Self-written encryption page, and Baidu network disk private very similar, need password to access (original)

Preface

1. Horse will be recruited, so I intend to put a resume on their own web page, but do not want to give in addition to the recruitment of people, or I designated people outside, so I need to encrypt the page page
2. I looked for a lot of information, see a lot of so-called page encryption, but about 60% are Web lock, using a third-party plug-in, and only in a certain browser account can be implemented
3. So, I can only study the solution, this time someone to my Baidu network to share a file, is required to enter the password, so I found that this is what I need, so I began to study the principle of private sharing Baidu network disk

Simple analysis Baidu Network disk:

1. Clear all Cookies First, account cancel login

2. Open Chrome, enter the shared link, and open the developer options before the jump link to monitor file changes

3, hit enter, found that the URL link has changed

4. URL from/s/1l ... Become/SHARE/INIT?SURL=LRW ...

5, this time to see the network loaded files into 302 states

6, 302 for redirection, meaning that the original URL redirect to a new address, that is, Baidu Network disk Server to determine that you have not entered the password, there is no storage of cookies, so the originally visited page was redirected to the new password page

7, this time we enter the correct password, reload the share link, found that return the correct HTML, and 200 status

8, and will find a lot of content in the cookie, and the page when accessing the backend, will automatically carry a cookie (recently I have been using localstorage, so forget the cookie, can automatically carry)

Therefore, through the analysis, found in the content of the cookie is mainly stored in the implementation of encrypted access

Here is the principle of the Encryption page I wrote (I use the Nodejs,ejs template, Express), because the backend can be used to write a variety of, here only to write ideas, do not write specific code

Prior to preparation, there must be a data table with an encrypted path

Id	Path	Password	PlainText	Random_code	Time
Usually UUID	The path of the request, write according to your preference, mine is/a.html	SHA256 encryption, string for plaintext password connection on ID and random code	PlainText passwords are not encrypted in one Direction	Random code random a set of uppercase and lowercase letters plus numbers	Creation time

1, when people visit a.html, that is, encryption does not want to access the page, because the page will automatically carry cookies

2, so we get a cookie at the backend, and the request path, then the database comparison, here is a problem, if only HTML encryption, the first to determine whether the request is HTML or other, you can reduce the query

3. If the request path is found in the table, check whether the cookie has Id=password data, or return the requested HTML file directly

4, if there is no data, then return the rendering of the input password of the HTML, to find a way to put the original path into the password HTML, enter the correct password after good jump

5, enter the password, the AJAX request, through the input plaintext password, as well as the ID and the database random code, into a string to connect, and password comparison, or directly compare the plaintext password is the same

6, once correct, for security purposes, return to the encrypted password, that is, ciphertext

7, in the password HTML JS, will get the ciphertext and ID stored in a cookie, jump to the original page visited

8, this time has a cookie, and then compare successfully, return to a.html file

The above is just my initial test writing, perhaps there is a better, and more optimized method, welcome correction

This article can be reproduced freely, but please indicate the source

The following is a test picture

Self-written encryption page, and Baidu network disk private very similar, need password to access (original)