diff --git a/instagram-prerequest-script.js b/instagram-prerequest-script.js new file mode 100644 index 0000000..0a06774 --- /dev/null +++ b/instagram-prerequest-script.js @@ -0,0 +1,358 @@ +function Base64 () { + // private property + this._keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; +} +//public method for encoding +Base64.prototype.encode = function (input) { + let output = "", chr1, chr2, chr3, enc1, enc2, enc3, enc4, i = 0; + input = this._utf8_encode(input); + while (i < input.length) { + chr1 = input.charCodeAt(i++); + chr2 = input.charCodeAt(i++); + chr3 = input.charCodeAt(i++); + enc1 = chr1 >> 2; + enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); + enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); + enc4 = chr3 & 63; + if (isNaN(chr2)) { + enc3 = enc4 = 64; + } else if (isNaN(chr3)) { + enc4 = 64; + } + output = output + + this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) + + this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4); + } + return output; +} + +// public method for decoding +Base64.prototype.decode = function (input) { + let output = "", chr1, chr2, chr3, enc1, enc2, enc3, enc4, i = 0; + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); + while (i < input.length) { + enc1 = this._keyStr.indexOf(input.charAt(i++)); + enc2 = this._keyStr.indexOf(input.charAt(i++)); + enc3 = this._keyStr.indexOf(input.charAt(i++)); + enc4 = this._keyStr.indexOf(input.charAt(i++)); + chr1 = (enc1 << 2) | (enc2 >> 4); + chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); + chr3 = ((enc3 & 3) << 6) | enc4; + output = output + String.fromCharCode(chr1); + if (enc3 != 64) { + output = output + String.fromCharCode(chr2); + } + if (enc4 != 64) { + output = output + String.fromCharCode(chr3); + } + } + output = this._utf8_decode(output); + return output; +} + +// private method for UTF-8 encoding +Base64.prototype._utf8_encode = function (string) { + string = string.replace(/\r\n/g, "\n"); + let utftext = ""; + for (let n = 0; n < string.length; n++) { + let c = string.charCodeAt(n); + if (c < 128) { + utftext += String.fromCharCode(c); + } else if ((c > 127) && (c < 2048)) { + utftext += String.fromCharCode((c >> 6) | 192); + utftext += String.fromCharCode((c & 63) | 128); + } else { + utftext += String.fromCharCode((c >> 12) | 224); + utftext += String.fromCharCode(((c >> 6) & 63) | 128); + utftext += String.fromCharCode((c & 63) | 128); + } + + } + return utftext; +} + +// private method for UTF-8 decoding +Base64.prototype._utf8_decode = function (utftext) { + let string = "", i = 0, c = 0, c1 = 0, c2 = 0, c3 = 0; + while (i < utftext.length) { + c = utftext.charCodeAt(i); + if (c < 128) { + string += String.fromCharCode(c); + i++; + } else if ((c > 191) && (c < 224)) { + c2 = utftext.charCodeAt(i + 1); + string += String.fromCharCode(((c & 31) << 6) | (c2 & 63)); + i += 2; + } else { + c2 = utftext.charCodeAt(i + 1); + c3 = utftext.charCodeAt(i + 2); + string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63)); + i += 3; + } + } + return string; +} + +let Base = new Base64(); + +function md5 (str) { + return CryptoJS.MD5(str).toString() +} +function addinterruptchars (str) { + let $chars = 'ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678'; + let maxPos = $chars.length; + let newstr = ''; + for (let i = 0; i < str.length; i++) { + newstr = newstr + str.charAt(i) + $chars.charAt(Math.floor(Math.random() * maxPos)); + } + return newstr; +} +function authcode (string, isencrypt) { + let timestamp = Date.parse(new Date()) / 1000;//; + if (isencrypt) + string = string + timestamp; + let ckey_length = 5; + // 密匙 + // let key = postman.getEnvironmentletiable("encryptkey"); + let key = pm.environment.get('encryptkey') + key = md5(key) + // 密匙a会参与加解密 + let keya = md5(key.substr(0, 12)); + //console.log('keya:'+keya) + // 密匙b会用来做数据完整性验证 + let keyb = md5(key.substr(12, 20)); + // 密匙c用于变化生成的密文 + //console.log('keyb:'+keyb) + let keyc = isencrypt ? md5(timestamp).substr(32 - ckey_length) : string.substr(0, ckey_length); + //console.log('keyc:'+keyc) + // 参与运算的密匙 + let cryptkey = keya + md5(keya + keyc); + let key_length = cryptkey.length; + console.log('cryptkey:' + cryptkey) + + let tempstr = md5(string + keyb).substr(0, 18);//检验字符串 + string = isencrypt ? (timestamp + 120) + tempstr + string : Base.decode(string.substr(ckey_length));//timestamp+120过期时间 + + let string_length = string.length; + //console.log('string='+string+' length='+string_length); + let result = ''; + let box = []; + let rndkey = []; + + // 128是ascrii码,字符范围,也可取256以内其它数字,产生密匙簿,加解密的cryptkey是相同的,由当时时间md5生成的 + for (let i = 0; i < 128; i++) { + rndkey[i] = cryptkey.charCodeAt(i % key_length); + box[i] = i; + } + let tmp; + // 用固定的算法,打乱密匙簿,增加随机性,好像很复杂,实际上对并不会增加密文的强度 + for (let j = 0, i = 0; i < 128; i++) { + j = (j + box[i] + rndkey[i]) % 128;//rndkey[i]是随机数,j是也是随机,加起来也是随机数 + tmp = box[i]; + box[i] = box[j]; + box[j] = tmp; + } + + // 核心加解密部分 + for (let a = j = i = 0; i < string_length; i++) { + a = (a + 1) % 128; + j = (j + box[a]) % 128; + tmp = box[a];//再次打乱 + box[a] = box[j]; + box[j] = tmp; + // 从密匙簿得出密匙进行异或,再转成字符 + + let b = box[(box[a] + box[j]) % 128]; + + let c = a ^ b; + let d = String.fromCharCode(c); + result += String.fromCharCode(string.charCodeAt(i) ^ (box[(box[a] + box[j]) % 128])); + } + + //console.log('result='+result); + if (isencrypt) { + // 把动态密匙保存在密文里,这也是为什么同样的明文,生产不同密文后能解密的原因 + // 因为加密后的密文可能是一些特殊字符,复制过程可能会丢失,所以用base64编码 + return keyc + Base.encode(result); + } + else { + return result.substr(28) + } + +} +function randomString (len) { + len = len || 32; + let $chars = 'ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678'; + let maxPos = $chars.length; + let pwd = ''; + for (let i = 0; i < len; i++) { + pwd += $chars.charAt(Math.floor(Math.random() * maxPos)); + } + return pwd; +} +function aesEncrypt (message, key, iv) { + let ciphertext = CryptoJS.AES.encrypt(message, key, { + iv: iv, + mode: CryptoJS.mode.CBC, + padding: CryptoJS.pad.Pkcs7 + }); + //return ciphertext;//密码对象(Obejct类型,非WordArray类型),Base64编码。 + return ciphertext.toString();//密码对象的Base64字符串 + +} + +if (pm.environment.get("isencrypt") == 1) { + hasparam = 1 + // try { + // ps = pm.request.body.urlencoded.members + // } + // catch (err) { + // console.log('没有设置参数') + // hasparam = 0 + // pm.request.body.urlencoded = new Array() + // } + + //let param={'key':'zyh','value':'lisi'} + //pm.request.body.urlencoded.members.push(param) + console.log('hasparam值:', hasparam) + console.log('请求参数:', pm.request.body.urlencoded.members) + // if (hasparam == 0) { + // console.log('请求参数:', pm.request.body.urlencoded.members) + // } + let oldparams = {}; + let params = {}; + let ps = pm.request.body.urlencoded.members; + // if (!ps) { + // ps = [] + // } + let regex = /\{{2}(\w+)\}{2}/ + for (let i = 0; i < ps.length; i++) { + let param = ps[i] + let value = param.value + let vReg = regex.exec(value) + let key = param.key + oldparams[key] = value + if (param.disabled == true || key == "receipt") { + //console.log('disabled:'+key) + continue + } + if (key == 'params') { + continue + } + + if (vReg !== null && vReg.length > 1) { + console.log(key, pm.environment.get(vReg[1])) + params[encodeURIComponent(key)] = pm.environment.get(vReg[1]) + } else { + params[encodeURIComponent(key)] = value; + } + } + console.log('params:', params) + if (!oldparams.hasOwnProperty('app_bundle_id')) { + params['app_bundle_id'] = pm.environment.get('app_bundle_id'); + } + if (!oldparams.hasOwnProperty('device_id')) { + params['device_id'] = pm.environment.get('device_id'); + } + if (!oldparams.hasOwnProperty('token')) { + params['token'] = pm.environment.get('token'); + } + // 其他基础参数 + params['lang'] = pm.environment.get('lang'); + params['timezone'] = pm.environment.get('timezone'); + params['platform'] = pm.environment.get('platform'); + params['app_name'] = pm.environment.get('app_name'); + params['device_version'] = pm.environment.get('device_version'); + + let jsonstr = JSON.stringify(params); + // let jsonstr='{"app_bundle_id":"com.ylp.qrforfollowers","app_name":"qrforfollowers","app_version":"1.2","device_id":"EA7FA2BA-92FC-4538-93F7-B00E1B90A4F3","device_version":"12.1.2","instagram_id":"2207136901","lang":"zh-Hans-CN","password":"edee9KBx+HBBzOm8WS1pJHgB6aTIMMlYJLAZ8HT9Ban55MTkvTgUvB0NBcVgtO0Mb","platform":"iOS","timezone":"Asia/Shanghai","username":"sherryboa","token":"b6ea6b8fd7a4e00cb9e172a17a035ef5"}' + + let CryptoJS = require("crypto-js"); + let iv = randomString(16) + //let iv='JdG3kecbQPSWKHKp' + console.log('iv转类型 ' + CryptoJS.enc.Utf8.parse(iv)) + + //let iv='1111111111111111' + // let cryptkey = postman.getEnvironmentletiable("encryptkey"); + let cryptkey = pm.environment.get('encryptkey') + console.log('jsonstr ' + jsonstr) + //测试 + let ciphertext = aesEncrypt(jsonstr, CryptoJS.enc.Utf8.parse(cryptkey), CryptoJS.enc.Utf8.parse(iv));//加密 + console.log('iv ' + iv) + console.log('ciphertext ' + ciphertext) + let checkdata = CryptoJS.HmacSHA256(jsonstr, cryptkey); + console.log('HmacSHA256checkdata ' + checkdata) + + checkdata = CryptoJS.enc.Base64.stringify(checkdata) + console.log('Base64checkdata ' + checkdata) + + + let encstr = btoa(iv + atob(checkdata) + atob(ciphertext)) + console.log('[BASE64]btoa结果:', encstr) + encstr = encstr.replace(/\//g, '_a') + encstr = encstr.replace(/\+/g, '_b') + encstr = encstr.replace(/\=/g, '_c') + + console.log('[BASE64]加密前:', encstr) + if (pm.environment.get("authcode_encrypt") == 1) { + encstr = authcode(encstr, 1) + console.log('[BASE64]authcode:', encstr) + } + + if (pm.environment.get("interrupt_encrypt") == 1) { + encstr = addinterruptchars(encstr) + console.log('[BASE64]interupt:', encstr) + } + + pm.environment.set("params", encstr) + console.log('[BASE64]加密后:', encstr) + + // let requestCfg = { + // url: pm.environment.get('host') + '/index/instagram/base64encrypt', + // method: 'POST', + // body: { + // mode: 'urlencoded', + // urlencoded: [ + // { + // key: 'encstr', + // value: ciphertext, + // disabled: false + // }, + // { + // key: 'checkdata', + // value: checkdata, + // disabled: false + // }, + // { + // key: 'iv', + // value: iv, + // disabled: false + // }, + // ] + // } + // } + // pm.sendRequest(requestCfg, function (err, response) { + // try { + // console.log('base64encrypt', response.json()) + // encstr = response.json()['msg'] + // console.log('[BASE64]加密前:', encstr) + // if (pm.environment.get("authcode_encrypt") == 1) { + // encstr = authcode(encstr, 1); + // console.log('[BASE64]authcode:', encstr) + // } + + // if (pm.environment.get("interrupt_encrypt") == 1) { + // encstr = addinterruptchars(encstr) + // console.log('[BASE64]interupt:', encstr) + // } + + // pm.environment.set("params", encstr); + // console.log('[BASE64]加密后:', encstr) + // } catch (e) { + // console.error(e.message, e) + // console.log('[BASE64]response:', response.text()) + // } + // }) +} + +