LiuMangMang/SmartUp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0b1daf277b0acecbeec6f2698ce147e0d34f3b28
SmartUp/backend
T
History
liumangmang 4f9acdc99c feat(auth-capture): full cookie bundle extraction + richer refresh-auth 
Problem: Meow upstream uses Cloudflare, which sets cf_clearance + session
cookies that must all be sent together. The old code only captured a single
session-named cookie via a whitelist, discarding cf_clearance entirely, and
wrote back only 'name=value' instead of the full cookie string.

Changes:

auth_capture_service.py:
  - Add _cookie_matches_hostname(): hostname suffix matching supporting
    dot-prefixed domains (.saki.lat matches api.saki.lat)
  - Add _build_cookie_bundle(): collects ALL cookies matching the current
    page's hostname, returns complete 'name1=v1; name2=v2' string
  - _curate_candidates(): new 'cookie_bundle' candidate type (type=0 in sort,
    highest priority), carries cookie_count + cookie_names in extra fields
  - extract_all(): obtain real-time page URL from session.page.url and pass
    to _curate_candidates so cookie domain filtering is accurate
  - Sort order: cookie_bundle > cookie > bearer_token/api_key > credential
  - Fix bug in original JWT dedup check (was assigning instead of checking)

custom_pages.py:
  - Add logging import + logger
  - _pick_best_candidate(): cookie preferred_auth_type now tries cookie_bundle
    first, then single cookie; bearer/api_key use existing type_map logic
  - RefreshAuthResponse: add optional 'warning' field
  - refresh_auth(): handle ctype='cookie_bundle' same as 'cookie'; always
    write full candidate.value as cookie_string (works for both types)
  - Post-write validation: attempt get_available_groups with new credentials;
    on failure, still commit (lenient mode) but set warning message explaining
    cf_clearance IP-binding as the likely cause; success logs at INFO level

Tests (test_auth_capture.py, 19 cases):
  - _cookie_matches_hostname: exact, dot-prefix subdomain, empty domain,
    different domain, evil-subdomain partial match rejection
  - _build_cookie_bundle: cf_clearance included, cross-domain excluded,
    single cookie, empty value excluded, no cookies
  - _curate_candidates: bundle ranks first, value is full string, bundle
    beats single session cookie, bearer wins when no cookies, empty case,
    cookie_count/cookie_names in extra, session fallback preserved,
    new_api_user propagation to bundle

All 46 tests pass.
2026-06-02 09:32:23 +08:00
..
app
feat(auth-capture): full cookie bundle extraction + richer refresh-auth
2026-06-02 09:32:23 +08:00
requirements.txt
Add remote browser pages and website sync
2026-05-15 15:43:58 +08:00
test_auth_capture.py
feat(auth-capture): full cookie bundle extraction + richer refresh-auth
2026-06-02 09:32:23 +08:00
test_batch_sync.py
feat: add one-click sync for website group bindings
2026-06-01 09:06:01 +08:00
test_browser_session_service.py
feat: add multi-tab support to remote browser
2026-05-30 09:51:51 +08:00
test_browser_tabs.py
test: fix RuntimeWarnings in multi-tab concurrency test
2026-05-30 10:21:30 +08:00
test_custom_pages_autofill.py
Add remote browser pages and website sync
2026-05-15 15:43:58 +08:00
test_group_binding_create_sync.py
test: replace TestClient with direct router calls to fix hang in binding tests
2026-06-01 10:26:23 +08:00
test_priority_sync.py
fix(priority-sync): handle missing rate data and backfill target group on re-import
2026-06-01 19:27:35 +08:00
test_upstream_key_account_import.py
feat: 上游 Key 唯一化、分组导入跳过、账号导入平台识别&远端校验&base_url 注入
2026-05-21 01:16:39 +08:00
test_upstream_key_sync.py
fix: reuse upstream keys for account import
2026-05-24 23:18:40 +08:00
test_upstream.py
fix: Vite type declaration, non-idempotent retry, hardcoded test IP
2026-05-17 11:56:49 +08:00
test_website_client.py
feat: 上游 Key 唯一化、分组导入跳过、账号导入平台识别&远端校验&base_url 注入
2026-05-21 01:16:39 +08:00