2023年12月7日发(作者:)
前端请求参数MD5加密校验,参数串解密
步骤:=》1.请求前对参数进行字典升序排序,排序函数
function objKeySort(obj) {
var newkey = (obj).sort();
//先用Object内置类的keys方法获取要排序对象的属性名,再利用Array原型上的sort方法对获取的属性名进行排序,newkey是一个数组
var newObj = {};//创建一个新的对象,用于存放排好序的键值对
for (var i = 0; i < ; i++) {//遍历newkey数组
newObj[newkey[i]] = obj[newkey[i]];//向新创建的对象中按照排好的顺序依次增加键值对
}
return newObj;//返回排好序的新对象
}
2.排序后对参数进行校验,校验参数涉及签名的请求头=》
oncekey客户端生成临时随机数6-8位字母或数字
timestrtimestr时间戳
signkey请求签名key
wxsmall对随机生成的oncekeyMD5
并将oncekey 与timestr连接进行MD5,获得hash字符串 将hash与datastr连接进行md5,datastr需引用函数objtostring将其转化
为字符串,得到签名signkey,校验签名函数+字符串转化函数objtostring:
function signrequest
(data) {
data = objKeySort(data);//请求参数排序
var staticstr = '';
var timestr = parseInt((new Date()).getTime() / 1000);
var oncekey = parseInt(() * (100000 - 1000 + 1) + 1000, 10);
var wxsmall = md5(oncekey);
("wxsmall:" + wxsmall);
var hash = md5(md5(wxsmall + '' + oncekey));
("hash:" + hash);
var datastr = objtostring(data);
("hash+datastr:" + hash + datastr);
var sign = md5(hash + datastr);
return { "timestr": timestr, "oncekey": oncekey, "wxsmall": wxsmall, "signkey": sign };
}
function objtostring(data) {//Object to String
var str = '';
for (var k in data) {
str += k + '=' + encodeURI(data[k]) + '&';
}
if (str) {
str = ing(str, - 1);
}
return str;
}
3.数据解密规则:
对签名通过后返回的data加密串signdata进行base64解码,得到Base64后的串,Base64解码函数decode=>
function decode(input) {
var output = "";
var chr1, chr2, chr3;
var enc1, enc2, enc3, enc4;
var i = 0;
input = e(/[^A-Za-z0-9+=]/g, "");
while (i < ) {
enc1 = _f((i++));
enc2 = _f((i++));
enc3 = _f((i++));
enc4 = _f((i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;output = output + arCode(chr1);
if (enc3 != 64) {
output = output + arCode(chr2);
}
if (enc4 != 64) {
output = output + arCode(chr3);
}
}
output = _utf8_decode(output);
return output;
}
// private method for UTF-8 decoding
var _utf8_decode = function (utftext) {
var string = "";
var i = 0;
var c = 0,
c1 = 0,
c2 = 0,
c3 = 0;
while (i < ) {
c = deAt(i);
if (c < 128) {
string += arCode(c);
i++;
} else if ((c > 191) && (c < 224)) {
c2 = deAt(i + 1);
string += arCode(((c & 31) << 6) | (c2 & 63));
i += 2;
} else {
c2 = deAt(i + 1);
c3 = deAt(i + 2);
string += arCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));
i += 3;
}
}
return string;
}
截取BASE64串string长度-4后进行MD5,并对MD5后的字符串截取长度15的串,将该串与BASE64串string长度-4后的串进行异或
运算得到解密后的data字符串=>
function responseencode(data, apiSignModel) {//data => encode string
var isencode = 0;
isencode = apiSignModel;
if (!isencode) {
return data;
}
("---callback-----data---encode--->", data);
data = (data);//encodeString
var rand = ing( - 4);
var md = md5(rand);
var p = ing(0, 16);
("data " + data);
("rand " + rand);
data = ing(0, - 4);
data = strox(data, p);
("p " + p);
return data;
}
function strox(str, orstr) {
var result = [];
var len = ;
for (var i = 0; i < ; i++) {
var item = str[i];
var strcode = parseInt(deAt().toString(10));
var orcode = parseInt(orstr[i % len].charCodeAt().toString(10));var rescode = strcode ^ orcode;
var binaryStr = arCode(rescode);
(binaryStr);
}
return ("");
}
简单来说,异或运算函数是将两个参数1和2相加进行异或得到3,再次异或运算后可将3和1进行异或就可以得出异或前的数字2.整体代
码封装一下就是这样:
import md5 from './';
var Base64 = function () {
// private property
var _keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/=";
// public method for decoding
= function (input) {
var output = "";
var chr1, chr2, chr3;
var enc1, enc2, enc3, enc4;
var i = 0;
input = e(/[^A-Za-z0-9+=]/g, "");
while (i < ) {
enc1 = _f((i++));
enc2 = _f((i++));
enc3 = _f((i++));
enc4 = _f((i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
output = output + arCode(chr1);
if (enc3 != 64) {
output = output + arCode(chr2);
}
if (enc4 != 64) {
output = output + arCode(chr3);
}
}
output = _utf8_decode(output);
return output;
}
// private method for UTF-8 decoding
var _utf8_decode = function (utftext) {
var string = "";
var i = 0;
var c = 0,
c1 = 0,
c2 = 0,
c3 = 0;
while (i < ) {
c = deAt(i);
if (c < 128) {
string += arCode(c);
i++;
} else if ((c > 191) && (c < 224)) {
c2 = deAt(i + 1);
string += arCode(((c & 31) << 6) | (c2 & 63));
i += 2;
} else {
c2 = deAt(i + 1);
c3 = deAt(i + 2);
string += arCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));
i += 3;
}
}
return string;
}
}
var Apisecure = function () {
var base64 = new Base64();
function strox(str, orstr) {
var result = [];
var len = ;
for (var i = 0; i < ; i++) {
var item = str[i];
var strcode = parseInt(deAt().toString(10));
var orcode = parseInt(orstr[i % len].charCodeAt().toString(10));
var rescode = strcode ^ orcode;
var binaryStr = arCode(rescode);
(binaryStr);
}
return ("");
}
function objtostring(data) {
var str = '';
for (var k in data) {
str += k + '=' + encodeURI(data[k]) + '&';
}
if (str) {
str = ing(str, - 1);
}
return str;
}
function objKeySort(obj) {//排序的函数
var newkey = (obj).sort();
//先用Object内置类的keys方法获取要排序对象的属性名,再利用Array原型上的sort方法对获取的属性名进行排序,newkey是一个数组
var newObj = {};//创建一个新的对象,用于存放排好序的键值对
for (var i = 0; i < ; i++) {//遍历newkey数组
newObj[newkey[i]] = obj[newkey[i]];//向新创建的对象中按照排好的顺序依次增加键值对
}
return newObj;//返回排好序的新对象
}
quest = function (data) {
data = objKeySort(data);//请求参数排序
var staticstr = '';
var timestr = parseInt((new Date()).getTime() / 1000);
var oncekey = parseInt(() * (100000 - 1000 + 1) + 1000, 10);
var wxsmall = md5(oncekey);
("wxsmall:" + wxsmall);
var hash = md5(md5(wxsmall + '' + oncekey));
("hash:" + hash);
var datastr = objtostring(data);
("hash+datastr:" + hash + datastr);
var sign = md5(hash + datastr);
return { "timestr": timestr, "oncekey": oncekey, "wxsmall": wxsmall, "signkey": sign };
}
seencode = function (data, apiSignModel) {//data => encode string
var isencode = 0;
isencode = apiSignModel;
if (!isencode) {
return data;
}
("---callback-----data---encode--->", data);
data = (data);//encodeString
var rand = ing( - 4);
var md = md5(rand);
var p = ing(0, 16);
("data " + data);
("rand " + rand);
data = ing(0, - 4);
data = strox(data, p);
("p " + p);
return data;
}
}
s = {
Base64,
Apisecure
}
最后附上小程序内封装的微信请求调用方法=>
发布评论