feat: bili_ticket 算法 Java 实现 及 信息补充 及 错误修正 (#1061)

* feat: 空间头图及拼写错误修正

* feat(fav/info.md): code 11010

* fix(misc/sign/wbi.md): java extra params

* feat(misc/sign/bili_ticket.md): description and java demo

* feat(video_ranking/dynamic.md): 分区视频相关接口

* fix(video_ranking/dynamic.md): 未关闭的标签

* feat(README.md): 补充链接

* feat(clientinfo/ip.md): 查询任意 IP 地址的归属地

* feat: get buvid3 buvid4 from api

* feat: new error code & format

* feat(misc/picture.md): 图片格式化更多规则

docs/misc/sign/bili_ticket.md

@@ -1,8 +1,11 @@
-`bili_ticket` 目前没发现多少风控价值，但是暂且在这里提供一份示例。
+# BiliTicket
+
+## 简述
+
+`bili_ticket` 位于请求头 Cookie 中, 非必需, 但存在可降低风控概率
 
 由 [@aynuarance](https://github.com/aynuarance) 于 [#903](https://github.com/SocialSisterYi/bilibili-API-collect/issues/903) 提供的思路，根据时间戳使用 `hmac_sha256` 算法计算 `hexsign`。
 
-
 是 [JWT 令牌](https://jwt.io/)，有效时长为 259260 秒，即 3 天。
 例如 `eyJhbGciOiJIUzI1NiIsImtpZCI6InMwMyIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDI3NDI3NDYsImlhdCI6MTcwMjQ4MzQ4NiwicGx0IjotMX0.xQgtTAc41NA1gzvd9yKUPgucUy_DKcQj6OG1vj8V7ZA`
 
@@ -14,7 +17,18 @@
 }
 ```
 
-# Python 示例
+## 算法
+
+1. 获取 UNIX 秒级时间戳存入变量如 `timestamp`
+2. 计算变量 `hexsign` 值，使用 `hmac_sha256` 算法，密钥为 `XgwSnGZ1p`，消息为字符串 `"ts"` 与变量 `timestamp` 值拼接
+3. 构造请求参数，`key_id` 为 `ec02`，`hexsign` 为变量 `hexsign` 值，`context[ts]` 为变量 `timestamp` 值，`csrf` 为 cookie 中的 `bili_jct` 值也可为空
+4. 发送 `POST` 请求，获取 `data` 字段中的 `ticket` 字段的值即为所求
+
+## Demo
+
+### Python
+
+需要 `requests` 依赖
 
 ```python
 import hmac
@@ -59,4 +73,106 @@ if __name__ == '__main__':
             'user-agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0"
         }
     resp = requests.post(url, params=params,headers=headers).json()
-```
+    print(resp)
+```
+
+### Java
+
+无需第三方依赖
+
+```java
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.URI;
+import java.nio.charset.StandardCharsets;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+public class BiliTicketDemo {
+
+    /**
+     * Convert a byte array to a hex string.
+     * 
+     * @param bytes The byte array to convert.
+     * @return The hex string representation of the given byte array.
+     */
+    public static String bytesToHex(byte[] bytes) {
+        StringBuilder sb = new StringBuilder();
+        for (byte b : bytes) {
+            String hex = Integer.toHexString(0xff & b);
+            if (hex.length() == 1) {
+                sb.append('0');
+            }
+            sb.append(hex);
+        }
+        return sb.toString();
+    }
+
+    /**
+     * Generate a HMAC-SHA256 hash of the given message string using the given key
+     * string.
+     * 
+     * @param key     The key string to use for the HMAC-SHA256 hash.
+     * @param message The message string to hash.
+     * @throws Exception If an error occurs during the HMAC-SHA256 hash generation.
+     * @return The HMAC-SHA256 hash of the given message string using the given key
+     *         string.
+     */
+    public static String hmacSha256(String key, String message) throws Exception {
+        Mac mac = Mac.getInstance("HmacSHA256");
+        SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
+        mac.init(secretKeySpec);
+        byte[] hash = mac.doFinal(message.getBytes(StandardCharsets.UTF_8));
+        return bytesToHex(hash);
+    }
+
+    /**
+     * Get a Bilibili web ticket for the given CSRF token.
+     * 
+     * @param csrf The CSRF token to use for the web ticket, can be {@code null} or
+     *             empty.
+     * @return The Bilibili web ticket raw response for the given CSRF token.
+     * @throws Exception If an error occurs during the web ticket generation.
+     * @see https://github.com/SocialSisterYi/bilibili-API-collect/blob/master/docs/misc/sign/bili_ticket.md
+     */
+    public static String getBiliTicket(String csrf) throws Exception {
+        // params
+        long ts = System.currentTimeMillis() / 1000;
+        String hexSign = hmacSha256("XgwSnGZ1p", "ts" + ts);
+        StringBuilder url = new StringBuilder(
+                "https://api.bilibili.com/bapis/bilibili.api.ticket.v1.Ticket/GenWebTicket");
+        url.append('?');
+        url.append("key_id=ec02").append('&');
+        url.append("hexsign=").append(hexSign).append('&');
+        url.append("context[ts]=").append(ts).append('&');
+        url.append("csrf=").append(csrf == null ? "" : csrf);
+        // request
+        HttpURLConnection conn = (HttpURLConnection) new URI(url.toString()).toURL().openConnection();
+        conn.setRequestMethod("POST");
+        conn.addRequestProperty("User-Agent", "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0");
+        InputStream in = conn.getInputStream();
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        int b;
+        while ((b = in.read()) != -1) {
+            out.write(b);
+        }
+        return new String(out.toByteArray(), StandardCharsets.UTF_8);
+    }
+
+    /**
+     * Main method to test the BiliTicketDemo class.
+     * 
+     * @param args The command line arguments (not used).
+     */
+    public static void main(String[] args) {
+        try {
+            System.out.println(getBiliTicket("")); // use empty CSRF here
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+}
+```

docs/misc/sign/wbi.md

@@ -700,8 +700,6 @@ public class WbiTest {
       map.put("bar", "五一四");
       map.put("baz", 1919810);
       map.put("wts", System.currentTimeMillis() / 1000);
-     map.put("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36");
-     map.put("Referer", "https://www.bilibili.com/");
       StringJoiner param = new StringJoiner("&");
       //排序 + 拼接字符串
       map.entrySet().stream()