mexc-futures-sdk
Version:
Unofficial TypeScript SDK for MEXC Futures trading with maintenance bypass. Uses browser session tokens to work 24/7 even during API downtime.
60 lines • 2.51 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.generateHeaders = generateHeaders;
const constants_1 = require("./constants");
const md5_1 = __importDefault(require("md5"));
/**
* Generate MEXC crypto signature using the MD5 scheme.
* NOTE: this is MEXC's server-dictated web-client signing scheme (reverse-engineered), not a
* security control — MD5 is weak and the nonce is a millisecond timestamp. It cannot be changed
* without breaking auth; treat the WEB `authToken` as the real bearer credential.
* @param key WEB authentication key
* @param obj Request object to sign
* @returns Object with timestamp and signature
*/
function mexcCrypto(key, obj) {
const dateNow = String(Date.now());
const g = (0, md5_1.default)(key + dateNow).substring(7);
const s = JSON.stringify(obj);
const sign = (0, md5_1.default)(dateNow + s + g);
return { time: dateNow, sign: sign };
}
/**
* Generate HTTP headers for API requests
* @param options SDK configuration options
* @param includeAuth Whether to include authentication headers
* @param requestBody Request body for signature (optional)
* @returns Record of HTTP headers
*/
function generateHeaders(options, includeAuth = true, requestBody) {
const headers = {
...constants_1.DEFAULT_HEADERS,
};
// Override user agent if provided
if (options.userAgent) {
headers["user-agent"] = options.userAgent;
}
// Add custom headers if provided
if (options.customHeaders) {
Object.assign(headers, options.customHeaders);
}
// Add authentication headers for private endpoints
if (includeAuth) {
// Use WEB token for authentication
headers["authorization"] = options.authToken;
// Add MEXC signature for POST requests with body
if (requestBody) {
const signature = mexcCrypto(options.authToken, requestBody);
headers["x-mxc-nonce"] = signature.time;
headers["x-mxc-sign"] = signature.sign;
// NOTE: the signature/nonce are request secrets and must never be logged.
// The request method/URL/body are already logged at debug level by the client's
// request interceptor (gated by logLevel), so nothing useful is lost here.
}
}
return headers;
}
//# sourceMappingURL=headers.js.map