Update api.txt

api.txt

@@ -13,9 +13,65 @@ from typing import Dict
 from loguru import logger
 from starlette.responses import StreamingResponse
 import socket
+import base64
+from cryptography.fernet import Fernet
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
 
 app = FastAPI()
 
+# 加密配置
+ENCRYPTION_KEY = os.getenv('ENCRYPTION_KEY', 'default-encryption-key-change-in-production')  # 生产环境中应该使用环境变量
+SALT = b'stable_salt_123456'  # 固定salt，生产环境中应该更安全
+
+def get_encryption_key():
+    """生成加密密钥"""
+    kdf = PBKDF2HMAC(
+        algorithm=hashes.SHA256(),
+        length=32,
+        salt=SALT,
+        iterations=100000,
+    )
+    key = base64.urlsafe_b64encode(kdf.derive(ENCRYPTION_KEY.encode()))
+    return key
+
+def encrypt_data(data: str) -> str:
+    """加密数据"""
+    try:
+        key = get_encryption_key()
+        f = Fernet(key)
+        encrypted_data = f.encrypt(data.encode())
+        return base64.urlsafe_b64encode(encrypted_data).decode()
+    except Exception as e:
+        logger.error(f"加密失败: {e}")
+        return data
+
+def decrypt_data(encrypted_data: str) -> str:
+    """解密数据"""
+    try:
+        key = get_encryption_key()
+        f = Fernet(key)
+        encrypted_bytes = base64.urlsafe_b64decode(encrypted_data.encode())
+        decrypted_data = f.decrypt(encrypted_bytes)
+        return decrypted_data.decode()
+    except Exception as e:
+        logger.error(f"解密失败: {e}")
+        return encrypted_data
+
+def encrypt_json_response(data: dict) -> dict:
+    """加密JSON响应数据"""
+    try:
+        json_str = json.dumps(data, ensure_ascii=False)
+        encrypted_str = encrypt_data(json_str)
+        return {
+            "encrypted": True,
+            "data": encrypted_str,
+            "timestamp": int(time.time())
+        }
+    except Exception as e:
+        logger.error(f"加密JSON响应失败: {e}")
+        return data
+
 # 浏览器实例管理
 BROWSERS: Dict[str, dict] = {}  # {browser_id: {"process": Popen, "ws": str, "port": int, "status": str, "info": dict}}
 # 浏览器实例状态: open, closed
@@ -198,10 +254,12 @@ async def system_usage():
     """
     try:
         usage_info = get_system_usage()
-        return {"success": True, "msg": "success", "data": usage_info}
+        response_data = {"success": True, "msg": "success", "data": usage_info}
+        return encrypt_json_response(response_data)
     except Exception as e:
         logger.error(f"获取系统资源使用情况失败: {e}")
-        return {"success": False, "msg": "failed", "error": str(e)}
+        error_data = {"success": False, "msg": "failed", "error": str(e)}
+        return encrypt_json_response(error_data)
 
 
 # BitBrowser风格API
@@ -214,12 +272,13 @@ async def open_browser(request: Request):
     if browser_id in BROWSERS:
         logger.info(f"Browser ID {browser_id}: {BROWSERS[browser_id]}")
         if BROWSERS[browser_id]["status"] == "open":
-            return {
+            response_data = {
                 "success": True,
                 "msg": "already opened",
                 "data": {"id": browser_id, "ws": BROWSERS[browser_id]["ws"]},
                 "info": BROWSERS[browser_id]["info"]
             }
+            return encrypt_json_response(response_data)
         else:
             port = get_free_port()
             BROWSERS[browser_id]["port"] = port
@@ -253,7 +312,8 @@ async def open_browser(request: Request):
     proc = subprocess.Popen(args, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
     if not wait_port("127.0.0.1", port, timeout=60):
         proc.terminate()
-        return {"success": False, "msg": f"chrome端口{port}未就绪", "data": {}}
+        error_data = {"success": False, "msg": f"chrome端口{port}未就绪", "data": {}}
+        return encrypt_json_response(error_data)
     async with httpx.AsyncClient() as client:
         resp = await client.get(f"http://127.0.0.1:{port}/json/version")
         if resp.status_code == 200:
@@ -263,7 +323,8 @@ async def open_browser(request: Request):
             ws_url = re.sub(r":\d+", "", ws_url)
             logger.info(f"Browser opened with ID: {browser_id}, Info: {browser_info}")
     BROWSERS[browser_id] = {"process": proc, "ws": ws_url, "port": port, "status": "open", "info": browser_info}
-    return {"success": True, "msg": "success", "data": {"id": browser_id, "ws": ws_url}, "info": browser_info}
+    response_data = {"success": True, "msg": "success", "data": {"id": browser_id, "ws": ws_url}, "info": browser_info}
+    return encrypt_json_response(response_data)
 
 
 @app.post("/browser/close")
@@ -272,19 +333,23 @@ async def close_browser(request: Request):
     browser_id = data.get("id")
     b = BROWSERS.get(browser_id)
     if not b:
-        return {"success": False, "msg": "not found"}
+        error_data = {"success": False, "msg": "not found"}
+        return encrypt_json_response(error_data)
     b["process"].terminate()
     b["status"] = "closed"
-    return {"success": True, "msg": "closed", "data": {"id": browser_id}}
+    response_data = {"success": True, "msg": "closed", "data": {"id": browser_id}}
+    return encrypt_json_response(response_data)
 
 
+@app.post("/browser/delete")
 @app.post("/browser/delete")
 async def delete_browser(request: Request):
     data = await request.json()
     browser_id = data.get("id")
     b = BROWSERS.pop(browser_id, None)
     if not b:
-        return {"success": False, "msg": "not found"}
+        error_data = {"success": False, "msg": "not found"}
+        return encrypt_json_response(error_data)
     try:
         b["process"].terminate()
     except Exception:
@@ -294,7 +359,8 @@ async def delete_browser(request: Request):
     if os.path.exists(profile_dir):
         import shutil
         shutil.rmtree(profile_dir, ignore_errors=True)
-    return {"success": True, "msg": "deleted", "data": {"id": browser_id}}
+    response_data = {"success": True, "msg": "deleted", "data": {"id": browser_id}}
+    return encrypt_json_response(response_data)
 
 
 # @app.post("/browser/update")
@@ -316,12 +382,48 @@ async def delete_browser(request: Request):
 async def browser_ports():
     # 返回 {id: port} 格式
     data = {k: str(v["ws"]) for k, v in BROWSERS.items() if v["status"] == "open"}
-    return {"success": True, "data": data}
+    response_data = {"success": True, "data": data}
+    return encrypt_json_response(response_data)
 
 
 @app.post("/health")
 async def health():
-    return {"success": True, "msg": "ok"}
+    response_data = {"success": True, "msg": "ok"}
+    return encrypt_json_response(response_data)
+
+
+@app.post("/decrypt")
+async def decrypt_response(request: Request):
+    """
+    解密接口，用于客户端解密响应数据
+    """
+    try:
+        data = await request.json()
+        encrypted_data = data.get("data")
+        if not encrypted_data:
+            return {"success": False, "msg": "missing encrypted data"}
+        
+        decrypted_str = decrypt_data(encrypted_data)
+        decrypted_json = json.loads(decrypted_str)
+        return {"success": True, "msg": "decrypted", "data": decrypted_json}
+    except Exception as e:
+        logger.error(f"解密失败: {e}")
+        return {"success": False, "msg": "decrypt failed", "error": str(e)}
+
+
+# 添加获取加密配置的接口（仅用于开发调试）
+@app.get("/encryption/info")
+async def encryption_info():
+    """
+    返回加密相关信息（用于开发调试）
+    """
+    return {
+        "encrypted": True,
+        "algorithm": "Fernet (AES 128)",
+        "key_derivation": "PBKDF2HMAC with SHA256",
+        "iterations": 100000,
+        "info": "All JSON responses are encrypted. Use /decrypt endpoint to decrypt."
+    }
 
 
 CDP_PATHS = [