preface :
The new company is a newcomer , Background use is common appId+secret use md5 Verifying the integrity of interface data by signing , Suffering from a mistake from the manager main Methods to test , It's a lot of trouble every time , It's been open recently postman Advanced usage of , I think it's good that the test is successful , Share it here

First of all ,Tests Is a script executed after the interface responds , and Pre-Request-Script Is a script executed before an interface request , Pay attention to this .

Then enter postman, Click the button in the upper right corner , You can view the current global variable , That is, global variables , Click this little eye to see the currently saved global variables .

click Globals

Here you can set up some global settings in advance baseUrl,appId,secret Equivariant , In case of direct use later .

Let's get down to business :

Sign in

We need a login interface here account account number +password password , And then what I'm going to do is , Return the login to cflag and jwttoken Deposit postman Local global variables , Then other interfaces need to use these two parameters + Current timestamp and back-end defined secret adopt MD5 Signed and capitalized header Send it to the back end for encryption verification , As I said before ,Tests Is what is triggered after the method is executed , And then I'm going to get it Cookie Content in , Here's the code :

The two ways that I use words to prompt , You can click on the left and the corresponding js code .

because postman Built in a node.js library , So almost all of them js Syntax is supported , Don't worry about running the code , Click on the top left corner View→Show Postman
Console Can pop up log Window debugging code

code :
var cookies = pm.request.headers.get("Cookie");// Get all the data from the return value cookie
console.log(" Return from cookie Get it :"+cookies); var cookiesArr =
cookies.split(";");// Separated into arrays by semicolons console.log(" Separate into arrays :"+cookiesArr); for(var i in
cookiesArr){ let index = cookiesArr[i].indexOf("=");// adopt = The equal sign separates the key value pairs let key =
cookiesArr[i].substring(0,index); let value =
console.log(" Subscripts that appear :"+index+",key:"+key+",value"+value);
pm.globals.set(key,value);// Save to global variable }
Then run it :

The red boxes in the picture represent the ones I printed console journal , You can see the specific format , The final result is all right cookie All based on key value Global variables are stored .

The next step is how to dynamically obtain the stored global variables , Sign the interface .


Here is an example of feedback interface , The description is written in the picture , You can have a look , I post the code under the picture

//var arr = pm.request.body.formdata;// Gets an array of all the parameter key value pairs passed in var arr =
pm.request.body.urlencoded; console.log(" Gets an array of all input parameters :"+arr); if(null!==arr){
var secret = pm.globals.get("secret"); var formData = arr.toString(); var sign
= getSign(formData,secret); pm.globals.set("sign", sign);
pm.globals.set("time",Math.round(new Date())); } //md5
CryptoJS.MD5(str).toString().toUpperCase() function S4() { return (((1 +
Math.random()) * 0x10000) | 0).toString(16).substring(1); } /** * generate 32 position UUID **/
function generateUUID() { return (S4() + S4() + S4() + S4() + S4() + S4() +
S4() + S4()); } /** * Signature method **/ function getSign(params, kAppSecret) { let
content; if (typeof params == "string") { content = params } else if (typeof
params == "object") { var arr = []; for (var i in params) { arr.push(i + "=" +
params[i]); } content = arr.join("&") } var urlStr =
content.split("&").sort().join("&"); var newUrl = urlStr + "&key=" +
kAppSecret; console.log(newUrl); let sign =
CryptoJS.MD5(newUrl).toString().toUpperCase(); return sign.toUpperCase(); }

This is my parameter , Because it's feedback , So there's only one parameter .

Request header :

there jwttoken and cflag After successful login tests Deposited in ,sign and time It was just in the morning pre Will be stored in the ,appId It's a global variable that you set manually at the beginning , This corresponds to the back end ,
Just to emphasize , This method is only our company's interface signature method , You should use it in your own way ; At the same time, I found a small one here bug, I saved it when I first logged in jwttoken and cflg use {
{}} You must add a space in front of it , Otherwise, it will prompt undefind, that is {{ jwttoken}} {{cflag}} This makes me very depressed , I don't know why

The same is true for back-end verification signatures

Click send request , Watch the console print

The back end can also get this data , The backend itself uses the same logic in the background , Get it appId And back office storage secret With parameters md5 Verify and then compare sign The integrity of parameter values can be verified by consistency ,
I was asked here jwttoken and cflg I didn't use it , Why do you send it , Because I don't want to send it , Background authentication uses these two parameters as the basis for login , If you don't send it , You will be prompted that you are not logged in .


That's the end of the article , If you don't understand or have problems, you can leave a message in the comment area , I'll get back to you as soon as I get it , If you think this article is good , Please use your little hands , give the thumbs-up , Comment on this article , Thank you for watching !

©2020 ioDraw All rights reserved
0.96OLED display -4 Line SPI explain C++11 of std::function,std::bind,std::placeholdersJavaScript study ( Function declaration and parameters )QTabWidget Style sheet settings The project passed idea Package and publish to tomcat The server postman Interface test get timestamp and MD5 encryption react Background management configuration route and sidebar :python Simple game code -10 Minutes Python Write a snake game , simple You know? Python What does the foundation include ? Learn something ?10 individual Python Introduction to crawler