首頁 探索 說明
註冊 登入
root
/
his_user_miniapp
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 893e66d705
分支列表 標籤列表
his_user_min...
/
node_modules
/
@tencentcloud
/
chat-uikit-uniapp
/
debug
/
GenerateTestUserSig.js

GenerateTestUserSig.js 3.0 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. import LibGenerateTestUserSig from './lib-generate-test-usersig-es.min.js';
    2. 

  2. /**
    3. 

  3.  * Signature expiration time, which should not be too short
    4. 

  4.  * Time unit: second
    5. 

  5.  * Default time: 7 * 24 * 60 * 60 = 604800 = 7days
    6. 

  6.  *
    7. 

  7.  * 签名过期时间,建议不要设置的过短
    8. 

  8.  * 时间单位:秒
    9. 

  9.  * 默认时间:7 x 24 x 60 x 60 = 604800 = 7 天
    10. 

  10.  */
    11. 

  11. const EXPIRETIME = 604800;
    12. 

  12. 

  13. /**
    14. 

  14.  * Module: GenerateTestUserSig
    15. 

  15.  *
    16. 

  16.  * Description: Generates UserSig for testing. UserSig is a security signature designed by Tencent Cloud for its cloud services.
    17. 

  17.  * It is calculated based on `SDKAppID`, `UserID`, and `EXPIRETIME` using the HMAC-SHA256 encryption algorithm.
    18. 

  18.  *
    19. 

  19.  * Attention: For the following reasons, do not use the code below in your commercial application.
    20. 

  20.  *
    21. 

  21.  * The code may be able to calculate UserSig correctly, but it is only for quick testing of the SDK’s basic features, not for commercial applications.
    22. 

  22.  * `SECRETKEY` in client code can be easily decompiled and reversed, especially on web.
    23. 

  23.  * Once your key is disclosed, attackers will be able to steal your Tencent Cloud traffic.
    24. 

  24.  *
    25. 

  25.  * The correct method is to deploy the `UserSig` calculation code and encryption key on your project server so that your application can request from your server a `UserSig` that is calculated whenever one is needed.
    26. 

  26.  * Given that it is more difficult to hack a server than a client application, server-end calculation can better protect your key.
    27. 

  27.  *
    28. 

  28.  * Reference: https://cloud.tencent.com/document/product/647/17275#Server
    29. 

  29.  *
    30. 

  30.  *
    31. 

  31.  * Module:   GenerateTestUserSig
    32. 

  32.  *
    33. 

  33.  * Function: 用于生成测试用的 UserSig,UserSig 是腾讯云为其云服务设计的一种安全保护签名。
    34. 

  34.  *           其计算方法是对 SDKAppID、UserID 和 EXPIRETIME 进行加密,加密算法为 HMAC-SHA256。
    35. 

  35.  *
    36. 

  36.  * Attention: 请不要将如下代码发布到您的线上正式版本的 App 中,原因如下:
    37. 

  37.  *
    38. 

  38.  *            本文件中的代码虽然能够正确计算出 UserSig,但仅适合快速调通 SDK 的基本功能,不适合线上产品,
    39. 

  39.  *            这是因为客户端代码中的 SECRETKEY 很容易被反编译逆向破解,尤其是 Web 端的代码被破解的难度几乎为零。
    40. 

  40.  *            一旦您的密钥泄露,攻击者就可以计算出正确的 UserSig 来盗用您的腾讯云流量。
    41. 

  41.  *
    42. 

  42.  *            正确的做法是将 UserSig 的计算代码和加密密钥放在您的业务服务器上,然后由 App 按需向您的服务器获取实时算出的 UserSig。
    43. 

  43.  *            由于破解服务器的成本要高于破解客户端 App,所以服务器计算的方案能够更好地保护您的加密密钥。
    44. 

  44.  *
    45. 

  45.  * Reference:https://cloud.tencent.com/document/product/647/17275#Server
    46. 

  46.  */
    47. 

  47. 

  48. function genTestUserSig(options) {
    49. 

  49.   const { SDKAppID, secretKey, userID } = options;
    50. 

  50.   const generator = new LibGenerateTestUserSig(SDKAppID, secretKey, EXPIRETIME);
    51. 

  51.   const userSig = generator.genTestUserSig(userID);
    52. 

  52.   return {
    53. 

  53.     SDKAppID,
    54. 

  54.     userSig,
    55. 

  55.   };
    56. 

  56. }
    57. 

  57. 

  58. export { genTestUserSig, EXPIRETIME };
    59.