-
关于md5加密防止第三方拦截数据的基本操作
def api(func):
@wraps(func)
def _deal_with(*args, **kwargs):
response_data = demjson.encode(func(*args, **kwargs))
response = HttpResponse(response_data, content_type='application/json')
response["Access-Control-Allow-Origin"] = "*"
response["Access-Control-Allow-Methods"] = "POST, GET, OPTIONS"
response["Access-Control-Max-Age"] = "1000"
response["Access-Control-Allow-Headers"] = "*"
return response
return _deal_with
key = 'lisi666zhangsan666'
visited_api = {
}
def md5(arg):
h = hashlib.md5()
h.update(arg.encode("utf-8"))
return h.hexdigest()
@api
def api_safe(request):
timestamp = time.time()
server_key = request.META.get('HTTP_KEY')
if not server_key:
return {'msg': 'ni bu shi kehuduan'}
md5_str, md5_time = server_key.split('|')
md5_time = float(md5_time)
if md5_time + 5 < timestamp:
return {
'msg': 'time out'
}
md5_key = md5('{}|{}'.format(key, md5_time))
if md5_key != md5_str:
return {
'msg': 'key is not right'
}
if md5_str in visited_api:
return {
'msg': 'you are visited'
}
visited_api['md5_key'] = md5_key
return {
'msg': 'helloworld'
}