sound-force/sign-doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加TypeScript实现的API签名工具,包括项目配置、命令行工具、核心库及相关文档,支持多种签名算法和环境变量配置。

Browse Source
This commit is contained in:
SF-bytebytebrew
2025-05-21 14:19:07 +08:00
parent b92d406bac
commit 07b9de3eec
6 changed files with 3548 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

288
typescript/README.md Normal file
View File

@@ -0,0 +1,288 @@
# API签名工具 - TypeScript实现
## 项目结构
根据实际项目文件结构:
```plaintext
typescript/
├── src/
│ ├── index.ts # 主模块和核心实现
│ └── cli.ts # 命令行工具入口
├── dist/ # 编译输出目录
├── node_modules/ # 依赖包目录
├── package.json # 项目配置
├── package-lock.json # 依赖锁定文件
└── tsconfig.json # TypeScript配置
```
## 使用方法
### 安装依赖
```bash
npm install
```
### 构建项目
```bash
npm run build
```
### 运行命令行工具
```bash
npm start -- [选项]
```
或直接运行编译后的CLI
```bash
node dist/cli.js [选项]
```
### 命令行选项
| 选项 | 描述 |
|------|------|
| `-a, --algorithm` | 签名算法: md5, sha1, sha256, hmac-sha256 |
| `-u, --url` | API基础URL |
| `-p, --param` | 请求参数格式为key=value可多次使用 |
| `-k, --key` | 访问密钥ID |
| `-s, --secret` | 密钥 |
| `-c, --channel` | 合作渠道方ID |
| `-h, --help` | 显示帮助信息 |
| `-m, --mode` | 操作模式: url, params, verify |
| `-j, --json` | 以JSON格式指定参数 |
| `-v, --version` | 显示版本信息 |
### 常用命令示例
**基本用法**
```bash
node dist/cli.js
```
**自定义参数**
```bash
node dist/cli.js \
-u "https://api.example.com/user/info" \
-p "userId=12345" -p "action=getInfo" \
-k "YOUR_ACCESS_KEY" \
-s "YOUR_SECRET_KEY" \
-c "3"
```
**使用JSON参数**
```bash
node dist/cli.js -j '{"userId": "12345", "action": "getData"}'
```
**指定签名算法**
```bash
node dist/cli.js -a sha256
```
**生成签名参数**
```bash
node dist/cli.js -m params -p "userId=12345" -p "action=getData"
```
**验证签名**
```bash
node dist/cli.js -m verify -p "userId=12345" -p "action=getData" -p "AccessKeyId=test-key" -p "channelId=test-channel" -p "timestamp=1621234567890" -p "nonce=abc123" -p "sign=calculated-signature-here"
```
**帮助信息**
```bash
node dist/cli.js --help
```
### API接口测试实例
使用真实API接口进行测试
```bash
# 未签名的API调用测试 - 返回错误
curl "https://api-v1.sound-force.com:8443/p/album/single/media-url?channelId=3&singleId=381980"
# 返回: {"code":400,"data":null,"msg":"Missing AccessKeyId","success":false}
# 生成访问https://api-v1.sound-force.com:8443/p/album/single/media-url的签名URL
node dist/cli.js \
-a md5 \
-u "https://api-v1.sound-force.com:8443/p/album/single/media-url" \
-p "singleId=381980" \
-k "YOUR_ACCESS_KEY" \
-s "YOUR_SECRET_KEY" \
-c "3"
# 使用curl测试API接口
signed_url=$(node dist/cli.js \
-a md5 \
-u "https://api-v1.sound-force.com:8443/p/album/single/media-url" \
-p "singleId=381980" \
-k "YOUR_ACCESS_KEY" \
-s "YOUR_SECRET_KEY" \
-c "3" | grep -A 1 "签名后的URL:" | tail -n 1)
curl -v "$signed_url"
```
请注意:
- 替换`YOUR_ACCESS_KEY`为实际的访问密钥ID
- 替换`YOUR_SECRET_KEY`为实际的密钥
- 示例使用的渠道ID为`3`,请根据实际情况调整
使用有效的密钥和签名后API接口将返回成功响应(状态码200)并提供媒体URL数据。
### Node.js HTTP客户端测试示例
```javascript
const { execSync } = require('child_process');
const https = require('https');
const url = require('url');
// 获取签名URL
const output = execSync('node dist/cli.js -a md5 -u "https://api-v1.sound-force.com:8443/p/album/single/media-url" -p "singleId=381980" -k "YOUR_ACCESS_KEY" -s "YOUR_SECRET_KEY" -c "3"').toString();
const lines = output.split('\n');
let signedUrl = '';
for (let i = 0; i < lines.length; i++) {
if (lines[i].includes('签名后的URL:') && i + 1 < lines.length) {
signedUrl = lines[i + 1].trim();
break;
}
}
console.log('签名生成的URL:', signedUrl);
if (signedUrl) {
// 解析URL
const parsedUrl = url.parse(signedUrl);
// 创建请求选项
const options = {
hostname: parsedUrl.hostname,
port: parsedUrl.port,
path: parsedUrl.path,
method: 'GET',
rejectUnauthorized: false // 忽略SSL证书验证仅用于测试
};
// 发送请求
const req = https.request(options, (res) => {
console.log(`状态码: ${res.statusCode}`);
let data = '';
res.on('data', (chunk) => {
data += chunk;
});
res.on('end', () => {
console.log(`响应内容: ${data}`);
});
});
req.on('error', (error) => {
console.error(`请求错误: ${error.message}`);
});
req.end();
} else {
console.error('无法从输出中获取签名URL');
}
```
### 代码集成
```typescript
import { ApiSigner, SignOptions, SignatureAlgorithm } from './dist';
// 创建签名选项
const options: SignOptions = {
algorithm: SignatureAlgorithm.MD5
};
// 创建签名工具
const signer = new ApiSigner(options);
// 准备请求参数
const params = {
singleId: '381980'
};
// 执行签名
const signedParams = signer.signRequest(
params,
'YOUR_ACCESS_KEY',
'YOUR_SECRET_KEY',
'3'
);
// 或签名URL
const signedUrl = signer.signUrl(
'https://api-v1.sound-force.com:8443/p/album/single/media-url',
params,
'YOUR_ACCESS_KEY',
'YOUR_SECRET_KEY',
'3'
);
console.log(signedUrl);
```
### 浏览器使用
```html
<script src="dist/apisign.min.js"></script>
<script>
const { ApiSigner, SignatureAlgorithm } = window.ApiSigner;
const signer = new ApiSigner({
algorithm: SignatureAlgorithm.MD5
});
const signedUrl = signer.signUrl(
'https://api-v1.sound-force.com:8443/p/album/single/media-url',
{ singleId: '381980' },
'YOUR_ACCESS_KEY',
'YOUR_SECRET_KEY',
'3'
);
console.log(signedUrl);
// 使用fetch API测试
fetch(signedUrl, {
mode: 'no-cors' // 跨域请求设置
})
.then(response => {
console.log('状态码:', response.status);
return response.text();
})
.then(data => {
console.log('响应内容:', data);
})
.catch(error => {
console.error('请求错误:', error);
});
</script>
```
### 环境变量
该工具支持从`.env`文件加载以下配置:
- `ACCESS_KEY_ID`: 访问密钥ID
- `SECRET_KEY`: 密钥
- `CHANNEL_ID`: 渠道ID
- `SIGN_ALGORITHM`: 签名算法
- `API_BASE_URL`: API基础URL

36
typescript/package.json Normal file
View File

@@ -0,0 +1,36 @@
{
"name": "api-signer",
"version": "1.0.0",
"description": "API签名工具 - TypeScript实现",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"build": "tsc",
"start": "ts-node src/cli.ts",
"test": "jest",
"prepublish": "pnpm run build"
},
"keywords": [
"api",
"signature",
"authentication",
"security"
],
"author": "Sound Force",
"license": "MIT",
"dependencies": {
"crypto-js": "^4.1.1",
"dotenv": "^16.0.3",
"minimist": "^1.2.8"
},
"devDependencies": {
"@types/crypto-js": "^4.1.1",
"@types/jest": "^29.5.0",
"@types/minimist": "^1.2.2",
"@types/node": "^22.15.18",
"jest": "^29.5.0",
"ts-jest": "^29.0.5",
"ts-node": "^10.9.1",
"typescript": "^5.0.2"
}
}

2746
typescript/pnpm-lock.yaml generated Normal file
View File

File diff suppressed because it is too large Load Diff

182
typescript/src/cli.ts Normal file
View File

@@ -0,0 +1,182 @@
#!/usr/bin/env node
import {ApiSigner, SignatureAlgorithm, SignOptions} from './index';
import minimist from 'minimist';
import {config} from 'dotenv';
import * as path from 'path';
// 加载环境变量
config({path: path.resolve(process.cwd(), '../.env')});
/**
* 显示帮助信息
*/
function showHelp(): void {
console.log(`
API签名工具 - 命令行接口
用法: node cli.js [选项]
选项:
-a, --algorithm <algorithm> 签名算法: MD5, SHA1, SHA256, HMAC_SHA256 (默认: MD5)
-k, --key <accessKeyId> 访问密钥ID (默认: 环境变量ACCESS_KEY_ID)
-c, --channel <channelId> 合作渠道方ID (默认: 环境变量CHANNEL_ID)
-s, --secret <secretKey> 密钥 (默认: 环境变量SECRET_KEY)
-u, --url <url> 基础URL地址 (默认: 环境变量API_BASE_URL)
-p, --param <key=value> 请求参数格式为key=value可多次指定
-m, --mode <mode> 操作模式: url, params, verify (默认: url)
-h, --help 显示帮助信息
示例:
node cli.js -a MD5 -u "https://api.example.com/v1/data" -p "userId=12345" -p "action=getData"
`);
process.exit(0);
}
/**
* 命令行参数解析
*/
const args = minimist(process.argv.slice(2), {
string: ['algorithm', 'key', 'channel', 'secret', 'url', 'mode', 'param'],
boolean: ['help'],
alias: {
a: 'algorithm',
k: 'key',
c: 'channel',
s: 'secret',
u: 'url',
p: 'param',
m: 'mode',
h: 'help'
},
default: {
algorithm: process.env.SIGN_ALGORITHM ?? 'MD5',
key: process.env.ACCESS_KEY_ID ?? 'test-access-key-id',
channel: process.env.CHANNEL_ID ?? 'test-channel-id',
secret: process.env.SECRET_KEY ?? 'test-secret-key',
url: process.env.API_BASE_URL ?? 'https://api.example.com/v1/data',
mode: 'url',
param: []
}
});
if (args.help) {
showHelp();
}
let algorithm: SignatureAlgorithm;
try {
switch (args.algorithm.toUpperCase()) {
case 'MD5':
algorithm = SignatureAlgorithm.MD5;
break;
case 'SHA1':
algorithm = SignatureAlgorithm.SHA1;
break;
case 'SHA256':
algorithm = SignatureAlgorithm.SHA256;
break;
case 'HMAC_SHA256':
case 'HMACSHA256':
case 'HMAC-SHA256':
algorithm = SignatureAlgorithm.HMAC_SHA256;
break;
default:
console.warn(`警告: 无效的签名算法: ${args.algorithm}使用默认MD5算法`);
algorithm = SignatureAlgorithm.MD5;
}
} catch (error) {
console.warn(`警告: ${error}使用默认MD5算法`);
algorithm = SignatureAlgorithm.MD5;
}
const options: SignOptions = {
algorithm,
keyName: 'AccessKeyId',
channelIdName: 'channelId',
timestampName: 'timestamp',
nonceName: 'nonce',
signatureName: 'sign'
};
const signer = new ApiSigner(options);
const params: Record<string, string> = {};
if (args.param) {
const paramArray = Array.isArray(args.param) ? args.param : [args.param];
for (const param of paramArray) {
if (param.includes('=')) {
const [key, value] = param.split('=', 2);
params[key] = value;
}
}
}
if (Object.keys(params).length === 0) {
params.userId = '12345';
params.action = 'getData';
params.data = '测试数据';
}
console.log('===================== API签名示例 =====================');
console.log(`AccessKeyId: ${args.key}`);
console.log(`ChannelId: ${args.channel}`);
console.log(`SecretKey: ${args.secret}`);
console.log(`签名算法: ${algorithm}`);
console.log(`基础URL: ${args.url}`);
console.log('请求参数:', params);
if (args.mode === 'url') {
const signedUrl = signer.signUrl(args.url, params, args.key, args.secret, args.channel);
console.log('\n签名后的URL:');
console.log(signedUrl);
} else if (args.mode === 'params') {
const signedParams = signer.signRequest(params, args.key, args.secret, args.channel);
console.log('\n签名后的参数:');
for (const [key, value] of Object.entries(signedParams)) {
console.log(` ${key}: ${value}`);
}
} else if (args.mode === 'verify') {
if (options.signatureName in params) {
const result = signer.verifySignature(params, args.secret);
console.log('\n签名验证结果:');
if (result.valid) {
console.log(' 验证成功');
} else {
console.log(` 验证失败: ${result.error}`);
}
} else {
const signedParams = signer.signRequest(params, args.key, args.secret, args.channel);
const result = signer.verifySignature(signedParams, args.secret);
console.log('\n签名验证结果:');
if (result.valid) {
console.log(' 验证成功');
} else {
console.log(` 验证失败: ${result.error}`);
}
}
} else {
console.error(`未知操作模式: ${args.mode}`);
process.exit(1);
}
console.log('\n不同算法的签名结果:');
const algorithms = [
SignatureAlgorithm.MD5,
SignatureAlgorithm.SHA1,
SignatureAlgorithm.SHA256,
SignatureAlgorithm.HMAC_SHA256
];
for (const alg of algorithms) {
const tempOptions: SignOptions = {...options, algorithm: alg};
const tempSigner = new ApiSigner(tempOptions);
const signParams = {...params};
signParams[options.keyName] = args.key;
signParams[options.channelIdName] = args.channel;
const signature = tempSigner.calculateSignature(signParams, args.secret);
console.log(` ${alg}: ${signature}`);
}

282
typescript/src/index.ts Normal file
View File

@@ -0,0 +1,282 @@
import MD5 from 'crypto-js/md5';
import SHA1 from 'crypto-js/sha1';
import SHA256 from 'crypto-js/sha256';
import HmacSHA256 from 'crypto-js/hmac-sha256';
import encHex from 'crypto-js/enc-hex';
/**
* 签名算法类型
*/
export enum SignatureAlgorithm {
/** MD5算法默认、最快 */
MD5 = 'MD5',
/** SHA1算法 */
SHA1 = 'SHA1',
/** SHA256算法 */
SHA256 = 'SHA256',
/** HMAC-SHA256算法最安全 */
HMAC_SHA256 = 'HMAC-SHA256'
}
/**
* 签名选项
*/
export interface SignOptions {
/** 签名算法 */
algorithm: SignatureAlgorithm;
/** AccessKeyId参数名 */
keyName: string;
/** 合作渠道方ID参数名 */
channelIdName: string;
/** 时间戳参数名 */
timestampName: string;
/** 随机字符串参数名 */
nonceName: string;
/** 签名参数名 */
signatureName: string;
}
/**
* 签名验证结果
*/
export interface SignVerifyResult {
/** 验证结果 */
valid: boolean;
/** 错误信息,验证成功时为空 */
error?: string;
}
/**
* API签名工具配置
*/
export const DEFAULT_SIGN_OPTIONS: SignOptions = {
algorithm: SignatureAlgorithm.MD5,
keyName: 'AccessKeyId',
channelIdName: 'channelId',
timestampName: 'timestamp',
nonceName: 'nonce',
signatureName: 'sign'
};
/**
* API签名工具
*/
export class ApiSigner {
private options: SignOptions;
/**
* 创建API签名工具
* @param options 签名选项如为undefined则使用默认选项
*/
constructor(options?: Partial<SignOptions>) {
this.options = {...DEFAULT_SIGN_OPTIONS, ...options};
}
/**
* 获取签名选项
*/
getOptions(): SignOptions {
return {...this.options};
}
/**
* 设置签名选项
* @param options 签名选项
*/
setOptions(options: Partial<SignOptions>): void {
this.options = {...this.options, ...options};
}
/**
* 生成随机字符串
* @returns 一个基于当前时间的随机字符串
*/
generateNonce(): string {
return `${Date.now()}${Math.floor(Math.random() * 1000)}`;
}
/**
* 获取当前时间戳(毫秒)
* @returns 当前的Unix时间戳毫秒
*/
getTimestamp(): number {
return Date.now();
}
/**
* 对请求进行签名
* @param params 请求参数
* @param accessKeyId 访问密钥ID
* @param secretKey 密钥
* @param channelId 合作渠道方ID
* @returns 添加了签名的完整参数
*/
signRequest(
params: Record<string, string>,
accessKeyId: string,
secretKey: string,
channelId: string
): Record<string, string> {
const signParams = {...params};
const timestamp = this.getTimestamp();
signParams[this.options.keyName] = accessKeyId;
signParams[this.options.channelIdName] = channelId;
signParams[this.options.timestampName] = timestamp.toString();
signParams[this.options.nonceName] = this.generateNonce();
signParams[this.options.signatureName] = this.calculateSignature(signParams, secretKey);
return signParams;
}
/**
* 对URL进行签名
* @param baseUrl 基础URL地址
* @param params 请求参数
* @param accessKeyId 访问密钥ID
* @param secretKey 密钥
* @param channelId 合作渠道方ID
* @returns 添加了签名的完整URL
*/
signUrl(
baseUrl: string,
params: Record<string, string>,
accessKeyId: string,
secretKey: string,
channelId: string
): string {
const signedParams = this.signRequest(params, accessKeyId, secretKey, channelId);
const queryString = this.paramsToQueryString(signedParams);
if (baseUrl.includes('?')) {
return `${baseUrl}&${queryString}`;
} else {
return `${baseUrl}?${queryString}`;
}
}
/**
* 将参数转换为查询字符串
* @param params 参数
* @returns 查询字符串
*/
private paramsToQueryString(params: Record<string, string>): string {
return Object.entries(params)
.map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`)
.join('&');
}
/**
* 计算签名
* @param params 请求参数
* @param secretKey 密钥
* @returns 签名字符串
*/
calculateSignature(params: Record<string, string>, secretKey: string): string {
const signingString = this.createSigningString(params);
const finalString = `${signingString}&key=${secretKey}`;
switch (this.options.algorithm) {
case SignatureAlgorithm.MD5:
return MD5(finalString).toString(encHex);
case SignatureAlgorithm.SHA1:
return SHA1(finalString).toString(encHex);
case SignatureAlgorithm.SHA256:
return SHA256(finalString).toString(encHex);
case SignatureAlgorithm.HMAC_SHA256:
return HmacSHA256(finalString, secretKey).toString(encHex);
default:
return MD5(finalString).toString(encHex);
}
}
/**
* 创建用于签名的规范化字符串
* @param params 请求参数
* @returns 按键名排序并拼接的字符串
*/
createSigningString(params: Record<string, string>): string {
const filteredParams: Record<string, string> = {};
Object.entries(params).forEach(([key, value]) => {
if (key !== this.options.signatureName) {
filteredParams[key] = value;
}
});
const keys = Object.keys(filteredParams).sort();
const parts: string[] = [];
for (const key of keys) {
const value = filteredParams[key];
const encodedValue = this.needsUrlEncode(value) ? encodeURIComponent(value) : value;
parts.push(`${key}=${encodedValue}`);
}
return parts.join('&');
}
/**
* 判断是否需要对字符串进行URL编码
* @param s 需要判断的字符串
* @returns 如果包含非字母数字字符返回true否则返回false
*/
private needsUrlEncode(s: string): boolean {
return !/^[a-zA-Z0-9]*$/.test(s);
}
/**
* 验证签名
* @param params 所有请求参数,包括签名
* @param secretKey 密钥
* @param maxAgeMs 允许的最大时间差毫秒默认为5分钟
* @returns 验证结果和错误信息
*/
verifySignature(
params: Record<string, string>,
secretKey: string,
maxAgeMs: number = 300000
): SignVerifyResult {
if (!params[this.options.keyName]) {
return {valid: false, error: `缺少参数: ${this.options.keyName}`};
}
if (!params[this.options.channelIdName]) {
return {valid: false, error: `缺少参数: ${this.options.channelIdName}`};
}
if (!params[this.options.timestampName]) {
return {valid: false, error: `缺少参数: ${this.options.timestampName}`};
}
const timestamp = parseInt(params[this.options.timestampName], 10);
if (isNaN(timestamp)) {
return {valid: false, error: '无效的时间戳'};
}
const now = this.getTimestamp();
if (Math.abs(now - timestamp) > maxAgeMs) {
return {valid: false, error: '时间戳过期'};
}
if (!params[this.options.nonceName]) {
return {valid: false, error: `缺少参数: ${this.options.nonceName}`};
}
if (!params[this.options.signatureName]) {
return {valid: false, error: `缺少参数: ${this.options.signatureName}`};
}
const providedSignature = params[this.options.signatureName];
const expectedSignature = this.calculateSignature(params, secretKey);
if (expectedSignature === providedSignature) {
return {valid: true};
} else {
return {valid: false, error: '签名不匹配'};
}
}
}

14
typescript/tsconfig.json Normal file
View File

@@ -0,0 +1,14 @@
{
"compilerOptions": {
"target": "es2019",
"module": "commonjs",
"declaration": true,
"outDir": "./dist",
"strict": true,
"esModuleInterop": true,
"skipLibCheck": true,
"forceConsistentCasingInFileNames": true
},
"include": ["src"],
"exclude": ["node_modules", "dist", "**/*.test.ts"]
}