从 Chrome 扩展中获取唯一的 ClientID? [英] Getting unique ClientID from chrome extension?
问题描述
我正在开发 chrome 扩展程序.我需要能够将每个客户识别为唯一的客户.
I'm developing chrome extension. I need the ability to identify each client as a unique client.
我无法将 guid 存储在 cookie 中,因为可以删除 cookie.我需要从系统本身读取一些独特的东西.
I can't store guid in a cookie since cookie can be deleted. I need something to be read from the system itself which is unique.
现在 - 我知道 JS 无法访问客户端资源(本地资源)但是 - 这是我的问题:
Now - I know that JS doesn't has access to client resources ( local resources) but - and here is my question :
问题
chrome 扩展 Js 是否提供用于获取唯一客户端信息的 API(我不关心什么数据 - 只要它是唯一的).
Does chrome extensions Js's provide API for getting unique client information ( I dont care what data - as long as it is unique).
只是为了澄清:
用户将看到一个唯一的密钥(这是他计算机的哈希数据).此代码将发送给我,我将提供匹配结果,用户将(通过电子邮件)发送该结果,然后 - 他将能够使用扩展程序.
The user will be shown a unique key ( which is a hash data of his computer). this code will be sent to me , and I will provide matching result which the user will be sent (via email) and only then - he will be able to use the extension.
(不,并非所有国家/地区都支持通过钱包进行延期付款,我在其中一个国家/地区)
推荐答案
为了唯一标识用户,我建议生成一个随机令牌并将其存储在扩展程序的存储中 (chrome.storage).当存储中不存在令牌时,用户 ID 只需生成一次.
To uniquely identify a user, I would suggest to generate a random token and store it in your extension's storage (chrome.storage). The userid has to be generated only once, when the token does not exist in storage.
例如:
function getRandomToken() {
// E.g. 8 * 32 = 256 bits token
var randomPool = new Uint8Array(32);
crypto.getRandomValues(randomPool);
var hex = '';
for (var i = 0; i < randomPool.length; ++i) {
hex += randomPool[i].toString(16);
}
// E.g. db18458e2782b2b77e36769c569e263a53885a9944dd0a861e5064eac16f1a
return hex;
}
chrome.storage.sync.get('userid', function(items) {
var userid = items.userid;
if (userid) {
useToken(userid);
} else {
userid = getRandomToken();
chrome.storage.sync.set({userid: userid}, function() {
useToken(userid);
});
}
function useToken(userid) {
// TODO: Use user id for authentication or whatever you want.
}
});
此机制依赖于chrome.storage.sync,这是相当可靠的.这个存储的 ID 只会在以下情况下丢失:
This mechanism relies on chrome.storage.sync, which is quite reliable. This stored ID will only be lost in the following scenarios:
- 用户重新安装扩展程序.卸载扩展程序时将清除本地存储.
- 已超出其中一个存储配额(阅读 文档).
这不会发生,因为唯一的写操作发生在您的扩展程序的第一次运行中. - Chrome 的存储空间损坏,无法保存数据.
即使用户没有启用 Chrome 同步,数据仍将保存在本地.Chrome 内部存在导致数据丢失的错误,但这些都是事故. - 用户为您的扩展程序页面打开了开发者工具并运行了
chrome.storage.sync.clear()或类似的东西.
您无法防范那些了解如何弄乱 Chrome 扩展程序内部结构的用户.
- The user re-installs the extension. Local storage will be cleared when uninstalling the extension.
- One of the storage quotas has been exceeded (read the documentation).
This is not going to happen because the only write operation occurs at the first run of your extension. - Chrome's storage gets corrupted and fails to save the data.
Even if the user does not have Chrome Sync enabled, data will still be saved locally. There have been bugs with Chrome's internals that resulted in data loss, but these are incidents. - The user has opened the developer tools for your extension page and ran
chrome.storage.sync.clear()or something similar.
You cannot protect against users who possess the knowledge to mess with the internals of Chrome extensions.
如果你想唯一标识一个用户,前面的方法就足够了.如果您确实想要获得基于硬件的 ID,请使用 <代码>chrome.storage.cpu 和 chrome.storage.memory 也是如此.不过,我认为使用这些额外的资源没有任何好处,因为如果用户更换硬件,它们会发生变化,而且它们也不是唯一的(例如,两台相同的笔记本电脑会报告相同的值).
The previous method is sufficient if you want to uniquely identify a user. If you really want to get a hardware-based ID, use chrome.storage.cpu and chrome.storage.memory as well. I don't see any benefits in using these additional sources though, because they can change if the user replaces hardware, and they are not unique either (two identical laptops would report the same values, for instance).
这篇关于从 Chrome 扩展中获取唯一的 ClientID?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
