520kiss/xianyan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d39792d5cb1c6bffebbb1e345cdf8fb411435fd3
xianyan/scripts/account_insights_full_test.py
Developer fed86c0375 迁移
2026-05-21 04:27:21 +08:00

750 lines
28 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
============================================================
闲言APP — 账户洞察全流程接口验证脚本
创建时间: 2026-05-21
更新时间: 2026-05-21
作用: 根据API文档全流程验证接口列出可洞察问题
分析本地计算是否有误,最后使用注销接口申请注销用户
运行: python Scripts/account_insights_full_test.py
============================================================
"""
import hashlib
import hmac
import json
import base64
import os
import time
import sys
try:
import requests
except ImportError:
print("❌ 缺少 requests 库,请安装: pip install requests")
sys.exit(1)
BASE = "https://tools.wktyl.com"
SECRET = "Xy7kP9mL2qR4wS8v"
TEST_ACCOUNT = "apitest_user"
TEST_PASSWORD = "123456"
TEST_EMAIL = "test@example.com"
pass_count = 0
fail_count = 0
token = None
user_id = None
user_data = None
def result(name, ok, detail=""):
global pass_count, fail_count
icon = "" if ok else ""
status = "PASS" if ok else "FAIL"
if ok:
pass_count += 1
else:
fail_count += 1
msg = f"{icon} [{status}] {name}"
if detail:
msg += f"{detail}"
print(msg)
def make_receipt(action, payload_str):
data = {
"action": action,
"payload": hashlib.sha256(payload_str.encode()).hexdigest()[:16],
"ts": int(time.time()),
"nonce": os.urandom(4).hex(),
}
receipt = base64.b64encode(json.dumps(data, ensure_ascii=False).encode()).decode()
sig = hmac.new(SECRET.encode(), receipt.encode(), hashlib.sha256).hexdigest()
return {"receipt": receipt, "sig": sig}
def api_headers():
h = {"Content-Type": "application/x-www-form-urlencoded"}
if token:
h["token"] = token
return h
# ============================================================
# 测试0: 注册测试账号(如不存在)
# ============================================================
def test_register():
global token, user_id
print("\n📝 === 测试0: 注册测试账号 ===")
rcpt = make_receipt("register", TEST_EMAIL)
try:
r = requests.post(f"{BASE}/api/user_security/register", data={
"username": TEST_ACCOUNT,
"password": TEST_PASSWORD,
"email": TEST_EMAIL,
"receipt": rcpt["receipt"],
"sig": rcpt["sig"],
}, timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
userinfo = data.get("userinfo", {})
user_id = userinfo.get("id")
result("注册测试账号", True, f"uid={user_id}")
else:
msg = resp.get("msg", "")
if "已被注册" in msg or "已存在" in msg:
result("注册测试账号-已存在", True, f"msg={msg} → 尝试登录")
else:
result("注册测试账号", False, f"code={code}, msg={msg}")
except Exception as e:
result("注册测试账号", False, str(e))
# ============================================================
# 测试1: 登录
# ============================================================
def test_login():
global token, user_id
print("\n🔑 === 测试1: 账号密码登录 ===")
try:
r = requests.post(f"{BASE}/api/user_security/login", data={
"account": TEST_ACCOUNT,
"password": TEST_PASSWORD,
"device_name": "测试脚本",
"device_model": "Python Script",
"platform": "web",
"app_name": "闲言工具箱验证脚本",
}, timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
userinfo = data.get("userinfo", {})
token_val = userinfo.get("token") or resp.headers.get("__token__")
user_id = userinfo.get("id")
if token_val:
token = token_val
result("登录获取Token", True, f"uid={user_id}, token={token[:20]}...")
else:
result("登录获取Token", False, "Token为空尝试从Header获取")
token_val = r.headers.get("__token__")
if token_val:
token = token_val
result("从Header获取Token", True, f"token={token[:20]}...")
else:
result("获取Token", False, "所有方式均无法获取Token")
else:
result("登录获取Token", False, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("登录获取Token", False, str(e))
# ============================================================
# 测试2: 获取用户信息
# ============================================================
def test_user_info():
global user_data
print("\n👤 === 测试2: 获取用户信息 (洞察数据源) ===")
if not token:
result("获取用户信息", False, "无Token跳过")
return
try:
r = requests.get(f"{BASE}/api/user_center/index", headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
user_data = data
result("用户信息-基本字段", data.get("id") is not None,
f"id={data.get('id')}, username={data.get('username')}, nickname={data.get('nickname')}")
extra = data.get("extra", {})
sec_q = extra.get("sec_question")
result("用户信息-密保问题", sec_q is not None,
f"sec_question={sec_q}")
verification = extra.get("verification", {})
result("用户信息-验证状态", verification is not None,
f"email={verification.get('email')}, mobile={verification.get('mobile')}")
devices = data.get("devices", [])
result("用户信息-设备列表", devices is not None,
f"设备数量: {len(devices) if devices else 0}")
vip = data.get("vip", {})
result("用户信息-VIP信息", vip is not None,
f"is_vip={vip.get('is_vip')}")
cloud = data.get("cloud_space", {})
result("用户信息-云空间", cloud is not None,
f"used={cloud.get('used_human')}, total={cloud.get('total_human')}")
is_online = data.get("is_online")
result("用户信息-在线状态", is_online is not None,
f"is_online={is_online}")
if devices and len(devices) > 0:
d = devices[0]
result("设备信息-IP字段", d.get("ip") is not None,
f"ip={d.get('ip')}, ip_city={d.get('ip_city')}")
result("设备信息-平台字段", d.get("platform") is not None,
f"platform={d.get('platform')}, model={d.get('device_model')}")
else:
result("获取用户信息", False, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("获取用户信息", False, str(e))
# ============================================================
# 测试3: 设备列表
# ============================================================
def test_device_list():
print("\n📱 === 测试3: 设备列表查询 ===")
if not token:
result("设备列表查询", False, "无Token跳过")
return
try:
r = requests.post(f"{BASE}/api/user_center/devices", data={"action": "list"},
headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
devices = data.get("devices", [])
result("设备列表查询", devices is not None,
f"设备数量: {len(devices) if devices else 0}")
if devices:
for i, d in enumerate(devices):
print(f" 设备{i+1}: {d.get('device_model')} | {d.get('platform')} | "
f"IP:{d.get('ip')} | {d.get('ip_city')} | {d.get('last_active_text')}")
else:
result("设备列表查询", False, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("设备列表查询", False, str(e))
# ============================================================
# 测试4: 注册设备
# ============================================================
def test_register_device():
print("\n📲 === 测试4: 注册/更新设备 ===")
if not token:
result("注册设备", False, "无Token跳过")
return
try:
r = requests.post(f"{BASE}/api/user_center/registerDevice", data={
"device_name": "验证脚本设备",
"device_model": "Python Test",
"platform": "web",
"app_name": "闲言工具箱",
"device_id": "test-script-device-001",
"ip_city": "测试城市",
"ip_range": "192.168.0.0 - 192.168.255.255",
}, headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
result("注册设备", code == 1, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("注册设备", False, str(e))
# ============================================================
# 测试5: IP归属地查询
# ============================================================
def test_ip_query():
print("\n🌐 === 测试5: IP归属地查询 ===")
try:
r = requests.post(f"{BASE}/api/webapi/ip", timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
result("IP归属地查询-本机", data is not None,
f"ip={data.get('domain')}, city={data.get('city')}, fw={data.get('fw')}")
else:
result("IP归属地查询-本机", False, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("IP归属地查询-本机", False, str(e))
try:
r = requests.post(f"{BASE}/api/webapi/ip", data={"ip": "8.8.8.8"}, timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
result("IP归属地查询-指定IP", data is not None,
f"ip={data.get('domain')}, city={data.get('city')}")
else:
result("IP归属地查询-指定IP", False, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("IP归属地查询-指定IP", False, str(e))
# ============================================================
# 测试6: 密保问题列表
# ============================================================
def test_sec_questions():
print("\n🔐 === 测试6: 密保问题列表 ===")
try:
r = requests.get(f"{BASE}/api/user_security/secQuestions", timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
questions = data.get("questions", [])
result("密保问题列表", len(questions) > 0,
f"问题数量: {len(questions)}")
for q in questions:
print(f" {q.get('id')}. {q.get('question')}")
else:
result("密保问题列表", False, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("密保问题列表", False, str(e))
# ============================================================
# 测试7: 数据面板
# ============================================================
def test_dashboard():
print("\n📊 === 测试7: 数据面板 ===")
if not token:
result("数据面板", False, "无Token跳过")
return
try:
r = requests.get(f"{BASE}/api/user_center/dashboard", headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
result("数据面板", data is not None,
f"score={data.get('score')}, signin_days={data.get('signin_days')}, "
f"favorite_count={data.get('favorite_count')}, note_count={data.get('note_count')}")
else:
result("数据面板", False, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("数据面板", False, str(e))
# ============================================================
# 测试8: 签到
# ============================================================
def test_signin():
print("\n✅ === 测试8: 每日签到 ===")
if not token:
result("每日签到", False, "无Token跳过")
return
try:
r = requests.post(f"{BASE}/api/user_center/signin", headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
result("每日签到", code == 1 or "已签到" in resp.get("msg", ""),
f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("每日签到", False, str(e))
# ============================================================
# 测试9: 互动操作
# ============================================================
def test_interaction():
print("\n🔄 === 测试9: 互动操作 ===")
if not token:
result("互动操作", False, "无Token跳过")
return
try:
r = requests.post(f"{BASE}/api/user_center/interaction", data={
"action": "view",
"target_id": 1,
"target_type": "poetry",
}, headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
result("互动-浏览记录", code == 1, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("互动-浏览记录", False, str(e))
try:
r = requests.post(f"{BASE}/api/user_center/interaction", data={
"action": "counts",
}, headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
result("互动-统计查询", code == 1, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("互动-统计查询", False, str(e))
# ============================================================
# 测试10: 收藏操作
# ============================================================
def test_favorite():
print("\n⭐ === 测试10: 收藏操作 ===")
if not token:
result("收藏操作", False, "无Token跳过")
return
try:
r = requests.post(f"{BASE}/api/user_center/favorite", data={
"action": "count",
}, headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
result("收藏统计", code == 1, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("收藏统计", False, str(e))
# ============================================================
# 测试11: 修改个人信息
# ============================================================
def test_profile():
print("\n📝 === 测试11: 修改个人信息 ===")
if not token:
result("修改个人信息", False, "无Token跳过")
return
try:
r = requests.post(f"{BASE}/api/user_center/profile", data={
"bio": "API验证脚本测试 - " + time.strftime("%H:%M:%S"),
}, headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
result("修改个人信息", code == 1, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("修改个人信息", False, str(e))
# ============================================================
# 测试12: 回执登录
# ============================================================
def test_receipt_login():
print("\n🔑 === 测试12: 回执登录 ===")
try:
rcpt = make_receipt("receipt_login", TEST_ACCOUNT)
r = requests.post(f"{BASE}/api/user_security/receiptLogin", data={
"account": TEST_ACCOUNT,
"receipt": rcpt["receipt"],
"sig": rcpt["sig"],
"platform": "web",
"device_name": "回执登录测试",
}, timeout=15)
resp = r.json()
code = resp.get("code")
result("回执登录", code == 1, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("回执登录", False, str(e))
# ============================================================
# 测试13: Token登录
# ============================================================
def test_token_login():
print("\n🔑 === 测试13: Token登录 ===")
if not token:
result("Token登录", False, "无Token跳过")
return
try:
r = requests.post(f"{BASE}/api/user_security/tokenLogin", data={
"token": token,
}, timeout=15)
resp = r.json()
code = resp.get("code")
result("Token登录", code == 1, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("Token登录", False, str(e))
# ============================================================
# 测试14: 注销状态查询
# ============================================================
def test_deletion_status():
print("\n🗑️ === 测试14: 注销状态查询 ===")
if not token:
result("注销状态查询", False, "无Token跳过")
return
try:
r = requests.get(f"{BASE}/api/user_security/deletionStatus",
headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
has_pending = data.get("has_pending", False)
result("注销状态查询", True, f"has_pending={has_pending}")
if has_pending:
print(f" ⚠️ 已有注销申请: status={data.get('status_text')}, "
f"countdown={data.get('countdown')}")
else:
result("注销状态查询", False, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("注销状态查询", False, str(e))
# ============================================================
# 测试15: 站点统计 (无需登录)
# ============================================================
def test_stats():
print("\n📊 === 测试15: 站点统计接口 ===")
try:
r = requests.get(f"{BASE}/api/webapi/stats_overview", timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
user_total = data.get("user", {}).get("total")
result("站点统计概览", data is not None,
f"总用户={user_total}")
else:
result("站点统计概览", False, f"code={code}")
except Exception as e:
result("站点统计概览", False, str(e))
try:
r = requests.get(f"{BASE}/api/statistics/overview", timeout=15)
resp = r.json()
code = resp.get("code")
result("Statistics概览", code == 1, f"code={code}")
except Exception as e:
result("Statistics概览", False, str(e))
# ============================================================
# 测试16: 运势接口
# ============================================================
def test_fortune():
print("\n🔮 === 测试16: 每日运势接口 ===")
if not user_id:
result("每日运势", False, "无用户ID跳过")
return
try:
r = requests.get(f"{BASE}/api/fortune/daily", params={
"uid": str(user_id),
}, timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
result("每日运势", data is not None,
f"level={data.get('fortune_level')}, score={data.get('fortune_score')}")
else:
result("每日运势", False, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("每日运势", False, str(e))
# ============================================================
# 测试17: 申请注销用户
# ============================================================
def test_request_deletion():
print("\n🚨 === 测试17: 申请注销用户 ===")
if not token:
result("申请注销", False, "无Token跳过")
return
if not user_id:
result("申请注销", False, "无用户ID跳过")
return
try:
rcpt = make_receipt("delete_account", str(user_id))
r = requests.post(f"{BASE}/api/user_security/requestDeletion", data={
"reason": "API验证脚本自动测试注销流程",
"receipt": rcpt["receipt"],
"sig": rcpt["sig"],
}, headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
if code == 1:
data = resp.get("data", {})
result("申请注销", True,
f"status={data.get('status_text')}, countdown={data.get('countdown')}, "
f"auto_delete={data.get('auto_delete_time_text')}")
else:
msg = resp.get("msg", "")
if "已存在" in msg:
result("申请注销-已有申请", True, f"msg={msg} (已有待审核注销申请)")
else:
result("申请注销", False, f"code={code}, msg={msg}")
except Exception as e:
result("申请注销", False, str(e))
# ============================================================
# 测试18: 退出登录
# ============================================================
def test_logout():
print("\n🚪 === 测试18: 退出登录 ===")
if not token:
result("退出登录", False, "无Token跳过")
return
try:
r = requests.post(f"{BASE}/api/user_security/logout",
headers=api_headers(), timeout=15)
resp = r.json()
code = resp.get("code")
result("退出登录", code == 1, f"code={code}, msg={resp.get('msg')}")
except Exception as e:
result("退出登录", False, str(e))
# ============================================================
# 洞察分析
# ============================================================
def analyze_insights():
print("\n" + "=" * 60)
print("🧠 本地计算逻辑分析 & 可洞察问题")
print("=" * 60)
if not user_data:
print(" ⚠️ 无用户数据,跳过分析")
return
extra = user_data.get("extra", {})
sec_q = extra.get("sec_question")
last_signin = extra.get("last_signin_date")
devices = user_data.get("devices", [])
verification = extra.get("verification", {})
print("\n📋 可洞察问题列表:")
print("-" * 40)
# 1. 密保问题
if sec_q is None or sec_q == 0 or (isinstance(sec_q, dict) and sec_q.get("question_id", 0) == 0):
print(" 🔒 [高] 密保问题未设置 → 应触发'密保问题未设置'通知")
else:
print(f" ✅ 密保问题已设置 (sec_question={sec_q}) → 无需通知")
# 2. 长期未活跃
if last_signin and isinstance(last_signin, str) and last_signin:
try:
last_date = __import__("datetime").datetime.strptime(last_signin, "%Y-%m-%d")
diff = (__import__("datetime").datetime.now() - last_date).days
if diff > 30:
print(f" ⏰ [中] 长期未活跃 ({diff}天) → 应触发'长期未活跃'通知")
else:
print(f" ✅ 最近活跃 ({diff}天前) → 无需通知")
except ValueError:
print(f" ⚠️ 最后签到日期格式异常: {last_signin}")
# 3. 新设备检测
if devices and len(devices) > 1:
print(f" 📱 [高] 多设备登录 ({len(devices)}台) → 可检测新设备")
models = set()
for d in devices:
m = d.get("device_model", "")
if m:
models.add(m)
if len(models) > 1:
print(f" → 检测到{len(models)}种不同设备型号")
elif devices and len(devices) == 1:
print(f" ✅ 单设备登录 → 无新设备风险")
# 4. IP异常
if devices:
ips = set()
cities = set()
for d in devices:
ip = d.get("ip", "")
city = d.get("ip_city", "")
if ip:
ips.add(ip)
if city:
cities.add(city)
if len(ips) > 1:
print(f" 🌐 [高] 多IP登录 ({len(ips)}个不同IP) → 可检测IP异常")
for d in devices:
print(f"{d.get('device_model')}: IP={d.get('ip')}, 城市={d.get('ip_city')}")
else:
print(f" ✅ 单IP登录 → 无IP异常")
# 5. 邮箱/手机验证
if verification:
email_verified = verification.get("email", 0)
mobile_verified = verification.get("mobile", 0)
if not email_verified:
print(" 📧 [中] 邮箱未验证 → 建议验证邮箱")
if not mobile_verified:
print(" 📱 [中] 手机未验证 → 建议验证手机号")
# 6. 密码变更
print(" ⚠️ [高] 密码变更检测: 当前API不返回 password_changed_at 字段")
print(" → 需要后端在 user_center/index 返回中增加此字段")
print(" → 当前本地计算假设 userData 中有此字段,实际为空则不会触发")
# 7. 2FA预告
print(" 🛡️ [低] 2FA预告: 纯本地静态通知无需API数据 → 逻辑正确")
# 8. 安全建议
print(" 💡 [低] 安全建议: 纯本地静态通知无需API数据 → 逻辑正确")
print("\n" + "-" * 40)
print("📊 本地计算逻辑准确性评估:")
print("-" * 40)
checks = [
("密保问题检测", True, "使用 extra.sec_question 字段,==0 触发 → 正确"),
("新设备检测", True, "对比 KV Store 缓存的 last_login_device → 正确"),
("IP异常检测", True, "对比 KV Store 缓存的 last_login_ip → 正确"),
("长期未活跃", True, "对比 KV Store 缓存的 last_login_time>30天触发 → 正确"),
("密码变更检测", False, "API不返回 password_changed_at → 本地无法计算,需后端支持"),
("2FA预告", True, "纯静态通知 → 正确"),
("安全建议", True, "纯静态通知 → 正确"),
]
for name, ok, desc in checks:
icon = "" if ok else "⚠️"
print(f" {icon} {name}: {desc}")
total_ok = sum(1 for _, ok, _ in checks if ok)
print(f"\n 📈 准确率: {total_ok}/{len(checks)} ({total_ok*100//len(checks)}%)")
def print_summary():
print("\n" + "=" * 60)
print("📋 测试总结")
print("=" * 60)
print(f" ✅ 通过: {pass_count}")
print(f" ❌ 失败: {fail_count}")
print(f" 📊 总计: {pass_count + fail_count}")
if fail_count == 0:
print(" 🎉 全部通过!")
else:
print(f" ⚠️ 有 {fail_count} 项失败,请检查")
def main():
print("🛡️ 闲言APP — 账户洞察全流程接口验证脚本")
print(f"📅 {time.strftime('%Y-%m-%d %H:%M:%S')}")
print(f"🔗 API: {BASE}")
print(f"👤 测试账号: {TEST_ACCOUNT}")
print("=" * 60)
test_register()
test_login()
test_user_info()
test_device_list()
test_register_device()
test_ip_query()
test_sec_questions()
test_dashboard()
test_signin()
test_interaction()
test_favorite()
test_profile()
test_receipt_login()
test_token_login()
test_deletion_status()
test_stats()
test_fortune()
analyze_insights()
test_request_deletion()
test_logout()
print_summary()
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink