = packageSort(params);

    return clientSecret === makeSign(sortedParams);
};

// 检查签名,APP 访问 H5 页面的时候需要检查, 有可能不同于上边的签名方式
exports.webSign = (params) => {
    const webPrivateKey = 'yohobuyapp';

    return params.key === md5(md5(webPrivateKey) + params.uid);
};