©2020-2024 ioDraw All rights reserved,
Privacy Policy
preface :
The new company is a newcomer , Background use is common appId+secret use md5 Verifying the integrity of interface data by signing , Suffering from a mistake from the manager main Methods to test , It's a lot of trouble every time , It's been open recently postman Advanced usage of , I think it's good that the test is successful , Share it here
.
First of all ,Tests Is a script executed after the interface responds , and Pre-Request-Script Is a script executed before an interface request , Pay attention to this .
Then enter postman, Click the button in the upper right corner , You can view the current global variable , That is, global variables , Click this little eye to see the currently saved global variables .
click Globals
Here you can set up some global settings in advance baseUrl,appId,secret Equivariant , In case of direct use later .
Let's get down to business :
Sign in
We need a login interface here account account number +password password , And then what I'm going to do is , Return the login to cflag and jwttoken Deposit postman Local global variables , Then other interfaces need to use these two parameters + Current timestamp and back-end defined secret adopt MD5 Signed and capitalized header Send it to the back end for encryption verification , As I said before ,Tests Is what is triggered after the method is executed , And then I'm going to get it Cookie Content in , Here's the code :
The two ways that I use words to prompt , You can click on the left and the corresponding js code .
because postman Built in a node.js library , So almost all of them js Syntax is supported , Don't worry about running the code , Click on the top left corner View→Show Postman
Console Can pop up log Window debugging code
code :
var cookies = pm.request.headers.get("Cookie");// Get all the data from the return value cookie
console.log(" Return from cookie Get it :"+cookies); var cookiesArr =
cookies.split(";");// Separated into arrays by semicolons console.log(" Separate into arrays :"+cookiesArr); for(var i in
cookiesArr){ let index = cookiesArr[i].indexOf("=");// adopt = The equal sign separates the key value pairs let key =
cookiesArr[i].substring(0,index); let value =
cookiesArr[i].substring(index+1,cookiesArr[i].length);
console.log(" Subscripts that appear :"+index+",key:"+key+",value"+value);
pm.globals.set(key,value);// Save to global variable }
Then run it :
The red boxes in the picture represent the ones I printed console journal , You can see the specific format , The final result is all right cookie All based on key value Global variables are stored .
The next step is how to dynamically obtain the stored global variables , Sign the interface .
call
Here is an example of feedback interface , The description is written in the picture , You can have a look , I post the code under the picture
//var arr = pm.request.body.formdata;// Gets an array of all the parameter key value pairs passed in var arr =
pm.request.body.urlencoded; console.log(" Gets an array of all input parameters :"+arr); if(null!==arr){
var secret = pm.globals.get("secret"); var formData = arr.toString(); var sign
= getSign(formData,secret); pm.globals.set("sign", sign);
pm.globals.set("time",Math.round(new Date())); } //md5
CryptoJS.MD5(str).toString().toUpperCase() function S4() { return (((1 +
Math.random()) * 0x10000) | 0).toString(16).substring(1); } /** * generate 32 position UUID **/
function generateUUID() { return (S4() + S4() + S4() + S4() + S4() + S4() +
S4() + S4()); } /** * Signature method **/ function getSign(params, kAppSecret) { let
content; if (typeof params == "string") { content = params } else if (typeof
params == "object") { var arr = []; for (var i in params) { arr.push(i + "=" +
params[i]); } content = arr.join("&") } var urlStr =
content.split("&").sort().join("&"); var newUrl = urlStr + "&key=" +
kAppSecret; console.log(newUrl); let sign =
CryptoJS.MD5(newUrl).toString().toUpperCase(); return sign.toUpperCase(); }
This is my parameter , Because it's feedback , So there's only one parameter .
Request header :
there jwttoken and cflag After successful login tests Deposited in ,sign and time It was just in the morning pre Will be stored in the ,appId It's a global variable that you set manually at the beginning , This corresponds to the back end ,
Just to emphasize , This method is only our company's interface signature method , You should use it in your own way ; At the same time, I found a small one here bug, I saved it when I first logged in jwttoken and cflg use {
{}} You must add a space in front of it , Otherwise, it will prompt undefind, that is {{ jwttoken}} {{cflag}} This makes me very depressed , I don't know why
The same is true for back-end verification signatures
Click send request , Watch the console print
The back end can also get this data , The backend itself uses the same logic in the background , Get it appId And back office storage secret With parameters md5 Verify and then compare sign The integrity of parameter values can be verified by consistency ,
I was asked here jwttoken and cflg I didn't use it , Why do you send it , Because I don't want to send it , Background authentication uses these two parameters as the basis for login , If you don't send it , You will be prompted that you are not logged in .
ending
That's the end of the article , If you don't understand or have problems, you can leave a message in the comment area , I'll get back to you as soon as I get it , If you think this article is good , Please use your little hands , give the thumbs-up , Comment on this article , Thank you for watching !
Technology