Página Principal Explorar Ajuda
Iniciar Sessão
lijunfeng
/
baiyuApp
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ramo: master
Ramos Etiquetas
baiyuApp
/
uniCloud-alipay
/
cloudfunctions
/
uni-id-co
/
lib
/
third-party
/
apple
/
account
/
index.js

index.js 2.1 KB
Link permanente Histórico Em bruto

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. const rsaPublicKeyPem = require('../rsa-public-key-pem')
    2. 

  2. const {
    3. 

  3.   jwtVerify
    4. 

  4. } = require('../../../npm/index')
    5. 

  5. let authKeysCache = null
    6. 

  6. 

  7. module.exports = class Auth {
    8. 

  8.   constructor (options) {
    9. 

  9.     this.options = Object.assign({
    10. 

  10.       baseUrl: 'https://appleid.apple.com',
    11. 

  11.       timeout: 10000
    12. 

  12.     }, options)
    13. 

  13.   }
    14. 

  14. 

  15.   async _fetch (url, options) {
    16. 

  16.     const { baseUrl } = this.options
    17. 

  17.     return uniCloud.httpclient.request(baseUrl + url, options)
    18. 

  18.   }
    19. 

  19. 

  20.   async verifyIdentityToken (identityToken) {
    21. 

  21.     // 解密出kid,拿取key
    22. 

  22.     const jwtHeader = identityToken.split('.')[0]
    23. 

  23.     const { kid } = JSON.parse(Buffer.from(jwtHeader, 'base64').toString())
    24. 

  24.     let authKeys
    25. 

  25.     if (authKeysCache) {
    26. 

  26.       authKeys = authKeysCache
    27. 

  27.     } else {
    28. 

  28.       authKeys = await this.getAuthKeys()
    29. 

  29.       authKeysCache = authKeys
    30. 

  30.     }
    31. 

  31.     const usedKey = authKeys.find(item => item.kid === kid)
    32. 

  32. 

  33.     /**
    34. 

  34.      * identityToken 格式
    35. 

  35.      *
    36. 

  36.      * {
    37. 

  37.      *   iss: 'https://appleid.apple.com',
    38. 

  38.      *   aud: 'io.dcloud.hellouniapp',
    39. 

  39.      *   exp: 1610626724,
    40. 

  40.      *   iat: 1610540324,
    41. 

  41.      *   sub: '000628.30119d332d9b45a3be4a297f9391fd5c.0403',
    42. 

  42.      *   c_hash: 'oFfgewoG36cJX00KUbj45A',
    43. 

  43.      *   email: 'x2awmap99s@privaterelay.appleid.com',
    44. 

  44.      *   email_verified: 'true',
    45. 

  45.      *   is_private_email: 'true',
    46. 

  46.      *   auth_time: 1610540324,
    47. 

  47.      *   nonce_supported: true
    48. 

  48.      * }
    49. 

  49.      */
    50. 

  50.     const payload = jwtVerify(
    51. 

  51.       identityToken,
    52. 

  52.       rsaPublicKeyPem(usedKey.n, usedKey.e),
    53. 

  53.       {
    54. 

  54.         algorithms: usedKey.alg
    55. 

  55.       }
    56. 

  56.     )
    57. 

  57. 

  58.     if (payload.iss !== 'https://appleid.apple.com' || payload.aud !== this.options.bundleId) {
    59. 

  59.       throw new Error('Invalid identity token')
    60. 

  60.     }
    61. 

  61. 

  62.     return {
    63. 

  63.       openid: payload.sub,
    64. 

  64.       email: payload.email,
    65. 

  65.       emailVerified: payload.email_verified === 'true',
    66. 

  66.       isPrivateEmail: payload.is_private_email === 'true'
    67. 

  67.     }
    68. 

  68.   }
    69. 

  69. 

  70.   async getAuthKeys () {
    71. 

  71.     const { status, data } = await this._fetch('/auth/keys', {
    72. 

  72.       method: 'GET',
    73. 

  73.       dataType: 'json',
    74. 

  74.       timeout: this.options.timeout
    75. 

  75.     })
    76. 

  76.     if (status !== 200) throw new Error('request https://appleid.apple.com/auth/keys fail')
    77. 

  77.     return data.keys
    78. 

  78.   }
    79. 

  79. }
    80.