gardel/Mofox-Core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor telemetry client registration and heartbeat

Browse Source 
Replaces the UUID registration and heartbeat logic with a new two-step RSA-based registration process. Adds cryptographic signing of heartbeat requests using a client private key, and updates local storage keys to 'mofox_uuid' and 'mofox_private_key'. Improves error handling and response to server-side authentication failures, and updates request headers and payloads to match the new protocol.
This commit is contained in:
雅诺狐
2025-09-13 23:21:17 +08:00
parent 95fc44e067
commit 06a6c71775
1 changed files with 232 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

271
src/common/remote.py
View File

@@ -1,9 +1,13 @@
import asyncio
import base64
import json
import aiohttp
import platform
from datetime import datetime, timezone
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding, rsa
from src.common.logger import get_logger
from src.common.tcp_connector import get_tcp_connector
from src.config.config import global_config
@@ -24,9 +28,12 @@ class TelemetryHeartBeatTask(AsyncTask):
self.server_url = TELEMETRY_SERVER_URL
"""遥测服务地址"""
self.client_uuid: str | None = local_storage["mmc_uuid"] if "mmc_uuid" in local_storage else None # type: ignore
self.client_uuid: str | None = local_storage["mofox_uuid"] if "mofox_uuid" in local_storage else None # type: ignore
"""客户端UUID"""
self.private_key_pem: str | None = local_storage["mofox_private_key"] if "mofox_private_key" in local_storage else None # type: ignore
"""客户端私钥"""
self.info_dict = self._get_sys_info()
"""系统信息字典"""
@@ -36,7 +43,7 @@ class TelemetryHeartBeatTask(AsyncTask):
info_dict = {
"os_type": "Unknown",
"py_version": platform.python_version(),
"mmc_version": global_config.MMC_VERSION,
"mofox_version": global_config.MMC_VERSION,
}
match platform.system():
@@ -51,77 +58,224 @@ class TelemetryHeartBeatTask(AsyncTask):
return info_dict
def _generate_signature(self, request_body: dict) -> tuple[str, str]:
"""
生成RSA签名
Returns:
tuple[str, str]: (timestamp, signature_b64)
"""
if not self.private_key_pem:
raise ValueError("私钥未初始化")
# 生成时间戳
timestamp = datetime.now(timezone.utc).isoformat()
# 创建签名数据字符串
sign_data = f"{self.client_uuid}:{timestamp}:{json.dumps(request_body, separators=(',', ':'))}"
# 加载私钥
private_key = serialization.load_pem_private_key(
self.private_key_pem.encode('utf-8'),
password=None
)
# 确保是RSA私钥
if not isinstance(private_key, rsa.RSAPrivateKey):
raise ValueError("私钥必须是RSA格式")
# 生成签名
signature = private_key.sign(
sign_data.encode('utf-8'),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
# Base64编码
signature_b64 = base64.b64encode(signature).decode('utf-8')
return timestamp, signature_b64
def _decrypt_challenge(self, challenge_b64: str) -> str:
"""
解密挑战数据
Args:
challenge_b64: Base64编码的挑战数据
Returns:
str: 解密后的UUID字符串
"""
if not self.private_key_pem:
raise ValueError("私钥未初始化")
# 加载私钥
private_key = serialization.load_pem_private_key(
self.private_key_pem.encode('utf-8'),
password=None
)
# 确保是RSA私钥
if not isinstance(private_key, rsa.RSAPrivateKey):
raise ValueError("私钥必须是RSA格式")
# 解密挑战数据
decrypted_bytes = private_key.decrypt(
base64.b64decode(challenge_b64),
padding.OAEP(
mgf=padding.MGF1(hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
return decrypted_bytes.decode('utf-8')
async def _req_uuid(self) -> bool:
"""
向服务端请求UUID不应在已存在UUID的情况下调用会覆盖原有的UUID
向服务端请求UUID和私钥(两步注册流程
"""
if "deploy_time" not in local_storage:
logger.error("本地存储中缺少部署时间无法请求UUID")
return False
try_count: int = 0
while True:
# 如果不存在则向服务端请求一个新的UUID注册客户端
logger.info("正在向遥测服务端请求UUID...")
logger.info("正在向遥测服务端注册客户端...")
try:
async with aiohttp.ClientSession(connector=await get_tcp_connector()) as session:
# Step 1: 获取临时UUID、私钥和挑战数据
logger.debug("开始注册步骤1获取临时UUID和私钥")
async with session.post(
f"{TELEMETRY_SERVER_URL}/stat/reg_client",
json={"deploy_time": datetime.fromtimestamp(local_storage["deploy_time"], tz=timezone.utc).isoformat()},
timeout=aiohttp.ClientTimeout(total=5), # 设置超时时间为5秒
f"{TELEMETRY_SERVER_URL}/stat/reg_client_step1",
json={},
timeout=aiohttp.ClientTimeout(total=5),
) as response:
logger.debug(f"{TELEMETRY_SERVER_URL}/stat/reg_client")
logger.debug(local_storage["deploy_time"]) # type: ignore
logger.debug(f"Response status: {response.status}")
logger.debug(f"Step1 Response status: {response.status}")
if response.status != 200:
response_text = await response.text()
logger.error(
f"注册步骤1失败状态码: {response.status}, 响应内容: {response_text}"
)
raise aiohttp.ClientResponseError(
request_info=response.request_info,
history=response.history,
status=response.status,
message=f"Step1 failed: {response_text}"
)
step1_data = await response.json()
temp_uuid = step1_data.get("temp_uuid")
private_key = step1_data.get("private_key")
challenge = step1_data.get("challenge")
if not all([temp_uuid, private_key, challenge]):
logger.error("Step1响应缺少必要字段temp_uuid, private_key 或 challenge")
raise ValueError("Step1响应数据不完整")
# 临时保存私钥用于解密
self.private_key_pem = private_key
# 解密挑战数据
logger.debug("解密挑战数据...")
try:
decrypted_uuid = self._decrypt_challenge(challenge)
except Exception as e:
logger.error(f"解密挑战数据失败: {e}")
raise
# 验证解密结果
if decrypted_uuid != temp_uuid:
logger.error(f"解密结果验证失败: 期望 {temp_uuid}, 实际 {decrypted_uuid}")
raise ValueError("解密结果与临时UUID不匹配")
logger.debug("挑战数据解密成功开始注册步骤2")
# Step 2: 发送解密结果完成注册
async with session.post(
f"{TELEMETRY_SERVER_URL}/stat/reg_client_step2",
json={
"temp_uuid": temp_uuid,
"decrypted_uuid": decrypted_uuid
},
timeout=aiohttp.ClientTimeout(total=5),
) as response:
logger.debug(f"Step2 Response status: {response.status}")
if response.status == 200:
data = await response.json()
if client_id := data.get("mmc_uuid"):
# 将UUID存储到本地
local_storage["mmc_uuid"] = client_id
self.client_uuid = client_id
logger.info(f"成功获取UUID: {self.client_uuid}")
return True # 成功获取UUID返回True
step2_data = await response.json()
mofox_uuid = step2_data.get("mofox_uuid")
if mofox_uuid:
# 将正式UUID和私钥存储到本地
local_storage["mofox_uuid"] = mofox_uuid
local_storage["mofox_private_key"] = private_key
self.client_uuid = mofox_uuid
self.private_key_pem = private_key
logger.info(f"成功注册客户端UUID: {self.client_uuid}")
return True
else:
logger.error("无效的服务端响应")
logger.error("Step2响应缺少mofox_uuid字段")
raise ValueError("Step2响应数据不完整")
elif response.status in [400, 401]:
# 临时数据无效,需要重新开始
response_text = await response.text()
logger.warning(f"Step2失败临时数据无效: {response.status}, {response_text}")
raise ValueError(f"Step2失败: {response_text}")
else:
response_text = await response.text()
logger.error(
f"请求UUID失败不过你还是可以正常使用墨狐,状态码: {response.status}, 响应内容: {response_text}"
f"注册步骤2失败,状态码: {response.status}, 响应内容: {response_text}"
)
raise aiohttp.ClientResponseError(
request_info=response.request_info,
history=response.history,
status=response.status,
message=f"Step2 failed: {response_text}"
)
except Exception as e:
import traceback
error_msg = str(e) or "未知错误"
logger.warning(
f"请求UUID出错,不过你还是可以正常使用墨狐: {type(e).__name__}: {error_msg}"
) # 可能是网络问题
f"注册客户端出错,不过你还是可以正常使用墨狐: {type(e).__name__}: {error_msg}"
)
logger.debug(f"完整错误信息: {traceback.format_exc()}")
# 请求失败,重试次数+1
try_count += 1
if try_count > 3:
# 如果超过3次仍然失败则退出
logger.error("获取UUID失败,请检查网络连接或服务端状态")
logger.error("注册客户端失败,请检查网络连接或服务端状态")
return False
else:
# 如果可以重试,等待后继续(指数退避)
logger.info(f"获取UUID失败,将于 {4**try_count} 秒后重试...")
logger.info(f"注册客户端失败,将于 {4**try_count} 秒后重试...")
await asyncio.sleep(4**try_count)
async def _send_heartbeat(self):
"""向服务器发送心跳"""
if not self.client_uuid or not self.private_key_pem:
logger.error("UUID或私钥未初始化无法发送心跳")
return
try:
# 生成签名
timestamp, signature = self._generate_signature(self.info_dict)
headers = {
"Client-UUID": self.client_uuid,
"User-Agent": f"HeartbeatClient/{self.client_uuid[:8]}", # type: ignore
"X-mofox-UUID": self.client_uuid,
"X-mofox-Signature": signature,
"X-mofox-Timestamp": timestamp,
"User-Agent": f"MofoxClient/{self.client_uuid[:8]}",
"Content-Type": "application/json"
}
logger.debug(f"正在发送心跳到服务器: {self.server_url}")
logger.debug(str(headers))
logger.debug(f"Headers: {headers}")
try:
async with aiohttp.ClientSession(connector=await get_tcp_connector()) as session:
async with session.post(
f"{self.server_url}/stat/client_heartbeat",
@@ -135,31 +289,62 @@ class TelemetryHeartBeatTask(AsyncTask):
if 200 <= response.status < 300:
# 成功
logger.debug(f"心跳发送成功,状态码: {response.status}")
elif response.status == 403:
# 403 Forbidden
elif response.status == 401:
# 401 Unauthorized - 签名验证失败
logger.warning(
"此消息不会影响正常使用心跳发送失败403 Forbidden: 可能是UUID无效或未注册"
"处理措施:重置UUID,下次发送心跳时将尝试重新注册。"
"此消息不会影响正常使用心跳发送失败401 Unauthorized: 签名验证失败"
"处理措施:重置客户端信息,下次发送心跳时将尝试重新注册。"
)
self.client_uuid = None
del local_storage["mmc_uuid"] # 删除本地存储的UUID
self.private_key_pem = None
if "mofox_uuid" in local_storage:
del local_storage["mofox_uuid"]
if "mofox_private_key" in local_storage:
del local_storage["mofox_private_key"]
elif response.status == 404:
# 404 Not Found - 客户端未注册
logger.warning(
"此消息不会影响正常使用心跳发送失败404 Not Found: 客户端未注册。"
"处理措施:重置客户端信息,下次发送心跳时将尝试重新注册。"
)
self.client_uuid = None
self.private_key_pem = None
if "mofox_uuid" in local_storage:
del local_storage["mofox_uuid"]
if "mofox_private_key" in local_storage:
del local_storage["mofox_private_key"]
elif response.status == 403:
# 403 Forbidden - UUID无效或未注册
response_text = await response.text()
logger.warning(
f"此消息不会影响正常使用心跳发送失败403 Forbidden: UUID无效或未注册。"
f"响应内容: {response_text}"
"处理措施:重置客户端信息,下次发送心跳时将尝试重新注册。"
)
self.client_uuid = None
self.private_key_pem = None
if "mofox_uuid" in local_storage:
del local_storage["mofox_uuid"]
if "mofox_private_key" in local_storage:
del local_storage["mofox_private_key"]
else:
# 其他错误
response_text = await response.text()
logger.warning(
f"(此消息不会影响正常使用)状态未发送,状态码: {response.status}, 响应内容: {response_text}"
f"(此消息不会影响正常使用)心跳发送失败,状态码: {response.status}, 响应内容: {response_text}"
)
except Exception as e:
import traceback
error_msg = str(e) or "未知错误"
logger.warning(f"(此消息不会影响正常使用)状态未发生: {type(e).__name__}: {error_msg}")
logger.warning(f"(此消息不会影响正常使用)心跳发送出错: {type(e).__name__}: {error_msg}")
logger.debug(f"完整错误信息: {traceback.format_exc()}")
async def run(self):
# 发送心跳
if self.client_uuid is None and not await self._req_uuid():
logger.warning("获取UUID失败跳过此次心跳")
# 检查是否已注册
if not self.client_uuid or not self.private_key_pem:
if not await self._req_uuid():
logger.warning("客户端注册失败,跳过此次心跳")
return
await self._send_heartbeat()