密码三部分验证:
--在规定的时间之内
--不能在已访问过的列表中
--密钥验证
agent 验证部分
import requests
import hashlib
import time
current_time = time.time()
app_id = '9898fdsddf3e2fd3s203dsf' # 密钥
app_id_time = "%s|%s" %(app_id,current_time)
m = hashlib.md5()
m.update(bytes(app_id_time,encoding='utf-8'))
authkey = m.hexdigest()
authkey_time = "%s|%s" %(authkey,current_time)
print(app_id_time)
print(authkey)
print(authkey_time)
data = {'k1':{"t1":'v1'}}
response = requests.post(
url='http://127.0.0.1:9000/assest/',
json=data,
headers={'authkey':authkey_time}
)
print(response.text)
server 验证部分
from django.shortcuts import render,HttpResponse
from django.views.decorators.csrf import csrf_exempt,csrf_protect
import json
import hashlib
import time
# Create your views here.
key = '9898fdsddf3e2fd3s203dsf'
auth_list = []
@csrf_exempt
def assest(request):
if request.method == "POST":
auth_key_time = request.META['HTTP_AUTHKEY']
client_authkey,client_time = auth_key_time.split('|')
server_time = time.time()
# 第一层是验证时间,10为秒数
if server_time-10 > float(client_time):
# 时间太久远了
return HttpResponse("时间超时")
# 第二层检测是否访问过,访问过的记录在 auth_list
if auth_key_time in auth_list:
# 访问过的
return HttpResponse("auth key 已访问过了")
m = hashlib.md5()
key_client_time = "%s|%s" %(key,client_time)
m.update(bytes(key_client_time, encoding='utf-8'))
authkey = m.hexdigest()
# 第三层,验证密钥是否正确
if authkey != client_authkey:
return HttpResponse("密钥验证失败")
data = json.loads(str(request.body,encoding='utf-8'))
print(data)
# 这里少做了一步,就是把过时的key从list中删除
auth_list.append(auth_key_time)
print("auth_list = ",auth_list)
return HttpResponse("验证成功")
