npm - atm-droid - Versions diffs - 1.0.1 → 1.0.3 - Mend

atm-droid 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/api.js +109 -20

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "atm-droid",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "ATM Token Manager CLI - 跨平台 Factory Token 管理工具",
   "main": "src/index.js",
   "bin": {

package/src/api.js CHANGED Viewed

@@ -4,19 +4,35 @@ const { config, getDeviceId } = require('./config');
 const getServerUrl = () => config.get('serverUrl');
-// 生成加密密钥（与服务器一致）
-function getEncryptionKey() {
-  const key = Buffer.alloc(32);
-  const base = Buffer.from([
-    0x4a, 0x7b, 0x2c, 0x9d, 0x1e, 0x5f, 0x8a, 0x3b,
-    0x6c, 0x0d, 0x4e, 0x9f, 0x2a, 0x7b, 0x1c, 0x5d,
-    0x8e, 0x3f, 0x6a, 0x0b, 0x4c, 0x9d, 0x2e, 0x7f,
-    0x1a, 0x5b, 0x8c, 0x3d, 0x6e, 0x0f, 0x4a, 0x9b,
-  ]);
-  for (let i = 0; i < 32; i++) {
-    key[i] = base[i] ^ ((i * 0x17) & 0xff);
+// 解密静态字节（与 Rust 客户端一致）
+function decryptStaticBytes(encrypted, keySeed) {
+  const result = [];
+  let key = keySeed;
+  for (let i = 0; i < encrypted.length; i++) {
+    const byte = encrypted[i];
+    let k1 = ((key * 0x1B) + i) & 0xff;
+    let k2 = ((k1 << 3) | (k1 >>> 5)) & 0xff; // rotate_left(3)
+    k2 = k2 ^ 0xA5;
+    const decrypted = byte ^ k2;
+    result.push(decrypted);
+    key = (((key + decrypted) & 0xff) * 0x3D) & 0xff;
   }
-  return key;
+  return Buffer.from(result);
+}
+// 加密的通信密钥（与 Rust 客户端一致）
+const ENC_COMM_KEY = Buffer.from([
+  0x11, 0x18, 0xFC, 0x4A, 0xF9, 0xB8, 0x1A, 0x9C,
+  0x4F, 0xA4, 0xD1, 0x44, 0x47, 0xE5, 0x03, 0x57,
+  0xA3, 0x2B, 0x8E, 0x38, 0x3B, 0x99, 0x8F, 0x8C,
+  0x2B, 0x91, 0x60, 0xC1, 0x15, 0x07, 0x21, 0x53,
+]);
+// 生成加密密钥（与客户端一致）
+function getEncryptionKey() {
+  return decryptStaticBytes(ENC_COMM_KEY, 0x8D);
 }
 // 生成签名
@@ -28,6 +44,40 @@ function generateSignature(data, timestamp, deviceId) {
   return hmac.digest('hex');
 }
+// 解密服务器返回的数据（返回字符串）
+function decryptPayload(encryptedData, ivHex, tagHex) {
+  try {
+    const key = getEncryptionKey();
+    const iv = Buffer.from(ivHex, 'hex');
+    const tag = Buffer.from(tagHex, 'hex');
+    const encrypted = Buffer.from(encryptedData, 'hex');
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+    decipher.setAuthTag(tag);
+    let decrypted = decipher.update(encrypted, null, 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+  } catch (e) {
+    console.error('解密失败:', e.message);
+    return null;
+  }
+}
+// 解密服务器返回的 JSON 数据
+function decryptPayloadJson(encryptedData, ivHex, tagHex) {
+  const decrypted = decryptPayload(encryptedData, ivHex, tagHex);
+  if (decrypted) {
+    try {
+      return JSON.parse(decrypted);
+    } catch (e) {
+      return null;
+    }
+  }
+  return null;
+}
 // 激活码登录
 async function activate(code) {
   const deviceId = getDeviceId();
@@ -51,19 +101,27 @@ async function getTokens() {
     throw new Error('未登录');
   }
+  const timestamp = Math.floor(Date.now() / 1000);
+  const signature = generateSignature(sessionToken, timestamp, deviceId);
   const response = await fetch(`${getServerUrl()}/api/v1/tokens`, {
     headers: {
       'Authorization': `Bearer ${sessionToken}`,
-      'X-Device-ID': deviceId
+      'X-Device-ID': deviceId,
+      'X-Timestamp': timestamp.toString(),
+      'X-Signature': signature
     }
   });
   const result = await response.json();
   // 如果返回加密数据，需要解密
-  if (result.success && result.data && result.iv) {
-    // 简化版：假设服务器返回明文（或添加解密逻辑）
-    return result;
+  if (result.success && result.data && result.iv && result.tag) {
+    const decrypted = decryptPayloadJson(result.data, result.iv, result.tag);
+    if (decrypted) {
+      return { success: true, data: decrypted };
+    }
+    return { success: false, error: '解密失败' };
   }
   return result;
@@ -73,18 +131,40 @@ async function getTokens() {
 async function activateToken(tokenId) {
   const sessionToken = config.get('sessionToken');
   const deviceId = getDeviceId();
+  const timestamp = Math.floor(Date.now() / 1000);
+  const signature = generateSignature(sessionToken, timestamp, deviceId);
   const response = await fetch(`${getServerUrl()}/api/v1/tokens/activate`, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
       'Authorization': `Bearer ${sessionToken}`,
-      'X-Device-ID': deviceId
+      'X-Device-ID': deviceId,
+      'X-Timestamp': timestamp.toString(),
+      'X-Signature': signature
     },
     body: JSON.stringify({ token_id: tokenId })
   });
-  return response.json();
+  const result = await response.json();
+  // 解密 access_token 和 refresh_token
+  if (result.success && result.access_token && result.access_iv && result.access_tag) {
+    const accessToken = decryptPayload(result.access_token, result.access_iv, result.access_tag);
+    const refreshToken = decryptPayload(result.refresh_token, result.refresh_iv, result.refresh_tag);
+    if (accessToken && refreshToken) {
+      return {
+        success: true,
+        email: result.email,
+        access_token: accessToken,
+        refresh_token: refreshToken
+      };
+    }
+    return { success: false, error: '解密失败' };
+  }
+  return result;
 }
 // 心跳
@@ -94,12 +174,17 @@ async function heartbeat() {
   if (!sessionToken) return { valid: false };
+  const timestamp = Math.floor(Date.now() / 1000);
+  const signature = generateSignature(sessionToken, timestamp, deviceId);
   const response = await fetch(`${getServerUrl()}/api/v1/auth/heartbeat`, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
       'Authorization': `Bearer ${sessionToken}`,
-      'X-Device-ID': deviceId
+      'X-Device-ID': deviceId,
+      'X-Timestamp': timestamp.toString(),
+      'X-Signature': signature
     }
   });
@@ -110,13 +195,17 @@ async function heartbeat() {
 async function unbind() {
   const sessionToken = config.get('sessionToken');
   const deviceId = getDeviceId();
+  const timestamp = Math.floor(Date.now() / 1000);
+  const signature = generateSignature(sessionToken, timestamp, deviceId);
   const response = await fetch(`${getServerUrl()}/api/v1/auth/unbind`, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
       'Authorization': `Bearer ${sessionToken}`,
-      'X-Device-ID': deviceId
+      'X-Device-ID': deviceId,
+      'X-Timestamp': timestamp.toString(),
+      'X-Signature': signature
     }
   });