logo标签列表

使用Python访问Lovoo API

python-3.xrestpython-requestsoauthtoken
98

我希望能够利用lovoo API,但不知道如何开始。在运行Charles代理并查看流量后,我得出以下结论:

首先,在用户通过应用程序(iPhone)登录后会立即发送到https://api.lovoo.com/oauth/requestToken?GET 请求:

    GET /oauth/requestToken? HTTP/1.1
Host    api.lovoo.com
User-Agent  LOVOO/612 (iPhone; iOS 10.2; Scale/3.00)
kissapi-app-idfv    1EC7A8E5-DF16-4E14-8EC9-98DD4772F903
tz  Europe/xxx
kissapi-device-model    iPhone 6s Plus
kissapi-app-version 3.17.0
kissapi-new-oauth   1
kissapi-device  iphone
kissapi-app lovoo
wifi    true
kissapi-adv-id  00000000-0000-0000-0000-000000000000
Connection  keep-alive
kissapi-app-id  7F947A460DAFCA88556B2F35A6D78A3E
Authorization   OAuth oauth_callback="oob", oauth_consumer_key="an.email%40gmail.com", oauth_nonce="A32CCA91-FB7A-4AA3-8314-0A9A6E67045E", oauth_signature="Sq8KTg%2FhVIGBaWgWXprPluczOs4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1487017515", oauth_version="1.0"
Accept-Language en-CH;q=1, de-CH;q=0.9
kissapi-adv-on  false
kissapi-version 1.20.0
kissapi-update-user-hash    6ea2bd15ea41d0dc8c2615589e2d52ec
Accept  */*
kissapi-device-os   10.2
Accept-Encoding gzip, deflate
kissapi-sync-enabled    1

这也会产生以下的令牌:oauth_token=44d83e8ef50f&oauth_token_secret=37998f6c6ef2e618

接下来是另一个GET请求,向https://api.lovoo.com/oauth/accessToken?发送:

GET /oauth/accessToken? HTTP/1.1
Host    api.lovoo.com
User-Agent  LOVOO/612 (iPhone; iOS 10.2; Scale/3.00)
kissapi-app-idfv    1EC7A8E5-DF16-4E14-8EC9-98DD4772F903
tz  Europe/xxx
kissapi-device-model    iPhone 6s Plus
kissapi-app-version 3.17.0
kissapi-new-oauth   1
kissapi-device  iphone
kissapi-app lovoo
wifi    true
kissapi-adv-id  00000000-0000-0000-0000-000000000000
Connection  keep-alive
kissapi-app-id  7F947A460DAFCA88556B2F35A6D78A3E
Authorization   OAuth oauth_consumer_key="an.email%40gmail.com", oauth_nonce="080328C9-0A53-4971-85E7-65A43F12DC09", oauth_signature="Km0vd8xtHaQmRgkrGLsiljel13o%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1487017515", oauth_token="44d83e8ef50f", oauth_version="1.0"
Accept-Language en-CH;q=1, de-CH;q=0.9
kissapi-adv-on  false
kissapi-version 1.20.0
kissapi-update-user-hash    6ea2bd15ea41d0dc8c2615589e2d52ec
Accept  */*
kissapi-device-os   10.2
Accept-Encoding gzip, deflate
kissapi-sync-enabled    1

并提供以下令牌:oauth_token=60c8977c8fe9509f&oauth_token_secret=549619c0ef4c4be7d7cb898e

现在,可以发送请求到https://api.lovoo.com/init

GET /init HTTP/1.1
Host    api.lovoo.com
User-Agent  LOVOO/612 (iPhone; iOS 10.2; Scale/3.00)
kissapi-app-idfv    1EC7A8E5-DF16-4E14-8EC9-98DD4772F903
tz  Europe/xxx
kissapi-device-model    iPhone 6s Plus
kissapi-app-version 3.17.0
kissapi-new-oauth   1
kissapi-device  iphone
kissapi-app lovoo
wifi    true
kissapi-adv-id  00000000-0000-0000-0000-000000000000
Connection  keep-alive
kissapi-app-id  7F947A460DAFCA88556B2F35A6D78A3E
Authorization   OAuth oauth_consumer_key="an.email%40gmail.com", oauth_nonce="B622CE9C-DA3D-435C-939A-C58B83DBE85C", oauth_signature="0irvAsilrrdCCdLfu%2F0XSj7THlc%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1487017515", oauth_token="60c8977c8fe9509f", oauth_version="1.0"
Accept-Language en-CH;q=1, de-CH;q=0.9
kissapi-adv-on  false
kissapi-version 1.20.0
kissapi-update-user-hash    6ea2bd15ea41d0dc8c2615589e2d52ec
Accept  */*
kissapi-device-os   10.2
Accept-Encoding gzip, deflate
kissapi-sync-enabled    1

这些是我捕获的标题,但我不知道如何发送它们并使 Oauth 认证工作,尤其是使用 oauth_noncerequests-oauthlib 似乎支持它,但我不知道哪个令牌对应哪个变量:

from requests_oauthlib import OAuth1Session

lovoo = OAuth1Session(
    'client_key',
    client_secret='client_secret',
    resource_owner_key='resource_owner_key',
    resource_owner_secret='resource_owner_secret'
)
url = 'https://api.lovoo.com/init'
r = lovoo.get(url)
4
Nonce由客户端生成,是随机的,您可能需要匹配期望的格式。您可能需要在两个调用中提供相同的nonce。请参见https://en.wikipedia.org/wiki/Cryptographic_nonce。这里似乎有2个nonce值——一个由客户端创建,另一个由服务器创建。 - Dima Tisnek
OAuth密钥/秘密如何处理? - ChaChaPoly
3
@Kelvin 这篇文章特别介绍了如何使用移动API并模拟iPhone进行访问。我已经使用requests成功地登录了Lovoo的WebAPI。如果你需要帮助,请创建一个新问题并标记我的名字,我会尽力帮助你。我不希望公开整个脚本,因为他们可能会再次更改登录方法。 - ChaChaPoly
5
@rhillhouse,您能否回答这个问题并进行总结和解决方案的陈述?请简要概括您所发现的内容和解决方案。 - hongsy
@hongsy 如果还不晚的话,请看一下我的答案。它应该会对你有所帮助。 - Farzan
显示剩余4条评论
2个回答
1

Lovoo正在使用OAuth 1协议(https://tools.ietf.org/html/draft-hammer-oauth-10)。

我之前曾经使用过Lovoo API。我可以说的一件事是,你的账户很快会受到他们的BOT检测算法的限制。我没有尝试过不同组合的HTTP头。因此,这可能值得一试。

然而,我已经在Github上发布了我的工作,供其他人尝试。下面您可以找到调用API所需的函数。要查看如何使用这些函数的示例,请查看上述存储库。

import urllib.parse


# MD5 hashing of an input string
def md5(data: str):
    import hashlib
    return hashlib.md5(data.encode('utf-8')).hexdigest()


def normalize_params(params: dict):
    # Comply with https://tools.ietf.org/html/draft-hammer-oauth-10
    # params must be sorted alphabetically first by keys and then values
    params = dict(sorted(params.items(), key=lambda x: (x[0], x[1]), reverse=False))
    p_encoded = '&'.join(
        ["{}={}".format(urllib.parse.quote_plus(k), urllib.parse.quote_plus(v)) for k, v in params.items() if v != ''])
    # Percent encode
    p_quoted = urllib.parse.quote_plus(p_encoded)
    return p_quoted


def generate_base_string(params: str, url: str, method: str = 'GET'):
    # Comply with https://tools.ietf.org/html/draft-hammer-oauth-10
    base_str = method + '&' + urllib.parse.quote_plus(url) + '&' + params
    return base_str


# Secret hashing used in Lovoo
def secret_hash(pwd: str) -> str:
    pwd = md5("SALTforPW" + pwd)
    return md5("SALTforSecret" + pwd)


def sign_request(client_identifier: str, client_secret: str, token: str, token_secret: str, url: str, nounce: str,
                 timestamp: str, method: str = 'GET', payload: dict = None, callback_url: str = '', oauth_version: str = '1.0'):
    from hashlib import sha1
    import hmac
    import base64

    params = {
        'oauth_callback': callback_url,
        'oauth_consumer_key': client_identifier,
        'oauth_nonce': nounce,
        'oauth_signature_method': 'HMAC-SHA1',
        'oauth_timestamp': timestamp,
        'oauth_token': token,
        'oauth_version': oauth_version
    }

    # Normalize parameters
    if payload is not None:
        params = {**params, **payload}
    np = normalize_params(params)
    # Generate base string
    base_string = generate_base_string(np, url, method)

    if token != '':
        key = (f"{client_secret}&{token_secret}").encode()
    else:
        key = (client_secret + '&').encode()

    raw = base_string.encode()

    hashed = hmac.new(key, raw, sha1)

    # The signature
    return base64.b64encode(hashed.digest()).decode().rstrip('\n')

请注意,我测试这个代码已经有一段时间了,Lovoo的API可能会有一些更改。如果不起作用,请告诉我,我会查看。
这还能用吗? - Alex
0

另一种方法是使用Selenium进行登录,然后使用请求会话进一步操作。

例如:

def login(user, pw):
    chrome_options = Options()
    chrome_options.add_experimental_option("detach", True)
    driver = webdriver.Chrome(options=chrome_options)
    driver.get("https://www.lovoo.com/login_check")
    user_agent = driver.execute_script("return navigator.userAgent;")
    iframe = driver.find_element(By.ID,"gdpr-consent-notice")
    driver.switch_to.frame(iframe)
    privacybutton = WebDriverWait(driver, 10).until(
        EC.presence_of_element_located((By.XPATH,"//b[contains(text(),'Accept All')]"))
    )
    privacybutton.click()
    driver.switch_to.default_content()
    loginbutton = WebDriverWait(driver, 4).until(
        EC.presence_of_element_located((By.XPATH, "//button[contains(text(),'Log in')]"))
    )
    loginbutton.click()
    loginbutton2=WebDriverWait(driver, 4).until(
        EC.presence_of_element_located((By.XPATH, "//button[contains(@data-automation-id,'login-submit-button')]"))
    )
    driver.find_element(By.XPATH, '//input[@name="authEmail"]').send_keys(user)
    driver.find_element(By.XPATH, '//input[@name="authPassword"]').send_keys(pw)
    webdriver.ActionChains(driver).move_to_element(loginbutton2).click(loginbutton2).perform()
    element = WebDriverWait(driver, 10).until(
        EC.presence_of_element_located((By.ID, "topmenu"))
    )
    return user_agent, driver.get_cookies()


(lat,lon)=(0.0,0.0)
with requests.Session() as session:
    user_agent, cookies = login(user, pw)
    session.cookies.update({c['name']: c['value'] for c in cookies})
    session.headers.update({'User-Agent': user_agent})
    session.get(f'https://www.lovoo.com/api_web.php/users?ageFrom=0&ageTo=2&latitude={lat}&longitude={lon}')
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接