大佬们帮忙看看这个接口怎么弄？

菜鸡鲲 · 发表于 2024-4-6 17:13:18

post：
https://api.qst8.cn/api/front/upload/img

请求标头:authority:
api.qst8.cn
:method:
POST
:path:
/api/front/upload/img
:scheme:
https
Accept:
*/*
Accept-Encoding:
gzip, deflate, br, zstd
Accept-Language:
zh-CN,zh;q=0.9
Branchid:
1002
Cache-Control:
no-cache
Channel:
Content-Length:
2066189
Content-Type:
multipart/form-data; boundary=----WebKitFormBoundarywIB4fkxKvaM69fwp
Method:
POST
Origin:
https://qst8.cn
Pragma:
no-cache
Referer:
https://qst8.cn/
Sec-Ch-Ua:
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Sec-Ch-Ua-Mobile:
?0
Sec-Ch-Ua-Platform:
"Windows"
Sec-Fetch-Dest:
empty
Sec-Fetch-Mode:
cors
Sec-Fetch-Site:
same-site
Sign:
bc167104aa367377609e9b64da7d396b
Source:
h5
Tenantid:
3
Timestamp:
1712394675371
Token:
531cd244-5f7e-4fd7-5532-1f539052d71a
User-Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

载荷file: （二进制）
file:

返回的数据格式{
"code": 200,
"message": "操作成功",
"data": "https://img.qst8.cn/custom/pic/xxx.png"
}

请求标头里的sign值和token值是怎么生成的，怎么对这个接口进行正确的post？
希望大佬们能教一下，谢谢了。

个人支付宝接口 · 发表于 2024-4-6 17:28:17

本帖最后由个人支付宝接口于 2024-4-6 17:29 编辑

看起来就是个multipart/form-data类型的上传表单，sign和token哪里来的要去分析前台代码

菜鸡鲲 · 发表于 2024-4-6 17:30:22

个人支付宝接口发表于 2024-4-6 17:28
看起来就是个multipart/form-data类型的上传表单，sign和token哪里来的要去分析前台代码 ...

老哥能麻烦给个例子吗，我这一直测试上传失败，不知道为什么？

youhei · 发表于 2024-4-6 17:40:33

这个上传入口在哪里

icon · 发表于 2024-4-6 17:41:49

我，秦始皇，打钱

SirW · 发表于 2024-4-6 18:47:48

[ 本帖最后由 SirW 于 2024-4-6 18:50 编辑 ]\n\n随便写了下，拿去用吧。做图床用的？

[code]<?php
$p = "./response.png";
$pic = upload($p);
echo $pic;

function getHeaders($type, $timestamp, $token = ""){
      $json = array(
            "method" => $type ,
            "timestamp" => $timestamp,
            "source" => "h5",
            "key" => "1F2F58F2220096D7E209224F826B6D67"
      );
      $j = json_encode($json);
      $sign = md5(strtoupper($j));
      $h = array(
            "accept: application/json, text/javascript, */*; q=0.01",
            "Channel:",
            "Method:GET",
            "Referer:",
            "Branchid:1002",
            "Sign:".$sign,
            "Source:h5",
            "Tenantid:3",
            "Timestamp:".$timestamp,
            "User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36",
      );

      if($token != ""){
            $h[] = "Token:".$token;
      }
      return $h;
}

function upload($filePath){
      $url = "/api/front/user/h5Login";//带上域名，回帖发不了
      $type = "GET";
      $timestamp = (string)(time()*1000+rand(100,999));
      $randToken = uuid();
      $headers = getHeaders($type, $timestamp, $randToken);

      //register Token
      $content = POST($url, "", $headers);
      $d = json_decode($content, true);
      $token = $d["data"]["token"];

      //upload
      $type2 = "POST";
      $url2 = "/api/front/upload/img";//带上域名，回帖发不了
      $timestamp = (string)(time()*1000+rand(100,999));
      $headers2 = getHeaders($type2, $timestamp, $token);
      $headers2[] = "Content-Type:multipart/form-data";
      $postData = array(
            'file' => new CURLFile($filePath),
      );
      $c = POST($url2, $postData, $headers2);
      $d = json_decode($c,true);
      return $d["data"];
}

function POST($url,$post,$headers){
      $c = curl_init();
      curl_setopt($c, CURLOPT_URL, $url);
      curl_setopt($c, CURLOPT_HEADER, 0);
      curl_setopt($c, CURLOPT_NOBODY, 0);
      if($post) {
         curl_setopt($c, CURLOPT_POST, 2);
         curl_setopt($c, CURLOPT_POSTFIELDS, $post);
      }
      if(stripos($url, 'https://') > -1){
         curl_setopt($c, CURLOPT_SSL_VERIFYPEER, FALSE);
         curl_setopt($c, CURLOPT_SSL_VERIFYHOST, FALSE);
      }
      curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
      curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 12);
      curl_setopt($c, CURLOPT_TIMEOUT,12);
      curl_setopt($c, CURLOPT_ENCODING ,'gzip, deflate');
      if(!$ip) {
         $ip_long = array(
                  array('607649792', '608174079'), //36.56.0.0-36.63.255.255
                  array('1038614528', '1039007743'), //61.232.0.0-61.237.255.255
                  array('1783627776', '1784676351'), //106.80.0.0-106.95.255.255
                  array('2035023872', '2035154943'), //121.76.0.0-121.77.255.255
                  array('2078801920', '2079064063'), //123.232.0.0-123.235.255.255
                  array('-1950089216', '-1948778497'), //139.196.0.0-139.215.255.255
                  array('-1425539072', '-1425014785'), //171.8.0.0-171.15.255.255
                  array('-1236271104', '-1235419137'), //182.80.0.0-182.92.255.255
                  array('-770113536', '-768606209'), //210.25.0.0-210.47.255.255
                  array('-569376768', '-564133889'), //222.16.0.0-222.95.255.255
         );
         $rand_key = mt_rand(0, 9);
         $ip= long2ip(mt_rand($ip_long[$rand_key][0], $ip_long[$rand_key][1]));
      }

      $headers[] = 'X-Forwarded-For:'.$ip;
      $headers[] = 'x-real-ip:'.$ip;
      $headers[] = 'CLIENT_IP:'.$ip;
      curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
      // curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
      $content = curl_exec($c);

      curl_close($c);
      return $content;
}

function uuid() {
$data = openssl_random_pseudo_bytes(16);
assert(strlen($data) == 16);

// Set version to 0100
$data[6] = chr(ord($data[6]) & 0x0f | 0x40);
// Set bits 6-7 to 10
$data[8] = chr(ord($data[8]) & 0x3f | 0x80);

return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
} [/code]

菜鸡鲲 · 发表于 2024-4-6 19:27:56

SirW 发表于 2024-4-6 18:47
[ 本帖最后由 SirW 于 2024-4-6 18:50 编辑 ]\n\n随便写了下，拿去用吧。做图床用的？

...

大佬，这段代码不太理解为什么这么写，不会用啊。

zqqzqq · 发表于 2024-4-6 21:00:14

看我帖子

XSProMax · 发表于 2024-4-6 21:58:44

youhei 发表于 2024-4-6 17:40
这个上传入口在哪里

平台投诉里面就有

SirW · 发表于 2024-4-7 12:07:48

菜鸡鲲发表于 2024-4-6 19:27
大佬，这段代码不太理解为什么这么写，不会用啊。

是php代码

		自动登录	找回密码
密码			注册