add session cookies to upstream requests

internal/auth/anonymous.go

@@ -4,6 +4,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"net/http/cookiejar"
+	"sync"
 
 	"zai-proxy/internal/proxy"
 )
@@ -12,22 +14,91 @@ type AnonymousAuthResponse struct {
 	Token string `json:"token"`
 }
 
-// GetAnonymousToken 从 z.ai 获取匿名 token
+type SessionData struct {
+	Token   string
+	Cookies []*http.Cookie
+}
+
+var (
+	sessionMu sync.RWMutex
+	session   *SessionData
+)
+
 func GetAnonymousToken() (string, error) {
-	resp, err := proxy.GetHTTPClient().Get("https://chat.z.ai/api/v1/auths/")
+	sessionMu.RLock()
+	if session != nil {
+		t := session.Token
+		sessionMu.RUnlock()
+		return t, nil
+	}
+	sessionMu.RUnlock()
+	return RefreshAnonymousSession()
+}
+
+func GetAnonymousSession() (*SessionData, error) {
+	sessionMu.RLock()
+	if session != nil {
+		s := session
+		sessionMu.RUnlock()
+		return s, nil
+	}
+	sessionMu.RUnlock()
+	return nil, fmt.Errorf("no session")
+}
+
+func RefreshAnonymousSession() (string, error) {
+	jar, _ := cookiejar.New(nil)
+	client := proxy.GetHTTPClient()
+
+	// Primero visitar la página principal para obtener cookies CDN
+	req1, _ := http.NewRequest("GET", "https://chat.z.ai/", nil)
+	req1.Header.Set("User-Agent", "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0")
+	req1.Header.Set("Accept", "text/html")
+	resp1, err := client.Do(req1)
+	if err == nil {
+		resp1.Body.Close()
+		if resp1.Header["Set-Cookie"] != nil {
+			jar.SetCookies(req1.URL, resp1.Cookies())
+		}
+	}
+
+	// Luego obtener el token
+	req2, _ := http.NewRequest("GET", "https://chat.z.ai/api/v1/auths/", nil)
+	req2.Header.Set("User-Agent", "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0")
+	req2.Header.Set("Accept", "application/json")
+	req2.Header.Set("Origin", "https://chat.z.ai")
+	// Agregar cookies del jar
+	for _, c := range jar.Cookies(req2.URL) {
+		req2.AddCookie(c)
+	}
+
+	resp2, err := client.Do(req2)
 	if err != nil {
 		return "", err
 	}
-	defer resp.Body.Close()
+	defer resp2.Body.Close()
 
-	if resp.StatusCode != http.StatusOK {
-		return "", fmt.Errorf("status %d", resp.StatusCode)
+	if resp2.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("status %d", resp2.StatusCode)
 	}
 
 	var authResp AnonymousAuthResponse
-	if err := json.NewDecoder(resp.Body).Decode(&authResp); err != nil {
+	if err := json.NewDecoder(resp2.Body).Decode(&authResp); err != nil {
 		return "", err
 	}
 
+	// Guardar cookies
+	allCookies := jar.Cookies(req2.URL)
+	allCookies = append(allCookies, resp2.Cookies()...)
+	// Agregar token como cookie
+	allCookies = append(allCookies, &http.Cookie{Name: "token", Value: authResp.Token})
+
+	sessionMu.Lock()
+	session = &SessionData{
+		Token:   authResp.Token,
+		Cookies: allCookies,
+	}
+	sessionMu.Unlock()
+
 	return authResp.Token, nil
-}
+}

internal/upstream/client.go

@@ -264,3 +264,11 @@ body := map[string]interface{}{
 
 	return resp, targetModel, nil
 }
+
+if sess, err := auth.GetAnonymousSession(); err == nil {
+    var cookieStrs []string
+    for _, c := range sess.Cookies {
+        cookieStrs = append(cookieStrs, c.Name+"="+c.Value)
+    }
+    req.Header.Set("Cookie", strings.Join(cookieStrs, "; "))
+}