开放API

开放API接口URI均以/openApi/开头，在header中通过设置Authorization key来进行校验。您的具体代码类似于以下示例：

// node javascript
fetch("https://www.yemapt.org/openApi/xxxxxxxxx", {
  "headers": {
    "Authorization": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
  }
});

# bash
curl 'https://www.yemapt.org/openApi/xxxxxxxxx'\
 -H 'Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

开放api的校验auth必须使用个人详情页中创建的、具有180天有效期的auth。如果用户使用了cookie中的auth，将无法使用开放api，返回结果的success为false，errorCode为403，errorMessage为need api auth。示例如下：

{
    "success": true,
    "errorCode": 403,
    "errorMessage": "need api auth"
}

1. 用户

1.1 获取用户基本信息

GET /openApi/user/fetchBasicInfo.json

响应结果

{
    "success": true,
    "showType": 0,
    "data": {
        "id": 10,
        "name": "abcde",
        "avatar": "/image/avatar/10.png",
        "bonus": 1000000,
        "level": 7,
        "status": "enable",
        "invitedNum": 100,
        "availableInviteNum": 100,
        "registerTime": "2024-05-01T00:00:00.000+00:00",
        "promotionUploadSize": 1000000,
        "promotionDownloadSize": 1000000
    }
}

备注：avatar如果是/image/开头的字符串，则可以直接拼接域名访问，如果是32位长度的随机字符串，则需要使用 Multiavatar 进行转换，此组件提供了JavaScript、PHP和Python工具包。

1.2 校验是否为本站用户

用于第三方系统校验用户提交的auth是否正常，以及获取对应的uid，此功能采用RSA签名技术。

当前使用的publicKey：

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6OpYYWpF5Js8SWtuAXGZ1iWGsADHSDhdkz9wDQYuvRB3SW2xGSQpwYB7B7Bn6ZfoXtxhMm2v4JzwTe3qZioWmwgyweCyv7FIjvsdYIhAHMj7v7jI7zq0Xn9F6CjBMM0AWtCmhhH/eFNxICiCucVGqa6Z0hf5OcAWefPHIOdtMbWp+4fqkjWc7EuEjfqFr2eDy9kHqZWFpuByQa9jiF4v9HzLfoO/UwqBheYkNSLgoTRQ6sSF1bHlDC8yq3l4d/6fsQ7mZPJzWBf2vlohmOVpjy6s4Z+qtNpWsJhrLW9au49+1eYadKpNLR10izG5boKn+z9i5P/tRQ8WNkZELN2OwIDAQAB

POST /openApi/user/authenticate.json

Header ContentType: application/json

Body

{
    "publicKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    "randomContent": "12345678123456781234567812345678"
}

备注:

publicKey务必使用wiki中展示的key。
randomContent请使用UUID生成32位长度字符串，去除中间的-即可。

响应结果

{
    "success": true,
    "showType": 0,
    "data": {
        "userId": 100,
        "signType": "rsa-sha256",
        "publicKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
        "signature": "OOOOOOOOOOOOOOOOOOOOOOOOOOOO"
    }
}

备注:

签名的数据格式为用户ID制表符randomContent，即:

String data = "{userId}\t{randomContent}"
                .replace("userId","100")
                .replace("randomContent","12345678123456781234567812345678");

示例代码：

python：

```python
from base64 import b64decode
import rsa

data = "100\t12345678123456781234567812345678"
publicKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
signature = "OOOOOOOOOOOOOOOOOOOOOOOOOOOO"

PUB = '''
-----BEGIN PUBLIC KEY-----
{publicKey}
-----END PUBLIC KEY-----
'''.format(publicKey=publicKey)

try:
    signType = rsa.verify(data.encode(), b64decode(signature), rsa.PublicKey.load_pkcs1_openssl_pem(PUB))
    print(signType)
except rsa.pkcs1.VerificationError:
    print("verification failed")

```

java:

import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;


public static boolean rsaValidate(String publicKeyStr, String sign, String data) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
    PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(
            new X509EncodedKeySpec(Base64.getDecoder().decode(publicKeyStr)));

    Signature verify = Signature.getInstance("SHA256withRSA");
    verify.initVerify(publicKey);
    verify.update(data.getBytes());
    return verify.verify(Base64.getDecoder().decode(sign));
}

2. 种子

2.1 根据piecesHash获取种子id

POST /openApi/torrent/fetchTorrentIdWithPiecesHash.json

Header ContentType: application/json

Body

{
    "piecesHashList": [
        "e9f3f5dd32abasdfghfea4d43d32559cf0309764",
        "e9f3f5dd32ab123456fea4d43d32559cf0309764"
    ]
}

备注: piecesHashList不能为空，数组长度不能超过100

响应结果

{
    "success": true,
    "showType": 0,
    "data": {
        "e9f3f5dd32abasdfghfea4d43d32559cf0309764": 100
    }
}

最后更新于1年前