def authentic_u(json_param): log.d(sys._getframe().f_code.co_name) token = request.headers.get('token', None) device_id = request.headers.get('device-id', None) build_variant = request.headers.get('build-variant', None) real_ip = request.headers.get('X-Real-Ip', None) log.d("device-id: {}, ip: {}, build-variant: {}, token: {}", device_id, real_ip, build_variant, token) log.d("json_param = {}", json_param) key = json_param['key'] encrypt_last_token = json_param['last_token'] last_token = decrypt_aes(key, encrypt_last_token, iv=IV, usebase64=True) log.d( 'upload last token: {}, device-id: {}, ip: {}, build-variant: {}', last_token, device_id, real_ip, build_variant) # U包, 不需要判断 key 与库表中不一样, 而解密后last_token需要与库表中user_token相同 with MysqlPool(WEBUTIL.mysql_config) as p: rows = p.select( 'SELECT token FROM tb_toolkit_token WHERE last_token=%s and is_enable=1', (last_token, )) if not rows: # 验证不通过 log.e('auth_u fail!') return jsonify({"code": '验证失败'}) if len(rows) > 1: log.e('user token duplicate!') row = rows[0] updated_timestamp = datetime.datetime.now().strftime( '%Y-%m-%d %H:%M:%S') # "2017-10-11 00:00:00" ret = p.insert( 'UPDATE tb_toolkit_token SET update_time=%s WHERE last_token=%s', (updated_timestamp, last_token)) user_token = row['token'].encode( 'utf8') # note: 必须转为utf8, 默认是Unicode! 这样才能与java端保持一致! # { # token = Bse64( AES(data=user_token, key=当前客户随机串, initVector=IV) ), # last_token = Bse64( AES(data=last_token, key=当前客户随机串, initVector=IV) ) # } res_token = encrypt_aes(key, user_token, iv=IV, usebase64=True) # new_last_token = calmd5( str(int(time.time())) + MyRandom.randomStr(7) ) new_key = MyRandom.randomStr(10) res_last_token = encrypt_aes(new_key, last_token, iv=IV, usebase64=True) log.d('res_last_token: {}, len: {}', res_last_token, len(res_last_token)) log.d('auth_u success') return jsonify({ "code": '', "key": new_key, "token": res_token, "last_token": res_last_token })
def test_aes_decrypt_from_java(): import binascii # 加密 data = "com/tencent/mm/pluginsdk/ui/chat/ChatFooter$2" key = "password" iv = "robot_wxid" # iv = '\0' * 16 usebase64 = False print 'data: {}, len:{}'.format(data, len(data)) print 'key: {}, len:{}'.format(key, len(key)) print 'iv: {}, len:{}'.format(iv, len(iv)) print 'usebase64:{}'.format(usebase64) encrypt_data = encrypt_aes(key, data, iv=iv, usebase64=usebase64) hex_encrypt_data = (binascii.b2a_hex(encrypt_data)) print "hex encrypt data: %s, len:%s" % (hex_encrypt_data, len(hex_encrypt_data)) b64_encrypt_data = base64.urlsafe_b64encode(encrypt_data) print "b64 encrypt data: %s, len:%s" % (b64_encrypt_data, len(b64_encrypt_data)) # 解密 decrypt_data = decrypt_aes(key, b64_encrypt_data, iv=iv, usebase64=True) print "decrypt data: %s" % (decrypt_data)
def test_aes(): from mybase.myencrypt2 import encrypt_aes, decrypt_aes print 'aes' # 加密 data = "3e4b9a13857e53aa9cbf9e0e9fe38b01" key = "HDEBCSTPQN" # iv = "robot_wxid" iv = '\0' * 16 usebase64 = True print 'data: {}'.format(data) print 'key: {}'.format(key) print 'iv: {}'.format(iv) print 'usebase64: {}'.format(usebase64) encrypt_text = encrypt_aes(key, data, iv=iv, usebase64=usebase64) print "encrypt_text:%s" % (encrypt_text)
def create_token(): log.d(sys._getframe().f_code.co_name) try: source = request.args.get('source', None) if source not in ['qqplugin', 'lynatgz']: return jsonify({"code": '不支持此source值'}) device_id = request.headers.get('device-id', None) build_variant = request.headers.get('build-variant', None) real_ip = request.headers.get('X-Real-Ip', None) log.d("device-id: {}, ip: {}, build-variant: {}", device_id, real_ip, build_variant) token = hashlib.md5(str(int(time.time())) + MyRandom.randomStr(7)).hexdigest() md5_token = calmd5(token + TOKEN_SECRET) expires_at = datetime.datetime.now() + datetime.timedelta(days=30) openid = 'production' with MysqlPool(WEBUTIL.mysql_config) as p: ret = p.insert( 'INSERT INTO tb_toolkit_token(openid, token, md5_token, expires_at, source) VALUES (%s, %s, %s, %s, %s)', (openid, token, md5_token, expires_at, source)) if not ret: # 记录不变, 需谨慎处理! log.e( 'not insert tb_toolkit_token record, openid: {}, ret: {}', openid, ret) return jsonify({"code": '系统错误'}) log.i( 'insert tb_toolkit_token success, openid: {}, token: {}, md5_token: {}, ret: {}', openid, token, md5_token, ret) # 返回加密后token new_key = MyRandom.randomStr(10) res_token = encrypt_aes(new_key, token, iv='xiaobaizhushou', usebase64=True) log.d('res_token: {}, len: {}', res_token, len(res_token)) return jsonify({ "code": '', "key": new_key, "token": res_token, "md5_token": md5_token }) except: log.e(traceback.format_exc()) return jsonify({"code": '系统错误'})
def authentic_i(json_param): log.d(sys._getframe().f_code.co_name) token = request.headers.get('token', None) device_id = request.headers.get('device-id', None) build_variant = request.headers.get('build-variant', None) real_ip = request.headers.get('X-Real-Ip', None) log.d("device-id: {}, ip: {}, build-variant: {}, token: {}", device_id, real_ip, build_variant, token) log.d("json_param = {}", json_param) key = json_param['key'] encrypt_last_token = json_param['last_token'] last_token = decrypt_aes(key, encrypt_last_token, iv=IV, usebase64=True) # I包, 不需要判断 key 与库表中不一样, 而解密后last_token需要与库表中user_token相同 with MysqlPool(WEBUTIL.mysql_config) as p: rows = p.select( 'SELECT token FROM tb_toolkit_token WHERE token=%s and is_enable=1', (last_token, )) if not rows: # 验证不通过 log.w('auth_i fail, device-id: {}, ip: {}, build-variant: {}', device_id, real_ip, build_variant) return jsonify({"code": '验证失败'}) if len(rows) > 1: log.e('user token duplicate!') row = rows[0] user_token = row['token'].encode( 'utf8') # note: 必须转为utf8, 默认是Unicode! 这样才能与java端保持一致! # { # token = Bse64( AES(data=user_token, key=当前客户随机串, initVector=IV) ), # last_token = Bse64( AES(data=new_last_token, key=当前客户随机串, initVector=IV) ) # } # 1. res_token = encrypt_aes(key, user_token, iv=IV) log.d('user_token: {}, len: {}, type: {}', user_token, len(user_token), type(user_token)) log.d('key: {}', key) log.d('res_token: {}, len: {}, type: {}', repr(res_token), len(res_token), type(res_token)) log.d('raw res_token: {}', binascii.b2a_hex(res_token)) res_token = base64.urlsafe_b64encode(res_token) log.d('base64 res_token: {}, len: {}', res_token, len(res_token)) # 2. new_key = MyRandom.randomStr(10) new_last_token = calmd5( str(int(time.time())) + MyRandom.randomStr(7)) res_last_token = encrypt_aes(new_key, new_last_token, iv=IV) # log.d( 'new_last_token: {}, len: {}, type: {}', new_last_token, len(new_last_token), type(new_last_token) ) # log.d( 'key: {}', key ) # log.d( 'raw res_last_token: {}, len: {}, type: {}', repr(res_last_token), len(res_last_token), type(res_last_token) ) # log.d( 'raw res_token: {}', binascii.b2a_hex(res_last_token) ) res_last_token = base64.urlsafe_b64encode(res_last_token) log.d('base64 res_last_token: {}, len: {}', res_last_token, len(res_last_token)) log.d('auth_i success, update to new token: {}', new_last_token) # 返回 ret = p.insert( 'UPDATE tb_toolkit_token SET last_token=%s WHERE token=%s', (new_last_token, user_token)) return jsonify({ "code": '', "key": new_key, "token": res_token, "last_token": res_last_token })