[feat] 支持短 header 及签名认证。

Author: wangxiao

package.json

@@ -12,6 +12,7 @@
   },
   "dependencies": {
     "localstorage-memory": "^1.0.1",
+    "md5": "^2.0.0",
     "qiniu": "6.1.3",
     "underscore": "^1.8.3"
   },
@@ -42,16 +43,15 @@
   },
   "license": "MIT",
   "author": {
-    "name": "dennis zhuang",
-    "email": "[email protected]"
+    "name": "LeanCloud",
+    "email": "[email protected]"
   },
   "browser": {
     "react-native": false,
     "./src/browserify-wrapper/ajax.js": "./src/browserify-wrapper/ajax-browser.js",
     "./src/browserify-wrapper/upload.js": "./src/browserify-wrapper/upload-browser.js",
     "./src/browserify-wrapper/localStorage.js": "./src/browserify-wrapper/localstorage-browser.js",
     "./src/browserify-wrapper/parse-base64.js": "./src/browserify-wrapper/parse-base64-browser.js",
-
     "./dist/browserify-wrapper/ajax.js": "./dist/node/browserify-wrapper/ajax-browser.js",
     "./dist/browserify-wrapper/upload.js": "./dist/node/browserify-wrapper/upload-browser.js",
     "./dist/browserify-wrapper/localStorage.js": "./dist/node/browserify-wrapper/localstorage-browser.js",

src/av.js

@@ -19,9 +19,13 @@ AV._ = require('underscore');
 AV.version = require('./version');
 AV.Promise = require('./promise');
 AV.localStorage = require('./localstorage');
+
 // 挂载所有内部配置项
 AV._config = AV._config || {};
 
+// 挂载内部使用的工具方法
+AV._utils = AV._utils || {};
+
 // 以下模块为了兼容原有代码，使用这种加载方式。
 require('./utils')(AV);
 require('./error')(AV);

src/browserify-wrapper/ajax-browser.js

@@ -3,31 +3,46 @@
  * Each engineer has a duty to keep the code elegant
 **/
 
-var Promise = require('../promise');
+'use strict';
 
-module.exports = function _ajax(method, url, data, success, error) {
-  var options = {
+const md5 = require('md5');
+const AVPromise = require('../promise');
+
+// 计算 X-LC-Sign 的签名方法
+const sign = (key, isMasterKey) => {
+  const now = new Date().getTime();
+  const signature = md5(now + key);
+  if (isMasterKey) {
+    return signature + ',' + now + ',master';
+  } else {
+    return signature + ',' + now;
+  }
+};
+
+const ajax = (method, url, data, success, error) => {
+  const AV = global.AV;
+
+  const promise = new AVPromise();
+  const options = {
     success: success,
     error: error
   };
 
-  if (useXDomainRequest()) {
-    return ajaxIE8(method, url, data)._thenRunCallbacks(options);
-  }
-
-  var promise = new Promise();
-  var handled = false;
+  const appId = AV.applicationId;
+  const appKey = AV.applicationKey;
+  const masterKey = AV.masterKey;
 
-  var xhr = new XMLHttpRequest();
-  xhr.onreadystatechange = function() {
+  let handled = false;
+  const xhr = new global.XMLHttpRequest();
+  xhr.onreadystatechange = () => {
     if (xhr.readyState === 4) {
       if (handled) {
         return;
       }
       handled = true;
 
       if (xhr.status >= 200 && xhr.status < 300) {
-        var response;
+        let response;
         try {
           response = JSON.parse(xhr.responseText);
         } catch (e) {
@@ -44,49 +59,13 @@ module.exports = function _ajax(method, url, data, success, error) {
     }
   };
   xhr.open(method, url, true);
-  xhr.setRequestHeader("Content-Type", "text/plain");  // avoid pre-flight.
+  xhr.setRequestHeader('X-LC-Id', appId);
+  // 浏览器端不支持传入 masterKey 做 sign
+  const signature = sign(appKey);
+  xhr.setRequestHeader('X-LC-Sign', signature);
+  xhr.setRequestHeader('Content-Type', 'application/json');
   xhr.send(data);
   return promise._thenRunCallbacks(options);
 };
 
-function useXDomainRequest() {
-  if (typeof(XDomainRequest) !== "undefined") {
-    // We're in IE 8+.
-    if ('withCredentials' in new XMLHttpRequest()) {
-      // We're in IE 10+.
-      return false;
-    }
-    return true;
-  }
-  return false;
-}
-
-function ajaxIE8(method, url, data) {
-  var promise = new Promise();
-  var xdr = new XDomainRequest();
-  xdr.onload = function() {
-    var response;
-    try {
-      response = JSON.parse(xdr.responseText);
-    } catch (e) {
-      promise.reject(e);
-    }
-    if (response) {
-      promise.resolve(response);
-    }
-  };
-  xdr.onerror = xdr.ontimeout = function() {
-    // Let's fake a real error message.
-    var fakeResponse = {
-      responseText: JSON.stringify({
-        code: AV.Error.X_DOMAIN_REQUEST,
-        error: "IE's XDomainRequest does not supply error info."
-      })
-    };
-    promise.reject(xdr);
-  };
-  xdr.onprogress = function() {};
-  xdr.open(method, url);
-  xdr.send(data);
-  return promise;
-}
+module.exports = ajax;

src/utils.js

@@ -380,11 +380,12 @@ module.exports = function(AV) {
 
     dataObject._ApplicationId = AV.applicationId;
     dataObject._ApplicationKey = AV.applicationKey;
-    if(!AV._isNullOrUndefined(AV.applicationProduction)) {
+    if (!AV._isNullOrUndefined(AV.applicationProduction)) {
       dataObject._ApplicationProduction = AV.applicationProduction;
     }
-    if(AV._useMasterKey)
-        dataObject._MasterKey = AV.masterKey;
+    if (AV._useMasterKey) {
+      dataObject._MasterKey = AV.masterKey;
+    }
     dataObject._ClientVersion = AV.VERSION;
     // Pass the session token on every request.
     return AV.User.currentAsync().then(function(currentUser) {