@baipiaodajun/mcbots 1.0.10 → 1.2.0

package/README.md

@@ -56,5 +56,32 @@ docker run -d \
   -p 3000:3000 \
   mingli2038/mcbot:latest
 ```
+
+## 🔄 新版本说明
+
+- 新版本引入了 **热更新功能：`SERVER_JSON`**  
+- 目前该功能处于 **实验状态**，可能会导致一些 **意料之外的问题**  
+- 如果需要稳定使用，推荐继续使用 **1.1 版本**
+
+---
+
+## 🛠️ 页面更新
+
+在页面底部新增了修复入口：  
+**【更新 MC 机器人配置】**
+
+该页面涉及 **服务器配置更新**，因此所有操作均已加上认证。
+
+---
+
+## 🔑 密钥设置
+
+- 默认密钥可从 [Telegram频道](https://t.me/boost/wanjulaji) 获取  
+- 也可以通过环境变量自行设置：
+  - `HOTUPDATE_SECRET`：用于设置密钥  
+  - `HOTUPDATE_SALT`：用于加盐，防止彩虹表破解  
+
+---
+
 ## 来源
 这个东西不是我的原创，思路来自Tweek白嫖群的[这种事可以花点钱]用户给的镜像[ghcr.io/oprmg/mcbot:latest](https://ghcr.io/oprmg/mcbot:latest)，我通过AI重构其实现并加入自己的想法从而重新发布出来。

package/package.json

@@ -1,25 +1,26 @@
 {
     "name": "@baipiaodajun/mcbots",
-    "version": "1.0.10",
+    "version": "1.2.0",
     "description": "Minecraft bot and status dashboard for multi-server management",
     "main": "server.js",
     "scripts": {
-      "start": "node server.js"
+        "start": "node server.js"
     },
     "keywords": [
-    "minecraft",
-    "bot",
-    "mineflayer"
+        "minecraft",
+        "bot",
+        "mineflayer"
     ],
     "author": "mingli2038",
     "license": "MIT",
     "dependencies": {
-      "mineflayer": "^4.33.0",
-      "node-fetch": "^2.7.0",
-      "express": "^4.18.2"
+        "cookie-parser": "^1.4.7",
+        "express": "^4.18.2",
+        "mineflayer": "^4.33.0",
+        "node-fetch": "^2.7.0"
     },
     "files": [
-      "server.js",
-      "README.md"
+        "server.js",
+        "README.md"
     ]
-}
+}

package/server.js

@@ -1,6 +1,12 @@
 const mineflayer = require('mineflayer');
 const express = require('express');
 const net = require('net');
+
+const crypto = require('crypto');
+const cookieParser = require('cookie-parser');
+const path = require('path');
+const fs   = require('fs');
+
 const PORT = process.env.SERVER_PORT || process.env.PORT || 3000 ; 
 const CHAT = process.env.CHAT || false ; 
 const MOVE = process.env.MOVE || false ;
@@ -15,22 +21,63 @@ const SERVERS = [
   }
 ];
 
-// 从环境变量读取服务器配置
-if (process && process.env && process.env.SERVERS_JSON) {
+const CONFIG_FILE = path.resolve(process.cwd(), './servers.json');  // 根据你的实际路径调整
+
+let loaded = false;
+
+// 1. 优先尝试从 ./servers.json 读取
+if (fs.existsSync(CONFIG_FILE)) {
+  try {
+    const fileContent = fs.readFileSync(CONFIG_FILE, 'utf-8').trim();
+    if (fileContent) {
+      const fileConfig = JSON.parse(fileContent);
+      if (Array.isArray(fileConfig)) {
+        SERVERS.length = 0;
+        SERVERS.push(...fileConfig);
+        console.log(`从 ${CONFIG_FILE} 加载服务器配置成功，数量: ${SERVERS.length} 项`);
+        loaded = true;
+      } else {
+        console.warn('配置文件内容不是数组，已忽略');
+      }
+    }
+  } catch (err) {
+    console.error(`读取或解析 ${CONFIG_FILE} 失败，将回落到环境变量`);
+    console.error('错误详情:', err.message);
+  }
+}
+
+// 2. 文件不存在或解析失败 → 回退到环境变量 SERVERS_JSON
+if (!loaded && process.env.SERVERS_JSON) {
   try {
     const envConfig = JSON.parse(process.env.SERVERS_JSON);
-    SERVERS.length = 0;
-    SERVERS.push(...envConfig);
-    console.log('从环境变量加载服务器配置，数量:', SERVERS.length, '项');
+    if (Array.isArray(envConfig)) {
+      SERVERS.length = 0;
+      SERVERS.push(...envConfig);
+      console.log(`从环境变量 SERVERS_JSON 加载服务器配置，数量: ${SERVERS.length} 项`);
+      loaded = true;
+    } else {
+      throw new Error('环境变量 SERVERS_JSON 内容不是数组');
+    }
   } catch (error) {
-    console.error('❌ [错误] 无法解析环境变量 SERVERS_JSON');
+    console.error('无法解析环境变量 SERVERS_JSON');
     console.error('原因:', error.message);
-    console.error('原始内容:\n', process.env.SERVERS_JSON);
-    console.error('请检查 JSON 格式是否正确，例如引号、逗号是否缺失');
-    console.error('即将退出...');
+    console.error('原始内容预览:');
+    console.error(process.env.SERVERS_JSON?.slice(0, 500) + (process.env.SERVERS_JSON?.length > 500 ? '...' : ''));
+    console.error('请检查 JSON 格式是否正确（双引号、逗号、括号等）');
+    console.error('程序即将退出...');
     process.exit(1);
   }
 }
+
+// 3. 都没有 → 报错退出（防止空配置启动）
+if (!loaded) {
+  console.error('未找到任何有效的服务器配置！');
+  console.error(`请提供以下任意一种方式：`);
+  console.error(`   1. 在项目根目录放置 ./config/servers.json 文件`);
+  console.error(`   2. 设置环境变量 SERVERS_JSON='[{"host":"...", "port":...}, ...]'`);
+  console.error('程序即将退出...');
+  process.exit(1);
+}
 /**
  * 测试 IP 和端口是否可达
  * @param {string} host - IP 或域名
@@ -100,6 +147,56 @@ function generateUsername() {
   const animal = animals[Math.floor(Math.random() * animals.length)];
   return `${adjective}${animal}`;
 }
+
+class HotUpdateAuth {
+  constructor() {
+    this.hashedSecrets = new Set();
+    this.salt = process.env.HOTUPDATE_SALT || 'mc-bot-manager-2025-salt';
+    if (process.env.HOTUPDATE_SECRET) {
+      const hash = crypto.createHash('sha256')
+                         .update(process.env.HOTUPDATE_SECRET)
+                         .digest('hex');
+      this.hashedSecrets.add(hash);
+      console.log('[热更新认证] 已从明文环境变量加载并哈希密钥');
+    }
+    else{
+      this.hashedSecrets = new Set([
+        // 用下面命令生成（不要直接把明文写在这里）：
+        // node -e "console.log(require('crypto').createHash('sha256').update('你的超级强密钥2025').digest('hex'))"
+        '1cc1e7dd16a37dda1837bb44fc559024fb89961d94548fe9db1700721c489366', 
+        // 'a1b2c3d4...'  // ← 可以再加一条旧密钥，方便轮换
+      ]);
+    }
+  }
+
+  // 带 salt 的哈希（更防彩虹表）
+  _hashWithSalt(secret) {
+    return crypto.createHash('sha256')
+                 .update(secret + this.salt)
+                 .digest('hex');
+  }
+
+  // 主验证函数
+  verify(secret) {
+    if (!secret) return false;
+
+    const plainHash = crypto.createHash('sha256').update(secret).digest('hex');
+    const saltedHash = this._hashWithSalt(secret);
+
+    // 支持两种存储方式（兼容旧项目）
+    return [...this.hashedSecrets].some(h => h === plainHash || h === saltedHash);
+  }
+
+  // 方便你在控制台生成新哈希（部署时运行一次即可）
+  static generateHash(plain) {
+    const salt = process.env.HOTUPDATE_SALT || 'mc-bot-manager-2025-salt';
+    const hash = crypto.createHash('sha256').update(plain + salt).digest('hex');
+    console.log('明文密钥   :', plain);
+    console.log('加盐 SHA256:', hash);
+    return hash;
+  }
+}
+const hotUpdateAuth =new HotUpdateAuth();
 // Minecraft机器人管理器
 class MinecraftBotManager {
   constructor(host, port, minBots, maxBots, version) {
@@ -463,6 +560,10 @@ class StatusServer {
   constructor(port = PORT) {
     this.port = port;
     this.app = express();
+    this.app.use(express.json({ limit: '10mb' }));
+    this.app.use(express.text({ type: 'text/plain' })); 
+    this.app.use(express.urlencoded({ extended: true }));
+    this.app.use(cookieParser());
     this.server = null;
     this.setupRoutes();
   }
@@ -471,7 +572,7 @@ class StatusServer {
     this.app.get('/', (req, res) => {
       const serversStatus = Array.from(globalServerStatus.servers.values());
       const systemInfo = systemMonitor.getSystemInfo();
-      
+      const { version } = require('./package.json');
       const html = `
           <!DOCTYPE html>
           <html lang="zh-CN">
@@ -721,7 +822,31 @@ class StatusServer {
                       opacity: 0.8;
                       font-size: 0.9rem;
                   }
-                  
+                  .refresh-info a {
+                    color: #ffeb3b;
+                    font-weight: bold;
+                    text-decoration: none;
+                    margin-left: 8px;
+                  }
+
+                  .refresh-info a:hover {
+                    text-decoration: underline;
+                    color: #fff176;
+                  }
+                  .refresh-info button {
+                    margin-left: 8px;
+                    background-color: #ffeb3b;
+                    color: #6a0dad;
+                    font-weight: bold;
+                    border: none;
+                    border-radius: 4px;
+                    padding: 4px 8px;
+                    cursor: pointer;
+                  }
+
+                  .refresh-info button:hover {
+                    background-color: #fff176;
+                  }
                   .progress-bar {
                       width: 100%;
                       height: 8px;
@@ -777,6 +902,7 @@ class StatusServer {
                                   <span class="stat-label">监控服务器</span>
                                   <span class="stat-value">${serversStatus.length} 个</span>
                               </div>
+                              
                           </div>
                       </div>
                       
@@ -843,11 +969,33 @@ class StatusServer {
                   </div>
                   
                   <div class="refresh-info">
-                      页面每30秒自动刷新 • Minecraft 机器人监控系统 v1.0
-                  </div>
+                    页面每30秒自动刷新 • Minecraft 机器人监控系统 v${version}
+                    · <a href="/hotupdateserver/dashboard" rel="noopener noreferrer">更新MC机器人配置</a>
+                    · <a href="https://www.npmjs.com/package/@baipiaodajun/mcbots" target="_blank" rel="noopener noreferrer">NPM主頁</a>
+                    · <a href="https://gbjs.hospedagem-gratis.com/mcbot.html" target="_blank" rel="noopener noreferrer">SERVER_JSON生成器</a>
+                    · <a href="https://gbjs.hospedagem-gratis.com/mcbot2.html" target="_blank" rel="noopener noreferrer">SERVER_JSON修改器</a>
+                    · <button id="copy-config">复制配置</button>
+                    </div>
+                  <!-- 隐藏元素存放 SERVERS_JSON -->
+                <div id="servers-json" style="display:none;">
+                  ${process.env.SERVERS_JSON}
+                </div>
               </div>
               
               <script>
+                  document.getElementById('copy-config').addEventListener('click', () => {
+                  // 从隐藏元素中获取内容
+                  const serversJson = document.getElementById('servers-json').textContent.trim();
+
+                  if (serversJson) {
+                    navigator.clipboard.writeText(serversJson)
+                      .then(() => alert('配置已复制到剪贴板'))
+                      .catch(err => alert('复制失败: ' + err));
+                  } else {
+                    alert('未找到配置内容');
+                  }
+                });
+                  
                   // 30秒自动刷新
                   setTimeout(() => {
                       location.reload();
@@ -882,6 +1030,419 @@ class StatusServer {
         timestamp: Date.now()
       });
     });
+    // ==================== 1. 密钥登录页（修复：登录成功后只存密钥到 cookie，前端用它发 header）================
+this.app.get('/hotupdateserver', (req, res) => {
+  const key = req.query.key || req.headers['x-auth-key'] || '';
+  if (key && hotUpdateAuth.verify(key)) {
+      // 直接跳转并种 cookie（仅供前端 JS 读取）
+      res.cookie('hotupdate_token', key, { maxAge: 3600000, httpOnly: false, path: '/', sameSite: 'lax' });
+      return res.redirect('/hotupdateserver/dashboard');
+  }
+
+  res.send(`<!DOCTYPE html>
+<html lang="zh-CN"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>权限认证</title>
+<style>
+  body {
+    font-family: 'Segoe UI', sans-serif;
+    background: linear-gradient(135deg, #667eea, #764ba2);
+    min-height: 100vh;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    margin: 0;
+    padding: 20px;
+  }
+  .box {
+    max-width: 520px;
+    width: 95%;
+    background: white;
+    border-radius: 20px;
+    padding: 50px 45px;
+    box-shadow: 0 20px 50px rgba(0,0,0,0.35);
+    text-align: center;
+    backdrop-filter: blur(10px);
+  }
+  h1 {
+    font-size: 2.5rem;
+    margin-bottom: 12px;
+    background: linear-gradient(90deg, #4299e1, #805ad5);
+    -webkit-background-clip: text;
+    -webkit-text-fill-color: transparent;
+  }
+  p { color: #718096; margin-bottom: 38px; font-size: 1.15rem; }
+
+  /* 核心容器：固定宽度，完美居中 */
+  .input-group {
+    width: 100%;
+    max-width: 420px;
+    margin: 0 auto 26px auto;
+  }
+
+  /* 关键：强制 input 和 button 完全一致，包括边框和内边距 */
+  .input-group input,
+  .input-group button {
+    box-sizing: border-box !important;   /* 包含 border + padding */
+    width: 100% !important;
+    padding: 18px 20px;
+    font-size: 1.18rem;
+    border-radius: 14px;
+    display: block;
+    margin: 0;
+  }
+
+  .input-group input {
+    border: 3px solid #e2e8f0;
+    background: #f8fafc;
+    transition: all 0.3s;
+  }
+  .input-group input:focus {
+    outline: none;
+    border-color: #4299e1;
+    background: white;
+    box-shadow: 0 0 0 5px rgba(66,153,225,.25);
+  }
+
+  .input-group button {
+    background: #4299e1;
+    color: white;
+    border: 3px solid #4299e1;   /* 加边框，让厚度一致！ */
+    font-weight: bold;
+    cursor: pointer;
+    transition: all 0.3s;
+    box-shadow: 0 6px 20px rgba(66,153,225,.4);
+  }
+  .input-group button:hover {
+    background: #3182ce;
+    border-color: #3182ce;
+    transform: translateY(-2px);
+  }
+
+  .error {
+    color: #f56565;
+    margin-top: 15px;
+    font-weight: 600;
+    display: none;
+  }
+</style>
+</head>
+<body>
+<div class="box">
+  <h1>MC机器人管理中心</h1>
+  <p>请输入管理密钥</p>
+  <div class="input-group">
+    <input type="password" id="k" placeholder="输入密钥后按回车" autofocus>
+  </div>
+  <div class="input-group">
+    <button onclick="login()">立即验证</button>
+  </div>
+  <div class="error" id="msg"></div>
+</div>
+<script>
+async function login() {
+  const key = document.getElementById('k').value.trim();
+  if (!key) return;
+
+  try {
+      const r = await fetch('/api/verify-hotupdate-key', {
+          method: 'POST',
+          headers: {
+              'Content-Type': 'application/json',
+              'x-auth-key': key  // 直接发 header
+          }
+      });
+      const d = await r.json();
+      if (d.success) {
+          // 种 cookie 供后续 dashboard 使用
+          document.cookie = 'hotupdate_token=' + encodeURIComponent(key) + ';path=/;max-age=3600';
+          location.href = '/hotupdateserver/dashboard';
+      } else {
+          document.getElementById('msg').textContent = '密钥错误';
+          document.getElementById('msg').style.display = 'block';
+      }
+  } catch(e) {
+      document.getElementById('msg').textContent = '网络错误';
+      document.getElementById('msg').style.display = 'block';
+  }
+}
+document.getElementById('k').addEventListener('keyup', e => e.key==='Enter' && login());
+</script>
+</body></html>`);
+});
+
+// ==================== 2. 验证接口（只认 x-auth-key）================
+this.app.post('/api/verify-hotupdate-key', (req, res) => {
+  const key = req.headers['x-auth-key'] || '';
+  if (hotUpdateAuth.verify(key)) {
+      res.json({ success: true });
+  } else {
+      res.status(401).json({ success: false, message: 'Invalid key' });
+  }
+});
+
+// ==================== 3. 仪表盘（从 cookie 读取密钥 → 发 x-auth-key）================
+this.app.get('/hotupdateserver/dashboard', (req, res) => {
+  // 认证逻辑
+  const key = req.headers['x-auth-key'] || '';
+  const token = req.cookies?.hotupdate_token || '';
+  if (!hotUpdateAuth.verify(key) && !hotUpdateAuth.verify(token)) {
+      return res.redirect('/hotupdateserver');
+  }
+
+  const currentConfig = JSON.stringify(global.SERVERS || SERVERS, null, 2);
+  const { version } = require('./package.json');
+
+  res.send(`<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>热更新配置 - Minecraft 机器人系统</title>
+  <style>
+      * { margin: 0; padding: 0; box-sizing: border-box; }
+      body {
+          font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
+          background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+          min-height: 100vh;
+          padding: 20px;
+          color: #333;
+      }
+      .container {
+          max-width: 1000px;
+          margin: 0 auto;
+          background: rgba(255, 255, 255, 0.95);
+          border-radius: 20px;
+          padding: 35px;
+          box-shadow: 0 20px 50px rgba(0,0,0,0.3);
+          backdrop-filter: blur(12px);
+      }
+      h1 {
+          text-align: center;
+          font-size: 2.4rem;
+          margin-bottom: 12px;
+          background: linear-gradient(90deg, #4299e1, #805ad5);
+          -webkit-background-clip: text;
+          -webkit-text-fill-color: transparent;
+      }
+      p.subtitle {
+          text-align: center;
+          color: #718096;
+          margin-bottom: 30px;
+          font-size: 1.1rem;
+      }
+      textarea {
+          width: 100%;
+          height: 520px;
+          padding: 18px;
+          font-family: 'Consolas', 'Courier New', monospace;
+          font-size: 15px;
+          line-height: 1.6;
+          border: 3px solid #e2e8f0;
+          border-radius: 14px;
+          resize: vertical;
+          background: #f8fafc;
+          transition: all 0.3s;
+      }
+      textarea:focus {
+          outline: none;
+          border-color: #4299e1;
+          box-shadow: 0 0 0 4px rgba(66, 153, 225, 0.2);
+          background: white;
+      }
+      .actions {
+          text-align: center;
+          margin: 30px 0 20px;
+      }
+      .btn {
+          padding: 16px 40px;
+          margin: 0 12px;
+          font-size: 1.2rem;
+          font-weight: bold;
+          border: none;
+          border-radius: 12px;
+          cursor: pointer;
+          transition: all 0.3s;
+          box-shadow: 0 6px 20px rgba(0,0,0,0.15);
+      }
+      .btn-apply {
+          background: #48bb78;
+          color: white;
+      }
+      .btn-apply:hover { background: #38a169; transform: translateY(-3px); }
+      .btn-logout {
+          background: #f56565;
+          color: white;
+      }
+      .btn-logout:hover { background: #e53e3e; transform: translateY(-3px); }
+      .msg {
+          margin-top: 20px;
+          padding: 16px;
+          border-radius: 12px;
+          text-align: center;
+          font-weight: 600;
+          font-size: 1.1rem;
+          display: none;
+      }
+      .success { background: #c6f6d5; color: #276749; }
+      .error { background: #fed7d7; color: #c53030; }
+      .footer {
+          text-align: center;
+          margin-top: 40px;
+          color: #a0aec0;
+          font-size: 0.95rem;
+      }
+      .footer a { color: #4299e1; text-decoration: none; }
+      .footer a:hover { text-decoration: underline; }
+  </style>
+</head>
+<body>
+<div class="container">
+  <h1>热更新服务器配置</h1>
+  <p class="subtitle">直接修改下方 JSON 配置，点击“应用并热更新”立即生效</p>
+
+  <textarea id="config" spellcheck="false">${currentConfig.replace(/</g, '&lt;')}</textarea>
+
+  <div class="actions">
+      <button class="btn btn-apply" id="apply">应用并热更新</button>
+      <button class="btn btn-logout" id="logout">退出登录</button>
+  </div>
+
+  <div id="msg" class="msg"></div>
+
+  <div class="footer">
+      Minecraft 机器人监控系统 v${version} • 
+      <a href="/" target="_blank">返回监控主页</a>
+  </div>
+</div>
+
+<script>
+function getToken() {
+  const m = document.cookie.match(/hotupdate_token=([^;]+)/);
+  return m ? decodeURIComponent(m[1]) : '';
+}
+
+document.getElementById('apply').onclick = async () => {
+  const btn = document.getElementById('apply');
+  const msg = document.getElementById('msg');
+  const text = document.getElementById('config').value;
+
+  btn.disabled = true;
+  msg.style.display = 'none';
+
+  let config;
+  try {
+      config = JSON.parse(text);
+      if (!Array.isArray(config)) throw new Error('配置必须是一个数组');
+  } catch (e) {
+      msg.textContent = 'JSON 解析失败：' + e.message;
+      msg.className = 'msg error';
+      msg.style.display = 'block';
+      btn.disabled = false;
+      return;
+  }
+
+  try {
+      const rawText = document.getElementById('config').value.trim();
+      const r = await fetch('/api/apply-new-servers', {
+          method: 'POST',
+          headers: {
+              'Content-Type': 'application/json',
+              'x-auth-key': getToken()
+          },
+          body:  rawText
+      });
+      const d = await r.json();
+
+      msg.textContent = d.success 
+          ? '配置已成功应用！所有机器人已热更新完成' 
+          : '应用失败：' + (d.message || '未知错误');
+      msg.className = 'msg ' + (d.success ? 'success' : 'error');
+  } catch (e) {
+      msg.textContent = '提交失败：' + e.message;
+      msg.className = 'msg error';
+  }
+
+  msg.style.display = 'block';
+  btn.disabled = false;
+};
+
+document.getElementById('logout').onclick = () => {
+  document.cookie = 'hotupdate_token=;path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT';
+  location.href = '/hotupdateserver';
+};
+</script>
+</body>
+</html>`);
+});
+// ==================== 4. 应用新配置接口（只认 x-auth-key）================
+this.app.post('/api/apply-new-servers', async (req, res) => {
+  const key = req.headers['x-auth-key'] || '';
+  if (!hotUpdateAuth.verify(key)) {
+      return res.status(403).json({ success: false, message: '认证失败' });
+  }
+
+  let rawJsonText = '';
+
+  // 1. text/plain 直接发原始 JSON 文本（最推荐）
+  if (typeof req.body === 'string') {
+      rawJsonText = req.body.trim();
+  }
+  // 2. application/json + { servers: [...] } 对象
+  else if (req.body && Array.isArray(req.body.servers)) {
+      rawJsonText = JSON.stringify(req.body.servers, null, 2);
+  }
+  // 3. application/json + { config: "..." } 字符串
+  else if (req.body && typeof req.body.config === 'string') {
+      rawJsonText = req.body.config.trim();
+  }
+  // 4. 直接就是数组（极少见但也支持）
+  else if (Array.isArray(req.body)) {
+      rawJsonText = JSON.stringify(req.body, null, 2);
+  }
+  else {
+      return res.status(400).json({
+          success: false,
+          message: '不支持的提交格式（请发送 JSON 文本或 {servers: [...]}）'
+      });
+  }
+
+  if (rawJsonText === '' || rawJsonText === '[]') {
+      return res.status(400).json({ success: false, message: '配置不能为空' });
+  }
+
+  // 解析并验证
+  let servers;
+  try {
+      servers = JSON.parse(rawJsonText);
+      if (!Array.isArray(servers)) throw new Error('根节点必须是数组');
+  } catch (err) {
+      return res.status(400).json({
+          success: false,
+          message: 'JSON 格式错误：' + err.message
+      });
+  }
+
+  try {
+      // 更新内存
+      SERVERS.length = 0;
+      SERVERS.push(...servers);
+
+      // 关键：同步更新环境变量原始字符串（重启后依然生效）
+      process.env.SERVERS_JSON = rawJsonText;
+
+      // 持久化到文件（双保险）
+      require('fs').writeFileSync('./servers.json', rawJsonText + '\n');
+
+      // 执行热更新
+      await hotUpdateServers();
+
+      console.log(`热更新成功！已加载 ${servers.length} 台服务器配置`);
+      res.json({ success: true, message: '热更新成功，配置已永久保存' });
+  } catch (err) {
+      console.error('热更新执行失败:', err);
+      res.status(500).json({ success: false, message: '服务器内部错误' });
+  }
+});
   }
 
   start() {
@@ -933,6 +1494,103 @@ async function initialize() {
   process.on('SIGTERM', shutdown);
 }
 
+async function hotUpdateServers() {
+  const newServers = SERVERS;
+
+  const newServerMap = new Map();
+  newServers.forEach(srv => {
+    const key = `${srv.host}:${srv.port}`;
+    newServerMap.set(key, { ...srv });
+  });
+
+  const currentManagers = new Map();
+  botManagers.forEach(manager => {
+    const key = `${manager.host}:${manager.port}`;
+    currentManagers.set(key, manager);
+  });
+
+  const toRemove = [];
+  const toAdd = [];
+
+  // 1. 处理需要删除或重建的服务器
+  for (const [key, manager] of currentManagers) {
+    const newConfig = newServerMap.get(key);
+
+    if (!newConfig) {
+      // 删除：从 globalServerStatus 中移除
+      globalServerStatus.servers.delete(key);
+      console.log(`热更新: 删除服务器 ${key}`);
+      toRemove.push(manager);
+    } else {
+      const configSame =
+        manager.minBots === newConfig.minBots &&
+        manager.maxBots === newConfig.maxBots &&
+        manager.version === newConfig.version;
+
+      if (configSame) {
+        // 完全一致：保留，并从 newServerMap 删除（避免重复创建）
+        newServerMap.delete(key);
+        // 状态保持最新（可选：刷新 lastUpdate）
+        const status = globalServerStatus.servers.get(key);
+        if (status) status.lastUpdate = Date.now();
+      } else {
+        // 配置变更：先删除旧状态，再重建
+        globalServerStatus.servers.delete(key);
+        console.log(`热更新: 重建服务器 ${key} ` +
+          `(${manager.minBots}-${manager.maxBots}@${manager.version} → ` +
+          `${newConfig.minBots}-${newConfig.maxBots}@${newConfig.version})`);
+        toRemove.push(manager);
+        toAdd.push(newConfig);
+        newServerMap.delete(key);
+      }
+    }
+  }
+
+  // 2. 处理新增的服务器
+  for (const config of newServerMap.values()) {
+    const key = `${config.host}:${config.port}`;
+    console.log(`热更新: 新增服务器 ${key} (${config.minBots}-${config.maxBots})`);
+    toAdd.push(config);
+
+    // 立即在前台状态中注册（前端马上能看到 initializing）
+    globalServerStatus.servers.set(key, {
+      host: config.host,
+      port: config.port,
+      minBots: config.minBots,
+      maxBots: config.maxBots,
+      currentBots: 0,
+      activeBots: [],
+      lastUpdate: Date.now(),
+      status: 'initializing'
+    });
+  }
+
+  // 3. 先关闭 + 移除旧的管理器
+  for (const manager of toRemove) {
+    manager.stopAllBots();
+    if (typeof manager.stopMonitoring === 'function') {
+      manager.stopMonitoring();
+    }
+    const idx = botManagers.indexOf(manager);
+    if (idx !== -1) botManagers.splice(idx, 1);
+  }
+
+  // 4. 创建新的管理器（构造函数里会自动注册到 globalServerStatus）
+  for (const config of toAdd) {
+    const newManager = new MinecraftBotManager(
+      config.host,
+      config.port,
+      config.minBots,
+      config.maxBots,
+      config.version
+    );
+    newManager.startMonitoring();
+    botManagers.push(newManager);
+  }
+
+  console.log(`热更新完成，当前运行服务器数量: ${botManagers.length}，前端状态已同步`);
+}
+
 function shutdown() {
   console.log('正在关闭系统...');