Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

home/get/panel接口没有百度uid了那现在如何只根据贴吧portrait获得某百度用户的百度uid #77

Closed
n0099 opened this issue Jan 9, 2023 · 13 comments
Labels
discussion discussion

Comments

@n0099
Copy link

n0099 commented Jan 9, 2023

https://github.com/Starry-OvO/aiotieba/blob/27f125a3c2e18bc581ccbf7b8b4d6cffdb19e739/aiotieba/client/__init__.py#L565

@lumina37
Copy link
Owner

lumina37 commented Jan 9, 2023

从某种意义上说,portrait才是一等公民,因为用户主页接口以其为唯一参数

@n0099
Copy link
Author

n0099 commented Jan 9, 2023

用户主页接口以其为唯一参数

用户主页接口是哪个?

portrait才是一等公民

然而portrait远不如百度uid稳定,19年才把老的 跨百度所有产品的portrait算法 改成了现在用的新 每百度产品的portrait
我怀疑那次改动是为了解决时任贴吧合并组核心志愿者投江的鱼 @52fisher 发现portrait跨所有百度产品通用而制作的百度云分享链接用户名查找器 https://t.52fisher.cn/notice-20191013.html
以及19年时通过手机号快速注册导致其没有百度用户名(空字符串)的用户越来越多,而18年贴吧管理器群某位神必人曾经指出他在贴吧前端js中翻阅到的老portrait的生成算法就是把百度用户名的utf8字节倒序拼接几遍,这意味着对于空用户名很容易生成冲突(完全相同)的portrait(这也是为什么吧务当时不能封禁空用户名的用户)
而截止2023年1月,我们仍未能知晓目前每百度各个产品的新portrait生成算法是基于什么输入而输出的

贴吧的用户系统如此奇妙深刻的根本原因是贴吧的账号系统不在贴吧的控制之下, @creeper9 以前说过其在17年后转移给了百度钱包管理

@lumina37
Copy link
Owner

lumina37 commented Jan 9, 2023

@n0099
Copy link
Author

n0099 commented Jan 9, 2023

然而也很容易举出反例:3大经典帖子列表接口为什么要用百度uid来指示author是谁(post.author_idpost.author.uid #64 (comment) )而不是用portrait字符串?
阁下也阅读了不少贴吧各个版本客户端的反编译java混淆代码( https://www.52pojie.cn/thread-1648818-1-1.html ),请问客户端程序员难道也大量用portrait字符串来作为指向用户信息类的key吗?

n0099 added a commit to n0099/open-tbm that referenced this issue Jan 9, 2023
…on.cs

* now will insert new moderator revisions into DB @ `ForumModeratorRevisionCrawlWorker.DoWork()`
@ crawler
@lumina37
Copy link
Owner

lumina37 commented Jan 9, 2023

我只是调侃一下信息最全的用户页接口竟然是以portrait为参数

@lumina37 lumina37 added the discussion discussion label Jan 10, 2023
@n0099
Copy link
Author

n0099 commented Jan 10, 2023

  1. /c/u/user/profile接口里有百度uid吗?
  2. 这个接口是不是还需要携带BDUSS

@lumina37
Copy link
Owner

不包含user_id的用户接口只属于远古时代
没有bduss也能跑,正如客户端不需要登录就能查成分

@n0099
Copy link
Author

n0099 commented Jan 10, 2023

我是说他是否返回(response中是否有)百度uid而不是是否接受百度uid作为参数(request中是否有)

@lumina37
Copy link
Owner

这也能有歧义吗?哪怕是用/c/u/user/profile搜一下呢
get_homepage/_api.py#L25

def pack_request(client: httpx.AsyncClient, core: TiebaCore, portrait: str, with_threads: bool) -> httpx.Request:
    request = pack_proto_request(
        client,
        url("http", APP_BASE_HOST, "/c/u/user/profile", "cmd=303012"),
        pack_proto(core, portrait, with_threads),
    )

    return request

@n0099
Copy link
Author

n0099 commented Jan 11, 2023

我已经拜读了这部分py源码,但我从中只能看出request param中有portrait而没有百度uid,但我找不到他的response的.proto文件,也就无法证明其是否返回百度uid

@n0099
Copy link
Author

n0099 commented Jan 11, 2023

不包含user_id的用户接口只属于远古时代

另外贴吧私信接口也都是用的百度uid,您之前逆向im.tieba.baidu.com:8000的ws传输proto时应该已经看到了
因此这也意味着贴吧网页端的用户页里有着大量的百度uid: https://tieba.baidu.com/home/main?id=tb.1.c3bc6401.cuFllz86fDotNQKqB4WJ2Q
image
但我不是很想解析贴吧网页那一套贴吧前端随时都可以乱改dom结构的html(如同这一套狗屎 https://github.com/n0099/TiebaMonitor/blob/af625cb481e2e4630f34e4fb3ec9fc7b1a1c9454/crawler/src/Worker/ForumModeratorRevisionCrawlWorker.cs#L26 ),尽管贴吧客户端api现在也稳定不到哪去

@n0099
Copy link
Author

n0099 commented Jul 13, 2023

19年12月历史照片 image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
discussion discussion
Projects
None yet
Development

No branches or pull requests

2 participants