问题描述
我使用谷歌电子表格作为我的 React 应用程序的 CMS。我在 dotenv 文件中保存了来自谷歌开发者控制台的所需凭据。但是 REACT_APP_PRIVATE_KEY 导致了这个错误。
当我在 PRIVATE_KEY 函数中硬编码 handleSubmit 值时,该应用程序运行良好。
请帮助(PS,如果有人需要任何其他文件,请告诉我)
dotenv
REACT_APP_PRIVATE_KEY=-----BEGIN PRIVATE KEY-----\n*********\n-----END PRIVATE KEY-----\n
REACT_APP_CLIENT_EMAIL=**********.gserviceaccount.com
REACT_APP_SHEET_ID=*********
handleSubmit 函数
const handleSubmit=async (e)=>{
const doc =new GoogleSpreadsheet(process.env.REACT_APP_SHEET_ID);
console.log(process.env.REACT_APP_PRIVATE_KEY)
console.log(process.env.REACT_APP_CLIENT_EMAIL)
await doc.useServiceAccountAuth({
client_email:process.env.REACT_APP_CLIENT_EMAIL,private_key: process.env.REACT_APP_PRIVATE_KEY
});
await doc.loadInfo();
const sheet = doc.sheetsByIndex[0];
await sheet.addRow({Website:website,Password:password})
window.location.reload();
}
这是错误控制台的屏幕截图:https://imgur.com/a/9OlgQ1X
编辑-1 parseKeys index.js
var asn1 = require('./asn1')
var aesid = require('./aesid.json')
var fixProc = require('./fixProc')
var ciphers = require('browserify-aes')
var compat = require('pbkdf2')
var Buffer = require('safe-buffer').Buffer
module.exports = parseKeys
function parseKeys (buffer) {
var password
if (typeof buffer === 'object' && !Buffer.isBuffer(buffer)) {
password = buffer.passphrase
buffer = buffer.key
}
if (typeof buffer === 'string') {
buffer = Buffer.from(buffer)
}
var stripped = fixProc(buffer,password) ///<=line 19
var type = stripped.tag
var data = stripped.data
var subtype,ndata
switch (type) {
case 'CERTIFICATE':
ndata = asn1.certificate.decode(data,'der').tbsCertificate.subjectPublicKeyInfo
// falls through
case 'PUBLIC KEY':
if (!ndata) {
ndata = asn1.PublicKey.decode(data,'der')
}
subtype = ndata.algorithm.algorithm.join('.')
switch (subtype) {
case '1.2.840.113549.1.1.1':
return asn1.RSAPublicKey.decode(ndata.subjectPublicKey.data,'der')
case '1.2.840.10045.2.1':
ndata.subjectPrivateKey = ndata.subjectPublicKey
return {
type: 'ec',data: ndata
}
case '1.2.840.10040.4.1':
ndata.algorithm.params.pub_key = asn1.DSAparam.decode(ndata.subjectPublicKey.data,'der')
return {
type: 'dsa',data: ndata.algorithm.params
}
default: throw new Error('unkNown key id ' + subtype)
}
// throw new Error('unkNown key type ' + type)
case 'ENCRYPTED PRIVATE KEY':
data = asn1.EncryptedPrivateKey.decode(data,'der')
data = decrypt(data,password)
// falls through
case 'PRIVATE KEY':
ndata = asn1.PrivateKey.decode(data,'der')
subtype = ndata.algorithm.algorithm.join('.')
switch (subtype) {
case '1.2.840.113549.1.1.1':
return asn1.RSAPrivateKey.decode(ndata.subjectPrivateKey,'der')
case '1.2.840.10045.2.1':
return {
curve: ndata.algorithm.curve,privateKey: asn1.ECPrivateKey.decode(ndata.subjectPrivateKey,'der').privateKey
}
case '1.2.840.10040.4.1':
ndata.algorithm.params.priv_key = asn1.DSAparam.decode(ndata.subjectPrivateKey,params: ndata.algorithm.params
}
default: throw new Error('unkNown key id ' + subtype)
}
// throw new Error('unkNown key type ' + type)
case 'RSA PUBLIC KEY':
return asn1.RSAPublicKey.decode(data,'der')
case 'RSA PRIVATE KEY':
return asn1.RSAPrivateKey.decode(data,'der')
case 'DSA PRIVATE KEY':
return {
type: 'dsa',params: asn1.DSAPrivateKey.decode(data,'der')
}
case 'EC PRIVATE KEY':
data = asn1.ECPrivateKey.decode(data,'der')
return {
curve: data.parameters.value,privateKey: data.privateKey
}
default: throw new Error('unkNown key type ' + type)
}
}
parseKeys.signature = asn1.signature
function decrypt (data,password) {
var salt = data.algorithm.decrypt.kde.kdeparams.salt
var iters = parseInt(data.algorithm.decrypt.kde.kdeparams.iters.toString(),10)
var algo = aesid[data.algorithm.decrypt.cipher.algo.join('.')]
var iv = data.algorithm.decrypt.cipher.iv
var cipherText = data.subjectPrivateKey
var keylen = parseInt(algo.split('-')[1],10) / 8
var key = compat.pbkdf2Sync(password,salt,iters,keylen,'sha1')
var cipher = ciphers.createDecipheriv(algo,key,iv)
var out = []
out.push(cipher.update(cipherText))
out.push(cipher.final())
return Buffer.concat(out)
}
编辑-2 fixproc.js
// adapted from https://github.com/apatil/pemstrip
var findProc = /Proc-Type: 4,ENCRYPTED[\n\r]+DEK-Info: AES-((?:128)|(?:192)|(?:256))-CBC,([0-9A-H]+)[\n\r]+([0-9A-z\n\r+/=]+)[\n\r]+/m
var startRegex = /^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----/m
var fullRegex = /^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----([0-9A-z\n\r+/=]+)-----END \1-----$/m
var evp = require('evp_bytestokey')
var ciphers = require('browserify-aes')
var Buffer = require('safe-buffer').Buffer
module.exports = function (okey,password) {
var key = okey.toString()
var match = key.match(findProc)
var decrypted
if (!match) {
var match2 = key.match(fullRegex)
decrypted = Buffer.from(match2[2].replace(/[\r\n]/g,''),'base64') //<=line14
} else {
var suite = 'aes' + match[1]
var iv = Buffer.from(match[2],'hex')
var cipherText = Buffer.from(match[3].replace(/[\r\n]/g,'base64')
var cipherKey = evp(password,iv.slice(0,8),parseInt(match[1],10)).key
var out = []
var cipher = ciphers.createDecipheriv(suite,cipherKey,iv)
out.push(cipher.update(cipherText))
out.push(cipher.final())
decrypted = Buffer.concat(out)
}
var tag = key.match(startRegex)[1]
return {
tag: tag,data: decrypted
}
}
解决方法
尝试将您的私钥散列到 base64 字符串中,然后将散列值放入 env 文件中,并在使用时对其进行解码。这是存储私钥的更安全方式