Merge pull request #232 from wangxiao/new-ajax

[feat] 支持短 header 及签名认证。

Author: leeyeh

package.json

@@ -12,6 +12,7 @@
   },
   "dependencies": {
     "localstorage-memory": "^1.0.1",
+    "md5": "^2.0.0",
     "qiniu": "6.1.3",
     "underscore": "^1.8.3"
   },
@@ -42,16 +43,15 @@
   },
   "license": "MIT",
   "author": {
-    "name": "dennis zhuang",
-    "email": "[email protected]"
+    "name": "LeanCloud",
+    "email": "[email protected]"
   },
   "browser": {
     "react-native": false,
     "./src/browserify-wrapper/ajax.js": "./src/browserify-wrapper/ajax-browser.js",
     "./src/browserify-wrapper/upload.js": "./src/browserify-wrapper/upload-browser.js",
     "./src/browserify-wrapper/localStorage.js": "./src/browserify-wrapper/localstorage-browser.js",
     "./src/browserify-wrapper/parse-base64.js": "./src/browserify-wrapper/parse-base64-browser.js",
-
     "./dist/browserify-wrapper/ajax.js": "./dist/node/browserify-wrapper/ajax-browser.js",
     "./dist/browserify-wrapper/upload.js": "./dist/node/browserify-wrapper/upload-browser.js",
     "./dist/browserify-wrapper/localStorage.js": "./dist/node/browserify-wrapper/localstorage-browser.js",

src/av.js

@@ -19,11 +19,12 @@ AV._ = require('underscore');
 AV.version = require('./version');
 AV.Promise = require('./promise');
 AV.localStorage = require('./localstorage');
+
 // 挂载所有内部配置项
 AV._config = AV._config || {};
 
 // 以下模块为了兼容原有代码，使用这种加载方式。
-require('./utils')(AV);
+require('./utils').init(AV);
 require('./error')(AV);
 require('./event')(AV);
 require('./geopoint')(AV);

src/browserify-wrapper/ajax-browser.js

@@ -3,31 +3,35 @@
  * Each engineer has a duty to keep the code elegant
 **/
 
-var Promise = require('../promise');
+'use strict';
 
-module.exports = function _ajax(method, url, data, success, error) {
-  var options = {
+const AVPromise = require('../promise');
+const AVUtils = require('../utils');
+
+const ajax = (method, url, data, success, error) => {
+  const AV = global.AV;
+
+  const promise = new AVPromise();
+  const options = {
     success: success,
     error: error
   };
 
-  if (useXDomainRequest()) {
-    return ajaxIE8(method, url, data)._thenRunCallbacks(options);
-  }
-
-  var promise = new Promise();
-  var handled = false;
+  const appId = AV.applicationId;
+  const appKey = AV.applicationKey;
+  const masterKey = AV.masterKey;
 
-  var xhr = new XMLHttpRequest();
-  xhr.onreadystatechange = function() {
+  let handled = false;
+  const xhr = new global.XMLHttpRequest();
+  xhr.onreadystatechange = () => {
     if (xhr.readyState === 4) {
       if (handled) {
         return;
       }
       handled = true;
 
       if (xhr.status >= 200 && xhr.status < 300) {
-        var response;
+        let response;
         try {
           response = JSON.parse(xhr.responseText);
         } catch (e) {
@@ -44,49 +48,19 @@ module.exports = function _ajax(method, url, data, success, error) {
     }
   };
   xhr.open(method, url, true);
-  xhr.setRequestHeader("Content-Type", "text/plain");  // avoid pre-flight.
+  xhr.setRequestHeader('X-LC-Id', appId);
+
+  let signature;
+  if (masterKey) {
+    signature = AVUtils.sign(masterKey, true);
+  } else {
+    signature = AVUtils.sign(appKey);
+  }
+
+  xhr.setRequestHeader('X-LC-Sign', signature);
+  xhr.setRequestHeader('Content-Type', 'application/json;charset=UTF-8');
   xhr.send(data);
   return promise._thenRunCallbacks(options);
 };
 
-function useXDomainRequest() {
-  if (typeof(XDomainRequest) !== "undefined") {
-    // We're in IE 8+.
-    if ('withCredentials' in new XMLHttpRequest()) {
-      // We're in IE 10+.
-      return false;
-    }
-    return true;
-  }
-  return false;
-}
-
-function ajaxIE8(method, url, data) {
-  var promise = new Promise();
-  var xdr = new XDomainRequest();
-  xdr.onload = function() {
-    var response;
-    try {
-      response = JSON.parse(xdr.responseText);
-    } catch (e) {
-      promise.reject(e);
-    }
-    if (response) {
-      promise.resolve(response);
-    }
-  };
-  xdr.onerror = xdr.ontimeout = function() {
-    // Let's fake a real error message.
-    var fakeResponse = {
-      responseText: JSON.stringify({
-        code: AV.Error.X_DOMAIN_REQUEST,
-        error: "IE's XDomainRequest does not supply error info."
-      })
-    };
-    promise.reject(xdr);
-  };
-  xdr.onprogress = function() {};
-  xdr.open(method, url);
-  xdr.send(data);
-  return promise;
-}
+module.exports = ajax;

src/utils.js

@@ -6,8 +6,9 @@
 'use strict';
 
 const _ = require('underscore');
+const md5 = require('md5');
 
-module.exports = function(AV) {
+const init = (AV) => {
 
   // 挂载一些配置
   let AVConfig = AV._config;
@@ -138,12 +139,19 @@ module.exports = function(AV) {
   */
 
   AV.init = (...args) => {
+
+    const masterKeyWarn = () => {
+      console.warn('MasterKey should not be used in the browser. ' +
+        'The permissions of MasterKey can be across all the server permissions,' +
+        ' including the setting of ACL .');
+    };
+
     switch (args.length) {
       case 1:
         const options = args[0];
         if (typeof options === 'object') {
           if (!AVConfig.isNode && options.masterKey) {
-            throw new Error('AV.init(): Master Key is only used in Node.js.');
+            masterKeyWarn();
           }
           initialize(options.appId, options.appKey, options.masterKey);
           setRegionServer(options.region);
@@ -156,7 +164,7 @@ module.exports = function(AV) {
       case 3:
         console.warn('Please use AV.init() to replace AV.initialize() .');
         if (!AVConfig.isNode && args.length === 3) {
-          throw new Error('AV.init(): Master Key is only used in Node.js.');
+          masterKeyWarn();
         }
         initialize(...args);
         setRegionServer('cn');
@@ -380,11 +388,12 @@ module.exports = function(AV) {
 
     dataObject._ApplicationId = AV.applicationId;
     dataObject._ApplicationKey = AV.applicationKey;
-    if(!AV._isNullOrUndefined(AV.applicationProduction)) {
+    if (!AV._isNullOrUndefined(AV.applicationProduction)) {
       dataObject._ApplicationProduction = AV.applicationProduction;
     }
-    if(AV._useMasterKey)
-        dataObject._MasterKey = AV.masterKey;
+    if (AV._useMasterKey) {
+      dataObject._MasterKey = AV.masterKey;
+    }
     dataObject._ClientVersion = AV.VERSION;
     // Pass the session token on every request.
     return AV.User.currentAsync().then(function(currentUser) {
@@ -663,4 +672,21 @@ module.exports = function(AV) {
   AV._isNullOrUndefined = function(x) {
     return _.isNull(x) || _.isUndefined(x);
   };
+
+};
+
+module.exports = {
+
+  init: init,
+
+  // 计算 X-LC-Sign 的签名方法
+  sign: (key, isMasterKey) => {
+    const now = new Date().getTime();
+    const signature = md5(now + key);
+    if (isMasterKey) {
+      return signature + ',' + now + ',master';
+    } else {
+      return signature + ',' + now;
+    }
+  }
 };