| 1234567891011121314151617181920212223242526272829303132333435363738 |
- import LibGenerateTestUserSig from './lib-generate-test-usersig-es.min.js';
- /**
- * Signature expiration time, which should not be too short
- * Time unit: second
- * Default time: 7 * 24 * 60 * 60 = 604800 = 7days
- */
- const EXPIRETIME = 604800;
- /**
- * Module: GenerateTestUserSig
- *
- * Description: Generates UserSig for testing. UserSig is a security signature designed by Tencent Cloud for its cloud services.
- * It is calculated based on `SDKAppID`, `UserID`, and `EXPIRETIME` using the HMAC-SHA256 encryption algorithm.
- *
- * Attention: For the following reasons, do not use the code below in your commercial application.
- *
- * The code may be able to calculate UserSig correctly, but it is only for quick testing of the SDK’s basic features, not for commercial applications.
- * `SECRETKEY` in client code can be easily decompiled and reversed, especially on web.
- * Once your key is disclosed, attackers will be able to steal your Tencent Cloud traffic.
- *
- * The correct method is to deploy the `UserSig` calculation code and encryption key on your project server so that your application can request from your server a `UserSig` that is calculated whenever one is needed.
- * Given that it is more difficult to hack a server than a client application, server-end calculation can better protect your key.
- *
- * Reference: https://cloud.tencent.com/document/product/647/17275#Server
- */
- function genTestUserSig(options) {
- const { SDKAppID, secretKey, userID } = options;
- const generator = new LibGenerateTestUserSig(SDKAppID, secretKey, EXPIRETIME);
- const userSig = generator.genTestUserSig(userID);
- return {
- SDKAppID,
- userSig,
- };
- }
- export { genTestUserSig, EXPIRETIME };
|
