22

fisco bcos 调用接口报错WeBASE-Node-Manager user not logged in

 3 years ago
source link: https://learnblockchain.cn/article/1609
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

问题:

https://webasedoc.readthedocs.io/zh_CN/latest/docs/WeBASE-Node-Manager/interface.html#id225

当调用下面的接口报错。以下是官方的文档。

新增私钥用户

11.1.1 传输协议规范

  • 网络传输协议:使用HTTP协议
  • 请求地址:/user/userInfo
  • 请求方式:POST
  • 请求头:Content-type: application/json
  • 返回格式:JSON

11.1.2 请求参数

1)入参表 Rr2eemA.png!mobile 2)出参示例

成功: { "code": 0, "message": "success", "data": { "userId": 700007, "userName": "asdfvw", "groupId": 300001, "publicKey": "0x4189fdacff55fb99172e015e1adc360777bee6682fcc975238aabf144fbf610a3057fd4b5", "userStatus": 1, "userType": 1, "address": "0x40ec3c20b5178401ae14ad8ce9c9f94fa5ebb86a", "hasPk": 1, "description": "sda", "createTime": "2019-03-15 18:00:27", "modifyTime": "2019-03-15 18:00:27" } }

失败: { "code": 102000, "message": "system exception", "data": {} }

我们正常调用发现报错:

{ "code": 202014,

"message": "user already exists",

"data": null

}

解决方案:

抓取webase登录的包如下:

POST http://192.168.119.129:5000/mgr/WeBASE-Node-Manager/account/login?checkCode=ypqw HTTP/1.1

Host: 192.168.119.129:5000

Connection: keep-alive

Content-Length: 89

Accept: application/json, text/plain, /

Origin: http://192.168.119.129:5000

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

token: 6604a4b3e9268978d26eb9fef16401d34f3cc25e985f4967dd2f06d12c21eb65

Content-Type: application/x-www-form-urlencoded

Referer: http://192.168.119.129:5000/

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9

Cookie: __guid=52830440.4353789523233634000.1599636751383.38; monitor_count=5

account=admin&accountPwd=5fef526bd3b7b26001f826f469250cb954299a0169a46d11ac37a263a9ab6ab5

HTTP/1.1 200

Server: nginx/1.14.2

Date: Wed, 09 Sep 2020 09:08:14 GMT

Content-Type: application/json;charset=UTF-8

Content-Length: 169

Connection: keep-alive

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: 0

X-Frame-Options: DENY

Set-Cookie: JSESSIONID=2C7B692F335CE6BCBA8281A6F3F0AFAD; Path=/WeBASE-Node-Manager; HttpOnly

X-Frame-Options: SAMEORIGIN

{"code":0,"message":"success","data":{"accountStatus":2,"roleName":"admin","account":"admin","token":"fb50e4bbaa0e370692e35ea8b3d9f2da92aa03b9335b6a26be2297de12ee7619"}}

这里我发现有2种方式可以去调用需要登录之后的接口比如上述的接口

1.JSESSIONID=2C7B692F335CE6BCBA8281A6F3F0AFAD 把登录的这个cookie带入接口请求

2.头信息中带Authorization Token Tokenfb50e4bbaa0e370692e35ea8b3d9f2da92aa03b9335b6a26be2297de12ee7619

如下图所示:

vEnumu.png!mobile

成功解决问题!

关于应用中的调用问题:

调用这个接口需要头信息中带token ,这个token的获取需要登录,而登录需要有验证码。我在应用中怎么去不需要人为的操作就能获取这个token?我想到几个方法?

1.模拟登录破解图形验证码

2.修改源码新增一个不需要验证码的登录接口

3.登录后定时去访问一个WeBASE-Node-Manager下的接口,让token不失效

官方回复:

有关闭登录验证的配置,可以看下yml,把security配置改成false

具体详细的操作如下:

VFbYJfM.png!mobile

jEzYBf.png!mobile

但是会存在问题:

security为false 后 webase登录页 就登录不进去了!

YvMFVj.png!mobile

官方解释:

设为false之后,可以直接调用Get接口,但是post接口会因为springboot的PreAuthorized特性导致不可用

如果又webase和相关接口都想用的可以参考:

1.模拟登录破解图形验证码

2.修改源码新增一个不需要验证码的登录接口

3.登录后定时去访问一个WeBASE-Node-Manager下的接口,让token不失效

这个3个方案 第2个最靠谱,建议采用。后续官方会增加一个验证码配置,下图为证:

ruI77fE.png!mobile


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK