客戶端向服務器發送請求時,在請求頭添加自定義的字符串html
客戶端的加密方式redis
1.對key+time進行md5加密django
2.發送的時候的格式爲md5_key|time,將時間也發送過去api
服務器端驗證服務器
1.獲取加密的字符串,md5_key | time加密
2.判斷時間time是否超時spa
3.驗證md5_keycode
4.判斷md5_key 在短期內是否訪問過,用redis,訪問過則不經過server
clienthtm
import time import hashlib import requests # 每臺client都有一個key,跟server對應
ENCRYPTION_KEY= 'abcdedf' now_time = time.time() # key的格式定義
key = "%s|%s" %(ENCRYPTION_KEY ,now_time) # md5加密
md5 = hashlib.md5() md5.update(key.encode('utf-8')) new_key = md5.hexdigest() # 發送加密字符串的格式
send_key = "%s|%s" %(new_key ,now_time) headers = {"clientkey" :send_key} print(headers) r = requests.get("http://127.0.0.1:8000/api/asset.html",headers=headers) print(r.text)
server
import time from functools import wraps from django.conf import settings import hashlib key_dict = {} # Create your views here.
def check_key(func): @wraps(func) def inner(request): accept_key = request.META.get("HTTP_CLIENTKEY", None) if not accept_key: return HttpResponse("非法連接") else: now_time = time.time() old_md5_key, old_time = accept_key.split('|') float_old_time = float(old_time) # 判斷時間是否超時
if now_time - float_old_time > 10: return HttpResponse("超時") else: # 判斷md5是否正確
key = "%s|%s" % (settings.AC_KEY, old_time) md5 = hashlib.md5() md5.update(key.encode('utf-8')) new_md5_key = md5.hexdigest() if new_md5_key != old_md5_key: return HttpResponse("加密的key有誤") # 循環字典,刪除超過10秒的key
for t in list(key_dict.keys()): if now_time - key_dict[t] > 10: del key_dict[t] # 判斷10秒內是否訪問過
if old_md5_key in key_dict: return HttpResponse("已經訪問過") key_dict[old_md5_key] = now_time r = func(request) return r return inner