全面修复: 所有微博API调用统一跳过首页+不跟随重定向, 彻底解决SSO误判问题

2026-04-17 09:19:45 +08:00
parent 7e1c389a11
commit 36bb86a8f7
2 changed files with 33 additions and 20 deletions
--- a/backend/api_service/app/routers/accounts.py
+++ b/backend/api_service/app/routers/accounts.py
@@ -210,14 +210,18 @@ async def _verify_weibo_cookie(cookie_str: str) -> dict:
    Returns {"valid": bool, "uid": str|None, "screen_name": str|None}.
    """
    cookies = _parse_cookie_str(cookie_str)
-    async with httpx.AsyncClient(timeout=15, follow_redirects=True) as client:
-        # Step 1: check login via /ajax/side/cards
+    async with httpx.AsyncClient(timeout=15, follow_redirects=False) as client:
+        # Step 1: check login via /ajax/side/cards (不跟随重定向)
        resp = await client.get(
            "https://weibo.com/ajax/side/cards",
            params={"count": "1"},
-            headers=WEIBO_HEADERS,
+            headers={**WEIBO_HEADERS, "X-Requested-With": "XMLHttpRequest"},
            cookies=cookies,
        )
+
+        if resp.status_code in (301, 302):
+            return {"valid": False, "uid": None, "screen_name": None}
+
        try:
            data = resp.json()
        except Exception:
@@ -346,10 +350,9 @@ async def _get_super_topics(cookie_str: str, weibo_uid: str = "") -> List[dict]:
    cookies = _parse_cookie_str(cookie_str)
    topics: List[dict] = []

-    async with httpx.AsyncClient(timeout=15, follow_redirects=True) as client:
-        # First get XSRF-TOKEN by visiting weibo.com
-        await client.get("https://weibo.com/", headers=WEIBO_HEADERS, cookies=cookies)
-        xsrf = client.cookies.get("XSRF-TOKEN", "")
+    async with httpx.AsyncClient(timeout=15, follow_redirects=False) as client:
+        # 直接请求 API，不访问首页（避免 SSO 重定向）
+        xsrf = cookies.get("XSRF-TOKEN", "")

        headers = {
            **WEIBO_HEADERS,
@@ -414,10 +417,9 @@ async def _do_signin(cookie_str: str, topic_title: str, containerid: str) -> dic
    import time as _time
    cookies = _parse_cookie_str(cookie_str)

-    async with httpx.AsyncClient(timeout=15, follow_redirects=True) as client:
-        # Get XSRF-TOKEN
-        await client.get("https://weibo.com/", headers=WEIBO_HEADERS, cookies=cookies)
-        xsrf = client.cookies.get("XSRF-TOKEN", "")
+    async with httpx.AsyncClient(timeout=15, follow_redirects=False) as client:
+        # 直接从 Cookie 获取 XSRF，不访问首页
+        xsrf = cookies.get("XSRF-TOKEN", "")

        headers = {
            **WEIBO_HEADERS,
@@ -448,6 +450,10 @@ async def _do_signin(cookie_str: str, topic_title: str, containerid: str) -> dic
                headers=headers,
                cookies=cookies,
            )
+
+            if resp.status_code in (301, 302):
+                return {"status": "failed", "message": "签到API被重定向，Cookie可能失效"}
+
            try:
                data = resp.json()
            except Exception: