-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbase_worker.py
More file actions
1035 lines (960 loc) · 47.5 KB
/
base_worker.py
File metadata and controls
1035 lines (960 loc) · 47.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# base_worker.py — Camoufox через AsyncCamoufox + SOCKS5 bridge
# FULL UNDETECT MODE: BrowserForge fingerprint + geoip + WebRTC block + persistent profile
import json, re, random, asyncio, hashlib, base64, pickle
from pathlib import Path
from datetime import datetime
import httpx, pyotp
from camoufox.async_api import AsyncCamoufox
try:
from browserforge.fingerprints import FingerprintGenerator, Screen
except Exception:
FingerprintGenerator = None
Screen = None
from proxy_checker import (
load_and_verify_proxies_v2,
lookup_proxy_info,
get_playwright_proxy_for_firefox,
stop_proxy_bridge,
)
try:
_HTTPX_VER = tuple(map(int, httpx.__version__.split(".")[:2]))
except Exception:
_HTTPX_VER = (0, 24)
class _BrowserWrapper:
"""Camoufox persistent context + SOCKS5 bridge cleanup."""
def __init__(self, cam, context, page=None, bridge=None):
self.cam = cam # AsyncCamoufox manager
self.context = context # BrowserContext (persistent)
self.page = page
self.bridge = bridge
async def close(self):
# persistent_context хранит куки/localStorage в user_data_dir,
# поэтому ручной storage_state save больше не нужен.
try:
if self.cam is not None:
await self.cam.__aexit__(None, None, None)
except Exception as e:
print(f"[BROWSER] close error: {type(e).__name__}: {e}")
if self.bridge:
try:
await stop_proxy_bridge(self.bridge)
except Exception:
pass
class BaseGitHubWorker:
def __init__(self, config, db_manager):
self.config = config
self.db = db_manager
self._proxies_loaded = False
self._proxies_loading = False
self._working_proxies: list[dict] = []
self._scheduler = None
@property
def _headless(self) -> bool:
return getattr(self.config.settings, "headless", True)
@property
def _dm(self) -> float:
return float(getattr(self.config.settings, "delay_multiplier", 1.5))
@property
def _residential_only(self) -> bool:
return bool(getattr(self.config.settings, "residential_only", False))
@property
def _block_webrtc(self) -> bool:
return bool(getattr(self.config.settings, "block_webrtc", True))
@property
def _humanize(self) -> bool:
return bool(getattr(self.config.settings, "humanize_browser", True))
async def _human_delay(self, min_s=None, max_s=None):
if min_s is None or max_s is None:
try:
rng = self.config.settings.human_delay_range
low = min_s if min_s is not None else rng[0]
high = max_s if max_s is not None else rng[1]
except Exception:
low = min_s if min_s is not None else 1.0
high = max_s if max_s is not None else 2.5
else:
low, high = min_s, max_s
dm = self._dm
r = random.betavariate(2, 5)
delay = low * dm + r * (high * dm - low * dm)
if random.random() < 0.05:
delay += random.uniform(3, 12)
await asyncio.sleep(delay)
async def _human_type(self, page, selector: str, text: str, clear_first: bool = True):
"""Заполнение поля без зависимости от фокуса окна.
В headful Firefox `page.keyboard.*` доставляет события только в окно
с OS-фокусом — поэтому при нескольких параллельных сессиях все
неактивные окна «зависают» на этапе ввода. `Locator.fill()` работает
на DOM-уровне (через input-события), не требует фокуса и одинаково
надёжно срабатывает в любом окне. Фокусируем поле через JS
(`el.focus()`) — это тоже не требует OS-фокуса окна, в отличие
от `el.click()` (нативный клик зависает в свёрнутом окне).
"""
el = await page.wait_for_selector(selector, state="visible", timeout=30000)
try:
await el.evaluate("el => el.focus()")
except Exception:
pass
await self._human_delay(0.3, 0.8)
if clear_first:
try:
await el.fill("")
except Exception:
pass
await asyncio.sleep(random.uniform(0.15, 0.35))
if not text:
return
# Заполняем «ступенчато» (2–4 шага), чтобы JS-валидаторы GitHub
# увидели промежуточные input-события, а не один резкий fill.
steps = max(2, min(4, len(text) // 3 or 1))
boundaries = sorted({max(1, len(text) * (i + 1) // steps) for i in range(steps)})
for end in boundaries:
try:
await el.fill(text[:end])
except Exception:
break
await asyncio.sleep(random.uniform(0.15, 0.45))
async def _safe_click(self, el, timeout: int = 8000) -> bool:
"""Focus-independent клик.
В headful Firefox обычный `el.click()` шлёт нативное событие, которое
Firefox доставляет только в окно с OS-фокусом — в фоновых вкладках
запрос «висит» до 60 сек. Сначала пробуем нативный клик с коротким
таймаутом (быстро срабатывает в активном окне), при неудаче падаем
на JS-клик через evaluate — он работает без фокуса.
"""
if el is None:
return False
try:
await el.click(timeout=timeout)
return True
except Exception:
pass
try:
await el.evaluate("el => el.click()")
return True
except Exception:
return False
def _gh_url(self, path: str) -> str:
return "https://github.com/" + path
def _tg_url(self, bot_token: str, method: str) -> str:
return f"https://api.telegram.org/bot{bot_token}/{method}"
def _get_username(self, account):
if hasattr(account, 'username') and account.username:
return account.username
return account.login.split('@')[0] if '@' in account.login else account.login
async def _ensure_proxies(self):
if self._proxies_loading:
while self._proxies_loading:
await asyncio.sleep(0.5)
return
if self._proxies_loaded:
return
self._proxies_loading = True
try:
proxy_path = getattr(self.config.paths, "proxies_file", None)
if not proxy_path:
print("[PROXY] proxies_file не задан — без прокси.")
return
self._working_proxies = await load_and_verify_proxies_v2(
proxy_path, verbose=True, fetch_geo=True,
residential_only=self._residential_only,
)
if not self._working_proxies:
print("[PROXY] ⚠️ Нет рабочих прокси!")
return
finally:
self._proxies_loaded = True
self._proxies_loading = False
async def _resolve_geo(self, proxy_dict: dict | None) -> dict:
default = {"timezone": "America/New_York", "locale": "en-US",
"lat": 40.7128, "lon": -74.0060, "country": "US"}
if not proxy_dict:
return default
if proxy_dict.get("timezone_name") and proxy_dict.get("country_code"):
return {
"timezone": proxy_dict.get("timezone_name") or default["timezone"],
"locale": self._tz_to_locale(proxy_dict.get("country_code")),
"lat": float(proxy_dict.get("lat") or default["lat"]),
"lon": float(proxy_dict.get("lon") or default["lon"]),
"country": proxy_dict.get("country_code") or "US",
}
info = await lookup_proxy_info(proxy_dict)
if info.get("ok"):
for k in ["timezone_name", "country_code", "lat", "lon", "is_datacenter"]:
if info.get(k):
proxy_dict[k] = info[k] if k != "timezone_name" else info.get("timezone")
return {
"timezone": info.get("timezone") or default["timezone"],
"locale": self._tz_to_locale(info.get("country_code")),
"lat": float(info.get("lat") or default["lat"]),
"lon": float(info.get("lon") or default["lon"]),
"country": info.get("country_code") or "US",
}
return default
@staticmethod
def _tz_to_locale(country_code: str | None) -> str:
mapping = {"US":"en-US","GB":"en-GB","CA":"en-CA","AU":"en-AU","DE":"de-DE",
"FR":"fr-FR","NL":"nl-NL","PL":"pl-PL","SE":"sv-SE","FI":"fi-FI",
"ES":"es-ES","IT":"it-IT","BR":"pt-BR","JP":"ja-JP"}
return mapping.get((country_code or "").upper(), "en-US")
def _profile_dir(self, account) -> Path:
base = getattr(self.config.paths, "profiles_dir", None) or "./profiles"
h = hashlib.md5(account.login.encode()).hexdigest()[:12]
path = Path(base) / h
path.mkdir(parents=True, exist_ok=True)
return path
def _viewport_for(self, account) -> tuple[int, int]:
viewports = [(1920,1080),(1536,864),(1440,900),(1366,768),(1600,900),(1680,1050)]
idx = int(hashlib.md5(account.login.encode()).hexdigest(), 16) % len(viewports)
return viewports[idx]
def _os_for(self, account) -> str:
"""Стабильный OS-fingerprint per account (один и тот же логин = один и тот же OS навсегда)."""
choices = ["windows", "macos", "linux"]
weights = [0.65, 0.25, 0.10] # реалистичная доля рынка
seed = int(hashlib.md5(account.login.encode()).hexdigest()[:8], 16)
rng = random.Random(seed)
return rng.choices(choices, weights=weights, k=1)[0]
def _screen_constraint(self, width: int, height: int):
if Screen is None:
return None
for kwargs in (
{"max_width": width, "max_height": height},
{"width": width, "height": height},
):
try:
return Screen(**kwargs)
except TypeError:
continue
except Exception:
return None
return None
def _fingerprint_for(self, account, os_choice: str, geo: dict, width: int, height: int):
if FingerprintGenerator is None:
return None, "camoufox-auto"
fp_path = self._profile_dir(account) / "browserforge_fingerprint.pkl"
if fp_path.exists():
try:
with fp_path.open("rb") as f:
return pickle.load(f), "saved"
except Exception as e:
print(f"[FINGERPRINT] saved fingerprint ignored: {type(e).__name__}: {e}")
screen = self._screen_constraint(width, height)
attempts = [
{"browser": "firefox", "os": os_choice, "device": "desktop", "locale": geo["locale"], "screen": screen},
{"browser": "firefox", "os": os_choice, "locale": geo["locale"], "screen": screen},
{"browser": "firefox", "os": os_choice, "screen": screen},
{"browser": "firefox", "os": os_choice},
{"browser": "firefox"},
]
for kwargs in attempts:
clean = {k: v for k, v in kwargs.items() if v is not None}
try:
fingerprint = FingerprintGenerator(**clean).generate()
with fp_path.open("wb") as f:
pickle.dump(fingerprint, f)
return fingerprint, "new"
except TypeError:
continue
except Exception as e:
print(f"[FINGERPRINT] generate failed: {type(e).__name__}: {e}")
break
return None, "camoufox-auto"
# ── LAUNCH CAMOUFOX (full undetect) ──────────────────────────
async def _launch_browser(self, account, proxy_dict: dict | None):
geo = await self._resolve_geo(proxy_dict)
profile_dir = self._profile_dir(account)
cam_proxy, bridge = await get_playwright_proxy_for_firefox(proxy_dict)
proxy_for_cam = cam_proxy if (cam_proxy and not bridge) else (
bridge["playwright_proxy"] if bridge else None
)
os_choice = self._os_for(account)
vw, vh = self._viewport_for(account)
fingerprint, fp_source = self._fingerprint_for(account, os_choice, geo, vw, vh)
# Firefox prefs, чтобы окно работало в фоне / свёрнутое / в трее.
# Без этого FF приостанавливает рендер, тротлит таймеры и клики не
# доходят до обработчиков, пока окно не вернёт фокус.
bg_prefs = {
# Главный — отключаем «window occlusion tracking» на Windows:
# FF перестаёт рендерить окно, когда оно перекрыто/свёрнуто.
"widget.windows.window_occlusion_tracking.enabled": False,
# Доп. флаг для отслеживания display-state (минимизация в трей).
"widget.windows.window_occlusion_tracking.display_state.enabled": False,
# Снимаем тротлинг таймеров фоновых вкладок/окон.
"dom.timeout.enable_budget_timer_throttling": False,
"dom.timeout.background_throttling_max_idle_runtime_ms": -1,
"dom.timeout.tracking_throttling_delay": 0,
"dom.min_background_timeout_value": 4,
# Не «парковать» неактивные вкладки.
"dom.suspend_inactive.enabled": False,
# Не приостанавливать requestAnimationFrame в фоне.
"dom.vsync.use_vsync_in_background": True,
# Не выгружать вкладки при свёрнутом окне / нехватке памяти.
"browser.tabs.unloadOnLowMemory": False,
"browser.tabs.unloadTabInactivityTimeout": 0,
# Не приостанавливать видео/анимации в фоне.
"media.suspend-bkgnd-video.enabled": False,
"image.mem.animated.discardable": False,
# Снимаем минимальные пороги «trusted-input» — JS-диспатч в фоне
# будет считаться валидным сразу, без ожидания.
"dom.input_events.security.minNumTicks": 0,
"dom.input_events.security.minTimeElapsedInMS": 0,
}
launch_kwargs = {
"headless": self._headless,
"humanize": self._humanize,
"geoip": bool(proxy_dict),
"locale": geo["locale"],
"proxy": proxy_for_cam,
"persistent_context": True,
"user_data_dir": str(profile_dir),
"block_webrtc": self._block_webrtc,
"i_know_what_im_doing": True,
"firefox_user_prefs": bg_prefs,
}
if fingerprint is not None:
launch_kwargs["fingerprint"] = fingerprint
else:
launch_kwargs["os"] = os_choice
screen = self._screen_constraint(vw, vh)
if screen is not None:
launch_kwargs["screen"] = screen
else:
launch_kwargs["window"] = (vw, vh)
cam = AsyncCamoufox(**launch_kwargs)
try:
context = await cam.__aenter__()
except TypeError as e:
err_msg = str(e)
# Известная несовместимость: Camoufox передаёт firefox_user_prefs
# в launch_persistent_context(), которое поддерживает этот аргумент
# только начиная с Playwright >= 1.40. На старом Playwright ретрай
# без fingerprint не поможет — нужно обновить playwright.
if "firefox_user_prefs" in err_msg:
if bridge:
try:
await stop_proxy_bridge(bridge)
except Exception:
pass
raise RuntimeError(
"Camoufox требует Playwright >= 1.40 "
"(launch_persistent_context() должен принимать firefox_user_prefs). "
"Обнови playwright: `pip install -U playwright && playwright install firefox`. "
f"Original error: {e}"
) from e
if "fingerprint" not in launch_kwargs:
if bridge:
try:
await stop_proxy_bridge(bridge)
except Exception:
pass
raise
print(f"[FINGERPRINT] custom fingerprint rejected, retrying auto: {e}")
launch_kwargs.pop("fingerprint", None)
launch_kwargs["os"] = os_choice
cam = AsyncCamoufox(**launch_kwargs)
try:
context = await cam.__aenter__()
except Exception:
if bridge:
try:
await stop_proxy_bridge(bridge)
except Exception:
pass
raise
fp_source = "camoufox-auto"
except Exception:
if bridge:
try:
await stop_proxy_bridge(bridge)
except Exception:
pass
raise
context.set_default_timeout(60000)
context.set_default_navigation_timeout(90000)
pages = context.pages
page = pages[0] if pages else await context.new_page()
bridge_info = f" | bridge=127.0.0.1:{bridge['local_port']}" if bridge else ""
print(
f"[BROWSER] Camoufox | {account.login} | "
f"os={os_choice} | fp={fp_source} | locale={geo['locale']} | "
f"tz={geo['timezone']} ({geo['country']}) | "
f"webrtc={'blocked' if self._block_webrtc else 'open'}"
f"{bridge_info}"
)
try:
await self.db.update_account_fingerprint(
account.login,
os_family=os_choice,
profile_path=str(profile_dir),
last_used_at=datetime.utcnow(),
)
except Exception as e:
print(f"[FINGERPRINT] db update skipped: {type(e).__name__}: {e}")
await self._warmup_proxy(page)
wrapper = _BrowserWrapper(cam, context, page=page, bridge=bridge)
return wrapper, context, page, proxy_dict
async def _close_browser(self, wrapper, proxy=None):
"""proxy игнорируется (legacy-параметр для обратной совместимости)."""
if wrapper and hasattr(wrapper, "close"):
await wrapper.close()
async def _warmup_proxy(self, page):
try:
await page.goto("https://api.github.com/zen",
wait_until="domcontentloaded", timeout=30000)
await self._human_delay(2, 4)
except Exception as e:
print(f"[PROXY] Warmup failed: {type(e).__name__}: {str(e)[:100]}")
await asyncio.sleep(3)
async def _get_github_username(self, page) -> str | None:
try:
meta = await page.query_selector('meta[name="user-login"]')
if meta:
return await meta.get_attribute('content')
username = await page.evaluate('''() => {
const m = document.querySelector('meta[name="user-login"]');
if (m) return m.content;
const el = document.querySelector('[data-login]');
if (el) return el.getAttribute('data-login');
return null;
}''')
if username:
return username
except Exception:
pass
return None
async def _try_skip_verification(self, page):
try:
skip = await page.query_selector(
'button:has-text("Skip verification"), '
'a:has-text("Skip verification"), a[href*="skip"]'
)
if skip:
if not await self._safe_click(skip):
return
await asyncio.sleep(3)
await page.wait_for_load_state('domcontentloaded', timeout=30000)
except Exception:
pass
async def _check_existing_session(self, page) -> str | None:
try:
await page.goto("https://github.com/",
wait_until="domcontentloaded", timeout=30000)
await asyncio.sleep(2)
username = await self._get_github_username(page)
if username:
print(f"[SESSION] ✅ Already logged in as {username}")
return username
except Exception:
pass
return None
@staticmethod
def _normalize_totp(secret: str | None) -> str | None:
if not secret:
return None
cleaned = secret.strip().replace(' ', '').replace('-', '').upper()
cleaned = re.sub(r'[^A-Z2-7=]', '', cleaned)
return cleaned or None
async def _generate_totp_local(self, secret: str, timeout: float = 5.0) -> str | None:
if not secret:
return None
import time as _t
from email.utils import parsedate_to_datetime
server_time = None
try:
async with httpx.AsyncClient(timeout=timeout, trust_env=False) as client:
resp = await client.head("https://github.com/", follow_redirects=False)
date_str = resp.headers.get("Date") or resp.headers.get("date")
if date_str:
server_time = parsedate_to_datetime(date_str).timestamp()
except Exception:
pass
if server_time is None:
server_time = _t.time()
try:
totp = pyotp.TOTP(secret)
return totp.at(server_time)
except Exception:
return None
async def _submit_totp_once(self, page, clean_secret: str) -> bool:
"""Найти OTP-поле, ввести свежий код, нажать submit. Не ждёт
редиректа — это делает caller. Возвращает True если submit
вообще удалось кликнуть."""
try:
totp_field = await page.wait_for_selector(
'#app_totp, #otp, input[name="otp"], input[autocomplete="one-time-code"]',
timeout=8000,
)
if not totp_field:
return False
code = await self._generate_totp_local(clean_secret)
if not code:
return False
try:
await totp_field.fill("")
except Exception:
pass
await totp_field.fill(code)
await self._human_delay(0.5, 1.2)
# Кнопка может быть `button[type=submit]` или текстом "Verify".
submit_btn = await page.query_selector(
'button[type="submit"], button:has-text("Verify"), '
'button:has-text("Verify 2FA"), button:has-text("Sign in"), '
'input[type="submit"]'
)
if not await self._safe_click(submit_btn):
# Fallback: Enter
try:
await totp_field.press("Enter")
except Exception:
return False
return True
except Exception:
return False
@staticmethod
def _is_2fa_url(url: str) -> bool:
"""URL указывает что мы всё ещё в 2FA-flow."""
u = (url or "").lower()
markers = (
"/sessions/two-factor",
"/sessions/verified-device",
"/sessions/verify",
"/settings/security/two_factor",
"two_factor_authentication/verify",
"/sessions/2fa",
)
return any(m in u for m in markers)
async def _is_verify_settings_interstitial(self, page) -> bool:
"""Определяет страницу «Verify your two-factor authentication (2FA)
settings» — у неё нет OTP-поля, только текст и зелёная кнопка
для начала верификации.
"""
try:
# OTP-поля нет, но есть характерный текст
has_otp = await page.query_selector(
'#app_totp, #otp, input[name="otp"], '
'input[autocomplete="one-time-code"]'
)
if has_otp:
return False
# Ищем заголовок/текст по нескольким вариантам
for sel in (
'h1:has-text("Verify your two-factor")',
'h2:has-text("Verify your two-factor")',
':has-text("This is a one-time verification")',
':has-text("recently configured 2FA credentials")',
):
el = await page.query_selector(sel)
if el:
return True
except Exception:
pass
return False
async def _click_2fa_verify_button(self, page) -> bool:
"""Клик по зелёной кнопке «Verify 2FA now»/«Verify»/«Continue»."""
# span.Button-label из новой UI-разметки GitHub:
# <span class="Button-label">Verify 2FA now</span>
# — кликаем по нему через :has() вверх до button.
for sel in (
'button:has-text("Verify 2FA now")',
'a:has-text("Verify 2FA now")',
'button:has(span.Button-label:has-text("Verify 2FA now"))',
'button:has-text("Verify 2FA")',
'button:has-text("Verify two-factor")',
'button:has-text("Verify")',
'button:has-text("Continue")',
'button:has-text("Begin verification")',
'a:has-text("Verify 2FA")',
'a:has-text("Verify")',
'button[type="submit"]',
):
try:
btn = await page.query_selector(sel)
if btn:
if await self._safe_click(btn):
print(f"[2FA] clicked verify-settings button ({sel})")
return True
except Exception:
continue
return False
async def _clear_2fa_interstitial(self, page, account, max_passes: int = 2) -> bool:
"""Проверяет, есть ли на ТЕКУЩЕЙ странице блокирующий 2FA-баннер
(«Verify 2FA now», «one-time verification of your recently
configured 2FA credentials» и т.п.) и если да — проводит верификацию.
Этот banner GitHub показывает поверх любых страниц после логина
у аккаунтов с недавно настроенной 2FA, и блокирует /new и т.д.
:return: True если баннер отсутствует ИЛИ был успешно пройден.
False если попытались, но не справились.
"""
clean_secret = self._normalize_totp(getattr(account, "totp_secret", None))
for _ in range(max_passes):
try:
# Признак баннера: либо «Verify 2FA now» кнопка, либо текст
btn = await page.query_selector(
'button:has-text("Verify 2FA now"), '
'a:has-text("Verify 2FA now"), '
'button:has(span.Button-label:has-text("Verify 2FA now")), '
':has-text("recently configured 2FA credentials")'
)
if not btn:
return True # баннера нет — всё чисто
print("[2FA] post-login interstitial 'Verify 2FA now' detected")
# 1. Клик по кнопке
if not await self._click_2fa_verify_button(page):
print("[2FA] interstitial: button click failed")
return False
try:
await page.wait_for_load_state("domcontentloaded", timeout=20000)
except Exception:
pass
await asyncio.sleep(2)
# 2. Если открылся OTP-экран — заполняем
if not clean_secret:
print("[2FA] interstitial: no TOTP secret to confirm")
return False
# До 3 попыток (interstitial может попросить дважды)
for sub in range(3):
has_otp = await page.query_selector(
'#app_totp, #otp, input[name="otp"], '
'input[autocomplete="one-time-code"]'
)
if not has_otp:
# Может уже редиректнул — проверим чисто ли
await asyncio.sleep(1)
if not await page.query_selector(
'button:has-text("Verify 2FA now"), '
':has-text("recently configured 2FA")'
):
print("[2FA] interstitial cleared")
return True
await asyncio.sleep(2)
continue
if sub > 0:
await asyncio.sleep(6) # дать TOTP-окну смениться
if not await self._submit_totp_once(page, clean_secret):
return False
try:
await page.wait_for_load_state(
"domcontentloaded", timeout=15000
)
except Exception:
pass
await asyncio.sleep(2)
# После цикла — проверим что баннер ушёл
if not await page.query_selector(
'button:has-text("Verify 2FA now"), '
':has-text("recently configured 2FA")'
):
print("[2FA] ✅ interstitial cleared")
return True
except Exception as e:
print(f"[2FA] interstitial pass error: {e}")
return False
print("[2FA] ⚠️ interstitial: max passes exhausted")
return False
async def _handle_2fa(self, page, account) -> bool:
"""Универсальный обработчик GitHub 2FA flow.
В этом flow страницы могут идти ЛЮБОЙ комбинацией:
1. /sessions/two-factor/app — ввод TOTP
2. /sessions/verified-device — interstitial «Verify your 2FA
settings» (только зелёная кнопка, OTP-поля НЕТ).
3. Снова OTP-поле для повторной проверки.
4. Recovery codes link
Подход: цикл до 6 итераций, в каждой определяем тип страницы
и совершаем подходящее действие. Считаем что вышли когда URL
больше не относится к 2FA.
"""
clean_secret = self._normalize_totp(getattr(account, "totp_secret", None))
if not clean_secret:
return False
last_action = ""
for step in range(1, 7):
await asyncio.sleep(1.0)
cur_url = page.url
# Если URL уже чистый — успех.
if not self._is_2fa_url(cur_url):
if step > 1:
print(f"[2FA] ✅ passed (step={step})")
return True
# 1) Interstitial «Verify your 2FA settings»?
if await self._is_verify_settings_interstitial(page):
if last_action == "interstitial":
# Повторно попали — кнопка не сработала, выходим.
print("[2FA] interstitial click did not advance, giving up")
return False
ok = await self._click_2fa_verify_button(page)
last_action = "interstitial"
if not ok:
print("[2FA] interstitial: no Verify button found")
return False
# Ждём дальнейший шаг (OTP-input или редирект)
try:
await page.wait_for_load_state("domcontentloaded", timeout=20000)
except Exception:
pass
continue
# 2) Есть OTP-поле — заполняем свежим TOTP-кодом.
has_otp = await page.query_selector(
'#app_totp, #otp, input[name="otp"], '
'input[autocomplete="one-time-code"]'
)
if has_otp:
if last_action == "totp":
# Дадим TOTP-окну гарантированно смениться
await asyncio.sleep(6)
ok = await self._submit_totp_once(page, clean_secret)
last_action = "totp"
if not ok:
return False
# Дождёмся редиректа или нового экрана
for _ in range(10):
await asyncio.sleep(1.5)
if page.url != cur_url:
break
continue
# 3) Ничего не нашли — может быть «Use recovery code» link?
recover_link = await page.query_selector(
'a[href*="recovery"], a:has-text("Use a recovery code")'
)
if recover_link and last_action != "recovery_link":
await self._safe_click(recover_link)
last_action = "recovery_link"
try:
await page.wait_for_load_state("domcontentloaded", timeout=20000)
except Exception:
pass
continue
# Тупик
print(f"[2FA] step {step}: unknown page state, url={cur_url}")
return False
print("[2FA] ⚠️ exhausted 6 steps in handler")
return False
async def _handle_2fa_recovery(self, page, account, recovery_codes) -> bool:
"""Fallback: попытаться войти через recovery-код (если TOTP-секрет
нет или неверный). Recovery-коды одноразовые — после успеха помечаем
использованный код в БД, чтобы не использовать повторно."""
if not recovery_codes:
return False
try:
# На GitHub recovery-страница: /sessions/two-factor/recovery_codes
cur_url = page.url
if "recovery" not in cur_url:
# Кликаем на ссылку «Use a recovery code» если она есть.
link = await page.query_selector('a[href*="/sessions/two-factor/recovery"]')
if link:
await self._safe_click(link)
await page.wait_for_load_state("domcontentloaded", timeout=30000)
else:
await page.goto(
"https://github.com/sessions/two-factor/recovery_codes",
wait_until="domcontentloaded",
timeout=30000,
)
for code in list(recovery_codes):
field = await page.wait_for_selector(
'input[name="otp"], input[id="otp"]', timeout=5000
)
if not field:
return False
await field.fill("")
await field.fill(code)
submit = await page.query_selector('button[type="submit"], input[type="submit"]')
if not await self._safe_click(submit):
continue
await page.wait_for_load_state("domcontentloaded", timeout=30000)
await asyncio.sleep(2)
if "two-factor" not in page.url and "sessions" not in page.url:
print(f"[2FA] ✅ recovery code used for {account.login} (one-time)")
# Удалим израсходованный код в БД (best-effort).
try:
db = getattr(self, "db", None)
if db:
async with db.async_session() as session:
from sqlalchemy import select
from models import Account
row = (await session.execute(
select(Account).where(Account.login == account.login)
)).scalar_one_or_none()
if row and row.recovery_codes:
row.recovery_codes = [
c for c in row.recovery_codes if c != code
]
await session.commit()
except Exception:
pass
return True
return False
except Exception as e:
print(f"[2FA] recovery handler error: {e}")
return False
async def _login(self, page, account) -> str:
cached = await self._check_existing_session(page)
if cached:
# У cached-session тоже может висеть «Verify 2FA now» баннер
try:
await self._clear_2fa_interstitial(page, account)
except Exception as e:
print(f"[2FA] cached interstitial check failed: {e}")
return cached
await page.goto("https://github.com/login",
wait_until="domcontentloaded", timeout=60000)
await self._human_delay(3, 5)
await self._human_type(page, '#login_field', account.login)
await self._human_delay(0.8, 2.0)
await self._human_type(page, '#password', account.password)
await self._human_delay(1.2, 2.5)
submit_btn = await page.query_selector('input[type="submit"][name="commit"]')
if not await self._safe_click(submit_btn):
raise Exception("Login submit click failed")
await page.wait_for_load_state('domcontentloaded', timeout=90000)
if self._is_2fa_url(page.url):
# Подробная диагностика: TOTP-нет → сразу quarantine, не повторяем.
has_totp = bool(self._normalize_totp(getattr(account, "totp_secret", None)))
recovery = getattr(account, "recovery_codes", None) or []
if not has_totp and not recovery:
# Помечаем аккаунт чтобы оркестратор больше его не дёргал
# для задач с логином (orchestrator проверяет status='active').
try:
from db_manager import DatabaseManager # local import to avoid cycle
db = getattr(self, "db", None)
if db:
async with db.async_session() as session:
from sqlalchemy import select # local
from models import Account # local
row = (await session.execute(
select(Account).where(Account.login == account.login)
)).scalar_one_or_none()
if row:
row.status = "quarantine_2fa"
await session.commit()
except Exception:
pass
print(
f"[2FA] ⛔ {account.login}: 2FA включена, но в "
"accounts.txt нет TOTP-секрета и recovery-кодов. "
"Аккаунт переведён в status='quarantine_2fa' — "
"добавь в accounts.txt колонку с TOTP-секретом "
"(base32, 16-32 символа) или recovery-коды и "
"перезапусти ingest."
)
raise Exception("2FA required but no totp_secret/recovery_codes")
ok = await self._handle_2fa(page, account)
if not ok and recovery:
# Fallback на recovery-коды.
ok = await self._handle_2fa_recovery(page, account, recovery)
if not ok:
raise Exception("2FA failed (totp/recovery rejected)")
await asyncio.sleep(3)
await page.goto("https://github.com/",
wait_until="domcontentloaded", timeout=45000)
await self._try_skip_verification(page)
# GitHub после логина у аккаунтов с недавно настроенной 2FA
# показывает «Verify 2FA now» баннер поверх ВСЕХ страниц,
# блокируя /new и т.д. Снимаем его прямо тут.
try:
await self._clear_2fa_interstitial(page, account)
except Exception as e:
print(f"[2FA] interstitial check failed: {e}")
username = await self._get_github_username(page)
if not username:
raise Exception("Login failed")
print("[LOGIN] Logged in as: " + username)
return username
async def login(self, page, account):
return await self._login(page, account)
def _get_tg_creds(self):
try:
return (getattr(self.config.api_keys, 'telegram_bot'),
getattr(self.config.api_keys, 'telegram_channel_id'))
except Exception:
return None, None
async def _send_telegram(self, message: str):
bot_token, channel_id = self._get_tg_creds()
if not bot_token or not channel_id:
return
payload = {"chat_id": channel_id, "text": message,
"parse_mode": "HTML", "disable_web_page_preview": True}
proxy_url = (random.choice(self._working_proxies).get("httpx_url")
if self._working_proxies else None)
client_kwargs = {"timeout": 20}
if proxy_url:
if _HTTPX_VER >= (0, 28):
client_kwargs["proxy"] = proxy_url
else:
client_kwargs["proxies"] = proxy_url
for _ in range(3):
try:
async with httpx.AsyncClient(**client_kwargs) as client:
resp = await client.post(self._tg_url(bot_token, "sendMessage"),
json=payload)
if resp.status_code == 200:
return
except Exception:
pass
await asyncio.sleep(3)
async def _api_request(self, token, method, path, json_data=None, proxy_url=None):
url = "https://api.github.com" + path
headers = {
"Authorization": f"Bearer {token}",
"Accept": "application/vnd.github.v3+json",
"User-Agent": "Mozilla/5.0",
}
client_kwargs = {"timeout": 30}
if proxy_url:
if _HTTPX_VER >= (0, 28):
client_kwargs["proxy"] = proxy_url
else:
client_kwargs["proxies"] = proxy_url
async with httpx.AsyncClient(**client_kwargs) as client:
return await client.request(method, url, headers=headers, json=json_data)
async def _commit_file_via_api(self, account, owner, repo, file_path,
content, commit_message, proxy_dict=None):
if not getattr(account, "token", None):
return False
proxy_url = proxy_dict.get("httpx_url") if proxy_dict else None
payload = {
"message": commit_message,
"content": base64.b64encode(content.encode()).decode(),
}
try:
r = await self._api_request(
account.token, "PUT",
f"/repos/{owner}/{repo}/contents/{file_path}",
json_data=payload, proxy_url=proxy_url,
)
return r.status_code in (200, 201)
except Exception:
return False
async def _create_repo_via_api(self, account, repo_name, description="", proxy_dict=None):