添加文档【Wbi 接口签名】，修改目录结构

SocialSisterYi · May 23, 2023 · 05ac3d5 · 05ac3d5
1 parent cefb7e7
commit 05ac3d5
Show file tree

Hide file tree

Showing 10 changed files with 509 additions and 173 deletions.
diff --git a/README.md b/README.md
@@ -58,10 +58,14 @@ B站 API 采用 C/S 结构，大多数接口为 REST API 和 gRPC，少部分接
 
 计划整理分类 & 目录：(文档已完结请选中 checkbox) 
 
-- [x] [API 签名](docs/other/API_sign.md)
-- [x] [公共错误码](docs/other/errcode.md)
-- [x] [图片格式化](docs/other/picture.md)
-- [x] [bvid 说明](docs/other/bvid_desc.md)
+- [ ] [接口签名与验证](docs/misc/sign)
+  - [x] [APP API 签名](docs/misc/sign/APP.md)（`appkey`与`sign`）
+  - [x] [已知的 APPKey](docs/misc/sign/APPKey.md)
+  - [x] [Wbi 签名](docs/misc/sign/wbi.md)（`wts`与`w_rid`）
+
+- [x] [公共错误码](docs/misc/errcode.md)
+- [x] [图片格式化](docs/misc/picture.md)
+- [x] [bvid 说明](docs/misc/bvid_desc.md)
 - [ ] [gRPC API 接口定义](grpc_api)
 - [ ] [登录](docs/login)
   - [x] [登录操作 (人机认证)](docs/login/login_action)
@@ -234,8 +238,8 @@ B站 API 采用 C/S 结构，大多数接口为 REST API 和 gRPC，少部分接
 - [ ] [终端网络查询](docs/clientinfo)
   - [x] [基于ip的地理位置查询](docs/clientinfo/ip.md)
   - [x] [终端信息查询](docs/clientinfo/client_info.md)
-- [ ] [其他](docs/other)
-  - [x] [获取当前时间戳](docs/other/time_stamp.md)
+- [ ] [其他](docs/misc)
+  - [x] [获取当前时间戳](docs/misc/time_stamp.md)
 - [ ] [web端组件](docs/web_widget)
   - [x] [分区当日投稿数](docs/web_widget/zone_upload.md)
   - [x] [404 页漫画收集](docs/web_widget/404_manga.md)

diff --git a/docs/login/login_info.md b/docs/login/login_info.md
@@ -27,30 +27,33 @@
 | -------------------- | ---- | ---------------- | ------------------------------------------------- |
 | isLogin              | bool | 是否已登录       | false：未登录<br />true：已登录                   |
 | email_verified       | num  | 是否验证邮箱地址 | 0：未验证<br />1：已验证                          |
-| face                 | str  | 用户头像url      |                                                   |
+| face                 | str  | 用户头像 url     |                                                   |
 | level_info           | obj  | 等级信息         |                                                   |
-| mid                  | num  | 用户mid          |                                                   |
+| mid                  | num  | 用户 mid         |                                                   |
 | mobile_verified      | num  | 是否验证手机号   | 0：未验证<br />1：已验证                          |
 | money                | num  | 拥有硬币数       |                                                   |
 | moral                | num  | 当前节操值       | 上限为70                                          |
 | official             | obj  | 认证信息         |                                                   |
-| officialVerify       | obj  | 认证信息2        |                                                   |
+| officialVerify       | obj  | 认证信息 2       |                                                   |
 | pendant              | obj  | 头像框信息       |                                                   |
-| scores               | num  | 0                | 作用尚不明确                                      |
+| scores               | num  | （？）           |                                                   |
 | uname                | str  | 用户昵称         |                                                   |
 | vipDueDate           | num  | 会员到期时间     | 毫秒 时间戳                                       |
 | vipStatus            | num  | 会员开通状态     | 0：无<br />1：有                                  |
 | vipType              | num  | 会员类型         | 0：无<br />1：月度大会员<br />2：年度及以上大会员 |
 | vip_pay_type         | num  | 会员开通状态     | 0：无<br />1：有                                  |
-| vip_theme_type       | num  | 0                | 作用尚不明确                                      |
+| vip_theme_type       | num  | （？）           |                                                   |
 | vip_label            | obj  | 会员标签         |                                                   |
 | vip_avatar_subscript | num  | 是否显示会员图标 | 0：不显示<br />1：显示                            |
 | vip_nickname_color   | str  | 会员昵称颜色     | 颜色码                                            |
 | wallet               | obj  | B币钱包信息      |                                                   |
 | has_shop             | bool | 是否拥有推广商品 | false：无<br />true：有                           |
-| shop_url             | str  | 商品推广页面url  |                                                   |
-| allowance_count      | num  | 0                | 作用尚不明确                                      |
-| answer_status        | num  | 0                | 作用尚不明确                                      |
+| shop_url             | str  | 商品推广页面 url |                                                   |
+| allowance_count      | num  | （？）           |                                                   |
+| answer_status        | num  | （？）           |                                                   |
+| is_senior_member     | num  | 是否硬核会员     | 0：非硬核会员<br />1：硬核会员                    |
+| wbi_img              | obj  | Wbi 签名实时口令 | 该字段即使用户未登录也存在                        |
+| is_jury              | bool | （？）           |                                                   |
 
 `data`中的`level_info`对象：
 
@@ -79,100 +82,153 @@
 
 `data`中的`pendant`对象：
 
-| 字段   | 类型 | 内容        | 备注         |
-| ------ | ---- | ----------- | ------------ |
-| pid    | num  | 挂件id      |              |
-| name   | str  | 挂件名称    |              |
-| image  | str  | 挂件图片url |              |
-| expire | num  | 0           | 作用尚不明确 |
+| 字段   | 类型 | 内容        | 备注 |
+| ------ | ---- | ----------- | ---- |
+| pid    | num  | 挂件id      |      |
+| name   | str  | 挂件名称    |      |
+| image  | str  | 挂件图片url |      |
+| expire | num  | （？）      |      |
 
 `data`中的`vip_label`对象：
 
 | 字段        | 类型 | 内容     | 备注                                                         |
 | ----------- | ---- | -------- | ------------------------------------------------------------ |
-| path        | str  | 空       | 作用尚不明确                                                 |
+| path        | str  | （？）   |                                                              |
 | text        | str  | 会员名称 |                                                              |
 | label_theme | str  | 会员标签 | vip：大会员<br />annual_vip：年度大会员<br />ten_annual_vip：十年大会员<br />hundred_annual_vip：百年大会员 |
 
 `data`中的`wallet`对象：
 
-| 字段            | 类型 | 内容          | 备注         |
-| --------------- | ---- | ------------- | ------------ |
-| mid             | num  | 登录用户mid   |              |
-| bcoin_balance   | num  | 拥有B币数     |              |
-| coupon_balance  | num  | 每月奖励B币数 |              |
-| coupon_due_time | num  | 0             | 作用尚不明确 |
+| 字段            | 类型 | 内容          | 备注 |
+| --------------- | ---- | ------------- | ---- |
+| mid             | num  | 登录用户mid   |      |
+| bcoin_balance   | num  | 拥有B币数     |      |
+| coupon_balance  | num  | 每月奖励B币数 |      |
+| coupon_due_time | num  | （？）        |      |
+
+`data`中的`wbi_img`对象：
+
+| 字段    | 类型 | 内容                            | 备注                                     |
+| ------- | ---- | ------------------------------- | ---------------------------------------- |
+| img_url | str  | Wbi 签名参数 `imgKey`的伪装 url | 详见文档 [Wbi 签名](../misc/sign/wbi.md) |
+| sub_url | str  | Wbi 签名参数 `subKey`的伪装 url | 详见文档 [Wbi 签名](../misc/sign/wbi.md) |
 
 **示例：**
 
 ```shell
 curl 'https://api.bilibili.com/nav' \
--b 'SESSDATA=xxx'
+	-b 'SESSDATA=xxx'
 ```
 
 <details>
 <summary>查看响应示例：</summary>
 
 ```json
 {
-    "code":0,
-    "message":"0",
-    "ttl":1,
-    "data":{
-        "isLogin":true,
-        "email_verified":1,
-        "face":"http://i1.hdslb.com/bfs/face/aebb2639a0d47f2ce1fec0631f412eaf53d4a0be.jpg",
-        "level_info":{
-            "current_level":5,
-            "current_min":10800,
-            "current_exp":17065,
-            "next_exp":28800
+    "code": 0,
+    "message": "0",
+    "ttl": 1,
+    "data": {
+        "isLogin": true,
+        "email_verified": 1,
+        "face": "https://i0.hdslb.com/bfs/face/aebb2639a0d47f2ce1fec0631f412eaf53d4a0be.jpg",
+        "face_nft": 0,
+        "face_nft_type": 0,
+        "level_info": {
+            "current_level": 6,
+            "current_min": 28800,
+            "current_exp": 52689,
+            "next_exp": "--"
+        },
+        "mid": 293793435,
+        "mobile_verified": 1,
+        "money": 172.4,
+        "moral": 70,
+        "official": {
+            "role": 0,
+            "title": "",
+            "desc": "",
+            "type": -1
+        },
+        "officialVerify": {
+            "type": -1,
+            "desc": ""
         },
-        "mid":293793435,
-        "mobile_verified":1,
-        "money":33.4,
-        "moral":70,
-        "official":{
-            "role":0,
-            "title":"",
-            "desc":"",
-            "type":-1
+        "pendant": {
+            "pid": 2511,
+            "name": "初音未来13周年",
+            "image": "https://i0.hdslb.com/bfs/garb/item/4f8f3f1f2d47f0dad84f66aa57acd4409ea46361.png",
+            "expire": 0,
+            "image_enhance": "https://i0.hdslb.com/bfs/garb/item/fe0b83b53e2342b16646f6e7a9370d8a867decdb.webp",
+            "image_enhance_frame": "https://i0.hdslb.com/bfs/garb/item/127c507ec8448be30cf5f79500ecc6ef2fd32f2c.png"
         },
-        "officialVerify":{
-            "type":-1,
-            "desc":""
+        "scores": 0,
+        "uname": "社会易姐QwQ",
+        "vipDueDate": 1707494400000,
+        "vipStatus": 1,
+        "vipType": 2,
+        "vip_pay_type": 0,
+        "vip_theme_type": 0,
+        "vip_label": {
+            "path": "",
+            "text": "年度大会员",
+            "label_theme": "annual_vip",
+            "text_color": "#FFFFFF",
+            "bg_style": 1,
+            "bg_color": "#FB7299",
+            "border_color": "",
+            "use_img_label": true,
+            "img_label_uri_hans": "",
+            "img_label_uri_hant": "",
+            "img_label_uri_hans_static": "https://i0.hdslb.com/bfs/vip/8d4f8bfc713826a5412a0a27eaaac4d6b9ede1d9.png",
+            "img_label_uri_hant_static": "https://i0.hdslb.com/bfs/activity-plat/static/20220614/e369244d0b14644f5e1a06431e22a4d5/VEW8fCC0hg.png"
         },
-        "pendant":{
-            "pid":0,
-            "name":"",
-            "image":"",
-            "expire":0,
-            "image_enhance":""
+        "vip_avatar_subscript": 1,
+        "vip_nickname_color": "#FB7299",
+        "vip": {
+            "type": 2,
+            "status": 1,
+            "due_date": 1707494400000,
+            "vip_pay_type": 0,
+            "theme_type": 0,
+            "label": {
+                "path": "",
+                "text": "年度大会员",
+                "label_theme": "annual_vip",
+                "text_color": "#FFFFFF",
+                "bg_style": 1,
+                "bg_color": "#FB7299",
+                "border_color": "",
+                "use_img_label": true,
+                "img_label_uri_hans": "",
+                "img_label_uri_hant": "",
+                "img_label_uri_hans_static": "https://i0.hdslb.com/bfs/vip/8d4f8bfc713826a5412a0a27eaaac4d6b9ede1d9.png",
+                "img_label_uri_hant_static": "https://i0.hdslb.com/bfs/activity-plat/static/20220614/e369244d0b14644f5e1a06431e22a4d5/VEW8fCC0hg.png"
+            },
+            "avatar_subscript": 1,
+            "nickname_color": "#FB7299",
+            "role": 3,
+            "avatar_subscript_url": "",
+            "tv_vip_status": 0,
+            "tv_vip_pay_type": 0,
+            "tv_due_date": 1640793600
         },
-        "scores":0,
-        "uname":"社会易姐QwQ",
-        "vipDueDate":1612454400000,
-        "vipStatus":1,
-        "vipType":2,
-        "vip_pay_type":1,
-        "vip_theme_type":0,
-        "vip_label":{
-            "path":"",
-            "text":"年度大会员",
-            "label_theme":"annual_vip"
+        "wallet": {
+            "mid": 293793435,
+            "bcoin_balance": 5,
+            "coupon_balance": 5,
+            "coupon_due_time": 0
         },
-        "vip_avatar_subscript":1,
-        "vip_nickname_color":"#FB7299",
-        "wallet":{
-            "mid":293793435,
-            "bcoin_balance":8,
-            "coupon_balance":5,
-            "coupon_due_time":0
+        "has_shop": true,
+        "shop_url": "https://gf.bilibili.com?msource=main_station",
+        "allowance_count": 0,
+        "answer_status": 0,
+        "is_senior_member": 1,
+        "wbi_img": {
+            "img_url": "https://i0.hdslb.com/bfs/wbi/653657f524a547ac981ded72ea172057.png",
+            "sub_url": "https://i0.hdslb.com/bfs/wbi/6e4909c702f846728e64f6007736a338.png"
         },
-        "has_shop":false,
-        "shop_url":"",
-        "allowance_count":0,
-        "answer_status":0
+        "is_jury": false
     }
 }
 ```

diff --git a/docs/other/bvid_desc.md → docs/misc/bvid_desc.md b/docs/other/bvid_desc.md → docs/misc/bvid_desc.md
diff --git a/docs/other/errcode.md → docs/misc/errcode.md b/docs/other/errcode.md → docs/misc/errcode.md
diff --git a/docs/other/picture.md → docs/misc/picture.md b/docs/other/picture.md → docs/misc/picture.md
diff --git a/docs/misc/sign/APP.md b/docs/misc/sign/APP.md
@@ -0,0 +1,65 @@
+# APP API 签名与鉴权
+
+## APP API 签名特性
+
+部分客户端专用的 REST API 存在基于参数签名的鉴权，需要使用规定的`appkey`及其对应的`appsec`与原始请求参数进行签名计算，部分`AppKey`及与之对应的`AppSec`已经被公开：见该文档 [APPKey](APPKey.md)
+
+- 不同 `appkey` 对应不同的 app (如客户端、概念版、必剪、漫画、bililink等)
+
+- 不同平台同 app 也会存在不同的 `appkey` (如安卓端、ios端、TV端等)
+
+- 同平台同 app 下不同功能也会存在不同的 `appkey`（如登录专用、取流专用等）
+
+- 不同版本的客户端的 `appkey` 也可能不同
+
+- **appkey与appsec一一对应**
+
+## APP API 签名算法
+
+1. 首先为参数中添加`appkey`字段
+2. 然后按照参数的 Key 重新排序
+3. 再对这个 Key-Value 进行 url query 序列化，并拼接与之对应的`appsec` (盐) 进行 **md5 Hash 运算**（32-bit 字符小写），该 hash 便是 API 签名
+4. 最后在参数尾部增添`sign`字段，它的 Value 为上一步计算所得的 hash，一并作为表单或 Query 提交
+
+## Demo
+
+该 Demo 提供 [Python](#Python) 语言例程
+
+使用 appkey = `1d8b6e7d45233436`, appsec = `560c52ccd288fed045859ed18bffd973` 对如下 `params` 参数进行签名
+
+上述示例`appkey`、`AppSec`均来自文档 [APPKey](APPKey.md)
+
+### Python
+
+```python
+import hashlib
+import urllib.parse
+
+def appsign(params, appkey, appsec):
+    '为请求参数进行 APP 签名'
+    params.update({'appkey': appkey})
+    params = dict(sorted(params.items())) # 按照 key 重排参数
+    query = urllib.parse.urlencode(params) # 序列化参数
+    sign = hashlib.md5((query+appsec).encode()).hexdigest() # 计算 api 签名
+    params.update({'sign':sign})
+    return params
+
+appkey = '1d8b6e7d45233436'
+appsec = '560c52ccd288fed045859ed18bffd973'
+params = {
+    'id':114514,
+    'str':'1919810',
+    'test':'いいよ，こいよ',
+}
+signed_params = appsign(params, appkey, appsec)
+query = urllib.parse.urlencode(signed_params)
+print(signed_params)
+print(query)
+```
+
+输出内容分别是进行 APP 签名的后参数的 key-Value 以及 url query 形式
+
+```
+{'appkey': '1d8b6e7d45233436', 'id': 114514, 'str': '1919810', 'test': 'いいよ，こいよ', 'sign': '01479cf20504d865519ac50f33ba3a7d'}
+appkey=1d8b6e7d45233436&id=114514&str=1919810&test=%E3%81%84%E3%81%84%E3%82%88%EF%BC%8C%E3%81%93%E3%81%84%E3%82%88&sign=01479cf20504d865519ac50f33ba3a7d
+```