Pchen0
/
ic-ctbu-backend


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
							const API = require("../../../lib/API.js")
const db = require("../../../plugin/DataBase/db.js")
const axios = require("axios")
const AccessControl = require("../../../lib/AccessControl.js")
const { BaseStdResponse } = require("../../../BaseStdResponse.js")
const { dataEncrypt, dataDecrypt, dataSign } = require("../../../plugin/Lepao/Crypto")
const { URLSearchParams } = require("url")

class UpdateSelfAccount extends API {
    constructor() {
        super()

        this.setPath('/Lepao/Account/UpdateSelfAccount')
        this.setMethod('POST')
    }

    async onRequest(req, res) {
        const { uuid, session, student_num } = req.body

        if ([uuid, session, student_num].some(v => v === '' || v === null || v === undefined)) {
            return res.json({
                ...BaseStdResponse.MISSING_PARAMETER
            })
        }

        if (!await AccessControl.checkSession(uuid, session)) {
            return res.status(401).json({
                ...BaseStdResponse.ACCESS_DENIED
            })
        }

        try {
            const rows = await db.query(
                'SELECT uid, token, school_id, userAgent, state FROM lepao_account WHERE student_num = ? AND create_user = ?',
                [student_num, uuid]
            )
            if (!rows || rows.length !== 1) {
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: '未找到该乐跑账号或无权限操作'
                })
            }

            const account = rows[0]
            const raw = {
                uid: account.uid,
                token: account.token,
                school_id: account.school_id,
                term_id: 0,
                course_id: 0,
                class_id: 0,
                student_num,
                card_id: student_num,
                timestamp: Number((Date.now() / 1000).toFixed(3)),
                version: 1,
                nonce: String(Math.floor(Math.random() * 900000 + 100000)),
                ostype: 5
            }
            raw.sign = dataSign(raw)

            const form = new URLSearchParams()
            form.append('ostype', '5')
            form.append('data', dataEncrypt(JSON.stringify(raw)))

            const headers = {
                'Content-Type': 'application/x-www-form-urlencoded',
                'Accept': '*/*',
                'Accept-Language': 'zh-CN,zh-Hans;q=0.9',
                'Accept-Encoding': 'gzip, deflate, br',
                'Referer': 'https://servicewechat.com/wxf94c4ddb63d87ede/32/page-frame.html',
                'User-Agent': account.userAgent || 'Mozilla/5.0 (Linux; Android 16; 2211133C Build/BP2A.250605.031.A3; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/138.0.7204.180 Mobile Safari/537.36 XWEB/1380347 MMWEBSDK/20250202 MMWEBID/1020 wxwork/5.0.6.66174 MicroMessenger/8.0.28.48(0x28001c30) MiniProgramEnv/android Luggage/3.0.2.95ef3f83 NetType/WIFI Language/zh_CN ABI/arm64'
            }

            const apiRes = await axios.post(
                'https://lepao.ctbu.edu.cn/v3/api.php/Run2/beforeRunV260',
                form,
                { headers, proxy: false }
            )

            let result = apiRes.data
            if (result?.data && result?.is_encrypt === 1) {
                result.data = JSON.parse(dataDecrypt(result.data))
            }

            const info = result?.info || result?.msg || '系统繁忙，请稍后再试'
            const updateTime = Date.now()

            // 登录失效：更新 state=0
            if (String(info).includes('重新登录') || Number(result?.status) === 101) {
                await db.query('UPDATE lepao_account SET state = 0, update_time = ? WHERE student_num = ? AND create_user = ?', [updateTime, student_num, uuid])
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: info
                })
            }

            if (!result || Number(result.status) !== 1 || !result.data) {
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: info
                })
            }

            const term_num = Number(result.data.term_num ?? 0)
            const total_num = Number(result.data.total_num ?? 30)

            const updateRows = await db.query(
                'UPDATE lepao_account SET term_num = ?, total_num = ?, state = 1, update_time = ? WHERE student_num = ? AND create_user = ?',
                [term_num, total_num, updateTime, student_num, uuid]
            )
            if (!updateRows || updateRows.affectedRows !== 1) {
                return res.json({
                    ...BaseStdResponse.DATABASE_ERR
                })
            }

            return res.json({
                ...BaseStdResponse.OK,
                data: {
                    term_num,
                    total_num,
                    state: 1
                }
            })
        } catch (error) {
            this.logger.error(`用户自助同步乐跑账号失败: ${error.stack || error}`)
            return res.json({
                ...BaseStdResponse.ERR,
                msg: '同步失败，请稍后再试'
            })
        }
    }
}

module.exports.UpdateSelfAccount = UpdateSelfAccount