function Base64 () { // private property this._keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; } //public method for encoding Base64.prototype.encode = function (input) { let output = "", chr1, chr2, chr3, enc1, enc2, enc3, enc4, i = 0; input = this._utf8_encode(input); while (i < input.length) { chr1 = input.charCodeAt(i++); chr2 = input.charCodeAt(i++); chr3 = input.charCodeAt(i++); enc1 = chr1 >> 2; enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); enc4 = chr3 & 63; if (isNaN(chr2)) { enc3 = enc4 = 64; } else if (isNaN(chr3)) { enc4 = 64; } output = output + this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) + this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4); } return output; } // public method for decoding Base64.prototype.decode = function (input) { let output = "", chr1, chr2, chr3, enc1, enc2, enc3, enc4, i = 0; input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); while (i < input.length) { enc1 = this._keyStr.indexOf(input.charAt(i++)); enc2 = this._keyStr.indexOf(input.charAt(i++)); enc3 = this._keyStr.indexOf(input.charAt(i++)); enc4 = this._keyStr.indexOf(input.charAt(i++)); chr1 = (enc1 << 2) | (enc2 >> 4); chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); chr3 = ((enc3 & 3) << 6) | enc4; output = output + String.fromCharCode(chr1); if (enc3 != 64) { output = output + String.fromCharCode(chr2); } if (enc4 != 64) { output = output + String.fromCharCode(chr3); } } output = this._utf8_decode(output); return output; } // private method for UTF-8 encoding Base64.prototype._utf8_encode = function (string) { string = string.replace(/\r\n/g, "\n"); let utftext = ""; for (let n = 0; n < string.length; n++) { let c = string.charCodeAt(n); if (c < 128) { utftext += String.fromCharCode(c); } else if ((c > 127) && (c < 2048)) { utftext += String.fromCharCode((c >> 6) | 192); utftext += String.fromCharCode((c & 63) | 128); } else { utftext += String.fromCharCode((c >> 12) | 224); utftext += String.fromCharCode(((c >> 6) & 63) | 128); utftext += String.fromCharCode((c & 63) | 128); } } return utftext; } // private method for UTF-8 decoding Base64.prototype._utf8_decode = function (utftext) { let string = "", i = 0, c = 0, c1 = 0, c2 = 0, c3 = 0; while (i < utftext.length) { c = utftext.charCodeAt(i); if (c < 128) { string += String.fromCharCode(c); i++; } else if ((c > 191) && (c < 224)) { c2 = utftext.charCodeAt(i + 1); string += String.fromCharCode(((c & 31) << 6) | (c2 & 63)); i += 2; } else { c2 = utftext.charCodeAt(i + 1); c3 = utftext.charCodeAt(i + 2); string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63)); i += 3; } } return string; } let Base = new Base64(); function md5 (str) { return CryptoJS.MD5(str).toString() } function addinterruptchars (str) { let $chars = 'ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678'; let maxPos = $chars.length; let newstr = ''; for (let i = 0; i < str.length; i++) { newstr = newstr + str.charAt(i) + $chars.charAt(Math.floor(Math.random() * maxPos)); } return newstr; } function authcode (string, isencrypt) { let timestamp = Date.parse(new Date()) / 1000;//; if (isencrypt) string = string + timestamp; let ckey_length = 5; // 密匙 // let key = postman.getEnvironmentletiable("encryptkey"); let key = pm.environment.get('encryptkey') key = md5(key) // 密匙a会参与加解密 let keya = md5(key.substr(0, 12)); //console.log('keya:'+keya) // 密匙b会用来做数据完整性验证 let keyb = md5(key.substr(12, 20)); // 密匙c用于变化生成的密文 //console.log('keyb:'+keyb) let keyc = isencrypt ? md5(timestamp).substr(32 - ckey_length) : string.substr(0, ckey_length); //console.log('keyc:'+keyc) // 参与运算的密匙 let cryptkey = keya + md5(keya + keyc); let key_length = cryptkey.length; console.log('cryptkey:' + cryptkey) let tempstr = md5(string + keyb).substr(0, 18);//检验字符串 string = isencrypt ? (timestamp + 120) + tempstr + string : Base.decode(string.substr(ckey_length));//timestamp+120过期时间 let string_length = string.length; //console.log('string='+string+' length='+string_length); let result = ''; let box = []; let rndkey = []; // 128是ascrii码,字符范围,也可取256以内其它数字,产生密匙簿,加解密的cryptkey是相同的,由当时时间md5生成的 for (let i = 0; i < 128; i++) { rndkey[i] = cryptkey.charCodeAt(i % key_length); box[i] = i; } let tmp; // 用固定的算法,打乱密匙簿,增加随机性,好像很复杂,实际上对并不会增加密文的强度 for (let j = 0, i = 0; i < 128; i++) { j = (j + box[i] + rndkey[i]) % 128;//rndkey[i]是随机数,j是也是随机,加起来也是随机数 tmp = box[i]; box[i] = box[j]; box[j] = tmp; } // 核心加解密部分 for (let a = j = i = 0; i < string_length; i++) { a = (a + 1) % 128; j = (j + box[a]) % 128; tmp = box[a];//再次打乱 box[a] = box[j]; box[j] = tmp; // 从密匙簿得出密匙进行异或,再转成字符 let b = box[(box[a] + box[j]) % 128]; let c = a ^ b; let d = String.fromCharCode(c); result += String.fromCharCode(string.charCodeAt(i) ^ (box[(box[a] + box[j]) % 128])); } //console.log('result='+result); if (isencrypt) { // 把动态密匙保存在密文里,这也是为什么同样的明文,生产不同密文后能解密的原因 // 因为加密后的密文可能是一些特殊字符,复制过程可能会丢失,所以用base64编码 return keyc + Base.encode(result); } else { return result.substr(28) } } function randomString (len) { len = len || 32; let $chars = 'ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678'; let maxPos = $chars.length; let pwd = ''; for (let i = 0; i < len; i++) { pwd += $chars.charAt(Math.floor(Math.random() * maxPos)); } return pwd; } function aesEncrypt (message, key, iv) { let ciphertext = CryptoJS.AES.encrypt(message, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); //return ciphertext;//密码对象(Obejct类型,非WordArray类型),Base64编码。 return ciphertext.toString();//密码对象的Base64字符串 } if (pm.environment.get("isencrypt") == 1) { hasparam = 1 // try { // ps = pm.request.body.urlencoded.members // } // catch (err) { // console.log('没有设置参数') // hasparam = 0 // pm.request.body.urlencoded = new Array() // } //let param={'key':'zyh','value':'lisi'} //pm.request.body.urlencoded.members.push(param) console.log('hasparam值:', hasparam) console.log('请求参数:', pm.request.body.urlencoded.members) // if (hasparam == 0) { // console.log('请求参数:', pm.request.body.urlencoded.members) // } let oldparams = {}; let params = {}; let ps = pm.request.body.urlencoded.members; // if (!ps) { // ps = [] // } let regex = /\{{2}(\w+)\}{2}/ for (let i = 0; i < ps.length; i++) { let param = ps[i] let value = param.value let vReg = regex.exec(value) let key = param.key oldparams[key] = value if (param.disabled == true || key == "receipt") { //console.log('disabled:'+key) continue } if (key == 'params') { continue } if (vReg !== null && vReg.length > 1) { console.log(key, pm.environment.get(vReg[1])) params[encodeURIComponent(key)] = pm.environment.get(vReg[1]) } else { params[encodeURIComponent(key)] = value; } } console.log('params:', params) if (!oldparams.hasOwnProperty('app_bundle_id')) { params['app_bundle_id'] = pm.environment.get('app_bundle_id'); } if (!oldparams.hasOwnProperty('device_id')) { params['device_id'] = pm.environment.get('device_id'); } if (!oldparams.hasOwnProperty('token')) { params['token'] = pm.environment.get('token'); } // 其他基础参数 params['lang'] = pm.environment.get('lang'); params['timezone'] = pm.environment.get('timezone'); params['platform'] = pm.environment.get('platform'); params['app_name'] = pm.environment.get('app_name'); params['device_version'] = pm.environment.get('device_version'); let jsonstr = JSON.stringify(params); // let jsonstr='{"app_bundle_id":"com.ylp.qrforfollowers","app_name":"qrforfollowers","app_version":"1.2","device_id":"EA7FA2BA-92FC-4538-93F7-B00E1B90A4F3","device_version":"12.1.2","instagram_id":"2207136901","lang":"zh-Hans-CN","password":"edee9KBx+HBBzOm8WS1pJHgB6aTIMMlYJLAZ8HT9Ban55MTkvTgUvB0NBcVgtO0Mb","platform":"iOS","timezone":"Asia/Shanghai","username":"sherryboa","token":"b6ea6b8fd7a4e00cb9e172a17a035ef5"}' let CryptoJS = require("crypto-js"); let iv = randomString(16) //let iv='JdG3kecbQPSWKHKp' console.log('iv转类型 ' + CryptoJS.enc.Utf8.parse(iv)) //let iv='1111111111111111' // let cryptkey = postman.getEnvironmentletiable("encryptkey"); let cryptkey = pm.environment.get('encryptkey') console.log('jsonstr ' + jsonstr) //测试 let ciphertext = aesEncrypt(jsonstr, CryptoJS.enc.Utf8.parse(cryptkey), CryptoJS.enc.Utf8.parse(iv));//加密 console.log('iv ' + iv) console.log('ciphertext ' + ciphertext) let checkdata = CryptoJS.HmacSHA256(jsonstr, cryptkey); console.log('HmacSHA256checkdata ' + checkdata) checkdata = CryptoJS.enc.Base64.stringify(checkdata) console.log('Base64checkdata ' + checkdata) let encstr = btoa(iv + atob(checkdata) + atob(ciphertext)) console.log('[BASE64]btoa结果:', encstr) encstr = encstr.replace(/\//g, '_a') encstr = encstr.replace(/\+/g, '_b') encstr = encstr.replace(/\=/g, '_c') console.log('[BASE64]加密前:', encstr) if (pm.environment.get("authcode_encrypt") == 1) { encstr = authcode(encstr, 1) console.log('[BASE64]authcode:', encstr) } if (pm.environment.get("interrupt_encrypt") == 1) { encstr = addinterruptchars(encstr) console.log('[BASE64]interupt:', encstr) } pm.environment.set("params", encstr) console.log('[BASE64]加密后:', encstr) // let requestCfg = { // url: pm.environment.get('host') + '/index/instagram/base64encrypt', // method: 'POST', // body: { // mode: 'urlencoded', // urlencoded: [ // { // key: 'encstr', // value: ciphertext, // disabled: false // }, // { // key: 'checkdata', // value: checkdata, // disabled: false // }, // { // key: 'iv', // value: iv, // disabled: false // }, // ] // } // } // pm.sendRequest(requestCfg, function (err, response) { // try { // console.log('base64encrypt', response.json()) // encstr = response.json()['msg'] // console.log('[BASE64]加密前:', encstr) // if (pm.environment.get("authcode_encrypt") == 1) { // encstr = authcode(encstr, 1); // console.log('[BASE64]authcode:', encstr) // } // if (pm.environment.get("interrupt_encrypt") == 1) { // encstr = addinterruptchars(encstr) // console.log('[BASE64]interupt:', encstr) // } // pm.environment.set("params", encstr); // console.log('[BASE64]加密后:', encstr) // } catch (e) { // console.error(e.message, e) // console.log('[BASE64]response:', response.text()) // } // }) }