UNPKG

http-auth-js

Version:

web digest auth

648 lines (588 loc) • 23.7 kB

JavaScript

function md5(instring){ var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ /* * These are the functions you'll usually want to call * They take string arguments and return either hex or base-64 encoded strings */ function hex_md5(s) { return rstr2hex(rstr_md5(str2rstr_utf8(s))); } function b64_md5(s) { return rstr2b64(rstr_md5(str2rstr_utf8(s))); } function any_md5(s, e) { return rstr2any(rstr_md5(str2rstr_utf8(s)), e); } function hex_hmac_md5(k, d) { return rstr2hex(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d))); } function b64_hmac_md5(k, d) { return rstr2b64(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d))); } function any_hmac_md5(k, d, e) { return rstr2any(rstr_hmac_md5(str2rstr_utf8(k), str2rstr_utf8(d)), e); } /* * Perform a simple self-test to see if the VM is working */ function md5_vm_test() { return hex_md5("abc").toLowerCase() == "900150983cd24fb0d6963f7d28e17f72"; } /* * Calculate the MD5 of a raw string */ function rstr_md5(s) { return binl2rstr(binl_md5(rstr2binl(s), s.length * 8)); } /* * Calculate the HMAC-MD5, of a key and some data (raw strings) */ function rstr_hmac_md5(key, data) { var bkey = rstr2binl(key); if(bkey.length > 16) bkey = binl_md5(bkey, key.length * 8); var ipad = Array(16), opad = Array(16); for(var i = 0; i < 16; i++) { ipad[i] = bkey[i] ^ 0x36363636; opad[i] = bkey[i] ^ 0x5C5C5C5C; } var hash = binl_md5(ipad.concat(rstr2binl(data)), 512 + data.length * 8); return binl2rstr(binl_md5(opad.concat(hash), 512 + 128)); } /* * Convert a raw string to a hex string */ function rstr2hex(input) { try { hexcase } catch(e) { hexcase=0; } var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; var output = ""; var x; for(var i = 0; i < input.length; i++) { x = input.charCodeAt(i); output += hex_tab.charAt((x >>> 4) & 0x0F) + hex_tab.charAt( x & 0x0F); } return output; } /* * Convert a raw string to a base-64 string */ function rstr2b64(input) { try { b64pad } catch(e) { b64pad=''; } var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; var output = ""; var len = input.length; for(var i = 0; i < len; i += 3) { var triplet = (input.charCodeAt(i) << 16) | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0) | (i + 2 < len ? input.charCodeAt(i+2) : 0); for(var j = 0; j < 4; j++) { if(i * 8 + j * 6 > input.length * 8) output += b64pad; else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F); } } return output; } /* * Convert a raw string to an arbitrary string encoding */ function rstr2any(input, encoding) { var divisor = encoding.length; var i, j, q, x, quotient; /* Convert to an array of 16-bit big-endian values, forming the dividend */ var dividend = Array(Math.ceil(input.length / 2)); for(i = 0; i < dividend.length; i++) { dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1); } /* * Repeatedly perform a long division. The binary array forms the dividend, * the length of the encoding is the divisor. Once computed, the quotient * forms the dividend for the next step. All remainders are stored for later * use. */ var full_length = Math.ceil(input.length * 8 / (Math.log(encoding.length) / Math.log(2))); var remainders = Array(full_length); for(j = 0; j < full_length; j++) { quotient = Array(); x = 0; for(i = 0; i < dividend.length; i++) { x = (x << 16) + dividend[i]; q = Math.floor(x / divisor); x -= q * divisor; if(quotient.length > 0 || q > 0) quotient[quotient.length] = q; } remainders[j] = x; dividend = quotient; } /* Convert the remainders to the output string */ var output = ""; for(i = remainders.length - 1; i >= 0; i--) output += encoding.charAt(remainders[i]); return output; } /* * Encode a string as utf-8. * For efficiency, this assumes the input is valid utf-16. */ function str2rstr_utf8(input) { var output = ""; var i = -1; var x, y; while(++i < input.length) { /* Decode utf-16 surrogate pairs */ x = input.charCodeAt(i); y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0; if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF) { x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF); i++; } /* Encode output as utf-8 */ if(x <= 0x7F) output += String.fromCharCode(x); else if(x <= 0x7FF) output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F), 0x80 | ( x & 0x3F)); else if(x <= 0xFFFF) output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F), 0x80 | ((x >>> 6 ) & 0x3F), 0x80 | ( x & 0x3F)); else if(x <= 0x1FFFFF) output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07), 0x80 | ((x >>> 12) & 0x3F), 0x80 | ((x >>> 6 ) & 0x3F), 0x80 | ( x & 0x3F)); } return output; } /* * Encode a string as utf-16 */ function str2rstr_utf16le(input) { var output = ""; for(var i = 0; i < input.length; i++) output += String.fromCharCode( input.charCodeAt(i) & 0xFF, (input.charCodeAt(i) >>> 8) & 0xFF); return output; } function str2rstr_utf16be(input) { var output = ""; for(var i = 0; i < input.length; i++) output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF, input.charCodeAt(i) & 0xFF); return output; } /* * Convert a raw string to an array of little-endian words * Characters >255 have their high-byte silently ignored. */ function rstr2binl(input) { var output = Array(input.length >> 2); for(var i = 0; i < output.length; i++) output[i] = 0; for(var i = 0; i < input.length * 8; i += 8) output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (i%32); return output; } /* * Convert an array of little-endian words to a string */ function binl2rstr(input) { var output = ""; for(var i = 0; i < input.length * 32; i += 8) output += String.fromCharCode((input[i>>5] >>> (i % 32)) & 0xFF); return output; } /* * Calculate the MD5 of an array of little-endian words, and a bit length. */ function binl_md5(x, len) { /* append padding */ x[len >> 5] |= 0x80 << ((len) % 32); x[(((len + 64) >>> 9) << 4) + 14] = len; var a = 1732584193; var b = -271733879; var c = -1732584194; var d = 271733878; for(var i = 0; i < x.length; i += 16) { var olda = a; var oldb = b; var oldc = c; var oldd = d; a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936); d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586); c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819); b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330); a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897); d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426); c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341); b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983); a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416); d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417); c = md5_ff(c, d, a, b, x[i+10], 17, -42063); b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162); a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682); d = md5_ff(d, a, b, c, x[i+13], 12, -40341101); c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290); b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329); a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510); d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632); c = md5_gg(c, d, a, b, x[i+11], 14, 643717713); b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302); a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691); d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083); c = md5_gg(c, d, a, b, x[i+15], 14, -660478335); b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848); a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438); d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690); c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961); b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501); a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467); d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784); c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473); b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734); a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558); d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463); c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562); b = md5_hh(b, c, d, a, x[i+14], 23, -35309556); a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060); d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353); c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632); b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640); a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174); d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222); c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979); b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189); a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487); d = md5_hh(d, a, b, c, x[i+12], 11, -421815835); c = md5_hh(c, d, a, b, x[i+15], 16, 530742520); b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651); a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844); d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415); c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905); b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055); a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571); d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606); c = md5_ii(c, d, a, b, x[i+10], 15, -1051523); b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799); a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359); d = md5_ii(d, a, b, c, x[i+15], 10, -30611744); c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380); b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649); a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070); d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379); c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259); b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551); a = safe_add(a, olda); b = safe_add(b, oldb); c = safe_add(c, oldc); d = safe_add(d, oldd); } return Array(a, b, c, d); } /* * These functions implement the four basic operations the algorithm uses. */ function md5_cmn(q, a, b, x, s, t) { return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b); } function md5_ff(a, b, c, d, x, s, t) { return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t); } function md5_gg(a, b, c, d, x, s, t) { return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t); } function md5_hh(a, b, c, d, x, s, t) { return md5_cmn(b ^ c ^ d, a, b, x, s, t); } function md5_ii(a, b, c, d, x, s, t) { return md5_cmn(c ^ (b | (~d)), a, b, x, s, t); } /* * Add integers, wrapping at 2^32. This uses 16-bit operations internally * to work around bugs in some JS interpreters. */ function safe_add(x, y) { var lsw = (x & 0xFFFF) + (y & 0xFFFF); var msw = (x >> 16) + (y >> 16) + (lsw >> 16); return (msw << 16) | (lsw & 0xFFFF); } /* * Bitwise rotate a 32-bit number to the left. */ function bit_rol(num, cnt) { return (num << cnt) | (num >>> (32 - cnt)); } return hex_md5(instring); } let httpAuth = { ajax: function (settings) { /* settings与$.ajax使用方式相同 { url : "http://ip:port/path", //请求地址 type: "POST", //请求方式，默认GET async: false, //是否异步，默认true data : "", //发送到服务器的数据 username: "", //用户名 password: "", //密码 timeout: 3000, //超时时间，毫秒 contentType: "application/json; charset=UTF-8", //请求类型 context: window, //回调函数上下文 success : function(result) { //请求成功回调函数 console.log(result); }, error: function(xhr) { //请求失败回调函数 console.log(xhr); }, complete: function(xhr) { //请求完成后回调函数 (请求成功或失败之后均调用) console.log(xhr); }, headers: {key1: "value1", key2: "value2"} //请求时需要附加的Header authType: "Digest", //认证类型，"Digest"或"Basic" } */ var method = settings.type ? settings.type.toUpperCase() : "GET"; var url = settings.url; var async = settings.hasOwnProperty("async") ? settings.async : true; var username = settings.username ? settings.username : ""; var password = settings.password ? settings.password : ""; var urlMD5 = this._md5(url); var dataStr = ""; if (typeof settings.data == "string") { dataStr = settings.data; } else if (typeof settings.data == "object") { dataStr = JSON.stringify(settings.data); } settings._method = method; settings._entityBody = dataStr; settings._wwwaKey = "HttpAuth_" + urlMD5 + "_wwwa"; settings._ncKey = "HttpAuth_" + urlMD5 + "_nc"; settings.headers = settings.headers || {}; var xhr = new XMLHttpRequest(); xhr.open(method, url, async, username, password); this._setHeader(xhr, settings); if (settings.timeout) { xhr.timeout = settings.timeout; } xhr._that = this; xhr._settings = settings; xhr.onreadystatechange = this._stateChange; xhr.send(dataStr); this._log("ajax requesting..., url=" + url + ", dataStr=" + dataStr); }, _setHeader: function (xhr, settings) { if (settings.authType) { var wwwAuthenticate = localStorage.getItem(settings._wwwaKey); console.log(wwwAuthenticate) var authorization = "*"; if (wwwAuthenticate) { authorization = this._getAuthorization(wwwAuthenticate, settings); } xhr.setRequestHeader("Authorization", authorization); } if (settings.contentType) { xhr.setRequestHeader("Content-Type", settings.contentType); } var headerNames = Object.getOwnPropertyNames(settings.headers); for (var i = 0; i < headerNames.length; i++) { xhr.setRequestHeader(headerNames[i], settings.headers[headerNames[i]]); } }, _stateChange: function () { if (this.readyState == 4) { var that = this._that; var settings = this._settings; console.log(this) if (this.status == 401) { if (settings.hasOwnProperty("_auth401")) { that._log("401 auth fail", "error"); that._log(settings); } else { var wwwAuthenticate = this.getResponseHeader("WWW-Authenticate"); console.log(wwwAuthenticate) localStorage.setItem(settings._wwwaKey, wwwAuthenticate); localStorage.setItem(settings._ncKey, 0); that._log("401 auth", "warn"); settings._auth401 = 1; settings.authType = that._getAuthType(wwwAuthenticate); that.ajax(settings); } } else { settings._auth401 && that._log("401 auth ok", "warn"); that._log("ajax status=" + this.status + ", responseText=" + this.responseText); if (this.status == 200) { if (settings.success) { // settings.context ? settings.success.call(settings.context) : settings.success(); settings.success(this.response) } } else { if (settings.error) { // settings.context ? settings.error.call(settings.context) : settings.error(); settings.error(this.response) } } if (settings.error) { // settings.context ? settings.complete.call(settings.context) : settings.complete(); settings.complete(this.response) } } } }, _getAuthorization: function (wwwAuthenticate, settings) { // 计算Authorization var authorization = ""; if (settings.authType == "Basic") { authorization = this._getBasicAuthorization(wwwAuthenticate, settings); } else if (settings.authType == "Digest") { authorization = this._getDigestAuthorization(wwwAuthenticate, settings); } return authorization; }, _getBasicAuthorization: function (wwwAuthenticate, settings) { var plain = settings.username + ":" + settings.password; var cipher = btoa(plain); this._log("plain=" + plain + ", cipher=" + cipher); var authorization = "Basic " + cipher; return authorization; }, _getDigestAuthorization: function (wwwAuthenticate, settings) { console.log(this) var authObj = this._getAuthObject(wwwAuthenticate); var authType = authObj.authType; var username = settings.username; var realm = authObj.realm; var nonce = authObj.nonce; var digestURI = this._extractUri(settings.url); var opaque = authObj.opaque; var qop = authObj.qop; var nonceCount = this._getNonceCount(settings); var clientNonce = this._getClientNonce(); var password = settings.password; var method = settings._method; var entityBody = settings._entityBody; var response, ha1, ha2, a1, a2, plain; a1 = username + ":" + realm + ":" + password; ha1 = this._md5(a1); this._log("a1=" + a1 + ", ha1=" + ha1); if (qop == "auth-int") { a2 = method + ":" + digestURI + ":" + this.md5(entityBody); } else { a2 = method + ":" + digestURI; } ha2 = this._md5(a2); this._log("a2=" + a2 + ", ha2=" + ha2); if (qop == "auth-int" || qop == "auth") { plain = ha1 + ":" + nonce + ":" + nonceCount + ":" + clientNonce + ":" + qop + ":" + ha2; } else { plain = ha1 + ":" + nonce + ":" + ha2; } response = this._md5(plain); this._log("plain=" + plain + ", response=" + response); var authorization = "Digest "; authorization += 'username="' + username + '", '; authorization += 'realm="' + realm + '", '; authorization += 'nonce="' + nonce + '", '; authorization += 'uri="' + digestURI + '", '; authorization += 'response="' + response + '", '; authorization += 'opaque="' + opaque + '", '; authorization += 'qop=' + qop + ', '; authorization += 'nc=' + nonceCount + ', '; authorization += 'cnonce="' + clientNonce + '"'; return authorization; }, _getAuthObject: function (wwwAuthenticate) { var type = this._getAuthType(wwwAuthenticate); var obj; console.log(type) if (type == "Digest") { obj = { authType: type, realm: this._getAuthItem(wwwAuthenticate, "realm"), qop: this._getAuthItem(wwwAuthenticate, "qop"), nonce: this._getAuthItem(wwwAuthenticate, "nonce"), opaque: this._getAuthItem(wwwAuthenticate, "opaque"), algorithm: this._getAuthItem(wwwAuthenticate, "algorithm") }; } else if (type == "Basic") { obj = { authType: type, realm: this._getAuthItem(wwwAuthenticate, "realm") }; } console.log(obj) return obj; }, _getAuthType: function (wwwAuthenticate) { return 'Digest' }, _getAuthItem: function (str, name) { var arr = str.match(name + '=' + '"(.+?)"'); var value = ""; if (arr && arr.length == 2) { value = arr[1]; } return value; }, _extractUri: function (fullURL) { var uri = fullURL; if (fullURL.substr(0, 4) == "http") { var searchPos = fullURL.indexOf("://") + "://".length; var rootPos = fullURL.indexOf("/", searchPos); uri = fullURL.substring(rootPos); } return uri; }, _getClientNonce: function () { var clientNonce = "cn" + String(Date.now()); return clientNonce; }, _getNonceCount: function (settings) { var nc = Number(localStorage.getItem(settings._ncKey)); nc = nc + 1; localStorage.setItem(settings._ncKey, nc); var ncStr = String(nc); var len = 8 - ncStr.length; for (var i = 0; i < len; i++) { ncStr = "0" + ncStr; } return ncStr; }, _md5: function (str) { return md5(str); }, _logSwitch: false, // 日志开关 _log: function (msg, type) { if (!this._logSwitch) { return; } if (type == "warn") { console.warn(msg); } else if (type == "error") { console.error(msg); } else { console.log(msg); } } } export default httpAuth