# 开放API
开放API接口URI均以**/openApi/**开头,在header中通过设置Authorization key来进行校验。您的具体代码类似于以下示例:
```javascript
// node javascript
fetch("https://www.yemapt.org/openApi/xxxxxxxxx", {
"headers": {
"Authorization": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
});
```
```bash
# bash
curl 'https://www.yemapt.org/openApi/xxxxxxxxx'\
-H 'Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
```
开放api的校验auth必须使用个人详情页中创建的、具有180天有效期的auth。如果用户使用了cookie中的auth,将无法使用开放api,返回结果的success为`false`,errorCode为`403`,errorMessage为`need api auth`。示例如下:
```
{
"success": true,
"errorCode": 403,
"errorMessage": "need api auth"
}
```
## 1. 用户
### 1.1 获取用户基本信息
`GET` `/openApi/user/fetchBasicInfo.json`
`响应结果`
```json
{
"success": true,
"showType": 0,
"data": {
"id": 10,
"name": "abcde",
"avatar": "/image/avatar/10.png",
"bonus": 1000000,
"level": 7,
"status": "enable",
"invitedNum": 100,
"availableInviteNum": 100,
"registerTime": "2024-05-01T00:00:00.000+00:00",
"promotionUploadSize": 1000000,
"promotionDownloadSize": 1000000
}
}
```
备注:avatar如果是/image/开头的字符串,则可以直接拼接域名访问,如果是32位长度的随机字符串,则需要使用 [Multiavatar](https://github.com/multiavatar) 进行转换,此组件提供了JavaScript、PHP和Python工具包。
### 1.2 校验是否为本站用户
用于第三方系统校验用户提交的auth是否正常,以及获取对应的uid,此功能采用RSA签名技术。
当前使用的publicKey:
{% code overflow="wrap" fullWidth="false" %}
```
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6OpYYWpF5Js8SWtuAXGZ1iWGsADHSDhdkz9wDQYuvRB3SW2xGSQpwYB7B7Bn6ZfoXtxhMm2v4JzwTe3qZioWmwgyweCyv7FIjvsdYIhAHMj7v7jI7zq0Xn9F6CjBMM0AWtCmhhH/eFNxICiCucVGqa6Z0hf5OcAWefPHIOdtMbWp+4fqkjWc7EuEjfqFr2eDy9kHqZWFpuByQa9jiF4v9HzLfoO/UwqBheYkNSLgoTRQ6sSF1bHlDC8yq3l4d/6fsQ7mZPJzWBf2vlohmOVpjy6s4Z+qtNpWsJhrLW9au49+1eYadKpNLR10izG5boKn+z9i5P/tRQ8WNkZELN2OwIDAQAB
```
{% endcode %}
`POST` `/openApi/user/authenticate.json`
`Header` `ContentType: application/json`
`Body`
```json
{
"publicKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
"randomContent": "12345678123456781234567812345678"
}
```
备注:
* publicKey务必使用wiki中展示的key。
* randomContent请使用UUID生成32位长度字符串,去除中间的**`-`**即可。
`响应结果`
```json
{
"success": true,
"showType": 0,
"data": {
"userId": 100,
"signType": "rsa-sha256",
"publicKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"signature": "OOOOOOOOOOOOOOOOOOOOOOOOOOOO"
}
}
```
备注:
签名的数据格式为 用户ID制表符randomContent,即:
```java
String data = "{userId}\t{randomContent}"
.replace("userId","100")
.replace("randomContent","12345678123456781234567812345678");
```
示例代码:
python:
````python
```python
from base64 import b64decode
import rsa
data = "100\t12345678123456781234567812345678"
publicKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
signature = "OOOOOOOOOOOOOOOOOOOOOOOOOOOO"
PUB = '''
-----BEGIN PUBLIC KEY-----
{publicKey}
-----END PUBLIC KEY-----
'''.format(publicKey=publicKey)
try:
signType = rsa.verify(data.encode(), b64decode(signature), rsa.PublicKey.load_pkcs1_openssl_pem(PUB))
print(signType)
except rsa.pkcs1.VerificationError:
print("verification failed")
```
````
java:
```java
import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
public static boolean rsaValidate(String publicKeyStr, String sign, String data) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(
new X509EncodedKeySpec(Base64.getDecoder().decode(publicKeyStr)));
Signature verify = Signature.getInstance("SHA256withRSA");
verify.initVerify(publicKey);
verify.update(data.getBytes());
return verify.verify(Base64.getDecoder().decode(sign));
}
```
## 2. 种子
### 2.1 根据piecesHash获取种子id
`POST` `/openApi/torrent/fetchTorrentIdWithPiecesHash.json`
`Header` `ContentType: application/json`
`Body`
```json
{
"piecesHashList": [
"e9f3f5dd32abasdfghfea4d43d32559cf0309764",
"e9f3f5dd32ab123456fea4d43d32559cf0309764"
]
}
```
备注: piecesHashList不能为空,数组长度不能超过100
`响应结果`
```json
{
"success": true,
"showType": 0,
"data": {
"e9f3f5dd32abasdfghfea4d43d32559cf0309764": 100
}
}
```