feat: add Bearer authentication to sign server requests (#2247)

* feat: add sign-server-bearer * fix: golint * fix: golint * fix: remove trimprefix --------- Co-authored-by: 源文雨 <41315874+fumiama@users.noreply.github.com>
2025-06-18 21:45:04 +08:00 · 2023-07-31 20:15:31 -07:00 · 2023-07-31 20:15:31 -07:00 · 88f5db89a8
commit 88f5db89a8
parent 7c813f8579
5 changed files with 24 additions and 2 deletions
--- a/cmd/gocq/login.go
+++ b/cmd/gocq/login.go
@ -24,6 +24,8 @@ import (
 	"github.com/tidwall/gjson"
 	"gopkg.ilharper.com/x/isatty"

+	"github.com/Mrs4s/go-cqhttp/internal/base"
+
 	"github.com/Mrs4s/go-cqhttp/global"
 	"github.com/Mrs4s/go-cqhttp/internal/base"
 	"github.com/Mrs4s/go-cqhttp/internal/download"
@ -269,13 +271,19 @@ func fetchCaptcha(id string) string {
 	return ""
 }

-func energy(uin uint64, id string, _ string, salt []byte) ([]byte, error) {
+func energy(_ uint64, id string, _ string, salt []byte) ([]byte, error) {
 	signServer := base.SignServer
 	if !strings.HasSuffix(signServer, "/") {
 		signServer += "/"
 	}
+	headers := make(map[string]string)
+	signServerBearer := base.SignServerBearer
+	if signServerBearer != "-" && signServerBearer != "" {
+		headers["Authorization"] = "Bearer " + signServerBearer
+	}
 	req := download.Request{
 		Method: http.MethodGet,
+    Header: headers,
 		URL: signServer + "custom_energy" + fmt.Sprintf("?data=%v&salt=%v&uin=%v&android_id=%v&guid=%v",
 			id, hex.EncodeToString(salt), uin, utils.B2S(device.AndroidId), hex.EncodeToString(device.Guid)),
 	}.WithTimeout(time.Duration(base.SignServerTimeout) * time.Second)
@ -337,10 +345,15 @@ func signRequset(seq uint64, uin string, cmd string, qua string, buff []byte) (s
 	if !strings.HasSuffix(signServer, "/") {
 		signServer += "/"
 	}
+	headers := map[string]string{"Content-Type": "application/x-www-form-urlencoded"}
+	signServerBearer := base.SignServerBearer
+	if signServerBearer != "-" && signServerBearer != "" {
+		headers["Authorization"] = "Bearer " + signServerBearer
+	}
 	response, err := download.Request{
 		Method: http.MethodPost,
 		URL:    signServer + "sign",
-		Header: map[string]string{"Content-Type": "application/x-www-form-urlencoded"},
+		Header: headers,
 		Body: bytes.NewReader([]byte(fmt.Sprintf("uin=%v&qua=%s&cmd=%s&seq=%v&buffer=%v&android_id=%v&guid=%v",
 			uin, qua, cmd, seq, hex.EncodeToString(buff), utils.B2S(device.AndroidId), hex.EncodeToString(device.Guid)))),
 	}.WithTimeout(time.Duration(base.SignServerTimeout) * time.Second).Bytes()
--- a/cmd/gocq/main.go
+++ b/cmd/gocq/main.go
@ -166,6 +166,9 @@ func LoginInteract() {

 	if base.SignServer != "-" && base.SignServer != "" {
 		log.Infof("使用服务器 %s 进行数据包签名", base.SignServer)
+		if base.SignServerBearer != "-" && base.SignServerBearer != "" {
+			log.Infof("使用 Bearer %s 认证签名服务器 %s ", base.SignServerBearer, base.SignServer)
+		}
 		// 等待签名服务器直到连接成功
 		if !signWaitServer() {
 			log.Fatalf("连接签名服务器失败")
--- a/internal/base/flag.go
+++ b/internal/base/flag.go
@ -39,6 +39,7 @@ var (
 	AllowTempSession    bool   // 是否允许发送临时会话信息
 	UpdateProtocol      bool   // 是否更新协议
 	SignServer          string // 使用特定的服务器进行签名
+	SignServerBearer    string // 认证签名服务器的 Bearer Token
 	Key                 string // 签名服务器密钥
 	IsBelow110          bool   // 签名服务器版本是否低于1.1.0及以下
 	HTTPTimeout         int    // download 超时时间
@ -92,6 +93,7 @@ func Init() {
 		UseSSOAddress = conf.Account.UseSSOAddress
 		AllowTempSession = conf.Account.AllowTempSession
 		SignServer = conf.Account.SignServer
+		SignServerBearer = conf.Account.SignServerBearer
 		Key = conf.Account.Key
 		IsBelow110 = conf.Account.IsBelow110
 		HTTPTimeout = conf.Message.HTTPTimeout
--- a/modules/config/config.go
+++ b/modules/config/config.go
@ -36,6 +36,7 @@ type Account struct {
 	UseSSOAddress    bool       `yaml:"use-sso-address"`
 	AllowTempSession bool       `yaml:"allow-temp-session"`
 	SignServer       string     `yaml:"sign-server"`
+	SignServerBearer string     `yaml:"sign-server-bearer"`
 	Key              string     `yaml:"key"`
 	IsBelow110       bool       `yaml:"is-below-110"`
 	AutoRegister     bool       `yaml:"auto-register"`
--- a/modules/config/default_config.yml
+++ b/modules/config/default_config.yml
@ -24,6 +24,9 @@ account: # 账号相关
  # sign-server: 'https://signserver.example.com' # 线上签名服务器
  # 服务器可使用docker在本地搭建或者使用他人开放的服务
  sign-server: '-'
+  # 签名服务器认证 Bearer Token
+  # 使用开放的服务可能需要提供此 Token 进行认证
+  sign-server-bearer: '-'
  # 如果签名服务器的版本在1.1.0及以下, 请将下面的参数改成true
  is-below-110: false
  # 签名服务器所需要的apikey, 如果签名服务器的版本在1.1.0及以下则此项无效