LiuMangMang/SmartUp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0b1daf277b0acecbeec6f2698ce147e0d34f3b28
SmartUp/backend/app
T
History
liumangmang 4f9acdc99c feat(auth-capture): full cookie bundle extraction + richer refresh-auth 
Problem: Meow upstream uses Cloudflare, which sets cf_clearance + session
cookies that must all be sent together. The old code only captured a single
session-named cookie via a whitelist, discarding cf_clearance entirely, and
wrote back only 'name=value' instead of the full cookie string.

Changes:

auth_capture_service.py:
  - Add _cookie_matches_hostname(): hostname suffix matching supporting
    dot-prefixed domains (.saki.lat matches api.saki.lat)
  - Add _build_cookie_bundle(): collects ALL cookies matching the current
    page's hostname, returns complete 'name1=v1; name2=v2' string
  - _curate_candidates(): new 'cookie_bundle' candidate type (type=0 in sort,
    highest priority), carries cookie_count + cookie_names in extra fields
  - extract_all(): obtain real-time page URL from session.page.url and pass
    to _curate_candidates so cookie domain filtering is accurate
  - Sort order: cookie_bundle > cookie > bearer_token/api_key > credential
  - Fix bug in original JWT dedup check (was assigning instead of checking)

custom_pages.py:
  - Add logging import + logger
  - _pick_best_candidate(): cookie preferred_auth_type now tries cookie_bundle
    first, then single cookie; bearer/api_key use existing type_map logic
  - RefreshAuthResponse: add optional 'warning' field
  - refresh_auth(): handle ctype='cookie_bundle' same as 'cookie'; always
    write full candidate.value as cookie_string (works for both types)
  - Post-write validation: attempt get_available_groups with new credentials;
    on failure, still commit (lenient mode) but set warning message explaining
    cf_clearance IP-binding as the likely cause; success logs at INFO level

Tests (test_auth_capture.py, 19 cases):
  - _cookie_matches_hostname: exact, dot-prefix subdomain, empty domain,
    different domain, evil-subdomain partial match rejection
  - _build_cookie_bundle: cf_clearance included, cross-domain excluded,
    single cookie, empty value excluded, no cookies
  - _curate_candidates: bundle ranks first, value is full string, bundle
    beats single session cookie, bearer wins when no cookies, empty case,
    cookie_count/cookie_names in extra, session fallback preserved,
    new_api_user propagation to bundle

All 46 tests pass.
2026-06-02 09:32:23 +08:00
..
models
fix(priority-sync): narrow account priority update to competitive groups only
2026-06-01 19:13:14 +08:00
routers
feat(auth-capture): full cookie bundle extraction + richer refresh-auth
2026-06-02 09:32:23 +08:00
schemas
feat(upstreams): add batch test-all / check-now-all endpoints
2026-06-01 16:46:42 +08:00
services
feat(auth-capture): full cookie bundle extraction + richer refresh-auth
2026-06-02 09:32:23 +08:00
utils
feat: sync account priorities after rate changes
2026-05-29 17:51:12 +08:00
__init__.py
Initial commit
2026-05-12 17:51:53 +08:00
config.py
fix: address multiple code audit findings
2026-05-17 10:52:18 +08:00
database.py
fix(priority-sync): narrow account priority update to competitive groups only
2026-06-01 19:13:14 +08:00
main.py
perf: SQLite WAL + 复合索引 + GZip + scheduler jitter + 构建缓存
2026-05-25 00:08:10 +08:00