最近研究某教育网站接口，发现其接口有个参数是动态生成的，简单记录下怎么模拟生成这个加密参数。

<script src="https://cdn.staticfile.org/crypto-js/4.1.1/crypto-js.min.js"></script>
<script>
function signsafe(url) {
    var n = 'D23ABC@#56';
    n = CryptoJS.HmacSHA1(CryptoJS.enc.Utf8.parse(decodeURI(url)), n),
    n = CryptoJS.enc.Base64.stringify(n).toString();
    return CryptoJS.MD5(n);
}
var url = 'api.xxx.cn/web/api/?keyword=%E5%BE%AE%E7%94%B5%E5%AD%90&level1=1&level2=&level3=&page=1&size=30&sort=&uri=apidata/api/gkv3/special/lists';
console.log(signsafe(url));
</script>

转为python写法

# pip install pycryptodome
import hmac
from hashlib import sha1, md5
from urllib.parse import unquote

def signsafe(url, key='D23ABC@#56'):
    n = hmac.new(key.encode('utf-8'), unquote(url).encode('utf-8'), sha1).digest()
    n = b64encode(n).decode('utf-8')
    n = md5(n.encode('utf-8')).hexdigest()
    return n

php 写法

function signsafe($url, $key='D23ABC@#56')
{
    $n = hash_hmac('sha1', urldecode($url), $key, true);
    $n = base64_encode($n);
    $n = hash('md5', $n);
    return $n;
}