fix(publish): harden zol login detection and content image upload

- Detect zol login redirects via passport/service hostnames and verify
  console access by re-detecting the bound account so a different logged
  in user is treated as expired instead of active.
- Skip networkPic upload for local/private URLs and fall back to file
  upload (with siteType retry) so desktop-hosted assets no longer reach
  ZOL as unreachable links and produce blank images.
- Surface zol_content_image_upload_failed and challenge errors instead
  of silently substituting empty image URLs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-27 12:21:12 +08:00
parent b4cfc6f992
commit e1a1916bc5
3 changed files with 293 additions and 18 deletions
+93 -13
View File
@@ -60,6 +60,7 @@ interface PublishPlatformBindingDefinition {
label: string;
loginUrl: string;
consoleUrl: string;
loginRedirectUrls?: string[];
detect(context: DetectContext): Promise<DetectedAccount | null>;
}
@@ -242,6 +243,13 @@ const TOUTIAO_LOGIN_URL = "https://mp.toutiao.com/auth/page/login";
const TOUTIAO_CONSOLE_HOME_URL = "https://mp.toutiao.com/profile_v4/index";
const TOUTIAO_WORKBENCH_URL_PATTERN = /^https:\/\/mp\.toutiao\.com\/profile_v4\//i;
const BILIBILI_API_ORIGIN = "https://api.bilibili.com";
const ZOL_API_ORIGIN = "https://open-api.zol.com.cn";
const ZOL_REFERER = "https://post.zol.com.cn/";
const ZOL_CONSOLE_URL = "https://post.zol.com.cn/v2/manage/works/all";
const ZOL_LOGIN_REDIRECT_URLS = [
"https://passport.zol.com.cn/",
"https://service.zol.com.cn/user/login",
];
const BILIBILI_WBI_MIXIN_KEY_ENC_TAB = [
46, 47, 18, 2, 53, 8, 23, 32,
15, 50, 10, 31, 58, 3, 45, 35,
@@ -1729,7 +1737,7 @@ export async function probePublishAccountSession(
};
}
if (looksLikeLoginRedirect(currentURL, definition.loginUrl)) {
if (definitionLooksLikeLoginRedirect(currentURL, definition)) {
return {
verdict: "expired",
reason: "login_redirect",
@@ -1810,7 +1818,7 @@ export async function probePublishAccountSession(
};
}
if (pageState.loggedOutSignalCount > 0 || looksLikeLoginRedirect(currentURL, definition.loginUrl)) {
if (pageState.loggedOutSignalCount > 0 || definitionLooksLikeLoginRedirect(currentURL, definition)) {
return {
verdict: "expired",
reason: "login_redirect",
@@ -1868,6 +1876,19 @@ export async function probePublishAccountSession(
webContents: window.webContents,
});
if (detected) {
if (account.platform === "zol" && !detectedAccountMatchesIdentity(detected, account)) {
return {
verdict: "expired",
reason: "login_redirect",
profile: null,
sessionFingerprint: sanitizeDetectedAccount(detected).platformUid,
evidence: {
detectedPlatformUid: detected.platformUid,
expectedPlatformUid: account.platformUid,
},
};
}
return {
verdict: "active",
reason: "probe_success",
@@ -1876,7 +1897,9 @@ export async function probePublishAccountSession(
};
}
const consoleReady = await verifyPublishAccountConsoleAccess(account, handle);
const consoleReady = account.platform === "zol"
? await verifyZolConsoleAccess(window, handle.session, account)
: await verifyPublishAccountConsoleAccess(account, handle);
if (consoleReady) {
return {
verdict: "active",
@@ -1944,7 +1967,11 @@ export async function silentRefreshPublishAccountSession(
await sleep(1_200);
await flushSessionPersistence(handle.session);
return !looksLikeLoginRedirect(window.webContents.getURL(), definition.loginUrl);
if (account.platform === "zol") {
return await verifyZolConsoleAccess(window, handle.session, account);
}
return !definitionLooksLikeLoginRedirect(window.webContents.getURL(), definition);
} catch {
return false;
} finally {
@@ -2112,6 +2139,37 @@ async function verifyToutiaoConsoleAccess(window: BrowserWindow, session: Sessio
return extractToutiaoAccount(sessionResponse) !== null;
}
function detectedAccountMatchesIdentity(
detected: DetectedAccount,
account: PublishAccountIdentity,
): boolean {
const expected = normalizeAccountPlatformUid(account.platformUid) || account.platformUid;
if (!expected) {
return true;
}
return sameAccountPlatformUid(detected.platformUid, expected);
}
async function verifyZolConsoleAccess(
window: BrowserWindow,
session: Session,
account: PublishAccountIdentity,
): Promise<boolean> {
if (window.isDestroyed()) {
return false;
}
const detected = await detectZol({
session,
webContents: window.webContents,
}).catch(() => null);
return detected ? detectedAccountMatchesIdentity(detected, account) : false;
}
const LOGIN_REDIRECT_TOKEN_RE =
/(^|[/?#=&._-])(login|signin|sign-in|sign_in|signup|sign-up|register|auth|oauth|passport|scan|qrcode|qrlogin|wxlogin|sso)(?=$|[/?#=&._-])/i;
const LOGIN_REDIRECT_HOST_RE = /(^|[.-])(login|passport|auth|sso)(?=$|[.-])/i;
function looksLikeLoginRedirect(currentURL: string, loginURL: string): boolean {
if (!currentURL || !loginURL) {
return false;
@@ -2127,8 +2185,8 @@ function looksLikeLoginRedirect(currentURL: string, loginURL: string): boolean {
const currentPath = normalizeURLPath(current.pathname);
const loginPath = normalizeURLPath(login.pathname);
if (!loginPath) {
return /(^|[/?#=&._-])(login|signin|sign-in|signup|sign-up|register|auth|oauth|passport|scan|qrcode|qrlogin|wxlogin|sso)(?=$|[/?#=&._-])/i
.test(`${current.pathname}${current.search}${current.hash}`);
return LOGIN_REDIRECT_TOKEN_RE.test(`${current.pathname}${current.search}${current.hash}`)
|| LOGIN_REDIRECT_HOST_RE.test(current.hostname);
}
return currentPath === loginPath || currentPath.startsWith(`${loginPath}/`);
@@ -2137,6 +2195,14 @@ function looksLikeLoginRedirect(currentURL: string, loginURL: string): boolean {
}
}
function definitionLooksLikeLoginRedirect(
currentURL: string,
definition: PublishPlatformBindingDefinition,
): boolean {
const loginRedirectUrls = definition.loginRedirectUrls ?? [definition.loginUrl];
return loginRedirectUrls.some((loginURL) => looksLikeLoginRedirect(currentURL, loginURL));
}
async function verifyPublishAccountConsoleAccess(
account: PublishAccountIdentity,
handle: SessionHandle,
@@ -2176,7 +2242,11 @@ async function verifyPublishAccountConsoleAccess(
return detected !== null;
}
return !looksLikeLoginRedirect(currentURL, definition.loginUrl);
if (account.platform === "zol") {
return await verifyZolConsoleAccess(window, handle.session, account);
}
return !definitionLooksLikeLoginRedirect(currentURL, definition);
} finally {
if (!window.isDestroyed()) {
window.destroy();
@@ -2699,14 +2769,23 @@ async function detectWeixinGzh({ session }: DetectContext): Promise<DetectedAcco
};
}
async function zolRequestHeaders(session: Session): Promise<Record<string, string>> {
const cookie = await sessionCookieHeader(session, "zol.com.cn").catch(() => "");
return {
accept: "application/json, text/plain, */*",
origin: "https://post.zol.com.cn",
referer: ZOL_REFERER,
...(cookie ? { cookie } : {}),
};
}
async function detectZol({ session }: DetectContext): Promise<DetectedAccount | null> {
const response = await sessionFetchJson<ZolUserInfoResponse>(
session,
"https://open-api.zol.com.cn/api/v1/creator.user.getinfo",
`${ZOL_API_ORIGIN}/api/v1/creator.user.getinfo`,
{
headers: {
accept: "application/json, text/plain, */*",
},
credentials: "include",
headers: await zolRequestHeaders(session),
},
).catch(() => null);
@@ -2822,8 +2901,9 @@ const publishBindingDefinitions: Record<string, PublishPlatformBindingDefinition
zol: {
id: "zol",
label: "中关村在线",
loginUrl: "https://post.zol.com.cn/v2/manage/works/all",
consoleUrl: "https://post.zol.com.cn/v2/manage/works/all",
loginUrl: ZOL_CONSOLE_URL,
consoleUrl: ZOL_CONSOLE_URL,
loginRedirectUrls: ZOL_LOGIN_REDIRECT_URLS,
detect: detectZol,
},
dongchedi: {
@@ -0,0 +1,46 @@
import { Buffer } from "node:buffer";
import { describe, expect, it, vi } from "vitest";
vi.mock("electron", () => ({
nativeImage: {
createFromBuffer: () => ({
isEmpty: () => false,
getSize: () => ({ width: 1, height: 1 }),
crop: () => ({
isEmpty: () => false,
getSize: () => ({ width: 1, height: 1 }),
toPNG: () => Buffer.from([]),
}),
toPNG: () => Buffer.from([]),
}),
},
}));
vi.mock("../transport/api-client", () => ({
fetchDesktopApiURL: vi.fn(),
resolveDesktopApiURL: (path: string) => `http://127.0.0.1:8080${path}`,
}));
import {
directNetworkPicUrl,
normalizeZolUploadedImageUrl,
} from "./zol";
describe("zol image helpers", () => {
it("does not send local asset URLs to ZOL networkPic upload", () => {
expect(directNetworkPicUrl("/api/public/assets/12")).toBeNull();
expect(directNetworkPicUrl("http://127.0.0.1:8080/api/public/assets/12")).toBeNull();
expect(directNetworkPicUrl("data:image/png;base64,abc")).toBeNull();
});
it("keeps public remote image URLs eligible for networkPic upload", () => {
expect(directNetworkPicUrl("//cdn.example.com/a.png")).toBe("https://cdn.example.com/a.png");
expect(directNetworkPicUrl("https://img.example.com/a.png")).toBe("https://img.example.com/a.png");
});
it("normalizes uploaded ZOL image URLs for editor content", () => {
expect(normalizeZolUploadedImageUrl("//icon.zol-img.com.cn/a.png")).toBe("https://icon.zol-img.com.cn/a.png");
expect(normalizeZolUploadedImageUrl("/upload/a.png")).toBe("https://post.zol.com.cn/upload/a.png");
});
});
+154 -5
View File
@@ -6,7 +6,6 @@ import {
normalizeRemoteUrl,
sessionCookieHeader,
sessionFetchJson,
uploadHtmlImages,
} from "./common";
import {
cropImageAssetBlob,
@@ -72,6 +71,7 @@ const ZOL_API_ORIGIN = "https://open-api.zol.com.cn";
const ZOL_REFERER = "https://post.zol.com.cn";
const ZOL_MANAGE_URL = "https://post.zol.com.cn/v2/manage/works/all";
const ZOL_SUBJECT_LIMIT = 5;
const LOCAL_IMAGE_HOSTS = new Set(["localhost", "127.0.0.1", "::1", "0.0.0.0", "api"]);
function stringId(value: unknown): string {
if (typeof value === "number") {
@@ -92,6 +92,57 @@ function isZolChallengeMessage(message: string): boolean {
.test(message);
}
export function normalizeZolUploadedImageUrl(value: string | null | undefined): string | null {
const trimmed = value?.trim();
if (!trimmed) {
return null;
}
if (/^\/\//.test(trimmed)) {
return `https:${trimmed}`;
}
if (/^\//.test(trimmed)) {
return new URL(trimmed, ZOL_REFERER).toString();
}
return trimmed;
}
function zolUploadedImageUrl(response: ZolImageUploadResponse | null | undefined): string | null {
return normalizeZolUploadedImageUrl(response?.data?.pic) ?? normalizeZolUploadedImageUrl(response?.data?.fileUrl);
}
function zolImageUploadMessage(response: ZolImageUploadResponse | null | undefined): string {
if (!response) {
return "empty_response";
}
return zolResponseMessage(response);
}
function isLocalImageHost(hostname: string): boolean {
return LOCAL_IMAGE_HOSTS.has(hostname.toLowerCase());
}
export function directNetworkPicUrl(sourceUrl: string): string | null {
const trimmed = sourceUrl.trim();
if (!trimmed || /^(data|blob):/i.test(trimmed) || /^\/(?!\/)/.test(trimmed)) {
return null;
}
const normalized = normalizeRemoteUrl(trimmed);
if (!normalized || /^(data|blob):/i.test(normalized)) {
return null;
}
try {
const parsed = new URL(normalized);
if (!["http:", "https:"].includes(parsed.protocol) || isLocalImageHost(parsed.hostname)) {
return null;
}
return parsed.toString();
} catch {
return null;
}
}
async function zolHeaders(
context: PublishAdapterContext,
extra: Record<string, string> = {},
@@ -231,7 +282,21 @@ async function uploadCover(context: PublishAdapterContext, sourceUrl: string): P
}
async function uploadContentImage(context: PublishAdapterContext, sourceUrl: string): Promise<string | null> {
const networkPic = normalizeRemoteUrl(sourceUrl);
const networkPic = directNetworkPicUrl(sourceUrl);
if (networkPic) {
const uploaded = await uploadContentImageByNetworkPic(context, networkPic);
if (uploaded) {
return uploaded;
}
}
return await uploadContentImageByFile(context, sourceUrl);
}
async function uploadContentImageByNetworkPic(
context: PublishAdapterContext,
networkPic: string,
): Promise<string | null> {
if (!networkPic) {
return null;
}
@@ -251,7 +316,80 @@ async function uploadContentImage(context: PublishAdapterContext, sourceUrl: str
},
).catch(() => null);
return response?.errcode === 0 ? response.data?.pic?.trim() || null : null;
const uploaded = zolUploadedImageUrl(response);
if (response && response.errcode !== 0 && response.errcode != null) {
const message = zolResponseMessage(response);
if (isZolChallengeMessage(message)) {
throw new Error(`zol_challenge_required:${message}`);
}
return null;
}
return uploaded;
}
async function uploadContentImageByFile(context: PublishAdapterContext, sourceUrl: string): Promise<string | null> {
const image = await fetchImageAssetBlob(sourceUrl);
if (!image) {
throw new Error(`zol_content_image_upload_failed:${sourceUrl.slice(0, 160)}:source_fetch_failed`);
}
const errors: string[] = [];
for (const siteType of ["1", "0"]) {
const form = new FormData();
form.append("file", image.blob, image.fileName);
form.append("siteType", siteType);
const response = await sessionFetchJson<ZolImageUploadResponse>(
context.session,
`${ZOL_API_ORIGIN}/api/v1/creator.content.image.upload`,
{
method: "POST",
credentials: "include",
headers: await zolHeaders(context),
body: form,
},
).catch((error): ZolImageUploadResponse => ({
errcode: -1,
errmsg: error instanceof Error ? error.message : "zol_content_image_upload_failed",
}));
const uploaded = zolUploadedImageUrl(response);
if (uploaded) {
return uploaded;
}
const message = zolImageUploadMessage(response);
if (isZolChallengeMessage(message)) {
throw new Error(`zol_challenge_required:${message}`);
}
errors.push(`siteType=${siteType}:${message}`);
}
throw new Error(`zol_content_image_upload_failed:${sourceUrl.slice(0, 160)}:${errors.join(";")}`);
}
async function uploadContentImages(context: PublishAdapterContext, html: string): Promise<string> {
const sources = extractImageSources(html);
if (!sources.length) {
return html;
}
const uploaded = new Map<string, string>();
for (const source of sources) {
const target = await uploadContentImage(context, source);
if (!target) {
throw new Error(`zol_content_image_upload_failed:${source.slice(0, 160)}`);
}
uploaded.set(source, target);
}
let next = html;
for (const [source, target] of uploaded.entries()) {
next = next.split(source).join(target);
}
return next;
}
async function applyRecommendSubjects(context: PublishAdapterContext, form: FormData): Promise<void> {
@@ -349,6 +487,17 @@ function failureResult(error: unknown): ReturnType<PublishAdapter["publish"]> ex
};
}
if (message.startsWith("zol_content_image_upload_failed")) {
return {
status: "failed",
summary: "中关村在线正文图片上传失败,已停止发布以避免生成空白图片。",
error: {
code: "zol_content_image_upload_failed",
message,
},
};
}
if (message.startsWith("zol_challenge_required") || isZolChallengeMessage(message)) {
return {
status: "failed",
@@ -409,11 +558,11 @@ export const zolAdapter: PublishAdapter = {
await applyRecommendSubjects(context, form);
context.reportProgress("zol.upload_content_images");
const processed = await uploadHtmlImages(html, async (sourceUrl) => uploadContentImage(context, sourceUrl));
const processedHtml = await uploadContentImages(context, html);
form.set("draftId", draftId);
form.set("saveType", "1");
form.set("scontent", processed.html);
form.set("scontent", processedHtml);
form.append("draftUpdateId", draftId);
form.append("taskType", "1");
form.append("taskIds", "[]");