From d07316f0f932691b592255f2117a9c83abee4b7b Mon Sep 17 00:00:00 2001 From: bookworm Date: Mon, 6 Apr 2026 14:18:13 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20OneClick=20Keychain=20=E5=85=8D?= =?UTF-8?q?=E5=AF=86=20+=20sync-version=20=E8=A1=A5=20guide.html?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Bookworm-OneClick-Mac.sh: 回退路径加 Keychain 缓存(对标 Setup.sh) - sync-version.js: 补 guide.html 到文件列表 Co-Authored-By: Claude Opus 4.6 (1M context) --- Bookworm-OneClick-Mac.sh | 41 ++++++++++++++++++++++++++++++++++++++-- sync-version.js | 1 + 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/Bookworm-OneClick-Mac.sh b/Bookworm-OneClick-Mac.sh index cc760de..06edcce 100644 --- a/Bookworm-OneClick-Mac.sh +++ b/Bookworm-OneClick-Mac.sh @@ -208,9 +208,42 @@ else # 回退: 手动执行核心配置步骤 info "未找到安装脚本, 执行基础配置..." - # 解密凭证 + # Keychain 缓存 + KC_SVC="bookworm-secrets" + KC_ACCT="$(whoami)" + + _kc_load() { + local cached + cached=$(security find-generic-password -s "$KC_SVC" -a "$KC_ACCT" -w 2>/dev/null) || return 1 + local expiry_date + expiry_date=$(echo "$cached" | head -1 | sed 's/EXPIRY=//') + [ "$expiry_date" != "$(date +%Y-%m-%d)" ] && { security delete-generic-password -s "$KC_SVC" -a "$KC_ACCT" 2>/dev/null; return 1; } + local count=0 + while IFS= read -r line; do + [ -z "$line" ] && continue; [[ "$line" == EXPIRY=* ]] && continue + local key="${line%%=*}" value="${line#*=}" + key=$(echo "$key" | tr -d ' ') + [ -n "$key" ] && [ -n "$value" ] && export "$key=$value" && count=$((count + 1)) + done <<< "$cached" + [ $count -gt 0 ] && [ -n "$ANTHROPIC_API_KEY" ] && { success "从 Keychain 缓存加载 $count 个凭证 (免密)"; return 0; } + return 1 + } + + _kc_save() { + local data="EXPIRY=$(date +%Y-%m-%d)" + for k in ANTHROPIC_API_KEY ANTHROPIC_BASE_URL GITHUB_PERSONAL_ACCESS_TOKEN SLACK_BOT_TOKEN ATLASSIAN_API_TOKEN BROWSERBASE_API_KEY FIRECRAWL_API_KEY; do + local v="${!k}"; [ -n "$v" ] && data="$data +$k=$v" + done + security add-generic-password -s "$KC_SVC" -a "$KC_ACCT" -w "$data" -U 2>/dev/null && \ + success "凭证已缓存至今日 23:59 (下次免密)" || true + } + + # 解密凭证 (先查缓存) SECRETS_ENC="$BOOT_DIR/secrets.enc" - if [ -f "$SECRETS_ENC" ] && [ -n "$OPENSSL_CMD" ]; then + if _kc_load 2>/dev/null; then + : # 缓存命中 + elif [ -f "$SECRETS_ENC" ] && [ -n "$OPENSSL_CMD" ]; then echo "" for attempt in 1 2 3; do read -rs -p " 输入主密码解密凭证 (第 $attempt/3 次): " PASSWORD @@ -228,6 +261,10 @@ else success "已注入: $key" fi done <<< "$DECRYPTED" + DECRYPTED="" + echo "" + read -p " 今日内免密启动? (y/n): " _cache_yn + [ "$_cache_yn" = "y" ] || [ "$_cache_yn" = "Y" ] && _kc_save break else if [ $attempt -lt 3 ]; then diff --git a/sync-version.js b/sync-version.js index c38950c..ac108f6 100644 --- a/sync-version.js +++ b/sync-version.js @@ -42,6 +42,7 @@ const FILES = [ 'Bookworm-OneClick-Win10.bat', 'Bookworm-OneClick-Mac.sh', 'install.ps1', + 'guide.html', 'guide-mac.html', 'quick-start.html', 'quick-reference.txt',