From 125e02a4b9f243b02aa7ec33c08b284ffe0ade71 Mon Sep 17 00:00:00 2001 From: Wei Liu Date: Wed, 18 Mar 2026 12:31:49 +1300 Subject: [PATCH] fix: make SSL verification opt-in via config, extend fix to all platforms - Add DISABLE_SSL_VERIFY = False to base_config.py (default: verification on) - Add tools/httpx_util.py with make_async_client() factory that reads the config - Replace all httpx.AsyncClient() call sites across all platforms (bilibili, weibo, zhihu, xhs, douyin, kuaishou) and crawler_util with make_async_client() - Extends SSL fix to previously missed platforms: xhs, douyin, kuaishou Users running behind an intercepting proxy can set DISABLE_SSL_VERIFY = True in config/base_config.py. All other users retain certificate verification. Co-Authored-By: Claude Sonnet 4.6 --- config/base_config.py | 5 +++++ media_platform/bilibili/client.py | 5 +++-- media_platform/douyin/client.py | 7 ++++--- media_platform/kuaishou/client.py | 5 +++-- media_platform/weibo/client.py | 7 ++++--- media_platform/xhs/client.py | 7 ++++--- media_platform/zhihu/client.py | 3 ++- tools/crawler_util.py | 3 ++- tools/httpx_util.py | 14 ++++++++++++++ 9 files changed, 41 insertions(+), 15 deletions(-) create mode 100644 tools/httpx_util.py diff --git a/config/base_config.py b/config/base_config.py index 26ed383..7878ebf 100644 --- a/config/base_config.py +++ b/config/base_config.py @@ -120,6 +120,11 @@ FONT_PATH = "./docs/STZHONGS.TTF" # Crawl interval CRAWLER_MAX_SLEEP_SEC = 2 +# Disable SSL certificate verification. Set to True only when running behind an intercepting +# proxy (corporate gateway, Burp Suite, mitmproxy, etc.) that injects its own certificate. +# WARNING: disabling SSL verification exposes all traffic to MITM attacks. +DISABLE_SSL_VERIFY = False + from .bilibili_config import * from .xhs_config import * from .dy_config import * diff --git a/media_platform/bilibili/client.py b/media_platform/bilibili/client.py index cf0a170..ab87dfc 100644 --- a/media_platform/bilibili/client.py +++ b/media_platform/bilibili/client.py @@ -29,6 +29,7 @@ from urllib.parse import urlencode import httpx from playwright.async_api import BrowserContext, Page +from tools.httpx_util import make_async_client import config from base.base_crawler import AbstractApiClient @@ -68,7 +69,7 @@ class BilibiliClient(AbstractApiClient, ProxyRefreshMixin): # Check if proxy has expired before each request await self._refresh_proxy_if_expired() - async with httpx.AsyncClient(proxy=self.proxy, verify=False) as client: + async with make_async_client(proxy=self.proxy) as client: response = await client.request(method, url, timeout=self.timeout, **kwargs) try: data: Dict = response.json() @@ -222,7 +223,7 @@ class BilibiliClient(AbstractApiClient, ProxyRefreshMixin): async def get_video_media(self, url: str) -> Union[bytes, None]: # Follow CDN 302 redirects and treat any 2xx as success (some endpoints return 206) - async with httpx.AsyncClient(proxy=self.proxy, follow_redirects=True, verify=False) as client: + async with make_async_client(proxy=self.proxy, follow_redirects=True) as client: try: response = await client.request("GET", url, timeout=self.timeout, headers=self.headers) response.raise_for_status() diff --git a/media_platform/douyin/client.py b/media_platform/douyin/client.py index f361f6b..ce98ae7 100644 --- a/media_platform/douyin/client.py +++ b/media_platform/douyin/client.py @@ -29,6 +29,7 @@ from playwright.async_api import BrowserContext from base.base_crawler import AbstractApiClient from proxy.proxy_mixin import ProxyRefreshMixin from tools import utils +from tools.httpx_util import make_async_client from var import request_keyword_var if TYPE_CHECKING: @@ -116,7 +117,7 @@ class DouYinClient(AbstractApiClient, ProxyRefreshMixin): # Check whether the proxy has expired before each request await self._refresh_proxy_if_expired() - async with httpx.AsyncClient(proxy=self.proxy) as client: + async with make_async_client(proxy=self.proxy) as client: response = await client.request(method, url, timeout=self.timeout, **kwargs) try: if response.text == "" or response.text == "blocked": @@ -333,7 +334,7 @@ class DouYinClient(AbstractApiClient, ProxyRefreshMixin): return result async def get_aweme_media(self, url: str) -> Union[bytes, None]: - async with httpx.AsyncClient(proxy=self.proxy) as client: + async with make_async_client(proxy=self.proxy) as client: try: response = await client.request("GET", url, timeout=self.timeout, follow_redirects=True) response.raise_for_status() @@ -354,7 +355,7 @@ class DouYinClient(AbstractApiClient, ProxyRefreshMixin): Returns: 重定向后的完整URL """ - async with httpx.AsyncClient(proxy=self.proxy, follow_redirects=False) as client: + async with make_async_client(proxy=self.proxy, follow_redirects=False) as client: try: utils.logger.info(f"[DouYinClient.resolve_short_url] Resolving short URL: {short_url}") response = await client.get(short_url, timeout=10) diff --git a/media_platform/kuaishou/client.py b/media_platform/kuaishou/client.py index 785263c..6cd18cb 100644 --- a/media_platform/kuaishou/client.py +++ b/media_platform/kuaishou/client.py @@ -31,6 +31,7 @@ import config from base.base_crawler import AbstractApiClient from proxy.proxy_mixin import ProxyRefreshMixin from tools import utils +from tools.httpx_util import make_async_client if TYPE_CHECKING: from proxy.proxy_ip_pool import ProxyIpPool @@ -65,7 +66,7 @@ class KuaiShouClient(AbstractApiClient, ProxyRefreshMixin): # Check if proxy is expired before each request await self._refresh_proxy_if_expired() - async with httpx.AsyncClient(proxy=self.proxy) as client: + async with make_async_client(proxy=self.proxy) as client: response = await client.request(method, url, timeout=self.timeout, **kwargs) data: Dict = response.json() if data.get("errors"): @@ -97,7 +98,7 @@ class KuaiShouClient(AbstractApiClient, ProxyRefreshMixin): await self._refresh_proxy_if_expired() json_str = json.dumps(data, separators=(",", ":"), ensure_ascii=False) - async with httpx.AsyncClient(proxy=self.proxy) as client: + async with make_async_client(proxy=self.proxy) as client: response = await client.request( method="POST", url=f"{self._rest_host}{uri}", diff --git a/media_platform/weibo/client.py b/media_platform/weibo/client.py index ce51d90..dac7de1 100644 --- a/media_platform/weibo/client.py +++ b/media_platform/weibo/client.py @@ -32,6 +32,7 @@ from urllib.parse import parse_qs, unquote, urlencode import httpx from httpx import Response from playwright.async_api import BrowserContext, Page +from tools.httpx_util import make_async_client from tenacity import retry, stop_after_attempt, wait_fixed import config @@ -73,7 +74,7 @@ class WeiboClient(ProxyRefreshMixin): await self._refresh_proxy_if_expired() enable_return_response = kwargs.pop("return_response", False) - async with httpx.AsyncClient(proxy=self.proxy, verify=False) as client: + async with make_async_client(proxy=self.proxy) as client: response = await client.request(method, url, timeout=self.timeout, **kwargs) if enable_return_response: @@ -261,7 +262,7 @@ class WeiboClient(ProxyRefreshMixin): :return: """ url = f"{self._host}/detail/{note_id}" - async with httpx.AsyncClient(proxy=self.proxy, verify=False) as client: + async with make_async_client(proxy=self.proxy) as client: response = await client.request("GET", url, timeout=self.timeout, headers=self.headers) if response.status_code != 200: raise DataFetchError(f"get weibo detail err: {response.text}") @@ -291,7 +292,7 @@ class WeiboClient(ProxyRefreshMixin): # Since Weibo images are accessed through i1.wp.com, we need to concatenate the URL final_uri = (f"{self._image_agent_host}" f"{image_url}") - async with httpx.AsyncClient(proxy=self.proxy, verify=False) as client: + async with make_async_client(proxy=self.proxy) as client: try: response = await client.request("GET", final_uri, timeout=self.timeout) response.raise_for_status() diff --git a/media_platform/xhs/client.py b/media_platform/xhs/client.py index aa7d8fb..104190d 100644 --- a/media_platform/xhs/client.py +++ b/media_platform/xhs/client.py @@ -25,6 +25,7 @@ from urllib.parse import urlencode import httpx from playwright.async_api import BrowserContext, Page from tenacity import retry, stop_after_attempt, wait_fixed, retry_if_not_exception_type +from tools.httpx_util import make_async_client import config from base.base_crawler import AbstractApiClient @@ -127,7 +128,7 @@ class XiaoHongShuClient(AbstractApiClient, ProxyRefreshMixin): # return response.text return_response = kwargs.pop("return_response", False) - async with httpx.AsyncClient(proxy=self.proxy) as client: + async with make_async_client(proxy=self.proxy) as client: response = await client.request(method, url, timeout=self.timeout, **kwargs) if response.status_code == 471 or response.status_code == 461: @@ -192,7 +193,7 @@ class XiaoHongShuClient(AbstractApiClient, ProxyRefreshMixin): # Check if proxy is expired before request await self._refresh_proxy_if_expired() - async with httpx.AsyncClient(proxy=self.proxy) as client: + async with make_async_client(proxy=self.proxy) as client: try: response = await client.request("GET", url, timeout=self.timeout) response.raise_for_status() @@ -219,7 +220,7 @@ class XiaoHongShuClient(AbstractApiClient, ProxyRefreshMixin): """ uri = "/api/sns/web/v1/user/selfinfo" headers = await self._pre_headers(uri, params={}) - async with httpx.AsyncClient(proxy=self.proxy) as client: + async with make_async_client(proxy=self.proxy) as client: response = await client.get(f"{self._host}{uri}", headers=headers) if response.status_code == 200: return response.json() diff --git a/media_platform/zhihu/client.py b/media_platform/zhihu/client.py index 84721c7..4f62cf1 100644 --- a/media_platform/zhihu/client.py +++ b/media_platform/zhihu/client.py @@ -26,6 +26,7 @@ from urllib.parse import urlencode import httpx from httpx import Response from playwright.async_api import BrowserContext, Page +from tools.httpx_util import make_async_client from tenacity import retry, stop_after_attempt, wait_fixed import config @@ -98,7 +99,7 @@ class ZhiHuClient(AbstractApiClient, ProxyRefreshMixin): # return response.text return_response = kwargs.pop('return_response', False) - async with httpx.AsyncClient(proxy=self.proxy, verify=False) as client: + async with make_async_client(proxy=self.proxy) as client: response = await client.request(method, url, timeout=self.timeout, **kwargs) if response.status_code != 200: diff --git a/tools/crawler_util.py b/tools/crawler_util.py index 980ca35..aca38d5 100644 --- a/tools/crawler_util.py +++ b/tools/crawler_util.py @@ -37,6 +37,7 @@ from PIL import Image, ImageDraw, ImageShow from playwright.async_api import Cookie, Page from . import utils +from .httpx_util import make_async_client async def find_login_qrcode(page: Page, selector: str) -> str: @@ -47,7 +48,7 @@ async def find_login_qrcode(page: Page, selector: str) -> str: ) login_qrcode_img = str(await elements.get_property("src")) # type: ignore if "http://" in login_qrcode_img or "https://" in login_qrcode_img: - async with httpx.AsyncClient(follow_redirects=True, verify=False) as client: + async with make_async_client(follow_redirects=True) as client: utils.logger.info(f"[find_login_qrcode] get qrcode by url:{login_qrcode_img}") resp = await client.get(login_qrcode_img, headers={"User-Agent": get_user_agent()}) if resp.status_code == 200: diff --git a/tools/httpx_util.py b/tools/httpx_util.py new file mode 100644 index 0000000..7647d06 --- /dev/null +++ b/tools/httpx_util.py @@ -0,0 +1,14 @@ +# -*- coding: utf-8 -*- +import httpx +import config + + +def make_async_client(**kwargs) -> httpx.AsyncClient: + """Create an httpx.AsyncClient with project-wide defaults. + + Reads DISABLE_SSL_VERIFY from config (default False). + Set DISABLE_SSL_VERIFY = True in config/base_config.py only when running + behind an intercepting proxy (corporate gateway, Burp, mitmproxy, etc.). + """ + kwargs.setdefault("verify", not getattr(config, "DISABLE_SSL_VERIFY", False)) + return httpx.AsyncClient(**kwargs)