API三级验证

装AES API验证模块

python 3.5 pip3 install wheel  进入目录：     pip3 install pycrypto-2.6.1-cp35-none-win32.whl

python 3.6 pip3 install pycryptodome

 

client

import time
import requests
import hashlib

ctime = time.time()
key = "asdfasdfasdfasdf098712sdfs"
new_key = "%s|%s" %(key,ctime,)
m = hashlib.md5()
m.update(bytes(new_key,encoding='utf-8'))
md5_key = m.hexdigest()
md5_time_key = "%s|%s" %(md5_key,ctime)

response = requests.get("http://127.0.0.1:8000/api/asset.html",headers={'OpenKey':md5_time_key})
print(response.text)

 

 

server

import time
from django.shortcuts import render,HttpResponse
from repository import models
from django.conf import settings
# redis/Memcache   缓存工具
api_key_record = {
    # "1b96b89695f52ec9de8292a5a7945e38|1501472467.4977243":1501472477.4977243
}
def asset(request):
    client_md5_time_key = request.META.get('HTTP_OPENKEY')
    client_md5_key,client_ctime =  client_md5_time_key.split('|')
    client_ctime = float(client_ctime)
    server_time = time.time()
    # 第一关
    if server_time-client_ctime > 10:
        return HttpResponse('【第一关】小伙子，别唬我，太长了')
    # 第二关
    temp = "%s|%s" %(settings.AUTH_KEY,client_ctime,)
    m = hashlib.md5()
    m.update(bytes(temp,encoding='utf-8'))
    server_md5_key = m.hexdigest()
    if server_md5_key != client_md5_key:
        return HttpResponse('【第二关】小子，你是不是修改时间了')
    for k in list(api_key_record.keys()):
        v = api_key_record[k]
        if server_time > v:
            del api_key_record[k]
    # 第三关:
    if client_md5_time_key in api_key_record:
        return HttpResponse('【第三关】有人已经来过了...')
    else:
        api_key_record[client_md5_time_key] = client_ctime + 10    
        return HttpResponse('认证成功')