def authentic_u(json_param):
log.d(sys._getframe().f_code.co_name)
token = request.headers.get('token', None)
device_id = request.headers.get('device-id', None)
build_variant = request.headers.get('build-variant', None)
real_ip = request.headers.get('X-Real-Ip', None)
log.d("device-id: {}, ip: {}, build-variant: {}, token: {}", device_id,
real_ip, build_variant, token)
log.d("json_param = {}", json_param)
key = json_param['key']
encrypt_last_token = json_param['last_token']
last_token = decrypt_aes(key,
encrypt_last_token,
iv=IV,
usebase64=True)
log.d(
'upload last token: {}, device-id: {}, ip: {}, build-variant: {}',
last_token, device_id, real_ip, build_variant)
# U包, 不需要判断 key 与库表中不一样, 而解密后last_token需要与库表中user_token相同
with MysqlPool(WEBUTIL.mysql_config) as p:
rows = p.select(
'SELECT token FROM tb_toolkit_token WHERE last_token=%s and is_enable=1',
(last_token, ))
if not rows:
# 验证不通过
log.e('auth_u fail!')
return jsonify({"code": '验证失败'})
if len(rows) > 1:
log.e('user token duplicate!')
row = rows[0]
updated_timestamp = datetime.datetime.now().strftime(
'%Y-%m-%d %H:%M:%S') # "2017-10-11 00:00:00"
ret = p.insert(
'UPDATE tb_toolkit_token SET update_time=%s WHERE last_token=%s',
(updated_timestamp, last_token))
user_token = row['token'].encode(
'utf8') # note: 必须转为utf8, 默认是Unicode! 这样才能与java端保持一致!
# {
# token = Bse64( AES(data=user_token, key=当前客户随机串, initVector=IV) ),
# last_token = Bse64( AES(data=last_token, key=当前客户随机串, initVector=IV) )
# }
res_token = encrypt_aes(key, user_token, iv=IV, usebase64=True)
# new_last_token = calmd5( str(int(time.time())) + MyRandom.randomStr(7) )
new_key = MyRandom.randomStr(10)
res_last_token = encrypt_aes(new_key,
last_token,
iv=IV,
usebase64=True)
log.d('res_last_token: {}, len: {}', res_last_token,
len(res_last_token))
log.d('auth_u success')
return jsonify({
"code": '',
"key": new_key,
"token": res_token,
"last_token": res_last_token
})
def test_aes_decrypt_from_java():
import binascii
# 加密
data = "com/tencent/mm/pluginsdk/ui/chat/ChatFooter$2"
key = "password"
iv = "robot_wxid"
# iv = '\0' * 16
usebase64 = False
print 'data: {}, len:{}'.format(data, len(data))
print 'key: {}, len:{}'.format(key, len(key))
print 'iv: {}, len:{}'.format(iv, len(iv))
print 'usebase64:{}'.format(usebase64)
encrypt_data = encrypt_aes(key, data, iv=iv, usebase64=usebase64)
hex_encrypt_data = (binascii.b2a_hex(encrypt_data))
print "hex encrypt data: %s, len:%s" % (hex_encrypt_data,
len(hex_encrypt_data))
b64_encrypt_data = base64.urlsafe_b64encode(encrypt_data)
print "b64 encrypt data: %s, len:%s" % (b64_encrypt_data,
len(b64_encrypt_data))
# 解密
decrypt_data = decrypt_aes(key,
b64_encrypt_data,
iv=iv,
usebase64=True)
print "decrypt data: %s" % (decrypt_data)
def test_aes():
from mybase.myencrypt2 import encrypt_aes, decrypt_aes
print 'aes'
# 加密
data = "3e4b9a13857e53aa9cbf9e0e9fe38b01"
key = "HDEBCSTPQN"
# iv = "robot_wxid"
iv = '\0' * 16
usebase64 = True
print 'data: {}'.format(data)
print 'key: {}'.format(key)
print 'iv: {}'.format(iv)
print 'usebase64: {}'.format(usebase64)
encrypt_text = encrypt_aes(key, data, iv=iv, usebase64=usebase64)
print "encrypt_text:%s" % (encrypt_text)
def create_token():
log.d(sys._getframe().f_code.co_name)
try:
source = request.args.get('source', None)
if source not in ['qqplugin', 'lynatgz']:
return jsonify({"code": '不支持此source值'})
device_id = request.headers.get('device-id', None)
build_variant = request.headers.get('build-variant', None)
real_ip = request.headers.get('X-Real-Ip', None)
log.d("device-id: {}, ip: {}, build-variant: {}", device_id, real_ip,
build_variant)
token = hashlib.md5(str(int(time.time())) +
MyRandom.randomStr(7)).hexdigest()
md5_token = calmd5(token + TOKEN_SECRET)
expires_at = datetime.datetime.now() + datetime.timedelta(days=30)
openid = 'production'
with MysqlPool(WEBUTIL.mysql_config) as p:
ret = p.insert(
'INSERT INTO tb_toolkit_token(openid, token, md5_token, expires_at, source) VALUES (%s, %s, %s, %s, %s)',
(openid, token, md5_token, expires_at, source))
if not ret:
# 记录不变, 需谨慎处理!
log.e(
'not insert tb_toolkit_token record, openid: {}, ret: {}',
openid, ret)
return jsonify({"code": '系统错误'})
log.i(
'insert tb_toolkit_token success, openid: {}, token: {}, md5_token: {}, ret: {}',
openid, token, md5_token, ret)
# 返回加密后token
new_key = MyRandom.randomStr(10)
res_token = encrypt_aes(new_key,
token,
iv='xiaobaizhushou',
usebase64=True)
log.d('res_token: {}, len: {}', res_token, len(res_token))
return jsonify({
"code": '',
"key": new_key,
"token": res_token,
"md5_token": md5_token
})
except:
log.e(traceback.format_exc())
return jsonify({"code": '系统错误'})
def authentic_i(json_param):
log.d(sys._getframe().f_code.co_name)
token = request.headers.get('token', None)
device_id = request.headers.get('device-id', None)
build_variant = request.headers.get('build-variant', None)
real_ip = request.headers.get('X-Real-Ip', None)
log.d("device-id: {}, ip: {}, build-variant: {}, token: {}", device_id,
real_ip, build_variant, token)
log.d("json_param = {}", json_param)
key = json_param['key']
encrypt_last_token = json_param['last_token']
last_token = decrypt_aes(key,
encrypt_last_token,
iv=IV,
usebase64=True)
# I包, 不需要判断 key 与库表中不一样, 而解密后last_token需要与库表中user_token相同
with MysqlPool(WEBUTIL.mysql_config) as p:
rows = p.select(
'SELECT token FROM tb_toolkit_token WHERE token=%s and is_enable=1',
(last_token, ))
if not rows:
# 验证不通过
log.w('auth_i fail, device-id: {}, ip: {}, build-variant: {}',
device_id, real_ip, build_variant)
return jsonify({"code": '验证失败'})
if len(rows) > 1:
log.e('user token duplicate!')
row = rows[0]
user_token = row['token'].encode(
'utf8') # note: 必须转为utf8, 默认是Unicode! 这样才能与java端保持一致!
# {
# token = Bse64( AES(data=user_token, key=当前客户随机串, initVector=IV) ),
# last_token = Bse64( AES(data=new_last_token, key=当前客户随机串, initVector=IV) )
# }
# 1.
res_token = encrypt_aes(key, user_token, iv=IV)
log.d('user_token: {}, len: {}, type: {}', user_token,
len(user_token), type(user_token))
log.d('key: {}', key)
log.d('res_token: {}, len: {}, type: {}', repr(res_token),
len(res_token), type(res_token))
log.d('raw res_token: {}', binascii.b2a_hex(res_token))
res_token = base64.urlsafe_b64encode(res_token)
log.d('base64 res_token: {}, len: {}', res_token, len(res_token))
# 2.
new_key = MyRandom.randomStr(10)
new_last_token = calmd5(
str(int(time.time())) + MyRandom.randomStr(7))
res_last_token = encrypt_aes(new_key, new_last_token, iv=IV)
# log.d( 'new_last_token: {}, len: {}, type: {}', new_last_token, len(new_last_token), type(new_last_token) )
# log.d( 'key: {}', key )
# log.d( 'raw res_last_token: {}, len: {}, type: {}', repr(res_last_token), len(res_last_token), type(res_last_token) )
# log.d( 'raw res_token: {}', binascii.b2a_hex(res_last_token) )
res_last_token = base64.urlsafe_b64encode(res_last_token)
log.d('base64 res_last_token: {}, len: {}', res_last_token,
len(res_last_token))
log.d('auth_i success, update to new token: {}', new_last_token)
# 返回
ret = p.insert(
'UPDATE tb_toolkit_token SET last_token=%s WHERE token=%s',
(new_last_token, user_token))
return jsonify({
"code": '',
"key": new_key,
"token": res_token,
"last_token": res_last_token
})