The API Validation section of the Django project

Objective:

API validation is required for secure access between the client and server side, and is not intercepted by a third party.

Client section:

The first step is to write a complex key that uses key as the security key, and the same key on the server side.

Then we need a time stamp. #时间戳可以相当于动态加密

The key and timestamp are then stitched together and then encrypted using the Md5 method. #更加安全

After that, the encrypted result is then written to the service side with timestamp stitching to the request header. #为了让服务端解密所以需要将时间戳直接发送给服务端

That's what we're going to do on the client side.

The code is as follows:

Service side

First we need to write a key that is the same as the client

Then write a view function,

First, we need to take the request header out, remove the key via split (encrypted key and timestamp), and timestamp;

We then convert the time stamp taken out to float format, and the server itself takes a time stamp in float format;

First, the first pass verifies that if the client timestamp + (specified time in seconds) < The current timestamp of the server, then the client content is considered obsolete and lost timeliness.

Then, if the specified description meets the requirements and is greater than the current time, proceed to the next validation

We spliced the server key with the timestamp just now and put it in the same MD5 method as the client to verify the match and see if the results are the same.

If not, this indicates that the client's MD5 has been changed.

If the previous match succeeds, and there is no problem, then we perform the last validation to determine if the request is two requests

If this request, has already visited the server before, even in the stipulated time we also judged to be illegal, because possibly someone may use this time through the same MD5 to make the unlawful request.

So we create an empty dictionary, if for the first request, the dictionary does not have the key MD5, we think is the first request, allow access, and put the MD5 into the dictionary, when the specified number of seconds to access again,

Judging that the MD5 already exists in the dictionary, we judge it as an illegal request and deny access.

Specific code such as:

Finally, for ease of use, we write this code as an adorner, and use it flexibly.

Such as:

This API validation decorator is written to the server management system on the servers function. API this San Guan verification or there is a disadvantage is that if the hacker faster than your speed, intercepted from the halfway, the client is a second visit. Therefore, for the sake of insurance, the client needs to encrypt the data before sending it, even if the hacker intercepts it, it can't use the data.

The API Validation section of the Django project