XSS攻击过滤

src/common/AjaxSend.class.ts

@@ -1,11 +1,14 @@
 
-import VerificationHelper = require("common/VerificationHelper.class")
-
+import VerificationHelper = require("common/VerificationHelper.class");
+import { readyException } from "jquery";
+declare var filterXSS;
 export =AjaxSend
 class AjaxSend {
     verificationHelper
+    filterXss
     constructor() {
         this.verificationHelper = new VerificationHelper();
+        this.filterXss=new filterXSS.FilterXSS()
     }
     public type = {
         post: "POST",
@@ -23,9 +26,14 @@ class AjaxSend {
     * @param errorBack 失败后的回调函数
     */
     public sendAjax(that, data, url, ajaxtype, callBack?, errorBack?) {
+        const toast=(window["AppX"] as AppX).runtimeConfig.toast;
         let senddata = null;
         that.loadWait ? that.loadWait.hide() : undefined;
         let contentType = "application/json;charset=utf-8";
+        if(this.xssCodeCheck(data)){
+            toast.show('非法输入');
+            return;
+        }
         if (ajaxtype == "POST" || ajaxtype == "PUT") {
             senddata = JSON.stringify(data)
         } else if (ajaxtype == "DELETE") {
@@ -47,14 +55,14 @@ class AjaxSend {
                 if (that.AppX.runtimeConfig.loadWait) {
                     that.AppX.runtimeConfig.loadWait.hide();
                 }
-
                 callBack.bind(that)(result);
             },
             error: (errorBack != undefined ? errorBack.bind(that) : function (data) {
                 if (that.toast) {
                     that.toast.show("服务端ajax出错，获取数据失败!");
                 }
-                console.error('请求地址：' + url + "，报错数据：" + data);
+                //安全问题，禁止返回具体url地址
+                //console.error('请求地址：' + url + "，报错数据：" + data);
                 if (that.AppX.runtimeConfig.loadWait) {
                     that.AppX.runtimeConfig.loadWait.hide();
                 }
@@ -108,7 +116,45 @@ class AjaxSend {
             dataType: "json",
         });
     }
-
+    /**
+     * 该方法用于对请求内容进行xss检查
+     * @param data 
+     */
+    xssCodeCheck(data:object):boolean{
+        let xssData={};
+        if(!data) return false;
+        for(let key in data){
+            xssData[key]=data[key];
+            if(Object.prototype.toString.call(data[key])==="[object String]"){
+                if(this.isXSS(data[key])){
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+    /**
+     * 该方法用于对string类型的查询内容进行xss检查
+     * @param str 
+     * @returns 
+     */
+    public xssCheckForStr(str:string):string{
+        const xsscheck=this.filterXss.process(str);
+        return xsscheck;
+    }
+    /**
+     * 该方法用于判断是否包含XSS攻击脚本
+     * @param str 
+     */
+    public isXSS(str:string):boolean{
+        let datastr=!str?"":str.toString();
+        const rgx=/\s|select\s|delete\s|truncate\s|join\s|union\s|exec\s|insert\s|drop\s|count\s|update\s/i;
+        if(rgx.test(str)){
+            return true;
+        }
+        const xssResult=this.filterXss.process(datastr);
+        return xssResult!==datastr;
+    }
     /**
        * ajax请求，含有文件的ajax请求
        * @param data 传送的数据

src/configure.ts

@@ -25,6 +25,7 @@ var AppX = {
         "myDeskUrl":"http://10.37.5.54:8080/UAC/sso/login",//mydesk地址    
         "userToken": "",//系统用户token
         "currentPrj":undefined,//当前项目
+        "lastSessionTime":new Date().getTime(),//最新操作时间
         "deptName": "",
         "realName": "",
         "userSkyId": "",

src/core/BaseWidget.class.ts

@@ -1,5 +1,6 @@
 import Base = require('core/Base.class');
 import Functions = require('core/Functions.module');
+import AjaxSend=require('common/AjaxSend.class');
 
 /**
  * 此为所有 Widget 类型控件的基类
@@ -23,7 +24,7 @@ class BaseWidget extends Base {
     label: string;
     icon: string;
     uri: string;
-
+    baseAjaxSend:AjaxSend;//后台请求类
     /**
      * 后台接口地址
      */
@@ -76,7 +77,8 @@ class BaseWidget extends Base {
         this.panelSelector = settings.panelSelector || undefined;
         this.readyCallback = settings.readyCallback || undefined;
         this.afterDestroyCallback = settings.afterDestroyCallback || undefined;
-
+        //后台接口请求类
+        this.baseAjaxSend=new AjaxSend();
         // 设置全局配置项
         this.appConfig = this.AppX.appConfig || {};
         this.activeView = this.AppX.runtimeConfig.activeView;

src/index.html

@@ -8,11 +8,11 @@
     <meta name="description" content="" />
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" />
     <link rel="apple-touch-icon" href="apple-touch-icon.png" />
-    <link rel="stylesheet" href="http://10.37.9.136:8081/supermap/Build/Cesium/Widgets/widgets.css" />
-    <link rel="stylesheet" href="http://10.37.9.136:8081/supermapjs/ol/ol.css" />
-    <link rel="stylesheet" href="http://10.37.9.136:8081/supermapjs/ol/iclient-ol.min.css" />
+    <link rel="stylesheet" href="http://192.168.2.238:8080/supermap10iSP1/Build/Cesium/Widgets/widgets.css" />
+    <link rel="stylesheet" href="http://192.168.2.238:8080/supermapjs/ol/ol.css" />
+    <link rel="stylesheet" href="http://192.168.2.238:8080/supermapjs/ol/iclient-ol.min.css" />
     <link rel="stylesheet" href="./vendor/font-awesome-4.7.0/css/font-awesome.min.css">
-    <link rel="stylesheet" href="http://10.37.9.136:8081/supermap/Build/Cesium/Control.MiniMap.css" />
+    <link rel="stylesheet" href="http://192.168.2.238:8080/supermap10iSP1/Build/Cesium/Control.MiniMap.css" />
     <link rel="stylesheet" href="./vendor/bootstrap-4.3.1/css/bootstrap.min.css" />
     <!--bootstrap 开关插件-->
     <link rel="stylesheet" href="./vendor/bootstrap4-toggle/css/bootstrap4-toggle.min.css">
@@ -32,8 +32,8 @@
     <link rel="stylesheet" href="css/animate.min.css" />
     <link rel="stylesheet" href="./vendor/iCheck/build.css" />
     <link rel="stylesheet" href="./vendor/viewerjs-1.6.1/viewer.min.css">
-    <script type="text/javascript" src="http://10.37.9.136:8081/supermapjs/leaflet/leaflet.js"></script>
-    <script type="text/javascript" src="http://10.37.9.136:8081/supermapjs/ol/ol.js"></script>
+    <script type="text/javascript" src="http://192.168.2.238:8080/supermapjs/leaflet/leaflet.js"></script>
+    <script type="text/javascript" src="http://192.168.2.238:8080/supermapjs/ol/ol.js"></script>
     <link rel="stylesheet" href="./vendor/jtoggler/jtoggler.css">
     <link rel="stylesheet" href="./vendor/videojs/video-js.min.css" rel="stylesheet">    
     <script src="./vendor/videojs/video.min.js"></script>
@@ -85,15 +85,23 @@
     <script src="./vendor/greensock/tween.js"></script>
     <script src="./vendor/echarts-4.2.1/js/echarts.min.js"></script>
     <script type="text/javascript" src="./vendor/turf/turf.min.js"></script>
-    <script type="text/javascript" src="http://10.37.9.136:8081/supermap/Build/Cesium/Cesium.js"></script>
+    <script type="text/javascript" src="http://192.168.2.238:8080/supermap10iSP1/Build/Cesium/Cesium.js"></script>
+    <script type="text/javascript" src="./vendor/crypto-js-4.0.0/core.js" charset="utf-8"></script>
+    <script type="text/javascript" src="./vendor/crypto-js-4.0.0/cipher-core.js" charset="utf-8"></script>
+    <script type="text/javascript" src="./vendor/crypto-js-4.0.0/enc-base64.js" charset="utf-8"></script>
+    <script type="text/javascript" src="./vendor/crypto-js-4.0.0/mode-ecb.js" charset="utf-8"></script>
+    <script type="text/javascript" src="./vendor/crypto-js-4.0.0/tripledes.js" charset="utf-8"></script>
+    <script type="text/javascript" src="./vendor/js-xss-1.0.8/xss.min.js"></script>
     <script type="text/javascript" src="./vendor/require/require.min.js"></script>
     <script src="./vendor/ext_cesium/tools/tools.min.js" type="text/javascript"></script>
     <script src="./vendor/jspdf/html2canvas-0.4.1.js" type="text/javascript"></script>
     <script language="javascript" type="text/javascript" src="./vendor/my97datepicker/WdatePicker.js"></script>
-    <script type="text/javascript" src="http://10.37.9.136:8081/supermap/Build/supermap/SuperMap.Include.js"></script>
-    <script type="text/javascript" src="http://10.37.9.136:8081/supermapjs/ol/iclient-ol.min.js"></script>
+    <script type="text/javascript" src="http://192.168.2.238:8080/supermap10iSP1/Build/supermap/SuperMap.Include.js"></script>
+    <script type="text/javascript" src="http://192.168.2.238:8080/supermapjs/ol/iclient-ol.min.js"></script>
     <script type="text/javascript" src="./vendor/jtoggler/jtoggler.js"></script>
     
+    
+    
     <script>
         require(["./main.js"]);
     </script>

src/vendor/crypto-js-4.0.0/cipher-core.js

@@ -0,0 +1,890 @@
+;(function (root, factory, undef) {
+	if (typeof exports === "object") {
+		// CommonJS
+		module.exports = exports = factory(require("./core"), require("./evpkdf"));
+	}
+	else if (typeof define === "function" && define.amd) {
+		// AMD
+		define(["./core", "./evpkdf"], factory);
+	}
+	else {
+		// Global (browser)
+		factory(root.CryptoJS);
+	}
+}(this, function (CryptoJS) {
+
+	/**
+	 * Cipher core components.
+	 */
+	CryptoJS.lib.Cipher || (function (undefined) {
+	    // Shortcuts
+	    var C = CryptoJS;
+	    var C_lib = C.lib;
+	    var Base = C_lib.Base;
+	    var WordArray = C_lib.WordArray;
+	    var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm;
+	    var C_enc = C.enc;
+	    var Utf8 = C_enc.Utf8;
+	    var Base64 = C_enc.Base64;
+	    var C_algo = C.algo;
+	    var EvpKDF = C_algo.EvpKDF;
+
+	    /**
+	     * Abstract base cipher template.
+	     *
+	     * @property {number} keySize This cipher's key size. Default: 4 (128 bits)
+	     * @property {number} ivSize This cipher's IV size. Default: 4 (128 bits)
+	     * @property {number} _ENC_XFORM_MODE A constant representing encryption mode.
+	     * @property {number} _DEC_XFORM_MODE A constant representing decryption mode.
+	     */
+	    var Cipher = C_lib.Cipher = BufferedBlockAlgorithm.extend({
+	        /**
+	         * Configuration options.
+	         *
+	         * @property {WordArray} iv The IV to use for this operation.
+	         */
+	        cfg: Base.extend(),
+
+	        /**
+	         * Creates this cipher in encryption mode.
+	         *
+	         * @param {WordArray} key The key.
+	         * @param {Object} cfg (Optional) The configuration options to use for this operation.
+	         *
+	         * @return {Cipher} A cipher instance.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var cipher = CryptoJS.algo.AES.createEncryptor(keyWordArray, { iv: ivWordArray });
+	         */
+	        createEncryptor: function (key, cfg) {
+	            return this.create(this._ENC_XFORM_MODE, key, cfg);
+	        },
+
+	        /**
+	         * Creates this cipher in decryption mode.
+	         *
+	         * @param {WordArray} key The key.
+	         * @param {Object} cfg (Optional) The configuration options to use for this operation.
+	         *
+	         * @return {Cipher} A cipher instance.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var cipher = CryptoJS.algo.AES.createDecryptor(keyWordArray, { iv: ivWordArray });
+	         */
+	        createDecryptor: function (key, cfg) {
+	            return this.create(this._DEC_XFORM_MODE, key, cfg);
+	        },
+
+	        /**
+	         * Initializes a newly created cipher.
+	         *
+	         * @param {number} xformMode Either the encryption or decryption transormation mode constant.
+	         * @param {WordArray} key The key.
+	         * @param {Object} cfg (Optional) The configuration options to use for this operation.
+	         *
+	         * @example
+	         *
+	         *     var cipher = CryptoJS.algo.AES.create(CryptoJS.algo.AES._ENC_XFORM_MODE, keyWordArray, { iv: ivWordArray });
+	         */
+	        init: function (xformMode, key, cfg) {
+	            // Apply config defaults
+	            this.cfg = this.cfg.extend(cfg);
+
+	            // Store transform mode and key
+	            this._xformMode = xformMode;
+	            this._key = key;
+
+	            // Set initial values
+	            this.reset();
+	        },
+
+	        /**
+	         * Resets this cipher to its initial state.
+	         *
+	         * @example
+	         *
+	         *     cipher.reset();
+	         */
+	        reset: function () {
+	            // Reset data buffer
+	            BufferedBlockAlgorithm.reset.call(this);
+
+	            // Perform concrete-cipher logic
+	            this._doReset();
+	        },
+
+	        /**
+	         * Adds data to be encrypted or decrypted.
+	         *
+	         * @param {WordArray|string} dataUpdate The data to encrypt or decrypt.
+	         *
+	         * @return {WordArray} The data after processing.
+	         *
+	         * @example
+	         *
+	         *     var encrypted = cipher.process('data');
+	         *     var encrypted = cipher.process(wordArray);
+	         */
+	        process: function (dataUpdate) {
+	            // Append
+	            this._append(dataUpdate);
+
+	            // Process available blocks
+	            return this._process();
+	        },
+
+	        /**
+	         * Finalizes the encryption or decryption process.
+	         * Note that the finalize operation is effectively a destructive, read-once operation.
+	         *
+	         * @param {WordArray|string} dataUpdate The final data to encrypt or decrypt.
+	         *
+	         * @return {WordArray} The data after final processing.
+	         *
+	         * @example
+	         *
+	         *     var encrypted = cipher.finalize();
+	         *     var encrypted = cipher.finalize('data');
+	         *     var encrypted = cipher.finalize(wordArray);
+	         */
+	        finalize: function (dataUpdate) {
+	            // Final data update
+	            if (dataUpdate) {
+	                this._append(dataUpdate);
+	            }
+
+	            // Perform concrete-cipher logic
+	            var finalProcessedData = this._doFinalize();
+
+	            return finalProcessedData;
+	        },
+
+	        keySize: 128/32,
+
+	        ivSize: 128/32,
+
+	        _ENC_XFORM_MODE: 1,
+
+	        _DEC_XFORM_MODE: 2,
+
+	        /**
+	         * Creates shortcut functions to a cipher's object interface.
+	         *
+	         * @param {Cipher} cipher The cipher to create a helper for.
+	         *
+	         * @return {Object} An object with encrypt and decrypt shortcut functions.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var AES = CryptoJS.lib.Cipher._createHelper(CryptoJS.algo.AES);
+	         */
+	        _createHelper: (function () {
+	            function selectCipherStrategy(key) {
+	                if (typeof key == 'string') {
+	                    return PasswordBasedCipher;
+	                } else {
+	                    return SerializableCipher;
+	                }
+	            }
+
+	            return function (cipher) {
+	                return {
+	                    encrypt: function (message, key, cfg) {
+	                        return selectCipherStrategy(key).encrypt(cipher, message, key, cfg);
+	                    },
+
+	                    decrypt: function (ciphertext, key, cfg) {
+	                        return selectCipherStrategy(key).decrypt(cipher, ciphertext, key, cfg);
+	                    }
+	                };
+	            };
+	        }())
+	    });
+
+	    /**
+	     * Abstract base stream cipher template.
+	     *
+	     * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 1 (32 bits)
+	     */
+	    var StreamCipher = C_lib.StreamCipher = Cipher.extend({
+	        _doFinalize: function () {
+	            // Process partial blocks
+	            var finalProcessedBlocks = this._process(!!'flush');
+
+	            return finalProcessedBlocks;
+	        },
+
+	        blockSize: 1
+	    });
+
+	    /**
+	     * Mode namespace.
+	     */
+	    var C_mode = C.mode = {};
+
+	    /**
+	     * Abstract base block cipher mode template.
+	     */
+	    var BlockCipherMode = C_lib.BlockCipherMode = Base.extend({
+	        /**
+	         * Creates this mode for encryption.
+	         *
+	         * @param {Cipher} cipher A block cipher instance.
+	         * @param {Array} iv The IV words.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var mode = CryptoJS.mode.CBC.createEncryptor(cipher, iv.words);
+	         */
+	        createEncryptor: function (cipher, iv) {
+	            return this.Encryptor.create(cipher, iv);
+	        },
+
+	        /**
+	         * Creates this mode for decryption.
+	         *
+	         * @param {Cipher} cipher A block cipher instance.
+	         * @param {Array} iv The IV words.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var mode = CryptoJS.mode.CBC.createDecryptor(cipher, iv.words);
+	         */
+	        createDecryptor: function (cipher, iv) {
+	            return this.Decryptor.create(cipher, iv);
+	        },
+
+	        /**
+	         * Initializes a newly created mode.
+	         *
+	         * @param {Cipher} cipher A block cipher instance.
+	         * @param {Array} iv The IV words.
+	         *
+	         * @example
+	         *
+	         *     var mode = CryptoJS.mode.CBC.Encryptor.create(cipher, iv.words);
+	         */
+	        init: function (cipher, iv) {
+	            this._cipher = cipher;
+	            this._iv = iv;
+	        }
+	    });
+
+	    /**
+	     * Cipher Block Chaining mode.
+	     */
+	    var CBC = C_mode.CBC = (function () {
+	        /**
+	         * Abstract base CBC mode.
+	         */
+	        var CBC = BlockCipherMode.extend();
+
+	        /**
+	         * CBC encryptor.
+	         */
+	        CBC.Encryptor = CBC.extend({
+	            /**
+	             * Processes the data block at offset.
+	             *
+	             * @param {Array} words The data words to operate on.
+	             * @param {number} offset The offset where the block starts.
+	             *
+	             * @example
+	             *
+	             *     mode.processBlock(data.words, offset);
+	             */
+	            processBlock: function (words, offset) {
+	                // Shortcuts
+	                var cipher = this._cipher;
+	                var blockSize = cipher.blockSize;
+
+	                // XOR and encrypt
+	                xorBlock.call(this, words, offset, blockSize);
+	                cipher.encryptBlock(words, offset);
+
+	                // Remember this block to use with next block
+	                this._prevBlock = words.slice(offset, offset + blockSize);
+	            }
+	        });
+
+	        /**
+	         * CBC decryptor.
+	         */
+	        CBC.Decryptor = CBC.extend({
+	            /**
+	             * Processes the data block at offset.
+	             *
+	             * @param {Array} words The data words to operate on.
+	             * @param {number} offset The offset where the block starts.
+	             *
+	             * @example
+	             *
+	             *     mode.processBlock(data.words, offset);
+	             */
+	            processBlock: function (words, offset) {
+	                // Shortcuts
+	                var cipher = this._cipher;
+	                var blockSize = cipher.blockSize;
+
+	                // Remember this block to use with next block
+	                var thisBlock = words.slice(offset, offset + blockSize);
+
+	                // Decrypt and XOR
+	                cipher.decryptBlock(words, offset);
+	                xorBlock.call(this, words, offset, blockSize);
+
+	                // This block becomes the previous block
+	                this._prevBlock = thisBlock;
+	            }
+	        });
+
+	        function xorBlock(words, offset, blockSize) {
+	            var block;
+
+	            // Shortcut
+	            var iv = this._iv;
+
+	            // Choose mixing block
+	            if (iv) {
+	                block = iv;
+
+	                // Remove IV for subsequent blocks
+	                this._iv = undefined;
+	            } else {
+	                block = this._prevBlock;
+	            }
+
+	            // XOR blocks
+	            for (var i = 0; i < blockSize; i++) {
+	                words[offset + i] ^= block[i];
+	            }
+	        }
+
+	        return CBC;
+	    }());
+
+	    /**
+	     * Padding namespace.
+	     */
+	    var C_pad = C.pad = {};
+
+	    /**
+	     * PKCS #5/7 padding strategy.
+	     */
+	    var Pkcs7 = C_pad.Pkcs7 = {
+	        /**
+	         * Pads data using the algorithm defined in PKCS #5/7.
+	         *
+	         * @param {WordArray} data The data to pad.
+	         * @param {number} blockSize The multiple that the data should be padded to.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     CryptoJS.pad.Pkcs7.pad(wordArray, 4);
+	         */
+	        pad: function (data, blockSize) {
+	            // Shortcut
+	            var blockSizeBytes = blockSize * 4;
+
+	            // Count padding bytes
+	            var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
+
+	            // Create padding word
+	            var paddingWord = (nPaddingBytes << 24) | (nPaddingBytes << 16) | (nPaddingBytes << 8) | nPaddingBytes;
+
+	            // Create padding
+	            var paddingWords = [];
+	            for (var i = 0; i < nPaddingBytes; i += 4) {
+	                paddingWords.push(paddingWord);
+	            }
+	            var padding = WordArray.create(paddingWords, nPaddingBytes);
+
+	            // Add padding
+	            data.concat(padding);
+	        },
+
+	        /**
+	         * Unpads data that had been padded using the algorithm defined in PKCS #5/7.
+	         *
+	         * @param {WordArray} data The data to unpad.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     CryptoJS.pad.Pkcs7.unpad(wordArray);
+	         */
+	        unpad: function (data) {
+	            // Get number of padding bytes from last byte
+	            var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
+
+	            // Remove padding
+	            data.sigBytes -= nPaddingBytes;
+	        }
+	    };
+
+	    /**
+	     * Abstract base block cipher template.
+	     *
+	     * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 4 (128 bits)
+	     */
+	    var BlockCipher = C_lib.BlockCipher = Cipher.extend({
+	        /**
+	         * Configuration options.
+	         *
+	         * @property {Mode} mode The block mode to use. Default: CBC
+	         * @property {Padding} padding The padding strategy to use. Default: Pkcs7
+	         */
+	        cfg: Cipher.cfg.extend({
+	            mode: CBC,
+	            padding: Pkcs7
+	        }),
+
+	        reset: function () {
+	            var modeCreator;
+
+	            // Reset cipher
+	            Cipher.reset.call(this);
+
+	            // Shortcuts
+	            var cfg = this.cfg;
+	            var iv = cfg.iv;
+	            var mode = cfg.mode;
+
+	            // Reset block mode
+	            if (this._xformMode == this._ENC_XFORM_MODE) {
+	                modeCreator = mode.createEncryptor;
+	            } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
+	                modeCreator = mode.createDecryptor;
+	                // Keep at least one block in the buffer for unpadding
+	                this._minBufferSize = 1;
+	            }
+
+	            if (this._mode && this._mode.__creator == modeCreator) {
+	                this._mode.init(this, iv && iv.words);
+	            } else {
+	                this._mode = modeCreator.call(mode, this, iv && iv.words);
+	                this._mode.__creator = modeCreator;
+	            }
+	        },
+
+	        _doProcessBlock: function (words, offset) {
+	            this._mode.processBlock(words, offset);
+	        },
+
+	        _doFinalize: function () {
+	            var finalProcessedBlocks;
+
+	            // Shortcut
+	            var padding = this.cfg.padding;
+
+	            // Finalize
+	            if (this._xformMode == this._ENC_XFORM_MODE) {
+	                // Pad data
+	                padding.pad(this._data, this.blockSize);
+
+	                // Process final blocks
+	                finalProcessedBlocks = this._process(!!'flush');
+	            } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
+	                // Process final blocks
+	                finalProcessedBlocks = this._process(!!'flush');
+
+	                // Unpad data
+	                padding.unpad(finalProcessedBlocks);
+	            }
+
+	            return finalProcessedBlocks;
+	        },
+
+	        blockSize: 128/32
+	    });
+
+	    /**
+	     * A collection of cipher parameters.
+	     *
+	     * @property {WordArray} ciphertext The raw ciphertext.
+	     * @property {WordArray} key The key to this ciphertext.
+	     * @property {WordArray} iv The IV used in the ciphering operation.
+	     * @property {WordArray} salt The salt used with a key derivation function.
+	     * @property {Cipher} algorithm The cipher algorithm.
+	     * @property {Mode} mode The block mode used in the ciphering operation.
+	     * @property {Padding} padding The padding scheme used in the ciphering operation.
+	     * @property {number} blockSize The block size of the cipher.
+	     * @property {Format} formatter The default formatting strategy to convert this cipher params object to a string.
+	     */
+	    var CipherParams = C_lib.CipherParams = Base.extend({
+	        /**
+	         * Initializes a newly created cipher params object.
+	         *
+	         * @param {Object} cipherParams An object with any of the possible cipher parameters.
+	         *
+	         * @example
+	         *
+	         *     var cipherParams = CryptoJS.lib.CipherParams.create({
+	         *         ciphertext: ciphertextWordArray,
+	         *         key: keyWordArray,
+	         *         iv: ivWordArray,
+	         *         salt: saltWordArray,
+	         *         algorithm: CryptoJS.algo.AES,
+	         *         mode: CryptoJS.mode.CBC,
+	         *         padding: CryptoJS.pad.PKCS7,
+	         *         blockSize: 4,
+	         *         formatter: CryptoJS.format.OpenSSL
+	         *     });
+	         */
+	        init: function (cipherParams) {
+	            this.mixIn(cipherParams);
+	        },
+
+	        /**
+	         * Converts this cipher params object to a string.
+	         *
+	         * @param {Format} formatter (Optional) The formatting strategy to use.
+	         *
+	         * @return {string} The stringified cipher params.
+	         *
+	         * @throws Error If neither the formatter nor the default formatter is set.
+	         *
+	         * @example
+	         *
+	         *     var string = cipherParams + '';
+	         *     var string = cipherParams.toString();
+	         *     var string = cipherParams.toString(CryptoJS.format.OpenSSL);
+	         */
+	        toString: function (formatter) {
+	            return (formatter || this.formatter).stringify(this);
+	        }
+	    });
+
+	    /**
+	     * Format namespace.
+	     */
+	    var C_format = C.format = {};
+
+	    /**
+	     * OpenSSL formatting strategy.
+	     */
+	    var OpenSSLFormatter = C_format.OpenSSL = {
+	        /**
+	         * Converts a cipher params object to an OpenSSL-compatible string.
+	         *
+	         * @param {CipherParams} cipherParams The cipher params object.
+	         *
+	         * @return {string} The OpenSSL-compatible string.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var openSSLString = CryptoJS.format.OpenSSL.stringify(cipherParams);
+	         */
+	        stringify: function (cipherParams) {
+	            var wordArray;
+
+	            // Shortcuts
+	            var ciphertext = cipherParams.ciphertext;
+	            var salt = cipherParams.salt;
+
+	            // Format
+	            if (salt) {
+	                wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext);
+	            } else {
+	                wordArray = ciphertext;
+	            }
+
+	            return wordArray.toString(Base64);
+	        },
+
+	        /**
+	         * Converts an OpenSSL-compatible string to a cipher params object.
+	         *
+	         * @param {string} openSSLStr The OpenSSL-compatible string.
+	         *
+	         * @return {CipherParams} The cipher params object.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var cipherParams = CryptoJS.format.OpenSSL.parse(openSSLString);
+	         */
+	        parse: function (openSSLStr) {
+	            var salt;
+
+	            // Parse base64
+	            var ciphertext = Base64.parse(openSSLStr);
+
+	            // Shortcut
+	            var ciphertextWords = ciphertext.words;
+
+	            // Test for salt
+	            if (ciphertextWords[0] == 0x53616c74 && ciphertextWords[1] == 0x65645f5f) {
+	                // Extract salt
+	                salt = WordArray.create(ciphertextWords.slice(2, 4));
+
+	                // Remove salt from ciphertext
+	                ciphertextWords.splice(0, 4);
+	                ciphertext.sigBytes -= 16;
+	            }
+
+	            return CipherParams.create({ ciphertext: ciphertext, salt: salt });
+	        }
+	    };
+
+	    /**
+	     * A cipher wrapper that returns ciphertext as a serializable cipher params object.
+	     */
+	    var SerializableCipher = C_lib.SerializableCipher = Base.extend({
+	        /**
+	         * Configuration options.
+	         *
+	         * @property {Formatter} format The formatting strategy to convert cipher param objects to and from a string. Default: OpenSSL
+	         */
+	        cfg: Base.extend({
+	            format: OpenSSLFormatter
+	        }),
+
+	        /**
+	         * Encrypts a message.
+	         *
+	         * @param {Cipher} cipher The cipher algorithm to use.
+	         * @param {WordArray|string} message The message to encrypt.
+	         * @param {WordArray} key The key.
+	         * @param {Object} cfg (Optional) The configuration options to use for this operation.
+	         *
+	         * @return {CipherParams} A cipher params object.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key);
+	         *     var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv });
+	         *     var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv, format: CryptoJS.format.OpenSSL });
+	         */
+	        encrypt: function (cipher, message, key, cfg) {
+	            // Apply config defaults
+	            cfg = this.cfg.extend(cfg);
+
+	            // Encrypt
+	            var encryptor = cipher.createEncryptor(key, cfg);
+	            var ciphertext = encryptor.finalize(message);
+
+	            // Shortcut
+	            var cipherCfg = encryptor.cfg;
+
+	            // Create and return serializable cipher params
+	            return CipherParams.create({
+	                ciphertext: ciphertext,
+	                key: key,
+	                iv: cipherCfg.iv,
+	                algorithm: cipher,
+	                mode: cipherCfg.mode,
+	                padding: cipherCfg.padding,
+	                blockSize: cipher.blockSize,
+	                formatter: cfg.format
+	            });
+	        },
+
+	        /**
+	         * Decrypts serialized ciphertext.
+	         *
+	         * @param {Cipher} cipher The cipher algorithm to use.
+	         * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
+	         * @param {WordArray} key The key.
+	         * @param {Object} cfg (Optional) The configuration options to use for this operation.
+	         *
+	         * @return {WordArray} The plaintext.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, key, { iv: iv, format: CryptoJS.format.OpenSSL });
+	         *     var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, key, { iv: iv, format: CryptoJS.format.OpenSSL });
+	         */
+	        decrypt: function (cipher, ciphertext, key, cfg) {
+	            // Apply config defaults
+	            cfg = this.cfg.extend(cfg);
+
+	            // Convert string to CipherParams
+	            ciphertext = this._parse(ciphertext, cfg.format);
+
+	            // Decrypt
+	            var plaintext = cipher.createDecryptor(key, cfg).finalize(ciphertext.ciphertext);
+
+	            return plaintext;
+	        },
+
+	        /**
+	         * Converts serialized ciphertext to CipherParams,
+	         * else assumed CipherParams already and returns ciphertext unchanged.
+	         *
+	         * @param {CipherParams|string} ciphertext The ciphertext.
+	         * @param {Formatter} format The formatting strategy to use to parse serialized ciphertext.
+	         *
+	         * @return {CipherParams} The unserialized ciphertext.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var ciphertextParams = CryptoJS.lib.SerializableCipher._parse(ciphertextStringOrParams, format);
+	         */
+	        _parse: function (ciphertext, format) {
+	            if (typeof ciphertext == 'string') {
+	                return format.parse(ciphertext, this);
+	            } else {
+	                return ciphertext;
+	            }
+	        }
+	    });
+
+	    /**
+	     * Key derivation function namespace.
+	     */
+	    var C_kdf = C.kdf = {};
+
+	    /**
+	     * OpenSSL key derivation function.
+	     */
+	    var OpenSSLKdf = C_kdf.OpenSSL = {
+	        /**
+	         * Derives a key and IV from a password.
+	         *
+	         * @param {string} password The password to derive from.
+	         * @param {number} keySize The size in words of the key to generate.
+	         * @param {number} ivSize The size in words of the IV to generate.
+	         * @param {WordArray|string} salt (Optional) A 64-bit salt to use. If omitted, a salt will be generated randomly.
+	         *
+	         * @return {CipherParams} A cipher params object with the key, IV, and salt.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32);
+	         *     var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32, 'saltsalt');
+	         */
+	        execute: function (password, keySize, ivSize, salt) {
+	            // Generate random salt
+	            if (!salt) {
+	                salt = WordArray.random(64/8);
+	            }
+
+	            // Derive key and IV
+	            var key = EvpKDF.create({ keySize: keySize + ivSize }).compute(password, salt);
+
+	            // Separate key and IV
+	            var iv = WordArray.create(key.words.slice(keySize), ivSize * 4);
+	            key.sigBytes = keySize * 4;
+
+	            // Return params
+	            return CipherParams.create({ key: key, iv: iv, salt: salt });
+	        }
+	    };
+
+	    /**
+	     * A serializable cipher wrapper that derives the key from a password,
+	     * and returns ciphertext as a serializable cipher params object.
+	     */
+	    var PasswordBasedCipher = C_lib.PasswordBasedCipher = SerializableCipher.extend({
+	        /**
+	         * Configuration options.
+	         *
+	         * @property {KDF} kdf The key derivation function to use to generate a key and IV from a password. Default: OpenSSL
+	         */
+	        cfg: SerializableCipher.cfg.extend({
+	            kdf: OpenSSLKdf
+	        }),
+
+	        /**
+	         * Encrypts a message using a password.
+	         *
+	         * @param {Cipher} cipher The cipher algorithm to use.
+	         * @param {WordArray|string} message The message to encrypt.
+	         * @param {string} password The password.
+	         * @param {Object} cfg (Optional) The configuration options to use for this operation.
+	         *
+	         * @return {CipherParams} A cipher params object.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password');
+	         *     var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password', { format: CryptoJS.format.OpenSSL });
+	         */
+	        encrypt: function (cipher, message, password, cfg) {
+	            // Apply config defaults
+	            cfg = this.cfg.extend(cfg);
+
+	            // Derive key and other params
+	            var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize);
+
+	            // Add IV to config
+	            cfg.iv = derivedParams.iv;
+
+	            // Encrypt
+	            var ciphertext = SerializableCipher.encrypt.call(this, cipher, message, derivedParams.key, cfg);
+
+	            // Mix in derived params
+	            ciphertext.mixIn(derivedParams);
+
+	            return ciphertext;
+	        },
+
+	        /**
+	         * Decrypts serialized ciphertext using a password.
+	         *
+	         * @param {Cipher} cipher The cipher algorithm to use.
+	         * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
+	         * @param {string} password The password.
+	         * @param {Object} cfg (Optional) The configuration options to use for this operation.
+	         *
+	         * @return {WordArray} The plaintext.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, 'password', { format: CryptoJS.format.OpenSSL });
+	         *     var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, 'password', { format: CryptoJS.format.OpenSSL });
+	         */
+	        decrypt: function (cipher, ciphertext, password, cfg) {
+	            // Apply config defaults
+	            cfg = this.cfg.extend(cfg);
+
+	            // Convert string to CipherParams
+	            ciphertext = this._parse(ciphertext, cfg.format);
+
+	            // Derive key and other params
+	            var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize, ciphertext.salt);
+
+	            // Add IV to config
+	            cfg.iv = derivedParams.iv;
+
+	            // Decrypt
+	            var plaintext = SerializableCipher.decrypt.call(this, cipher, ciphertext, derivedParams.key, cfg);
+
+	            return plaintext;
+	        }
+	    });
+	}());
+
+
+}));

src/vendor/crypto-js-4.0.0/core.js

@@ -0,0 +1,797 @@
+;(function (root, factory) {
+	if (typeof exports === "object") {
+		// CommonJS
+		module.exports = exports = factory();
+	}
+	else if (typeof define === "function" && define.amd) {
+		// AMD
+		define([], factory);
+	}
+	else {
+		// Global (browser)
+		root.CryptoJS = factory();
+	}
+}(this, function () {
+
+	/*globals window, global, require*/
+
+	/**
+	 * CryptoJS core components.
+	 */
+	var CryptoJS = CryptoJS || (function (Math, undefined) {
+
+	    var crypto;
+
+	    // Native crypto from window (Browser)
+	    if (typeof window !== 'undefined' && window.crypto) {
+	        crypto = window.crypto;
+	    }
+
+	    // Native (experimental IE 11) crypto from window (Browser)
+	    if (!crypto && typeof window !== 'undefined' && window.msCrypto) {
+	        crypto = window.msCrypto;
+	    }
+
+	    // Native crypto from global (NodeJS)
+	    if (!crypto && typeof global !== 'undefined' && global.crypto) {
+	        crypto = global.crypto;
+	    }
+
+	    // Native crypto import via require (NodeJS)
+	    if (!crypto && typeof require === 'function') {
+	        try {
+	            crypto = require('crypto');
+	        } catch (err) {}
+	    }
+
+	    /*
+	     * Cryptographically secure pseudorandom number generator
+	     *
+	     * As Math.random() is cryptographically not safe to use
+	     */
+	    var cryptoSecureRandomInt = function () {
+	        if (crypto) {
+	            // Use getRandomValues method (Browser)
+	            if (typeof crypto.getRandomValues === 'function') {
+	                try {
+	                    return crypto.getRandomValues(new Uint32Array(1))[0];
+	                } catch (err) {}
+	            }
+
+	            // Use randomBytes method (NodeJS)
+	            if (typeof crypto.randomBytes === 'function') {
+	                try {
+	                    return crypto.randomBytes(4).readInt32LE();
+	                } catch (err) {}
+	            }
+	        }
+
+	        throw new Error('Native crypto module could not be used to get secure random number.');
+	    };
+
+	    /*
+	     * Local polyfill of Object.create
+
+	     */
+	    var create = Object.create || (function () {
+	        function F() {}
+
+	        return function (obj) {
+	            var subtype;
+
+	            F.prototype = obj;
+
+	            subtype = new F();
+
+	            F.prototype = null;
+
+	            return subtype;
+	        };
+	    }())
+
+	    /**
+	     * CryptoJS namespace.
+	     */
+	    var C = {};
+
+	    /**
+	     * Library namespace.
+	     */
+	    var C_lib = C.lib = {};
+
+	    /**
+	     * Base object for prototypal inheritance.
+	     */
+	    var Base = C_lib.Base = (function () {
+
+
+	        return {
+	            /**
+	             * Creates a new object that inherits from this object.
+	             *
+	             * @param {Object} overrides Properties to copy into the new object.
+	             *
+	             * @return {Object} The new object.
+	             *
+	             * @static
+	             *
+	             * @example
+	             *
+	             *     var MyType = CryptoJS.lib.Base.extend({
+	             *         field: 'value',
+	             *
+	             *         method: function () {
+	             *         }
+	             *     });
+	             */
+	            extend: function (overrides) {
+	                // Spawn
+	                var subtype = create(this);
+
+	                // Augment
+	                if (overrides) {
+	                    subtype.mixIn(overrides);
+	                }
+
+	                // Create default initializer
+	                if (!subtype.hasOwnProperty('init') || this.init === subtype.init) {
+	                    subtype.init = function () {
+	                        subtype.$super.init.apply(this, arguments);
+	                    };
+	                }
+
+	                // Initializer's prototype is the subtype object
+	                subtype.init.prototype = subtype;
+
+	                // Reference supertype
+	                subtype.$super = this;
+
+	                return subtype;
+	            },
+
+	            /**
+	             * Extends this object and runs the init method.
+	             * Arguments to create() will be passed to init().
+	             *
+	             * @return {Object} The new object.
+	             *
+	             * @static
+	             *
+	             * @example
+	             *
+	             *     var instance = MyType.create();
+	             */
+	            create: function () {
+	                var instance = this.extend();
+	                instance.init.apply(instance, arguments);
+
+	                return instance;
+	            },
+
+	            /**
+	             * Initializes a newly created object.
+	             * Override this method to add some logic when your objects are created.
+	             *
+	             * @example
+	             *
+	             *     var MyType = CryptoJS.lib.Base.extend({
+	             *         init: function () {
+	             *             // ...
+	             *         }
+	             *     });
+	             */
+	            init: function () {
+	            },
+
+	            /**
+	             * Copies properties into this object.
+	             *
+	             * @param {Object} properties The properties to mix in.
+	             *
+	             * @example
+	             *
+	             *     MyType.mixIn({
+	             *         field: 'value'
+	             *     });
+	             */
+	            mixIn: function (properties) {
+	                for (var propertyName in properties) {
+	                    if (properties.hasOwnProperty(propertyName)) {
+	                        this[propertyName] = properties[propertyName];
+	                    }
+	                }
+
+	                // IE won't copy toString using the loop above
+	                if (properties.hasOwnProperty('toString')) {
+	                    this.toString = properties.toString;
+	                }
+	            },
+
+	            /**
+	             * Creates a copy of this object.
+	             *
+	             * @return {Object} The clone.
+	             *
+	             * @example
+	             *
+	             *     var clone = instance.clone();
+	             */
+	            clone: function () {
+	                return this.init.prototype.extend(this);
+	            }
+	        };
+	    }());
+
+	    /**
+	     * An array of 32-bit words.
+	     *
+	     * @property {Array} words The array of 32-bit words.
+	     * @property {number} sigBytes The number of significant bytes in this word array.
+	     */
+	    var WordArray = C_lib.WordArray = Base.extend({
+	        /**
+	         * Initializes a newly created word array.
+	         *
+	         * @param {Array} words (Optional) An array of 32-bit words.
+	         * @param {number} sigBytes (Optional) The number of significant bytes in the words.
+	         *
+	         * @example
+	         *
+	         *     var wordArray = CryptoJS.lib.WordArray.create();
+	         *     var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);
+	         *     var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);
+	         */
+	        init: function (words, sigBytes) {
+	            words = this.words = words || [];
+
+	            if (sigBytes != undefined) {
+	                this.sigBytes = sigBytes;
+	            } else {
+	                this.sigBytes = words.length * 4;
+	            }
+	        },
+
+	        /**
+	         * Converts this word array to a string.
+	         *
+	         * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex
+	         *
+	         * @return {string} The stringified word array.
+	         *
+	         * @example
+	         *
+	         *     var string = wordArray + '';
+	         *     var string = wordArray.toString();
+	         *     var string = wordArray.toString(CryptoJS.enc.Utf8);
+	         */
+	        toString: function (encoder) {
+	            return (encoder || Hex).stringify(this);
+	        },
+
+	        /**
+	         * Concatenates a word array to this word array.
+	         *
+	         * @param {WordArray} wordArray The word array to append.
+	         *
+	         * @return {WordArray} This word array.
+	         *
+	         * @example
+	         *
+	         *     wordArray1.concat(wordArray2);
+	         */
+	        concat: function (wordArray) {
+	            // Shortcuts
+	            var thisWords = this.words;
+	            var thatWords = wordArray.words;
+	            var thisSigBytes = this.sigBytes;
+	            var thatSigBytes = wordArray.sigBytes;
+
+	            // Clamp excess bits
+	            this.clamp();
+
+	            // Concat
+	            if (thisSigBytes % 4) {
+	                // Copy one byte at a time
+	                for (var i = 0; i < thatSigBytes; i++) {
+	                    var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
+	                    thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);
+	                }
+	            } else {
+	                // Copy one word at a time
+	                for (var i = 0; i < thatSigBytes; i += 4) {
+	                    thisWords[(thisSigBytes + i) >>> 2] = thatWords[i >>> 2];
+	                }
+	            }
+	            this.sigBytes += thatSigBytes;
+
+	            // Chainable
+	            return this;
+	        },
+
+	        /**
+	         * Removes insignificant bits.
+	         *
+	         * @example
+	         *
+	         *     wordArray.clamp();
+	         */
+	        clamp: function () {
+	            // Shortcuts
+	            var words = this.words;
+	            var sigBytes = this.sigBytes;
+
+	            // Clamp
+	            words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);
+	            words.length = Math.ceil(sigBytes / 4);
+	        },
+
+	        /**
+	         * Creates a copy of this word array.
+	         *
+	         * @return {WordArray} The clone.
+	         *
+	         * @example
+	         *
+	         *     var clone = wordArray.clone();
+	         */
+	        clone: function () {
+	            var clone = Base.clone.call(this);
+	            clone.words = this.words.slice(0);
+
+	            return clone;
+	        },
+
+	        /**
+	         * Creates a word array filled with random bytes.
+	         *
+	         * @param {number} nBytes The number of random bytes to generate.
+	         *
+	         * @return {WordArray} The random word array.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var wordArray = CryptoJS.lib.WordArray.random(16);
+	         */
+	        random: function (nBytes) {
+	            var words = [];
+
+	            for (var i = 0; i < nBytes; i += 4) {
+	                words.push(cryptoSecureRandomInt());
+	            }
+
+	            return new WordArray.init(words, nBytes);
+	        }
+	    });
+
+	    /**
+	     * Encoder namespace.
+	     */
+	    var C_enc = C.enc = {};
+
+	    /**
+	     * Hex encoding strategy.
+	     */
+	    var Hex = C_enc.Hex = {
+	        /**
+	         * Converts a word array to a hex string.
+	         *
+	         * @param {WordArray} wordArray The word array.
+	         *
+	         * @return {string} The hex string.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var hexString = CryptoJS.enc.Hex.stringify(wordArray);
+	         */
+	        stringify: function (wordArray) {
+	            // Shortcuts
+	            var words = wordArray.words;
+	            var sigBytes = wordArray.sigBytes;
+
+	            // Convert
+	            var hexChars = [];
+	            for (var i = 0; i < sigBytes; i++) {
+	                var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
+	                hexChars.push((bite >>> 4).toString(16));
+	                hexChars.push((bite & 0x0f).toString(16));
+	            }
+
+	            return hexChars.join('');
+	        },
+
+	        /**
+	         * Converts a hex string to a word array.
+	         *
+	         * @param {string} hexStr The hex string.
+	         *
+	         * @return {WordArray} The word array.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var wordArray = CryptoJS.enc.Hex.parse(hexString);
+	         */
+	        parse: function (hexStr) {
+	            // Shortcut
+	            var hexStrLength = hexStr.length;
+
+	            // Convert
+	            var words = [];
+	            for (var i = 0; i < hexStrLength; i += 2) {
+	                words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);
+	            }
+
+	            return new WordArray.init(words, hexStrLength / 2);
+	        }
+	    };
+
+	    /**
+	     * Latin1 encoding strategy.
+	     */
+	    var Latin1 = C_enc.Latin1 = {
+	        /**
+	         * Converts a word array to a Latin1 string.
+	         *
+	         * @param {WordArray} wordArray The word array.
+	         *
+	         * @return {string} The Latin1 string.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);
+	         */
+	        stringify: function (wordArray) {
+	            // Shortcuts
+	            var words = wordArray.words;
+	            var sigBytes = wordArray.sigBytes;
+
+	            // Convert
+	            var latin1Chars = [];
+	            for (var i = 0; i < sigBytes; i++) {
+	                var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
+	                latin1Chars.push(String.fromCharCode(bite));
+	            }
+
+	            return latin1Chars.join('');
+	        },
+
+	        /**
+	         * Converts a Latin1 string to a word array.
+	         *
+	         * @param {string} latin1Str The Latin1 string.
+	         *
+	         * @return {WordArray} The word array.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var wordArray = CryptoJS.enc.Latin1.parse(latin1String);
+	         */
+	        parse: function (latin1Str) {
+	            // Shortcut
+	            var latin1StrLength = latin1Str.length;
+
+	            // Convert
+	            var words = [];
+	            for (var i = 0; i < latin1StrLength; i++) {
+	                words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);
+	            }
+
+	            return new WordArray.init(words, latin1StrLength);
+	        }
+	    };
+
+	    /**
+	     * UTF-8 encoding strategy.
+	     */
+	    var Utf8 = C_enc.Utf8 = {
+	        /**
+	         * Converts a word array to a UTF-8 string.
+	         *
+	         * @param {WordArray} wordArray The word array.
+	         *
+	         * @return {string} The UTF-8 string.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);
+	         */
+	        stringify: function (wordArray) {
+	            try {
+	                return decodeURIComponent(escape(Latin1.stringify(wordArray)));
+	            } catch (e) {
+	                throw new Error('Malformed UTF-8 data');
+	            }
+	        },
+
+	        /**
+	         * Converts a UTF-8 string to a word array.
+	         *
+	         * @param {string} utf8Str The UTF-8 string.
+	         *
+	         * @return {WordArray} The word array.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var wordArray = CryptoJS.enc.Utf8.parse(utf8String);
+	         */
+	        parse: function (utf8Str) {
+	            return Latin1.parse(unescape(encodeURIComponent(utf8Str)));
+	        }
+	    };
+
+	    /**
+	     * Abstract buffered block algorithm template.
+	     *
+	     * The property blockSize must be implemented in a concrete subtype.
+	     *
+	     * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0
+	     */
+	    var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({
+	        /**
+	         * Resets this block algorithm's data buffer to its initial state.
+	         *
+	         * @example
+	         *
+	         *     bufferedBlockAlgorithm.reset();
+	         */
+	        reset: function () {
+	            // Initial values
+	            this._data = new WordArray.init();
+	            this._nDataBytes = 0;
+	        },
+
+	        /**
+	         * Adds new data to this block algorithm's buffer.
+	         *
+	         * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.
+	         *
+	         * @example
+	         *
+	         *     bufferedBlockAlgorithm._append('data');
+	         *     bufferedBlockAlgorithm._append(wordArray);
+	         */
+	        _append: function (data) {
+	            // Convert string to WordArray, else assume WordArray already
+	            if (typeof data == 'string') {
+	                data = Utf8.parse(data);
+	            }
+
+	            // Append
+	            this._data.concat(data);
+	            this._nDataBytes += data.sigBytes;
+	        },
+
+	        /**
+	         * Processes available data blocks.
+	         *
+	         * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.
+	         *
+	         * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.
+	         *
+	         * @return {WordArray} The processed data.
+	         *
+	         * @example
+	         *
+	         *     var processedData = bufferedBlockAlgorithm._process();
+	         *     var processedData = bufferedBlockAlgorithm._process(!!'flush');
+	         */
+	        _process: function (doFlush) {
+	            var processedWords;
+
+	            // Shortcuts
+	            var data = this._data;
+	            var dataWords = data.words;
+	            var dataSigBytes = data.sigBytes;
+	            var blockSize = this.blockSize;
+	            var blockSizeBytes = blockSize * 4;
+
+	            // Count blocks ready
+	            var nBlocksReady = dataSigBytes / blockSizeBytes;
+	            if (doFlush) {
+	                // Round up to include partial blocks
+	                nBlocksReady = Math.ceil(nBlocksReady);
+	            } else {
+	                // Round down to include only full blocks,
+	                // less the number of blocks that must remain in the buffer
+	                nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);
+	            }
+
+	            // Count words ready
+	            var nWordsReady = nBlocksReady * blockSize;
+
+	            // Count bytes ready
+	            var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);
+
+	            // Process blocks
+	            if (nWordsReady) {
+	                for (var offset = 0; offset < nWordsReady; offset += blockSize) {
+	                    // Perform concrete-algorithm logic
+	                    this._doProcessBlock(dataWords, offset);
+	                }
+
+	                // Remove processed words
+	                processedWords = dataWords.splice(0, nWordsReady);
+	                data.sigBytes -= nBytesReady;
+	            }
+
+	            // Return processed words
+	            return new WordArray.init(processedWords, nBytesReady);
+	        },
+
+	        /**
+	         * Creates a copy of this object.
+	         *
+	         * @return {Object} The clone.
+	         *
+	         * @example
+	         *
+	         *     var clone = bufferedBlockAlgorithm.clone();
+	         */
+	        clone: function () {
+	            var clone = Base.clone.call(this);
+	            clone._data = this._data.clone();
+
+	            return clone;
+	        },
+
+	        _minBufferSize: 0
+	    });
+
+	    /**
+	     * Abstract hasher template.
+	     *
+	     * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)
+	     */
+	    var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({
+	        /**
+	         * Configuration options.
+	         */
+	        cfg: Base.extend(),
+
+	        /**
+	         * Initializes a newly created hasher.
+	         *
+	         * @param {Object} cfg (Optional) The configuration options to use for this hash computation.
+	         *
+	         * @example
+	         *
+	         *     var hasher = CryptoJS.algo.SHA256.create();
+	         */
+	        init: function (cfg) {
+	            // Apply config defaults
+	            this.cfg = this.cfg.extend(cfg);
+
+	            // Set initial values
+	            this.reset();
+	        },
+
+	        /**
+	         * Resets this hasher to its initial state.
+	         *
+	         * @example
+	         *
+	         *     hasher.reset();
+	         */
+	        reset: function () {
+	            // Reset data buffer
+	            BufferedBlockAlgorithm.reset.call(this);
+
+	            // Perform concrete-hasher logic
+	            this._doReset();
+	        },
+
+	        /**
+	         * Updates this hasher with a message.
+	         *
+	         * @param {WordArray|string} messageUpdate The message to append.
+	         *
+	         * @return {Hasher} This hasher.
+	         *
+	         * @example
+	         *
+	         *     hasher.update('message');
+	         *     hasher.update(wordArray);
+	         */
+	        update: function (messageUpdate) {
+	            // Append
+	            this._append(messageUpdate);
+
+	            // Update the hash
+	            this._process();
+
+	            // Chainable
+	            return this;
+	        },
+
+	        /**
+	         * Finalizes the hash computation.
+	         * Note that the finalize operation is effectively a destructive, read-once operation.
+	         *
+	         * @param {WordArray|string} messageUpdate (Optional) A final message update.
+	         *
+	         * @return {WordArray} The hash.
+	         *
+	         * @example
+	         *
+	         *     var hash = hasher.finalize();
+	         *     var hash = hasher.finalize('message');
+	         *     var hash = hasher.finalize(wordArray);
+	         */
+	        finalize: function (messageUpdate) {
+	            // Final message update
+	            if (messageUpdate) {
+	                this._append(messageUpdate);
+	            }
+
+	            // Perform concrete-hasher logic
+	            var hash = this._doFinalize();
+
+	            return hash;
+	        },
+
+	        blockSize: 512/32,
+
+	        /**
+	         * Creates a shortcut function to a hasher's object interface.
+	         *
+	         * @param {Hasher} hasher The hasher to create a helper for.
+	         *
+	         * @return {Function} The shortcut function.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);
+	         */
+	        _createHelper: function (hasher) {
+	            return function (message, cfg) {
+	                return new hasher.init(cfg).finalize(message);
+	            };
+	        },
+
+	        /**
+	         * Creates a shortcut function to the HMAC's object interface.
+	         *
+	         * @param {Hasher} hasher The hasher to use in this HMAC helper.
+	         *
+	         * @return {Function} The shortcut function.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);
+	         */
+	        _createHmacHelper: function (hasher) {
+	            return function (message, key) {
+	                return new C_algo.HMAC.init(hasher, key).finalize(message);
+	            };
+	        }
+	    });
+
+	    /**
+	     * Algorithm namespace.
+	     */
+	    var C_algo = C.algo = {};
+
+	    return C;
+	}(Math));
+
+
+	return CryptoJS;
+
+}));

src/vendor/crypto-js-4.0.0/enc-base64.js

@@ -0,0 +1,136 @@
+;(function (root, factory) {
+	if (typeof exports === "object") {
+		// CommonJS
+		module.exports = exports = factory(require("./core"));
+	}
+	else if (typeof define === "function" && define.amd) {
+		// AMD
+		define(["./core"], factory);
+	}
+	else {
+		// Global (browser)
+		factory(root.CryptoJS);
+	}
+}(this, function (CryptoJS) {
+
+	(function () {
+	    // Shortcuts
+	    var C = CryptoJS;
+	    var C_lib = C.lib;
+	    var WordArray = C_lib.WordArray;
+	    var C_enc = C.enc;
+
+	    /**
+	     * Base64 encoding strategy.
+	     */
+	    var Base64 = C_enc.Base64 = {
+	        /**
+	         * Converts a word array to a Base64 string.
+	         *
+	         * @param {WordArray} wordArray The word array.
+	         *
+	         * @return {string} The Base64 string.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var base64String = CryptoJS.enc.Base64.stringify(wordArray);
+	         */
+	        stringify: function (wordArray) {
+	            // Shortcuts
+	            var words = wordArray.words;
+	            var sigBytes = wordArray.sigBytes;
+	            var map = this._map;
+
+	            // Clamp excess bits
+	            wordArray.clamp();
+
+	            // Convert
+	            var base64Chars = [];
+	            for (var i = 0; i < sigBytes; i += 3) {
+	                var byte1 = (words[i >>> 2]       >>> (24 - (i % 4) * 8))       & 0xff;
+	                var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;
+	                var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;
+
+	                var triplet = (byte1 << 16) | (byte2 << 8) | byte3;
+
+	                for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {
+	                    base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));
+	                }
+	            }
+
+	            // Add padding
+	            var paddingChar = map.charAt(64);
+	            if (paddingChar) {
+	                while (base64Chars.length % 4) {
+	                    base64Chars.push(paddingChar);
+	                }
+	            }
+
+	            return base64Chars.join('');
+	        },
+
+	        /**
+	         * Converts a Base64 string to a word array.
+	         *
+	         * @param {string} base64Str The Base64 string.
+	         *
+	         * @return {WordArray} The word array.
+	         *
+	         * @static
+	         *
+	         * @example
+	         *
+	         *     var wordArray = CryptoJS.enc.Base64.parse(base64String);
+	         */
+	        parse: function (base64Str) {
+	            // Shortcuts
+	            var base64StrLength = base64Str.length;
+	            var map = this._map;
+	            var reverseMap = this._reverseMap;
+
+	            if (!reverseMap) {
+	                    reverseMap = this._reverseMap = [];
+	                    for (var j = 0; j < map.length; j++) {
+	                        reverseMap[map.charCodeAt(j)] = j;
+	                    }
+	            }
+
+	            // Ignore padding
+	            var paddingChar = map.charAt(64);
+	            if (paddingChar) {
+	                var paddingIndex = base64Str.indexOf(paddingChar);
+	                if (paddingIndex !== -1) {
+	                    base64StrLength = paddingIndex;
+	                }
+	            }
+
+	            // Convert
+	            return parseLoop(base64Str, base64StrLength, reverseMap);
+
+	        },
+
+	        _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
+	    };
+
+	    function parseLoop(base64Str, base64StrLength, reverseMap) {
+	      var words = [];
+	      var nBytes = 0;
+	      for (var i = 0; i < base64StrLength; i++) {
+	          if (i % 4) {
+	              var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2);
+	              var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2);
+	              var bitsCombined = bits1 | bits2;
+	              words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8);
+	              nBytes++;
+	          }
+	      }
+	      return WordArray.create(words, nBytes);
+	    }
+	}());
+
+
+	return CryptoJS.enc.Base64;
+
+}));

src/vendor/crypto-js-4.0.0/enc-utf8.js

@@ -0,0 +1,18 @@
+;(function (root, factory) {
+	if (typeof exports === "object") {
+		// CommonJS
+		module.exports = exports = factory(require("./core"));
+	}
+	else if (typeof define === "function" && define.amd) {
+		// AMD
+		define(["./core"], factory);
+	}
+	else {
+		// Global (browser)
+		factory(root.CryptoJS);
+	}
+}(this, function (CryptoJS) {
+
+	return CryptoJS.enc.Utf8;
+
+}));

src/vendor/crypto-js-4.0.0/mode-ecb.js

@@ -0,0 +1,40 @@
+;(function (root, factory, undef) {
+	if (typeof exports === "object") {
+		// CommonJS
+		module.exports = exports = factory(require("./core"), require("./cipher-core"));
+	}
+	else if (typeof define === "function" && define.amd) {
+		// AMD
+		define(["./core", "./cipher-core"], factory);
+	}
+	else {
+		// Global (browser)
+		factory(root.CryptoJS);
+	}
+}(this, function (CryptoJS) {
+
+	/**
+	 * Electronic Codebook block mode.
+	 */
+	CryptoJS.mode.ECB = (function () {
+	    var ECB = CryptoJS.lib.BlockCipherMode.extend();
+
+	    ECB.Encryptor = ECB.extend({
+	        processBlock: function (words, offset) {
+	            this._cipher.encryptBlock(words, offset);
+	        }
+	    });
+
+	    ECB.Decryptor = ECB.extend({
+	        processBlock: function (words, offset) {
+	            this._cipher.decryptBlock(words, offset);
+	        }
+	    });
+
+	    return ECB;
+	}());
+
+
+	return CryptoJS.mode.ECB;
+
+}));

src/vendor/crypto-js-4.0.0/tripledes.js

@@ -0,0 +1,779 @@
+;(function (root, factory, undef) {
+	if (typeof exports === "object") {
+		// CommonJS
+		module.exports = exports = factory(require("./core"), require("./enc-base64"), require("./md5"), require("./evpkdf"), require("./cipher-core"));
+	}
+	else if (typeof define === "function" && define.amd) {
+		// AMD
+		define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
+	}
+	else {
+		// Global (browser)
+		factory(root.CryptoJS);
+	}
+}(this, function (CryptoJS) {
+
+	(function () {
+	    // Shortcuts
+	    var C = CryptoJS;
+	    var C_lib = C.lib;
+	    var WordArray = C_lib.WordArray;
+	    var BlockCipher = C_lib.BlockCipher;
+	    var C_algo = C.algo;
+
+	    // Permuted Choice 1 constants
+	    var PC1 = [
+	        57, 49, 41, 33, 25, 17, 9,  1,
+	        58, 50, 42, 34, 26, 18, 10, 2,
+	        59, 51, 43, 35, 27, 19, 11, 3,
+	        60, 52, 44, 36, 63, 55, 47, 39,
+	        31, 23, 15, 7,  62, 54, 46, 38,
+	        30, 22, 14, 6,  61, 53, 45, 37,
+	        29, 21, 13, 5,  28, 20, 12, 4
+	    ];
+
+	    // Permuted Choice 2 constants
+	    var PC2 = [
+	        14, 17, 11, 24, 1,  5,
+	        3,  28, 15, 6,  21, 10,
+	        23, 19, 12, 4,  26, 8,
+	        16, 7,  27, 20, 13, 2,
+	        41, 52, 31, 37, 47, 55,
+	        30, 40, 51, 45, 33, 48,
+	        44, 49, 39, 56, 34, 53,
+	        46, 42, 50, 36, 29, 32
+	    ];
+
+	    // Cumulative bit shift constants
+	    var BIT_SHIFTS = [1,  2,  4,  6,  8,  10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28];
+
+	    // SBOXes and round permutation constants
+	    var SBOX_P = [
+	        {
+	            0x0: 0x808200,
+	            0x10000000: 0x8000,
+	            0x20000000: 0x808002,
+	            0x30000000: 0x2,
+	            0x40000000: 0x200,
+	            0x50000000: 0x808202,
+	            0x60000000: 0x800202,
+	            0x70000000: 0x800000,
+	            0x80000000: 0x202,
+	            0x90000000: 0x800200,
+	            0xa0000000: 0x8200,
+	            0xb0000000: 0x808000,
+	            0xc0000000: 0x8002,
+	            0xd0000000: 0x800002,
+	            0xe0000000: 0x0,
+	            0xf0000000: 0x8202,
+	            0x8000000: 0x0,
+	            0x18000000: 0x808202,
+	            0x28000000: 0x8202,
+	            0x38000000: 0x8000,
+	            0x48000000: 0x808200,
+	            0x58000000: 0x200,
+	            0x68000000: 0x808002,
+	            0x78000000: 0x2,
+	            0x88000000: 0x800200,
+	            0x98000000: 0x8200,
+	            0xa8000000: 0x808000,
+	            0xb8000000: 0x800202,
+	            0xc8000000: 0x800002,
+	            0xd8000000: 0x8002,
+	            0xe8000000: 0x202,
+	            0xf8000000: 0x800000,
+	            0x1: 0x8000,
+	            0x10000001: 0x2,
+	            0x20000001: 0x808200,
+	            0x30000001: 0x800000,
+	            0x40000001: 0x808002,
+	            0x50000001: 0x8200,
+	            0x60000001: 0x200,
+	            0x70000001: 0x800202,
+	            0x80000001: 0x808202,
+	            0x90000001: 0x808000,
+	            0xa0000001: 0x800002,
+	            0xb0000001: 0x8202,
+	            0xc0000001: 0x202,
+	            0xd0000001: 0x800200,
+	            0xe0000001: 0x8002,
+	            0xf0000001: 0x0,
+	            0x8000001: 0x808202,
+	            0x18000001: 0x808000,
+	            0x28000001: 0x800000,
+	            0x38000001: 0x200,
+	            0x48000001: 0x8000,
+	            0x58000001: 0x800002,
+	            0x68000001: 0x2,
+	            0x78000001: 0x8202,
+	            0x88000001: 0x8002,
+	            0x98000001: 0x800202,
+	            0xa8000001: 0x202,
+	            0xb8000001: 0x808200,
+	            0xc8000001: 0x800200,
+	            0xd8000001: 0x0,
+	            0xe8000001: 0x8200,
+	            0xf8000001: 0x808002
+	        },
+	        {
+	            0x0: 0x40084010,
+	            0x1000000: 0x4000,
+	            0x2000000: 0x80000,
+	            0x3000000: 0x40080010,
+	            0x4000000: 0x40000010,
+	            0x5000000: 0x40084000,
+	            0x6000000: 0x40004000,
+	            0x7000000: 0x10,
+	            0x8000000: 0x84000,
+	            0x9000000: 0x40004010,
+	            0xa000000: 0x40000000,
+	            0xb000000: 0x84010,
+	            0xc000000: 0x80010,
+	            0xd000000: 0x0,
+	            0xe000000: 0x4010,
+	            0xf000000: 0x40080000,
+	            0x800000: 0x40004000,
+	            0x1800000: 0x84010,
+	            0x2800000: 0x10,
+	            0x3800000: 0x40004010,
+	            0x4800000: 0x40084010,
+	            0x5800000: 0x40000000,
+	            0x6800000: 0x80000,
+	            0x7800000: 0x40080010,
+	            0x8800000: 0x80010,
+	            0x9800000: 0x0,
+	            0xa800000: 0x4000,
+	            0xb800000: 0x40080000,
+	            0xc800000: 0x40000010,
+	            0xd800000: 0x84000,
+	            0xe800000: 0x40084000,
+	            0xf800000: 0x4010,
+	            0x10000000: 0x0,
+	            0x11000000: 0x40080010,
+	            0x12000000: 0x40004010,
+	            0x13000000: 0x40084000,
+	            0x14000000: 0x40080000,
+	            0x15000000: 0x10,
+	            0x16000000: 0x84010,
+	            0x17000000: 0x4000,
+	            0x18000000: 0x4010,
+	            0x19000000: 0x80000,
+	            0x1a000000: 0x80010,
+	            0x1b000000: 0x40000010,
+	            0x1c000000: 0x84000,
+	            0x1d000000: 0x40004000,
+	            0x1e000000: 0x40000000,
+	            0x1f000000: 0x40084010,
+	            0x10800000: 0x84010,
+	            0x11800000: 0x80000,
+	            0x12800000: 0x40080000,
+	            0x13800000: 0x4000,
+	            0x14800000: 0x40004000,
+	            0x15800000: 0x40084010,
+	            0x16800000: 0x10,
+	            0x17800000: 0x40000000,
+	            0x18800000: 0x40084000,
+	            0x19800000: 0x40000010,
+	            0x1a800000: 0x40004010,
+	            0x1b800000: 0x80010,
+	            0x1c800000: 0x0,
+	            0x1d800000: 0x4010,
+	            0x1e800000: 0x40080010,
+	            0x1f800000: 0x84000
+	        },
+	        {
+	            0x0: 0x104,
+	            0x100000: 0x0,
+	            0x200000: 0x4000100,
+	            0x300000: 0x10104,
+	            0x400000: 0x10004,
+	            0x500000: 0x4000004,
+	            0x600000: 0x4010104,
+	            0x700000: 0x4010000,
+	            0x800000: 0x4000000,
+	            0x900000: 0x4010100,
+	            0xa00000: 0x10100,
+	            0xb00000: 0x4010004,
+	            0xc00000: 0x4000104,
+	            0xd00000: 0x10000,
+	            0xe00000: 0x4,
+	            0xf00000: 0x100,
+	            0x80000: 0x4010100,
+	            0x180000: 0x4010004,
+	            0x280000: 0x0,
+	            0x380000: 0x4000100,
+	            0x480000: 0x4000004,
+	            0x580000: 0x10000,
+	            0x680000: 0x10004,
+	            0x780000: 0x104,
+	            0x880000: 0x4,
+	            0x980000: 0x100,
+	            0xa80000: 0x4010000,
+	            0xb80000: 0x10104,
+	            0xc80000: 0x10100,
+	            0xd80000: 0x4000104,
+	            0xe80000: 0x4010104,
+	            0xf80000: 0x4000000,
+	            0x1000000: 0x4010100,
+	            0x1100000: 0x10004,
+	            0x1200000: 0x10000,
+	            0x1300000: 0x4000100,
+	            0x1400000: 0x100,
+	            0x1500000: 0x4010104,
+	            0x1600000: 0x4000004,
+	            0x1700000: 0x0,
+	            0x1800000: 0x4000104,
+	            0x1900000: 0x4000000,
+	            0x1a00000: 0x4,
+	            0x1b00000: 0x10100,
+	            0x1c00000: 0x4010000,
+	            0x1d00000: 0x104,
+	            0x1e00000: 0x10104,
+	            0x1f00000: 0x4010004,
+	            0x1080000: 0x4000000,
+	            0x1180000: 0x104,
+	            0x1280000: 0x4010100,
+	            0x1380000: 0x0,
+	            0x1480000: 0x10004,
+	            0x1580000: 0x4000100,
+	            0x1680000: 0x100,
+	            0x1780000: 0x4010004,
+	            0x1880000: 0x10000,
+	            0x1980000: 0x4010104,
+	            0x1a80000: 0x10104,
+	            0x1b80000: 0x4000004,
+	            0x1c80000: 0x4000104,
+	            0x1d80000: 0x4010000,
+	            0x1e80000: 0x4,
+	            0x1f80000: 0x10100
+	        },
+	        {
+	            0x0: 0x80401000,
+	            0x10000: 0x80001040,
+	            0x20000: 0x401040,
+	            0x30000: 0x80400000,
+	            0x40000: 0x0,
+	            0x50000: 0x401000,
+	            0x60000: 0x80000040,
+	            0x70000: 0x400040,
+	            0x80000: 0x80000000,
+	            0x90000: 0x400000,
+	            0xa0000: 0x40,
+	            0xb0000: 0x80001000,
+	            0xc0000: 0x80400040,
+	            0xd0000: 0x1040,
+	            0xe0000: 0x1000,
+	            0xf0000: 0x80401040,
+	            0x8000: 0x80001040,
+	            0x18000: 0x40,
+	            0x28000: 0x80400040,
+	            0x38000: 0x80001000,
+	            0x48000: 0x401000,
+	            0x58000: 0x80401040,
+	            0x68000: 0x0,
+	            0x78000: 0x80400000,
+	            0x88000: 0x1000,
+	            0x98000: 0x80401000,
+	            0xa8000: 0x400000,
+	            0xb8000: 0x1040,
+	            0xc8000: 0x80000000,
+	            0xd8000: 0x400040,
+	            0xe8000: 0x401040,
+	            0xf8000: 0x80000040,
+	            0x100000: 0x400040,
+	            0x110000: 0x401000,
+	            0x120000: 0x80000040,
+	            0x130000: 0x0,
+	            0x140000: 0x1040,
+	            0x150000: 0x80400040,
+	            0x160000: 0x80401000,
+	            0x170000: 0x80001040,
+	            0x180000: 0x80401040,
+	            0x190000: 0x80000000,
+	            0x1a0000: 0x80400000,
+	            0x1b0000: 0x401040,
+	            0x1c0000: 0x80001000,
+	            0x1d0000: 0x400000,
+	            0x1e0000: 0x40,
+	            0x1f0000: 0x1000,
+	            0x108000: 0x80400000,
+	            0x118000: 0x80401040,
+	            0x128000: 0x0,
+	            0x138000: 0x401000,
+	            0x148000: 0x400040,
+	            0x158000: 0x80000000,
+	            0x168000: 0x80001040,
+	            0x178000: 0x40,
+	            0x188000: 0x80000040,
+	            0x198000: 0x1000,
+	            0x1a8000: 0x80001000,
+	            0x1b8000: 0x80400040,
+	            0x1c8000: 0x1040,
+	            0x1d8000: 0x80401000,
+	            0x1e8000: 0x400000,
+	            0x1f8000: 0x401040
+	        },
+	        {
+	            0x0: 0x80,
+	            0x1000: 0x1040000,
+	            0x2000: 0x40000,
+	            0x3000: 0x20000000,
+	            0x4000: 0x20040080,
+	            0x5000: 0x1000080,
+	            0x6000: 0x21000080,
+	            0x7000: 0x40080,
+	            0x8000: 0x1000000,
+	            0x9000: 0x20040000,
+	            0xa000: 0x20000080,
+	            0xb000: 0x21040080,
+	            0xc000: 0x21040000,
+	            0xd000: 0x0,
+	            0xe000: 0x1040080,
+	            0xf000: 0x21000000,
+	            0x800: 0x1040080,
+	            0x1800: 0x21000080,
+	            0x2800: 0x80,
+	            0x3800: 0x1040000,
+	            0x4800: 0x40000,
+	            0x5800: 0x20040080,
+	            0x6800: 0x21040000,
+	            0x7800: 0x20000000,
+	            0x8800: 0x20040000,
+	            0x9800: 0x0,
+	            0xa800: 0x21040080,
+	            0xb800: 0x1000080,
+	            0xc800: 0x20000080,
+	            0xd800: 0x21000000,
+	            0xe800: 0x1000000,
+	            0xf800: 0x40080,
+	            0x10000: 0x40000,
+	            0x11000: 0x80,
+	            0x12000: 0x20000000,
+	            0x13000: 0x21000080,
+	            0x14000: 0x1000080,
+	            0x15000: 0x21040000,
+	            0x16000: 0x20040080,
+	            0x17000: 0x1000000,
+	            0x18000: 0x21040080,
+	            0x19000: 0x21000000,
+	            0x1a000: 0x1040000,
+	            0x1b000: 0x20040000,
+	            0x1c000: 0x40080,
+	            0x1d000: 0x20000080,
+	            0x1e000: 0x0,
+	            0x1f000: 0x1040080,
+	            0x10800: 0x21000080,
+	            0x11800: 0x1000000,
+	            0x12800: 0x1040000,
+	            0x13800: 0x20040080,
+	            0x14800: 0x20000000,
+	            0x15800: 0x1040080,
+	            0x16800: 0x80,
+	            0x17800: 0x21040000,
+	            0x18800: 0x40080,
+	            0x19800: 0x21040080,
+	            0x1a800: 0x0,
+	            0x1b800: 0x21000000,
+	            0x1c800: 0x1000080,
+	            0x1d800: 0x40000,
+	            0x1e800: 0x20040000,
+	            0x1f800: 0x20000080
+	        },
+	        {
+	            0x0: 0x10000008,
+	            0x100: 0x2000,
+	            0x200: 0x10200000,
+	            0x300: 0x10202008,
+	            0x400: 0x10002000,
+	            0x500: 0x200000,
+	            0x600: 0x200008,
+	            0x700: 0x10000000,
+	            0x800: 0x0,
+	            0x900: 0x10002008,
+	            0xa00: 0x202000,
+	            0xb00: 0x8,
+	            0xc00: 0x10200008,
+	            0xd00: 0x202008,
+	            0xe00: 0x2008,
+	            0xf00: 0x10202000,
+	            0x80: 0x10200000,
+	            0x180: 0x10202008,
+	            0x280: 0x8,
+	            0x380: 0x200000,
+	            0x480: 0x202008,
+	            0x580: 0x10000008,
+	            0x680: 0x10002000,
+	            0x780: 0x2008,
+	            0x880: 0x200008,
+	            0x980: 0x2000,
+	            0xa80: 0x10002008,
+	            0xb80: 0x10200008,
+	            0xc80: 0x0,
+	            0xd80: 0x10202000,
+	            0xe80: 0x202000,
+	            0xf80: 0x10000000,
+	            0x1000: 0x10002000,
+	            0x1100: 0x10200008,
+	            0x1200: 0x10202008,
+	            0x1300: 0x2008,
+	            0x1400: 0x200000,
+	            0x1500: 0x10000000,
+	            0x1600: 0x10000008,
+	            0x1700: 0x202000,
+	            0x1800: 0x202008,
+	            0x1900: 0x0,
+	            0x1a00: 0x8,
+	            0x1b00: 0x10200000,
+	            0x1c00: 0x2000,
+	            0x1d00: 0x10002008,
+	            0x1e00: 0x10202000,
+	            0x1f00: 0x200008,
+	            0x1080: 0x8,
+	            0x1180: 0x202000,
+	            0x1280: 0x200000,
+	            0x1380: 0x10000008,
+	            0x1480: 0x10002000,
+	            0x1580: 0x2008,
+	            0x1680: 0x10202008,
+	            0x1780: 0x10200000,
+	            0x1880: 0x10202000,
+	            0x1980: 0x10200008,
+	            0x1a80: 0x2000,
+	            0x1b80: 0x202008,
+	            0x1c80: 0x200008,
+	            0x1d80: 0x0,
+	            0x1e80: 0x10000000,
+	            0x1f80: 0x10002008
+	        },
+	        {
+	            0x0: 0x100000,
+	            0x10: 0x2000401,
+	            0x20: 0x400,
+	            0x30: 0x100401,
+	            0x40: 0x2100401,
+	            0x50: 0x0,
+	            0x60: 0x1,
+	            0x70: 0x2100001,
+	            0x80: 0x2000400,
+	            0x90: 0x100001,
+	            0xa0: 0x2000001,
+	            0xb0: 0x2100400,
+	            0xc0: 0x2100000,
+	            0xd0: 0x401,
+	            0xe0: 0x100400,
+	            0xf0: 0x2000000,
+	            0x8: 0x2100001,
+	            0x18: 0x0,
+	            0x28: 0x2000401,
+	            0x38: 0x2100400,
+	            0x48: 0x100000,
+	            0x58: 0x2000001,
+	            0x68: 0x2000000,
+	            0x78: 0x401,
+	            0x88: 0x100401,
+	            0x98: 0x2000400,
+	            0xa8: 0x2100000,
+	            0xb8: 0x100001,
+	            0xc8: 0x400,
+	            0xd8: 0x2100401,
+	            0xe8: 0x1,
+	            0xf8: 0x100400,
+	            0x100: 0x2000000,
+	            0x110: 0x100000,
+	            0x120: 0x2000401,
+	            0x130: 0x2100001,
+	            0x140: 0x100001,
+	            0x150: 0x2000400,
+	            0x160: 0x2100400,
+	            0x170: 0x100401,
+	            0x180: 0x401,
+	            0x190: 0x2100401,
+	            0x1a0: 0x100400,
+	            0x1b0: 0x1,
+	            0x1c0: 0x0,
+	            0x1d0: 0x2100000,
+	            0x1e0: 0x2000001,
+	            0x1f0: 0x400,
+	            0x108: 0x100400,
+	            0x118: 0x2000401,
+	            0x128: 0x2100001,
+	            0x138: 0x1,
+	            0x148: 0x2000000,
+	            0x158: 0x100000,
+	            0x168: 0x401,
+	            0x178: 0x2100400,
+	            0x188: 0x2000001,
+	            0x198: 0x2100000,
+	            0x1a8: 0x0,
+	            0x1b8: 0x2100401,
+	            0x1c8: 0x100401,
+	            0x1d8: 0x400,
+	            0x1e8: 0x2000400,
+	            0x1f8: 0x100001
+	        },
+	        {
+	            0x0: 0x8000820,
+	            0x1: 0x20000,
+	            0x2: 0x8000000,
+	            0x3: 0x20,
+	            0x4: 0x20020,
+	            0x5: 0x8020820,
+	            0x6: 0x8020800,
+	            0x7: 0x800,
+	            0x8: 0x8020000,
+	            0x9: 0x8000800,
+	            0xa: 0x20800,
+	            0xb: 0x8020020,
+	            0xc: 0x820,
+	            0xd: 0x0,
+	            0xe: 0x8000020,
+	            0xf: 0x20820,
+	            0x80000000: 0x800,
+	            0x80000001: 0x8020820,
+	            0x80000002: 0x8000820,
+	            0x80000003: 0x8000000,
+	            0x80000004: 0x8020000,
+	            0x80000005: 0x20800,
+	            0x80000006: 0x20820,
+	            0x80000007: 0x20,
+	            0x80000008: 0x8000020,
+	            0x80000009: 0x820,
+	            0x8000000a: 0x20020,
+	            0x8000000b: 0x8020800,
+	            0x8000000c: 0x0,
+	            0x8000000d: 0x8020020,
+	            0x8000000e: 0x8000800,
+	            0x8000000f: 0x20000,
+	            0x10: 0x20820,
+	            0x11: 0x8020800,
+	            0x12: 0x20,
+	            0x13: 0x800,
+	            0x14: 0x8000800,
+	            0x15: 0x8000020,
+	            0x16: 0x8020020,
+	            0x17: 0x20000,
+	            0x18: 0x0,
+	            0x19: 0x20020,
+	            0x1a: 0x8020000,
+	            0x1b: 0x8000820,
+	            0x1c: 0x8020820,
+	            0x1d: 0x20800,
+	            0x1e: 0x820,
+	            0x1f: 0x8000000,
+	            0x80000010: 0x20000,
+	            0x80000011: 0x800,
+	            0x80000012: 0x8020020,
+	            0x80000013: 0x20820,
+	            0x80000014: 0x20,
+	            0x80000015: 0x8020000,
+	            0x80000016: 0x8000000,
+	            0x80000017: 0x8000820,
+	            0x80000018: 0x8020820,
+	            0x80000019: 0x8000020,
+	            0x8000001a: 0x8000800,
+	            0x8000001b: 0x0,
+	            0x8000001c: 0x20800,
+	            0x8000001d: 0x820,
+	            0x8000001e: 0x20020,
+	            0x8000001f: 0x8020800
+	        }
+	    ];
+
+	    // Masks that select the SBOX input
+	    var SBOX_MASK = [
+	        0xf8000001, 0x1f800000, 0x01f80000, 0x001f8000,
+	        0x0001f800, 0x00001f80, 0x000001f8, 0x8000001f
+	    ];
+
+	    /**
+	     * DES block cipher algorithm.
+	     */
+	    var DES = C_algo.DES = BlockCipher.extend({
+	        _doReset: function () {
+	            // Shortcuts
+	            var key = this._key;
+	            var keyWords = key.words;
+
+	            // Select 56 bits according to PC1
+	            var keyBits = [];
+	            for (var i = 0; i < 56; i++) {
+	                var keyBitPos = PC1[i] - 1;
+	                keyBits[i] = (keyWords[keyBitPos >>> 5] >>> (31 - keyBitPos % 32)) & 1;
+	            }
+
+	            // Assemble 16 subkeys
+	            var subKeys = this._subKeys = [];
+	            for (var nSubKey = 0; nSubKey < 16; nSubKey++) {
+	                // Create subkey
+	                var subKey = subKeys[nSubKey] = [];
+
+	                // Shortcut
+	                var bitShift = BIT_SHIFTS[nSubKey];
+
+	                // Select 48 bits according to PC2
+	                for (var i = 0; i < 24; i++) {
+	                    // Select from the left 28 key bits
+	                    subKey[(i / 6) | 0] |= keyBits[((PC2[i] - 1) + bitShift) % 28] << (31 - i % 6);
+
+	                    // Select from the right 28 key bits
+	                    subKey[4 + ((i / 6) | 0)] |= keyBits[28 + (((PC2[i + 24] - 1) + bitShift) % 28)] << (31 - i % 6);
+	                }
+
+	                // Since each subkey is applied to an expanded 32-bit input,
+	                // the subkey can be broken into 8 values scaled to 32-bits,
+	                // which allows the key to be used without expansion
+	                subKey[0] = (subKey[0] << 1) | (subKey[0] >>> 31);
+	                for (var i = 1; i < 7; i++) {
+	                    subKey[i] = subKey[i] >>> ((i - 1) * 4 + 3);
+	                }
+	                subKey[7] = (subKey[7] << 5) | (subKey[7] >>> 27);
+	            }
+
+	            // Compute inverse subkeys
+	            var invSubKeys = this._invSubKeys = [];
+	            for (var i = 0; i < 16; i++) {
+	                invSubKeys[i] = subKeys[15 - i];
+	            }
+	        },
+
+	        encryptBlock: function (M, offset) {
+	            this._doCryptBlock(M, offset, this._subKeys);
+	        },
+
+	        decryptBlock: function (M, offset) {
+	            this._doCryptBlock(M, offset, this._invSubKeys);
+	        },
+
+	        _doCryptBlock: function (M, offset, subKeys) {
+	            // Get input
+	            this._lBlock = M[offset];
+	            this._rBlock = M[offset + 1];
+
+	            // Initial permutation
+	            exchangeLR.call(this, 4,  0x0f0f0f0f);
+	            exchangeLR.call(this, 16, 0x0000ffff);
+	            exchangeRL.call(this, 2,  0x33333333);
+	            exchangeRL.call(this, 8,  0x00ff00ff);
+	            exchangeLR.call(this, 1,  0x55555555);
+
+	            // Rounds
+	            for (var round = 0; round < 16; round++) {
+	                // Shortcuts
+	                var subKey = subKeys[round];
+	                var lBlock = this._lBlock;
+	                var rBlock = this._rBlock;
+
+	                // Feistel function
+	                var f = 0;
+	                for (var i = 0; i < 8; i++) {
+	                    f |= SBOX_P[i][((rBlock ^ subKey[i]) & SBOX_MASK[i]) >>> 0];
+	                }
+	                this._lBlock = rBlock;
+	                this._rBlock = lBlock ^ f;
+	            }
+
+	            // Undo swap from last round
+	            var t = this._lBlock;
+	            this._lBlock = this._rBlock;
+	            this._rBlock = t;
+
+	            // Final permutation
+	            exchangeLR.call(this, 1,  0x55555555);
+	            exchangeRL.call(this, 8,  0x00ff00ff);
+	            exchangeRL.call(this, 2,  0x33333333);
+	            exchangeLR.call(this, 16, 0x0000ffff);
+	            exchangeLR.call(this, 4,  0x0f0f0f0f);
+
+	            // Set output
+	            M[offset] = this._lBlock;
+	            M[offset + 1] = this._rBlock;
+	        },
+
+	        keySize: 64/32,
+
+	        ivSize: 64/32,
+
+	        blockSize: 64/32
+	    });
+
+	    // Swap bits across the left and right words
+	    function exchangeLR(offset, mask) {
+	        var t = ((this._lBlock >>> offset) ^ this._rBlock) & mask;
+	        this._rBlock ^= t;
+	        this._lBlock ^= t << offset;
+	    }
+
+	    function exchangeRL(offset, mask) {
+	        var t = ((this._rBlock >>> offset) ^ this._lBlock) & mask;
+	        this._lBlock ^= t;
+	        this._rBlock ^= t << offset;
+	    }
+
+	    /**
+	     * Shortcut functions to the cipher's object interface.
+	     *
+	     * @example
+	     *
+	     *     var ciphertext = CryptoJS.DES.encrypt(message, key, cfg);
+	     *     var plaintext  = CryptoJS.DES.decrypt(ciphertext, key, cfg);
+	     */
+	    C.DES = BlockCipher._createHelper(DES);
+
+	    /**
+	     * Triple-DES block cipher algorithm.
+	     */
+	    var TripleDES = C_algo.TripleDES = BlockCipher.extend({
+	        _doReset: function () {
+	            // Shortcuts
+	            var key = this._key;
+	            var keyWords = key.words;
+	            // Make sure the key length is valid (64, 128 or >= 192 bit)
+	            if (keyWords.length !== 2 && keyWords.length !== 4 && keyWords.length < 6) {
+	                throw new Error('Invalid key length - 3DES requires the key length to be 64, 128, 192 or >192.');
+	            }
+
+	            // Extend the key according to the keying options defined in 3DES standard
+	            var key1 = keyWords.slice(0, 2);
+	            var key2 = keyWords.length < 4 ? keyWords.slice(0, 2) : keyWords.slice(2, 4);
+	            var key3 = keyWords.length < 6 ? keyWords.slice(0, 2) : keyWords.slice(4, 6);
+
+	            // Create DES instances
+	            this._des1 = DES.createEncryptor(WordArray.create(key1));
+	            this._des2 = DES.createEncryptor(WordArray.create(key2));
+	            this._des3 = DES.createEncryptor(WordArray.create(key3));
+	        },
+
+	        encryptBlock: function (M, offset) {
+	            this._des1.encryptBlock(M, offset);
+	            this._des2.decryptBlock(M, offset);
+	            this._des3.encryptBlock(M, offset);
+	        },
+
+	        decryptBlock: function (M, offset) {
+	            this._des3.decryptBlock(M, offset);
+	            this._des2.encryptBlock(M, offset);
+	            this._des1.decryptBlock(M, offset);
+	        },
+
+	        keySize: 192/32,
+
+	        ivSize: 64/32,
+
+	        blockSize: 64/32
+	    });
+
+	    /**
+	     * Shortcut functions to the cipher's object interface.
+	     *
+	     * @example
+	     *
+	     *     var ciphertext = CryptoJS.TripleDES.encrypt(message, key, cfg);
+	     *     var plaintext  = CryptoJS.TripleDES.decrypt(ciphertext, key, cfg);
+	     */
+	    C.TripleDES = BlockCipher._createHelper(TripleDES);
+	}());
+
+
+	return CryptoJS.TripleDES;
+
+}));

src/vendor/js-security/sha1.js

@@ -208,14 +208,16 @@ function Base64() {
 		var i = 0;
 		input = _utf8_encode(input);
 		while (i < input.length) {
+            //将字符串特定位置的字符转换为编码，例如：H --> 72
 			chr1 = input.charCodeAt(i++);
 			chr2 = input.charCodeAt(i++);
-			chr3 = input.charCodeAt(i++);
+            chr3 = input.charCodeAt(i++);
+            //编码的二进制位数向右位移2位(>>)   (<< 向左位移)
 			enc1 = chr1 >> 2;
 			enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
 			enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
 			enc4 = chr3 & 63;
-			if (isNaN(chr2)) {
+			if (isNaN(chr2)) {//isNaN:如果不为数字
 				enc3 = enc4 = 64;
 			} else if (isNaN(chr3)) {
 				enc4 = 64;
@@ -241,7 +243,8 @@ function Base64() {
 			enc4 = _keyStr.indexOf(input.charAt(i++));
 			chr1 = (enc1 << 2) | (enc2 >> 4);
 			chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
-			chr3 = ((enc3 & 3) << 6) | enc4;
+            chr3 = ((enc3 & 3) << 6) | enc4;
+            //fromCharCode:将字符编码转换为字符  72 --> H
 			output = output + String.fromCharCode(chr1);
 			if (enc3 != 64) {
 				output = output + String.fromCharCode(chr2);
@@ -309,6 +312,7 @@ function Secret_Key(str,type) {
             for(var i=0; i<pwd.length; i++) {
             prand += pwd.charCodeAt(i).toString();
             }
+            //parseInt:转换为整数
             var sPos = Math.floor(prand.length / 5);
             var mult = parseInt(prand.charAt(sPos) + prand.charAt(sPos*2) + prand.charAt(sPos*3) + prand.charAt(sPos*4) + prand.charAt(sPos*5));
             var incr = Math.ceil(pwd.length / 2);
@@ -320,6 +324,7 @@ function Secret_Key(str,type) {
             var salt = Math.round(Math.random() * 1000000000) % 100000000;
             prand += salt;
             while(prand.length > 10) {
+            console.log(prand);
             prand = (parseInt(prand.substring(0, 10)) + parseInt(prand.substring(10, prand.length))).toString();
             }
             prand = (mult * prand + incr) % modu;

src/widgets/BaseMap/config.json

@@ -28,6 +28,36 @@
             "maxVisibleAltitude": 1000,
             "maxVisibleDistance": 1000
         },
+        "TF_PAPN_SYWASTE_B@sxgk_base": {
+            "brightness": 0.8,
+            "contrast": 1,
+            "hue": 0,
+            "saturation": 1,
+            "gamma": 1,
+            "bottomAltitude":3,
+            "visible":false,
+            "maxVisibleAltitude": 3000
+        },
+        "TF_PAPN_SYWATER1_3D@sxgk_base": {
+            "brightness": 0.8,
+            "contrast": 1,
+            "hue": 0,
+            "saturation": 1,
+            "gamma": 1,
+            "bottomAltitude":0,
+            "visible":false,
+            "maxVisibleAltitude": 3000
+        },
+        "TF_PAPN_SYWATER2_3D@sxgk_base": {
+            "brightness": 0.8,
+            "contrast": 1,
+            "hue": 0,
+            "saturation": 1,
+            "gamma": 1,
+            "bottomAltitude":0,
+            "visible":false,
+            "maxVisibleAltitude": 3000
+        },
         "TF_PAPN_BUILD@sxgk_base": {
             "brightness": 0.8,
             "contrast": 1,

src/widgets/BusinessObjectModeling/Widget.ts

@@ -62,6 +62,7 @@ class ObjectManagement extends BaseWidget {
             }.bind(this), function (e) {
                 und[0].innerHTML = '<a class="dropdown-item">查询组名失败</a>'
             }.bind(this));
+            
             Obj.submitObj.off("click").on("click", function (e) {
                 var name = $("#groupName").val();
                 var kind = $("#groupKind").val();
@@ -69,7 +70,7 @@ class ObjectManagement extends BaseWidget {
                     this.toast.show("类型名称或组名不能为空");
                     return;
                 }
-                this.sendAjax({
+                this.baseAjaxSend.sendAjax(this,{
                     "boGroup": kind,
                     "boType": name,
                 }, this.config["OjbModelIndex_fun"], "POST", function (e) {
@@ -311,6 +312,13 @@ class ObjectManagement extends BaseWidget {
             if (!this.table1) {
                 return;
             }
+            //组别搜索，后台不支持模糊
+            const searchVal = this.domObj.find("#" + this.searchObGroupValID).val().toString();
+            //XSS脚本检测
+            if(this.baseAjaxSend.isXSS(searchVal)){
+                this.toast.show('非法输入');
+                return;
+            }
             //重新请求后台数据
             this.table1.ajax.reload(null, false);
         })

src/widgets/CompanyManagement/Widget.ts

@@ -100,7 +100,7 @@ class CompanyManagement extends BaseWidget {
         this.domObj.find('.btn_delete').on("click", function (e) {
             this.getCheckItem();
             if (this.opeartionItme.length < 1) {
-                this.toast.show("请选择至少一位用户进行删除！");
+                this.toast.show("请选择至少一个单位进行删除！");
                 return;
             }
             $(e.currentTarget).blur();
@@ -466,7 +466,7 @@ class CompanyManagement extends BaseWidget {
             }
         }
         var url = this.config.getDepartmentList;
-        this.sendAjax(data, url, "GET", this.getDepartmentListCallback.bind(this), 1)
+        this.baseAjaxSend.sendAjax(this,data, url, "GET", this.getDepartmentListCallback.bind(this))
     }
 
     /**
@@ -508,7 +508,7 @@ class CompanyManagement extends BaseWidget {
             "shortName": data.ShortName,
         }
         var url = this.config.setDepartment;
-        this.sendAjax(data, url, "POST", this.addDepartmentinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "POST", this.addDepartmentinfoCallback.bind(this))
     }
 
     /**
@@ -535,7 +535,7 @@ class CompanyManagement extends BaseWidget {
             "shortName": data.ShortName,
         }
         var url = this.config.setDepartment;
-        this.sendAjax(data, url, "PUT", this.updateDepartmentinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "PUT", this.updateDepartmentinfoCallback.bind(this))
     }
 
     /**

src/widgets/ConstructionStatistical/Widget.ts

@@ -49,6 +49,11 @@ class ConstructionStatistical extends BaseWidget {
     */
     getSearchInfo(searchInfo) {
         let unit = this.domObj.find(".unitName").val();
+         //XSS脚本检测
+         if(this.baseAjaxSend.isXSS(unit.toString())){
+            this.toast.show("非法输入");
+            return;
+          }
         Object.defineProperty(searchInfo, 'name', {
             configurable: true,
             writable: true,

src/widgets/Coordinate/Widget.ts

@@ -50,6 +50,9 @@ class Coordinate extends BaseWidget {
         if (viewer) {
             const handler = new Cesium.ScreenSpaceEventHandler(viewer.canvas);
             handler.setInputAction((e) => {
+                //更新操作时间
+                this.AppX.appConfig.lastSessionTime=new Date().getTime();
+
                 const camera = this.AppX.runtimeConfig.sceneView.scene.camera;
                 const cameraHeight = Cesium.Cartographic.fromCartesian(camera.position).height;
                 if (Cesium.defined(cameraHeight)) {

src/widgets/Header/Widget.html

@@ -7,7 +7,7 @@
     </div>
     <!--返回项目切换页按钮-->
     <div class="projSel">
-        <a title="返回项目切换页面" href="/projectSelectPanel/" class="btn btn-lg btn-info"><i class="fa fa-reply-all"></i> <span id="projName"></span></a>
+        <a id="prjSelUrl" title="返回项目切换页面" href="/projectSelectPanel/" class="btn btn-lg btn-info"><i class="fa fa-reply-all"></i> <span id="projName"></span></a>
     </div>
     <div class="userInfo">
         <!-- <div class="usercompany">

src/widgets/Header/Widget.ts

@@ -8,7 +8,6 @@ class Header extends BaseWidget {
     baseClass = "widget-header";
     userinfor: any;
     user_picurl = "";
-
     /**
      * 启动
      */
@@ -26,6 +25,7 @@ class Header extends BaseWidget {
         this.homeBack();
         this.AppX.runtimeConfig.header = this;
         this.switchSys();
+        this.startUpSystemSessionMission();
     }
 
 
@@ -130,6 +130,8 @@ class Header extends BaseWidget {
      */
     loadCurrentProj(){
         const priid=parseInt(this.getCookies("currentPrj"));
+        const url=window.location+"projectSelectPanel/";
+        this.domObj.find("#prjSelUrl").prop("href",url);
         const that=this;
         $.ajax({
             headers: this.header,
@@ -312,6 +314,28 @@ class Header extends BaseWidget {
             }.bind(this))
         }
     }
+    /**
+     * 启动页面会话监听
+     */
+    startUpSystemSessionMission(){
+        //一小时超时,每十分钟检测
+        const timeout=60*60*1000;
+        const inelTime=10*60*1000;
+        $(document).off('mousedown').on('mousedown',e=>{
+            this.AppX.appConfig.lastSessionTime=new Date().getTime();
+        })
+       const sessionInel=window.setInterval(()=>{
+            const currentTime=new Date().getTime();
+            const lastTime=this.AppX.appConfig.lastSessionTime;
+            if(currentTime-lastTime>=timeout){
+                this.AppX.runtimeConfig.toast.show('会话超时,即将返回登录页面');
+                clearInterval(sessionInel);
+                setTimeout(() => {
+                    this.exitsystem();
+                }, 1000);
+            }
+        },inelTime)
+    }
     /**
      * 获取cookies值
      */

src/widgets/InfoSearch/Widget.ts

@@ -99,6 +99,11 @@ class InfoSearch extends BaseWidget {
      */
     onSearchClick(event: any) {
         const searchType = this.domObj.find("#" + this.searchTypeSelID).val().toString();
+        const inputObj = this.domObj.find("#" + this.searchInputID).val().toString();
+        if(this.baseAjaxSend.isXSS(inputObj)){
+            this.AppX.runtimeConfig.toast.show('非法输入');
+            return;
+        }
         switch (searchType) {
             case '0':
                 this.queryOptionsByPOI();

src/widgets/LayerList/Widget.ts

@@ -439,7 +439,7 @@ class LayerList extends BaseWidget {
             case LayerType.S3M:
                 const id = clickNode.layer_name;
                 const clickLayer = _.find(this.activeView.scene.layers.layerQueue, layer => {
-                    return layer.name === clickNode.layer_name;
+                    return layer.name === clickNode.layer_name.split(',')[0];
                 });
                 this.activeView.camera.flyTo({
                     destination: clickLayer.layerBounds,

src/widgets/LayerList/config.json

@@ -836,6 +836,10 @@
                     "name": "hnvec2d",
                     "type":"img",
                     "add":false
+                },
+                {
+                    "label": "污水处理厂模型",
+                    "name": "TF_PAPN_SYWASTE_B@sxgk_base,TF_PAPN_SYWATER1_3D@sxgk_base,TF_PAPN_SYWATER2_3D@sxgk_base"
                 }
             ]
         }

src/widgets/PBSVersionManagement/Widget.ts

@@ -74,6 +74,10 @@ class PbsVersionManagement extends BaseWidget {
             ascShowBox[0].innerHTML = e.target.innerHTML;
         })
         ascDiv.find("#ascBottom").click(function (e) {
+            if(this.baseAjaxSend.isXSS(ascText.val())){
+                this.toast.show('非法输入');
+                return;
+            }
             this.loadDetail(undefined, undefined, [ascShowBox[0].innerHTML, ascText.val()])
         }.bind(this))
     }
@@ -483,24 +487,65 @@ class PbsVersionManagement extends BaseWidget {
         var treeBody = this.versionInfoDiv.find("table tbody");
         let clist = list.concat();
         let pids = [];
+        // function arr2tree(data, parent) {
+        //     let tree = []; // 定义最终输出
+        //     let temp; // 定义中间存储用变量
+        //     // const usedParent = _.find(curPid, function (item) { return item.pid === parent })
+        //     // if (!usedParent) {
+        //     //     dep += 1;
+        //     //     curPid.push({ pid: parent, dep: dep });
+        //     // }
+        //     for (let i = 0; i < data.length; i++) {
+        //         data[i].width = 250;
+        //         if (data[i].pid == parent) { // 找到父级
+        //             let obj = data[i]; // 保存父级
+        //             temp = arr2tree(data, data[i].id); // 递归调用
+        //             if (temp.length > 0) { // 如果找到了
+        //                 obj.children = temp; // 父级的子集就等于刚才递归的结果
+        //             } else {
+        //                 obj.children = []; // 没有子集就把这个父级的children字段改成null 出现收起展开的图标
+        //             }
+        //             tree.push(obj); // 把父级和子集放到最终输出
+        //         }
+        //     }
+        //     return tree;
+        // }
+
+         let dep = 0;
+         let curPid = [];
         function arr2tree(data, parent) {
             let tree = []; // 定义最终输出
-            let temp; // 定义中间存储用变量
+            let temp = []; // 定义中间存储用变量
+            const usedParent = _.find(curPid, function (item) { return item.pid === parent })
+            if (!usedParent) {
+                dep += 1;
+                curPid.push({ pid: parent, dep: dep });
+            }
             for (let i = 0; i < data.length; i++) {
                 data[i].width = 250;
                 if (data[i].pid == parent) { // 找到父级
                     let obj = data[i]; // 保存父级
-                    temp = arr2tree(data, data[i].id); // 递归调用
+                    const curparent = _.find(curPid, function (item) { return item.pid === parent });
+                    let open = true;
+                    if (curparent) {
+                        dep = curparent.dep;
+                        if (curparent.dep >= 2) open = false;
+                    }
+                    if (obj.levelname !== "部件类型") {
+                        temp = arr2tree(data, data[i].id); // 递归调用
+                    }
                     if (temp.length > 0) { // 如果找到了
                         obj.children = temp; // 父级的子集就等于刚才递归的结果
+                        obj.open = open;
                     } else {
-                        obj.children = []; // 没有子集就把这个父级的children字段改成null 出现收起展开的图标
+                        obj.children = []; // 没有子集就把这个父级的children字段改成null 防止出现收起展开的图标
                     }
                     tree.push(obj); // 把父级和子集放到最终输出
                 }
             }
             return tree;
         }
+
         const tempTree = arr2tree(clist, null);
         function setWidth(data, parent) {
             for (let item of data) {
@@ -556,8 +601,9 @@ class PbsVersionManagement extends BaseWidget {
         treeBody.html(str);
         var table = this.versionInfoDiv.find("table");
         table.treetable({ expandable: true, column: 0 });
-        for (let i = 0, ii = pids.length; i < ii; i++) {
-            table.treetable("expandNode", pids[i]);
+        for (let i = 0, ii = clist.length; i < ii; i++) {
+            if(clist[i].open)
+            table.treetable("expandNode", clist[i].id);
         }
         var trFrist = this.versionInfoDiv.find("table tbody tr td:first-child");
         var canMod = this.verdionListIndex[this.listIndex._version].publish != "1" ? true : false;

src/widgets/PbsManagement/Widget.ts

@@ -1,4 +1,5 @@
 import BaseWidget = require('core/BaseWidget.class');
+import AjaxSend=require('common/AjaxSend.class');
 /**
  * 模板信息
  */
@@ -277,13 +278,19 @@ class PbsManageMent extends BaseWidget {
             const name = domObj.find("#" + that.addPbsNameID).val();
             const level = domObj.find("#" + that.addPbsLevelID).val();
             const remark = domObj.find("#" + that.addPbsRemarkID).val();
+            //xss脚本验证
+            const nameCorrect=that.baseAjaxSend.isXSS(name);
+            const remarkCorrect=that.baseAjaxSend.isXSS(remark);
+            if(nameCorrect||remarkCorrect){
+                that.toast.show('非法输入');
+                return;
+            }
             const obj = {
                 alevel: level,
                 name: name,
                 remark: remark
             }
-            that.sendAjax(obj, url, "POST", function (e) {
-                console.log(e.code);
+            that.baseAjaxSend.sendAjax(that,obj, url, "POST", function (e) {
                 that.loadMask.hide();
                 if (e.code === 1) {
                     that.pbsTableWidget.ajax.reload();
@@ -732,6 +739,11 @@ class PbsManageMent extends BaseWidget {
             if (!this.table1) {
                 return;
             }
+            const searchVal = popuoDomobj.domObj.find("#" + that.searchObGroupValID).val().toString();
+            if(this.baseAjaxSend.isXSS(searchVal)){
+                this.toast.show('非法输入');
+                return;
+            }
             //重新请求后台数据
             this.table1.ajax.reload(null, false);
         })
@@ -883,6 +895,11 @@ class PbsManageMent extends BaseWidget {
         };
         const name = this.domObj.find("#" + this.pbsNodeNameID).val().toString().trim();//层级名称
         const contents = this.domObj.find("#" + this.pbsNodeDescripID).val().toString().trim();//层级说明
+        //xss脚本检测
+        if(that.baseAjaxSend.isXSS(name)||that.baseAjaxSend.isXSS(contents)){
+            that.toast.show("非法输入");
+            return;
+        }
         let connector = level.connector;
         const selectWidget = $(this.domObj.find('.pbsStructBtns select[data-level="' + level.alevel + '"]'));
         if (selectWidget.length > 0) {
@@ -917,6 +934,11 @@ class PbsManageMent extends BaseWidget {
             } else if (codeType === "2") {
                 const codeLen = $(el).find('.form-control.code-length').val().toString().trim();
                 const codeRemark = $(el).find('.form-control.code-remark').val().toString().trim();
+                //XSS脚本检测
+                if(that.baseAjaxSend.isXSS(codeRemark)){
+                    that.toast.show('非法输入');
+                    return;
+                }
                 if (codeLen === "" || codeRemark === "") {
                     that.toast.show("请填写编码长度或说明");
                     isCorrect = false;
@@ -952,7 +974,7 @@ class PbsManageMent extends BaseWidget {
         level.pbsCodelist = codeDe;
         level.codeView = this.computeCodeView(level);
         const url = this.urls.addPbsLevel;
-        this.sendAjax(level, url, "PUT", function (e) {
+        this.baseAjaxSend.sendAjax(that,level, url, "PUT", function (e) {
             that.loadMask.hide();
             if (e.code === 1) {
                 that.toast.show("保存成功");

src/widgets/PbsTreeManagement/Widget.ts

@@ -381,6 +381,11 @@ class PbsTreeManagement extends BaseWidget {
         
         const code = this.domObj.find("#" + this.pbsSearchInputID).val().toString().trim();
         if(code.trim()==="") return;
+        //XSS脚本检测
+        if(this.baseAjaxSend.isXSS(code)){
+            this.toast.show('非法输入');
+            return;
+        }
         const searchType = this.domObj.find("#" + this.searchTypeSelID).val().toString();
         //this.treeNodes = this.ztree.getNodes().slice();
         // if (code === '') {

src/widgets/PipeCollectionLedger/Widget.ts

@@ -43,6 +43,11 @@ class PipeCollectionLedger extends BaseWidget {
   getSearchInfo(searchInfo) {
     const type = this.domObj.find("#type-select").val();
     const inputVal = this.domObj.find("#key-code").val();
+    //XSS脚本检测
+    if(this.baseAjaxSend.isXSS(inputVal.toString())){
+      this.toast.show("非法输入");
+      return;
+    }
     Object.defineProperty(searchInfo, 'nodeCode', {
       configurable: true,
       writable: true,

src/widgets/PipeSweepCodeLedger/Widget.ts

@@ -44,6 +44,11 @@ class PipeSweepCodeLedger extends BaseWidget {
   getSearchInfo(searchInfo) {
     const type = this.domObj.find("#type-select").val();
     const inputVal = this.domObj.find("#key-code").val();
+    //XSS脚本检测
+    if(this.baseAjaxSend.isXSS(inputVal.toString())){
+      this.toast.show("非法输入");
+      return;
+    }
     Object.defineProperty(searchInfo, 'pbsCode', {
       configurable: true,
       writable: true,

src/widgets/PointCollectionLedger/Widget.ts

@@ -43,6 +43,11 @@ class PointCollectionLedger extends BaseWidget {
   getSearchInfo(searchInfo) {
     const type = this.domObj.find("#type-select").val();
     const inputVal = this.domObj.find("#key-code").val();
+    //XSS脚本检测
+    if(this.baseAjaxSend.isXSS(inputVal.toString())){
+      this.toast.show("非法输入");
+      return;
+    }
     Object.defineProperty(searchInfo, 'nodeCode', {
       configurable: true,
       writable: true,

src/widgets/ProjectInfoManagement/Widget.ts

@@ -139,7 +139,7 @@ class ProjectInfoManagement extends BaseWidget {
         let validateEditData = JSON.parse(JSON.stringify(editData));
         delete validateEditData.id;
         if (Object.values(validateEditData).some(item => item !== "")) {
-          this.sendAjax(editData, editUrl, "PUT", res => {
+          this.baseAjaxSend.sendAjax(this,editData, editUrl, "PUT", res => {
             $("#box").children().remove();
             if (res.code === 1) {
               $("#box").children().remove();

src/widgets/ProjectResource/Widget.ts

@@ -449,7 +449,7 @@ class ProjectResource extends BaseWidget {
             }
         }
         var url = this.config.getProjectList;
-        this.sendAjax(data, url, "GET", this.getProjectListCallback.bind(this), 1)
+        this.baseAjaxSend.sendAjax(this,data, url, "GET", this.getProjectListCallback.bind(this))
     }
 
     /**
@@ -498,7 +498,7 @@ class ProjectResource extends BaseWidget {
             indata["xmzq"] = data.xmzq;
 
         var url = this.config.setProject;
-        this.sendAjax(indata, url, "POST", this.addProjectinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,indata, url, "POST", this.addProjectinfoCallback.bind(this))
     }
 
     /**

src/widgets/ResourceManagement/Widget.ts

@@ -585,7 +585,7 @@ class ResourceManagement extends BaseWidget {
      */
     buttonSearchDir(data) {
         var url = this.config.getKey;
-        this.sendAjax(data, url, "GET", this.getKeyCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "GET", this.getKeyCallback.bind(this))
     }
 
     /**
@@ -594,7 +594,7 @@ class ResourceManagement extends BaseWidget {
      */
     buttonSearchRec(data) {
         var url = this.config.getListByKey;
-        this.sendAjax(data, url, "GET", this.getListByKeyCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "GET", this.getListByKeyCallback.bind(this))
     }
 
     /**
@@ -641,7 +641,7 @@ class ResourceManagement extends BaseWidget {
             "type": data.type
         }
         var url = this.config.setKeySysSource;
-        this.sendAjax(data, url, "POST", this.addSysSourceinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "POST", this.addSysSourceinfoCallback.bind(this))
     }
 
     /**
@@ -656,7 +656,7 @@ class ResourceManagement extends BaseWidget {
             "ckey": data.ckey
         }
         var url = this.config.setSysSource;
-        this.sendAjax(data, url, "POST", this.addSysSourceinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "POST", this.addSysSourceinfoCallback.bind(this))
     }
 
     /**
@@ -686,7 +686,7 @@ class ResourceManagement extends BaseWidget {
             "type": data.type
         }
         var url = this.config.setKeySysSource;
-        this.sendAjax(data, url, "PUT", this.updateSysSourceinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "PUT", this.updateSysSourceinfoCallback.bind(this))
     }
 
     /**
@@ -702,7 +702,7 @@ class ResourceManagement extends BaseWidget {
             "id": data.id,
         }
         var url = this.config.setSysSource;
-        this.sendAjax(data, url, "PUT", this.updateSysSourceinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "PUT", this.updateSysSourceinfoCallback.bind(this))
     }
 
     /**

src/widgets/RoleManagement/Widget.ts

@@ -405,7 +405,7 @@ class RoleManagement extends BaseWidget {
             }
         }
         var url = this.config.RoleList;
-        this.sendAjax(data, url, "GET", this.getRoleListCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "GET", this.getRoleListCallback.bind(this))
     }
 
 
@@ -439,7 +439,7 @@ class RoleManagement extends BaseWidget {
             roleDesc: data.notes
         }
         var url = this.config.setRole;
-        this.sendAjax(data, url, "POST", this.addRoleinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "POST", this.addRoleinfoCallback.bind(this))
     }
 
     /**
@@ -464,7 +464,7 @@ class RoleManagement extends BaseWidget {
             id: data.id
         }
         var url = this.config.setRole;
-        this.sendAjax(data, url, "PUT", this.updateRoleinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "PUT", this.updateRoleinfoCallback.bind(this))
     }
 
     /**

src/widgets/SchedulingForecast/Widget.ts

@@ -50,6 +50,11 @@ class SchedulingForecast extends BaseWidget {
    getSearchInfo(searchInfo) {
        let day=this.domObj.find(".dayTime").val();
        let unit=this.domObj.find(".unitName").val();
+       //XSS脚本检测
+        if(this.baseAjaxSend.isXSS(unit.toString())){
+        this.toast.show("非法输入");
+        return;
+      }
        Object.defineProperty(searchInfo,'nums' , {
         configurable: true,
         writable: true,

src/widgets/StatisticalDesign/Widget.ts

@@ -53,6 +53,11 @@ class StatisticalDesign extends BaseWidget {
     */
     getSearchInfo() {
         let unit = this.domObj.find(".unitName").val();
+         //XSS脚本检测
+         if(this.baseAjaxSend.isXSS(unit.toString())){
+            this.toast.show("非法输入");
+            return;
+          }
         return {
             name: unit
         }

src/widgets/SystemManagement/Widget.ts

@@ -692,7 +692,7 @@ class SystemManagement extends BaseWidget {
             "systemType": data.Type,
         }
         var url = this.config.setKeySysSource;
-        this.sendAjax(data, url, "POST", this.addSysSourceinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "POST", this.addSysSourceinfoCallback.bind(this))
     }
 
     /**
@@ -717,7 +717,7 @@ class SystemManagement extends BaseWidget {
             "type": data.Type,
         }
         var url = this.config.setSysSource;
-        this.sendAjax(data, url, "POST", this.addSysSourceinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this,data, url, "POST", this.addSysSourceinfoCallback.bind(this))
     }
 
     /**
@@ -752,7 +752,7 @@ class SystemManagement extends BaseWidget {
             "systemType": data.Type,
         }
         var url = this.config.setKeySysSource;
-        this.sendAjax(data, url, "PUT", this.updateSysSourceinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(data, url, "PUT", this.updateSysSourceinfoCallback.bind(this))
     }
 
     /**
@@ -777,7 +777,7 @@ class SystemManagement extends BaseWidget {
             "type": data.Type,
         }
         var url = this.config.setSysSource;
-        this.sendAjax(data, url, "PUT", this.updateSysSourceinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(data, url, "PUT", this.updateSysSourceinfoCallback.bind(this))
     }
 
     /**

src/widgets/TjzlManagement/Widget.ts

@@ -302,7 +302,11 @@ class TjzlManagement extends BaseWidget {
         let data = new FormData();
         let value = this.domObj.find('.optionsRadios:checked').val();
         //文件名称
-        let name = this.domObj.find(".name").val();
+        let name = this.domObj.find(".name").val().toString();
+        if(this.baseAjaxSend.isXSS(name)){
+            this.toast.show('非法输入');
+            return;
+        }
         //上传单位
         let sendUnit = this.domObj.find(".sendUnit option:selected").text();
         //资料类型

src/widgets/UserManagement/Widget.html

@@ -105,10 +105,10 @@ $$
     </div>
     <div class="form-inline">
         <!-- <label class=" control-label font_style"><span><span style="color:red;position: initial;">* </span>联系电话：</span></label> -->
-        <label class=" control-label font_style"><span>联系电话：</span></label>
+        <label class=" control-label font_style"><span><span style="color:red;position: initial;">* </span>联系电话：</span></label>
         <div class="form-group">
             <!-- <input type="text" class="form-control phone control-width" name="phone" data-bv-trigger="blur" data-bv-message="The title is not valid" required data-bv-notempty-message="不能为空"  placeholder="请输入联系电话" v-model="data.phone" autocomplete="off"/> -->
-            <input type="text" class="form-control phone control-width" name="phone" data-bv-trigger="blur" data-bv-message="The title is not valid" data-bv-notempty-message="不能为空"  placeholder="请输入联系电话" v-model="data.phone" autocomplete="off"/>
+            <input required type="text" class="form-control phone control-width" name="phone" data-bv-trigger="blur" data-bv-message="The title is not valid" data-bv-notempty-message="不能为空"  placeholder="请输入联系电话" v-model="data.phone" autocomplete="off"/>
         </div>
     </div>
     <div class="form-inline">

src/widgets/UserManagement/Widget.ts

@@ -4,6 +4,7 @@ import DataTableHelper = require('common/DataTableHelper.class');
 import VerificationHelper = require('common/VerificationHelper.class');
 import Vue = require('vue');
 import AjaxSend = require('common/AjaxSend.class');
+declare var CryptoJS;
 
 /**
  * 用户管理初始化
@@ -69,7 +70,7 @@ class UserManagement extends BaseWidget {
      */
     getOptionHtml(data, keyString, valueString, curr?) {
         let html = "";
-        if(!curr){
+        if (!curr) {
             data.forEach(item => {
                 if (html == "") {
                     html += "<option selected='selected' value='" + item[keyString] + "'>" + item[valueString] + "</option>";
@@ -111,7 +112,7 @@ class UserManagement extends BaseWidget {
         this.domObj.find('.btn_search').on("click", function (e) {
             this.vueObject.serchVue.isSearch = true;
         }.bind(this));
-        
+
         //新增用户
         this.domObj.find('.btn_add').off('click').on("click", function (e) {
             $(e.currentTarget).blur();
@@ -137,7 +138,7 @@ class UserManagement extends BaseWidget {
                 }
             }.bind(this));
         }.bind(this));
-        
+
         //修改用户
         this.domObj.find('.update_add').on("click", function (e) {
             this.getCheckItem(1);
@@ -207,7 +208,7 @@ class UserManagement extends BaseWidget {
         }.bind(this));
 
         //项目设置
-        this.domObj.find('.update_project').on("click", function(e){
+        this.domObj.find('.update_project').on("click", function (e) {
             this.getCheckItem(1);
             if (this.opeartionItme.length != 1) {
                 this.toast.show("请选择一位用户进行项目设置！");
@@ -218,18 +219,18 @@ class UserManagement extends BaseWidget {
             var html = this.template.split('$$')[6];
             var Obj = this.popup.show("项目绑定", html);
             this.initPopeVue("project");
-             //添加验证
-             (<any>$('#widget-UserManagementAddInfo')).bootstrapValidator();
-             //下拉框调整
-             let load = window.setInterval(function () {
-                 if (Obj.domObj.find(".dropdown-menu.show:first").length == 1) {
-                     clearInterval(load);
-                     Obj.domObj.find(".dropdown-menu.show:first").css({ 'overflow': 'auto', 'max-height': '98px' });
-                 }
-             }.bind(this), 100);
-             Obj.submitObj.off("click").on("click", function (e) {
-                 this.vueObject.popVue.isProject = true;
-             }.bind(this));
+            //添加验证
+            (<any>$('#widget-UserManagementAddInfo')).bootstrapValidator();
+            //下拉框调整
+            let load = window.setInterval(function () {
+                if (Obj.domObj.find(".dropdown-menu.show:first").length == 1) {
+                    clearInterval(load);
+                    Obj.domObj.find(".dropdown-menu.show:first").css({ 'overflow': 'auto', 'max-height': '98px' });
+                }
+            }.bind(this), 100);
+            Obj.submitObj.off("click").on("click", function (e) {
+                this.vueObject.popVue.isProject = true;
+            }.bind(this));
         }.bind(this));
 
         //删除用户
@@ -256,35 +257,35 @@ class UserManagement extends BaseWidget {
             this.getCheckItem(1);
             this.updateLock();
         })
-        
+
         // 控制用户的数据权限
         this.domObj.find(".data_permission").on("click", e => {
             this.getCheckItem(1);
             let dep = 0;
-            let curPid=[];
+            let curPid = [];
             function arr2tree(data, parent) {
                 let tree = []; // 定义最终输出
-                let temp=[]; // 定义中间存储用变量
-                const usedParent=_.find(curPid,function(item){return item.pid===parent})
-                if(!usedParent){
-                    dep+=1;
-                    curPid.push({pid:parent,dep:dep});
+                let temp = []; // 定义中间存储用变量
+                const usedParent = _.find(curPid, function (item) { return item.pid === parent })
+                if (!usedParent) {
+                    dep += 1;
+                    curPid.push({ pid: parent, dep: dep });
                 }
                 for (let i = 0; i < data.length; i++) {
                     if (data[i].pid == parent) { // 找到父级
                         let obj = data[i]; // 保存父级
-                        const curparent=_.find(curPid,function(item){return item.pid===parent});
-                        let open=true;
-                        if(curparent){
-                            dep=curparent.dep;
-                            if(curparent.dep===3) open=false;
-                        } 
-                        if(dep<=3){
+                        const curparent = _.find(curPid, function (item) { return item.pid === parent });
+                        let open = true;
+                        if (curparent) {
+                            dep = curparent.dep;
+                            if (curparent.dep === 3) open = false;
+                        }
+                        if (dep <= 3) {
                             temp = arr2tree(data, data[i].id); // 递归调用
                         }
                         if (temp.length > 0) { // 如果找到了
                             obj.children = temp; // 父级的子集就等于刚才递归的结果
-                            obj.open=open;
+                            obj.open = open;
                         } else {
                             obj.children = null; // 没有子集就把这个父级的children字段改成null 防止出现收起展开的图标
                         }
@@ -295,19 +296,19 @@ class UserManagement extends BaseWidget {
             }
             // 获取用户绑定的道路
             let treeObj;
-            if(this.vueObject.serchVue.dataList[this.opeartionItme[0]].prjIdList !== null){
-                this.sendAjax({userId: this.vueObject.serchVue.dataList[this.opeartionItme[0]].id}, this.config.userBindedRoads, "GET", res => {
-                    let bindedList = res.result?res.result:[];
+            if (this.vueObject.serchVue.dataList[this.opeartionItme[0]].prjIdList !== null) {
+                this.sendAjax({ userId: this.vueObject.serchVue.dataList[this.opeartionItme[0]].id }, this.config.userBindedRoads, "GET", res => {
+                    let bindedList = res.result ? res.result : [];
                     let lists = [];
                     // this.sendAjax({prjId: this.vueObject.serchVue.dataList[this.opeartionItme[0]].prjIdList[0]}, this.config.getPBSTree, "GET", resp => {
                     this.sendAjax(null, this.config.getPBSTree, "GET", resp => {
-                        if(resp.result.length != 0) {
+                        if (resp.result.length != 0) {
                             lists = resp.result[0].structures;
                             this.AppX.runtimeConfig.loadMask.hide();
                             lists.forEach(item => {
                                 item.children = [];
                                 bindedList.forEach(el => {
-                                    if(item.id == el.sdetailId) item.checked = true;
+                                    if (item.id == el.sdetailId) item.checked = true;
                                 })
                             })
                         }
@@ -397,7 +398,7 @@ class UserManagement extends BaseWidget {
             mounted() {
                 this.isSearch = true;
                 that.getDepartmentList();
-                $(this.$el).find("#searchRealName").on('keypress',function (e) {
+                $(this.$el).find("#searchRealName").on('keypress', function (e) {
                     if (e.keyCode === 13) {
                         this.isSearch = true;
                     }
@@ -494,7 +495,7 @@ class UserManagement extends BaseWidget {
                     name: "",
                     password: "",
                     realname: "",
-                    idcard:"",
+                    idcard: "",
                     phone: "",
                     file: "",
                     deptid: "",
@@ -539,7 +540,7 @@ class UserManagement extends BaseWidget {
                 projectids: [],
                 isExist: false,
                 type: type,
-                permission:{
+                permission: {
                     userId: undefined,
                     prjId: undefined,
                     roads: []
@@ -581,15 +582,15 @@ class UserManagement extends BaseWidget {
                     this.data.id = userInfo.id;
                     this.data.name = userInfo.username;
                     this.data.realname = userInfo.realName;
-                    this.data.idcard=userInfo.idcard;
+                    this.data.idcard = that.desCodeConvert(userInfo.idcard, 'decryption');
                     this.data.roleid = userInfo.roleidId;
-                    this.data.phone = userInfo.phone;
+                    this.data.phone = that.desCodeConvert(userInfo.phone, 'decryption');
                     this.data.deptid = userInfo.departmentId;
                     this.data.userLevel = userInfo.userLevel;
                     if (userInfo.avatar != "") {
                         this.url = that.apiRoot + that.config.getImg;
                     }
-                    this.data.email = userInfo.email;
+                    this.data.email = that.desCodeConvert(userInfo.email, 'decryption');
                     that.initFileInput("#widget-UserManagementAddInfo .file", this.url + "?remotePath=" + userInfo.avatar + "&access_token=" + that.userToken);
 
                 } else {
@@ -603,7 +604,7 @@ class UserManagement extends BaseWidget {
                     }
                     that.getProjectList();
                 }
-                if(type === "permission") {
+                if (type === "permission") {
                     this.permission = {
                         userId: undefined,
                         prjId: undefined,
@@ -625,7 +626,10 @@ class UserManagement extends BaseWidget {
                         if (!that.checkInput("单位", this.data.deptid)) {
                             return;
                         }
-                        if (!that.checkInput("身份证号", this.data.idcard)) {
+                        if (!that.checkInput("身份证号", this.data.idcard,/[0-9]{18}/)) {
+                            return;
+                        }
+                        if (!that.checkInput("联系电话", this.data.phone,/[0-9]{11}/)) {
                             return;
                         }
                         // if (!that.verificationHelper.isPhone(this.data.phone, that.toast)) {
@@ -634,6 +638,18 @@ class UserManagement extends BaseWidget {
                         // if (!that.verificationHelper.isEmail(this.data.email, that.toast)) {
                         //     return;
                         // };
+                        const strData={
+                            username:this.data.name,
+                            realName:this.data.realname,
+                            idcard:this.data.idcard,
+                            phone:this.data.phone,
+                            email:this.data.email
+                        };
+                        //XSS脚本检测
+                        if(that.baseAjaxSend.xssCodeCheck(strData)){
+                            that.toast.show('非法输入');
+                            return;
+                        }
                         let data = new FormData();
                         let fileDom = $('#widget-UserManagementAddInfo .file')[0];
                         let files = fileDom.files;
@@ -648,11 +664,11 @@ class UserManagement extends BaseWidget {
                         data.append("username", this.data.name);
                         data.append("id", this.data.id);
                         data.append("realName", this.data.realname);
-                        data.append("idcard", this.data.idcard);
-                        data.append("phone", this.data.phone);
+                        data.append("idcard", that.desCodeConvert(this.data.idcard, 'encryption'));
+                        data.append("phone", that.desCodeConvert(this.data.phone, 'encryption'));
                         data.append("file", files[0]);
                         data.append("departmentId", this.data.deptid);
-                        data.append("email", this.data.email);
+                        data.append("email", that.desCodeConvert(this.data.email, 'encryption'));
                         data.append("roleid", this.data.roleid);
                         data.append("notes", this.data.notes);
                         data.append("isupdate", this.data.isUpdate);
@@ -669,7 +685,10 @@ class UserManagement extends BaseWidget {
                         if (!that.checkInput("真实姓名", this.data.realname)) {
                             return;
                         }
-                        if (!that.checkInput("身份证号", this.data.idcard)) {
+                        if (!that.checkInput("身份证号", this.data.idcard,/[0-9]{18}/)) {
+                            return;
+                        }
+                        if (!that.checkInput("联系电话", this.data.phone,/[0-9]{11}/)) {
                             return;
                         }
                         if (!that.checkInput("密码", this.data.password)) {
@@ -687,6 +706,19 @@ class UserManagement extends BaseWidget {
                         // if (!that.verificationHelper.isEmail(this.data.email, that.toast)) {
                         //     return;
                         // };
+                        const strData={
+                            username:this.data.name,
+                            realName:this.data.realname,
+                            idcard:this.data.idcard,
+                            phone:this.data.phone,
+                            email:this.data.email
+                        };
+                        //XSS脚本检测
+                        if(that.baseAjaxSend.xssCodeCheck(strData)){
+                            that.toast.show('非法输入');
+                            return;
+                        }
+
                         let data = new FormData();
                         let files = $('#widget-UserManagementAddInfo .file')[0].files;
                         data.append("file", files[0]);
@@ -849,10 +881,10 @@ class UserManagement extends BaseWidget {
      * 检查数据是否未空(如果值是false或者负数，会失效)
      * @param title 数据名称
      * @param results 数据
-     * @param type 数据类型(选填)
+     * @param type 数据类型(选填) 正则表达式
      * @returns 返回true或者false(true正常，false返回数据异常)
      */
-    checkInput(title, results, type?) {
+    checkInput(title, results, type?:RegExp) {
         if (type == undefined) {
             if (results == undefined || results == null || results == "") {
                 this.toast.show(title + "不能为空")
@@ -860,6 +892,13 @@ class UserManagement extends BaseWidget {
             } else {
                 return results;
             }
+        }else{
+            if(type.test(results)){
+                return results;
+            }else{
+                this.toast.show(title + "格式错误")
+                return false; 
+            }
         }
     }
 
@@ -870,13 +909,14 @@ class UserManagement extends BaseWidget {
         data = {
             realName: data.RealName,
             current: 1,
-            size: 10000,
+            size: 1000,
             departmentId: data.DeptId,
             "orders[0].asc": false,
             "orders[0].column": "create_time",
         }
         var url = this.config.userList;
-        this.sendAjax(data, url, "GET", this.getUserServiceListCallback.bind(this))
+        this.AppX.runtimeConfig.loadMask.show("请稍候...");
+        this.baseAjaxSend.sendAjax(this, data, url, "GET", this.getUserServiceListCallback.bind(this))
     }
 
     /**
@@ -885,6 +925,7 @@ class UserManagement extends BaseWidget {
      */
     getUserServiceListCallback(results) {
         let datas = [];
+        const that = this;
         if (this.checkRsults(results, true)) {
             this.vueObject.serchVue.dataList = results.result.records;
             $.each(results.result.records, function (i, item) {
@@ -892,9 +933,9 @@ class UserManagement extends BaseWidget {
                     index: '<input type="checkbox" name="list_check" class="list_check" value="' + i + '"/> ',
                     name: this.verificationHelper.setNullAndUndefined(item.username),
                     real_name: this.verificationHelper.setNullAndUndefined(item.realName),
-                    idcard: this.verificationHelper.setNullAndUndefined(item.idcard),
-                    phone: this.verificationHelper.setNullAndUndefined(item.phone),
-                    email: this.verificationHelper.setNullAndUndefined(item.email),
+                    idcard: that.desCodeConvert(item.idcard, 'decryption', true),
+                    phone: that.desCodeConvert(item.phone, 'decryption', true),
+                    email: that.desCodeConvert(item.email, 'decryption', true),
                     role_name: this.verificationHelper.setNullAndUndefined(item.roleName),
                     department_name: this.verificationHelper.setNullAndUndefined(item.deptName),
                     project_name: this.verificationHelper.setNullAndUndefined(item.prjName),
@@ -984,7 +1025,7 @@ class UserManagement extends BaseWidget {
             type: "role",
         }
         var url = this.config.bindingRole;
-        this.sendAjax(data, url, "PUT", this.updateRoleinfoCallback.bind(this))
+        this.baseAjaxSend.sendAjax(this, data, url, "PUT", this.updateRoleinfoCallback.bind(this))
     }
 
     /**
@@ -1164,7 +1205,6 @@ class UserManagement extends BaseWidget {
             this.domObj.height() - widgetHeaderHeight + 'px'
         );
     }
-
     //初始化fileinput控件（第一次初始化）
     initFileInput(ctrlName, uploadUrl) {
         let control = $(ctrlName);
@@ -1204,7 +1244,7 @@ class UserManagement extends BaseWidget {
             size: 10000,
         }
         var url = this.config.getDepartmentList;
-        this.sendAjax(data, url, "GET", this.getDepartmentListCallback.bind(this));
+        this.sendAjax(data, url, "GET", this.getDepartmentListCallback.bind(this),1);
     }
 
     /**
@@ -1216,7 +1256,11 @@ class UserManagement extends BaseWidget {
         if (this.vueObject.serchVue.option.deptids.length == 0) {
             datas.push({ key: "", label: "全部" });
         }
-        if (this.checkRsults(results, false)) {
+        if (results.code != 1) {
+            this.toast.show(results.message);
+            console.error(results.message);
+            return false;
+        } else {
             $.each(results.result.records, function (i, item) {
                 datas.push({
                     key: item.id,
@@ -1231,7 +1275,7 @@ class UserManagement extends BaseWidget {
         }
         $(".selectpicker.DeptId").selectpicker({
             noneSelectedText: '请选择',
-            noneResultsText:"无匹配结果"
+            noneResultsText: "无匹配结果"
         });
         $(".selectpicker.DeptId").selectpicker('refresh');
     }
@@ -1374,6 +1418,50 @@ class UserManagement extends BaseWidget {
         }
         else this.toast.show("请求处理异常");
     }
+    /**
+     * DES加密、解密
+     * @param data 信息
+     * @param desType 加密、解密
+     * @param nullCheck 是否替换空值
+     */
+    desCodeConvert(data: string, desType: string, nullCheck: boolean = false) {
+        const key = this.config.keyWords;
+        try {
+            if (desType === "encryption") {
+                if ($.trim(data) === "") return "";
+                const keyHex = CryptoJS.enc.Utf8.parse(key);
+                const encrypted = CryptoJS.DES.encrypt(data, keyHex, {
+                    mode: CryptoJS.mode.ECB,
+                    padding: CryptoJS.pad.Pkcs7
+                });
+                //16进制字符串
+                const result = encrypted.toString();
+                return result;
+
+            } else if (desType === "decryption") {
+                if ($.trim(data) === "") {
+                    if (nullCheck) {
+                        return this.verificationHelper.setNullAndUndefined(data);
+                    }
+                    return "";
+                }
+                var keyHex = CryptoJS.enc.Utf8.parse(key);
+                var decrypted = CryptoJS.DES.decrypt({
+                    ciphertext: CryptoJS.enc.Hex.parse(data)//hex 16进制字符串转化为字节数组
+                }
+                    , keyHex, {
+                    mode: CryptoJS.mode.ECB,
+                    padding: CryptoJS.pad.Pkcs7
+                });
+                const result = decrypted.toString(CryptoJS.enc.Utf8);
+                return result
+            }
+        } catch (error) {
+            console.log(error);
+            return "";
+        }
+
+    }
 
     /**
      * 判断登录名是否存在信息

src/widgets/UserManagement/config.json

@@ -25,5 +25,6 @@
         25,
         50,
         100
-    ]
+    ],
+    "keyWords":"toflysxgk"
 }

src/widgets/WellSweepCodeLedger/Widget.ts

@@ -1,6 +1,7 @@
 import BaseWidget = require('core/BaseWidget.class');
 import AjaxSend = require("common/AjaxSend.class");
 import PipeUnitInfo = require('widgets/PipeUnitInfo/Widget');
+declare var filterXSS;
 class WellSweepCodeLedger extends BaseWidget {
   baseClass = "widget-WellSweepCodeLedger";
   headerHeight = 205;
@@ -8,11 +9,13 @@ class WellSweepCodeLedger extends BaseWidget {
   dataTable = null;
   ajaxSend: AjaxSend = null;
   localWindow=null;
+  _filterXSS=undefined;
   /**
    * 启动
    */
   startup() {
     this.initHtml();
+    this._filterXSS=new filterXSS.FilterXSS();
   }
 
   /**
@@ -44,6 +47,12 @@ class WellSweepCodeLedger extends BaseWidget {
   getSearchInfo(searchInfo) {
     const type = this.domObj.find("#type-select").val();
     const inputVal = this.domObj.find("#key-code").val();
+    //XSS脚本检测
+    if(this.baseAjaxSend.isXSS(inputVal.toString())){
+      this.toast.show("非法输入");
+      return;
+    }
+    
     Object.defineProperty(searchInfo, 'pbsCode', {
       configurable: true,
       writable: true,
@@ -61,7 +70,6 @@ class WellSweepCodeLedger extends BaseWidget {
     // searchInfo["isNew"] = 1;
     return searchInfo;
   }
-
   /* 渲染出列表
    * */
   getInfoList() {

src/widgets/scanPersonStatistical/Widget.ts

@@ -50,6 +50,11 @@ class scanPersonStatistical extends BaseWidget {
     getSearchInfo(searchInfo) {
         let day = this.domObj.find(".dayTime").val();
         let unit = this.domObj.find(".unitName").val();
+         //XSS脚本检测
+         if(this.baseAjaxSend.isXSS(unit.toString())){
+            this.toast.show("非法输入");
+            return;
+          }
         Object.defineProperty(searchInfo, 'nums', {
             configurable: true,
             writable: true,

src/widgets/scanStatistical/Widget.ts

@@ -53,6 +53,11 @@ class scanStatistical extends BaseWidget {
     */
     getSearchInfo() {
         let unit = this.domObj.find(".unitName").val();
+         //XSS脚本检测
+         if(this.baseAjaxSend.isXSS(unit.toString())){
+            this.toast.show("非法输入");
+            return;
+          }
         return {
             name: unit
         }

typings/locals/appx/index.d.ts

@@ -60,6 +60,7 @@ interface AppConfig {
     hasHomePage?:boolean,
     apiRoot?: string,
     currentPrj?:number,
+    lastSessionTime?:any,
     userToken?: string,
     deptName?:string,
     realName?:string,
@@ -376,7 +377,6 @@ interface WidgetLoadWait {
      */
     hide()
 }
-
 /**
  * 提示模块
  */