Ajax solution for accessing urls that can be read and burned (url dynamic parameters, variable encryption, constant constants, php encryption and decryption, API access verification methods, crawler blocking)

News 2023-07-26 06:51:52 views: null

The solution of accessing url in ajax to read and burn

foreword

"Read and burn" is a communication method, which means that once the message is read by the other party, the content of the message will be automatically deleted or destroyed without leaving any traces. This method is usually used to improve the security and privacy protection of information.

In traditional communication applications, the function of flashing and burning can be realized in the following ways:

  1. Automatic deletion: After the message is read by the other party, it will be automatically deleted from the chat history, and neither party can view it anymore.
  2. Automatic destruction: After the message is read by the other party, it will be automatically destroyed after a set period of time to ensure that the message will not exist for a long time.
  3. Message screenshot reminder: When the other party takes a screenshot to read the message, a notification will be sent to the sender to prevent the other party from secretly saving the message.

Ajax standard usage

$.ajax()Using the method to make AJAX requests is a common and standard usage in jQuery . Here's $.ajax()how to use the basics:

$.ajax({
    
    
  url: '请求的URL',
  method: '请求的方法', // 默认为 'GET'
  data: 请求的数据, // 可选
  dataType: '预期的响应数据类型', // 可选
  success: function(response) {
    
    
    // 请求成功时的回调函数
    // 可以在这里处理响应数据
  },
  error: function(xhr, status, error) {
    
    
    // 请求失败时的回调函数
    // 可以在这里处理错误信息
  }
});

Among them, key configuration items include:

  • url: The requested URL address.
  • method: The request method, which can be 'GET', 'POST', 'PUT', 'DELETE'etc., the default is 'GET'.
  • data: The requested data, which can be an object, string or array. Set as needed for the request.
  • dataType: The expected response data type, common ones are 'json', 'text', 'html'etc., and the default is intelligent judgment.
  • success: The callback function when the request is successful, which is called when the server returns a successful response. The response data is passed as a parameter to the callback function.
  • error: The callback function when the request fails, which is called when an error occurs in the request. Error information is passed as a parameter to the callback function.

By configuring these options, you can define the target URL of the request, the request method, the data to be sent, and execute the corresponding processing logic when the request succeeds or fails.

Here is a simple example:

$.ajax({
    
    
  url: 'https://api.example.com/data',
  method: 'GET',
  success: function(response) {
    
    
    console.log('请求成功', response);
  },
  error: function(xhr, status, error) {
    
    
    console.log('请求失败', error);
  }
});

This example will send a GET request to 'https://api.example.com/data'and print success or failure to the console. The above is just $.ajax()a simple usage of the method. According to actual needs, you can also configure other options, such as request headers, timeout settings, etc. You can refer to jQuery's official documentation for more detailed information and more complex usage.

project requirements

There are many ways to verify API access. In this case, we want to implement a simple dynamic url parameter function, that is, each visitor visits a different URL, but can access the same resource while avoiding the function of crawlers.

1.url access encryption

The AuthCode encapsulation function is a classic function of Discuz, which adopts the modified function:

  1. Front-end encryption is performed on the passed ID, and visitors cannot crack it normally;
  2. Dynamic encryption, every time the page is refreshed, the ciphertext changes automatically;
  3. Set $expiry: the validity period of the ciphertext, such as 3 seconds;
    var id = "<?php echo AuthCode('1', 'ENCODE', 'ILOVEYOU', 3)?>";
    $("#pid").html(id);
    $(function () {
    
    
        $.ajax({
    
    
            type: 'get',
            url: "api.php?id=" + id,
            data: {
    
    },
            dataType: "json",
            success: function (res) {
    
    
                console.log(res);
            },
            error: function (err) {
    
    
                console.log(err)
            }
        });
    })

2. Backend API decryption

After the ciphertext expires, it cannot be decrypted again. Therefore, it is enough to make an error here and throw back an exception prompt.

require_once "common.php";
$id = $_GET['id'];
$pid = AuthCode($id, 'DECODE', 'LOCKDATAV', 0);
$res['data']['id'] = $id;
if ($pid == "") {
    
    
    $res['data']['msg'] = 'ID已过期,无法正常读取数据,请刷新页面。';
} else {
    
    
    $res['data']['pid'] = $pid;
    $res['data']['msg'] = "OK";
}

die(json_encode($res));

API access verification method

API access authentication is one of the important security mechanisms to ensure that only authorized users or applications can access the API. The following are some common API access verification methods:

  1. API Key (API Key): Assign a unique API key to each user or application to verify their identity and permissions. The API key is usually sent as a parameter of the request or in the request header.

  2. OAuth (Open Authorization): Oauth is an authorization framework used to authenticate third-party applications to access protected resources on behalf of users. In the OAuth process, an authorization token (Access Token) is used to access and protect API resources.

  3. JSON Web Token (JWT): JWT is a secure token used for authentication and authorization between users and services. It contains claims and authority information to authenticate the user, and a signature to verify its integrity.

  4. HTTP Basic Authentication: HTTP Basic Authentication authenticates a user by sending a Base64-encoded username and password in the request header. Although this is a simple authentication method, it does not have strong security, because the request header may be eavesdropped during transmission.

  5. HMAC (Hash Message Authentication Code): HMAC is a method of signing a message with a secret key. In the API request, use the key to generate a hash and send it to the server for authentication.

  6. IP address whitelist: restrict the IP addresses for API access, and only allow specific IP addresses to pass the verification. This approach is useful when only specific clients or servers are allowed to access the API.

The comprehensive use of the above authentication methods can enhance the security of the API. In general, API authentication methods should be selected and implemented based on specific needs and security requirements.

Encryption and decryption related

  1. Use of php dynamic password and encryption and decryption functions (dynamic password, Discuz core function AuthCode, arbitrary input password verification)
  2. Solution for php passing url parameter encryption verification (encryption decryption, security verification filtering)

@ Leak sometimes

Guess you like

Origin blog.csdn.net/weixin_41290949/article/details/131800509
Recommended
"U.S. Threats and Damage to Global Cyberspace Security and Development" report released
Ranking
[DP] expected [UVA1498] Activation
What is the ABAP Dynpro program
记录一下halcon例程报错和两个视觉库感兴趣区域绘制
characterReplacement-the longest repeated character after replacement
Target element by id somewhere within an element targeted by id
Test classification
NOI 8780 interceptor missile linear dp
Equipment inspection management wants to fine, light streams Weapon children
sql packet takes the value of the most
Computer java project recommendation SSM (Spring+SpringMVC+MyBatis) takeaway ordering management system
Daily
More
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)

Code World

© 2018 codetd.com