Update app.py

app.py

@@ -4,10 +4,12 @@ import json
 import time
 import logging
 import requests
+import subprocess
 from flask import Flask, request, jsonify, render_template_string
 from playwright.sync_api import sync_playwright, TimeoutError as PlaywrightTimeoutError
-from playwright_stealth import stealth_sync
 import traceback
+import ssl
+import certifi
 
 # Configuração de logging
 logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
@@ -15,7 +17,7 @@ logger = logging.getLogger(__name__)
 
 app = Flask(__name__)
 
-# Template HTML para interface simples
+# Template HTML (mesmo do código anterior)
 HTML_TEMPLATE = """
 <!DOCTYPE html>
 <html>
@@ -24,6 +26,7 @@ HTML_TEMPLATE = """
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <style>
+        /* Mesmo CSS do código anterior */
         body {
             font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
             max-width: 1200px;
@@ -129,6 +132,14 @@ HTML_TEMPLATE = """
             margin: 10px 0;
             border-radius: 4px;
         }
+        .warning {
+            color: #ff9800;
+            background: #fff3e0;
+            border-left: 4px solid #ff9800;
+            padding: 15px;
+            margin: 10px 0;
+            border-radius: 4px;
+        }
     </style>
 </head>
 <body>
@@ -136,7 +147,7 @@ HTML_TEMPLATE = """
         <h1>🛡️ Bypass AWS WAF - STF Jurisprudência</h1>
         
         <div class="info-box">
-            <strong>📌 Sobre:</strong> Teste de bypass do AWS WAF usando Playwright + Stealth para acessar a API de jurisprudência do STF.
+            <strong>📌 Sobre:</strong> Teste de bypass do AWS WAF usando Playwright para acessar a API de jurisprudência do STF.
             <br>
             <strong>🔗 API Alvo:</strong> https://jurisprudencia.stf.jus.br/api/search/search
         </div>
@@ -203,9 +214,9 @@ HTML_TEMPLATE = """
                     let resultHtml = '<div class="success">✅ Teste executado com sucesso!</div>';
                     resultHtml += '<pre>' + JSON.stringify(data.data, null, 2) + '</pre>';
                     
-                    if (data.token) {
+                    if (data.token_preview) {
                         resultHtml += '<div class="info-box"><strong>🔑 Token AWS WAF obtido:</strong><br>' + 
-                                     '<code style="word-break: break-all;">' + data.token + '</code></div>';
+                                     '<code style="word-break: break-all;">' + data.token_preview + '</code></div>';
                     }
                     
                     resultDiv.innerHTML = resultHtml;
@@ -213,8 +224,16 @@ HTML_TEMPLATE = """
                     failCount++;
                     document.getElementById('failCount').textContent = failCount;
                     
-                    resultDiv.innerHTML = '<div class="error">❌ Falha no teste: ' + data.error + '</div>' +
-                                         '<pre>' + JSON.stringify(data.details, null, 2) + '</pre>';
+                    let errorHtml = '<div class="error">❌ Falha no teste</div>';
+                    
+                    if (data.attempts) {
+                        data.attempts.forEach(attempt => {
+                            errorHtml += `<div class="warning"><strong>Tentativa (${attempt.method}):</strong> ${attempt.error || 'Sem erro detalhado'}</div>`;
+                        });
+                    }
+                    
+                    errorHtml += '<pre>' + JSON.stringify(data.details || data, null, 2) + '</pre>';
+                    resultDiv.innerHTML = errorHtml;
                 }
             } catch (error) {
                 failCount++;
@@ -231,121 +250,117 @@ HTML_TEMPLATE = """
 </html>
 """
 
-# Dados da requisição (extraídos do curl)
+# Dados da requisição
 URL_API = "https://jurisprudencia.stf.jus.br/api/search/search"
 HEADERS = {
     "Accept": "application/json, text/plain, */*",
     "Content-Type": "application/json",
-    "User-Agent": "Mozilla/5.0 (Linux; Android 10; Pixel 4a Build/QD4A.200805.003; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/129.0.6668.71 Mobile Safari/537.36",
-    "Referer": "https://jurisprudencia.stf.jus.br/pages/search?base=acordaos&pesquisa_inteiro_teor=false&sinonimo=true&plural=true&radicais=false&buscaExata=true&page=1&pageSize=250&queryString=*&sort=_score&sortBy=desc&isAdvanced=true",
+    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+    "Referer": "https://jurisprudencia.stf.jus.br/pages/search",
     "Accept-Encoding": "gzip, deflate, br",
     "Connection": "keep-alive",
     "Origin": "https://jurisprudencia.stf.jus.br"
 }
 
-# Payload completo (resumido para não sobrecarregar o código - o payload completo está no histórico)
+# Payload simplificado para teste
 PAYLOAD = {
     "query": {
-        "function_score": {
-            "functions": [
-                {"exp": {"julgamento_data": {"origin": "now", "scale": "47450d", "offset": "1095d", "decay": 0.1}}},
-                {"filter": {"term": {"orgao_julgador.keyword": "Tribunal Pleno"}}, "weight": 1.15}
-            ],
-            "query": {
-                "bool": {
-                    "filter": [
-                        {"query_string": {
-                            "default_operator": "AND",
-                            "fields": ["ementa_texto.plural^3", "acordao_ata.plural^3"],
-                            "query": "*",
-                            "type": "cross_fields",
-                            "fuzziness": "AUTO:4,7"
-                        }}
-                    ],
-                    "should": []
-                }
-            }
+        "bool": {
+            "filter": [
+                {"term": {"base": "acordaos"}}
+            ]
         }
     },
-    "_source": ["id", "titulo", "ementa_texto", "processo_numero", "julgamento_data"],
-    "size": 10,
+    "_source": ["id", "titulo", "ementa_texto", "processo_numero"],
+    "size": 5,
     "from": 0,
     "sort": [{"_score": "desc"}]
 }
 
-def extract_waf_token_from_cookies(response):
-    """Extrai o token AWS WAF dos cookies da resposta"""
-    cookies = response.cookies
-    for cookie in cookies:
-        if cookie.get('name') == 'aws-waf-token':
-            return cookie.get('value')
-    
-    # Tentar extrair de headers de resposta
-    set_cookie = response.headers.get('set-cookie', '')
-    if 'aws-waf-token=' in set_cookie:
-        import re
-        match = re.search(r'aws-waf-token=([^;]+)', set_cookie)
-        if match:
-            return match.group(1)
-    
-    return None
+def verify_playwright_dependencies():
+    """Verifica e tenta instalar dependências do Playwright"""
+    try:
+        # Tentar importar para ver se já está funcionando
+        with sync_playwright() as p:
+            p.chromium.launch(headless=True).close()
+            return True
+    except Exception as e:
+        logger.warning(f"Playwright não está pronto: {e}")
+        
+        # Tentar instalar dependências
+        try:
+            logger.info("Tentando instalar dependências do Playwright...")
+            subprocess.run(["python", "-m", "playwright", "install", "chromium"], check=True)
+            subprocess.run(["python", "-m", "playwright", "install-deps"], check=True)
+            logger.info("Dependências instaladas com sucesso")
+            return True
+        except Exception as install_error:
+            logger.error(f"Falha ao instalar dependências: {install_error}")
+            return False
 
 def test_with_requests():
-    """Testa acesso direto com requests"""
-    logger.info("Tentando acesso direto com requests...")
+    """Testa acesso direto com requests (ignorando SSL)"""
+    logger.info("Tentando acesso direto com requests (SSL ignorado)...")
     
     try:
-        # Primeiro, tentar acessar a página principal para obter token inicial
+        # Configurar sessão ignorando verificação SSL
         session = requests.Session()
+        session.verify = False  # Ignorar SSL
         
-        # Acessar página de busca primeiro
-        search_page_url = "https://jurisprudencia.stf.jus.br/pages/search"
+        # Suprimir warnings de SSL
+        import urllib3
+        urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+        
+        # Headers sem Content-Type para página
         headers_page = HEADERS.copy()
         headers_page.pop("Content-Type", None)
         
-        page_response = session.get(search_page_url, headers=headers_page, timeout=30)
-        logger.info(f"Página principal: status {page_response.status_code}")
-        
-        # Verificar se recebemos token
-        token = extract_waf_token_from_cookies(page_response)
-        if token:
-            logger.info(f"Token AWS WAF obtido da página: {token[:30]}...")
+        # Tentar página principal
+        try:
+            page_response = session.get(
+                "https://jurisprudencia.stf.jus.br/pages/search",
+                headers=headers_page,
+                timeout=30,
+                verify=False
+            )
+            logger.info(f"Página principal: status {page_response.status_code}")
+        except Exception as page_error:
+            logger.warning(f"Erro ao acessar página principal: {page_error}")
         
-        # Tentar a API
+        # Tentar API diretamente
         api_response = session.post(
             URL_API,
             headers=HEADERS,
             json=PAYLOAD,
-            timeout=30
+            timeout=30,
+            verify=False
         )
         
         logger.info(f"API Response: status {api_response.status_code}")
         
         if api_response.status_code == 200:
-            data = api_response.json()
-            return {
-                "success": True,
-                "method": "requests",
-                "status_code": api_response.status_code,
-                "token": token,
-                "data": data
-            }
-        elif api_response.status_code in [403, 202]:
-            # AWS WAF detectado
-            return {
-                "success": False,
-                "method": "requests",
-                "status_code": api_response.status_code,
-                "error": "AWS WAF detectado - necessário bypass com navegador",
-                "response_text": api_response.text[:500]
-            }
+            try:
+                data = api_response.json()
+                return {
+                    "success": True,
+                    "method": "requests",
+                    "status_code": api_response.status_code,
+                    "data": data
+                }
+            except:
+                return {
+                    "success": True,
+                    "method": "requests",
+                    "status_code": api_response.status_code,
+                    "data": {"text": api_response.text[:500]}
+                }
         else:
             return {
                 "success": False,
                 "method": "requests",
                 "status_code": api_response.status_code,
-                "error": f"Status inesperado: {api_response.status_code}",
-                "response_text": api_response.text[:500]
+                "error": f"Status {api_response.status_code}",
+                "response_text": api_response.text[:500] if api_response.text else ""
             }
             
     except Exception as e:
@@ -357,99 +372,76 @@ def test_with_requests():
             "traceback": traceback.format_exc()
         }
 
-def test_with_playwright():
-    """Testa acesso usando Playwright com stealth"""
-    logger.info("Tentando acesso com Playwright + stealth...")
-    
-    token = None
-    playwright = None
+def test_with_playwright_simple():
+    """Versão simplificada do Playwright para teste"""
+    logger.info("Tentando acesso com Playwright...")
     
     try:
         with sync_playwright() as p:
-            # Configurar navegador com argumentos anti-detecção
+            # Configuração mínima
             browser = p.chromium.launch(
                 headless=True,
-                args=[
-                    '--disable-blink-features=AutomationControlled',
-                    '--disable-dev-shm-usage',
-                    '--no-sandbox',
-                    '--disable-setuid-sandbox',
-                    '--disable-web-security',
-                    '--disable-features=IsolateOrigins,site-per-process',
-                    '--start-maximized'
-                ]
+                args=['--no-sandbox']
             )
             
             context = browser.new_context(
                 viewport={'width': 1920, 'height': 1080},
-                user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
-                locale='pt-BR',
-                timezone_id='America/Sao_Paulo',
-                permissions=['geolocation']
+                user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36'
             )
             
             page = context.new_page()
             
-            # Aplicar stealth
-            stealth_sync(page)
-            
-            # Navegar para página principal
-            logger.info("Navegando para página de busca...")
+            # Navegar
             response = page.goto(
                 "https://jurisprudencia.stf.jus.br/pages/search",
-                wait_until='networkidle',
+                wait_until='domcontentloaded',
                 timeout=30000
             )
             
             if not response:
-                raise Exception("Sem resposta da página")
+                raise Exception("Sem resposta")
             
             logger.info(f"Página carregada: status {response.status}")
             
-            # Aguardar um pouco para execução de JS
-            page.wait_for_timeout(5000)
+            # Aguardar um pouco
+            page.wait_for_timeout(3000)
             
-            # Coletar cookies
+            # Tentar extrair token dos cookies
             cookies = context.cookies()
+            token = None
             for cookie in cookies:
                 if cookie.get('name') == 'aws-waf-token':
                     token = cookie.get('value')
-                    logger.info(f"Token AWS WAF encontrado: {token[:30]}...")
+                    break
             
-            if not token:
-                # Tentar extrair do localStorage
-                token = page.evaluate("""
-                    () => {
-                        for(let i=0; i<localStorage.length; i++) {
-                            let key = localStorage.key(i);
-                            if(key.includes('waf') || key.includes('token')) {
-                                return localStorage.getItem(key);
-                            }
-                        }
-                        return null;
-                    }
-                """)
-                if token:
-                    logger.info(f"Token encontrado no localStorage: {token[:30]}...")
-            
-            # Fazer requisição à API via JavaScript
-            logger.info("Executando requisição à API via JavaScript...")
+            # Fazer requisição à API via página
             api_result = page.evaluate("""
-                async (payload, headers) => {
+                async () => {
                     try {
                         const response = await fetch('https://jurisprudencia.stf.jus.br/api/search/search', {
                             method: 'POST',
-                            headers: headers,
-                            body: JSON.stringify(payload)
+                            headers: {
+                                'Content-Type': 'application/json',
+                                'Accept': 'application/json'
+                            },
+                            body: JSON.stringify({
+                                query: {bool: {filter: [{term: {base: "acordaos"}}]}},
+                                size: 5
+                            })
                         });
                         
-                        const data = await response.json();
-                        return {
-                            success: response.ok,
-                            status: response.status,
-                            data: data,
-                            headers: Object.fromEntries(response.headers)
-                        };
+                        if (response.ok) {
+                            return {
+                                success: true,
+                                data: await response.json()
+                            };
+                        } else {
+                            return {
+                                success: false,
+                                status: response.status,
+                                statusText: response.statusText
+                            };
+                        }
                     } catch (error) {
                         return {
                             success: false,
@@ -457,7 +449,7 @@ def test_with_playwright():
                         };
                     }
                 }
-            """, PAYLOAD, HEADERS)
+            """)
             
             browser.close()
             
@@ -465,7 +457,6 @@ def test_with_playwright():
                 return {
                     "success": True,
                     "method": "playwright",
-                    "status_code": api_result.get('status'),
                     "token": token,
                     "data": api_result.get('data')
                 }
@@ -477,15 +468,6 @@ def test_with_playwright():
                     "token": token
                 }
                 
-    except PlaywrightTimeoutError:
-        error_msg = "Timeout ao carregar página"
-        logger.error(error_msg)
-        return {
-            "success": False,
-            "method": "playwright",
-            "error": error_msg,
-            "traceback": traceback.format_exc()
-        }
     except Exception as e:
         logger.error(f"Erro no Playwright: {str(e)}")
         return {
@@ -510,34 +492,28 @@ def test_bypass():
         "attempts": []
     }
     
-    # Tentar primeiro com requests
+    # Tentar com requests (ignorando SSL)
     requests_result = test_with_requests()
     result["attempts"].append(requests_result)
     
     # Se requests falhou, tentar com playwright
     if not requests_result.get("success"):
         logger.info("Requests falhou, tentando Playwright...")
-        time.sleep(2)  # Pequena pausa entre tentativas
+        time.sleep(1)
         
-        playwright_result = test_with_playwright()
+        playwright_result = test_with_playwright_simple()
         result["attempts"].append(playwright_result)
         
         if playwright_result.get("success"):
             result["success"] = True
             result["method"] = "playwright"
-            result["token"] = playwright_result.get("token")
+            result["token_preview"] = str(playwright_result.get("token", ""))[:50] + "..." if playwright_result.get("token") else None
             result["data"] = playwright_result.get("data")
-    else:
-        result["success"] = True
-        result["method"] = "requests"
-        result["token"] = requests_result.get("token")
-        result["data"] = requests_result.get("data")
     
-    # Preparar resposta
+    # Preparar resposta simplificada
     response_data = {
         "success": result["success"],
         "timestamp": time.time(),
-        "method": result.get("method"),
         "attempts": [
             {
                 "method": a.get("method"),
@@ -549,50 +525,87 @@ def test_bypass():
         ]
     }
     
-    if result.get("success") and result.get("data"):
-        response_data["data"] = result["data"]
-        response_data["token_preview"] = result.get("token", "")[:50] + "..." if result.get("token") else None
-    
-    if not result["success"]:
+    if result.get("success"):
+        response_data["data"] = result.get("data")
+        response_data["token_preview"] = result.get("token_preview")
+    else:
         response_data["error"] = "Todas as tentativas falharam"
-        response_data["details"] = result["attempts"]
-        return jsonify(response_data), 500
+        response_data["details"] = [
+            {
+                "method": a["method"],
+                "error": a.get("error", "Erro desconhecido"),
+                "traceback": a.get("traceback", "") if a.get("traceback") else None
+            }
+            for a in result["attempts"]
+        ]
     
     return jsonify(response_data)
 
 @app.route('/api/health', methods=['GET'])
 def health():
     """Endpoint de health check"""
+    playwright_status = verify_playwright_dependencies()
     return jsonify({
         "status": "healthy",
         "timestamp": time.time(),
-        "playwright_installed": True,
+        "playwright_ready": playwright_status,
         "python_version": sys.version
     })
 
-@app.route('/api/token-status', methods=['GET'])
-def token_status():
-    """Verifica status do token atual"""
-    # Este endpoint poderia verificar se o token ainda é válido
-    return jsonify({
-        "message": "Para obter um token, execute /api/test-bypass primeiro"
-    })
+@app.route('/api/install-deps', methods=['POST'])
+def install_deps():
+    """Endpoint para instalar dependências manualmente"""
+    try:
+        result = subprocess.run(
+            ["python", "-m", "playwright", "install", "chromium"],
+            capture_output=True,
+            text=True,
+            timeout=60
+        )
+        
+        deps_result = subprocess.run(
+            ["python", "-m", "playwright", "install-deps"],
+            capture_output=True,
+            text=True,
+            timeout=120
+        )
+        
+        return jsonify({
+            "success": True,
+            "install_output": result.stdout,
+            "deps_output": deps_result.stdout,
+            "install_error": result.stderr if result.stderr else None,
+            "deps_error": deps_result.stderr if deps_result.stderr else None
+        })
+    except Exception as e:
+        return jsonify({
+            "success": False,
+            "error": str(e)
+        }), 500
 
 if __name__ == '__main__':
-    # Verificar dependências na inicialização
+    # Configurar SSL
+    try:
+        import certifi
+        os.environ['SSL_CERT_FILE'] = certifi.where()
+        os.environ['REQUESTS_CA_BUNDLE'] = certifi.where()
+    except:
+        pass
+    
+    # Suprimir warnings de SSL
+    import urllib3
+    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+    
     logger.info("Iniciando aplicação de bypass AWS WAF")
     logger.info(f"Python version: {sys.version}")
     
-    # Testar playwright na inicialização
-    try:
-        with sync_playwright() as p:
-            browser = p.chromium.launch(headless=True)
-            logger.info("Playwright iniciado com sucesso")
-            browser.close()
-    except Exception as e:
-        logger.error(f"Erro ao iniciar Playwright: {str(e)}")
-        logger.error("Verifique se as dependências do sistema estão instaladas")
+    # Verificar Playwright
+    playwright_ready = verify_playwright_dependencies()
+    if playwright_ready:
+        logger.info("✅ Playwright pronto para uso")
+    else:
+        logger.warning("⚠️ Playwright pode não estar totalmente configurado")
     
-    # Iniciar servidor Flask
+    # Iniciar servidor
     port = int(os.environ.get('PORT', 7860))
     app.run(host='0.0.0.0', port=port, debug=False)