novalon/gym-manage
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aa0ad4dce534b3aaebe55b7c420f486155608511
gym-manage/test-suite/tests/e2e/check_frontend_signature.py
T

126 lines
4.9 KiB
Python
Raw Blame History

"""
检查前端实际发送的签名头
"""
from playwright.sync_api import sync_playwright
import time
def check_frontend_signature():
"""检查前端签名头"""
with sync_playwright() as p:
browser = p.chromium.launch(headless=True)
context = browser.new_context()
page = context.new_page()
signature_headers = {}
def handle_request(request):
if '/api/users/page' in request.url:
signature_headers['url'] = request.url
signature_headers['method'] = request.method
signature_headers['X-Signature'] = request.headers.get('X-Signature', 'None')
signature_headers['X-Timestamp'] = request.headers.get('X-Timestamp', 'None')
signature_headers['X-Nonce'] = request.headers.get('X-Nonce', 'None')
print(f"\n捕获到用户列表请求:")
print(f" URL: {request.url}")
print(f" Method: {request.method}")
print(f" X-Signature: {signature_headers['X-Signature'][:30] if signature_headers['X-Signature'] != 'None' else 'None'}...")
print(f" X-Timestamp: {signature_headers['X-Timestamp']}")
print(f" X-Nonce: {signature_headers['X-Nonce']}")
page.on('request', handle_request)
try:
print("=" * 60)
print("检查前端签名头")
print("=" * 60)
print("\n1. 登录...")
page.goto('http://localhost:3002/login')
page.wait_for_load_state('networkidle')
page.fill('input[type="text"], input[placeholder*="用户名"]', 'admin')
page.fill('input[type="password"]', 'admin123')
with page.expect_navigation(timeout=10000):
page.click('button:has-text("登录")')
time.sleep(2)
print("\n2. 访问用户管理页面...")
page.goto('http://localhost:3002/users')
time.sleep(5)
page.wait_for_load_state('networkidle')
if signature_headers:
print("\n" + "=" * 60)
print("前端签名头信息:")
print("=" * 60)
url = signature_headers.get('url', '')
method = signature_headers.get('method', 'GET')
signature = signature_headers.get('X-Signature', 'None')
timestamp = signature_headers.get('X-Timestamp', 'None')
nonce = signature_headers.get('X-Nonce', 'None')
print(f"URL: {url}")
print(f"Method: {method}")
print(f"X-Signature: {signature}")
print(f"X-Timestamp: {timestamp}")
print(f"X-Nonce: {nonce}")
# 手动验证签名
if timestamp != 'None' and nonce != 'None':
from urllib.parse import urlparse, parse_qs
parsed = urlparse(url)
path = parsed.path
query = parsed.query
print(f"\n路径: {path}")
print(f"查询参数: {query}")
# 生成期望的签名
import hmac
import hashlib
import base64
secret = 'NovalonManageSystemSecretKey2026'
string_to_sign = '\n'.join([
method,
path,
query or '',
'',
timestamp,
nonce
])
expected_signature = base64.b64encode(
hmac.new(
secret.encode('utf-8'),
string_to_sign.encode('utf-8'),
hashlib.sha256
).digest()
).decode('utf-8')
print(f"\n期望的签名: {expected_signature}")
print(f"实际的签名: {signature}")
if signature == expected_signature:
print("\n✅ 签名匹配")
else:
print("\n❌ 签名不匹配")
print(f"\n签名字符串:\n{string_to_sign}")
else:
print("\n❌ 未捕获到用户列表请求")
except Exception as e:
print(f"\n❌ 错误: {str(e)}")
import traceback
traceback.print_exc()
finally:
browser.close()
if __name__ == "__main__":
check_frontend_signature()
Reference in New Issue View Git Blame Copy Permalink