app与服务端通信过程中有时需要加密,这样受保护的body更不易被破解。
例子:
工作中有遇到类似于http://test.baidu.com/ad/conf?m2=xx&ch=xxxxx&sign=xxx的请求,通过postman、jmeter在进行请求时由于无法直接获取到sign值,无法顺利走通接口,这时候下边的代码就work了。
//签名规则:sign=md5(key1=value1&key2=value2&secret) var secret = "abcde";//secret var newtimestamp=Math.round(new Date().getTime()); console.log("newtimestamp:"+newtimestamp); //请求参数名按照ASCII码升序排序 keys = Object.keys(request.data).sort(); //拼接待签名字符串 var str = []; for (var p = 0; p < keys.length; p++) { if(keys[p] == "sign" || request.data[keys[p]] === ""){ // == 宽松相等,隐性类型转换,值相等,返回true; // === 严格相等,值和类型都相等,返回true continue; } if(keys[p] == "qbtime"){ str.push(keys[p] + "=" + newtimestamp); continue; } str.push(keys[p] + "=" + request.data[keys[p]]); } var presign = str.join("&"); presign = presign+"&"+secret; //添加secret console.log("presign:"+presign); var signSecret = CryptoJS.MD5(presign).toString(); //md5 console.log("signSecret:"+signSecret); //重设环境变量 pm.environment.unset("sign"); pm.environment.unset("timestamp"); pm.environment.set("sign", signSecret); pm.environment.set("timestamp", newtimestamp);