使用python 对token进行加密

python 算法
开发日常
Publish Date:   2017-08-13

加密原理

token加密原理

python 代码实现

加密方法 与 验证方法 ^1

# token类
# @author itaken<regelhh@gmail.com>
# @since 2017-07-28
class Connector:

    # 加密 token
    @classmethod
    def encrypt_token(cls, uid, access_token, session_token):
        if access_token == "" or session_token == "":
            return &#123;&#125;

        uid = int(uid)
        if uid < 17:  # 防止出现 id 过小的情况
            uid = uid * 19

        if len(access_token) < 32:  # 防止出现长度不足的情况
            access_token = Itaken.enmd5(access_token)
        if len(session_token) < 32:
            session_token = Itaken.enmd5(session_token)

        session_token_list = list(session_token)  # token string转list
        str_key = access_token[8:20]  # 字符替换key

        pos = []
        mod_key = (11, 3, 7, 13, 5, 17)  # 求模key
        for index, i in enumerate(mod_key):
            chart = access_token[index: index + 1]  # 随机数
            point = (uid + int("0x" + chart, 16)) % i  # 获取的位置(16进制转10进制)

            pos = Itaken.spread_list(point, pos, 3, 1)  # 计算前半段
            pos = Itaken.spread_list(point + 16, pos, 3, 1)  # 计算后半段

        for index, i in enumerate(pos):
            session_token_list[i] = str_key[index]  # 密钥替换

        token = "".join(session_token_list)  # 加密后token

        return &#123;
            "position": pos,
            "key": str_key,
            "token": token
        &#125;

    # 验证 token
    @classmethod
    def verify_token(cls, uid, token):
        uid = int(uid)
        if uid < 1 or token == "" or token is None:
            return &#123;"code": 0, "message": "验证内容不合法"&#125;

        token_info = cls.get_user_token_info(uid=uid)  # 获取数据库token信息
        if not token_info:
            return &#123;"code": 0, "message": "没有该用户"&#125;

        encrypt_info = cls.encrypt_token(uid=uid, access_token=token_info["access_token"], session_token=token_info["session_token"])
        if token == encrypt_info["token"]:
            return &#123;"code": 1, "message": "验证成功", "uid": uid&#125;

        token_list = list(token)  # token 转list
        token_key = ""
        for i in encrypt_info["position"]:
            token_key += token_list[i]  # 组装密钥

        if token_key == encrypt_info["key"]:
            return &#123;"code": -1, "message": "session token失效"&#125;

        return &#123;"code": -2, "message": "access token失效"&#125;

md5加密^2 和 list处理方法^3

# 公共方法
# @author itaken<regelhh@gmail.com>
# @since 2017-07-21
class Itaken:

    # 获取Hash数据
    @classmethod
    def enmd5(cls, data):
        data = str(data) + "4ITAKEN:)"
        import hashlib
        data = hashlib.md5(data.encode("UTF-8")).hexdigest()  # 昵称hash
        return data

    # list数据不重复
    @classmethod
    def spread_list(cls, i, l=[], step=1, minimum=0):
        if minimum < 0:
            minimum = 0
        i = i < minimum and minimum or i
        step = step < 1 and 1 or step  # < 1 则为 1

        if i in l:
            return cls.spread_list(i+step, l, step, minimum)

        l.append(i)
        return l

项目代码: itaken/python-login-demo

参考文档

Author: Itaken
Link: https://itaken.github.io/2017/8/13/token%E6%B7%B7%E6%B7%86%E7%AE%97%E6%B3%95/
Reprint policy: All articles in this blog are used except for special statements CC BY 4.0 reprint polocy. If reproduced, please indicate source Itaken !
python 算法
  TOC目录