websocket 实现单聊群聊 以及 握手原理+加密方式

WebSocket

  • 开始代码 服务端

群聊

  • # type:WebSocket 给变量标注类型
# websocket   web + socket
from geventwebsocket.server import WSGIServer # 我要WSGI为我提供服务
from geventwebsocket.handler import WebSocketHandler # WSGI 遇到 WS协议的时候,处理方式
from geventwebsocket.websocket import WebSocket # 语法提示

# 基于 Flask + geventwebsocket

from flask import Flask,request,render_template

app = Flask(__name__)

user_socket_list = []

@app.route("/ws")
def my_ws_func():
    # print(dir(request.environ))
    user_socket = request.environ.get("wsgi.websocket")  # type:WebSocket
    user_socket_list.append(user_socket)

    print(user_socket)
    while 1:
        msg = user_socket.receive() # 等待接收客户端发送过来的消息
        for us in user_socket_list:
            if us == user_socket:
                continue
            try:
                us.send(msg)
            except:
                continue

        # print(msg)
        # user_socket.send(msg)

@app.route("/group_p")
def group_p():
    return render_template("group_p.html")


if __name__ == '__main__':
    # app.run()
    http_serv = WSGIServer(("0.0.0.0",8181),application=app,handler_class=WebSocketHandler)
    http_serv.serve_forever()
  • 模板代码: group_p.html
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    <p>发送消息:<input type="text" id="message"><button onclick="send_msg()">发送</button></p>
    <div id="message_list" style="width: 500px">

    </div>
</body>
<script type="text/javascript">
    var ws = new WebSocket("ws://192.168.15.113:9527/ws");
    ws.onmessage = function (event) {
        console.log(event.data);

        var ptag = document.createElement("p");
        ptag.innerText = event.data;

        var divtag = document.getElementById("message_list");
        divtag.appendChild(ptag);
    };

    function send_msg() {
        var msg = document.getElementById("message").value;
        ws.send(msg);
    };

</script>
</html>

实现单聊

服务端:

# websocket
from geventwebsocket.server import WSGIServer # 我要WSGI为我提供服务
from geventwebsocket.handler import WebSocketHandler # WSGI 遇到 WS协议的时候,处理方式
from geventwebsocket.websocket import WebSocket # 语法提示

# 基于 Flask + geventwebsocket

from flask import Flask,request,render_template
import json

app = Flask(__name__)

# user_socket_dict = {"YWB":<geventwebsocket.websocket.WebSocket object at 0x000002699374A730>,
# "JWB":<geventwebsocket.websocket.WebSocket object at 0x000002699374A5F8>}

user_socket_dict = {}

@app.route("/ws/<nickname>")
def my_ws_func(nickname):
    # print(dir(request.environ))
    user_socket = request.environ.get("wsgi.websocket")  # type:WebSocket
    user_socket_dict[nickname] = user_socket
    print(len(user_socket_dict),user_socket_dict)
    # web + socket
    print(user_socket)
    while 1:
        msg = user_socket.receive() # 等待接收客户端发送过来的消息
        print(msg)
        msg = json.loads(msg) # Dict
        """
        {
            to_user:YWB
            from_user:JWB
            message:"你就是一只WB"
        }
        """
        to_user_socket = user_socket_dict.get(msg.get("to_user"))
        msg_json = json.dumps(msg)
        to_user_socket.send(msg_json)

@app.route("/one_p")
def one_p():
    return render_template("one_p.html")


if __name__ == '__main__':
    # app.run()
    http_serv = WSGIServer(("0.0.0.0",9527),application=app,handler_class=WebSocketHandler)
    http_serv.serve_forever()

前端Html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    <p>登录<input type="text" id="nick"><button onclick="login()">登录</button></p>
    <p>给<input type="text" id="to_user"></p>
    <p>发送消息:<input type="text" id="message"><button onclick="send_msg()">发送</button></p>
    <div id="message_list" style="width: 500px">

    </div>
</body>
<script type="text/javascript">
    var ws = null;

    function send_msg() {
        var msg = document.getElementById("message").value;
        var to_user = document.getElementById("to_user").value;
        var nick = document.getElementById("nick").value;
        var msg_obj = {
            to_user:to_user,
            from_user:nick,
            msg:msg
        };
        var msg_json = JSON.stringify(msg_obj);
        ws.send(msg_json);
    };

    function login() {
        var nick = document.getElementById("nick").value;
        ws = new WebSocket("ws://192.168.15.113:9527/ws/"+nick);
        ws.onmessage = function (event) {
            console.log(event.data);
            data_obj = JSON.parse(event.data);
            var ptag = document.createElement("p");
            ptag.innerText = data_obj.from_user + " : " + data_obj.msg;
            var divtag = document.getElementById("message_list");
            divtag.appendChild(ptag);
        };
    }

</script>
</html>

websocket 握手原理

WebSocket 加密解密原理
01111111
10001011
00001011

01111111  == 127
11111111  == 255 
01111111  == 127

00000000
11111111  == 255
11111111 00000011

^:
00000000
11111111
11111111

10101010
01010101
11111111

10101010
10000010
00101000

websocket 握手原理+加密方式

  • value = headers['Sec-WebSocket-Key'] + magic_string
  • base64.b64encode(hashlib.sha1(value.encode('utf-8')).digest())
import socket, base64, hashlib

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(('127.0.0.1', 9527))
sock.listen(5)
# 获取客户端socket对象
conn, address = sock.accept()
# 获取客户端的【握手】信息
data = conn.recv(1024)
print(data)
# 原始的 http 协议
"""
b'GET / HTTP/1.1\r\n
Host: 127.0.0.1:9527\r\n
Connection: keep-alive\r\n
Upgrade-Insecure-Requests: 1\r\n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
Accept-Encoding: gzip, deflate, br\r\n
Accept-Language: zh-CN,zh;q=0.9\r\n
Cookie: #\xef\xbf\xa5%\xe2\x80\xa6\xe2\x80\xa6&*\xef\xbc\x88#E$RTY$%RTY%^Y&U%^&*=14241524-85b8-4ccc-a20f-c5ae68e7a9b6\r\n\r\n
"""

# websocket 协议
"""
b'GET / HTTP/1.1\r\n
Host: 127.0.0.1:9527\r\n
Connection: Upgrade\r\n
Pragma: no-cache\r\n
Cache-Control: no-cache\r\n
Upgrade: websocket\r\n
Origin: http://localhost:63342\r\n
Sec-WebSocket-Version: 13\r\n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36\r\n
Accept-Encoding: gzip, deflate, br\r\n
Accept-Language: zh-CN,zh;q=0.9\r\n
Cookie: #\xef\xbf\xa5%\xe2\x80\xa6\xe2\x80\xa6&*\xef\xbc\x88#E$RTY$%RTY%^Y&U%^&*=14241524-85b8-4ccc-a20f-c5ae68e7a9b6\r\n
Sec-WebSocket-Key: 6wD9eV6CaTkUveZOuKi/kg==\r\n
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits\r\n\r\n'
"""

# magic string为:258EAFA5-E914-47DA-95CA-C5AB0DC85B11
def get_headers(data):
    header_dict = {}
    header_str = data.decode("utf8")
    for i in header_str.split("\r\n"):
        if str(i).startswith("Sec-WebSocket-Key"):
            header_dict["Sec-WebSocket-Key"] = i.split(":")[1].strip()

    return header_dict

# def get_header(data):
#     """
#      将请求头格式化成字典
#      :param data:
#      :return:
#      """
#     header_dict = {}
#     data = str(data, encoding='utf-8')
#
#     header, body = data.split('\r\n\r\n', 1)
#     header_list = header.split('\r\n')
#     for i in range(0, len(header_list)):
#         if i == 0:
#             if len(header_list[i].split(' ')) == 3:
#                 header_dict['method'], header_dict['url'], header_dict['protocol'] = header_list[i].split(' ')
#         else:
#             k, v = header_list[i].split(':', 1)
#             header_dict[k] = v.strip()
#     return header_dict

headers = get_headers(data)  # 提取请求头信息
# 对请求头中的sec-websocket-key进行加密
# M/EoWjDzXy+RqE798wx4WA==
magic_string = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11'

value = headers['Sec-WebSocket-Key'] + magic_string

print(value) # M/EoWjDzXy+RqE798wx4WA==258EAFA5-E914-47DA-95CA-C5AB0DC85B11
ac = base64.b64encode(hashlib.sha1(value.encode('utf-8')).digest())
print(ac) # dp5EfotV/BKd8c58hFUJH3Pc0pk=
response_tpl = "HTTP/1.1 101 Switching Protocols\r\n" \
               "Upgrade:websocket\r\n" \
               "Connection: Upgrade\r\n" \
               "Sec-WebSocket-Accept: %s\r\n" \
               "WebSocket-Location: ws://127.0.0.1:9527\r\n\r\n"

response_str = response_tpl % (ac.decode('utf-8'))
# 响应【握手】信息
conn.send(response_str.encode("utf8"))
#
while True:
    msg = conn.recv(8096)
    print("服务器收到",msg)


加密

import struct
msg_bytes = "先帝创业未半而中道崩殂,今天下三分,益州疲弊,此诚危急存亡之秋也。然侍卫之臣不懈于内,忠志之士忘身于外者,盖追先帝之殊遇,欲报之于陛下也。诚宜开张圣听,以光先帝遗德,恢弘志士之气,不宜妄自菲薄,引喻失义,以塞忠谏之路也。".encode("utf8")
token = b"\x81"
length = len(msg_bytes)

if length <= 254:
    token += struct.pack("B", length)
elif length <= 65535:
    token += struct.pack("!BH", 126, length)
else:
    token += struct.pack("!BQ", 127, length)

msg = token + msg_bytes

print(msg)

解密


hashstr = b'\x81\x95w\xc3z\x8c\x93x\xf0i\xd3j\x9f(\xde%\xca\x18\x92}\xf2h\xcfN\x93\x18\xee'

# hashstr = b'\x81\xfe\x02\xdc]\x9e~:\xb8\x1b\xf6\xdf\xe5\x03\x9b\xb2\xc6z\xc6\xa0\xbb\x02\xd4\xdf\xd0\x14\x96\xba\xd1z\xc6\x97\xb4\x1f\xed\xdf\xe97\x98\x94\xdfq\xc2\xb6\xb9%\xf4\xdf\xf97\x9a\x82\xd6z\xc6\xb3\xb8\x16\xf8\xd5\xe1\x12\x99\xa1\xd7{\xc9\xa4\xba\x08\xcc\xdf\xe1\x14\x91\x86\xd1x\xd3\x9e\xb51\xe4\xdf\xd0/\x98\xba\xf8{\xd3\xa2\xb9$\xdf\xde\xe4\x15\x99\x9d\xd6z\xc7\xa5\xbe\x1e\xfc\xdd\xd9(\x9a\x84\xd0{\xf3\x91\xb9\'\xf5\xd2\xda=\x9a\x82\xd0x\xf9\xb2\xb9$\xf0\xdf\xdb\x1b\x91\x86\xd1{\xc1\x9a\xb8!\xe9\xde\xe4\x15\x9b\x99\xf6{\xc1\xa2\xb5$\xd5\xde\xe7\x10\x9b\x9e\xcbv\xfe\xbf\xb2"\xf2\xdd\xc6\x08\x96\x85\xe0{\xfb\xb2\xb8&\xe3\xde\xe4\x15\x98\x94\xd7w\xff\xbd\xb2"\xf2\xdc\xf1,\x98\xb0\xf8z\xc7\xb1\xb9$\xf0\xd3\xc4\x05\x9a\x82\xd6z\xc7\xa5\xbe\x1e\xfc\xd2\xf2\x04\x9b\x94\xc1{\xc2\xba\xb8"\xde\xdf\xc1=\x9b\xaa\xf1q\xc2\xb6\xb9%\xdb\xdf\xd8\x17\x9b\xbf\xd5{\xc6\xa7\xb4\x1f\xe9\xdf\xe3)\x91\x86\xd1x\xff\x98\xb8"\xe6\xdf\xe2\t\x9b\x99\xf6z\xc7\xb1\xbb.\xea\xd5\xe1\x12\x9a\x82\xd0{\xd0\xa6\xb88\xfa\xd2\xda4\x96\xb5\xefv\xe8\xbe\xb2"\xf2\xdf\xe1\x0b\x9b\xac\xe6{\xda\x8b\xb9\'\xf7\xd5\xe1\x12\x9a\x81\xf8{\xdf\xa4\xb8!\xde\xd2\xed\x11\x9a\x83\xd6v\xc9\x95\xb9\'\xe1\xd9\xdd\x1c\x9b\x94\xf6z\xc6\x97\xb8$\xe2\xde\xe53\x91\x86\xd1z\xc1\x8b\xb9&\xc4\xde\xe5\x1e\x9a\x87\xceq\xc2\xb6\xb4\x07\xe1\xdd\xe0\x04\x96\xbd\xfa{\xee\x9c\xb2"\xf2\xde\xe5\x13\x9b\x94\xc1{\xc2\xb8\xb8\x0e\xf2\xd9\xdd\x1c\x96\xb1\xf8x\xe2\xb3\xb9#\xe2\xdf\xf8&\x99\xb0\xf2y\xd9\xab\xb8\x11\xf4\xde\xe5$\x9b\x85\xfd{\xe8\xbe\xb5\x1e\xfb\xd5\xe1\x12\x9b\x94\xc1z\xc5\xa2\xbb\x02\xf7\xdf\xd2&\x96\x94\xe7{\xfb\x8c\xb8\x16\xef\xd2\xe8\x11\x91\x86\xd1z\xc5\x9f\xbb\x06\xd3\xd3\xc4\x05\x9a\x82\xd6{\xc7\x89\xbb\x06\xf0\xde\xe4\x15\x99\xaa\xdbq\xc2\xb6\xb9&\xf3\xdf\xf3\x02\x9b\xbb\xd2y\xd9\xbb\xb2"\xf2\xde\xe0!\x9b\xbc\xd8{\xda\xac\xb8"\xfc\xdc\xee\x0b\x9a\x83\xc2}\xfe\xb8\xb9 \xf3\xde\xe53\x9d\xba\xdcz\xc0\xb7\xb4\x1d\xf0\xd3\xde3\x98\xae\xe5z\xc7\xb1\xbe\x1e\xff\xd2\xe9\'\x99\x9f\xd3}\xfe\xbb\xb5\x0f\xdd\xdf\xd8\x1f\x99\x97\xd4q\xc2\xb6\xbb3\xda\xdd\xc7\x18\x96\xb3\xf2{\xd0\xa4\xb2"\xf2\xdf\xe2\t\x96\xa3\xcc{\xc1\x9a\xba$\xd1\xd5\xe1\x12\x98\xa2\xf2z\xc5\x9f\xb8\x1b\xf6\xdf\xe5\x03\x99\x94\xddx\xf5\xae\xb9%\xdb\xd3\xdc\t\x97\xa3\xc6z\xc6\xb1\xbe\x1e\xfc\xdc\xd9\x04\x9a\x81\xf8z\xc6\x80\xb80\xd5\xde\xe53\x9a\x83\xd6z\xc4\xb1\xb2"\xf2\xde\xe7\x15\x98\xad\xfd{\xda\x9d\xb8.\xf1\xd5\xe1\x12\x98\xb8\xd4z\xc5\x9f\xb8\x0c\xd6\xde\xe4\x15\x91\x86\xd1y\xfa\x8c\xb8\x0e\xf0\xdc\xcb#\x96\x9b\xd1q\xc2\xb6\xb8!\xfb\xd2\xde#\x96\x99\xf5v\xdf\x9f\xb4\x06\xe7\xdc\xe1\x11\x91\x86\xd1x\xe2\xb3\xbb\x17\xfe\xdf\xe4!\x99\xa1\xd7}\xfe\xb8'

# b'\x81\x8b\xa4\xc4"\xcd\xcc\xa1N\xa1\xcb\xb7Q\xbe\xd7\xb7Q'
# \x8b == 127
# \x8b == 126
# \x8b <= 125
# 将第二个字节也就是 \x83 第9-16位 进行与127进行位运算
print(hashstr[1])
payload = hashstr[1] & 127
print(payload)
# hashstr = b'\x81\xfe\x02\xdc]\x9e~:\xb8\x1b\xf6\xdf\xe5\x03\x9b\xb2\xc6z\xc6\xa0\xbb\x02\xd4\xdf\xd0\x14\x96\xba'
if payload == 127:
    extend_payload_len = hashstr[2:10]
    mask = hashstr[10:14]
    decoded = hashstr[14:]
# 当位运算结果等于127时,则第3-10个字节为数据长度 # \x02\xdc]\x9e~:\xb8\x1b\xf6\xdf\xe5
# 第11-14字节为mask 解密所需字符串 # \x03\x9b\xb2\xc6z
# 则数据为第15字节至结尾

if payload == 126:
    extend_payload_len = hashstr[2:4]
    mask = hashstr[4:8]
    decoded = hashstr[8:]


# print(hashstr[1])
# payload = hashstr[1] & 127
# print(payload)
# 当位运算结果等于126时,则第3-4个字节为数据长度 # 65535
# 第5-8字节为mask 解密所需字符串 # \x9e~:\xb8\x1b\xf6
# 则数据为第9字节至结尾

if payload <= 125:
    extend_payload_len = None
    mask = hashstr[2:6]
    decoded = hashstr[6:]

# b'\x81\x8b\xa4\xc4"\xcd\xcc\xa1N\xa1\xcb\xb7Q\xbe\xd7\xb7Q'

# 当位运算结果小于等于125时,则这个数字就是数据的长度 # \x8b
# 第3-6字节为mask 解密所需字符串 # \xa4\xc4"\xcd\xcc
# 则数据为第7字节至结尾 # \xa1N\xa1\xcb\xb7Q\xbe\xd7\xb7Q
#
str_byte = bytearray()

for i in range(len(decoded)):
    # 0 = \xa1N ^ \xa4
    # 1 = \xa1 ^ \xc4  1 % 4
    # 2 = \xcb ^ \xcd  2 % 4 mask = [0-3]
    byte = decoded[i] ^ mask[i % 4]
    str_byte.append(byte)

print(str_byte.decode("utf8"))
posted @ 2019-04-23 12:52  拐弯  阅读(1728)  评论(0编辑  收藏  举报