api的验证与数据加密
api验证
客户端
from Crypto.Cipher import AES
from lib.conf.config import settings
def auth(): """ API验证 :return: """ import time import requests import hashlib ctime = time.time() key = settings.AUTH_KEY #这是在settings里的一个固定KEY值 new_key = "%s|%s" %(key,ctime,) m = hashlib.md5() m.update(bytes(new_key,encoding='utf-8')) #里面是字节数据 md5_key = m.hexdigest() #返回值是字符窜类型 md5_time_key = "%s|%s" %(md5_key,ctime) return md5_time_key
服务端,已做成装饰器
def api_auth(func): """ 验证API :param func: :return: """ def inner(request,*args,**kwargs): client_md5_time_key = request.META.get("HTTP_OPENKEY") client_md5_key, client_ctime = client_md5_time_key.split("|") client_ctime = float(client_ctime) server_time = time.time() if server_time - client_ctime > 10: return HttpResponse("【第一关】小伙子,别唬我,时间太长了") temp = "%s|%s" % (settings.AUTH_KEY, client_ctime,) #这是settings的固定KEY值 m = hashlib.md5() m.update(bytes(temp, encoding='utf-8')) server_md5_key = m.hexdigest() if server_md5_key != client_md5_key: return HttpResponse('【第二关】小子,你是不是修改时间了') for k in list(api_key_record.keys()): v = api_key_record[k] if server_time > v: del api_key_record[k] if client_md5_time_key in api_key_record: return HttpResponse('【第三关】有人已经来过了...') else: api_key_record[client_md5_time_key] = client_ctime + 10 if server_md5_key != client_md5_key: return HttpResponse('认证失败...') return func(request,*args,**kwargs) return inner
数据加密
def encrypt(message): """ 数据加密 :param message: :return: """ key = settings.DATA_KEY cipher = AES.new(key, AES.MODE_CBC, key) ba_data = bytearray(message,encoding='utf-8') v1 = len(ba_data) v2 = v1 % 16 if v2 == 0: v3 = 16 else: v3 = 16 - v2 for i in range(v3): ba_data.append(v3) final_data = ba_data.decode('utf-8') msg = cipher.encrypt(final_data) # 要加密的字符串,必须是16个字节或16个字节的倍数 return msg def decrypt(msg): """ 数据解密 :param message: :return: """ from Crypto.Cipher import AES key = settings.DATA_KEY cipher = AES.new(key, AES.MODE_CBC, key) result = cipher.decrypt(msg) # result = b'\xe8\xa6\x81\xe5\x8a\xa0\xe5\xaf\x86\xe5\x8a\xa0\xe5\xaf\x86\xe5\x8a\xa0sdfsd\t\t\t\t\t\t\t\t\t' data = result[0:-result[-1]] return str(data,encoding='utf-8')
