使用 Python 访问 Lovoo API

我希望使用 lovoo API,但是不知道如何开始。通过查尔斯代理和查看流量,我得出了以下结论:

首先,一旦用户通过应用程序(iPhone)登录,就会向 https://api.lovoo.com/oauth/requestToken?发送 GET:

    GET /oauth/requestToken? HTTP/1.1
Host    api.lovoo.com
User-Agent  LOVOO/612 (iPhone; iOS 10.2; Scale/3.00)
kissapi-app-idfv    1EC7A8E5-DF16-4E14-8EC9-98DD4772F903
tz  Europe/xxx
kissapi-device-model    iPhone 6s Plus
kissapi-app-version 3.17.0
kissapi-new-oauth   1
kissapi-device  iphone
kissapi-app lovoo
wifi    true
kissapi-adv-id  00000000-0000-0000-0000-000000000000
Connection  keep-alive
kissapi-app-id  7F947A460DAFCA88556B2F35A6D78A3E
Authorization   OAuth oauth_callback="oob", oauth_consumer_key="an.email%40gmail.com", oauth_nonce="A32CCA91-FB7A-4AA3-8314-0A9A6E67045E", oauth_signature="Sq8KTg%2FhVIGBaWgWXprPluczOs4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1487017515", oauth_version="1.0"
Accept-Language en-CH;q=1, de-CH;q=0.9
kissapi-adv-on  false
kissapi-version 1.20.0
kissapi-update-user-hash    6ea2bd15ea41d0dc8c2615589e2d52ec
Accept  */*
kissapi-device-os   10.2
Accept-Encoding gzip, deflate
kissapi-sync-enabled    1

这也给出了以下标记: oauth_token=44d83e8ef50f&oauth_token_secret=37998f6c6ef2e618

接着是另一个 GEThttps://api.lovoo.com/oauth/accessToken?:

GET /oauth/accessToken? HTTP/1.1
Host    api.lovoo.com
User-Agent  LOVOO/612 (iPhone; iOS 10.2; Scale/3.00)
kissapi-app-idfv    1EC7A8E5-DF16-4E14-8EC9-98DD4772F903
tz  Europe/xxx
kissapi-device-model    iPhone 6s Plus
kissapi-app-version 3.17.0
kissapi-new-oauth   1
kissapi-device  iphone
kissapi-app lovoo
wifi    true
kissapi-adv-id  00000000-0000-0000-0000-000000000000
Connection  keep-alive
kissapi-app-id  7F947A460DAFCA88556B2F35A6D78A3E
Authorization   OAuth oauth_consumer_key="an.email%40gmail.com", oauth_nonce="080328C9-0A53-4971-85E7-65A43F12DC09", oauth_signature="Km0vd8xtHaQmRgkrGLsiljel13o%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1487017515", oauth_token="44d83e8ef50f", oauth_version="1.0"
Accept-Language en-CH;q=1, de-CH;q=0.9
kissapi-adv-on  false
kissapi-version 1.20.0
kissapi-update-user-hash    6ea2bd15ea41d0dc8c2615589e2d52ec
Accept  */*
kissapi-device-os   10.2
Accept-Encoding gzip, deflate
kissapi-sync-enabled    1

并提供以下标记: oauth_token=60c8977c8fe9509f&oauth_token_secret=549619c0ef4c4be7d7cb898e

现在,可以向 https://api.lovoo.com/init提出请求:

GET /init HTTP/1.1
Host    api.lovoo.com
User-Agent  LOVOO/612 (iPhone; iOS 10.2; Scale/3.00)
kissapi-app-idfv    1EC7A8E5-DF16-4E14-8EC9-98DD4772F903
tz  Europe/xxx
kissapi-device-model    iPhone 6s Plus
kissapi-app-version 3.17.0
kissapi-new-oauth   1
kissapi-device  iphone
kissapi-app lovoo
wifi    true
kissapi-adv-id  00000000-0000-0000-0000-000000000000
Connection  keep-alive
kissapi-app-id  7F947A460DAFCA88556B2F35A6D78A3E
Authorization   OAuth oauth_consumer_key="an.email%40gmail.com", oauth_nonce="B622CE9C-DA3D-435C-939A-C58B83DBE85C", oauth_signature="0irvAsilrrdCCdLfu%2F0XSj7THlc%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1487017515", oauth_token="60c8977c8fe9509f", oauth_version="1.0"
Accept-Language en-CH;q=1, de-CH;q=0.9
kissapi-adv-on  false
kissapi-version 1.20.0
kissapi-update-user-hash    6ea2bd15ea41d0dc8c2615589e2d52ec
Accept  */*
kissapi-device-os   10.2
Accept-Encoding gzip, deflate
kissapi-sync-enabled    1

这些是我捕获的头,但是我不知道如何发送它们并使 Oauth身份验证工作,特别是使用 oauth_nonce

Request-oauthlib 似乎支持它,但我不知道哪个标记对应哪个变量:

from requests_oauthlib import OAuth1Session


lovoo = OAuth1Session(
'client_key',
client_secret='client_secret',
resource_owner_key='resource_owner_key',
resource_owner_secret='resource_owner_secret'
)
url = 'https://api.lovoo.com/init'
r = lovoo.get(url)
3815 次浏览
小开

An alternative approach would be the use of selenium for login and further using the session with requests.

E.g.

def login(user, pw):
chrome_options = Options()
chrome_options.add_experimental_option("detach", True)
driver = webdriver.Chrome(options=chrome_options)
driver.get("https://www.lovoo.com/login_check")
user_agent = driver.execute_script("return navigator.userAgent;")
iframe = driver.find_element(By.ID,"gdpr-consent-notice")
driver.switch_to.frame(iframe)
privacybutton = WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.XPATH,"//b[contains(text(),'Accept All')]"))
)
privacybutton.click()
driver.switch_to.default_content()
loginbutton = WebDriverWait(driver, 4).until(
EC.presence_of_element_located((By.XPATH, "//button[contains(text(),'Log in')]"))
)
loginbutton.click()
loginbutton2=WebDriverWait(driver, 4).until(
EC.presence_of_element_located((By.XPATH, "//button[contains(@data-automation-id,'login-submit-button')]"))
)
driver.find_element(By.XPATH, '//input[@name="authEmail"]').send_keys(user)
driver.find_element(By.XPATH, '//input[@name="authPassword"]').send_keys(pw)
webdriver.ActionChains(driver).move_to_element(loginbutton2).click(loginbutton2).perform()
element = WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.ID, "topmenu"))
)
return user_agent, driver.get_cookies()

(lat,lon)=(0.0,0.0)
with requests.Session() as session:
user_agent, cookies = login(user, pw)
session.cookies.update({c['name']: c['value'] for c in cookies})
session.headers.update({'User-Agent': user_agent})
session.get(f'https://www.lovoo.com/api_web.php/users?ageFrom=0&ageTo=2&latitude={lat}&longitude={lon}')
小开

Lovoo is using OAuth 1 protocol (https://tools.ietf.org/html/draft-hammer-oauth-10).

I have previously worked with the Lovoo API. One thing I can say is that your account will soon get limited by their BOT detection algorithms. I didn't try with different combinations of HTTP headers. Hence, that may be worth the try.

However, I have published my work on Github for others to give it a try. Below you can find the functions required to make the API calls. To see some examples of how to use these functions, have a look at the above-mentioned repo.

import urllib.parse




# MD5 hashing of an input string
def md5(data: str):
import hashlib
return hashlib.md5(data.encode('utf-8')).hexdigest()




def normalize_params(params: dict):
# Comply with https://tools.ietf.org/html/draft-hammer-oauth-10
# params must be sorted alphabetically first by keys and then values
params = dict(sorted(params.items(), key=lambda x: (x[0], x[1]), reverse=False))
p_encoded = '&'.join(
["{}={}".format(urllib.parse.quote_plus(k), urllib.parse.quote_plus(v)) for k, v in params.items() if v != ''])
# Percent encode
p_quoted = urllib.parse.quote_plus(p_encoded)
return p_quoted




def generate_base_string(params: str, url: str, method: str = 'GET'):
# Comply with https://tools.ietf.org/html/draft-hammer-oauth-10
base_str = method + '&' + urllib.parse.quote_plus(url) + '&' + params
return base_str




# Secret hashing used in Lovoo
def secret_hash(pwd: str) -> str:
pwd = md5("SALTforPW" + pwd)
return md5("SALTforSecret" + pwd)




def sign_request(client_identifier: str, client_secret: str, token: str, token_secret: str, url: str, nounce: str,
timestamp: str, method: str = 'GET', payload: dict = None, callback_url: str = '', oauth_version: str = '1.0'):
from hashlib import sha1
import hmac
import base64


params = {
'oauth_callback': callback_url,
'oauth_consumer_key': client_identifier,
'oauth_nonce': nounce,
'oauth_signature_method': 'HMAC-SHA1',
'oauth_timestamp': timestamp,
'oauth_token': token,
'oauth_version': oauth_version
}


# Normalize parameters
if payload is not None:
params = {**params, **payload}
np = normalize_params(params)
# Generate base string
base_string = generate_base_string(np, url, method)


if token != '':
key = (f"{client_secret}&{token_secret}").encode()
else:
key = (client_secret + '&').encode()


raw = base_string.encode()


hashed = hmac.new(key, raw, sha1)


# The signature
return base64.b64encode(hashed.digest()).decode().rstrip('\n')

Please note that It's been some time since I tested that code and there might be some changes to Lovoo's API. Let me know if it didn't work and I will have a look.


提交答案