我正在尝试使用带有基本身份验证的 Axios 向某个 URL 发出 POST 请求,在那里我必须生成 TOTP 令牌以将其用作密码,并且它抛出“访问被拒绝:无效令牌,错误代码”的错误,我不知道我做错了什么,但我一直收到这个错误 我已经完成了我的研究,但没有发现任何东西。
代码
import { totp } from "otplib";
import base64 from "base-64";
import utf from "utf8";
import axios from "axios";
import axiosCookieJar from "axios-cookiejar-support";
import tough from "tough-cookie";
const userId = "example@example.com";
const secret = "CHALLENGECODE";
const sharedSecret = userId + secret;
// JSON DATA
const reqBody = {
github_url: "https://github.com/user/repo",
contact_email: "example@example.com",
};
const stringfyJSON = JSON.stringify(reqBody);
totp.options = { digits: 10, algorithm: "sha512", step: 30, encoding: "ascii" };
const token = totp.generate(sharedSecret);
const isValid = totp.check(token, sharedSecret);
const isVerified = totp.verify({ token, secret: sharedSecret });
const credentials = Buffer.from(`${reqBody.contact_email}:${token}`).toString(
"base64"
);
const auth = "Basic " + credentials;
//AXIOS
const cookieJar = new tough.CookieJar();
const reqUrl = "https://api.challenge.example.com/challenges/003";
const createReq = async () => {
try {
const config = {
jar: cookieJar,
withCredentials: true,
headers: {
Accept: "*/*",
"Content-Type": "application/json",
Authorization: auth,
},
};
console.log("Making request " + reqUrl, config);
const response = await axios.post(reqUrl, stringfyJSON, config);
console.log(response.data);
} catch (errors) {
console.log(errors.response.data.message);
}
};
createReq();
样品请求
POST /challenges/003 HTTP/1.1
Authorization: Basic bmluamFAZXhhbXBsZS5jb206MTU5NTk0MjU2MA==
Host: api.challenge.example.com
Accept: */*
Content-Type: application/json
Content-Length: 104
{"contact_email":"ninja@example.com", "github_url":"https://github.com/user/repository"}
错误
Making request https://api.challenge.example.com/challenges/003 {
withCredentials: true,
headers: {
Accept: '*/*',
'Content-Type': 'application/json',
Authorization: 'Basic aXphemFobTNkQGdtYWlsLmNvbToxMjEwMzIwNjEw'
}
}
Access denied: Invalid token, wrong code