python获取小红书web_session，以及解决x-s签名验证(2023-07-09)

一、web_session请求接口：

https://edith.xiaohongshu.com/api/sns/web/v1/login/activate

请求类型：

post

提交数据：

{}

这儿是两个字符{}，笔者最初提交None，总得不到结果，chrome F12才发现需要这两个字符。

二、签名验证x-s

 该请求需要x-s签名验证，签名代码如下：

    a1 = "186d30820a4m09cb6glhxe1aqks2olv1l97ow1gun50000408882"
    data = '{}'
    api='/api/sns/web/v1/login/activate'
    #需要xs.js签名文件的+~~~v
    with open('xs.js', 'r', encoding='utf-8') as f:
        js = f.read()
    crt = execjs.compile(js)
    xs_xt = crt.call('get_xs','/api/sns/web/v1/login/activate',data,a1)
    xs_xt['X-t'] = str(xs_xt['X-t'])

三、完整python源码（有详细注释）

import requests
import execjs
import random
import json

#生成webId
def register_Id(c=32):
    s = "abcdef0123456789"
    webId = ''
    for i in range(c):
        webId += random.choice(s)
    return webId


def register_session():
    url = 'https://edith.xiaohongshu.com/api/sns/web/v1/login/activate'  #请求接口
    headers = {
        "accept": "application/json, text/plain, */*",
        "accept-encoding": "gzip, deflate, br",
        "accept-language": "zh-CN,zh;q=0.9,en;q=0.8,en-US;q=0.7",
        "cache-control": "no-cache",
        "content-type": "application/json;charset=UTF-8",
        "Content-Length":'2',
         #cookie中，这些内容是必须的。注意a1要和签名的a1一致。
        "cookie": f"webBuild=2.14.4; xsecappid=xhs-pc-web;a1=186d30820a4m09cb6glhxe1aqks2olv1l97ow1gun50000408882; webId={register_Id()}; gid=yYKfq8YJW41JyYKfq8YJ8jyk0468jSDKk1xCW7Idy0ATMl28Jl1hyE88848YYYJ80diKYiYK; gid.sign=tdAyngUKDoCYVgjPneEo26u7o1w=; websectiga=a9bdcaed0af874f3a1431e94fbea410e8f738542fbb02df1e8e30c29ef3d91ac; sec_poison_id=7af5d9b1-face-4972-9e25-0dbc7977cd34",
        "origin": "https://www.xiaohongshu.com",
        "pragma": "no-cache",
        "referer": "https://www.xiaohongshu.com/",
        "sec-ch-ua": "\"Not_A Brand\";v=\"8\", \"Google Chrome\";v=\"114\", \"Google Chrome\";v=\"114\"",
        "sec-ch-ua-mobile": "?0",
        "sec-ch-ua-platform": "\"Windows\"",
        "sec-fetch-dest": "empty",
        "sec-fetch-mode": "cors",
        "sec-fetch-site": "same-site",
        "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
        "X-B3-Traceid":"c3a6a5705e92dfe2",
        "X-S-Common": "2UQAPsHC+aIjqArjwjHjNsQhPsHCH0rjNsQhPaHCH0P1PjhIHjIj2eHjwjQgynEDJ74AHjIj2ePjwjQhyoPTqBPT49pjHjIj2ecjwjHUN0Z1+UHVHdWMH0ijP/W7w/WhP9z0G0Qhqgkly9i7yBYIPg4F47SA+/8f+BkV+9RTJfzk2ncMPeZIPerIP0PU+jHVHdW9H0il+0WlweDlPerEPerUNsQh+UHCHDRd4A8A8AzpP/Q7c0mdzfSA8MzgqMSl40bd/FQOcd4sq9lOp/mxqF4A8FGAHjIj2eWjwjQQPAYUaBzdq9k6qB4Q4fpA8b878FSet9RQzLlTcSiM8/+n4MYP8F8LagY/P9Ql4FpUzfpS2BcI8nT1GFbC/L88JdbFyrSiafp/JDMra7pFLDDAa7+8J7QgabmFz7Qjp0mcwp4fanD68p40+fp8qgzELLbILrDA+9p3JpHlLLI3+LSk+d+DJfRAyfRL+gSl4bYlqg48qDQlJFShtUTozBD6qM8FyFShPo+h4g4U+obFyLS3qd4QyaRAy9+0PFSe/B8QPFRSPopFJeHIzbkA/epSzb+t8nkn4AmQynpS2b87/sTc4BRUqgziLrSN8gY8wBRQcMHlaLpUL94n4FQoqgzaagYbGnpr8Bpn4g4xaLPIqAbl4BEQy7mNanYgnfpSP7+88Fq9GMLMqMSl4okYzBzS8dklPgkDN9pgpF8wagWM8n8M4sRQzLES8SmFcgQCqfYOJM8oag8d8nSl4oL6nn4S2BklJLS3/o4QyLzcz9bTyDS9yBF3a/WhanSC4LQn49lQ4D4B+Bp98Lz/+9Ll4gzeaLP7qFz0O/FjNsQhwaHCP/L9Per9+/cANsQhP/Zjw0rIKc==",
        "X-S": "Ogw6sg4U12wB0gFisgTWsYqv1gOBOBwBslOU0jsGsgF3",
        "X-T": "1681891019012"
    }
    
    a1 = "186d30820a4m09cb6glhxe1aqks2olv1l97ow1gun50000408882"    #必须与cookie中的a1一致
    data = '{}'                                                                                                      #数据
    api='/api/sns/web/v1/login/activate'                                                          #短链接
    #调用js签名文件。需要xs.js签名文件的+~~~:   byc6352
    with open('xs20230530.js', 'r', encoding='utf-8') as f:
        js = f.read()
    crt = execjs.compile(js)
    xs_xt = crt.call('get_xs','/api/sns/web/v1/login/activate',data,a1)
    xs_xt['X-t'] = str(xs_xt['X-t'])

    headers["X-S"]=xs_xt["X-s"]
    headers["X-T"]=xs_xt["X-t"]
    #print(headers)

    session = requests.post(url,data='{}',headers=headers).json()['data']['session']
    #session = requests.post(url,data='{}',headers=headers).json()
    print(session)
    return session
    #通过请求笔记详情接口，验证web_session的有效性
def feed(source_note_id):
    headers = {
        "accept":"application/json, text/plain, */*",
        "accept-encoding":"gzip, deflate, br",
        "accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-US;q=0.7",
        "cache-control":"no-cache",
        "content-type":"application/json;charset=UTF-8",
        "cookie":f"web_session={register_session()};a1=186d30820a4m09cb6glhxe1aqks2olv1l97ow1gun50000408882",  # web_session和当前IP或者环境绑定，重新注册后浏览器中的ID也会更新
        "origin":"https://www.xiaohongshu.com",
        "pragma":"no-cache",
        "referer":"https://www.xiaohongshu.com/",
        "sec-ch-ua":"\"Not_A Brand\";v=\"99\", \"Google Chrome\";v=\"109\", \"Chromium\";v=\"109\"",
        "sec-ch-ua-mobile":"?0",
        "sec-ch-ua-platform":"\"Windows\"",
        "sec-fetch-dest":"empty",
        "sec-fetch-mode":"cors",
        "sec-fetch-site":"same-site",
        "user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36",
        "X-s":"1lqJsBVUOjsiO6dk1BspOg9G16O6sgAWslOJ1gkvOgF3",
        "X-t":"1675387207946"
    }
    with open('xs20230530.js', 'r', encoding='utf-8') as f:
        js = f.read()
    crt = execjs.compile(js)
    data = '{"source_note_id":"%s"}'%source_note_id
    a1 = "186d30820a4m09cb6glhxe1aqks2olv1l97ow1gun50000408882"
    xs_xt = crt.call('get_xs','/api/sns/web/v1/feed',data ,a1)
    xs_xt['X-t'] = str(xs_xt['X-t'])

    headers.update(xs_xt)
    feed = 'https://edith.xiaohongshu.com/api/sns/web/v1/feed'
    print(requests.post(url=feed, data=data, headers=headers).text)

if __name__ == '__main__':
    #print(register_session())
    print("动态生成web_session并使用该web_session获得小红书笔记详情数据。技术支持：v+:byc6352")
    feed("63cf8afe000000001f023d49")