fix(desktop): isolate AI account auth probes

This commit is contained in:
2026-05-06 18:20:10 +08:00
parent a99d7a4971
commit f3487bcacf
11 changed files with 1713 additions and 270 deletions
@@ -1,8 +1,9 @@
import { describe, expect, it } from 'vitest'
import {
buildGenericAIPageFingerprintFallback,
genericAIPageLooksAuthenticated,
isLikelyGenericAICredentialName,
isLikelyPlatformAICredentialCookie,
} from './generic-ai-auth'
describe('generic ai auth detection', () => {
@@ -22,12 +23,48 @@ describe('generic ai auth detection', () => {
).toBe(true)
})
it('does not use a non-auth fingerprint as a fallback without strong ui signals', () => {
it('does not treat anonymous conversation URLs as authenticated', () => {
expect(
buildGenericAIPageFingerprintFallback('deepseek', {
genericAIPageLooksAuthenticated('https://www.doubao.com/chat/', {
displayName: null,
avatarUrl: null,
fingerprint: 'local:user_unique_id=123',
fingerprint: 'https://www.doubao.com/chat/|Doubao',
credentialFingerprint: null,
currentPath: '/chat/',
strongAuthSignalCount: 0,
loginSignalCount: 0,
loggedOutSignalCount: 0,
challengeSignalCount: 0,
}),
).toBe(false)
})
it('keeps anonymous telemetry cookies out of generic credential matching', () => {
expect(isLikelyGenericAICredentialName('hook_slardar_session_id')).toBe(false)
expect(isLikelyGenericAICredentialName('ttwid')).toBe(false)
expect(isLikelyGenericAICredentialName('XSRF-TOKEN')).toBe(false)
expect(isLikelyGenericAICredentialName('passport_auth_token')).toBe(true)
})
it('requires visible account signals for platform cookies that can exist anonymously', () => {
expect(
isLikelyPlatformAICredentialCookie('qwen', 'tongyi_sso_ticket', 'anonymous-qwen-cookie', {
displayName: '通义千问账号',
avatarUrl: null,
fingerprint: null,
credentialFingerprint: null,
currentPath: '/',
strongAuthSignalCount: 1,
loginSignalCount: 0,
loggedOutSignalCount: 0,
challengeSignalCount: 0,
}),
).toBe(true)
expect(
isLikelyPlatformAICredentialCookie('deepseek', 'userToken', 'real-token-value', {
displayName: null,
avatarUrl: null,
fingerprint: null,
credentialFingerprint: null,
currentPath: '/',
strongAuthSignalCount: 0,
@@ -35,22 +72,38 @@ describe('generic ai auth detection', () => {
loggedOutSignalCount: 0,
challengeSignalCount: 0,
}),
).toBeNull()
).toBe(true)
})
it('builds a stable fingerprint from credential storage when cookies are absent', () => {
it('does not run Kimi through generic credential cookies', () => {
expect(
buildGenericAIPageFingerprintFallback('deepseek', {
displayName: null,
avatarUrl: null,
fingerprint: 'local:user_unique_id=123',
credentialFingerprint: 'local:userToken=masked',
isLikelyPlatformAICredentialCookie('kimi', 'kimi-auth', 'anonymous-kimi-cookie', {
displayName: '阿白',
avatarUrl: 'https://avatar.moonshot.cn/avatar/demo.jpeg',
fingerprint: null,
credentialFingerprint: 'local:access_token=real-token',
currentPath: '/',
strongAuthSignalCount: 0,
strongAuthSignalCount: 3,
loginSignalCount: 0,
loggedOutSignalCount: 0,
challengeSignalCount: 0,
}),
).toBe('deepseek-session:local:userToken=masked')
).toBe(false)
})
it('does not run Doubao through generic credential cookies', () => {
expect(
isLikelyPlatformAICredentialCookie('doubao', 'passport_auth_token', 'real-auth-token', {
displayName: '豆包用户',
avatarUrl: 'https://p3-passport.byteacctimg.com/img/user-avatar/demo.image',
fingerprint: null,
credentialFingerprint: null,
currentPath: '/chat/',
strongAuthSignalCount: 3,
loginSignalCount: 0,
loggedOutSignalCount: 0,
challengeSignalCount: 0,
}),
).toBe(false)
})
})