atm-droid 1.0.1 → 1.0.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "atm-droid",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "ATM Token Manager CLI - 跨平台 Factory Token 管理工具",
   "main": "src/index.js",
   "bin": {

package/src/api.js

@@ -28,6 +28,27 @@ function generateSignature(data, timestamp, deviceId) {
   return hmac.digest('hex');
 }
 
+// 解密服务器返回的数据
+function decryptPayload(encryptedData, ivHex, tagHex) {
+  try {
+    const key = getEncryptionKey();
+    const iv = Buffer.from(ivHex, 'hex');
+    const tag = Buffer.from(tagHex, 'hex');
+    const encrypted = Buffer.from(encryptedData, 'hex');
+    
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+    decipher.setAuthTag(tag);
+    
+    let decrypted = decipher.update(encrypted, null, 'utf8');
+    decrypted += decipher.final('utf8');
+    
+    return JSON.parse(decrypted);
+  } catch (e) {
+    console.error('解密失败:', e.message);
+    return null;
+  }
+}
+
 // 激活码登录
 async function activate(code) {
   const deviceId = getDeviceId();
@@ -51,19 +72,27 @@ async function getTokens() {
     throw new Error('未登录');
   }
   
+  const timestamp = Math.floor(Date.now() / 1000);
+  const signature = generateSignature(sessionToken, timestamp, deviceId);
+  
   const response = await fetch(`${getServerUrl()}/api/v1/tokens`, {
     headers: {
       'Authorization': `Bearer ${sessionToken}`,
-      'X-Device-ID': deviceId
+      'X-Device-ID': deviceId,
+      'X-Timestamp': timestamp.toString(),
+      'X-Signature': signature
     }
   });
   
   const result = await response.json();
   
   // 如果返回加密数据，需要解密
-  if (result.success && result.data && result.iv) {
-    // 简化版：假设服务器返回明文（或添加解密逻辑）
-    return result;
+  if (result.success && result.data && result.iv && result.tag) {
+    const decrypted = decryptPayload(result.data, result.iv, result.tag);
+    if (decrypted) {
+      return { success: true, data: decrypted };
+    }
+    return { success: false, error: '解密失败' };
   }
   
   return result;
@@ -73,13 +102,17 @@ async function getTokens() {
 async function activateToken(tokenId) {
   const sessionToken = config.get('sessionToken');
   const deviceId = getDeviceId();
+  const timestamp = Math.floor(Date.now() / 1000);
+  const signature = generateSignature(sessionToken, timestamp, deviceId);
   
   const response = await fetch(`${getServerUrl()}/api/v1/tokens/activate`, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
       'Authorization': `Bearer ${sessionToken}`,
-      'X-Device-ID': deviceId
+      'X-Device-ID': deviceId,
+      'X-Timestamp': timestamp.toString(),
+      'X-Signature': signature
     },
     body: JSON.stringify({ token_id: tokenId })
   });
@@ -94,12 +127,17 @@ async function heartbeat() {
   
   if (!sessionToken) return { valid: false };
   
+  const timestamp = Math.floor(Date.now() / 1000);
+  const signature = generateSignature(sessionToken, timestamp, deviceId);
+  
   const response = await fetch(`${getServerUrl()}/api/v1/auth/heartbeat`, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
       'Authorization': `Bearer ${sessionToken}`,
-      'X-Device-ID': deviceId
+      'X-Device-ID': deviceId,
+      'X-Timestamp': timestamp.toString(),
+      'X-Signature': signature
     }
   });
   
@@ -110,13 +148,17 @@ async function heartbeat() {
 async function unbind() {
   const sessionToken = config.get('sessionToken');
   const deviceId = getDeviceId();
+  const timestamp = Math.floor(Date.now() / 1000);
+  const signature = generateSignature(sessionToken, timestamp, deviceId);
   
   const response = await fetch(`${getServerUrl()}/api/v1/auth/unbind`, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
       'Authorization': `Bearer ${sessionToken}`,
-      'X-Device-ID': deviceId
+      'X-Device-ID': deviceId,
+      'X-Timestamp': timestamp.toString(),
+      'X-Signature': signature
     }
   });