Update zai_provider.py

ZyphrZero · ZyphrZero · commit 766061a5816a · 2025-10-21T12:46:44.000+08:00
diff --git a/app/providers/zai_provider.py b/app/providers/zai_provider.py
@@ -69,7 +69,7 @@ def get_zai_dynamic_headers(chat_id: str = "") -> Dict[str, str]:
         "Cache-Control": "no-cache",
         "User-Agent": user_agent,
         "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8",
-        "X-FE-Version": "prod-fe-1.0.103",
+        "X-FE-Version": "prod-fe-1.0.104",
         "Origin": "https://chat.z.ai",
     }
 
@@ -117,20 +117,21 @@ def _extract_user_id_from_token(token: str) -> str:
     return "guest"
 
 
-def generate_signature(message_text: str, request_id: str, timestamp_ms: int, user_id: str, secret: str = "junjie") -> str:
+def generate_signature(message_text: str, request_id: str, timestamp_ms: int, user_id: str = "", secret: str = "") -> str:
     """Dual-layer HMAC-SHA256 signature matching Z.AI's zs function.
 
-    - e: requestId,<id>,timestamp,<ts>,user_id,<uid>
+    New algorithm (2025):
+    - e: request_id (just the UUID string)
     - t: message_text
-    - s/i: timestamp_ms
+    - i: timestamp_ms (as string)
     - w: base64(utf8_encode(t))
     - c: e|w|i
-    - E: floor(timestamp_ms / 300000)
+    - E: floor(timestamp_ms / (5 * 60 * 1000))
     - A: HMAC_SHA256(secret, E)
-    - k: HMAC_SHA256(A, c)
+    - signature: HMAC_SHA256(A, c)
     """
-    # e = requestId,<id>,timestamp,<ts>,user_id,<uid>
-    e = f"requestId,{request_id},timestamp,{timestamp_ms},user_id,{user_id}"
+    # e = request_id (simplified from previous complex format)
+    e = request_id
 
     # t = message_text, encode to UTF-8 then base64 (matching btoa behavior)
     t = message_text or ""
@@ -147,10 +148,10 @@ def generate_signature(message_text: str, request_id: str, timestamp_ms: int, us
     window_index = timestamp_ms // (5 * 60 * 1000)
 
     # A = HMAC_SHA256(secret, window_index)
-    root_key = (secret or "junjie").encode("utf-8")
+    root_key = secret.encode("utf-8")
     derived_hex = hmac.new(root_key, str(window_index).encode("utf-8"), hashlib.sha256).hexdigest()
 
-    # k = HMAC_SHA256(A, c)
+    # signature = HMAC_SHA256(A, c)
     signature = hmac.new(derived_hex.encode("utf-8"), c.encode("utf-8"), hashlib.sha256).hexdigest()
 
     return signature
@@ -669,39 +670,49 @@ async def transform_request(self, request: OpenAIRequest) -> Dict[str, Any]:
         if request.max_tokens is not None:
             body["params"]["max_tokens"] = request.max_tokens
         
-        # 构建请求头
-        headers = {
-            "Authorization": f"Bearer {token}",
-            "X-Signature": "",
-            "Content-Type": "application/json"
-        }
-
         # Dual-layer HMAC signing metadata and header
         user_id = _extract_user_id_from_token(token)
         timestamp_ms = int(time.time() * 1000)
         request_id = generate_uuid()
-        secret = os.getenv("ZAI_SIGNING_SECRET", "junjie") or "junjie"
-        signature = generate_signature(
-            message_text=last_user_text,
-            request_id=request_id,
-            timestamp_ms=timestamp_ms,
-            user_id=user_id,
-            secret=secret,
-        )
-        
+        secret = os.getenv("ZAI_SIGNING_SECRET", "key-@@@@)))()((9))-xxxx&&&%%%%%") or "key-@@@@)))()((9))-xxxx&&&%%%%%"
+
+        try:
+            signature = generate_signature(
+                message_text=last_user_text,
+                request_id=request_id,
+                timestamp_ms=timestamp_ms,
+                user_id=user_id,
+                secret=secret,
+            )
+            logger.debug(f"[Z.AI] 生成签名成功: {signature[:16]}... (user_id={user_id}, request_id={request_id})")
+        except Exception as e:
+            logger.error(f"[Z.AI] 签名生成失败: {e}")
+            signature = ""
+
+        # 构建请求头 (匹配 X-FE-Version 和 X-Signature)
+        headers = {
+            "Authorization": f"Bearer {token}",
+            "Content-Type": "application/json",
+            "X-FE-Version": "prod-fe-1.0.104",
+            "X-Signature": signature,
+        }
+
         query_params = {
             "timestamp": str(timestamp_ms),
             "requestId": request_id,
             "user_id": user_id,
-            "token": token or "",
-            "version": "1.0.103",
+            "token": token,
+            "version": "0.0.1",
             "platform": "web",
             "current_url": f"https://chat.z.ai/c/{chat_id}",
             "pathname": f"/c/{chat_id}",
-            "signature_timestamp": timestamp_ms,
+            "signature_timestamp": str(timestamp_ms),
         }
         signed_url = f"{self.config.api_endpoint}?{urlencode(query_params)}"
-        headers["X-Signature"] = signature
+
+        # 记录请求详情用于调试
+        logger.debug(f"[Z.AI] 请求头: Authorization=Bearer *****, X-Signature={signature[:16] if signature else '(空)'}...")
+        logger.debug(f"[Z.AI] URL 参数: timestamp={timestamp_ms}, requestId={request_id}, user_id={user_id}")
         
         # 存储当前token用于错误处理
         self._current_token = token
