bookworm/bookworm-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: v3.0.1 auto-setup.ps1 + Setup.sh (P0 fixes)

Browse Source
This commit is contained in:
Bookworm 2026-04-21 01:54:42 +08:00
parent 9668a58480
commit 080ff71653
2 changed files with 2096 additions and 1750 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
Bookworm-Setup.sh
View File

@ -211,6 +211,25 @@ done
# ============================================================
step 4 "解密凭证"
# ─── v3.0.1: $BW_LICENSE_KEY 静默激活 (零输入路径) ───
# 若 install.sh 通过 env 传入 License Key (BW-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX), 优先走这条
# activate.js 已支持 HTTPS_PROXY 的 HTTP CONNECT 隧道 (Gitea ce354ca)
ACTIVATE_JS="$CLAUDE_DIR/lib/activate.js"
BW_TOKEN_FILE="$HOME/.claude/.bw-token"
if [ -n "$BW_LICENSE_KEY" ] && [[ "$BW_LICENSE_KEY" =~ ^BW-[A-F0-9]{4}(-[A-F0-9]{4}){5}$ ]] && [ -f "$ACTIVATE_JS" ] && command -v node &>/dev/null; then
info "检测到 \$BW_LICENSE_KEY, 静默激活..."
if printf '%s' "$BW_LICENSE_KEY" | node "$ACTIVATE_JS" 2>&1 | tail -3 | grep -q "OK\|激活成功"; then
if [ -f "$BW_TOKEN_FILE" ]; then
success "License 静默激活成功"
else
warn "activate.js 返回 OK 但 .bw-token 未生成, 回退到交互模式"
fi
else
warn "静默激活失败, 回退到交互模式 (中转站 sk-Key 流程)"
fi
unset BW_LICENSE_KEY # 清掉, 不在子进程泄露
fi
# Keychain 缓存相关
KEYCHAIN_SERVICE="bookworm-secrets"
KEYCHAIN_ACCOUNT="$(whoami)"
@ -349,6 +368,92 @@ else
fi
fi
# 优先级 3.5: v3.0.1 新增 — 直接输入 sk- Key (中转站 Key) + 5 模型候选验证
# 适用: fresh install 没 change-key.js, 没 .enc 文件的新用户 (BYOK)
if [ -z "$ANTHROPIC_API_KEY" ]; then
# 测 sk- Key 是否可调通 (5 模型候选, 中转站白名单)
validate_sk_key() {
local key="$1"
local baseurl="${ANTHROPIC_BASE_URL:-https://bww.letcareme.com}"
local models=("claude-opus-4-7" "claude-opus-4-6" "claude-opus-4-6-thinking" "claude-sonnet-4-6" "claude-sonnet-4-6-thinking")
for model in "${models[@]}"; do
local code
code=$(curl -sS -o /dev/null -w "%{http_code}" --max-time 15 --noproxy '*' \
-X POST "$baseurl/v1/messages" \
-H "x-api-key: $key" \
-H "anthropic-version: 2023-06-01" \
-H "Content-Type: application/json" \
-d "{\"model\":\"$model\",\"max_tokens\":1,\"messages\":[{\"role\":\"user\",\"content\":\"hi\"}]}" 2>/dev/null)
# 401/403 认证失败, 立即退, 不继续试
[[ "$code" == "401" || "$code" == "403" ]] && { echo "AUTH_FAIL"; return 1; }
# 200 或 400 都说明 Key 通过, 400 只是请求体问题
[[ "$code" == "200" || "$code" == "400" ]] && { echo "OK"; return 0; }
# 503/404 继续试下个模型
done
echo "NO_CHANNEL" # 全部 503 = 中转站无渠道
return 1
}
echo ""
info "配置中转站 API Key (没有的话去 bww.letcareme.com 注册+充值)"
for attempt in 1 2 3; do
echo ""
read -rs -p " 粘贴 sk- Key (第 $attempt/3 次, 输入不显示, 留空跳过): " SK_KEY
echo ""
[ -z "$SK_KEY" ] && { warn "已跳过"; break; }
# 基础格式校验
if [[ ! "$SK_KEY" =~ ^sk- ]] || [ ${#SK_KEY} -lt 20 ]; then
warn "格式错误 (应 sk- 开头, 至少 20 字符), 请重试"
continue
fi
info "验证中 (试 5 个模型候选)..."
result=$(validate_sk_key "$SK_KEY")
case "$result" in
OK)
success "sk- Key 验证成功"
# v3.0.1: chmod 600 防同机其它 uid 读取 + 清 .bak 残留 (red-team-attacker P0)
for rc in "$HOME/.zshrc" "$HOME/.bashrc"; do
[ -f "$rc" ] || touch "$rc"
# BSD sed (macOS 默认): -i '' 无 .bak; GNU sed (Linux): -i 无 .bak
if sed --version 2>/dev/null | grep -q GNU; then
sed -i '/^export ANTHROPIC_API_KEY=/d' "$rc" 2>/dev/null || true
sed -i '/^export ANTHROPIC_BASE_URL=/d' "$rc" 2>/dev/null || true
else
sed -i '' '/^export ANTHROPIC_API_KEY=/d' "$rc" 2>/dev/null || true
sed -i '' '/^export ANTHROPIC_BASE_URL=/d' "$rc" 2>/dev/null || true
fi
echo "export ANTHROPIC_API_KEY=\"$SK_KEY\"" >> "$rc"
echo "export ANTHROPIC_BASE_URL=\"https://bww.letcareme.com\"" >> "$rc"
chmod 600 "$rc" # 只 owner 可读, 防同机 uid 泄露
done
# 扫残留 .bak 副本 (可能含旧 Key)
rm -f "$HOME/.zshrc.bak" "$HOME/.bashrc.bak" 2>/dev/null || true
export ANTHROPIC_API_KEY="$SK_KEY"
export ANTHROPIC_BASE_URL="https://bww.letcareme.com"
# 存 Keychain 本日免密
security add-generic-password -s "$KEYCHAIN_SERVICE" -a "$KEYCHAIN_ACCOUNT" -w "ANTHROPIC_API_KEY=$SK_KEY
ANTHROPIC_BASE_URL=https://bww.letcareme.com
EXPIRY=$(date -v+1d -u +%FT%TZ 2>/dev/null || date -u -d '+1 day' +%FT%TZ)" -U 2>/dev/null || true
SK_KEY=""
break
;;
AUTH_FAIL)
warn "Key 无效或余额为 0 (中转站返回 401/403)"
SK_KEY=""
[ $attempt -lt 3 ] && continue || { fail "3 次失败, 跳过 sk- 配置"; break; }
;;
NO_CHANNEL)
fail "中转站没有可用 Claude 渠道 (5 模型全返 503). 联系中转站客服"
SK_KEY=""
break
;;
*)
warn "验证异常, 剩余 $((3-attempt))"
SK_KEY=""
;;
esac
done
fi
# 优先级 4: 授权码模式 (向后兼容旧用户)
if [ -z "$ANTHROPIC_API_KEY" ] && { [ -f "$SECRETS_ENC" ] || ls "$BOOT_DIR"/secrets-*.enc 2>/dev/null | head -1 | grep -q .; }; then
DECRYPTED=""
@ -495,7 +600,7 @@ if ! grep -q "$ALIAS_MARKER" "$SHELL_RC" 2>/dev/null; then
cat >> "$SHELL_RC" << 'ALIASES'
# Bookworm Portable aliases
alias bw='NO_PROXY="bww.letcareme.com,code.letcareme.com,localhost,127.0.0.1" claude --dangerously-skip-permissions'
alias bw='NO_PROXY="bww.letcareme.com,code.letcareme.com,localhost,127.0.0.1" ANTHROPIC_MODEL="${ANTHROPIC_MODEL:-claude-opus-4-7}" claude --dangerously-skip-permissions'
alias bw-update='cd ~/bookworm-boot && git pull && cd ~/.claude && git pull && echo "Updated!"'
ALIASES
success "已添加到 $SHELL_RC:"
@ -509,7 +614,7 @@ else
cat >> "$SHELL_RC" << 'ALIASES'
# Bookworm Portable aliases
alias bw='NO_PROXY="bww.letcareme.com,code.letcareme.com,localhost,127.0.0.1" claude --dangerously-skip-permissions'
alias bw='NO_PROXY="bww.letcareme.com,code.letcareme.com,localhost,127.0.0.1" ANTHROPIC_MODEL="${ANTHROPIC_MODEL:-claude-opus-4-7}" claude --dangerously-skip-permissions'
alias bw-update='cd ~/bookworm-boot && git pull && cd ~/.claude && git pull && echo "Updated!"'
ALIASES
success "终端别名已更新 (bookworm → bw)"
@ -547,5 +652,7 @@ if [ "$START_NOW" = "y" ] || [ "$START_NOW" = "Y" ]; then
info "正在启动 Claude Code..."
cd "$HOME"
export NO_PROXY="bww.letcareme.com,code.letcareme.com,letcareme.com,localhost,127.0.0.1"
# v3.0.1: 默认模型 (中转站兼容, 默认 claude-sonnet-4-5 会 503)
export ANTHROPIC_MODEL="${ANTHROPIC_MODEL:-claude-opus-4-7}"
exec claude --dangerously-skip-permissions
fi

3735
auto-setup.ps1
View File

File diff suppressed because it is too large Load Diff