修改后台权限

node_modules/jose/dist/webapi/key/export.js

@@ -0,0 +1,11 @@
+import { toSPKI as exportPublic, toPKCS8 as exportPrivate } from '../lib/asn1.js';
+import { keyToJWK } from '../lib/key_to_jwk.js';
+export async function exportSPKI(key) {
+    return exportPublic(key);
+}
+export async function exportPKCS8(key) {
+    return exportPrivate(key);
+}
+export async function exportJWK(key) {
+    return keyToJWK(key);
+}

node_modules/jose/dist/webapi/key/generate_key_pair.js

@@ -0,0 +1,97 @@
+import { JOSENotSupported } from '../util/errors.js';
+function getModulusLengthOption(options) {
+    const modulusLength = options?.modulusLength ?? 2048;
+    if (typeof modulusLength !== 'number' || modulusLength < 2048) {
+        throw new JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');
+    }
+    return modulusLength;
+}
+export async function generateKeyPair(alg, options) {
+    let algorithm;
+    let keyUsages;
+    switch (alg) {
+        case 'PS256':
+        case 'PS384':
+        case 'PS512':
+            algorithm = {
+                name: 'RSA-PSS',
+                hash: `SHA-${alg.slice(-3)}`,
+                publicExponent: Uint8Array.of(0x01, 0x00, 0x01),
+                modulusLength: getModulusLengthOption(options),
+            };
+            keyUsages = ['sign', 'verify'];
+            break;
+        case 'RS256':
+        case 'RS384':
+        case 'RS512':
+            algorithm = {
+                name: 'RSASSA-PKCS1-v1_5',
+                hash: `SHA-${alg.slice(-3)}`,
+                publicExponent: Uint8Array.of(0x01, 0x00, 0x01),
+                modulusLength: getModulusLengthOption(options),
+            };
+            keyUsages = ['sign', 'verify'];
+            break;
+        case 'RSA-OAEP':
+        case 'RSA-OAEP-256':
+        case 'RSA-OAEP-384':
+        case 'RSA-OAEP-512':
+            algorithm = {
+                name: 'RSA-OAEP',
+                hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`,
+                publicExponent: Uint8Array.of(0x01, 0x00, 0x01),
+                modulusLength: getModulusLengthOption(options),
+            };
+            keyUsages = ['decrypt', 'unwrapKey', 'encrypt', 'wrapKey'];
+            break;
+        case 'ES256':
+            algorithm = { name: 'ECDSA', namedCurve: 'P-256' };
+            keyUsages = ['sign', 'verify'];
+            break;
+        case 'ES384':
+            algorithm = { name: 'ECDSA', namedCurve: 'P-384' };
+            keyUsages = ['sign', 'verify'];
+            break;
+        case 'ES512':
+            algorithm = { name: 'ECDSA', namedCurve: 'P-521' };
+            keyUsages = ['sign', 'verify'];
+            break;
+        case 'Ed25519':
+        case 'EdDSA': {
+            keyUsages = ['sign', 'verify'];
+            algorithm = { name: 'Ed25519' };
+            break;
+        }
+        case 'ML-DSA-44':
+        case 'ML-DSA-65':
+        case 'ML-DSA-87': {
+            keyUsages = ['sign', 'verify'];
+            algorithm = { name: alg };
+            break;
+        }
+        case 'ECDH-ES':
+        case 'ECDH-ES+A128KW':
+        case 'ECDH-ES+A192KW':
+        case 'ECDH-ES+A256KW': {
+            keyUsages = ['deriveBits'];
+            const crv = options?.crv ?? 'P-256';
+            switch (crv) {
+                case 'P-256':
+                case 'P-384':
+                case 'P-521': {
+                    algorithm = { name: 'ECDH', namedCurve: crv };
+                    break;
+                }
+                case 'X25519':
+                    algorithm = { name: 'X25519' };
+                    break;
+                default:
+                    throw new JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, and X25519');
+            }
+            break;
+        }
+        default:
+            throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+    }
+    return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);
+}

node_modules/jose/dist/webapi/key/generate_secret.js

@@ -0,0 +1,40 @@
+import { JOSENotSupported } from '../util/errors.js';
+export async function generateSecret(alg, options) {
+    let length;
+    let algorithm;
+    let keyUsages;
+    switch (alg) {
+        case 'HS256':
+        case 'HS384':
+        case 'HS512':
+            length = parseInt(alg.slice(-3), 10);
+            algorithm = { name: 'HMAC', hash: `SHA-${length}`, length };
+            keyUsages = ['sign', 'verify'];
+            break;
+        case 'A128CBC-HS256':
+        case 'A192CBC-HS384':
+        case 'A256CBC-HS512':
+            length = parseInt(alg.slice(-3), 10);
+            return crypto.getRandomValues(new Uint8Array(length >> 3));
+        case 'A128KW':
+        case 'A192KW':
+        case 'A256KW':
+            length = parseInt(alg.slice(1, 4), 10);
+            algorithm = { name: 'AES-KW', length };
+            keyUsages = ['wrapKey', 'unwrapKey'];
+            break;
+        case 'A128GCMKW':
+        case 'A192GCMKW':
+        case 'A256GCMKW':
+        case 'A128GCM':
+        case 'A192GCM':
+        case 'A256GCM':
+            length = parseInt(alg.slice(1, 4), 10);
+            algorithm = { name: 'AES-GCM', length };
+            keyUsages = ['encrypt', 'decrypt'];
+            break;
+        default:
+            throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+    }
+    return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);
+}

node_modules/jose/dist/webapi/key/import.js

@@ -0,0 +1,57 @@
+import { decode as decodeBase64URL } from '../util/base64url.js';
+import { fromSPKI, fromPKCS8, fromX509 } from '../lib/asn1.js';
+import { jwkToKey } from '../lib/jwk_to_key.js';
+import { JOSENotSupported } from '../util/errors.js';
+import { isObject } from '../lib/type_checks.js';
+export async function importSPKI(spki, alg, options) {
+    if (typeof spki !== 'string' || spki.indexOf('-----BEGIN PUBLIC KEY-----') !== 0) {
+        throw new TypeError('"spki" must be SPKI formatted string');
+    }
+    return fromSPKI(spki, alg, options);
+}
+export async function importX509(x509, alg, options) {
+    if (typeof x509 !== 'string' || x509.indexOf('-----BEGIN CERTIFICATE-----') !== 0) {
+        throw new TypeError('"x509" must be X.509 formatted string');
+    }
+    return fromX509(x509, alg, options);
+}
+export async function importPKCS8(pkcs8, alg, options) {
+    if (typeof pkcs8 !== 'string' || pkcs8.indexOf('-----BEGIN PRIVATE KEY-----') !== 0) {
+        throw new TypeError('"pkcs8" must be PKCS#8 formatted string');
+    }
+    return fromPKCS8(pkcs8, alg, options);
+}
+export async function importJWK(jwk, alg, options) {
+    if (!isObject(jwk)) {
+        throw new TypeError('JWK must be an object');
+    }
+    let ext;
+    alg ??= jwk.alg;
+    ext ??= options?.extractable ?? jwk.ext;
+    switch (jwk.kty) {
+        case 'oct':
+            if (typeof jwk.k !== 'string' || !jwk.k) {
+                throw new TypeError('missing "k" (Key Value) Parameter value');
+            }
+            return decodeBase64URL(jwk.k);
+        case 'RSA':
+            if ('oth' in jwk && jwk.oth !== undefined) {
+                throw new JOSENotSupported('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
+            }
+            return jwkToKey({ ...jwk, alg, ext });
+        case 'AKP': {
+            if (typeof jwk.alg !== 'string' || !jwk.alg) {
+                throw new TypeError('missing "alg" (Algorithm) Parameter value');
+            }
+            if (alg !== undefined && alg !== jwk.alg) {
+                throw new TypeError('JWK alg and alg option value mismatch');
+            }
+            return jwkToKey({ ...jwk, ext });
+        }
+        case 'EC':
+        case 'OKP':
+            return jwkToKey({ ...jwk, alg, ext });
+        default:
+            throw new JOSENotSupported('Unsupported "kty" (Key Type) Parameter value');
+    }
+}