38 lines
1.7 KiB
JavaScript
38 lines
1.7 KiB
JavaScript
|
import LibGenerateTestUserSig from './lib-generate-test-usersig-es.min.js';
|
|||
|
/**
|
|||
|
* Signature expiration time, which should not be too short
|
|||
|
* Time unit: second
|
|||
|
* Default time: 7 * 24 * 60 * 60 = 604800 = 7days
|
|||
|
*/
|
|||
|
const EXPIRETIME = 604800;
|
|||
|
|
|||
|
/**
|
|||
|
* Module: GenerateTestUserSig
|
|||
|
*
|
|||
|
* Description: Generates UserSig for testing. UserSig is a security signature designed by Tencent Cloud for its cloud services.
|
|||
|
* It is calculated based on `SDKAppID`, `UserID`, and `EXPIRETIME` using the HMAC-SHA256 encryption algorithm.
|
|||
|
*
|
|||
|
* Attention: For the following reasons, do not use the code below in your commercial application.
|
|||
|
*
|
|||
|
* The code may be able to calculate UserSig correctly, but it is only for quick testing of the SDK’s basic features, not for commercial applications.
|
|||
|
* `SECRETKEY` in client code can be easily decompiled and reversed, especially on web.
|
|||
|
* Once your key is disclosed, attackers will be able to steal your Tencent Cloud traffic.
|
|||
|
*
|
|||
|
* The correct method is to deploy the `UserSig` calculation code and encryption key on your project server so that your application can request from your server a `UserSig` that is calculated whenever one is needed.
|
|||
|
* Given that it is more difficult to hack a server than a client application, server-end calculation can better protect your key.
|
|||
|
*
|
|||
|
* Reference: https://cloud.tencent.com/document/product/647/17275#Server
|
|||
|
*/
|
|||
|
|
|||
|
function genTestUserSig(options) {
|
|||
|
const { SDKAppID, secretKey, userID } = options;
|
|||
|
const generator = new LibGenerateTestUserSig(SDKAppID, secretKey, EXPIRETIME);
|
|||
|
const userSig = generator.genTestUserSig(userID);
|
|||
|
return {
|
|||
|
SDKAppID,
|
|||
|
userSig,
|
|||
|
};
|
|||
|
}
|
|||
|
|
|||
|
export { genTestUserSig, EXPIRETIME };
|