添加Cloudflare Worker代理，恢复水鱼Import-Token和Developer-Token模式

Author: Applesaber

.github/workflows/deploy.yml

@@ -5,6 +5,7 @@ on:
     branches: [master]
     paths:
       - 'web/**'
+      - 'worker/**'
       - '.github/workflows/deploy.yml'
   workflow_dispatch:
 
@@ -18,6 +19,29 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  deploy-worker:
+    runs-on: ubuntu-latest
+    if: ${{ secrets.CLOUDFLARE_API_TOKEN != '' }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+          cache-dependency-path: worker/package-lock.json
+
+      - name: Install dependencies
+        run: npm ci || npm install
+        working-directory: worker
+
+      - name: Deploy Worker
+        run: npx wrangler deploy
+        working-directory: worker
+        env:
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+
   build:
     runs-on: ubuntu-latest
     steps:
@@ -39,6 +63,7 @@ jobs:
         env:
           VITE_LXNS_DEVELOPER_TOKEN: ${{ secrets.VITE_LXNS_DEVELOPER_TOKEN }}
           VITE_SHUIYU_DEVELOPER_TOKEN: ${{ secrets.VITE_SHUIYU_DEVELOPER_TOKEN }}
+          VITE_WORKER_PROXY_URL: ${{ secrets.VITE_WORKER_PROXY_URL }}
 
       - uses: actions/upload-pages-artifact@v3
         with:

web/src/types/index.ts

@@ -81,5 +81,5 @@ export interface Playlog {
   [key: string]: unknown
 }
 
-export type ApiMode = 'lxns' | 'lxns-dev' | 'shuiyu'
+export type ApiMode = 'lxns' | 'lxns-dev' | 'shuiyu-import' | 'shuiyu-dev'
 export type CsvFormat = 'auto' | 'lxns' | 'shuiyu'

web/src/utils/api.ts

@@ -3,6 +3,7 @@ import { calculateRankFromScore } from './converter'
 
 const LXNS_BASE_URL = 'https://maimai.lxns.net/api/v0'
 const SHUIYU_BASE_URL = 'https://www.diving-fish.com/api/chunithmprober'
+const WORKER_PROXY = import.meta.env.VITE_WORKER_PROXY_URL || ''
 
 async function fetchJson(url: string, headers: Record<string, string>): Promise<unknown> {
   const res = await fetch(url, {
@@ -20,23 +21,13 @@ async function fetchJson(url: string, headers: Record<string, string>): Promise<
   return res.json()
 }
 
-async function postJson(url: string, body: Record<string, unknown>): Promise<unknown> {
-  const res = await fetch(url, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify(body),
-  })
-
-  if (!res.ok) {
-    if (res.status === 400) {
-      const data = await res.json().catch(() => ({})) as Record<string, unknown>
-      throw new Error((data['message'] as string) || '请求失败')
-    }
-    if (res.status === 403) throw new Error('该用户已设置隐私或未同意用户协议')
-    throw new Error(`HTTP ${res.status}: ${res.statusText}`)
-  }
+function proxyUrl(url: string): string {
+  if (!WORKER_PROXY) throw new Error('此站点未配置 CORS 代理，水鱼 Import-Token / Developer-Token 模式不可用')
+  return `${WORKER_PROXY}?url=${encodeURIComponent(url)}`
+}
 
-  return res.json()
+async function fetchViaProxy(url: string, headers: Record<string, string>): Promise<unknown> {
+  return fetchJson(proxyUrl(url), headers)
 }
 
 function parseLxnsPlayer(data: Record<string, unknown>): PlayerInfo {
@@ -136,6 +127,8 @@ export async function fetchFromApi(mode: ApiMode, options: {
   lxnsToken?: string
   lxnsDeveloperToken?: string
   lxnsFriendCode?: number
+  shuiyuImportToken?: string
+  shuiyuDeveloperToken?: string
   shuiyuUsername?: string
   onProgress?: (msg: string) => void
 }): Promise<ApiFetchResult> {
@@ -188,13 +181,30 @@ export async function fetchFromApi(mode: ApiMode, options: {
     return { player, scores }
   }
 
-  if (mode === 'shuiyu') {
-    if (!options.shuiyuUsername) throw new Error('水鱼查询模式需要用户名')
+  if (mode === 'shuiyu-import') {
+    if (!options.shuiyuImportToken) throw new Error('水鱼个人模式需要 Import-Token')
+    const headers = { 'Import-Token': options.shuiyuImportToken }
+
+    progress('正在通过代理获取玩家成绩...')
+    const data = await fetchViaProxy(`${SHUIYU_BASE_URL}/player/records`, headers) as Record<string, unknown>
+    const player = parseShuiyuPlayer(data)
+    const records = ((data['records'] as Record<string, unknown>)?.['best'] || []) as Record<string, unknown>[]
+    const scores = records.map(parseShuiyuScore)
+
+    progress(`获取到 ${scores.length} 条成绩`)
+    return { player, scores }
+  }
+
+  if (mode === 'shuiyu-dev') {
+    if (!options.shuiyuDeveloperToken) throw new Error('水鱼开发者模式需要 Developer-Token')
+    if (!options.shuiyuUsername) throw new Error('水鱼开发者模式需要用户名')
+    const headers = { 'Developer-Token': options.shuiyuDeveloperToken }
 
-    progress(`正在查询玩家 "${options.shuiyuUsername}" 的成绩...`)
-    const data = await postJson(`${SHUIYU_BASE_URL}/query/player`, {
-      username: options.shuiyuUsername,
-    }) as Record<string, unknown>
+    progress(`正在通过代理获取玩家 "${options.shuiyuUsername}" 的成绩...`)
+    const data = await fetchViaProxy(
+      `${SHUIYU_BASE_URL}/dev/player/records?username=${encodeURIComponent(options.shuiyuUsername)}`,
+      headers,
+    ) as Record<string, unknown>
     const player = parseShuiyuPlayer(data)
     const records = ((data['records'] as Record<string, unknown>)?.['best'] || []) as Record<string, unknown>[]
     const scores = records.map(parseShuiyuScore)

web/src/views/ConverterView.vue

@@ -16,20 +16,23 @@ const apiForm = reactive({
   lxnsToken: '',
   lxnsDeveloperToken: import.meta.env.VITE_LXNS_DEVELOPER_TOKEN || '',
   lxnsFriendCode: '',
+  shuiyuImportToken: '',
+  shuiyuDeveloperToken: import.meta.env.VITE_SHUIYU_DEVELOPER_TOKEN || '',
   shuiyuUsername: ''
 })
 
-// CSV Form state
-const csvFormat = ref<CsvFormat>('auto')
-const csvUsername = ref('Player')
-const csvFile = ref<File | null>(null)
-
 const apiModeOptions = [
   { label: '落雪个人 (通过 Token 获取个人数据)', value: 'lxns' },
   { label: '落雪开发者 (通过好友码获取他人数据)', value: 'lxns-dev' },
-  { label: '水鱼查询 (通过用户名获取成绩)', value: 'shuiyu' }
+  { label: '水鱼个人 (通过 Import-Token 获取完整数据)', value: 'shuiyu-import' },
+  { label: '水鱼开发者 (通过 Developer-Token 获取数据)', value: 'shuiyu-dev' },
 ]
 
+// CSV Form state
+const csvFormat = ref<CsvFormat>('auto')
+const csvUsername = ref('Player')
+const csvFile = ref<File | null>(null)
+
 const csvFormatOptions = [
   { label: '自动检测', value: 'auto' },
   { label: '落雪格式', value: 'lxns' },
@@ -76,6 +79,8 @@ const handleApiConversion = async () => {
       lxnsToken: apiForm.lxnsToken,
       lxnsDeveloperToken: apiForm.lxnsDeveloperToken,
       lxnsFriendCode: friendCode,
+      shuiyuImportToken: apiForm.shuiyuImportToken,
+      shuiyuDeveloperToken: apiForm.shuiyuDeveloperToken,
       shuiyuUsername: apiForm.shuiyuUsername,
       onProgress: addProgress
     })
@@ -170,7 +175,8 @@ const isApiFormValid = computed(() => {
   switch (apiMode.value) {
     case 'lxns': return !!apiForm.lxnsToken
     case 'lxns-dev': return !!apiForm.lxnsDeveloperToken && !!apiForm.lxnsFriendCode
-    case 'shuiyu': return !!apiForm.shuiyuUsername
+    case 'shuiyu-import': return !!apiForm.shuiyuImportToken
+    case 'shuiyu-dev': return !!apiForm.shuiyuDeveloperToken && !!apiForm.shuiyuUsername
     default: return false
   }
 })
@@ -209,13 +215,27 @@ const isApiFormValid = computed(() => {
               </n-form-item>
             </template>
 
-            <n-form-item v-if="apiMode === 'shuiyu'" label="水鱼用户名">
+            <n-form-item v-if="apiMode === 'shuiyu-import'" label="水鱼 Import-Token">
               <n-input 
-                v-model:value="apiForm.shuiyuUsername" 
-                placeholder="输入目标玩家的水鱼用户名"
+                v-model:value="apiForm.shuiyuImportToken" 
+                type="password" 
+                show-password-on="click" 
+                placeholder="输入你的水鱼 Import-Token"
               />
             </n-form-item>
 
+            <template v-if="apiMode === 'shuiyu-dev'">
+              <n-alert v-if="!apiForm.shuiyuDeveloperToken" type="warning" class="mb-4" :show-icon="false">
+                此站点尚未配置水鱼开发者 Token 环境变量，该模式不可用。
+              </n-alert>
+              <n-form-item label="用户名">
+                <n-input 
+                  v-model:value="apiForm.shuiyuUsername" 
+                  placeholder="输入目标玩家的用户名"
+                  :disabled="!apiForm.shuiyuDeveloperToken"
+                />
+              </n-form-item>
+            </template>
 
             <n-button 
               type="primary" 

worker/src/index.ts

@@ -0,0 +1,87 @@
+// Cloudflare Worker: CORS proxy for diving-fish API
+// Only proxies requests to www.diving-fish.com
+
+interface Env {
+  ALLOWED_ORIGIN: string
+}
+
+const ALLOWED_TARGET = 'https://www.diving-fish.com'
+
+function corsHeaders(origin: string): Record<string, string> {
+  return {
+    'Access-Control-Allow-Origin': origin,
+    'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
+    'Access-Control-Allow-Headers': 'Content-Type, Import-Token, Developer-Token',
+    'Access-Control-Max-Age': '86400',
+  }
+}
+
+export default {
+  async fetch(request: Request, env: Env): Promise<Response> {
+    const origin = request.headers.get('Origin') || ''
+    const allowedOrigin = env.ALLOWED_ORIGIN || 'https://munet-oss.github.io'
+
+    // Also allow localhost for development
+    const isAllowed = origin === allowedOrigin
+      || origin.startsWith('http://localhost:')
+      || origin.startsWith('http://127.0.0.1:')
+
+    if (!isAllowed && origin !== '') {
+      return new Response('Forbidden', { status: 403 })
+    }
+
+    const responseOrigin = origin || allowedOrigin
+
+    // Handle preflight
+    if (request.method === 'OPTIONS') {
+      return new Response(null, {
+        status: 204,
+        headers: corsHeaders(responseOrigin),
+      })
+    }
+
+    // Extract target URL from query parameter
+    const url = new URL(request.url)
+    const targetUrl = url.searchParams.get('url')
+
+    if (!targetUrl) {
+      return new Response(JSON.stringify({ error: 'Missing ?url= parameter' }), {
+        status: 400,
+        headers: { ...corsHeaders(responseOrigin), 'Content-Type': 'application/json' },
+      })
+    }
+
+    // Only allow proxying to diving-fish
+    if (!targetUrl.startsWith(ALLOWED_TARGET)) {
+      return new Response(JSON.stringify({ error: 'Only diving-fish.com is allowed' }), {
+        status: 403,
+        headers: { ...corsHeaders(responseOrigin), 'Content-Type': 'application/json' },
+      })
+    }
+
+    // Forward the request, preserving auth headers
+    const proxyHeaders = new Headers()
+    const forwardHeaders = ['content-type', 'import-token', 'developer-token']
+    for (const name of forwardHeaders) {
+      const value = request.headers.get(name)
+      if (value) proxyHeaders.set(name, value)
+    }
+
+    const proxyResponse = await fetch(targetUrl, {
+      method: request.method,
+      headers: proxyHeaders,
+      body: request.method !== 'GET' ? request.body : undefined,
+    })
+
+    // Return response with CORS headers
+    const responseHeaders = new Headers(proxyResponse.headers)
+    for (const [key, value] of Object.entries(corsHeaders(responseOrigin))) {
+      responseHeaders.set(key, value)
+    }
+
+    return new Response(proxyResponse.body, {
+      status: proxyResponse.status,
+      headers: responseHeaders,
+    })
+  },
+}

worker/wrangler.toml

@@ -0,0 +1,6 @@
+name = "chunithm-cors-proxy"
+main = "src/index.ts"
+compatibility_date = "2024-01-01"
+
+[vars]
+ALLOWED_ORIGIN = "https://munet-oss.github.io"