给裸接口加一道防护，避免恶意盗刷和爬取_html/css

Home

Web Front-end

HTML Tutorial

给裸接口加一道防护，避免恶意盗刷和爬取_html/css_WEB-ITnose

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 21, 2016 am 08:46 AM

WEB应用是开放的，WEB前端代码也是公开的，和后端交互的接口如果没有经过特殊处理（加密/token），那么就是裸露的，只要知道api地址，那么就能随便获取应用数据。这样应用数据就很容易被人爬取或者恶意盗刷，典型的短信被恶意盗刷。

公司理财产品的短信接口就是一个裸接口，只要手机号就可以任意盗刷，当然背后有根据手机号，ip地址做了请求限制，但还是不够。后面就加了一定时间内一定请求次数的Token，后面观察，基本没有被刷的迹象，说明新的机制还是起到很大作用。当然这个机制不仅是用于防短信盗刷，可用于任意的裸接口防护。

原理很简单，就是在web页面请求的时候由后端按一定的算法注入token到页面中去，然后前端可以通过对应的规则取到token，在请求接口数据时带上去就能在后端对token进行验证，验证通过就能正常请求到数据。如果是native app ，可通过加密的方法请求接口来获取token，最简单直接的方式就是native app 客户端使用一段字符串+时间戳（从后端获取）进行加密，然后请求后端接口，接口对数据进行解密，对时间戳对比，在一段时间内认为有效（避免加密信息被拦截，所以加了时间戳校验），从而获取token。

当然web应用都是公开的，所有源码理论上都是能获取到的。那么后端向web页面注入token的方式也能被破解，所以，后端注入token的形式可定制，比如注入到请求，或者自己实现一套算法，增加被破解的难度。

把这套机制整理成一个独立的npm包 access-token-api，方便多项目复用。

使用例子：

npm install access-token-api//server(nodejs)  端var accessTokenApi = require('access-token-api');var TokenApi = new accessTokenApi({    webTokenVarName:'encrypt_api_tokenStr',//前端可通过webTokenVarName变量去到token值，默认encrypt_api_tokenStr});//web前端取token值window[webTokenVarName] //请求接口时带上这个值就能进行token校验了

主要接口

生成token api issue验证token api verifytoken 有效次数减一 api declineserver 端将token 注入到 web 前端页面 api webInject

自定义后端注入token到web前端页面的方式，可以初始化模块时自定义webInject参数(函数)

var TokenApi = new accessTokenApi({    webInject:function(html,token,callback){    var htmlEndIndex = html.indexOf('</html>');      var tokenScript = '<script>window.' + this.config.webTokenVarName + '=' + token + '</script>';      var prevHtml = html.substring(0,htmlEndIndex);      var nextHtml = html.substr(htmlEndIndex);       prevHtml += tokenScript;      prevHtml += nextHtml;      callback(null,prevHtml);    }});

项目地址 https://github.com/navyxie/access-token-api,里面有express和sails框架的使用例子，抛砖引玉。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

HTML: Building the Structure of Web PagesApr 14, 2025 am 12:14 AM

HTML is the cornerstone of building web page structure. 1. HTML defines the content structure and semantics, and uses, etc. tags. 2. Provide semantic markers, such as, etc., to improve SEO effect. 3. To realize user interaction through tags, pay attention to form verification. 4. Use advanced elements such as, combined with JavaScript to achieve dynamic effects. 5. Common errors include unclosed labels and unquoted attribute values, and verification tools are required. 6. Optimization strategies include reducing HTTP requests, compressing HTML, using semantic tags, etc.

From Text to Websites: The Power of HTMLApr 13, 2025 am 12:07 AM

HTML is a language used to build web pages, defining web page structure and content through tags and attributes. 1) HTML organizes document structure through tags, such as,. 2) The browser parses HTML to build the DOM and renders the web page. 3) New features of HTML5, such as, enhance multimedia functions. 4) Common errors include unclosed labels and unquoted attribute values. 5) Optimization suggestions include using semantic tags and reducing file size.

Understanding HTML, CSS, and JavaScript: A Beginner's GuideApr 12, 2025 am 12:02 AM

WebdevelopmentreliesonHTML,CSS,andJavaScript:1)HTMLstructurescontent,2)CSSstylesit,and3)JavaScriptaddsinteractivity,formingthebasisofmodernwebexperiences.

The Role of HTML: Structuring Web ContentApr 11, 2025 am 12:12 AM

The role of HTML is to define the structure and content of a web page through tags and attributes. 1. HTML organizes content through tags such as , making it easy to read and understand. 2. Use semantic tags such as, etc. to enhance accessibility and SEO. 3. Optimizing HTML code can improve web page loading speed and user experience.

HTML and Code: A Closer Look at the TerminologyApr 10, 2025 am 09:28 AM

HTMLisaspecifictypeofcodefocusedonstructuringwebcontent,while"code"broadlyincludeslanguageslikeJavaScriptandPythonforfunctionality.1)HTMLdefineswebpagestructureusingtags.2)"Code"encompassesawiderrangeoflanguagesforlogicandinteract

HTML, CSS, and JavaScript: Essential Tools for Web DevelopersApr 09, 2025 am 12:12 AM

HTML, CSS and JavaScript are the three pillars of web development. 1. HTML defines the web page structure and uses tags such as, etc. 2. CSS controls the web page style, using selectors and attributes such as color, font-size, etc. 3. JavaScript realizes dynamic effects and interaction, through event monitoring and DOM operations.

The Roles of HTML, CSS, and JavaScript: Core ResponsibilitiesApr 08, 2025 pm 07:05 PM

HTML defines the web structure, CSS is responsible for style and layout, and JavaScript gives dynamic interaction. The three perform their duties in web development and jointly build a colorful website.

Is HTML easy to learn for beginners?Apr 07, 2025 am 12:11 AM

HTML is suitable for beginners because it is simple and easy to learn and can quickly see results. 1) The learning curve of HTML is smooth and easy to get started. 2) Just master the basic tags to start creating web pages. 3) High flexibility and can be used in combination with CSS and JavaScript. 4) Rich learning resources and modern tools support the learning process.

See all articles