fix(drivers/139): optimize login flow with cookie reuse and robust fallback#2067
Open
UcnacDx2 wants to merge 1 commit intoOpenListTeam:mainfrom
Open
fix(drivers/139): optimize login flow with cookie reuse and robust fallback#2067UcnacDx2 wants to merge 1 commit intoOpenListTeam:mainfrom
UcnacDx2 wants to merge 1 commit intoOpenListTeam:mainfrom
Conversation
…allback - Cookie Reuse Strategy: Introduced a fast-path login mechanism. If valid MailCookies (containing Os_SSo_Sid) are present, the driver attempts to skip the full password login (Step 1) and directly exchange the SID for a token (Step 2 -> Step 3). This significantly reduces risk control triggers and improves initialization speed. - Authorization Priority: Added a check to skip the entire login process if a valid Authorization string is already present in the configuration. - Robust Fallback: Implemented a fallback mechanism. If the fast-path (cookie reuse) fails (e.g., expired cookie), the driver automatically falls back to the full password login flow (Step 1 -> Step 2 -> Step 3) to ensure service availability. - Credential Validation: Refined validation logic. Now accepts configuration with only Authorization, or only MailCookies (for fast path), while strictly enforcing that if Username or Password is provided, all three credentials (including MailCookies) must be present to support the fallback password login. - Security: Ensured that when falling back to password login, only necessary cookies are sent (via sanitizeLoginCookies) to avoid polluting the request. - Code Cleanup: Removed unused imports and improved code formatting.
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request optimizes the 139 cloud drive driver's authentication flow to address login loop errors and risk control triggers. The changes implement a prioritized login strategy: Authorization → Cookie reuse → Password login fallback.
Changes:
- Introduced
validateAndInitCredentials()to implement flexible credential validation with priority-based login attempts - Added
sanitizeLoginCookies()to enforce strict cookie ordering and prevent authentication failures from stale session data - Enhanced
step1_password_login()to fetch fresh JSESSIONID, detect risk control errors, and properly manage cookie state - Refactored error handling in the
request()method to eliminate goto statements and streamline special case handling
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| drivers/139/driver.go | Simplified Init() to delegate credential validation to new helper function |
| drivers/139/util.go | Core changes including new validation logic, cookie sanitization, enhanced password login with risk control detection, and cleaner error handling |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
|
不好意思 刚刚回复前没看到你是新建了新的PR 但确实还是需要团队再看的 |
7 tasks
UcnacDx2
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description / 描述
本次 PR 对 139 云盘驱动的初始化和登录逻辑进行了更改,旨在解决用户报告的登录死循环错误(
Failed init storage: login with password failed...)以及触发风控的问题。问题背景:
经排查,原驱动逻辑存在以下缺陷:
ec=PML401010062等频率限制错误。JSESSIONID或Os_SSo_Sid)。这会导致服务器认为是异常会话,拒绝登录请求并重定向到错误页面(表现为重定向链接中缺失关键的sid参数)。MailCookies进行快速会话恢复,导致每次操作都必须“从零开始”。优化方案:
本次提交引入了更智能的登录策略,优先级顺序为:“Authorization 优先 -> Cookie 复用优先 -> 密码登录兜底”。
Changes / 变更内容
1. Authorization 优先策略
Authorization,驱动仍可能尝试去校验账号密码或执行登录。Authorization字段存在且非空,驱动将直接跳过整个登录流程。2. Cookie 复用策略 (快速通道)
MailCookies。如果从中提取到了有效的Os_SSo_Sid:3. 健壮的自动降级 (Fallback) 机制
4. 凭据校验逻辑细化
Authorization? -> 通过。MailCookies? -> 通过(仅尝试快速通道,适合不想保存明文密码的用户)。Username或Password? -> 必须三者齐全(MailCookies+ 账号 + 密码),以确保自动降级机制能正常工作。5. 安全与代码清理
sanitizeLoginCookies严格过滤请求头,剔除旧的 SessionID,只发送必要的设备标识 Cookie,防止脏数据导致登录失败。driver.go中未使用的strings包导入,并使用go fmt格式化了代码。Motivation and Context / 背景
PR回复: #1534
How Has This Been Tested? / 测试
我在本地使用多种账号状态进行了详细测试:
Authorization字符串。MailCookies(无 Auth),账号密码可选。MailCookies,有效的账号和密码。MailCookies,未填账号密码。Checklist / 检查清单
我已阅读 CONTRIBUTING 文档。
go fmtor prettier.我已使用
go fmt或 prettier 格式化提交的代码。我已为此 PR 添加了适当的标签(如无权限或需要的标签不存在,请在描述中说明,管理员将后续处理)。
我已在适当情况下使用"Request review"功能请求相关代码作者进行审查。
我已相应更新了相关仓库(若适用)。