最新消息:20210816 当前crifan.com域名已被污染,为防止失联,请关注(页面右下角的)公众号

【未解决】分析mp.codeup.cn中核心参数_timestamp、_nonce、_sign逻辑

timestamp crifan 1144浏览 0评论
折腾:
【未解决】模拟mp.codeup.cn中调用queryAllPageByEbookId.do返回json数据
期间,需要去分析,感觉是此处能请求成功的核心参数:
  • _timestamp
  • _nonce
  • _sign
结果:
_timestamp的:
1583157835
_nonce的:
 491fd5fc-b046-4bd7-870b-ccae94ccc23b
_sign的
47CBFDFACD3E0A0746E2391C7F78AD00
都搜不到。。。
看来是js内部生成的
搜:
queryAllPageByEbookId.do
http://mp.codeup.cn/book/index.js?id=2020218

function fetch(params) {
    var url ='/ebookpageservices/queryAllPageByEbookId.do';
    if(params.data.bookId!=null){
        url='/ebookpageservices/queryAllPageByBookId.do'
    }
  crossDomainPost(PROJECT_NAME_BIZ,url,
    params.data,
    function (json) {
      params.success(json);
    });
}
去搜:PROJECT_NAME_BIZ
能找到:
http://mp.codeup.cn/book/js/ytrequest.js

var PROJECT_NAME_BIZ='biz';
去找:
fetch(
结果一直在搜索,没法结束。
关闭页面,重新调试。
重新调试:
http://mp.codeup.cn/book/sample2.htm?id=52365&shelfId=4824&share_=6765370&sh=sh&vt_=1583111113754&_logined=1
http://mp.codeup.cn/book/index.js?id=2020218
完全下载下载到本地,去看看代码
function fetch(params) {
    var url ='/ebookpageservices/queryAllPageByEbookId.do';
    if(params.data.bookId!=null){
        url='/ebookpageservices/queryAllPageByBookId.do'
    }
  crossDomainPost(PROJECT_NAME_BIZ,url,
    params.data,
    function (json) {
      params.success(json);
    });
}
找到当前文件中被调用的地方:

function initData(id,bookId) {
  queryAllPages(id,bookId);
}


function queryAllPages(id,bookId) {
  fetch({
    data: { 'bookId':bookId,'ebookId': id,'edit':editor},
    success: function (res) {
      var pageList = res.data.data;
      var onlineStatus = res.data.onlineStatus;
      ebookConf = res.data.ebookConf;
      allPages = res.data.data;
      window.title=res.data.bookName;
        if(editor!=1 && onlineStatus == 0){
            $('.unauthorized-warp').css('display', 'flex');
            $('.unauthorized-tip1').html('电子样书暂时下架,请上架后再来哦');
            $('.unauthorized-tip1+a').attr('href', HOST.replace('mp','www'));
            $('.ebook-spin').css({"display":"none"});
            return;
        }
      if(ebookConf.formId){
        $('.userFeedback').show();
        queryFormModules(ebookConf.formId);
      }
      if(pageList.length) {
        initFilpbook(pageList, ebookConf || {})
        ;
        setShareData(ebookConf.ebookId ,bookId, res.data.thumbnails);
      } else {
        $('.unauthorized-warp').css('display', 'flex');
        $('.unauthorized-tip1+a').attr('href', HOST.replace('mp','www'));
          $('.ebook-spin').css({"display":"none"});
      }
        $('.opts .preview .preview-hover-wrap img').attr('src', HOST+'/qrService/genCommonQr.do?v=2&size=256&qrText='+HOST+'/book/sample2.htm?id='+ebookConf.ebookId);
    }
  })
}

var flipBookW, flipBookH;
window.onload = function () {
  var Request=new Object();
  Request=GetRequest();
  var bookId=Request['bookId'];
  editor=Request['edit'];
  var id=Request['id'];
  var bookshelfId=Request['shelfId'];
  var bookMallId=Request['mallId'];


  initData(id,bookId);
  // getLoginQr();
。。。
所以是:
window的onload -> initData -> queryAllPages -> fetch
然后发现
Request=GetRequest();
也是当前文件,且是从输入中分析要的值:
function GetRequest(){
  var url = location.search;//获取url中?后的字串
  var theRequest = new Object();
  if(url.indexOf("?") != -1){
    var str = url.substr(1),//抽取从 start 下标开始的指定数目的字符
        strs = str.split("&");
      for(var i = 0; i < strs.length; i++){
        theRequest[strs[i].split("=")[0]] = unescape(strs[i].split("=")[1]);
      }
  }
  return theRequest;
}
此处先去自己从url
http://mp.codeup.cn/book/sample2.htm?id=52365&shelfId=4824&share_=6765370&sh=sh&vt_=1583111113754&_logined=1
分出:
id = 52365
shelfId = 4824
share_ = 6765370
sh = sh
vt_ = 1583111113754
_logined = 1
->
id = 52365
此处没有bookId
发现不影响,核心是id,即bookId
然后主要是:
分析crossDomainPost,搞清楚sign等参数的逻辑
此处没有crossDomainPost的定义。
去找:
下载下来
http://mp.codeup.cn/book/js/ytrequest.js
拷贝出代码:
function crossDomainPost(projectName,api,data,callback) {
    $.ajax({
        type: "post",
        url: genRequestUrl(HOST,projectName,api),
        data: requestSign(data),
        dataType: "json",
        crossDomain: true,
        //jquery.js
        xhrFields: {
            withCredentials: true
        },
        //zepto.js
        beforeSend: function (xhr, settings) {
           xhr.withCredentials=true;
        },
        success: function (result, status, xhr) {
            if ($.isFunction(callback)) callback(result);
        },
        error: function (xhr, errorType, error) {


        },
        complete: function (xhr, status) {


        }
    })
}
以及:
// ajax封装,请求接口加密
function requestSign(options) {
        // 加入时间戳和uuid参数
        options['_timestamp'] = Date.parse(new Date())/1000;
        options['_nonce'] = requestUuidV4();
        // 生成加密参数
        var hash ='';
        var newKeys = Object.keys(options).sort();
        for (var i = 0; i < newKeys.length; i++) {
            var key=newKeys[i];
            var val=options[key];
            hash+=( val=== null || val=== undefined)? '' : (val + '')+key+ '';
        }
        options['_sign'] =hex_md5(hash).toUpperCase();
    return options;
}
// 生成uuid
function requestUuidV4() {
    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
        var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
        return v.toString(16);
    });
}
TODO:
看来是都有源码,剩下就是:
有空,需要时,再去转换成python代码
暂时不需要。

转载请注明:在路上 » 【未解决】分析mp.codeup.cn中核心参数_timestamp、_nonce、_sign逻辑

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
87 queries in 0.188 seconds, using 21.96MB memory