atm-droid 1.0.2 → 1.0.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "atm-droid",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "ATM Token Manager CLI - 跨平台 Factory Token 管理工具",
   "main": "src/index.js",
   "bin": {

package/src/api.js

@@ -4,19 +4,35 @@ const { config, getDeviceId } = require('./config');
 
 const getServerUrl = () => config.get('serverUrl');
 
-// 生成加密密钥（与服务器一致）
-function getEncryptionKey() {
-  const key = Buffer.alloc(32);
-  const base = Buffer.from([
-    0x4a, 0x7b, 0x2c, 0x9d, 0x1e, 0x5f, 0x8a, 0x3b,
-    0x6c, 0x0d, 0x4e, 0x9f, 0x2a, 0x7b, 0x1c, 0x5d,
-    0x8e, 0x3f, 0x6a, 0x0b, 0x4c, 0x9d, 0x2e, 0x7f,
-    0x1a, 0x5b, 0x8c, 0x3d, 0x6e, 0x0f, 0x4a, 0x9b,
-  ]);
-  for (let i = 0; i < 32; i++) {
-    key[i] = base[i] ^ ((i * 0x17) & 0xff);
+// 解密静态字节（与 Rust 客户端一致）
+function decryptStaticBytes(encrypted, keySeed) {
+  const result = [];
+  let key = keySeed;
+  
+  for (let i = 0; i < encrypted.length; i++) {
+    const byte = encrypted[i];
+    let k1 = ((key * 0x1B) + i) & 0xff;
+    let k2 = ((k1 << 3) | (k1 >>> 5)) & 0xff; // rotate_left(3)
+    k2 = k2 ^ 0xA5;
+    const decrypted = byte ^ k2;
+    result.push(decrypted);
+    key = (((key + decrypted) & 0xff) * 0x3D) & 0xff;
   }
-  return key;
+  
+  return Buffer.from(result);
+}
+
+// 加密的通信密钥（与 Rust 客户端一致）
+const ENC_COMM_KEY = Buffer.from([
+  0x11, 0x18, 0xFC, 0x4A, 0xF9, 0xB8, 0x1A, 0x9C,
+  0x4F, 0xA4, 0xD1, 0x44, 0x47, 0xE5, 0x03, 0x57,
+  0xA3, 0x2B, 0x8E, 0x38, 0x3B, 0x99, 0x8F, 0x8C,
+  0x2B, 0x91, 0x60, 0xC1, 0x15, 0x07, 0x21, 0x53,
+]);
+
+// 生成加密密钥（与客户端一致）
+function getEncryptionKey() {
+  return decryptStaticBytes(ENC_COMM_KEY, 0x8D);
 }
 
 // 生成签名
@@ -28,7 +44,7 @@ function generateSignature(data, timestamp, deviceId) {
   return hmac.digest('hex');
 }
 
-// 解密服务器返回的数据
+// 解密服务器返回的数据（返回字符串）
 function decryptPayload(encryptedData, ivHex, tagHex) {
   try {
     const key = getEncryptionKey();
@@ -42,13 +58,26 @@ function decryptPayload(encryptedData, ivHex, tagHex) {
     let decrypted = decipher.update(encrypted, null, 'utf8');
     decrypted += decipher.final('utf8');
     
-    return JSON.parse(decrypted);
+    return decrypted;
   } catch (e) {
     console.error('解密失败:', e.message);
     return null;
   }
 }
 
+// 解密服务器返回的 JSON 数据
+function decryptPayloadJson(encryptedData, ivHex, tagHex) {
+  const decrypted = decryptPayload(encryptedData, ivHex, tagHex);
+  if (decrypted) {
+    try {
+      return JSON.parse(decrypted);
+    } catch (e) {
+      return null;
+    }
+  }
+  return null;
+}
+
 // 激活码登录
 async function activate(code) {
   const deviceId = getDeviceId();
@@ -88,7 +117,7 @@ async function getTokens() {
   
   // 如果返回加密数据，需要解密
   if (result.success && result.data && result.iv && result.tag) {
-    const decrypted = decryptPayload(result.data, result.iv, result.tag);
+    const decrypted = decryptPayloadJson(result.data, result.iv, result.tag);
     if (decrypted) {
       return { success: true, data: decrypted };
     }
@@ -117,7 +146,25 @@ async function activateToken(tokenId) {
     body: JSON.stringify({ token_id: tokenId })
   });
   
-  return response.json();
+  const result = await response.json();
+  
+  // 解密 access_token 和 refresh_token
+  if (result.success && result.access_token && result.access_iv && result.access_tag) {
+    const accessToken = decryptPayload(result.access_token, result.access_iv, result.access_tag);
+    const refreshToken = decryptPayload(result.refresh_token, result.refresh_iv, result.refresh_tag);
+    
+    if (accessToken && refreshToken) {
+      return {
+        success: true,
+        email: result.email,
+        access_token: accessToken,
+        refresh_token: refreshToken
+      };
+    }
+    return { success: false, error: '解密失败' };
+  }
+  
+  return result;
 }
 
 // 心跳