我希望使用 lovoo API,但不知道如何开始。运行 Charles 代理并查看流量后,我得出以下结论:
首先,一旦用户通过应用程序 (iPhone) 登录,就会发送 GET
到 https://api.lovoo.com/oauth/requestToken?
:
GET /oauth/requestToken? HTTP/1.1
Host api.lovoo.com
User-Agent LOVOO/612 (iPhone; iOS 10.2; Scale/3.00)
kissapi-app-idfv 1EC7A8E5-DF16-4E14-8EC9-98DD4772F903
tz Europe/xxx
kissapi-device-model iPhone 6s Plus
kissapi-app-version 3.17.0
kissapi-new-oauth 1
kissapi-device iphone
kissapi-app lovoo
wifi true
kissapi-adv-id 00000000-0000-0000-0000-000000000000
Connection keep-alive
kissapi-app-id 7F947A460DAFCA88556B2F35A6D78A3E
Authorization OAuth oauth_callback="oob", oauth_consumer_key="an.email%40gmail.com", oauth_nonce="A32CCA91-FB7A-4AA3-8314-0A9A6E67045E", oauth_signature="Sq8KTg%2FhVIGBaWgWXprPluczOs4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1487017515", oauth_version="1.0"
Accept-Language en-CH;q=1, de-CH;q=0.9
kissapi-adv-on false
kissapi-version 1.20.0
kissapi-update-user-hash 6ea2bd15ea41d0dc8c2615589e2d52ec
Accept */*
kissapi-device-os 10.2
Accept-Encoding gzip, deflate
kissapi-sync-enabled 1
这也给出了以下令牌:oauth_token=44d83e8ef50f&oauth_token_secret=37998f6c6ef2e618
接下来是另一个 GET
到 https://api.lovoo.com/oauth/accessToken?
:
GET /oauth/accessToken? HTTP/1.1
Host api.lovoo.com
User-Agent LOVOO/612 (iPhone; iOS 10.2; Scale/3.00)
kissapi-app-idfv 1EC7A8E5-DF16-4E14-8EC9-98DD4772F903
tz Europe/xxx
kissapi-device-model iPhone 6s Plus
kissapi-app-version 3.17.0
kissapi-new-oauth 1
kissapi-device iphone
kissapi-app lovoo
wifi true
kissapi-adv-id 00000000-0000-0000-0000-000000000000
Connection keep-alive
kissapi-app-id 7F947A460DAFCA88556B2F35A6D78A3E
Authorization OAuth oauth_consumer_key="an.email%40gmail.com", oauth_nonce="080328C9-0A53-4971-85E7-65A43F12DC09", oauth_signature="Km0vd8xtHaQmRgkrGLsiljel13o%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1487017515", oauth_token="44d83e8ef50f", oauth_version="1.0"
Accept-Language en-CH;q=1, de-CH;q=0.9
kissapi-adv-on false
kissapi-version 1.20.0
kissapi-update-user-hash 6ea2bd15ea41d0dc8c2615589e2d52ec
Accept */*
kissapi-device-os 10.2
Accept-Encoding gzip, deflate
kissapi-sync-enabled 1
并提供以下令牌:oauth_token=60c8977c8fe9509f&oauth_token_secret=549619c0ef4c4be7d7cb898e
现在,可以向 https://api.lovoo.com/init
发出请求:
GET /init HTTP/1.1
Host api.lovoo.com
User-Agent LOVOO/612 (iPhone; iOS 10.2; Scale/3.00)
kissapi-app-idfv 1EC7A8E5-DF16-4E14-8EC9-98DD4772F903
tz Europe/xxx
kissapi-device-model iPhone 6s Plus
kissapi-app-version 3.17.0
kissapi-new-oauth 1
kissapi-device iphone
kissapi-app lovoo
wifi true
kissapi-adv-id 00000000-0000-0000-0000-000000000000
Connection keep-alive
kissapi-app-id 7F947A460DAFCA88556B2F35A6D78A3E
Authorization OAuth oauth_consumer_key="an.email%40gmail.com", oauth_nonce="B622CE9C-DA3D-435C-939A-C58B83DBE85C", oauth_signature="0irvAsilrrdCCdLfu%2F0XSj7THlc%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1487017515", oauth_token="60c8977c8fe9509f", oauth_version="1.0"
Accept-Language en-CH;q=1, de-CH;q=0.9
kissapi-adv-on false
kissapi-version 1.20.0
kissapi-update-user-hash 6ea2bd15ea41d0dc8c2615589e2d52ec
Accept */*
kissapi-device-os 10.2
Accept-Encoding gzip, deflate
kissapi-sync-enabled 1
这些是我捕获的标头,但我不知道如何发送它们并让 Oauth
身份验证正常工作,尤其是使用 oauth_nonce
。
requests-oauthlib 好像支持,但是不知道哪个token对应哪个变量:
from requests_oauthlib import OAuth1Session
lovoo = OAuth1Session(
'client_key',
client_secret='client_secret',
resource_owner_key='resource_owner_key',
resource_owner_secret='resource_owner_secret'
)
url = 'https://api.lovoo.com/init'
r = lovoo.get(url)
Lovoo 正在使用 OAuth 1 协议 (https://tools.ietf.org/html/draft-hammer-oauth-10)。
我以前使用过 Lovoo API。我可以说的一件事是,您的帐户很快就会受到他们的 BOT 检测算法的限制。我没有尝试使用不同的 HTTP 标头组合。因此,这可能值得一试。
但是,我在 Github 上发布了 my work 供其他人尝试。您可以在下面找到进行 API 调用所需的函数。要查看如何使用这些功能的一些示例,请查看上述 repo。
import urllib.parse
# MD5 hashing of an input string
def md5(data: str):
import hashlib
return hashlib.md5(data.encode('utf-8')).hexdigest()
def normalize_params(params: dict):
# Comply with https://tools.ietf.org/html/draft-hammer-oauth-10
# params must be sorted alphabetically first by keys and then values
params = dict(sorted(params.items(), key=lambda x: (x[0], x[1]), reverse=False))
p_encoded = '&'.join(
["{}={}".format(urllib.parse.quote_plus(k), urllib.parse.quote_plus(v)) for k, v in params.items() if v != ''])
# Percent encode
p_quoted = urllib.parse.quote_plus(p_encoded)
return p_quoted
def generate_base_string(params: str, url: str, method: str = 'GET'):
# Comply with https://tools.ietf.org/html/draft-hammer-oauth-10
base_str = method + '&' + urllib.parse.quote_plus(url) + '&' + params
return base_str
# Secret hashing used in Lovoo
def secret_hash(pwd: str) -> str:
pwd = md5("SALTforPW" + pwd)
return md5("SALTforSecret" + pwd)
def sign_request(client_identifier: str, client_secret: str, token: str, token_secret: str, url: str, nounce: str,
timestamp: str, method: str = 'GET', payload: dict = None, callback_url: str = '', oauth_version: str = '1.0'):
from hashlib import sha1
import hmac
import base64
params = {
'oauth_callback': callback_url,
'oauth_consumer_key': client_identifier,
'oauth_nonce': nounce,
'oauth_signature_method': 'HMAC-SHA1',
'oauth_timestamp': timestamp,
'oauth_token': token,
'oauth_version': oauth_version
}
# Normalize parameters
if payload is not None:
params = {**params, **payload}
np = normalize_params(params)
# Generate base string
base_string = generate_base_string(np, url, method)
if token != '':
key = (f"{client_secret}&{token_secret}").encode()
else:
key = (client_secret + '&').encode()
raw = base_string.encode()
hashed = hmac.new(key, raw, sha1)
# The signature
return base64.b64encode(hashed.digest()).decode().rstrip('\n')
请注意,我测试该代码已经有一段时间了,Lovoo 的 API 可能会有一些变化。让我知道它是否不起作用,我会看看。
另一种方法是使用 selenium 进行登录,并进一步使用带有请求的会话。
例如
def login(user, pw):
chrome_options = Options()
chrome_options.add_experimental_option("detach", True)
driver = webdriver.Chrome(options=chrome_options)
driver.get("https://www.lovoo.com/login_check")
user_agent = driver.execute_script("return navigator.userAgent;")
iframe = driver.find_element(By.ID,"gdpr-consent-notice")
driver.switch_to.frame(iframe)
privacybutton = WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.XPATH,"//b[contains(text(),'Accept All')]"))
)
privacybutton.click()
driver.switch_to.default_content()
loginbutton = WebDriverWait(driver, 4).until(
EC.presence_of_element_located((By.XPATH, "//button[contains(text(),'Log in')]"))
)
loginbutton.click()
loginbutton2=WebDriverWait(driver, 4).until(
EC.presence_of_element_located((By.XPATH, "//button[contains(@data-automation-id,'login-submit-button')]"))
)
driver.find_element(By.XPATH, '//input[@name="authEmail"]').send_keys(user)
driver.find_element(By.XPATH, '//input[@name="authPassword"]').send_keys(pw)
webdriver.ActionChains(driver).move_to_element(loginbutton2).click(loginbutton2).perform()
element = WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.ID, "topmenu"))
)
return user_agent, driver.get_cookies()
(lat,lon)=(0.0,0.0)
with requests.Session() as session:
user_agent, cookies = login(user, pw)
session.cookies.update({c['name']: c['value'] for c in cookies})
session.headers.update({'User-Agent': user_agent})
session.get(f'https://www.lovoo.com/api_web.php/users?ageFrom=0&ageTo=2&latitude={lat}&longitude={lon}')
不定期副业成功案例分享