Xuite
| Xuite 隨意窩 | |
| |
| |
| URL | https://xuite.net/ |
| Status | Offline |
| Archiving status | Partially saved |
| Archiving type | DPoS, ArchiveBot |
| Project source | xuite-grab |
| Project tracker | xuite |
| IRC channel | #sweet (on hackint) |
| Data[how to use] | archiveteam_xuite job:6k8qmfml9yo2590nr8cjkphk8 job:1qe187vjxxw086byi1t1plpwx job:bk2btiyuvyckixj2v0nbafjxa job:dc1js68hzea2h40oh8qmotl99 job:egesk0ttaj87q37lbue82gl8j |
Xuite (pronounced "sweet") is a Taiwanese blog website and social networking service operated by Chunghwa Telecom, founded in 2005.
Xuite offers blog, photo album, and vlog services until the website shutdown on 2023-08-31. All servers of Xuite stop working at 14:00 (UTC+8).
Shutdown
Announcement:
Xuite隨意窩平台服務終止公告
感謝您長期以來對Xuite隨意窩服務的支持,「Xuite 隨意窩」是許多人曾經的青春日記,也是現在進行式的樂活人生筆記。惟考量現今社群使用習慣改變,為使資源做更有效運用,Xuite隨意窩將於112年8月31日終止服務,並刪除網站全部資料。自112年4月6日起,我們提供所有 Xuiter(會員)後續處理服務,請注意以下關站時程,建議您盡早進行資料備份下載與部落格搬家等相關作業。
Closing schedule
Phase 1: April 6th 10:00 UTC+8 ~ May 1st 10:00 UTC+8, 2023
- The website functions normally.
- Data backup and download functions are provided for the members.
Phase 2: May 1st 10:00 UTC+8 ~ August 31st 14:00 UTC+8, 2023
- Stop the opening of new member registration.
- The website enters read-only mode, and the management console will be closed.
- Members can browse the public webpage normally but cannot enter the management console to add, modify or delete the contents.
- Only data backup and download functions are provided.
- Force close several types of blog sidebars to protect the website content from crawlers [1].
Phase 3: August 31st 14:00 UTC+8, 2023
- The website is closed and cannot be accessed.
- Members cannot backup or restore their data. All data will be deleted.
Domains
The following domains are currently functional:
- xuite.tw
- xuite.net
- api.xuite.net (certificate was expired since 2023-05-19)
- avatar.xuite.net
- blog.xuite.net
- events.xuite.net
- img.xuite.net
- m.xuite.net
- wms.map.xuite.net
- my.xuite.net
- pic.xuite.net
- photo.xuite.net
- qa.xuite.net
- s.blog.xuite.net
- s.photo.xuite.net
- town.xuite.net
- vlog.xuite.net
- *.xuite.com (alias of *.xuite.net)
The following domains host user-generated contents:
- [0-9a-f].blog.xuite.net
- [0-9a-f].mms.blog.xuite.net (suffering from invalid certificate common name)
- [0-9a-f].photo.xuite.net (suffering from invalid certificate common name)
- o.[0-9a-f].photo.xuite.net
- [0-9a-f].share.photo.xuite.net
- [0-9a-f].mms.vlog.xuite.net
The following domains redirect the pages elsewhere:
- event.xuite.net
- roomi.xuite.net
- vip.xuite.net
The following domain always returns HTTP 404:
- vote.xuite.net
The following domain was down, and the redirection should be handled specially:
- redir.xuite.net
Site structure
Assuming all the numeric IDs are incrementing, there are about 51M accounts, 6.1M blogs, 591M blog articles, 20.6M albums, 1262M photos, and 33.2M videos or audios on Xuite in the end.
User
Each member has a user_id in the regex form of [A-Za-z0-9._]{1,20} and one or more numeric serial numbers (sn). Multiple serial numbers may correspond to the same user_id, possibly due to account merger or user_id takeover.
It seems that newly registered Chunghwa Telecom member will be automatically assigned a Xuite account chttw_[0-9]{10}, so the serial number keeps growing after the read-only phase.
The currently known user serial number ranges are 10000054~30399438, 231366307~261267271, 280000170~281076360.
- User homepage: https://m.xuite.net/home/xuite.net
- User avatar: https://avatar.xuite.net/12084878/s https://avatar.xuite.net/12084878
- User profile: https://blog.xuite.net/_theme/snapshot/snapshot_avatar.php?mid=10000728
The user profile service My窩[2] has been terminated since 2021 [3]. Right now it is not possible to access the user friend list through the webpage without using the API.
- https://web.archive.org/web/20201028090057/https://mywall.xuite.net/xuite.net
- https://web.archive.org/web/20201127081902/https://mywall.xuite.net/xuite.net/friend
- https://web.archive.org/web/20201127093949/https://mywall.xuite.net/xuite.net/friend/fan
- https://web.archive.org/web/20201127092805/https://mywall.xuite.net/xuite.net/friend/follow (mutual friendship)
- https://web.archive.org/web/20190507224727/https://my.xuite.net/friend/xuite.net
- https://web.archive.org/web/20140817084210/http://my.xuite.net/service/friend/guest/friend.php?widget=FriendList&uid=xuite.net
- https://web.archive.org/web/20130204224626/http://my.xuite.net/service/friend/guest/friend.php?widget=FanList&uid=xuite.net
Blog
A member can have multiple blogs. Each blog has a custom alphanumeric blogUrl / blog_name and a globally unique incremental numeric blog_id. blogUrl was editable after blog creation, before read-only phase. Malicious blog owners were able to bypass front-end JavaScript checks and submit malformed blogUrls, making their blogs inaccessible.
Each article has a globally unique incremental numeric article_id, not exceeding 590788564.
- Blog service homepage:
- Article search:
- User blog list: https://m.xuite.net/blog/xuite.net
Photo
Each album has a globally unique incremental numeric album_id.
Each photo has a numeric position number (serial) in the album and a globally unique incremental numeric photo_id.
- Photo service homepage:
- Album search:
- User albums: https://m.xuite.net/photo/xuite.net
- Album: https://m.xuite.net/photo/xuite.net/20641189
- Photo: https://photo.xuite.net/xuite.net/20641189/6.jpg https://photo.xuite.net/xuite.net/20641189/6.jpg/sizes/o/
- https://o.1.photo.xuite.net/1/e/4/c/xuite.net/20641189/1260825535.jpg (original, valid Referer header should be provided)
- https://1.share.photo.xuite.net/xuite.net/11e4c64/20641189/1260825535_x.jpg
- https://1.share.photo.xuite.net/xuite.net/11e4c64/20641189/1260825535_l.jpg
- https://1.share.photo.xuite.net/xuite.net/11e4c64/20641189/1260825535_m.jpg
- https://1.share.photo.xuite.net/xuite.net/11e4c64/20641189/1260825535_s.jpg
- https://1.share.photo.xuite.net/xuite.net/11e4c64/20641189/1260825535_t.jpg
- https://1.share.photo.xuite.net/xuite.net/11e4c64/20641189/1260825535_q.jpg
- https://1.share.photo.xuite.net/xuite.net/11e4c64/20641189/1260825535_Q.jpg
- Photo: https://photo.xuite.net/xuite.net/20641189/6.jpg https://photo.xuite.net/xuite.net/20641189/6.jpg/sizes/o/
- Album: https://m.xuite.net/photo/xuite.net/20641189
- User album search:
- By category: https://photo.xuite.net/_category?st=cat&uid=xuite.net&sk=130
- By keyword: https://photo.xuite.net/_category?st=search&uid=xuite.net&sk=教學
- By tag: https://photo.xuite.net/_category?sn=14050103&tagid=1d614867fdee88d6e80402365c5db4ca https://m.xuite.net/photo/pertinaso?t=tag&p=1d614867fdee88d6e80402365c5db4ca
Vlog
Each video or audio has a globally unique incremental numeric MEDIA_ID (not exceeding 33178667), and a FILE_NAME in the regex form of (?:[A-Za-z0-9]{31}|[A-Za-z0-9]{6})-MEDIA_ID\.flv in Base64 encoding forms the video URL.
Members can create directories to categorize media they uploaded, and each media cannot belong to more than one directory [5]. Each directory has a globally unique incremental numeric dir_id.
Members can create playlists to categorize any media on Xuite since 2015 [6]. Each playlist has a globally unique incremental numeric plid.
- Vlog service homepage:
- https://m.xuite.net/vlog
- https://vlog.xuite.net/_portal/list/expert
- https://vlog.xuite.net/_portal/list/latest
- https://vlog.xuite.net/_portal/list/movie
- https://vlog.xuite.net/_portal/list/recommend
- https://vlog.xuite.net/_portal/promote/life
- https://vlog.xuite.net/_portal/promote/creation
- https://vlog.xuite.net/_portal/promote/funny
- https://vlog.xuite.net/_portal/promote/popular
- https://vlog.xuite.net/_portal/promote/topic?id=2021
- https://vlog.xuite.net/_portal/cat/1
- Vlog search:
- User videos and audios: https://m.xuite.net/vlog/xuite.net https://vlog.xuite.net/xuite.net/rss.xml
- Video: https://vlog.xuite.net/play/VmFxcktJLTIwMTM0MjAxLmZsdg== https://vlog.xuite.net/embed/VmFxcktJLTIwMTM0MjAxLmZsdg== https://m.xuite.net/vlog/xuite.net/VmFxcktJLTIwMTM0MjAxLmZsdg==
- https://5.mms.vlog.xuite.net/video/xuite.net/VmFxcktJLTIwMTM0MjAxLmZsdg==?k=a9b5eb73f3f72123578da3385afedcbf&q=720 (session key expired)
- https://5.mms.vlog.xuite.net/video/xuite.net/VmFxcktJLTIwMTM0MjAxLmZsdg==?k=a9b5eb73f3f72123578da3385afedcbf&q=360 (session key expired)
- https://vlog.xuite.net/media/home1/1e/4c/12084878/50026/448749-20134201.jpg
- https://vlog.xuite.net/media/home1/1e/4c/12084878/50026/n_448749-20134201.jpg
- https://vlog.xuite.net/media/home1/1e/4c/12084878/50026/sbx-20134201.jpg
- Audio: https://vlog.xuite.net/play/UDVRR1ZxLTUwOTgyNjcuZmx2 https://vlog.xuite.net/embed/UDVRR1ZxLTUwOTgyNjcuZmx2 https://m.xuite.net/vlog/xuite.net/UDVRR1ZxLTUwOTgyNjcuZmx2
- Directory: https://m.xuite.net/vlog/xuite.net?t=cat&p=/3720616&dir_num=all
- Video: https://vlog.xuite.net/play/VmFxcktJLTIwMTM0MjAxLmZsdg== https://vlog.xuite.net/embed/VmFxcktJLTIwMTM0MjAxLmZsdg== https://m.xuite.net/vlog/xuite.net/VmFxcktJLTIwMTM0MjAxLmZsdg==
- User playlists: https://m.xuite.net/vlog/xuite.net?vt=1
Flash-based creations
Members used to be able to embed Flash gadgets in blog sidebars or articles. Although these gadgets are deprecated [7][8], the configuration XML files, images and audios shown in FlashVars are archivable.
If http://c.blog.xuite.net/cf/7b/11732000/blog_698/mtv/4711036/flash_config.xml (occasionally) redirects to the forbidden page https://my.xuite.net/error.php?ecode=403, there is an alternative URL https://blog.xuite.net/_users/cf/7b/11732000/blog_698/mtv/4711036/flash_config.xml .
In articles
- 變身錄音筆 / 變身錄音機 (DJShow)
- https://blog.xuite.net/_service/djshow/swf/main.swf?xml_url=//6.blog.xuite.net/6/e/5/1/21075526/blog_1257561/djshow/22610825/flash_config.xml&server_url=/_users&service_url=/_service/djshow/&face_swf_url=/_service/face2&mp3path=&txtpath=&act=show&face_url=https://6.blog.xuite.net/6/e/5/1/21075526/face.xml
- 自拍相片本 (Slideshow)
- 寶貝錄影盒 / 百變Flash (DV)
- https://f.blog.xuite.net/f/6/7/6/12304084/blog_64463/dv/3738030/3738030.asx
- https://0.blog.xuite.net/0/e/1/4/13824301/blog_199185/dv/5929554/5929554.swf
- https://0.blog.xuite.net/0/5/a/3/14578726/blog_277729/dv/5958500/5958500.wmv
- https://2.blog.xuite.net/2/f/4/e/14154578/blog_165166/dv/10542044/10542044.wma
- https://b.blog.xuite.net/b/8/4/f/14976454/blog_319562/dv/10618644/10618644.mp3
- 愛秀投影機 (MTV)
- 快速變臉筆 (Snap)
- 手寫塗鴉版 (Paint)
- 相簿Slideshow
In blog sidebars
- 留言塗鴉版 (Smallpaint)
- 電視牆 (TV Wall)
URL shortener
Web page visitors can use the URL shortener by clicking the "短網址" button in the upper right corner of the website toolbar [9].
- https://xuite.tw/x/1 https://cht.tw/x/1
- https://xuite.tw/x/5p3h https://cht.tw/x/5p3h
- https://xuite.tw/x/vp87d https://cht.tw/x/vp87d
Others
Other subdomains consists mostly of static content, which has been partially saved by Wayback Machine:
- https://events.xuite.net/ (some files are corrupted since 2014)
- https://wms.map.xuite.net/poi/MapExp.php?area=2
- https://photo.xuite.net/_/2006
- https://photo.xuite.net/_/2018?081
- https://town.xuite.net/
API
Xuite Photo Feed API
The following method returns a JSON-encoded album list of up to 15 albums for the user [10].
The following method returns a JSON-encoded photo list of the album [11].
Xuite API
Members used to be able to apply for Xuite API keys since 2011 [12]. Although new applications were later closed, existing API keys can still be used.
All requests should be accompanied by a signature api_sig derived from the API key and the corresponding 10-digit secret key, but methods with "public" property do not require Oauth 2.0 Authorization from the user.
The signature generation formula is md5(<secret key> + <concatenated parameter values sorted by parameter names>) [13].
For example, if the API key is 500e40b862395d8a177d402d43cee9db, the corresponding secret key is 0123456789, and the query parameters are api_key=500e40b862395d8a177d402d43cee9db&method=xuite.photo.public.getPhotos&user_id=photo&album_id=4286795&pw=&start=0&limit=21, the signature should be md5(01234567894286795500e40b862395d8a177d402d43cee9db21xuite.photo.public.getPhotos0photo) = afc87f038f0c538677609eca6b1e7e88.
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=aafb46d0df84917ed392e78d1ec82658&method=xuite.blog.public.getBlogs&user_id=xuite.net
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=91ddd494df969a9d48ba9fbd0a6d79bc&method=xuite.blog.public.getBlogCategories&blog_id=1600410&user_id=xuite.net&blog_pw=
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=e3dc246eefd4e9af61b72a304f1c6770&method=xuite.blog.public.getArticles&blog_id=1600410&user_id=xuite.net&start=1&limit=10&blog_pw=&keyword=&category_id=&date=&month=
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=795bab333a613bbb98e2e8565ca81b07&method=xuite.blog.public.getTopArticle&blog_id=1600410&user_id=xuite.net
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=a48b707bd2f450b50a9867c8696120f0&method=xuite.blog.public.getArticle&blog_id=1600410&user_id=xuite.net&article_id=590728303&blog_pw=&article_pw=
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=d42da343050f94a5b4d6f56dc2d22607&method=xuite.photo.public.getAlbums&user_id=xuite.net&event_set=&start=0&limit=
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=2b4763d62e83debca7d39ef2c3ef3062&method=xuite.photo.public.getPhotos&user_id=xuite.net&album_id=20641189&pw=&start=0&limit=500
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=6d1aa016a78e65eb274615cb85eecb98&method=xuite.vlog.public.getVlogs&user_id=xuite.net&start=0&limit=1000&type= (audio and video)
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=37911577db268829b77b693756f0015d&method=xuite.vlog.public.getVlogs&user_id=xuite.net&start=0&limit=1000&type=1 (audio)
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=0a7864784df7b49adb1ae4cdc3b16b2a&method=xuite.vlog.public.getVlogs&user_id=xuite.net&start=0&limit=1000&type=2 (video)
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=2bbc545d3fb3ee59e1ea42e509d6da0e&method=xuite.vlog.public.getVlog&vlog_id=VmFxcktJLTIwMTM0MjAxLmZsdg==&passwd=&site=vlog
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=5f1485179c83a9905d674390ac191613&method=xuite.vlog.public.getDirs&user_id=xuite.net
- https://api.xuite.net/api.php?api_key=500e40b862395d8a177d402d43cee9db&api_sig=7e43f9d5fb8ae4eb1b0e4b6295e58a41&method=xuite.vlog.public.getVlogsByDir&user_id=xuite.net&dir_id=3720616
Non-public APIs
Some methods are designed to be called by AJAX or Flash. These methods do not require the API key.
User information
- User nickname: https://my.xuite.net/service/account/api/external/sn_name.php?sn=11731841
- User profile: https://blog.xuite.net/_theme/member_data.php?lid=photo
Friend list
Similar to Wretch, the friendship of Xuite is directional. Username discovery can be performed in two directions.
- https://my.xuite.net/service/friend/api/external/friendList.php?sn=12084878&listType=friend&withGroup=false
- https://my.xuite.net/service/friend/api/external/friendList.php?sn=12084878&listType=friend&withGroup=true&callback=addFriendList
- https://my.xuite.net/service/friend/api/external/friendList.php?sn=12084878&listType=addme
- https://my.xuite.net/service/friend/api/external/friendListInfo.php?sn=12084878&listType=friend
- https://my.xuite.net/service/friend/api/external/friendListInfo.php?sn=12084878&listType=addme
Keyword search
The following methods are derived from the Android App that were on Google Play [14].
SQL wildcard characters take effect in the keyword kw.
- Search article title: https://m.xuite.net/rpc/search?method=blog&kw=隨意窩&offset=1&limit=30
- Search vlog title/description: https://m.xuite.net/rpc/search?method=vlog&kw=謝謝一路有妳陪著我&offset=1&limit=30
- Search user_id prefix: https://m.xuite.net/rpc/search?method=account&kw=chris65&offset=1&limit=30
- Search user nickname: https://m.xuite.net/rpc/search?method=nickname&kw=中華電信用戶&offset=1&limit=30
Blog AJAX
- Blog popularity counter: https://blog.xuite.net/_theme/CountSideExp.php?bid=1600410
- Article popularity counter: https://blog.xuite.net/_theme/ArticleDetailCounterExp.php?aid=326198595
- Article trackback section: https://blog.xuite.net/_theme/TrackBackShowExp.php?aid=326198595&b_login=xuite.net&b_url=xuite&mid=12084878&bid=1600410&a_author_id=12084878&track_flag=Y&index=
- Article comment section: https://blog.xuite.net/_theme/MessageShowExp.php?ver=new&aid=326198595&uid=12084878&bid=1600410&a_author_id=12084878&index=&mid=
Album photo list
The following method derived from https://blog.xuite.net/_service/swf/slideshow.swf returns an XML-encoded list with album thumbnail and photo size. It uses a 10-character check key that is affected by the day of the week.
- https://photo.xuite.net/@api_slide?key=xuite.net/20641189&count=10000&check=0016c3d2d6 (Monday)
- https://photo.xuite.net/@api_slide?key=xuite.net/20641189&count=10000&check=00161151d5 (Tuesday)
- https://photo.xuite.net/@api_slide?key=xuite.net/20641189&count=10000&check=00165095dd (Wednesday)
- https://photo.xuite.net/@api_slide?key=xuite.net/20641189&count=10000&check=001602181a (Thursday)
- https://photo.xuite.net/@api_slide?key=xuite.net/20641189&count=10000&check=0016d9e106 (Friday)
- https://photo.xuite.net/@api_slide?key=xuite.net/20641189&count=10000&check=001684585b (Saturday)
- https://photo.xuite.net/@api_slide?key=xuite.net/20641189&count=10000&check=00165d832b (Sunday)
Media source info
The following methods return an XML-encoded media source info by providing the Base64-encoded MEDIA_ID solely. The FILE_NAME and owner's user_id can be derived from the returned Base64-encoded flv_src.
- https://vlog.xuite.net/_api/media/playcheck/media/MjAxMzQyMDE=
- https://vlog.xuite.net/_api/media/playcheck/media/NTA5ODI2Nw==
- https://vlog.xuite.net/_api/media/playcheck/media/MzYzODQzMg==/pwd/93a5de30baaf8e9bc3b15288c8d45ecb [15]
- https://vlog.xuite.net/flash/player?media=MjAxMzQyMDE=
- https://vlog.xuite.net/flash/player?media=NTA5ODI2Nw==
- https://vlog.xuite.net/flash/audioplayer?media=NTA5ODI2Nw==
Media playlist
This API cannot infer the owner of the playlist.
- https://vlog.xuite.net/flash/playlist?plid=138725
- https://vlog.xuite.net/_pub/conf_playlist_v2.php?plid=138725
References
- ↑ 《公告》提醒您!隨意窩將於112年5月1日進唯讀模式
- ↑ 《公告》MY窩熱鬧登場囉
- ↑ 《公告》「My窩」功能下架通知
- ↑ Some articles removed from the desktop version are still accessible in the mobile version, e.g. https://m.xuite.net/blog/xuite.net/xuite/63545423
- ↑ 《教學》影音 - 影音管理_資料夾管理
- ↑ 《教學》影音 - 播放清單功能上線
- ↑ 《公告》隨意窩部分功能將於2017年3月14日異動、終止
- ↑ 《公告》舊版Flash相簿播放器下架
- ↑ 《教學》全網工具列-短網址
- ↑ 隨意窩 Xuite 相簿 - Feed API - 取得相簿列表 API
- ↑ 隨意窩 Xuite 相簿 - Feed API - 取得相片 API
- ↑ 《公告》隨意窩Xuite開放API囉,歡迎大家一起來開發自己的應用程式。
- ↑ https://web.archive.org/web/20210602094928if_/http://api.xuite.net/css/apiSignature.png
- ↑ Xuite隨意窩 - Android Apps on Google Play
- ↑
For password-protected videos (e.g. https://vlog.xuite.net/play/V2JSSGNOLTM2Mzg0MzIubXA0 embedded in https://hornydragon.blogspot.com/2011/05/ck-louis-shameless-1.html), the password hash is
md5(XuiteVlog + <password>).
External links