feat: 请求预处理脚本（加密）

2019-07-16 06:36:20 +00:00 · 2019-07-16 06:36:20 +00:00 · cfde366234
commit cfde366234
parent 22dfed3209
1 changed files with 231 additions and 0 deletions
--- a/instagram-after-response-script.js
+++ b/instagram-after-response-script.js
@ -0,0 +1,231 @@
 //console.log('responseBody'+responseBody)
 function Base64 () {
    // private property
    this._keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
 }
 //public method for encoding
 Base64.prototype.encode = function (input) {
    var output = "", chr1, chr2, chr3, enc1, enc2, enc3, enc4, i = 0;
    input = this._utf8_encode(input);
    while (i < input.length) {
        chr1 = input.charCodeAt(i++);
        chr2 = input.charCodeAt(i++);
        chr3 = input.charCodeAt(i++);
        enc1 = chr1 >> 2;
        enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
        enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
        enc4 = chr3 & 63;
        if (isNaN(chr2)) {
            enc3 = enc4 = 64;
        } else if (isNaN(chr3)) {
            enc4 = 64;
        }
        output = output +
            this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) +
            this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4);
    }
    return output;
 }
 // public method for decoding
 Base64.prototype.decode = function (input) {
    var output = "", chr1, chr2, chr3, enc1, enc2, enc3, enc4, i = 0;
    input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
    while (i < input.length) {
        enc1 = this._keyStr.indexOf(input.charAt(i++));
        enc2 = this._keyStr.indexOf(input.charAt(i++));
        enc3 = this._keyStr.indexOf(input.charAt(i++));
        enc4 = this._keyStr.indexOf(input.charAt(i++));
        chr1 = (enc1 << 2) | (enc2 >> 4);
        chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
        chr3 = ((enc3 & 3) << 6) | enc4;
        output = output + String.fromCharCode(chr1);
        if (enc3 != 64) {
            output = output + String.fromCharCode(chr2);
        }
        if (enc4 != 64) {
            output = output + String.fromCharCode(chr3);
        }
    }
    output = this._utf8_decode(output);
    return output;
 }
 // private method for UTF-8 encoding
 Base64.prototype._utf8_encode = function (string) {
    string = string.replace(/\r\n/g, "\n");
    var utftext = "";
    for (var n = 0; n < string.length; n++) {
        var c = string.charCodeAt(n);
        if (c < 128) {
            utftext += String.fromCharCode(c);
        } else if ((c > 127) && (c < 2048)) {
            utftext += String.fromCharCode((c >> 6) | 192);
            utftext += String.fromCharCode((c & 63) | 128);
        } else {
            utftext += String.fromCharCode((c >> 12) | 224);
            utftext += String.fromCharCode(((c >> 6) & 63) | 128);
            utftext += String.fromCharCode((c & 63) | 128);
        }
    }
    return utftext;
 }
 // private method for UTF-8 decoding
 Base64.prototype._utf8_decode = function (utftext) {
    var string = "", i = 0, c = 0, c1 = 0, c2 = 0, c3 = 0;
    while (i < utftext.length) {
        c = utftext.charCodeAt(i);
        if (c < 128) {
            string += String.fromCharCode(c);
            i++;
        } else if ((c > 191) && (c < 224)) {
            c2 = utftext.charCodeAt(i + 1);
            string += String.fromCharCode(((c & 31) << 6) | (c2 & 63));
            i += 2;
        } else {
            c2 = utftext.charCodeAt(i + 1);
            c3 = utftext.charCodeAt(i + 2);
            string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));
            i += 3;
        }
    }
    return string;
 }
 var Base = new Base64();
 function md5 (str) {
    return CryptoJS.MD5(str).toString()
 }
 function authcode (string, isencrypt) {
    var timestamp = Date.parse(new Date()) / 1000;//;
    if (isencrypt)
        string = string + timestamp;
    var ckey_length = 5;
    // 密匙
    var key = postman.getEnvironmentVariable("encryptkey");
    key = md5(key)
    // 密匙a会参与加解密
    var keya = md5(key.substr(0, 12));
    //console.log('keya:'+keya)
    // 密匙b会用来做数据完整性验证
    var keyb = md5(key.substr(12, 20));
    // 密匙c用于变化生成的密文
    //console.log('keyb:'+keyb)
    var keyc = isencrypt ? md5(timestamp).substr(32 - ckey_length) : string.substr(0, ckey_length);
    //console.log('keyc:'+keyc)
    // 参与运算的密匙
    var cryptkey = keya + md5(keya + keyc);
    var key_length = cryptkey.length;
    // console.log('cryptkey:'+cryptkey)
    var tempstr = md5(string + keyb).substr(0, 18);//检验字符串
    string = isencrypt ? (timestamp + 120) + tempstr + string : Base.decode(string.substr(ckey_length));//timestamp+120过期时间
    var string_length = string.length;
    //console.log('string='+string+' length='+string_length);
    var result = '';
    var box = [];
    var rndkey = [];
    // 128是ascrii码,字符范围,也可取256以内其它数字,产生密匙簿,加解密的cryptkey是相同的,由当时时间md5生成的
    for (var i = 0; i < 128; i++) {
        rndkey[i] = cryptkey.charCodeAt(i % key_length);
        box[i] = i;
    }
    var tmp;
    // 用固定的算法，打乱密匙簿，增加随机性，好像很复杂，实际上对并不会增加密文的强度
    for (var j = 0, i = 0; i < 128; i++) {
        j = (j + box[i] + rndkey[i]) % 128;//rndkey[i]是随机数,j是也是随机,加起来也是随机数
        tmp = box[i];
        box[i] = box[j];
        box[j] = tmp;
    }
    // 核心加解密部分
    for (var a = j = i = 0; i < string_length; i++) {
        a = (a + 1) % 128;
        j = (j + box[a]) % 128;
        tmp = box[a];//再次打乱
        box[a] = box[j];
        box[j] = tmp;
        // 从密匙簿得出密匙进行异或，再转成字符
        var b = box[(box[a] + box[j]) % 128];
        var c = a ^ b;
        var d = String.fromCharCode(c);
        result += String.fromCharCode(string.charCodeAt(i) ^ (box[(box[a] + box[j]) % 128]));
    }
    //console.log('result='+result);
    if (isencrypt) {
        // 把动态密匙保存在密文里，这也是为什么同样的明文，生产不同密文后能解密的原因
        // 因为加密后的密文可能是一些特殊字符，复制过程可能会丢失，所以用base64编码
        return keyc + Base.encode(result);
    }
    else {
        return result.substr(28)
    }
 }
 function removeinterruptchars (str) {
    var newstring = '';
    for (var i = 0; i < str.length; i++) {
        if (i % 2 == 0)
            newstring = newstring + str.charAt(i);
    }
    return newstring;
 }
 function aesDecrypt (ciphertext, key, iv) {
    var decrypted = CryptoJS.AES.decrypt(ciphertext, key, {
        iv: iv,
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    });
    return decrypted.toString(CryptoJS.enc.Utf8);//WordArray对象转utf8字符串
 }
 //  pm.environment.set("isencrypt", "0");
 try {
    var data = JSON.parse(responseBody);
    console.log(data)
    tests["接口未加密,返回值查看body"] = 1
 }
 catch (err) {
    // pm.environment.set("isencrypt", "1");
    encstr = responseBody
    //console.log(encstr)
    if (pm.environment.get("interrupt_encrypt") == 1) {
        encstr = removeinterruptchars(encstr)
        //console.log('interupt '+encstr)
    }
    if (pm.environment.get("authcode_encrypt") == 1) {
        encstr = authcode(encstr, 0)
        // console.log('authcode '+encstr)
    }
    //console.log(encstr)
    encstr = encstr.replace(/_a/g, "/").replace(/_b/g, "+").replace(/_c/g, "=")
    tests["接口进行了加密,以下是解密内容,详细输出,打开view-show postman console查看打印结果"] = 1
    response = CryptoJS.enc.Base64.parse(encstr).toString(CryptoJS.enc.Latin1);
    iv = response.substr(0, 16)
    decdata = response.substr(48, response.length - 48)
    var cryptkey = postman.getEnvironmentVariable("encryptkey");
    //console.log(CryptoJS.enc.Base64.stringify(CryptoJS.enc.Latin1.parse(decdata)))
    decryptedMessage = aesDecrypt(CryptoJS.enc.Base64.stringify(CryptoJS.enc.Latin1.parse(decdata)), CryptoJS.enc.Utf8.parse(cryptkey), CryptoJS.enc.Utf8.parse(iv));//解密
    decryptedMessage = unescape(decryptedMessage.replace(/\\/g, "%"))
    tests[decryptedMessage] = 1
    console.log('解密后' + decryptedMessage)
    if (decryptedMessage) {
        obj = JSON.parse(decryptedMessage)
        console.log(obj)
    }
 }