bug fix

Dockerfile

@@ -4,4 +4,4 @@ COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 COPY . .
 EXPOSE 7860
-CMD ["python", "app.py"]
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

app.py

@@ -1,52 +1,177 @@
 import os
 import hashlib
 import base64
-import urllib.parse
+import struct
+import threading
+import httpx
+import gradio as gr
 from fastapi import FastAPI, Request
-from fastapi.responses import PlainTextResponse
+from fastapi.responses import PlainTextResponse, HTMLResponse
+from openai import OpenAI
 from Crypto.Cipher import AES
 from Crypto.Util.Padding import unpad
+import xml.etree.ElementTree as ET
 
-app = FastAPI()
+# ── 环境变量 ──────────────────────────────────────────────────
+NVIDIA_API_KEY  = os.getenv("NVIDIA_API_KEY", "")
+WECOM_TOKEN     = os.getenv("WECOM_TOKEN", "").strip()
+WECOM_AES_KEY   = os.getenv("WECOM_AES_KEY", "").strip()
+WECOM_CORPID    = os.getenv("CORPID", "").strip()
+WECOM_SECRET    = os.getenv("WECOM_SECRET", "").strip()
+WECOM_AGENTID   = os.getenv("WECOM_AGENTID", "1000003")
+
+# ── Hermes LLM 客户端 ─────────────────────────────────────────
+llm = OpenAI(
+    base_url="https://integrate.api.nvidia.com/v1",
+    api_key=NVIDIA_API_KEY,
+)
+
+SYSTEM_PROMPT = (
+    "You are Hermes, a helpful AI assistant. "
+    "Answer concisely and accurately. Reply in the same language as the user."
+)
+
+def chat_with_hermes(message: str, history: list) -> str:
+    """调用 Hermes 模型，返回回复文本"""
+    messages = [{"role": "system", "content": SYSTEM_PROMPT}]
+    for user_msg, bot_msg in history:
+        messages.append({"role": "user", "content": user_msg})
+        messages.append({"role": "assistant", "content": bot_msg})
+    messages.append({"role": "user", "content": message})
+
+    response = llm.chat.completions.create(
+        model="nv-mistralai/mistral-nemo-12b-instruct",
+        messages=messages,
+        max_tokens=1024,
+        temperature=0.7,
+    )
+    return response.choices[0].message.content
+
+# ── 企业微信 Access Token ─────────────────────────────────────
+_wx_token_cache = {"token": "", "expires": 0}
+_token_lock = threading.Lock()
+
+def get_wecom_token() -> str:
+    import time
+    with _token_lock:
+        if time.time() < _wx_token_cache["expires"] - 60:
+            return _wx_token_cache["token"]
+        url = (
+            f"https://qyapi.weixin.qq.com/cgi-bin/gettoken"
+            f"?corpid={WECOM_CORPID}&corpsecret={WECOM_SECRET}"
+        )
+        r = httpx.get(url, timeout=10)
+        data = r.json()
+        _wx_token_cache["token"] = data.get("access_token", "")
+        _wx_token_cache["expires"] = time.time() + data.get("expires_in", 7200)
+        return _wx_token_cache["token"]
 
-# 从环境变量读取（必须和企业微信一致）
-WECOM_TOKEN = os.getenv("WECOM_TOKEN", "").strip()
-WECOM_AES_KEY = os.getenv("WECOM_AES_KEY", "").strip()
+def send_wecom_message(to_user: str, content: str):
+    """向企业微信用户发送文本消息"""
+    token = get_wecom_token()
+    url = f"https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token={token}"
+    payload = {
+        "touser": to_user,
+        "msgtype": "text",
+        "agentid": int(WECOM_AGENTID),
+        "text": {"content": content},
+    }
+    httpx.post(url, json=payload, timeout=10)
+
+# ── 企业微信消息解密 ──────────────────────────────────────────
+def decrypt_wecom_msg(encrypted: str) -> str:
+    aes_key = base64.b64decode(WECOM_AES_KEY + "=")  # 补齐 padding
+    cipher = AES.new(aes_key, AES.MODE_CBC, aes_key[:16])
+    raw = unpad(cipher.decrypt(base64.b64decode(encrypted)), AES.block_size)
+    # 格式: 16字节随机 + 4字节长度 + 内容 + appid
+    msg_len = struct.unpack(">I", raw[16:20])[0]
+    return raw[20: 20 + msg_len].decode("utf-8")
+
+def verify_signature(token: str, timestamp: str, nonce: str, encrypt: str = "") -> str:
+    arr = sorted([token, timestamp, nonce, encrypt] if encrypt else [token, timestamp, nonce])
+    return hashlib.sha1("".join(arr).encode()).hexdigest()
+
+# ── FastAPI ───────────────────────────────────────────────────
+app = FastAPI()
 
-# ==========================================
-# 企业微信官方 URL 验证（绝对正确）
-# ==========================================
 @app.get("/gateway/wecom")
-async def verify(request: Request):
+async def wecom_verify(request: Request):
+    """企业微信 URL 验证"""
     try:
-        # 获取参数
-        msg_signature = request.query_params.get("msg_signature", "")
+        msg_sig  = request.query_params.get("msg_signature", "")
         timestamp = request.query_params.get("timestamp", "")
-        nonce = request.query_params.get("nonce", "")
-        echostr_enc = request.query_params.get("echostr", "")
-
-        # 验签
-        arr = sorted([WECOM_TOKEN, timestamp, nonce])
-        check_str = ''.join(arr)
-        sig = hashlib.sha1(check_str.encode()).hexdigest()
+        nonce    = request.query_params.get("nonce", "")
+        echostr  = request.query_params.get("echostr", "")
 
-        if sig != msg_signature:
+        sig = verify_signature(WECOM_TOKEN, timestamp, nonce, echostr)
+        if sig != msg_sig:
             return PlainTextResponse("")
 
-        # AES 解密（官方标准）
-        aes_key = base64.b64decode(WECOM_AES_KEY)
-        cipher = AES.new(aes_key, AES.MODE_CBC, aes_key[:16])
-        encrypted = base64.b64decode(echostr_enc)
-        decrypted = unpad(cipher.decrypt(encrypted), AES.block_size)
-        msg = decrypted[16:].decode()
-
-        # 只返回明文！！！ 不加任何东西！！！
-        return PlainTextResponse(msg)
-    
+        plain = decrypt_wecom_msg(echostr)
+        # 只取消息内容部分（去掉末尾 appid）
+        return PlainTextResponse(plain)
     except Exception:
         return PlainTextResponse("")
 
-# 必须返回空 success
 @app.post("/gateway/wecom")
-async def post():
-    return PlainTextResponse("")
+async def wecom_message(request: Request):
+    """接收企业微信消息，调用 Hermes 回复"""
+    try:
+        msg_sig   = request.query_params.get("msg_signature", "")
+        timestamp = request.query_params.get("timestamp", "")
+        nonce     = request.query_params.get("nonce", "")
+
+        body = await request.body()
+        xml_root = ET.fromstring(body.decode("utf-8"))
+        encrypt  = xml_root.findtext("Encrypt", "")
+
+        sig = verify_signature(WECOM_TOKEN, timestamp, nonce, encrypt)
+        if sig != msg_sig:
+            return PlainTextResponse("success")
+
+        plain_xml = decrypt_wecom_msg(encrypt)
+        msg_root  = ET.fromstring(plain_xml)
+        msg_type  = msg_root.findtext("MsgType", "")
+        from_user = msg_root.findtext("FromUserName", "")
+
+        if msg_type == "text":
+            user_content = msg_root.findtext("Content", "").strip()
+            if user_content:
+                # 异步回复，避免超时
+                def reply():
+                    answer = chat_with_hermes(user_content, [])
+                    send_wecom_message(from_user, answer)
+                threading.Thread(target=reply, daemon=True).start()
+
+    except Exception:
+        pass
+    return PlainTextResponse("success")
+
+# ── Gradio Web 界面 ───────────────────────────────────────────
+def gradio_chat(message: str, history: list):
+    reply = chat_with_hermes(message, history)
+    history.append((message, reply))
+    return "", history
+
+with gr.Blocks(title="Hermes Agent", theme=gr.themes.Soft()) as demo:
+    gr.Markdown("# 🤖 Hermes Agent\nPowered by NVIDIA NIM · 企业微信同步接入")
+    chatbot = gr.Chatbot(height=500, label="对话")
+    with gr.Row():
+        msg = gr.Textbox(
+            placeholder="输入消息，按 Enter 发送...",
+            show_label=False,
+            scale=9,
+        )
+        clear = gr.Button("清空", scale=1)
+
+    msg.submit(gradio_chat, [msg, chatbot], [msg, chatbot])
+    clear.click(lambda: ([], ""), outputs=[chatbot, msg])
+
+# ── 挂载 Gradio 到 FastAPI ────────────────────────────────────
+import gradio.routes
+app = gr.mount_gradio_app(app, demo, path="/")
+
+# ── 启动 ──────────────────────────────────────────────────────
+if __name__ == "__main__":
+    import uvicorn
+    uvicorn.run(app, host="0.0.0.0", port=7860)

requirements.txt

@@ -1,5 +1,6 @@
 fastapi
-uvicorn
-gradio
+uvicorn[standard]
+gradio>=4.0.0
 pycryptodome
-cryptography
+httpx
+openai>=1.0.0