折腾:
【未解决】模拟mp.codeup.cn中调用queryAllPageByEbookId.do返回json数据
期间,需要去分析,感觉是此处能请求成功的核心参数:
- _timestamp
- _nonce
- _sign
结果:
_timestamp的:
1583157835
_nonce的:
491fd5fc-b046-4bd7-870b-ccae94ccc23b
_sign的
47CBFDFACD3E0A0746E2391C7F78AD00
都搜不到。。。
看来是js内部生成的
搜:
queryAllPageByEbookId.do
1 2 3 4 5 6 7 8 9 10 11 12 13 | http://mp.codeup.cn/book/index.js?id=2020218function fetch(params) { var url ='/ebookpageservices/queryAllPageByEbookId.do'; if(params.data.bookId!=null){ url='/ebookpageservices/queryAllPageByBookId.do' } crossDomainPost(PROJECT_NAME_BIZ,url, params.data, function (json) { params.success(json); });} |
去搜:PROJECT_NAME_BIZ
能找到:
1 2 3 | http://mp.codeup.cn/book/js/ytrequest.jsvar PROJECT_NAME_BIZ='biz'; |
去找:
fetch(
结果一直在搜索,没法结束。
关闭页面,重新调试。
重新调试:
把
完全下载下载到本地,去看看代码
1 2 3 4 5 6 7 8 9 10 11 | function fetch(params) { var url ='/ebookpageservices/queryAllPageByEbookId.do'; if(params.data.bookId!=null){ url='/ebookpageservices/queryAllPageByBookId.do' } crossDomainPost(PROJECT_NAME_BIZ,url, params.data, function (json) { params.success(json); });} |
找到当前文件中被调用的地方:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | function initData(id,bookId) { queryAllPages(id,bookId);}function queryAllPages(id,bookId) { fetch({ data: { 'bookId':bookId,'ebookId': id,'edit':editor}, success: function (res) { var pageList = res.data.data; var onlineStatus = res.data.onlineStatus; ebookConf = res.data.ebookConf; allPages = res.data.data; window.title=res.data.bookName; if(editor!=1 && onlineStatus == 0){ $('.unauthorized-warp').css('display', 'flex'); $('.unauthorized-tip1').html('电子样书暂时下架,请上架后再来哦'); $('.unauthorized-tip1+a').attr('href', HOST.replace('mp','www')); $('.ebook-spin').css({"display":"none"}); return; } if(ebookConf.formId){ $('.userFeedback').show(); queryFormModules(ebookConf.formId); } if(pageList.length) { initFilpbook(pageList, ebookConf || {}) ; setShareData(ebookConf.ebookId ,bookId, res.data.thumbnails); } else { $('.unauthorized-warp').css('display', 'flex'); $('.unauthorized-tip1+a').attr('href', HOST.replace('mp','www')); $('.ebook-spin').css({"display":"none"}); } $('.opts .preview .preview-hover-wrap img').attr('src', HOST+'/qrService/genCommonQr.do?v=2&size=256&qrText='+HOST+'/book/sample2.htm?id='+ebookConf.ebookId); } })}var flipBookW, flipBookH;window.onload = function () { var Request=new Object(); Request=GetRequest(); var bookId=Request['bookId']; editor=Request['edit']; var id=Request['id']; var bookshelfId=Request['shelfId']; var bookMallId=Request['mallId']; initData(id,bookId); // getLoginQr();。。。 |
所以是:
window的onload -> initData -> queryAllPages -> fetch
然后发现
Request=GetRequest();
也是当前文件,且是从输入中分析要的值:
1 2 3 4 5 6 7 8 9 10 11 12 | function GetRequest(){ var url = location.search;//获取url中?后的字串 var theRequest = new Object(); if(url.indexOf("?") != -1){ var str = url.substr(1),//抽取从 start 下标开始的指定数目的字符 strs = str.split("&"); for(var i = 0; i < strs.length; i++){ theRequest[strs[i].split("=")[0]] = unescape(strs[i].split("=")[1]); } } return theRequest;} |
此处先去自己从url
1 | http://mp.codeup.cn/book/sample2.htm?id=52365&shelfId=4824&share_=6765370&sh=sh&vt_=1583111113754&_logined=1 |
分出:
1 2 3 4 5 6 | id = 52365shelfId = 4824share_ = 6765370sh = shvt_ = 1583111113754_logined = 1 |
->
id = 52365
此处没有bookId
发现不影响,核心是id,即bookId
然后主要是:
分析crossDomainPost,搞清楚sign等参数的逻辑
此处没有crossDomainPost的定义。
去找:
下载下来
拷贝出代码:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | function crossDomainPost(projectName,api,data,callback) { $.ajax({ type: "post", url: genRequestUrl(HOST,projectName,api), data: requestSign(data), dataType: "json", crossDomain: true, //jquery.js xhrFields: { withCredentials: true }, //zepto.js beforeSend: function (xhr, settings) { xhr.withCredentials=true; }, success: function (result, status, xhr) { if ($.isFunction(callback)) callback(result); }, error: function (xhr, errorType, error) { }, complete: function (xhr, status) { } })} |
以及:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | // ajax封装,请求接口加密function requestSign(options) { // 加入时间戳和uuid参数 options['_timestamp'] = Date.parse(new Date())/1000; options['_nonce'] = requestUuidV4(); // 生成加密参数 var hash =''; var newKeys = Object.keys(options).sort(); for (var i = 0; i < newKeys.length; i++) { var key=newKeys[i]; var val=options[key]; hash+=( val=== null || val=== undefined)? '' : (val + '')+key+ ''; } options['_sign'] =hex_md5(hash).toUpperCase(); return options;}// 生成uuidfunction requestUuidV4() { return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) { var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8); return v.toString(16); });} |
TODO:
看来是都有源码,剩下就是:
有空,需要时,再去转换成python代码
暂时不需要。
转载请注明:在路上 » 【未解决】分析mp.codeup.cn中核心参数_timestamp、_nonce、_sign逻辑