"Cannot use import statement outside a module"

hello there, I need help with this issue.

I try to encode somes strings to 3DES with this code:

**// Importing the crypto library**
**import { CryptoJS } from "crypto-js";**

**// Getting the merchant order from the variables**
**const merchantOrder = variables['62eba781-ed3a-4e8b-a551-945a05c31167'];**

**// Defining the key for the 3DES encryption**
**const key = Buffer.from('0123456789abcdef0123456789abcdef0123456789abcdef', 'hex');**

**// Creating a cipher using 3DES**
**const cipher = crypto.createCipheriv('des-ede3', key, '');**

**// Encrypting the merchant order**
**let encrypted = cipher.update(merchantOrder, 'utf8', 'hex');**
**encrypted += cipher.final('hex');**

**// Returning the encrypted merchant order**
**return encrypted;**

and appears this error:

name: “SyntaxError”
stack: “SyntaxError: Cannot use import statement outside a module at executeCode (https://editor-cdn.weweb.io/public/js/index.1cd4c26a.js:1:343503) at bt (https://editor-cdn.weweb.io/public/js/index.1cd4c26a.js:1257:26404) at Proxy.runTest (https://editor-cdn.weweb.io/public/js/index.1cd4c26a.js:1375:243137) at https://editor-cdn.weweb.io/public/js/index.1cd4c26a.js:1375:226515 at https://editor-cdn.weweb.io/public/js/chunk-vendors.dde32e3d.js:1:107458 at a (https://editor-cdn.weweb.io/public/js/chunk-vendors.dde32e3d.js:1:33337) at l (https://editor-cdn.weweb.io/public/js/chunk-vendors.dde32e3d.js:1:33420) at HTMLButtonElement.n (https://editor-cdn.weweb.io/public/js/chunk-vendors.dde32e3d.js:1:94414) at HTMLButtonElement.sentryWrapped (https://browser.sentry-cdn.com/7.45.0/bundle.min.js:2:38971)”
message: “Cannot use import statement outside a module”

What can I do if I can not using “import”

Context:

A specific key is generated per operation. To obtain the derived key to be used in an operation, a 3DES encryption must be performed between the merchant key, which must be previously decoded in BASE 64, and the value of the order number of the operation (Ds_Merchant_Order).

The SHA256 HMAC is calculated from the value of the Ds_MerchantParameters parameter and the key obtained in the previous step.

The result obtained is encoded in BASE 64, and the result of the encoding will be the value of the Ds_Signature parameter.

pls help.

Regards.

Assuming this is in a js action (wich is wrapped in an async function) you can use dynamic imports.

How can I do that? Can you help, my codgin it is not very good…
Dynamic imports can works in the WF weweb´s? because when I try to put the line: import { CryptoJS } from “crypto-js”; the errror appears… thanks

Also double check that this operation is meant to be performed in the browser on in a secure server

I using this code:

// Import the CryptoJS library
import * as CryptoJS from "crypto-js";

// Get the DS_MERCHANT_ORDER value
const DS_MERCHANT_ORDER = variables['62eba781-ed3a-4e8b-a551-945a05c31167'];

// Define a secret key for encryption
const secretKey = "mySecretKey";

// Encrypt the DS_MERCHANT_ORDER value using 3DES
const encrypted = CryptoJS.TripleDES.encrypt(DS_MERCHANT_ORDER, secretKey);

// Convert the encrypted value to a string
const encryptedString = encrypted.toString();

// Return the encrypted string
return encryptedString;

but the error is the same…

because you are not using dynamic imports. It’s explained in the link of my previous post.
There is also the native crypto library from tge browser, you may want ro check how to use it for the logic you need Crypto - Web APIs | MDN. And again double check if you should do this from a secure server instead

hello @dorilama I did this:

I declared a library when the app it is reload by workflow:

if(!window["scp-loading-df872b3d-1155-47c7-b771-6b866a5b9451"]) {
    window["scp-loading-df872b3d-1155-47c7-b771-6b866a5b9451"] = true;
    let doc;
    /* Adding script from https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js */
    doc = document.createElement('script');
    doc.src = 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js';
    document.body.appendChild(doc);
  }

then in a workflow I executed this:

function encrypt(key, message) {
  // Crear el objeto de cifrado
  cipher = CryptoJS.algo.TripleDES(key);

  // Cifrar los datos
  encryptedData = cipher.update(message);

  // Devolver el mensaje cifrado como una cadena de texto hexadecimal
  return encryptedData.toString();
}

// Definir la clave y el mensaje
const key = "62eba781-ed3a-4e8b-a551-945a05c31167";
const message = "Este es un mensaje de ejemplo";

// Cifrar el mensaje
const encryptedData = encrypt(key, message);

// Imprimir el mensaje cifrado
console.log(encryptedData);

but the error appears:

name: "TypeError"
stack: "TypeError: CryptoJS.algo.TripleDES is not a function at encrypt (eval at executeCode (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:365845), :3:26) at eval (eval at executeCode (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:365845), :17:23) at eval (eval at executeCode (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:365845), :21:3) at executeCode (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:365845) at ye (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:434801) at fe (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:433069) at fe (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:433445) at async fe (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:433439) at async fe (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:433439) at async fe (https://editor-cdn.weweb.io/ww_front/public/js/index.784e06f2.js:1:433439)"
message: "CryptoJS.algo.TripleDES is not a function"

what have I done wrong?

hello, continue whit this issue, maybe if I do installe the npm plugin and found the encrypt package, works?

regards.

You can definitely try with the npm plugin.

Hi! I’m on the move, but you are almost there.

First, based on your import code from the State Change Weweb Converter, CryptoJS is available to you from global scope. It’s a commonJS import, which means no need for import statement. Remove that and your first example should work. Note that references to CryptoJS will work only after the import code has run (presumably at page load)

Second, according to the documentation, CryptoJS.algo.TripleDES() is not a thing. Instead, CryptoJS.TripleDES.encrypt(message, passphrase) will do what you want. (Docs here: CryptoJS - CryptoJS)

Let me know if this helps?

Hello @raydeck u right, I fixed the code like u said and the error disappeared!! But, when I executing the WF with this JS code:

const message = "fjer8fu8rejf8rjfr";
const passphrase = "Secret Passphrase";
const encryptedData = CryptoJS.TripleDES.encrypt(message, passphrase);
console.log(encryptedData);

the result is empty or undefined. Do you know what happens? regards!!!

BTW, on the page reload I have a WF with this code, like you said:

  if(!window["scp-loading-df872b3d-1155-47c7-b771-6b866a5b9451"]) {
    window["scp-loading-df872b3d-1155-47c7-b771-6b866a5b9451"] = true;
    let doc;
    /* Adding script from https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js */
    doc = document.createElement('script');
    doc.src = 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js';
    document.body.appendChild(doc);
  }

I’m guessing a little but i suspect you need to replace “console.log(encrypteddata)” with “return encrypteddata.toString()” or something close to it- the crypto is docs will help further.

If this is bugging you after the holiday, consider joining us at State Change! Encryption and low code injection are both very much in the hardest 5% we work on together there.

If you do this operation client-side with js actions in weweb your encryption key will be accessible by anybody. I doubt that the key is public to share, in fact the helper libraries provided by Redsys are all for server-side languages.