Skip to content
This repository has been archived by the owner on Aug 14, 2024. It is now read-only.

报告问题:接口现已加签验证 #3

Open
YuxiangWang0525 opened this issue Apr 22, 2024 · 2 comments
Open

报告问题:接口现已加签验证 #3

YuxiangWang0525 opened this issue Apr 22, 2024 · 2 comments

Comments

@YuxiangWang0525
Copy link

本地抓包测试:

Request Head:

GET /api/v1/user?id=164557 HTTP/1.1
cred: Wcmn*****************************Yf
platform: 1
dId: 29fde8ff236bcf7c
language: zh-cn
os: 29
nId: 1
vName: 1.9.0
vCode: 100900069
User-Agent: Skland/1.9.0 (com.hypergryph.skland; build:100900069; Android 29; ) Okhttp/4.11.0
manufacturer: HUAWEI
Content-Type: application/json
timestamp: 1713786249
sign: 0dde00a522d66c57f23333ec4e8b158d
xsm: BBkUqN1sXu72xHIwi5rrLtBfLHpfH9h/U/n9mhWrfMdnmicuk3uih90wUJDrTS2NvMwdXRC5s6ikKXOowDEx9HQ==
sentry-trace: 926477fe463948cb86c53e0e1fd853b6-b046e2bb66f44d68
ali_sign_whash: 2d42fb573546e3fd541fc0d8e90782d2bf5935919e1d8765361197f1ea48c8c0
wToken: 0003_8F059EE06331B8761595B77BCB763B74E8EB118CE414CF7D86F1408016467989237AF780EE2AE87CF10CFE802010A5843CC5DC7FFE51h9u4xZFpndo5Mggw29QRdKi36XcRACqIYqYpBM5uW4GP654gWqKtRkn4Wc32xZd6k+vde6kzhEW56+Z4d6BDCIBun90GwirEY5hvGmY47hOxi83RFJ6dF7nMX9fB0VQEw1lRjq+ouRtocmzvQNTMa6NIed6hsWHE2ZpxeYO8eJWcP5KwFLDJVX/RNtkohAVyThKANmrEIlWP6FTYqHHEsXCKEAJyHBKXnl9VX3wsqKQaDSvKL5ZC+ZulUrWk/gs+UDYL5bRflShW/t+f+bewg1kNs1kIFWxHI9AFEHwPynpMBVcAXhwW2dJ3NqDEdM***********************************************************************************************************************************************************************************************
sentry-trace: 926477fe463948cb86c53e0e1fd853b6-b046e2bb66f44d68
baggage: sentry-environment=production,sentry-public_key=40023c3ccb434161b0fd69551a49b532,sentry-release=release-android%400.1.0,sentry-trace_id=926477fe463948cb86c53e0e1fd853b6
Host: zonai.skland.com
Connection: Keep-Alive
Accept-Encoding: gzip
Cookie: acw_tc*****************************************377967f0e8bed5ca
@YuxiangWang0525
Copy link
Author

已知不加签一定会请求异常,所以现在API都炸了

@YuxiangWang0525
Copy link
Author

YuxiangWang0525 commented Apr 22, 2024
edited
Loading

GET请求可参考此代码加签:

<?php
// 获取URL参数
$url =$_GET['url'];
$token =$_GET['token'];

// 获取当前时间戳
$timestamp = time();

// 保留接口地址
$parsedUrl = parse_url($url);
$query = '';
if (isset($parsedUrl['query'])) {
    $query = '?' .$parsedUrl['query'];
}
$endpoint =$parsedUrl['path'] . $query;

// 拼接字符串
$stringToSign =$parsedUrl['path'] . $parsedUrl['query'] . $timestamp . '{"platform":"1","timestamp":"' .$timestamp . '","dId":"29fde8ff236bcf7c","vName":"1.9.0"}';
// HMAC-SHA256加密
$hmacSha256 = hash_hmac('sha256',$stringToSign, $token);

// MD5加密
$signature = md5($hmacSha256);

// 返回JSON结果
echo json_encode([
    'string_to_sign' => $stringToSign,
    'signature' => $signature,
    'timestamp' => $timestamp
]);
?>

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@YuxiangWang0525