Xuite

From Archiveteam
Revision as of 06:49, 21 May 2023 by Yts98 (talk | contribs)
Jump to navigation Jump to search
Xuite.net
Xuite logo
URL https://xuite.net/
Status Closing
Archiving status Not saved yet
Archiving type Unknown
IRC channel #archiveteam-bs (on hackint)

Xuite (pronounced "sweet") is a Taiwanese blog website and social networking service operated by Chunghwa Telecom, founded in 2005.

Xuite currently provides blog, photo album, and vlog services until the website shutdown on 2023-08-31.

Shutdown

Announcement:

Xuite隨意窩平台服務終止公告

感謝您長期以來對Xuite隨意窩服務的支持,「Xuite 隨意窩」是許多人曾經的青春日記,也是現在進行式的樂活人生筆記。惟考量現今社群使用習慣改變,為使資源做更有效運用,Xuite隨意窩將於112年8月31日終止服務,並刪除網站全部資料。自112年4月6日起,我們提供所有 Xuiter(會員)後續處理服務,請注意以下關站時程,建議您盡早進行資料備份下載與部落格搬家等相關作業。

Closing schedule

Phase 1: April 6th 10:00 UTC+8 ~ May 1st 10:00 UTC+8, 2023

  • The website functions normally.
  • Data backup and download functions are provided for the members.

Phase 2: May 1st 10:00 UTC+8 ~ August 31st 14:00 UTC+8, 2023

  • Stop the opening of new member registration.
  • The website enters read-only mode, and the management console will be closed.
  • Members can browse the public webpage normally but cannot enter the management console to add, modify or delete the contents.
  • Only data backup and download functions are provided.
  • Force close several types of blog sidebars to protect the website content from crawlers [1].

Phase 3: August 31st 14:00 UTC+8, 2023

  • The website is closed and cannot be accessed.
  • Members cannot backup or restore their data. All data will be deleted.

Domains

The following domains are currently functional:

  • xuite.tw
  • xuite.net
  • api.xuite.net (certificate was expired since 2023-05-19)
  • avatar.xuite.net
  • blog.xuite.net
  • events.xuite.net
  • img.xuite.net
  • m.xuite.net
  • wms.map.xuite.net
  • my.xuite.net
  • pic.xuite.net
  • photo.xuite.net
  • qa.xuite.net
  • s.blog.xuite.net
  • s.photo.xuite.net
  • town.xuite.net
  • vlog.xuite.net
  • *.xuite.com (alias of *.xuite.net)

The following domains host user-generated contents:

  • [0-9a-f].blog.xuite.net
  • [0-9a-f].mms.blog.xuite.net (suffering from invalid certificate common name)
  • [0-9a-f].photo.xuite.net (suffering from invalid certificate common name)
  • o.[0-9a-f].photo.xuite.net
  • [0-9a-f].share.photo.xuite.net
  • [0-9a-f].mms.vlog.xuite.net

The following domains redirect the pages elsewhere:

  • event.xuite.net
  • roomi.xuite.net
  • vip.xuite.net

The following domain always returns HTTP 404:

  • vote.xuite.net

The following domain was down, and the redirection should be handled specially:

  • redir.xuite.net

Site structure

Assuming all the numeric IDs are incrementing, there are about 51M accounts, 6.1M blogs, 591M blog articles, 20.6M albums, 1262M photos, and 33.2M videos or audios on Xuite in the end.

User

Each member has a user_id in the regex form of [A-Za-z0-9._]{1,20} and one or more numeric serial numbers. Mulitiple serial numbers may correspond to the same user_id, possibly due to account merging.

The currently known user serial number ranges are 10000054~30399438, 231366307~261267271, 280000170~280937388.

The user profile service My窩[2] has been terminated since 2021 [3]. There is no way to access the user friend list through the webpage without using the API.

Blog

A member can have multiple blogs. Each blog has a custom alphanumeric blogUrl and a globally unique incremental numeric blog_id. The blogUrl is editable after blog creation.

Each article has a globally unique incremental numeric article_id, not exceeding 590788564.

Photo

Each album has a globally unique incremental numeric album_id.

Each photo has a numeric position number in the album and a globally unique incremental numeric photo_id.

Vlog

Each video or audio has a globally unique incremental numeric MEDIA_ID (not exceeding 33178667), and a FILE_NAME in the regex form of (?:[A-Za-z0-9]{31}|[A-Za-z0-9]{6})-MEDIA_ID\.flv in Base64 encoding forms the video URL.

Members can create directories to categorize media they uploaded, and each media cannot belong to more than one directory [5]. Each directory has a globally unique incremental numeric dir_id.

Members can create playlists to categorize any media on Xuite since 2015 [6]. Each playlist has a globally unique incremental numeric plid.

Flash-based creations

Members used to be able to embed Flash gadgets in blog sidebars or articles. Although these gadgets are deprecated [7][8], the configuration XML files, images and audios shown in FlashVars are archivable.

If http://c.blog.xuite.net/cf/7b/11732000/blog_698/mtv/4711036/flash_config.xml (occasionally) redirects to the forbidden page https://my.xuite.net/error.php?ecode=403, there is an alternative URL https://blog.xuite.net/_users/cf/7b/11732000/blog_698/mtv/4711036/flash_config.xml .

URL shortener

Web page visitors can use the URL shortener by clicking the "短網址" button in the upper right corner of the website toolbar [9].

Others

Other subdomains consists mostly of static content, which has been partially saved by Wayback Machine:

API

Xuite Photo Feed API

The following method returns a JSON-encoded album list of up to 15 albums for the user [10].

The following method returns a JSON-encoded photo list of the album [11].

Xuite API

Members used to be able to apply for Xuite API keys since 2011 [12]. Although new applications were later closed, existing API keys can still be used.

All requests should be accompanied by a signature api_sig derived from the API key and the corresponding 10-digit secret key, but methods with "public" property do not require Oauth 2.0 Authorization from the user.

The signature generation formula is md5(<secret key> + <concatenated parameter values sorted by parameter names>) [13].

For example, if the API key is 500e40b862395d8a177d402d43cee9db, the corresponding secret key is 0123456789, and the query parameters are api_key=500e40b862395d8a177d402d43cee9db&method=xuite.photo.public.getPhotos&user_id=photo&album_id=4286795&pw=&start=0&limit=21, the signature should be md5(01234567894286795500e40b862395d8a177d402d43cee9db21xuite.photo.public.getPhotos0photo) = afc87f038f0c538677609eca6b1e7e88.

Non-public APIs

Some methods are designed to be called by AJAX or Flash. These methods do not require the API key.

User information

Friend list

Similar to Wretch, the friendship of Xuite is directional. Username discovery can be performed in two directions.

Keyword search

The following methods are derived from the Android App that were on Google Play [14].

SQL wildcard characters take effect in the keyword kw.

Blog AJAX

Album photo list

The following method derived from https://blog.xuite.net/_service/swf/slideshow.swf returns an XML-encoded list with album thumbnail and photo size. It uses a 10-character check key that is affected by the day of the week.

Media source info

The following methods return an XML-encoded media source info by providing the Base64-encoded MEDIA_ID solely. The FILE_NAME and owner's user_id can be derived from the returned Base64-encoded flv_src.

Media playlist

This API cannot infer the owner of the playlist.

References

  1. 《公告》提醒您!隨意窩將於112年5月1日進唯讀模式
  2. 《公告》MY窩熱鬧登場囉
  3. 《公告》「My窩」功能下架通知
  4. Some articles removed from the desktop version are still accessible in the mobile version, e.g. https://m.xuite.net/blog/xuite.net/xuite/63545423
  5. 《教學》影音 - 影音管理_資料夾管理
  6. 《教學》影音 - 播放清單功能上線
  7. 《公告》隨意窩部分功能將於2017年3月14日異動、終止
  8. 《公告》舊版Flash相簿播放器下架
  9. 《教學》全網工具列-短網址
  10. 隨意窩 Xuite 相簿 - Feed API - 取得相簿列表 API
  11. 隨意窩 Xuite 相簿 - Feed API - 取得相片 API
  12. 《公告》隨意窩Xuite開放API囉,歡迎大家一起來開發自己的應用程式。
  13. https://web.archive.org/web/20210602094928if_/http://api.xuite.net/css/apiSignature.png
  14. Xuite隨意窩 - Android Apps on Google Play
  15. For password-protected videos (e.g. https://vlog.xuite.net/play/V2JSSGNOLTM2Mzg0MzIubXA0 embedded in https://hornydragon.blogspot.com/2011/05/ck-louis-shameless-1.html), the password hash is md5(XuiteVlog + <password>).

See also


Retrieved from "https://wiki.archiveteam.org/index.php?title=Xuite&oldid=49821"