我正在尝试从nodejs上的标头上的cookie中获取laravel会话ID。
到目前为止我已尝试过:
function nodeDecrypt(data, key, iv) {
var decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
var chunks = []
chunks.push(decipher.update(chunk.toString(),'hex','binary'))
chunks.push(decipher.final('binary'))
return chunks.join('')
}
var cookie = JSON.parse(new Buffer(req.cookies.gjsess, 'base64'));
var iv = new Buffer(cookie.iv, 'base64');
var value = new Buffer(cookie.value, 'base64');
var dec = nodeDecrypt(value, 'YourSecretKey!!!', iv);
但到目前为止,我一直在Invalid IV length 32
。
YourSecretKey!!!
是laravel 4 app.php
上的关键。
Laravel加密机制:
protected $cipher = 'rijndael-256';
protected $mode = 'cbc';
protected $block = 32;
...
$payload = $this->getJsonPayload($payload);
$value = base64_decode($payload['value']);
$iv = base64_decode($payload['iv']);
return unserialize($this->stripPadding($this->mcryptDecrypt($value, $iv)));
...
return mcrypt_decrypt($this->cipher, $this->key, $value, $this->mode, $iv);
...
$this->app->bindShared('encrypter', function($app)
{
return new Encrypter($app['config']['app.key']);
});
其他尝试
var cookie = JSON.parse(new Buffer(req.cookies.gjsess, 'base64'));
var iv = new Buffer(cookie.iv, 'base64');
var value = new Buffer(cookie.value, 'base64');
var MCrypt = require('mcrypt').MCrypt;
var desEcb = new MCrypt('rijndael-256', 'cbc');
desEcb.open('YourSecretKey!!!');
var plaintext = desEcb.decrypt(value, 'base64');
这不会给出错误但仍然会得到无用的数据。
答案 0 :(得分:8)
最后我也明白了!这是我的解决方案。适合我。
// requirements
var PHPUnserialize = require('php-unserialize'); // npm install php-unserialize
var MCrypt = require('mcrypt').MCrypt; // npm install mcrypt
// helper function
function ord( string ) { // Return ASCII value of character
//
// + original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
return string.charCodeAt(0);
}
function getSessionIdFromLaravelCookie() {
var cookie = JSON.parse(new Buffer(req.cookies.laravel_session, 'base64'));
var iv = new Buffer(cookie.iv, 'base64');
var value = new Buffer(cookie.value, 'base64');
var key = "_Encryption Key_";
var rijCbc = new MCrypt('rijndael-256', 'cbc');
rijCbc.open(key, iv); // it's very important to pass iv argument!
var decrypted = rijCbc.decrypt(value).toString();
var len = decrypted.length - 1;
var pad = ord(decrypted.charAt(len));
var sessionId = PHPUnserialize.unserialize(decrypted.substr(0, decrypted.length - pad));
return sessionId;
}
答案 1 :(得分:2)
通过@ 7sides扩展答案,我想出了以下内容。从laravel 5.1中专门从laravel cookie获取会话ID,因为现在它使用了aes-256-cbc。
var app = require('express')();
var http = require('http').Server(app);
var io = require('socket.io')(http);
var cookieParser = require('socket.io-cookie-parser');
var PHPUnserialize = require('php-unserialize');
var Crypto = require('crypto');
io.use(cookieParser());
function getSessionIdFromLaravelCookie(req) {
var cookie = JSON.parse(new Buffer(req.cookies.laravel_session, 'base64'));
var iv = new Buffer(cookie.iv, 'base64');
var value = new Buffer(cookie.value, 'base64');
var key = "--encryption-key--";
var decipher = Crypto.createDecipheriv('aes-256-cbc', key, iv);
decipher.setAutoPadding(false)
var dec = Buffer.concat([decipher.update(value), decipher.final()]);
var sessionId = PHPUnserialize.unserialize(dec);
return sessionId;
}