开放API接口URI均以/openApi/开头,在header中通过设置Authorization key来进行校验。您的具体代码类似于以下示例:
// node javascript
fetch("https://www.yemapt.org/openApi/xxxxxxxxx", {
"headers": {
"Authorization": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
});
# bash
curl 'https://www.yemapt.org/openApi/xxxxxxxxx'\
-H 'Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
开放api的校验auth必须使用个人详情页中创建的、具有180天有效期的auth。如果用户使用了cookie中的auth,将无法使用开放api,返回结果的success为false,errorCode为403,errorMessage为need api auth。示例如下:
{
"success": true,
"errorCode": 403,
"errorMessage": "need api auth"
}
1. 用户
1.1 获取用户基本信息
GET /openApi/user/fetchBasicInfo.json
响应结果
{
"success": true,
"showType": 0,
"data": {
"id": 10,
"name": "abcde",
"avatar": "/image/avatar/10.png",
"bonus": 1000000,
"level": 7,
"status": "enable",
"invitedNum": 100,
"availableInviteNum": 100,
"registerTime": "2024-05-01T00:00:00.000+00:00",
"promotionUploadSize": 1000000,
"promotionDownloadSize": 1000000
}
}
备注:avatar如果是/image/开头的字符串,则可以直接拼接域名访问,如果是32位长度的随机字符串,则需要使用 Multiavatar 进行转换,此组件提供了JavaScript、PHP和Python工具包。
1.2 校验是否为本站用户
用于第三方系统校验用户提交的auth是否正常,以及获取对应的uid,此功能采用RSA签名技术。
当前使用的publicKey:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6OpYYWpF5Js8SWtuAXGZ1iWGsADHSDhdkz9wDQYuvRB3SW2xGSQpwYB7B7Bn6ZfoXtxhMm2v4JzwTe3qZioWmwgyweCyv7FIjvsdYIhAHMj7v7jI7zq0Xn9F6CjBMM0AWtCmhhH/eFNxICiCucVGqa6Z0hf5OcAWefPHIOdtMbWp+4fqkjWc7EuEjfqFr2eDy9kHqZWFpuByQa9jiF4v9HzLfoO/UwqBheYkNSLgoTRQ6sSF1bHlDC8yq3l4d/6fsQ7mZPJzWBf2vlohmOVpjy6s4Z+qtNpWsJhrLW9au49+1eYadKpNLR10izG5boKn+z9i5P/tRQ8WNkZELN2OwIDAQAB
POST /openApi/user/authenticate.json
Header ContentType: application/json
Body
{
"publicKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
"randomContent": "12345678123456781234567812345678"
}
备注:
publicKey务必使用wiki中展示的key。
randomContent请使用UUID生成32位长度字符串,去除中间的-即可。
响应结果
{
"success": true,
"showType": 0,
"data": {
"userId": 100,
"signType": "rsa-sha256",
"publicKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"signature": "OOOOOOOOOOOOOOOOOOOOOOOOOOOO"
}
}
备注:
签名的数据格式为 用户ID制表符randomContent,即:
String data = "{userId}\t{randomContent}"
.replace("userId","100")
.replace("randomContent","12345678123456781234567812345678");
示例代码:
python:
```python
from base64 import b64decode
import rsa
data = "100\t12345678123456781234567812345678"
publicKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
signature = "OOOOOOOOOOOOOOOOOOOOOOOOOOOO"
PUB = '''
-----BEGIN PUBLIC KEY-----
{publicKey}
-----END PUBLIC KEY-----
'''.format(publicKey=publicKey)
try:
signType = rsa.verify(data.encode(), b64decode(signature), rsa.PublicKey.load_pkcs1_openssl_pem(PUB))
print(signType)
except rsa.pkcs1.VerificationError:
print("verification failed")
```
java:
import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
public static boolean rsaValidate(String publicKeyStr, String sign, String data) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(
new X509EncodedKeySpec(Base64.getDecoder().decode(publicKeyStr)));
Signature verify = Signature.getInstance("SHA256withRSA");
verify.initVerify(publicKey);
verify.update(data.getBytes());
return verify.verify(Base64.getDecoder().decode(sign));
}
2. 种子
2.1 根据piecesHash获取种子id
POST /openApi/torrent/fetchTorrentIdWithPiecesHash.json
Header ContentType: application/json
Body
{
"piecesHashList": [
"e9f3f5dd32abasdfghfea4d43d32559cf0309764",
"e9f3f5dd32ab123456fea4d43d32559cf0309764"
]
}
备注: piecesHashList不能为空,数组长度不能超过100
响应结果
{
"success": true,
"showType": 0,
"data": {
"e9f3f5dd32abasdfghfea4d43d32559cf0309764": 100
}
}
