From 36bb86a8f7a3db24a7fb6b08aa226a54395fa76f Mon Sep 17 00:00:00 2001 From: Jeason <1710884619@qq.com> Date: Fri, 17 Apr 2026 09:19:45 +0800 Subject: [PATCH] =?UTF-8?q?=E5=85=A8=E9=9D=A2=E4=BF=AE=E5=A4=8D:=20?= =?UTF-8?q?=E6=89=80=E6=9C=89=E5=BE=AE=E5=8D=9AAPI=E8=B0=83=E7=94=A8?= =?UTF-8?q?=E7=BB=9F=E4=B8=80=E8=B7=B3=E8=BF=87=E9=A6=96=E9=A1=B5+?= =?UTF-8?q?=E4=B8=8D=E8=B7=9F=E9=9A=8F=E9=87=8D=E5=AE=9A=E5=90=91,=20?= =?UTF-8?q?=E5=BD=BB=E5=BA=95=E8=A7=A3=E5=86=B3SSO=E8=AF=AF=E5=88=A4?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/api_service/app/routers/accounts.py | 28 +++++++++++++-------- backend/task_scheduler/app/main.py | 25 +++++++++++------- 2 files changed, 33 insertions(+), 20 deletions(-) diff --git a/backend/api_service/app/routers/accounts.py b/backend/api_service/app/routers/accounts.py index 51baece..bcacb18 100644 --- a/backend/api_service/app/routers/accounts.py +++ b/backend/api_service/app/routers/accounts.py @@ -210,14 +210,18 @@ async def _verify_weibo_cookie(cookie_str: str) -> dict: Returns {"valid": bool, "uid": str|None, "screen_name": str|None}. """ cookies = _parse_cookie_str(cookie_str) - async with httpx.AsyncClient(timeout=15, follow_redirects=True) as client: - # Step 1: check login via /ajax/side/cards + async with httpx.AsyncClient(timeout=15, follow_redirects=False) as client: + # Step 1: check login via /ajax/side/cards (不跟随重定向) resp = await client.get( "https://weibo.com/ajax/side/cards", params={"count": "1"}, - headers=WEIBO_HEADERS, + headers={**WEIBO_HEADERS, "X-Requested-With": "XMLHttpRequest"}, cookies=cookies, ) + + if resp.status_code in (301, 302): + return {"valid": False, "uid": None, "screen_name": None} + try: data = resp.json() except Exception: @@ -346,10 +350,9 @@ async def _get_super_topics(cookie_str: str, weibo_uid: str = "") -> List[dict]: cookies = _parse_cookie_str(cookie_str) topics: List[dict] = [] - async with httpx.AsyncClient(timeout=15, follow_redirects=True) as client: - # First get XSRF-TOKEN by visiting weibo.com - await client.get("https://weibo.com/", headers=WEIBO_HEADERS, cookies=cookies) - xsrf = client.cookies.get("XSRF-TOKEN", "") + async with httpx.AsyncClient(timeout=15, follow_redirects=False) as client: + # 直接请求 API,不访问首页(避免 SSO 重定向) + xsrf = cookies.get("XSRF-TOKEN", "") headers = { **WEIBO_HEADERS, @@ -414,10 +417,9 @@ async def _do_signin(cookie_str: str, topic_title: str, containerid: str) -> dic import time as _time cookies = _parse_cookie_str(cookie_str) - async with httpx.AsyncClient(timeout=15, follow_redirects=True) as client: - # Get XSRF-TOKEN - await client.get("https://weibo.com/", headers=WEIBO_HEADERS, cookies=cookies) - xsrf = client.cookies.get("XSRF-TOKEN", "") + async with httpx.AsyncClient(timeout=15, follow_redirects=False) as client: + # 直接从 Cookie 获取 XSRF,不访问首页 + xsrf = cookies.get("XSRF-TOKEN", "") headers = { **WEIBO_HEADERS, @@ -448,6 +450,10 @@ async def _do_signin(cookie_str: str, topic_title: str, containerid: str) -> dic headers=headers, cookies=cookies, ) + + if resp.status_code in (301, 302): + return {"status": "failed", "message": "签到API被重定向,Cookie可能失效"} + try: data = resp.json() except Exception: diff --git a/backend/task_scheduler/app/main.py b/backend/task_scheduler/app/main.py index 4d7b137..02afb34 100644 --- a/backend/task_scheduler/app/main.py +++ b/backend/task_scheduler/app/main.py @@ -411,7 +411,7 @@ async def _async_do_signin(account_id: str, cron_expr: str = ""): signed = already = failed = 0 log_entries = [] - async with httpx.AsyncClient(timeout=15, follow_redirects=True) as client: + async with httpx.AsyncClient(timeout=15, follow_redirects=False) as client: # 直接从 Cookie 获取 XSRF token,不访问首页 xsrf = cookies.get("XSRF-TOKEN", "") @@ -592,6 +592,11 @@ async def _do_single_signin(client, cookies: dict, topic: dict, xsrf: str) -> di }, headers=h, cookies=cookies, ) + + # 被重定向 = Cookie 失效 + if resp.status_code in (301, 302): + return {"status": "failed", "message": "签到API被重定向,Cookie可能失效"} + try: data = resp.json() except Exception: @@ -746,21 +751,23 @@ async def _build_daily_report() -> str: remain_days = (expire_dt - now).days expire_str = expire_dt.strftime("%m-%d") - # 真实 API 验证 + # 真实 API 验证(不跟随重定向,直接请求 AJAX API) real_valid = False try: - async with _httpx.AsyncClient(timeout=10, follow_redirects=True) as hc: + async with _httpx.AsyncClient(timeout=10, follow_redirects=False) as hc: vresp = await hc.get( "https://weibo.com/ajax/side/cards", params={"count": "1"}, - headers=WEIBO_HEADERS, + headers={**WEIBO_HEADERS, "X-Requested-With": "XMLHttpRequest"}, cookies=cookie_dict, ) - try: - vdata = vresp.json() - real_valid = vdata.get("ok") == 1 - except Exception: - real_valid = False + if vresp.status_code == 200: + try: + vdata = vresp.json() + real_valid = vdata.get("ok") == 1 + except Exception: + real_valid = False + # 302 = Cookie 失效 except Exception: real_valid = False