refactor(provider): 重构 ZAI 签名生成逻辑，添加消息 Base64 编码

Inblac · Inblac · commit d59abaec7e13 · 2025-10-13T16:17:07.000+08:00
- 对 ZAI 提供商的签名生成过程进行重构，提高代码可读性和安全性。
 - 主要改进包括对用户消息进行 Base64 编码处理，以及优化变量命名和代码结构。
 - 添加了相应的测试文件来验证签名逻辑的正确性。
diff --git a/app/providers/zai_provider.py b/app/providers/zai_provider.py
@@ -143,13 +143,20 @@ def _generate_signature_params(self, token: str, user_message: Optional[str]) ->
             chat_id = str(uuid.uuid4())
 
             # 3. 构造签名
-            safe_user_message = user_message or ""
-            e = f"requestId,{request_id},timestamp,{timestamp},user_id,{user_id}"
-            i = f"{e}|{safe_user_message}|{str(timestamp)}"
-            n = timestamp // (5 * 60 * 1000)
+            # 签名1：时间及key
+            time_5min_split = timestamp // (5 * 60 * 1000)
             key = "junjie".encode('utf-8')
-            o = hmac.new(key, str(n).encode('utf-8'), hashlib.sha256).hexdigest()
-            signature = hmac.new(o.encode('utf-8'), i.encode('utf-8'), hashlib.sha256).hexdigest()
+            signature_pre = hmac.new(key, str(time_5min_split).encode('utf-8'), hashlib.sha256).hexdigest()
+            # 签名2：对消息签名
+            # 用户最后一条消息
+            safe_user_message = user_message or ""
+            # 带请求信息的拼接字段
+            request_info = f"requestId,{request_id},timestamp,{timestamp},user_id,{user_id}"
+            # 用户消息的Base64编码
+            user_message_encode = base64.b64encode(safe_user_message.encode('utf-8')).decode('utf-8')
+            # 完整签名字符串
+            sign_str = f"{request_info}|{user_message_encode}|{str(timestamp)}"
+            signature = hmac.new(signature_pre.encode('utf-8'), sign_str.encode('utf-8'), hashlib.sha256).hexdigest()
 
             return {
                 "user_id": user_id,
diff --git a/tests/test_signature.py b/tests/test_signature.py
@@ -0,0 +1,33 @@
+import time
+import uuid
+import hmac
+import hashlib
+import base64
+
+# 1. 定义用户信息和消息
+user_id = "7db50472-f33b-4041-9b17-543704686133"
+user_message = "接下来呢？"
+
+# 2. 生成签名所需参数
+timestamp = 1760341685487
+request_id = 'dfb576f5-a33c-4a93-8b47-b1a81df3ae27'
+# chat_id = str(uuid.uuid4())
+
+# 3. 构造签名
+safe_user_message = user_message or ""
+e = f"requestId,{request_id},timestamp,{timestamp},user_id,{user_id}"
+msg_encode = base64.b64encode(safe_user_message.encode('utf-8')).decode('utf-8')
+i = f"{e}|{msg_encode}|{str(timestamp)}"
+n = timestamp // (5 * 60 * 1000)
+key = "junjie".encode('utf-8')
+o = hmac.new(key, str(n).encode('utf-8'), hashlib.sha256).hexdigest()
+print(o)
+print(o == "23d5377f55d1e213639b1533f6f6116724960aad0447497b71965146c6d110d8")
+
+signature = hmac.new(o.encode('utf-8'), i.encode('utf-8'), hashlib.sha256).hexdigest()
+
+print(signature)
+print(signature == "fd9acecbeb66030f866f49e90a73a24622fc2f65a4980ab0710ef78377f1f855")
+
+'requestId,dfb576f5-a33c-4a93-8b47-b1a81df3ae27,timestamp,1760341685487,user_id,7db50472-f33b-4041-9b17-543704686133|接下来呢？|1760341685487'
+"requestId,dfb576f5-a33c-4a93-8b47-b1a81df3ae27,timestamp,1760341685487,user_id,7db50472-f33b-4041-9b17-543704686133|5o6l5LiL5p2l5ZGi77yf|1760341685487"
