–
I’m learning fastapi recently, and there happens to be a crawler project that I need to develop. The company’s previous technology stack was PHP, and the old online projects were all written in laravel. I know all about laravel’s performance. It’s really hard to look at, but the development speed is really fast.
Fastapi is a better Python framework. It can automatically generate swagger documents and is very convenient to use.
Laravel’s cookie parsing is still a bit complicated, of course, this is also a guarantee for laravel’s safety.
Now we want to use fastapi to coexist with laravel and provide an interface for the front end. There are two options
- Laravel makes a layer of proxy, and then calls the python project after passing the authentication, which is equivalent to making a layer of proxy.
- Use python to implement a parsing solution for laravel cookies
As mentioned before, the overall performance deviation of PHP will be higher. If you use a layer of proxy, the performance consumption will be higher, so you can just pass it and choose to implement a set of parsing yourself.
Technical details
Laravel uses a lot of security strategies, which are some of the reasons for laravel’s poor performance. Every time cookie parsing, aes-256-cbc encryption and decryption must be used, and the CPU consumption is also relatively obvious.
Once you figure out the parsing process, it will be relatively simple. The follow-up is to use python to implement a set of the same process.
The default serialization of session is
serialization
. You can set the sequence by adding'serialization' => "json"
in the configuration fileconfig/session.php
intojson
mode to facilitate cross-language parsing. Of course, theserialization
method is also relatively simple. If you cannot change tojson
, you can also implement it yourself, or Use third-party packages.
Development
First implement an aes-256-cbc decryption algorithm
def _unpad(s): return s[: -s[-1]] def aes256cbc_decrypt(key, iv, ciphertext): # Decode ciphertext key = base64.b64decode(key) iv = base64.b64decode(iv) ciphertext = base64.b64decode(ciphertext) #Create AES decryptor cipher = AES.new(key, AES.MODE_CBC, iv) # Decrypt ciphertext decrypted_text = cipher.decrypt(ciphertext) # Remove padding decrypted_text = _unpad(decrypted_text) # Return the decryption result return decrypted_text.decode("utf-8")
Implement a laravel cookie parsing method
def laravel_decrypt(laravel_cookie) -> str: if not laravel_cookie or laravel_cookie == "": return "" laravel_config = Setting.Laravel # test session_obj = decode_cookie_str(laravel_cookie) iv = session_obj["iv"].encode() return aes256cbc_decrypt(laravel_config.key, iv, session_obj["value"])
The new version of laravel adds a hmac hash of cookie key. Use
|
to separate the hash value of key in front and Session ID in the end.
- After obtaining the Session ID, you can obtain the specific value stored in the session. If the key of
login_web_59ba36addc2b2f9401580f014c7f58ea4e30989d
exists in the value, it means that the user has logged in, and the value of this key is the user ID. - If Session ID does not exist, you need to try to obtain
remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d
fromcookie
. If it exists, use the same parsing method to parse it and obtain it. User ID, remember_token, encrypted_password are three words. Try to obtain user information from the database based on the user ID, and then compare the values of remember_token and encrypted_password. If they are the same, it means that the user should be logged in. Refresh the login status to Session middle.
Summary
The above is most of the content of python parsing laravel cookies. You can happily use python for development later. The overall security of this solution is relatively high. You can also see the huge role of the app_key variable. Do not leak it.
.
———————————END——————- ——–
Digression
In this era of big data, how can you keep up with scripting without mastering a programming language? Python, the hottest programming language at the moment, has a bright future! If you also want to keep up with the times and improve yourself, please take a look.
Interested friends will receive a complete set of Python learning materials, including interview questions, resume information, etc. See below for details.
CSDN gift package:The most complete “Python learning materials” on the entire network are given away for free! (Safe link, click with confidence)
1. Python learning routes in all directions
The technical points in all directions of Python have been compiled to form a summary of knowledge points in various fields. Its usefulness is that you can find corresponding learning resources according to the following knowledge points to ensure that you learn more comprehensively.
2. Essential development tools for Python
The tools have been organized for you, and you can get started directly after installation!
3. Latest Python study notes
When I learn a certain basic and have my own understanding ability, I will read some books or handwritten notes compiled by my seniors. These notes record their understanding of some technical points in detail. These understandings are relatively unique and can be learned. to a different way of thinking.
4. Python video collection
Watch a comprehensive zero-based learning video. Watching videos is the fastest and most effective way to learn. It is easy to get started by following the teacher’s ideas in the video, from basic to in-depth.
5. Practical cases
What you learn on paper is ultimately shallow. You must learn to type along with the video and practice it in order to apply what you have learned into practice. At this time, you can learn from some practical cases.
6. Interview Guide
Resume template
CSDN gift package:gift::[The most complete “Python learning materials” on the entire network are given away for free:free:! ](https://blog.csdn.net/weixin_68789096/article/details/132275547?spm=1001.2014.3001.5502)
(Safe link, click with confidence)
If there is any infringement, please contact us for deletion.