carrydela/autoClaude
1
0
Fork 1
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

feat: Implement Telegram bot with Claude authentication, mail service, and identity spoofing, refactoring core logic into new modules. #1

Open
mygo-kyx wants to merge 13 commits from mygo-kyx/autoClaude-TGbot:main into Feature-FromFork-Kunkun
pull from: mygo-kyx/autoClaude-TGbot:main
merge into: carrydela:Feature-FromFork-Kunkun
Conversation 0 Commits 13 Files Changed 17 +607 -65
5 changed files with 607 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 34215222bf - Show all commits

55
account_store.py
View File

@@ -12,6 +12,61 @@ _ACCOUNTS_FILE = Path(__file__).parent / "accounts.txt"
_STATS_FILE = Path(__file__).parent / "stats.json"
_lock = threading.Lock()
# ====== 账号池(并发调度)======
# _busy 记录当前被占用的账号行(原始字符串)
_busy: set[str] = set()
def acquire(n: int = 0) -> list[str]:
"""从空闲账号中获取最多 n 个,标记为占用。
Args:
n: 需要的账号数。0 表示尽量获取所有空闲账号(至少 1 个)。
Returns:
被获取的账号行列表(可能少于 n为空表示没有空闲账号。
"""
with _lock:
try:
with open(_ACCOUNTS_FILE, "r", encoding="utf-8") as f:
all_lines = [line.strip() for line in f if line.strip()]
except FileNotFoundError:
return []
free = [line for line in all_lines if line not in _busy]
if not free:
return []
if n <= 0:
# 获取全部空闲
acquired = free
else:
acquired = free[:n]
_busy.update(acquired)
return acquired
def release(lines: list[str]) -> None:
"""释放指定账号,标记为空闲。"""
with _lock:
for line in lines:
_busy.discard(line)
def pool_status() -> dict:
"""返回账号池状态。"""
with _lock:
try:
with open(_ACCOUNTS_FILE, "r", encoding="utf-8") as f:
all_lines = [line.strip() for line in f if line.strip()]
except FileNotFoundError:
all_lines = []
total = len(all_lines)
busy = sum(1 for line in all_lines if line in _busy)
return {"total": total, "busy": busy, "free": total - busy}
# ====== 账号操作 ======

466
bot.py
View File

@@ -27,6 +27,9 @@ from telegram.ext import (
from config import (
TG_BOT_TOKEN,
TG_ALLOWED_USERS,
TG_USER_PERMISSIONS,
ADMIN_USERS,
get_merged_permissions,
MAIL_SYSTEMS,
)
from mail_service import MailPool, extract_magic_link
@@ -57,13 +60,38 @@ _stop_event = threading.Event()
# ============================================================
def restricted(func):
"""权限控制装饰器:仅允许 TG_ALLOWED_USERS 中的用户使用"""
"""权限控制装饰器:检查用户是否有权使用当前命令。
权限检查规则:
1. 如果配置了 roles按角色的 commands 列表检查;"*" 表示全部权限
2. 如果没有配置 roles回退到 allowed_users 全量放行
3. 如果两者都没配,所有用户都可以使用
"""
# 从函数名提取命令名cmd_register -> register
cmd_name = func.__name__.removeprefix("cmd_").removeprefix("handle_")
@wraps(func)
async def wrapper(update: Update, context: ContextTypes.DEFAULT_TYPE, *args, **kwargs):
user_id = update.effective_user.id
if TG_ALLOWED_USERS and user_id not in TG_ALLOWED_USERS:
await update.message.reply_text("⛔ 你没有权限使用此 Bot。")
return
if TG_USER_PERMISSIONS or True: # 总是检查合并权限
# 实时合并 config.toml + permissions.json
merged = get_merged_permissions()
if merged:
user_cmds = merged.get(user_id)
if user_cmds is None:
# 用户不在任何权限表中
if TG_ALLOWED_USERS or TG_USER_PERMISSIONS:
# 有限制配置但用户不在其中
await update.message.reply_text("⛔ 你没有权限使用此 Bot。")
return
# 没有任何限制配置:放行
elif "*" not in user_cmds and cmd_name not in user_cmds:
await update.message.reply_text(
f"⛔ 你没有权限使用 /{cmd_name} 命令。"
)
return
return await func(update, context, *args, **kwargs)
return wrapper
@@ -116,7 +144,6 @@ def _progress_bar(current: int, total: int, width: int = 12) -> str:
# 命令处理
# ============================================================
@restricted
async def cmd_start(update: Update, context: ContextTypes.DEFAULT_TYPE):
"""/start — 欢迎信息"""
welcome = (
@@ -138,7 +165,6 @@ async def cmd_start(update: Update, context: ContextTypes.DEFAULT_TYPE):
await update.message.reply_text(welcome, parse_mode="HTML")
@restricted
async def cmd_help(update: Update, context: ContextTypes.DEFAULT_TYPE):
"""/help — 命令列表"""
text = (
@@ -159,7 +185,12 @@ async def cmd_help(update: Update, context: ContextTypes.DEFAULT_TYPE):
" /proxy on|off — 开关代理\n"
" /proxytest — 测试代理\n"
" /proxystatus — 代理池状态\n"
" /mailstatus — 邮件系统状态\n"
" /mailstatus — 邮件系统状态\n\n"
"<b>🔐 用户管理(仅管理员)</b>\n"
" /adduser <ID> [cmds] — 添加用户\n"
" /removeuser <ID> — 移除用户\n"
" /setperm <ID> <cmds> — 修改权限\n"
" /users — 查看用户列表\n"
)
await update.message.reply_text(text, parse_mode="HTML")
@@ -167,14 +198,25 @@ async def cmd_help(update: Update, context: ContextTypes.DEFAULT_TYPE):
@restricted
async def cmd_status(update: Update, context: ContextTypes.DEFAULT_TYPE):
"""/status — 查看任务状态"""
lines = []
# 全局任务(注册等)
with _task_lock:
if _task_running:
await update.message.reply_text(
f"⏳ 当前任务:<b>{_task_name}</b>",
parse_mode="HTML",
)
else:
await update.message.reply_text("✅ 当前无运行中的任务。")
lines.append(f"⏳ 当前任务:<b>{_task_name}</b>")
# 账号池状态
ps = account_store.pool_status()
if ps["total"] > 0:
lines.append(
f"🗄 账号池:共 {ps['total']} | "
f"🟢 空闲 {ps['free']} | 🔴 占用 {ps['busy']}"
)
if not lines:
await update.message.reply_text("✅ 当前无运行中的任务。")
else:
await update.message.reply_text("\n".join(lines), parse_mode="HTML")
@restricted
@@ -281,6 +323,192 @@ async def cmd_proxystatus(update: Update, context: ContextTypes.DEFAULT_TYPE):
await update.message.reply_text(text, parse_mode="HTML")
# ============================================================
# 用户权限管理(仅管理员)
# ============================================================
import permissions
def _admin_only(func):
"""管理员专属装饰器:只有 config.toml 中 commands=["*"] 的用户可使用"""
@wraps(func)
async def wrapper(update: Update, context: ContextTypes.DEFAULT_TYPE, *args, **kwargs):
user_id = update.effective_user.id
if user_id not in ADMIN_USERS:
await update.message.reply_text("⛔ 此命令仅管理员可用。")
return
return await func(update, context, *args, **kwargs)
return wrapper
@_admin_only
async def cmd_adduser(update: Update, context: ContextTypes.DEFAULT_TYPE):
"""/adduser <user_id> [cmd1,cmd2,...|*] — 添加用户并设置权限"""
if not context.args or len(context.args) < 1:
await update.message.reply_text(
"❌ 用法:\n"
" <code>/adduser 123456789 *</code> — 全部权限\n"
" <code>/adduser 123456789 accounts,verify,stats</code> — 指定命令\n\n"
"💡 可用命令列表:\n"
f" <code>{', '.join(sorted(permissions.ALL_COMMANDS))}</code>",
parse_mode="HTML",
)
return
try:
target_uid = int(context.args[0])
except ValueError:
await update.message.reply_text("❌ 用户 ID 必须是数字。")
return
# 解析权限
if len(context.args) >= 2:
cmd_arg = context.args[1]
if cmd_arg == "*":
cmds = ["*"]
else:
cmds = [c.strip() for c in cmd_arg.split(",") if c.strip()]
# 验证命令名
invalid = [c for c in cmds if c not in permissions.ALL_COMMANDS]
if invalid:
await update.message.reply_text(
f"❌ 未知命令: {', '.join(invalid)}\n\n"
f"可用命令:\n<code>{', '.join(sorted(permissions.ALL_COMMANDS))}</code>",
parse_mode="HTML",
)
return
else:
# 默认给基础查看权限
cmds = ["start", "help", "accounts", "verify", "stats", "status"]
permissions.add_user(target_uid, cmds)
cmd_display = "全部命令" if cmds == ["*"] else ", ".join(cmds)
await update.message.reply_text(
f"✅ 已添加用户 <code>{target_uid}</code>\n"
f"🔑 权限: {cmd_display}",
parse_mode="HTML",
)
@_admin_only
async def cmd_removeuser(update: Update, context: ContextTypes.DEFAULT_TYPE):
"""/removeuser <user_id> — 移除用户"""
if not context.args:
await update.message.reply_text("❌ 用法: <code>/removeuser 123456789</code>", parse_mode="HTML")
return
try:
target_uid = int(context.args[0])
except ValueError:
await update.message.reply_text("❌ 用户 ID 必须是数字。")
return
# 不能移除 config.toml 中的管理员
if target_uid in ADMIN_USERS:
await update.message.reply_text("❌ 不能移除 config.toml 中定义的管理员。")
return
if permissions.remove_user(target_uid):
await update.message.reply_text(f"🗑 已移除用户 <code>{target_uid}</code>", parse_mode="HTML")
else:
await update.message.reply_text(f"❌ 用户 <code>{target_uid}</code> 不在运行时权限列表中。", parse_mode="HTML")
@_admin_only
async def cmd_setperm(update: Update, context: ContextTypes.DEFAULT_TYPE):
"""/setperm <user_id> <cmd1,cmd2,...|*> — 修改用户权限"""
if not context.args or len(context.args) < 2:
await update.message.reply_text(
"❌ 用法:\n"
" <code>/setperm 123456789 *</code>\n"
" <code>/setperm 123456789 accounts,verify,stats</code>\n\n"
f"可用命令:\n<code>{', '.join(sorted(permissions.ALL_COMMANDS))}</code>",
parse_mode="HTML",
)
return
try:
target_uid = int(context.args[0])
except ValueError:
await update.message.reply_text("❌ 用户 ID 必须是数字。")
return
# 不能修改 config.toml 管理员
if target_uid in ADMIN_USERS:
await update.message.reply_text("❌ 不能修改 config.toml 中定义的管理员权限。")
return
cmd_arg = context.args[1]
if cmd_arg == "*":
cmds = ["*"]
else:
cmds = [c.strip() for c in cmd_arg.split(",") if c.strip()]
invalid = [c for c in cmds if c not in permissions.ALL_COMMANDS]
if invalid:
await update.message.reply_text(
f"❌ 未知命令: {', '.join(invalid)}",
parse_mode="HTML",
)
return
# 如果用户不存在,自动添加
user = permissions.get_user(target_uid)
if user:
permissions.set_commands(target_uid, cmds)
else:
permissions.add_user(target_uid, cmds)
cmd_display = "全部命令" if cmds == ["*"] else ", ".join(cmds)
await update.message.reply_text(
f"✅ 用户 <code>{target_uid}</code> 权限已更新\n"
f"🔑 权限: {cmd_display}",
parse_mode="HTML",
)
@_admin_only
async def cmd_users(update: Update, context: ContextTypes.DEFAULT_TYPE):
"""/users — 查看所有用户及权限"""
merged = get_merged_permissions()
if not merged:
await update.message.reply_text("📭 没有任何用户。")
return
text = "👥 <b>用户权限列表</b>\n\n"
# config.toml 管理员
text += "<b>📌 管理员config.toml</b>\n"
for uid in sorted(ADMIN_USERS):
text += f" • <code>{uid}</code> — ✨ 全部权限\n"
# config.toml 非管理员角色
static_non_admin = {
uid: cmds for uid, cmds in TG_USER_PERMISSIONS.items()
if uid not in ADMIN_USERS
}
if static_non_admin:
text += "\n<b>📌 静态角色config.toml</b>\n"
for uid, cmds in sorted(static_non_admin.items()):
cmd_str = ", ".join(sorted(cmds)) if "*" not in cmds else "全部命令"
text += f" • <code>{uid}</code> — {cmd_str}\n"
# 运行时添加的用户
runtime_users = permissions.list_users()
if runtime_users:
text += "\n<b>🔧 运行时用户Bot 添加)</b>\n"
for uid, info in sorted(runtime_users.items()):
cmds = info.get("commands", [])
cmd_str = ", ".join(sorted(cmds)) if "*" not in cmds else "全部命令"
text += f" • <code>{uid}</code> — {cmd_str}\n"
if len(text) > 4000:
text = text[:4000] + "\n...(已截断)"
await update.message.reply_text(text, parse_mode="HTML")
@restricted
async def cmd_proxy(update: Update, context: ContextTypes.DEFAULT_TYPE):
"""/proxy on|off — 开关代理"""
@@ -710,47 +938,80 @@ def _register_worker(loop: asyncio.AbstractEventLoop, status_msg, count: int):
@restricted
async def cmd_check(update: Update, context: ContextTypes.DEFAULT_TYPE):
"""/check <CARD|MM|YY|CVC> — CC 检查"""
"""/check <CARD|MM|YY|CVC> — CC 检查(支持多行批量)"""
if not context.args:
await update.message.reply_text(
"❌ 用法:/check <code>卡号|月|年|CVC</code>\n"
"示例:/check 4111111111111111|12|2025|123",
"支持一次粘贴多行:\n"
"<code>/check\n"
"4111111111111111|12|25|123\n"
"5200000000000007|01|26|456</code>",
parse_mode="HTML",
)
return
card_line = context.args[0]
parts = card_line.split("|")
if len(parts) != 4:
await update.message.reply_text("❌ 格式错误,需要:<code>卡号|月|年|CVC</code>", parse_mode="HTML")
# 解析所有行,提取有效卡片
cards = []
for arg in context.args:
arg = arg.strip()
if not arg:
continue
parts = arg.split("|")
if len(parts) == 4:
cards.append(arg)
if not cards:
await update.message.reply_text(
"❌ 没有找到有效卡片。\n格式:<code>卡号|月|年|CVC</code>",
parse_mode="HTML",
)
return
# 读取可用账号
acc_lines = account_store.read_lines()
# 从账号池获取空闲账号
if len(cards) == 1:
acquired = account_store.acquire(1)
else:
acquired = account_store.acquire() # 尽量获取所有空闲
if not acc_lines:
await update.message.reply_text("❌ 没有可用账号,请先 /register 注册一个。")
if not acquired:
ps = account_store.pool_status()
if ps["total"] == 0:
await update.message.reply_text("❌ 没有可用账号,请先 /register 注册一个。")
else:
await update.message.reply_text(
f"⏳ 所有账号繁忙({ps['busy']}/{ps['total']}),请稍后再试。"
)
return
if not _set_task("CC 检查"):
await update.message.reply_text(f"⚠️ 已有任务在运行:{_task_name}")
return
status_msg = await update.message.reply_text(
f"🔍 正在检查卡片:<code>{parts[0][:4]}****{parts[0][-4:]}</code>",
parse_mode="HTML",
)
loop = asyncio.get_event_loop()
threading.Thread(
target=_check_worker,
args=(loop, status_msg, card_line, acc_lines[-1]),
daemon=True,
).start()
if len(cards) == 1:
# 单卡检查
parts = cards[0].split("|")
status_msg = await update.message.reply_text(
f"🔍 正在检查卡片:<code>{parts[0][:4]}****{parts[0][-4:]}</code>",
parse_mode="HTML",
)
loop = asyncio.get_event_loop()
threading.Thread(
target=_check_worker,
args=(loop, status_msg, cards[0], acquired[0]),
daemon=True,
).start()
else:
# 多卡批量检查
status_msg = await update.message.reply_text(
f"📋 解析到 <b>{len(cards)}</b> 张卡片,{len(acquired)} 个账号就绪,开始批量检查...",
parse_mode="HTML",
)
loop = asyncio.get_event_loop()
threading.Thread(
target=_batch_check_worker,
args=(loop, status_msg, cards, acquired),
daemon=True,
).start()
def _check_worker(loop: asyncio.AbstractEventLoop, status_msg, card_line: str, account_line: str):
"""CC 检查工作线程"""
"""CC 检查工作线程(完成后自动释放账号)"""
try:
cc, mm, yy, cvc = card_line.split("|")
acc_parts = account_line.split("|")
@@ -815,7 +1076,7 @@ def _check_worker(loop: asyncio.AbstractEventLoop, status_msg, card_line: str, a
loop,
)
finally:
_clear_task()
account_store.release([account_line])
# ============================================================
@@ -837,15 +1098,17 @@ async def handle_document(update: Update, context: ContextTypes.DEFAULT_TYPE):
await update.message.reply_text("❌ 文件太大(最大 1MB")
return
# 读取可用账号
acc_lines = account_store.read_lines()
# 从账号池获取空闲账号
acquired = account_store.acquire() # 获取所有空闲
if not acc_lines:
await update.message.reply_text("❌ 没有可用账号,请先 /register 注册一个。")
return
if not _set_task("批量 CC 检查"):
await update.message.reply_text(f"⚠️ 已有任务在运行:{_task_name}")
if not acquired:
ps = account_store.pool_status()
if ps["total"] == 0:
await update.message.reply_text("❌ 没有可用账号,请先 /register 注册一个。")
else:
await update.message.reply_text(
f"⏳ 所有账号繁忙({ps['busy']}/{ps['total']}),请稍后再试。"
)
return
# 下载文件
@@ -857,7 +1120,7 @@ async def handle_document(update: Update, context: ContextTypes.DEFAULT_TYPE):
content = file_bytes.decode("utf-8", errors="ignore")
except Exception as e:
await _edit_or_send(status_msg, f"💥 下载文件失败:{e}")
_clear_task()
account_store.release(acquired)
return
# 解析卡片
@@ -871,7 +1134,7 @@ async def handle_document(update: Update, context: ContextTypes.DEFAULT_TYPE):
if not cards:
await _edit_or_send(status_msg, "❌ 文件中没有找到有效卡片。\n格式:<code>卡号|月|年|CVC</code>")
_clear_task()
account_store.release(acquired)
return
await _edit_or_send(
@@ -883,40 +1146,54 @@ async def handle_document(update: Update, context: ContextTypes.DEFAULT_TYPE):
loop = asyncio.get_event_loop()
threading.Thread(
target=_batch_check_worker,
args=(loop, status_msg, cards, acc_lines[-1]),
args=(loop, status_msg, cards, acquired),
daemon=True,
).start()
def _batch_check_worker(loop: asyncio.AbstractEventLoop, status_msg, cards: list, account_line: str):
"""批量 CC 检查工作线程"""
def _batch_check_worker(loop: asyncio.AbstractEventLoop, status_msg, cards: list, acc_lines: list):
"""批量 CC 检查工作线程round-robin 轮询账号)"""
from models import ClaudeAccount
from identity import random_ua
results = []
total = len(cards)
num_accounts = len(acc_lines)
# 预构建所有账号对象
accounts = []
for line in acc_lines:
parts = line.split("|")
email, session_key, org_uuid = parts[0], parts[1], parts[2]
acc = ClaudeAccount(email, session_key, org_uuid, random_ua())
accounts.append(acc)
# 为每个账号创建对应的 tokenizer 和 checker
tokenizers = [StripeTokenizer(acc.user_agent) for acc in accounts]
checkers = [GiftChecker(acc) for acc in accounts]
try:
acc_parts = account_line.split("|")
email, session_key, org_uuid = acc_parts[0], acc_parts[1], acc_parts[2]
account = ClaudeAccount(email, session_key, org_uuid, random_ua())
tokenizer = StripeTokenizer(account.user_agent)
checker = GiftChecker(account)
for i, card_line in enumerate(cards):
if _is_stopped():
break
# Round-robin 选择账号
idx = i % num_accounts
current_acc = accounts[idx]
tokenizer = tokenizers[idx]
checker = checkers[idx]
acc_label = current_acc.email.split("@")[0] # 简短标识
cc, mm, yy, cvc = card_line.split("|")
masked = f"{cc[:4]}****{cc[-4:]}"
# 更新进度
recent = "\n".join(results[-5:]) # 显示最近 5 条结果
acc_info = f" 👤 账号 {idx + 1}/{num_accounts}" if num_accounts > 1 else ""
asyncio.run_coroutine_threadsafe(
_edit_or_send(
status_msg,
f"🔍 [{i + 1}/{total}] 检查中:<code>{masked}</code>\n\n"
f"🔍 [{i + 1}/{total}] 检查中:<code>{masked}</code>{acc_info}\n\n"
+ recent,
),
loop,
@@ -939,7 +1216,13 @@ def _batch_check_worker(loop: asyncio.AbstractEventLoop, status_msg, cards: list
"DEAD": "💀", "ERROR": "⚠️",
}
icon = result_icons.get(result, "")
results.append(f"{icon} <code>{masked}</code> → {result}")
# 仅成功结果显示完整卡号 + 对应邮箱
live_results = {"LIVE", "INSUFFICIENT_FUNDS", "CCN_LIVE"}
if result in live_results:
results.append(f"{icon} <code>{card_line}</code> → {result}\n 📧 {current_acc.email}")
else:
results.append(f"{icon} <code>{masked}</code> → {result}")
# 间隔防限流
if i < total - 1:
@@ -950,9 +1233,10 @@ def _batch_check_worker(loop: asyncio.AbstractEventLoop, status_msg, cards: list
dead = sum(1 for r in results if "DEAD" in r or "DECLINED" in r or "Stripe" in r)
other = total - live - dead
acc_note = f" | 👤 {num_accounts} 个账号轮询" if num_accounts > 1 else ""
report = (
f"🏁 <b>批量 CC 检查完成</b>\n\n"
f"📊 共 {total} 张 | 💰 有效 {live} | 💀 无效 {dead} | ❓ 其他 {other}\n\n"
f"📊 共 {total} 张 | 💰 有效 {live} | 💀 无效 {dead} | ❓ 其他 {other}{acc_note}\n\n"
)
report += "\n".join(results)
@@ -972,7 +1256,7 @@ def _batch_check_worker(loop: asyncio.AbstractEventLoop, status_msg, cards: list
loop,
)
finally:
_clear_task()
account_store.release(acc_lines)
# ============================================================
@@ -1014,7 +1298,7 @@ async def callback_export_json(update: Update, context: ContextTypes.DEFAULT_TYP
# ============================================================
async def post_init(application: Application):
"""Bot 启动后设置命令菜单"""
"""Bot 启动后设置命令菜单 + 推送 help"""
commands = [
BotCommand("start", "欢迎信息"),
BotCommand("register", "注册 Claude 账号 [数量]"),
@@ -1028,12 +1312,60 @@ async def post_init(application: Application):
BotCommand("proxy", "代理开关 on/off"),
BotCommand("proxytest", "测试代理"),
BotCommand("proxystatus", "代理池状态"),
BotCommand("adduser", "添加用户"),
BotCommand("removeuser", "移除用户"),
BotCommand("setperm", "修改用户权限"),
BotCommand("users", "用户列表"),
BotCommand("status", "任务状态"),
BotCommand("help", "命令帮助"),
]
await application.bot.set_my_commands(commands)
logger.info("Bot 命令菜单已设置")
# 向所有已知用户推送启动通知 + help
merged = get_merged_permissions()
user_ids = set(merged.keys()) | set(TG_ALLOWED_USERS)
if not user_ids:
logger.info("未配置用户,跳过启动通知")
return
startup_msg = (
"🤖 <b>autoClaude Bot 已启动</b>\n\n"
"📖 <b>命令说明</b>\n\n"
"<b>📝 注册与账号</b>\n"
" /register [N] — 注册 N 个账号\n"
" /accounts — 查看已注册账号\n"
" /delete <序号|邮箱> — 删除账号\n"
" /verify — 验证 SK 有效性\n\n"
"<b>💳 CC 检查</b>\n"
" /check <CARD|MM|YY|CVC> — 单张检查\n"
" 📎 发送 .txt 文件 — 批量检查\n\n"
"<b>🛠 工具与状态</b>\n"
" /stop — 中断当前任务\n"
" /stats — 统计面板\n"
" /status — 任务状态\n\n"
"<b>🌐 代理与邮件</b>\n"
" /proxy on|off — 开关代理\n"
" /proxytest — 测试代理\n"
" /proxystatus — 代理池状态\n"
" /mailstatus — 邮件系统状态\n\n"
"<b>🔐 用户管理(仅管理员)</b>\n"
" /adduser <ID> [cmds] — 添加用户\n"
" /removeuser <ID> — 移除用户\n"
" /setperm <ID> <cmds> — 修改权限\n"
" /users — 查看用户列表\n"
)
for uid in user_ids:
try:
await application.bot.send_message(
chat_id=uid, text=startup_msg, parse_mode="HTML",
)
except Exception as e:
logger.debug(f"启动通知发送失败 (uid={uid}): {e}")
logger.info(f"启动通知已推送给 {len(user_ids)} 个用户")
def main():
"""启动 Bot"""
@@ -1058,6 +1390,10 @@ def main():
app.add_handler(CommandHandler("proxystatus", cmd_proxystatus))
app.add_handler(CommandHandler("proxy", cmd_proxy))
app.add_handler(CommandHandler("status", cmd_status))
app.add_handler(CommandHandler("adduser", cmd_adduser))
app.add_handler(CommandHandler("removeuser", cmd_removeuser))
app.add_handler(CommandHandler("setperm", cmd_setperm))
app.add_handler(CommandHandler("users", cmd_users))
app.add_handler(CallbackQueryHandler(callback_export_json, pattern="^export_accounts_json$"))
app.add_handler(MessageHandler(filters.Document.ALL, handle_document))

39
config.py
View File

@@ -29,6 +29,45 @@ PRODUCT_ID: str = _cfg["stripe"]["product_id"]
TG_BOT_TOKEN: str = _cfg["telegram"]["bot_token"]
TG_ALLOWED_USERS: list[int] = _cfg["telegram"].get("allowed_users", [])
# --- 角色权限 ---
# 静态权限来自 config.toml运行时权限来自 permissions.json
# 每次调用 get_merged_permissions() 合并两者
_roles: list[dict] = _cfg["telegram"].get("roles", [])
# 静态权限映射(来自 config.toml
_STATIC_PERMISSIONS: dict[int, set[str]] = {}
# 检查 roles 是否实际配置了用户(至少一个 role 的 users 非空)
_roles_active = _roles and any(role.get("users") for role in _roles)
if _roles_active:
for role in _roles:
cmds = set(role.get("commands", []))
for uid in role.get("users", []):
_STATIC_PERMISSIONS.setdefault(uid, set()).update(cmds)
else:
# roles 未配置或 users 全为空 → 回退到 allowed_users 全量放行
for uid in TG_ALLOWED_USERS:
_STATIC_PERMISSIONS[uid] = {"*"}
# config.toml 中拥有 "*" 权限的用户 = 超级管理员
ADMIN_USERS: set[int] = {
uid for uid, cmds in _STATIC_PERMISSIONS.items() if "*" in cmds
}
def get_merged_permissions() -> dict[int, set[str]]:
"""合并 config.toml 静态权限 + permissions.json 运行时权限"""
import permissions as perm_mod
merged = dict(_STATIC_PERMISSIONS)
for uid, cmds in perm_mod.get_permissions_map().items():
merged.setdefault(uid, set()).update(cmds)
return merged
# 向后兼容:初始静态权限
TG_USER_PERMISSIONS = _STATIC_PERMISSIONS
# --- 邮箱系统 ---
MAIL_SYSTEMS: list[dict] = _cfg.get("mail", [])

15
config.toml.example
View File

@@ -17,6 +17,21 @@ product_id = "prod_TXU4hGh2EDxASl"
bot_token = "your_bot_token_here" # @BotFather 获取
allowed_users = [] # 允许使用的用户ID列表空=不限制)
# --- 角色权限控制 ---
# 每个 [[telegram.roles]] 定义一个角色,包含用户列表和允许的命令
# commands = ["*"] 表示全部命令
# 如果不配置 roles所有 allowed_users 拥有全部权限
[[telegram.roles]]
name = "admin"
users = [] # 管理员用户 ID
commands = ["*"] # 全部命令
[[telegram.roles]]
name = "user"
users = [] # 普通用户 ID
commands = ["accounts", "verify", "stats", "status", "help", "start"]
# --- 邮箱系统轮询使用API 接口相同)---
# 可添加多个 [[mail]] 块
# api_token: 直接配置 API Token无需管理员账号密码

97
permissions.py Normal file
View File

@@ -0,0 +1,97 @@
"""
运行时权限管理模块
管理员可通过 Bot 命令动态添加/删除用户和设置权限。
持久化存储在 permissions.json 中。
"""
import json
import threading
from pathlib import Path
_PERM_FILE = Path(__file__).parent / "permissions.json"
_lock = threading.Lock()
# 所有可用命令列表(用于验证输入)
ALL_COMMANDS = {
"start", "help", "register", "stop", "check",
"accounts", "delete", "verify", "stats", "status",
"mailstatus", "proxy", "proxytest", "proxystatus",
"document", # 文件上传
"adduser", "removeuser", "setperm", "users", # 管理命令
}
def _load() -> dict:
"""加载权限数据"""
try:
with open(_PERM_FILE, "r", encoding="utf-8") as f:
return json.load(f)
except (FileNotFoundError, json.JSONDecodeError):
return {"users": {}}
def _save(data: dict):
"""保存权限数据"""
with open(_PERM_FILE, "w", encoding="utf-8") as f:
json.dump(data, f, ensure_ascii=False, indent=2)
def add_user(user_id: int, commands: list[str]) -> None:
"""添加用户或更新已有用户权限"""
with _lock:
data = _load()
data["users"][str(user_id)] = {
"commands": commands,
}
_save(data)
def remove_user(user_id: int) -> bool:
"""删除用户,返回是否成功"""
with _lock:
data = _load()
key = str(user_id)
if key in data["users"]:
del data["users"][key]
_save(data)
return True
return False
def set_commands(user_id: int, commands: list[str]) -> bool:
"""设置用户权限,返回是否成功(用户必须存在)"""
with _lock:
data = _load()
key = str(user_id)
if key not in data["users"]:
return False
data["users"][key]["commands"] = commands
_save(data)
return True
def get_user(user_id: int) -> dict | None:
"""获取单个用户信息"""
with _lock:
data = _load()
return data["users"].get(str(user_id))
def list_users() -> dict[int, dict]:
"""列出所有运行时用户"""
with _lock:
data = _load()
return {int(k): v for k, v in data["users"].items()}
def get_permissions_map() -> dict[int, set[str]]:
"""
返回运行时权限映射user_id → set[command_name]
用于与 config.toml 的静态权限合并
"""
with _lock:
data = _load()
result = {}
for uid_str, info in data["users"].items():
result[int(uid_str)] = set(info.get("commands", []))
return result