build(packages): bump typescript from 5.9.3 to 6.0.3

Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

.env.prod.example

@@ -8,6 +8,9 @@ ENABLE_PROXY = false
 ## 代理配置
 PROXY_URL = "https://your-proxy-url.com/?proxy="
 
+### 随机IP设置
+## 启用随机中国IP（默认关闭）；启用后，所有请求默认使用随机中国IP，除非请求参数randomCNIP显式关闭
+ENABLE_RANDOM_CN_IP = false
 
 ### UnblockNeteaseMusic 设置项
 ## 启用全局解灰, 无论是否调用参数都会使用解灰(不推荐开启)

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -14,17 +14,17 @@ body:
     id: terms
     attributes:
       label: 确认事项
-      description: 在提交Bug报告前，请确认以下事项
+      description: |
+        在提交Bug报告前，请确认以下事项：
+
+        - 我已经搜索了现有的issues，确认这不是重复问题
+        - 我使用的是最新版本的API, 而且是官方发布的版本，而不是fork或修改版
+        - 不处理别人搭建的线上服务的问题,此项目提供任何线上服务不保证质量
+        - 如果不是提建议,提 issues 如果不照着模版来将不会优先处理或放着不管
+        - 维护项目都是业余时间,精力有限,我只能挑容易解决的issues处理,为了节约双方时间,请尽可能提供足够的有用的信息,给的信息不够我只能根据精力和时间看情况处理,如果模板信息看都不看就删掉,我不会进行任何回复,并且一个月后close掉issue
+
       options:
-        - label: 我已经搜索了现有的issues，确认这不是重复问题
-          required: true
-        - label: 我使用的是最新版本的API, 而且是官方发布的版本，而不是fork或修改版
-          required: true
-        - label: 不处理别人搭建的线上服务的问题,此项目提供任何线上服务不保证质量
-          required: true
-        - label: 如果不是提建议,提 issues 如果不照着模版来将不会优先处理或放着不管
-          required: true
-        - label: 维护项目都是业余时间,精力有限,我只能挑容易解决的issues处理,为了节约双方时间,请尽可能提供足够的有用的信息,给的信息不够我只能根据精力和时间看情况处理,如果模板信息看都不看就删掉,我不会进行任何回复,并且一个月后close掉issue
+        - label: 我已确认以上事项
           required: true
 
   - type: input
@@ -36,29 +36,14 @@ body:
     validations:
       required: true
 
-  - type: dropdown
-    id: os
-    attributes:
-      label: 操作系统或平台
-      description: 您在哪个操作系统上遇到了这个问题？
-      options:
-        - Windows 10
-        - Windows 11
-        - Ubuntu 20.04
-        - Ubuntu 22.04
-        - macOS
-        - 其他 Linux 发行版
-        - 使用部署平台或其他 (请在描述中说明)
-    validations:
-      required: true
-
   - type: dropdown
     id: deployment
     attributes:
-      label: 部署平台
-      description: 
+      label: 部署方式
+      description: 此项目支持本地部署和云平台部署，您使用的是哪种方式？
       options:
-        - 我使用的自己的服务器部署
+        - 本机直接运行 (node / pm2)
+        - 本机 Docker 部署
         - Vercel
         - Heroku
         - Railway

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,8 @@
 blank_issues_enabled: true
 contact_links:
+  - name: ↑请尽量使用议题模板创建议题↑
+    url: https://github.com/NeteaseCloudMusicApiEnhanced/api-enhanced/issues/new/choose
+    about: 选择适合的议题模板可以帮助我们更快地定位和解决问题
   - name: 提问的艺术
     url: https://github.com/ryanhanwu/How-To-Ask-Questions-The-Smart-Way/blob/main/README-zh_CN.md
     about: 默认所有 Issues 发起者均已了解此处的内容 

.github/workflows/Build_Image.yml

@@ -1,55 +0,0 @@
-name: Publish Docker image
-
-on:
-  release:
-    types: [published]
-  workflow_dispatch:
-
-permissions:
-  contents: read
-  packages: write
-
-jobs:
-  build-and-push:
-    if: startsWith(github.event.release.tag_name, 'v')
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-
-      # 读取 package.json 的版本号
-      - name: Read package version
-        id: pkg
-        run: echo "VERSION=$(jq -r .version package.json)" >> $GITHUB_ENV
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v7
-        with:
-          context: .
-          push: true
-          tags: |
-            moefurina/ncm-api:latest
-            moefurina/ncm-api:${{ env.VERSION }}
-            ghcr.io/neteasecloudmusicapienhanced/ncm-api:latest
-            ghcr.io/neteasecloudmusicapienhanced/ncm-api:${{ env.VERSION }}
-          platforms: linux/amd64,linux/arm64/v8

.github/workflows/build-and-pr.yml

@@ -1,109 +0,0 @@
-name: Build and Create PR
-
-on:
-  workflow_dispatch: # 手动触发
-  push:
-    branches: [main]
-
-jobs:
-  build:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-        include:
-          - os: ubuntu-latest
-            platform: linux
-            target: node18-linux-x64
-            output: precompiled/app
-          - os: windows-latest
-            platform: win
-            target: node18-win-x64
-            output: precompiled/app.exe
-          - os: macos-latest
-            platform: macos
-            target: node18-macos-x64
-            output: precompiled/app
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v6
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: '18'
-
-      - name: Install dependencies
-        run: |
-          npm install -g pnpm
-          pnpm install
-
-      - name: Build for ${{ matrix.platform }}
-        run: |
-          npm run pkg${{ matrix.platform }}
-        env:
-          PKG_TARGET: ${{ matrix.target }}
-
-      - name: Upload artifacts
-        uses: actions/upload-artifact@v7
-        with:
-          name: app-${{ matrix.platform }}
-          path: ${{ matrix.output }}
-          if-no-files-found: error
-
-  create-pr:
-    needs: build
-    runs-on: ubuntu-latest
-    if: github.event_name == 'workflow_dispatch' # 只在手动触发时创建PR
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v6
-
-      - name: Download all artifacts
-        uses: actions/download-artifact@v8
-        with:
-          path: precompiled
-
-      - name: Display structure of downloaded files
-        run: ls -R
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v6
-
-      - name: Create new branch and commit
-        run: |
-          git config --global user.name 'github-actions[bot]'
-          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
-
-          BRANCH_NAME="auto-build-$(date +%Y%m%d-%H%M%S)"
-          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
-          git checkout -b $BRANCH_NAME
-
-          # 复制并整理下载的文件
-          mkdir -p precompiled
-          cp app-win/* precompiled/ || true
-          cp app-linux/* precompiled/ || true
-          cp app-macos/* precompiled/ || true
-
-          # 提交更改
-          git add precompiled/
-          git commit -m "Auto-build: Add compiled binaries for win, linux, macos" || exit 0
-
-          # 推送到远程仓库
-          git push origin $BRANCH_NAME
-
-      - name: Create Pull Request
-        uses: actions/github-script@v8
-        with:
-          script: |
-            const { data: pullRequest } = await github.rest.pulls.create({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              title: 'Auto-build: Add compiled binaries for win, linux, macos',
-              head: '${{ env.BRANCH_NAME }}',
-              base: 'main',
-              body: 'This PR contains newly built binaries for Windows, Linux, and macOS platforms.'
-            });
-            console.log(`Created PR #${pullRequest.number}: ${pullRequest.html_url}`);

.github/workflows/build-dev.yml

@@ -0,0 +1,53 @@
+name: Build Artifacts
+
+on:
+  workflow_dispatch: # 手动触发
+  push:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        include:
+          - os: ubuntu-latest
+            platform: linux
+            target: node18-linux-x64
+            output: precompiled/app
+          - os: windows-latest
+            platform: win
+            target: node18-win-x64
+            output: precompiled/app.exe
+          - os: macos-latest
+            platform: macos
+            target: node18-macos-x64
+            output: precompiled/app
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '18'
+
+      - name: Install dependencies
+        run: |
+          npm install -g pnpm
+          pnpm install
+
+      - name: Build for ${{ matrix.platform }}
+        run: |
+          npm run pkg${{ matrix.platform }}
+        env:
+          PKG_TARGET: ${{ matrix.target }}
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v7
+        with:
+          name: app-${{ matrix.platform }}
+          path: ${{ matrix.output }}
+          if-no-files-found: error

.github/workflows/node.js.yml.disabled

@@ -1,56 +0,0 @@
-name: Node.js CI
-
-on:
-  pull_request:
-    branches: [main]
-  push:
-    branches: [main]
-permissions:
-  contents: read
-
-jobs:
-  test:
-    name: Test
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [16.x, 18.x, 22.x]
-    steps:
-      - uses: actions/checkout@v5
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v6
-        with:
-          node-version: ${{ matrix.node-version }}
-          # Use built-in package manager cache for pnpm
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-      - name: Install pnpm
-        run: npm install -g pnpm
-      - name: Install dependencies (pnpm)
-        run: pnpm install --frozen-lockfile
-      - name: Test
-        env:
-          NCM_API_TEST_LOGIN_COUNTRY_CODE: ${{ secrets.NCM_API_TEST_LOGIN_COUNTRY_CODE }}
-          NCM_API_TEST_LOGIN_PHONE: ${{ secrets.NCM_API_TEST_LOGIN_PHONE }}
-          NCM_API_TEST_LOGIN_PASSWORD: ${{ secrets.NCM_API_TEST_LOGIN_PASSWORD }}
-        run: pnpm test
-  lint:
-    name: Lint
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [18.x]
-    steps:
-      - uses: actions/checkout@v5
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v6
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-      - name: Install pnpm
-        run: npm install -g pnpm
-      - name: Install dependencies (pnpm)
-        run: pnpm install --frozen-lockfile
-      - name: Lint
-        run: pnpm run lint

.github/workflows/npm.yml

@@ -1,39 +0,0 @@
-# .github/workflows/release.yml
-name: Release
-
-on:
-  release:
-    types: [published]
-  workflow_dispatch:
-
-jobs:
-  release:
-    if: startsWith(github.event.release.tag_name, 'v')
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      packages: write
-    steps:
-      - uses: actions/checkout@v6
-
-      # 发布到 NPM Registry
-      - name: Setup Node.js for NPM
-        uses: actions/setup-node@v6
-        with:
-          node-version: 20
-          registry-url: 'https://registry.npmjs.org/'
-      - run: npm install
-      - name: Publish to NPM
-        run: npm publish --provenance --access public
-
-      # 发布到 GitHub Packages
-      - name: Setup Node.js for GitHub Packages
-        uses: actions/setup-node@v6
-        with:
-          node-version: 20
-          registry-url: 'https://npm.pkg.github.com'
-      - name: Publish to GitHub Packages
-        run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ github.token }}

.github/workflows/release-on-version-change.yml

@@ -0,0 +1,315 @@
+name: Create Release on Version Change
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - package.json
+
+  workflow_dispatch:
+
+concurrency:
+  group: release-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  detect:
+    name: Detect Version Change
+    runs-on: ubuntu-latest
+
+    outputs:
+      version: ${{ steps.version.outputs.value }}
+      should_release: ${{ steps.check.outputs.should_release }}
+      tag_exists: ${{ steps.tagcheck.outputs.exists }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Extract version from package.json
+        id: version
+        run: |
+          echo "value=$(jq -r .version package.json)" >> $GITHUB_OUTPUT
+
+      - name: Check if version changed
+        id: check
+        shell: bash
+        run: |
+          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+            echo "should_release=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          if git diff "${{ github.event.before }}" "${{ github.sha }}" -- package.json | grep -q '"version"'; then
+            echo "should_release=true" >> $GITHUB_OUTPUT
+          else
+            echo "should_release=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Check if tag already exists
+        id: tagcheck
+        shell: bash
+        run: |
+          VERSION="${{ steps.version.outputs.value }}"
+
+          if git rev-parse "v$VERSION" >/dev/null 2>&1; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
+
+  build:
+    name: Build ${{ matrix.platform }}
+    needs: detect
+
+    if: |
+      needs.detect.outputs.should_release == 'true' &&
+      needs.detect.outputs.tag_exists != 'true'
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+
+      matrix:
+        include:
+          - os: ubuntu-latest
+            platform: linux
+            target: node18-linux-x64
+            output: ncm-api-linux-x64
+
+          - os: windows-latest
+            platform: windows
+            target: node18-win-x64
+            output: ncm-api-win-x64.exe
+
+          - os: macos-latest
+            platform: macos
+            target: node18-macos-x64
+            output: ncm-api-macos-x64
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v6
+        with:
+          version: 9
+          
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: 24
+          cache: pnpm
+
+      
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build binary
+        shell: bash
+        env:
+          PKG_TARGET: ${{ matrix.target }}
+        run: |
+          mkdir -p release-artifacts
+
+          case "${{ matrix.platform }}" in
+            linux)
+              npm run pkglinux
+              mv precompiled/app "release-artifacts/${{ matrix.output }}"
+              ;;
+
+            windows)
+              npm run pkgwin
+              mv precompiled/app.exe "release-artifacts/${{ matrix.output }}"
+              ;;
+
+            macos)
+              npm run pkgmacos
+              mv precompiled/app "release-artifacts/${{ matrix.output }}"
+              ;;
+          esac
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v7
+        with:
+          name: ${{ matrix.platform }}-binary
+          path: release-artifacts/*
+
+  release:
+    name: Create GitHub Release
+
+    needs:
+      - detect
+      - build
+
+    if: |
+      needs.detect.outputs.should_release == 'true' &&
+      needs.detect.outputs.tag_exists != 'true'
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v8
+        with:
+          path: release-artifacts
+          merge-multiple: true
+
+      - name: List flattened artifacts
+        shell: bash
+        run: |
+          mkdir -p final-artifacts
+          cp release-artifacts/* final-artifacts/
+          ls -lah final-artifacts
+
+      - name: Generate release notes
+        shell: bash
+        run: |
+          VERSION="${{ needs.detect.outputs.version }}"
+
+          PREV_TAG=$(git tag --sort=-v:refname | head -1)
+
+          {
+            echo "# Release v${VERSION}"
+            echo ""
+            echo "## 更新内容 / Changelog"
+            echo ""
+
+            if [ -n "$PREV_TAG" ]; then
+              echo "从 \`$PREV_TAG\` 到 \`v$VERSION\` 的提交记录："
+              echo ""
+
+              git log "$PREV_TAG..HEAD" \
+                --no-merges \
+                --pretty=format:"- %s (%h)"
+
+            else
+              echo "首次发布，包含以下提交："
+              echo ""
+
+              git log \
+                --no-merges \
+                --pretty=format:"- %s (%h)"
+            fi
+
+            echo ""
+            echo ""
+            echo "---"
+            echo "自动发布 via GitHub Actions"
+
+          } > release-notes.md
+
+          cat release-notes.md
+
+      - name: Create Git tag
+        run: |
+          git tag "v${{ needs.detect.outputs.version }}"
+          git push origin "v${{ needs.detect.outputs.version }}"
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: v${{ needs.detect.outputs.version }}
+          name: Release v${{ needs.detect.outputs.version }}
+          body_path: release-notes.md
+          files: final-artifacts/*
+          draft: false
+          prerelease: false
+
+  publish-docker:
+    name: Publish Docker Image
+    needs: detect
+
+    if: |
+      needs.detect.outputs.should_release == 'true' &&
+      needs.detect.outputs.tag_exists != 'true'
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Read package version
+        id: pkg
+        run: echo "VERSION=$(jq -r .version package.json)" >> $GITHUB_ENV
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          push: true
+          tags: |
+            moefurina/ncm-api:latest
+            moefurina/ncm-api:${{ env.VERSION }}
+            ghcr.io/neteasecloudmusicapienhanced/ncm-api:latest
+            ghcr.io/neteasecloudmusicapienhanced/ncm-api:${{ env.VERSION }}
+          platforms: linux/amd64,linux/arm64/v8
+
+  publish-npm:
+    name: Publish to npm
+    needs: detect
+
+    if: |
+      needs.detect.outputs.should_release == 'true' &&
+      needs.detect.outputs.tag_exists != 'true'
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: pnpm/action-setup@v6
+        with:
+          version: 9
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 24
+          cache: pnpm
+
+      - run: pnpm install --frozen-lockfile
+
+      - run: pnpm publish --access public --provenance 

.github/workflows/sync.yml

@@ -22,7 +22,7 @@ jobs:
       # Step 2: run the sync action
       - name: Sync upstream changes
         id: sync
-        uses: aormsby/Fork-Sync-With-Upstream-action@v3.4.2
+        uses: aormsby/Fork-Sync-With-Upstream-action@v3.4.3
         with:
           upstream_sync_repo: NeteaseCloudMusicApiEnhanced/api-enhanced
           upstream_sync_branch: main

README.MD

@@ -30,7 +30,7 @@
 
 ## 项目简介
 
-网易云音乐第三方 Node.js API, 支持丰富的音乐相关接口，适合自建服务、二次开发和多平台部署(如果原版诈尸, 我会及时同步 or 归档)。
+网易云音乐第三方 Node.js API, 支持丰富的音乐相关接口，适合自建服务、二次开发和多平台部署
 
 > [!IMPORTANT]
 >
@@ -131,6 +131,7 @@ $ sudo docker run -d -p 3000:3000 ncm-api
 | **CORS_ALLOW_ORIGIN**      | `*`                                  | 允许跨域请求的域名。可填写单个源，或使用逗号分隔多个源（例如 `https://a.com,https://b.com`）。 |
 | **ENABLE_PROXY**           | `false`                              | 是否启用反向代理功能。                                        |
 | **PROXY_URL**              | `https://your-proxy-url.com/?proxy=` | 代理服务地址。仅当 `ENABLE_PROXY=true` 时生效。                 |
+| **ENABLE_RANDOM_CN_IP**    | `false`                              | 是否默认启用随机中国IP。启用后，所有请求默认使用随机中国IP，除非请求参数 `randomCNIP` 显式关闭。 |
 | **ENABLE_GENERAL_UNBLOCK** | `true`                               | 是否启用全局解灰（推荐开启）。开启后所有歌曲都尝试自动解锁。                     |
 | **ENABLE_FLAC**            | `true`                               | 是否启用无损音质（FLAC）。                                    |
 | **SELECT_MAX_BR**          | `false`                              | 启用无损音质时，是否选择最高码率音质。                                |
@@ -214,7 +215,7 @@ pnpm test
 
 原作者 [Binaryify/NeteaseCloudMusicApi](https://github.com/binaryify/NeteaseCloudMusicApi) 项目为本项目基础 (该项目在`npmjs`网站上仍持续维护, 但 github 仓库已不再更新)
 
-感谢大佬们为逆向eapi, weapi等加密算法所做的贡献
+感谢大佬们为逆向eapi, weapi, xeapi等加密算法所做的贡献
 
 项目参考:
 
@@ -243,6 +244,8 @@ pnpm test
 
 - [Yueby/music-together](https://github.com/Yueby/music-together)
 
+- [chthollyphlie/folia-major](https://github.com/chthollyphile/folia-major)
+
 ## License
 
 [MIT License](https://github.com/MoeFurina/NeteaseCloudMusicApiEnhanced/blob/main/LICENSE)

generateConfig.js

@@ -2,6 +2,7 @@ const fs = require('fs')
 const path = require('path')
 const { register_anonimous } = require('./main')
 const { cookieToJson, generateRandomChineseIP } = require('./util/index')
+const { getXeapiPublicKey } = require('./util/xeapiKey')
 const tmpPath = require('os').tmpdir()
 
 async function generateConfig() {
@@ -20,5 +21,21 @@ async function generateConfig() {
   } catch (error) {
     console.log(error)
   }
+  try {
+    let currentPublicKey = {}
+    try {
+      currentPublicKey = JSON.parse(
+        fs.readFileSync(path.resolve(tmpPath, 'xeapi_public_key'), 'utf-8'),
+      )
+    } catch (_) {}
+    const publicKey = await getXeapiPublicKey(currentPublicKey, global.deviceId)
+    fs.writeFileSync(
+      path.resolve(tmpPath, 'xeapi_public_key'),
+      JSON.stringify(publicKey),
+      'utf-8',
+    )
+  } catch (error) {
+    console.log(error)
+  }
 }
 module.exports = generateConfig

interface.d.ts

@@ -1841,3 +1841,724 @@ export function voice_lyric(
     id: number | string
   } & RequestBaseConfig,
 ): Promise<Response>
+
+export function aidj_content_rcmd(
+  params: {
+    latitude?: string | number
+    longitude?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function album_privilege(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function artist_detail_dynamic(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function artist_follow_count(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function broadcast_category_region_get(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function broadcast_channel_collect_list(
+  params: MultiPageConfig & RequestBaseConfig,
+): Promise<Response>
+
+export function broadcast_channel_currentinfo(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function broadcast_channel_list(
+  params: {
+    categoryId?: string | number
+    regionId?: string | number
+    lastId?: string | number
+    score?: string | number
+  } & MultiPageConfig &
+    RequestBaseConfig,
+): Promise<Response>
+
+export function broadcast_sub(
+  params: {
+    t: SubAction
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function chart_detail(
+  params: {
+    chartCode: string | number
+    targetId: string | number
+    targetType: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function chart_song_detail(
+  params: {
+    chartCode: string | number
+    targetId: string | number
+    targetType: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function cloud_import(
+  params: {
+    md5: string
+    id?: string | number
+    bitrate?: string | number
+    fileSize?: string | number
+    artist?: string
+    album?: string
+    song?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function cloud_lyric_get(
+  params: {
+    uid: string | number
+    sid: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function cloud_upload_complete(
+  params: {
+    songId: string | number
+    resourceId: string | number
+    md5: string
+    filename: string
+    song?: string
+    artist?: string
+    album?: string
+    bitrate?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function cloud_upload_token(
+  params: {
+    md5: string
+    fileSize: string | number
+    filename: string
+    bitrate?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function comment_info_list(
+  params: {
+    ids?: string
+    type?: CommentType
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function comment_report(
+  params: {
+    id: string | number
+    cid: string | number
+    reason: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function creator_authinfo_get(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function dj_difm_all_style_channel(
+  params: {
+    sources?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function dj_difm_channel_subscribe(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function dj_difm_channel_unsubscribe(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function dj_difm_playing_tracks_list(
+  params: {
+    channelId: string | number
+    limit?: string | number
+    source?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function dj_difm_subscribe_channels_get(
+  params: {
+    sources?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function fanscenter_basicinfo_age_get(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function fanscenter_basicinfo_gender_get(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function fanscenter_basicinfo_province_get(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function fanscenter_overview_get(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function fanscenter_trend_list(
+  params: {
+    startTime?: string | number
+    endTime?: string | number
+    type?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function lbs_city_code(
+  params: {
+    bizCode?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function listen_data_realtime_report(
+  params: {
+    type?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function listen_data_report(
+  params: {
+    type?: string
+    endTime?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function listen_data_today_song(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function listen_data_total(params: RequestBaseConfig): Promise<Response>
+
+export function listen_data_year_report(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function listentogether_accept(
+  params: {
+    roomId: string | number
+    inviterId: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function listentogether_end(
+  params: {
+    roomId: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function listentogether_heatbeat(
+  params: {
+    roomId: string | number
+    songId: string | number
+    playStatus: string | number
+    progress: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function listentogether_play_command(
+  params: {
+    roomId: string | number
+    commandType: string | number
+    progress?: string | number
+    playStatus: string | number
+    formerSongId: string | number
+    targetSongId: string | number
+    clientSeq: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function listentogether_room_check(
+  params: {
+    roomId: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function listentogether_room_create(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function listentogether_sync_list_command(
+  params: {
+    roomId: string | number
+    commandType: string | number
+    userId: string | number
+    version: string | number
+    randomList: string
+    displayList: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function listentogether_sync_playlist_get(
+  params: {
+    roomId: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function mlog_music_rcmd(
+  params: {
+    mvid?: string | number
+    songid?: string | number
+    limit?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function music_first_listen_info(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function personal_fm_mode(
+  params: {
+    mode: string
+    submode?: string
+    limit?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function playlist_category_list(
+  params: {
+    cat?: string
+    limit?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function playlist_detail_rcmd_get(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function playlist_import_name_task_create(
+  params: {
+    local?: string
+    importStarPlaylist?: boolean
+    ['name']?: string
+    ['description']?: string
+    ['id']?: string | number
+    ['url']?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function playlist_import_task_status(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function playlist_privacy(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function playmode_song_vector(
+  params: {
+    ids: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function radio_sport_get(
+  params: {
+    bpm?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function recent_listen_list(params: RequestBaseConfig): Promise<Response>
+
+export function recommend_songs_dislike(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function register_anonimous(params: RequestBaseConfig): Promise<Response>
+
+export function sati_resource_list(
+  params: {
+    tag: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function sati_resource_list_more(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function sati_resource_sub(
+  params: {
+    id: string | number
+    cancel?: string | boolean
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function sati_resource_sub_list(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function sati_tag_list(params: RequestBaseConfig): Promise<Response>
+
+export function sati_timescene_resources_get(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function search_match(
+  params: {
+    title?: string
+    album?: string
+    artist?: string
+    duration?: string | number
+    md5?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function search_suggest_pc(
+  params: {
+    keyword: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function send_album(
+  params: {
+    id: string | number
+    msg?: string
+    user_ids: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function send_song(
+  params: {
+    id: string | number
+    msg?: string
+    user_ids: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_chorus(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_creators(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_downlist(
+  params: MultiPageConfig & RequestBaseConfig,
+): Promise<Response>
+
+export function song_download_url_v1(
+  params: {
+    id: string | number
+    level: SoundQualityType
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_dynamic_cover(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_like(
+  params: {
+    id: string | number
+    like?: string | boolean
+    uid?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_like_check(
+  params: {
+    ids: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_lyrics_mark(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_lyrics_mark_add(
+  params: {
+    id: string | number
+    markId?: string
+    data?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_lyrics_mark_del(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_lyrics_mark_user_page(
+  params: MultiPageConfig & RequestBaseConfig,
+): Promise<Response>
+
+export function song_monthdownlist(
+  params: MultiPageConfig & RequestBaseConfig,
+): Promise<Response>
+
+export function song_music_detail(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_red_count(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_singledownlist(
+  params: MultiPageConfig & RequestBaseConfig,
+): Promise<Response>
+
+export function song_url_match(
+  params: {
+    id: string | number
+    source?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function song_url_ncmget(params: RequestBaseConfig): Promise<Response>
+
+export function song_url_v1_302(
+  params: {
+    id: string | number
+    level: SoundQualityType
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function starpick_comments_summary(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function summary_annual(
+  params: {
+    year: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function threshold_detail_get(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function toplist_detail_v2(params: RequestBaseConfig): Promise<Response>
+
+export function ugc_album_get(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function ugc_artist_get(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function ugc_artist_search(
+  params: {
+    keyword: string
+    limit?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function ugc_detail(
+  params: {
+    auditStatus?: string
+    type?: string | number
+    sortBy?: string
+    order?: string
+  } & MultiPageConfig &
+    RequestBaseConfig,
+): Promise<Response>
+
+export function ugc_mv_get(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function ugc_song_get(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function ugc_user_devote(params: RequestBaseConfig): Promise<Response>
+
+export function user_detail_new(
+  params: {
+    uid: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function user_follow_mixed(
+  params: {
+    size?: string | number
+    cursor?: string | number
+    scene?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function user_medal(
+  params: {
+    uid: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function user_mutualfollow_get(
+  params: {
+    uid: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function user_playlist_collect(
+  params: {
+    uid: string | number
+  } & MultiPageConfig &
+    RequestBaseConfig,
+): Promise<Response>
+
+export function user_playlist_create(
+  params: {
+    uid: string | number
+  } & MultiPageConfig &
+    RequestBaseConfig,
+): Promise<Response>
+
+export function user_social_status(
+  params: {
+    uid: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function user_social_status_edit(
+  params: {
+    type: string | number
+    iconUrl?: string
+    content?: string
+    actionUrl?: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function user_social_status_rcmd(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function user_social_status_support(
+  params: RequestBaseConfig,
+): Promise<Response>
+
+export function verify_getQr(
+  params: {
+    vid: string | number
+    type: string | number
+    token: string
+    evid: string
+    sign: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function verify_qrcodestatus(
+  params: {
+    qr: string
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function vip_sign(params: RequestBaseConfig): Promise<Response>
+
+export function vip_sign_info(params: RequestBaseConfig): Promise<Response>
+
+export function vip_tasks_v1(
+  params: {
+    id?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function voice_detail(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function voice_upload(
+  params: {
+    songFile: {
+      name: string
+      data: string | Buffer
+    }
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function voicelist_detail(
+  params: {
+    id: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function voicelist_list(
+  params: {
+    voiceListId: string | number
+  } & MultiPageConfig &
+    RequestBaseConfig,
+): Promise<Response>
+
+export function voicelist_my_created(
+  params: {
+    limit?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function voicelist_search(
+  params: {
+    keyword?: string
+    limit?: string | number
+    offset?: string | number
+  } & RequestBaseConfig,
+): Promise<Response>
+
+export function voicelist_trans(
+  params: {
+    radioId?: string | number
+    programId?: string | number
+    position?: string | number
+  } & MultiPageConfig &
+    RequestBaseConfig,
+): Promise<Response>

module/chart_detail.js

@@ -0,0 +1,11 @@
+// 获取指定维度音乐排行榜详情
+
+const createOption = require('../util/option.js')
+module.exports = (query, request) => {
+  const data = {
+    chartCode: query.chartCode,
+    targetId: query.targetId,
+    targetType: query.targetType,
+  }
+  return request(`/api/chart/detail`, data, createOption(query))
+}

module/chart_song_detail.js

@@ -0,0 +1,11 @@
+// 获取指定维度音乐排行榜列表
+
+const createOption = require('../util/option.js')
+module.exports = (query, request) => {
+  const data = {
+    chartCode: query.chartCode,
+    targetId: query.targetId,
+    targetType: query.targetType,
+  }
+  return request(`/api/chart/song/detail`, data, createOption(query))
+}

module/decrypt.js

@@ -0,0 +1,97 @@
+const {
+  eapiResDecrypt,
+  eapiReqDecrypt,
+  aesDecrypt,
+  xeapiResDecrypt,
+} = require('../util/crypto')
+const CryptoJS = require('crypto-js')
+
+const linuxapiKey = 'rFgB&h#%2?^eDg:Q'
+
+module.exports = async (query, request) => {
+  const crypto = query.crypto || 'eapi'
+  const data = query.data || query.hexString || ''
+  const isReq = query.isReq !== 'false'
+
+  if (!data) {
+    return {
+      status: 400,
+      body: { code: 400, message: 'data is required' },
+    }
+  }
+
+  try {
+    let result
+    switch (crypto) {
+      case 'eapi': {
+        const pureHex = data.replace(/\s/g, '')
+        result = isReq ? eapiReqDecrypt(pureHex) : eapiResDecrypt(pureHex)
+        break
+      }
+
+      case 'weapi': {
+        if (isReq) {
+          return {
+            status: 400,
+            body: {
+              code: 400,
+              message:
+                'weapi 请求解密需要 RSA 私钥，暂不支持；仅支持 weapi 返回数据解密（e_r=true 时与 eapi 相同）',
+            },
+          }
+        }
+        const pureHex = data.replace(/\s/g, '')
+        result = eapiResDecrypt(pureHex)
+        break
+      }
+
+      case 'linuxapi': {
+        if (isReq) {
+          const pureHex = data.replace(/\s/g, '')
+          const decrypted = aesDecrypt(pureHex, linuxapiKey, '', 'hex')
+          result = JSON.parse(decrypted.toString(CryptoJS.enc.Utf8))
+        } else {
+          result = typeof data === 'string' ? JSON.parse(data) : data
+        }
+        break
+      }
+
+      case 'xeapi': {
+        if (isReq) {
+          return {
+            status: 400,
+            body: {
+              code: 400,
+              message:
+                'xeapi 请求解密涉及 X25519 ECDH 密钥交换，流程复杂，暂不支持；仅支持 xeapi 返回数据解密',
+            },
+          }
+        }
+        const buf = Buffer.from(data, 'base64')
+        result = xeapiResDecrypt(buf)
+        break
+      }
+
+      case 'api': {
+        result = typeof data === 'string' ? JSON.parse(data) : data
+        break
+      }
+
+      default:
+        return {
+          status: 400,
+          body: { code: 400, message: `未知加密方式: ${crypto}` },
+        }
+    }
+
+    return {
+      status: 200,
+      body: { code: 200, data: result },
+    }
+  } catch (error) {
+    return {
+      status: 400,
+      body: { code: 400, message: `解密失败: ${error.message}` },
+    }
+  }
+}

module/lbs_city_code.js

@@ -0,0 +1,9 @@
+// 多级行政区划数据获取接口
+
+const createOption = require('../util/option.js')
+module.exports = (query, request) => {
+  const data = {
+    bizCode: query.bizCode || '',
+  }
+  return request(`/api/lbs/city/code`, data, createOption(query))
+}

module/pl_count.js

@@ -1,4 +1,5 @@
 // 私信和通知接口
+
 const createOption = require('../util/option.js')
 module.exports = (query, request) => {
   const data = {}

module/register_anonimous.js

@@ -1,3 +1,5 @@
+// 获取游客cookie
+
 const CryptoJS = require('crypto-js')
 const path = require('path')
 const fs = require('fs')
@@ -37,7 +39,7 @@ module.exports = async (query, request) => {
   let result = await request(
     `/api/register/anonimous`,
     data,
-    createOption(query, 'weapi'),
+    createOption(query, 'xeapi'),
   )
   if (result.body.code === 200) {
     result = {

module/register_xeapikey.js

@@ -0,0 +1,74 @@
+const { default: axios } = require('axios')
+const encrypt = require('../util/crypto')
+const { APP_CONF } = require('../util/config.json')
+
+const generateNonce = () => {
+  let nonce = ''
+  for (let i = 0; i < 16; i++) {
+    nonce += Math.floor(Math.random() * 10).toString()
+  }
+  return nonce
+}
+
+module.exports = async (query, request) => {
+  const nonce = generateNonce()
+  const timestamp = String(Date.now())
+  const deviceId = query.deviceId || global.deviceId || ''
+  const currentKeyVersion = query.currentKeyVersion || ''
+
+  const data = {
+    appVersion: '9.1.65',
+    currentKeyVersion,
+    deviceId,
+    nonce,
+    os: 'android',
+    requestType: 'active',
+    signature: encrypt.xeapiSign(timestamp, nonce),
+    t1: '',
+    t2: '',
+    timestamp,
+    uid: '',
+  }
+
+  const res = await axios({
+    method: 'POST',
+    url: APP_CONF.apiDomain + '/api/gorilla/anti/crawler/security/key/get',
+    headers: {
+      'User-Agent':
+        'NeteaseMusic/9.1.65.240927161425(9001065);Dalvik/2.1.0 (Linux; U; Android 14; 23013RK75C Build/UKQ1.230804.001)',
+      Cookie: deviceId ? `deviceId=${encodeURIComponent(deviceId)}` : '',
+    },
+    data: new URLSearchParams(data).toString(),
+    proxy: false,
+  })
+
+  if (
+    !res.data ||
+    res.data.code !== 200 ||
+    !res.data.data ||
+    !res.data.data.encryptedData
+  ) {
+    throw new Error('xeapi public key request failed')
+  }
+  if (
+    !res.data.data.signature ||
+    encrypt.xeapiSign(res.data.data.timestamp, nonce) !==
+      res.data.data.signature
+  ) {
+    throw new Error('xeapi public key response signature mismatch')
+  }
+
+  const publicKey = encrypt.xeapiDecryptPublicKey(res.data.data.encryptedData)
+  if (!publicKey.sk) {
+    throw new Error('xeapi public key response missing sk')
+  }
+
+  return {
+    status: 200,
+    body: {
+      ...publicKey,
+      deviceId,
+    },
+    cookie: [],
+  }
+}

module/relay_play_state_submit.js

@@ -0,0 +1,49 @@
+// 提交歌曲播放状态
+
+const createOption = require('../util/option.js')
+const generateSessionId = () =>
+  Array.from(
+    { length: 12 },
+    () =>
+      'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'[Math.floor(Math.random() * 36)],
+  ).join('')
+
+module.exports = (query, request) => {
+  const {
+    id,
+    sessionId,
+    progress = 0,
+    playMode = 'list_loop',
+    type = 'song',
+  } = query
+
+  if (!id) {
+    return Promise.reject({
+      status: 400,
+      body: {
+        code: 400,
+        msg: '缺少必要参数：id',
+      },
+    })
+  }
+
+  const playStateSubmitReq = JSON.stringify({
+    resource: {
+      id: String(id),
+      type: type,
+    },
+    progress: Number(progress) || 0,
+    sessionId: sessionId || generateSessionId(),
+    playMode: playMode,
+  })
+
+  const data = {
+    playStateSubmitReq: playStateSubmitReq,
+  }
+
+  return request(
+    '/api/relay/play/state/submit',
+    data,
+    createOption(query, 'weapi'),
+  )
+}

module/song_cloud_download.js

@@ -0,0 +1,9 @@
+// 从云盘获取歌曲下载链接
+
+const createOption = require('../util/option.js')
+module.exports = (query, request) => {
+  const data = {
+    songId: query.id,
+  }
+  return request(`/api/cloud/dowonload`, data, createOption(query, 'eapi'))
+}

module/song_url_v1.js

@@ -53,5 +53,9 @@ module.exports = async (query, request) => {
   if (data.level == 'sky') {
     data.immerseType = 'c51'
   }
-  return request(`/api/song/enhance/player/url/v1`, data, createOption(query))
+  return request(
+    `/api/song/enhance/player/url/v1`,
+    data,
+    createOption(query, 'xeapi'),
+  )
 }

module/vip_sign.js

@@ -3,5 +3,9 @@
 const createOption = require('../util/option.js')
 module.exports = (query, request) => {
   const data = {}
-  return request(`/api/vip-center-bff/task/sign`, data, createOption(query))
+  return request(
+    `/api/vip-center-bff/task/sign`,
+    data,
+    createOption(query, 'weapi'),
+  )
 }

module/vip_sign_detail.js

@@ -0,0 +1,14 @@
+// 黑胶乐签打卡详情
+
+const createOption = require('../util/option.js')
+module.exports = (query, request) => {
+  const data = {
+    signDayTime: query.timestamp,
+    type: '1',
+  }
+  return request(
+    `/api/vipnewcenter/app/level/user/checkin/history/detail`,
+    data,
+    createOption(query, 'eapi'),
+  )
+}

module/vip_sign_history.js

@@ -0,0 +1,13 @@
+// 黑胶乐签打卡历史
+
+const createOption = require('../util/option.js')
+module.exports = (query, request) => {
+  const data = {
+    type: '0',
+  }
+  return request(
+    `/api/vipnewcenter/app/minidesk/music/sign/pc`,
+    data,
+    createOption(query, 'xeapi'),
+  )
+}

module/vip_sign_info.js

@@ -1,4 +1,4 @@
-// 黑胶乐签签到信息
+// 黑胶乐签未来签到信息
 
 const createOption = require('../util/option.js')
 module.exports = (query, request) => {

module/vip_tasks_v1.js

@@ -0,0 +1,14 @@
+// 会员任务 - 新版
+
+const createOption = require('../util/option.js')
+module.exports = (query, request) => {
+  const data = {
+    taskType: 'app_vip_task_center',
+    userId: query.id,
+  }
+  return request(
+    `/api/middle/vip/mission/user/progress/list`,
+    data,
+    createOption(query, 'xeapi'),
+  )
+}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@neteasecloudmusicapienhanced/api",
-  "version": "4.32.1",
+  "version": "4.35.1",
   "description": "全网最全的网易云音乐API接口 || A revival project for NeteaseCloudMusicApi Node.js Services (Half Refactor & Enhanced) || 网易云音乐 API 备份 + 增强 || 本项目自原版v4.28.0版本后开始自行维护",
   "scripts": {
     "dev": "nodemon app.js",
@@ -41,6 +41,14 @@
   ],
   "main": "main.js",
   "types": "./interface.d.ts",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NeteaseCloudMusicApiEnhanced/api-enhanced.git"
+  },
+  "bugs": {
+    "url": "https://github.com/NeteaseCloudMusicApiEnhanced/api-enhanced/issues"
+  },
+  "homepage": "https://neteasecloudmusicapienhanced.js.org/",
   "engines": {
     "node": ">=12"
   },
@@ -65,14 +73,14 @@
     "data"
   ],
   "dependencies": {
-    "@neteasecloudmusicapienhanced/unblockmusic-utils": "^0.3.1",
-    "axios": "^1.16.1",
+    "@neteasecloudmusicapienhanced/unblockmusic-utils": "^0.3.2",
+    "axios": "^1.17.0",
     "crypto-js": "^4.2.0",
     "dotenv": "^17.4.2",
     "express": "^5.2.1",
     "express-fileupload": "^1.5.2",
     "gzip": "^0.1.0",
-    "music-metadata": "^11.12.3",
+    "music-metadata": "^11.13.0",
     "node-forge": "^1.4.0",
     "pac-proxy-agent": "^7.2.0",
     "qrcode": "^1.5.4",
@@ -87,22 +95,26 @@
     "@types/express": "^5.0.6",
     "@types/express-fileupload": "^1.5.1",
     "@types/mocha": "^10.0.10",
-    "@types/node": "25.5.0",
-    "@typescript-eslint/eslint-plugin": "^8.59.3",
-    "@typescript-eslint/parser": "^8.59.3",
+    "@types/node": "25.9.2",
+    "@typescript-eslint/eslint-plugin": "^8.60.1",
+    "@typescript-eslint/parser": "^8.60.1",
     "eslint": "^9.39.4",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-html": "^8.1.4",
-    "eslint-plugin-prettier": "^5.5.5",
+    "eslint-plugin-prettier": "^5.5.6",
     "globals": "^17.6.0",
     "husky": "^9.1.7",
     "intelli-espower-loader": "^1.1.0",
     "lint-staged": "^16.4.0",
-    "mocha": "^11.7.5",
+    "mocha": "^11.7.6",
     "nodemon": "^3.1.14",
     "pkg": "^5.8.1",
     "power-assert": "^1.6.1",
     "prettier": "^3.8.3",
     "typescript": "^6.0.3"
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
   }
 }

public/api.html

@@ -132,6 +132,7 @@
                     <option value="eapi">eapi</option>
                     <option value="api">api</option>
                     <option value="linuxapi">linuxapi</option>
+                    <option value="xeapi">xeapi</option>
                     <option value="" selected>(默认)</option>
                 </select>
             </div>

public/api_decrypt.html

@@ -0,0 +1,695 @@
+<!DOCTYPE html>
+<html lang="zh">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>API 参数和返回内容解析</title>
+  <style>
+    * {
+      margin: 0;
+      padding: 0;
+      box-sizing: border-box;
+    }
+
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      min-height: 100vh;
+      background: #f5f5f5;
+      padding: 20px;
+    }
+
+    .container {
+      max-width: 900px;
+      margin: 0 auto;
+      background: white;
+      border-radius: 12px;
+      padding: 32px;
+      box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1);
+    }
+
+    h1 {
+      font-size: 24px;
+      font-weight: 600;
+      color: #333;
+      margin-bottom: 24px;
+    }
+
+    .form-group {
+      margin-bottom: 24px;
+    }
+
+    label {
+      display: block;
+      font-size: 14px;
+      font-weight: 500;
+      color: #555;
+      margin-bottom: 8px;
+    }
+
+    textarea {
+      width: 100%;
+      padding: 12px;
+      border: 1px solid #ddd;
+      border-radius: 6px;
+      font-family: 'Courier New', monospace;
+      font-size: 13px;
+      resize: vertical;
+      min-height: 200px;
+      outline: none;
+    }
+
+    textarea:focus {
+      border-color: #333;
+    }
+
+    .radio-group {
+      display: flex;
+      gap: 24px;
+      margin-bottom: 24px;
+    }
+
+    .radio-item {
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+
+    .radio-item input[type="radio"] {
+      cursor: pointer;
+    }
+
+    .radio-item label {
+      margin: 0;
+      cursor: pointer;
+      font-size: 14px;
+    }
+
+    button {
+      background: #333;
+      color: white;
+      padding: 12px 28px;
+      border: none;
+      border-radius: 6px;
+      font-size: 15px;
+      font-weight: 500;
+      cursor: pointer;
+      transition: background 0.2s ease;
+    }
+
+    button + button {
+      margin-left: 12px;
+    }
+
+    button:hover {
+      background: #555;
+    }
+
+    .result-section {
+      margin-top: 24px;
+    }
+
+    .result-section label {
+      margin-bottom: 12px;
+    }
+
+    .decode-result {
+      white-space: pre-wrap;
+      word-break: break-all;
+      background: #f9f9f9;
+      padding: 16px;
+      border-radius: 6px;
+      border: 1px solid #eee;
+      min-height: 200px;
+      max-height: 400px;
+      overflow: auto;
+      font-family: 'Courier New', monospace;
+      font-size: 13px;
+    }
+
+    .decode-result .json-key { color: #881391; }
+    .decode-result .json-string { color: #1a7f37; }
+    .decode-result .json-number { color: #0550ae; }
+    .decode-result .json-boolean { color: #cf222e; }
+    .decode-result .json-null { color: #656d76; }
+
+    .example-section {
+      margin-top: 32px;
+      padding-top: 24px;
+      border-top: 1px solid #eee;
+    }
+
+    .example-section h2 {
+      font-size: 18px;
+      font-weight: 600;
+      color: #333;
+      margin-bottom: 16px;
+    }
+
+    .example-section img {
+      max-width: 100%;
+      height: auto;
+      border-radius: 6px;
+      margin-bottom: 16px;
+      border: 1px solid #eee;
+    }
+
+    /* new elements for multi-crypto support */
+    .crypto-bar {
+      display: flex;
+      flex-wrap: wrap;
+      align-items: center;
+      gap: 8px;
+      margin-bottom: 20px;
+      padding: 12px 16px;
+      background: #fafafa;
+      border-radius: 6px;
+      border: 1px solid #eee;
+    }
+
+    .crypto-bar .bar-label {
+      font-size: 13px;
+      font-weight: 500;
+      color: #555;
+      margin-right: 8px;
+    }
+
+    .crypto-btn {
+      padding: 5px 14px;
+      border-radius: 4px;
+      border: 1px solid #ddd;
+      background: #fff;
+      cursor: pointer;
+      font-size: 13px;
+      font-weight: 500;
+      color: #666;
+      transition: all 0.15s ease;
+    }
+
+    .crypto-btn:hover {
+      border-color: #333;
+      color: #333;
+      background: #f5f5f5;
+    }
+
+    .crypto-btn.active {
+      border-color: #333;
+      background: #333;
+      color: #fff;
+    }
+
+    .crypto-btn .badge {
+      display: inline-block;
+      font-size: 10px;
+      background: rgba(0,0,0,0.08);
+      border-radius: 4px;
+      padding: 0 5px;
+      margin-left: 3px;
+    }
+    .crypto-btn.active .badge {
+      background: rgba(255,255,255,0.2);
+    }
+
+    .mode-row {
+      display: flex;
+      align-items: center;
+      gap: 20px;
+      margin-bottom: 20px;
+      flex-wrap: wrap;
+    }
+
+    .mode-row .mode-label {
+      font-size: 13px;
+      font-weight: 500;
+      color: #555;
+    }
+
+    .mode-row .radio-group {
+      margin-bottom: 0;
+    }
+
+    .info-hint {
+      font-size: 12px;
+      color: #888;
+      margin-top: 6px;
+      padding: 6px 10px;
+      background: #fafafa;
+      border-radius: 4px;
+      border-left: 3px solid #999;
+    }
+
+    .info-hint.warn {
+      border-left-color: #e67e22;
+      background: #fef9f0;
+      color: #d35400;
+    }
+
+    .action-row {
+      display: flex;
+      gap: 8px;
+      flex-wrap: wrap;
+      margin-bottom: 4px;
+    }
+
+    .action-row button + button {
+      margin-left: 0;
+    }
+
+    button.btn-secondary {
+      background: #e8e8e8;
+      color: #444;
+    }
+    button.btn-secondary:hover {
+      background: #d5d5d5;
+    }
+    button.btn-secondary:disabled {
+      opacity: 0.4;
+      cursor: not-allowed;
+      pointer-events: none;
+    }
+    button.btn-success {
+      background: #4caf50;
+    }
+    button.btn-success:hover {
+      background: #43a047;
+    }
+    button.btn-success:disabled {
+      opacity: 0.4;
+      cursor: not-allowed;
+      pointer-events: none;
+    }
+
+    .result-section .section-header {
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      margin-bottom: 10px;
+    }
+
+    .result-section .section-header label {
+      margin: 0;
+    }
+
+    .copy-btn {
+      font-size: 12px;
+      padding: 3px 12px;
+      border-radius: 4px;
+      border: 1px solid #ddd;
+      background: #fff;
+      cursor: pointer;
+      color: #666;
+      transition: all 0.15s;
+    }
+    .copy-btn:hover {
+      background: #333;
+      color: #fff;
+      border-color: #333;
+    }
+
+    .example-grid {
+      display: grid;
+      grid-template-columns: 1fr 1fr;
+      gap: 16px;
+      margin-top: 12px;
+    }
+
+    .example-card {
+      background: #fafafa;
+      border-radius: 6px;
+      padding: 16px;
+      border: 1px solid #eee;
+    }
+
+    .example-card h3 {
+      font-size: 14px;
+      font-weight: 600;
+      color: #555;
+      margin-bottom: 8px;
+    }
+
+    .example-card pre {
+      font-family: 'Courier New', monospace;
+      font-size: 12px;
+      line-height: 1.5;
+      background: #fff;
+      padding: 10px;
+      border-radius: 4px;
+      overflow-x: auto;
+      border: 1px solid #e8e8e8;
+      max-height: 120px;
+      overflow-y: auto;
+      margin-bottom: 8px;
+    }
+
+    .example-card .tag {
+      display: inline-block;
+      font-size: 10px;
+      font-weight: 600;
+      padding: 2px 8px;
+      border-radius: 3px;
+      margin-bottom: 6px;
+    }
+
+    .tag-eapi { background: #e3f2fd; color: #1565c0; }
+    .tag-weapi { background: #fce4ec; color: #c62828; }
+    .tag-linuxapi { background: #e8f5e9; color: #2e7d32; }
+    .tag-xeapi { background: #f3e5f5; color: #7b1fa2; }
+    .tag-api { background: #fff3e0; color: #e65100; }
+
+    @media (max-width: 640px) {
+      .example-grid { grid-template-columns: 1fr; }
+      .crypto-bar { gap: 4px; }
+      .crypto-btn { padding: 4px 10px; font-size: 12px; }
+    }
+  </style>
+</head>
+
+<body>
+  <div id="app" class="container">
+    <h1>API 参数和返回内容解析</h1>
+
+    <!-- 加密方式选择 -->
+    <div class="crypto-bar">
+      <span class="bar-label">加密方式</span>
+      <button
+        v-for="c in cryptoList"
+        :key="c.value"
+        class="crypto-btn"
+        :class="{ active: crypto === c.value }"
+        @click="selectCrypto(c.value)"
+      >
+        {{ c.label }}
+        <span class="badge">{{ c.badge }}</span>
+      </button>
+    </div>
+
+    <div class="mode-row">
+      <span class="mode-label">数据类型</span>
+      <div class="radio-group">
+        <div class="radio-item">
+          <input
+            type="radio"
+            id="mode-req"
+            :value="true"
+            v-model="isReq"
+            :disabled="cryptoInfo.reqDisabled"
+          />
+          <label for="mode-req">请求数据 request</label>
+        </div>
+        <div class="radio-item">
+          <input
+            type="radio"
+            id="mode-resp"
+            :value="false"
+            v-model="isReq"
+            :disabled="cryptoInfo.respDisabled"
+          />
+          <label for="mode-resp">返回数据 response</label>
+        </div>
+      </div>
+    </div>
+
+    <div class="form-group">
+      <label for="dataInput">{{ cryptoInfo.inputLabel }}</label>
+      <textarea
+        id="dataInput"
+        v-model="encryptedData"
+        :rows="crypto === 'xeapi' ? 8 : 10"
+        :placeholder="cryptoInfo.placeholder"
+      ></textarea>
+      <div class="info-hint" :class="{ warn: cryptoInfo.warning }">
+        {{ cryptoInfo.hint }}
+      </div>
+    </div>
+
+    <div class="action-row">
+      <button @click="decrypt">解密</button>
+      <button class="btn-success" @click="sendToApi" :disabled="!canSend">
+        填入 API 调试
+      </button>
+      <button class="btn-secondary" @click="loadExample">加载示例</button>
+      <button class="btn-secondary" @click="clearAll">清空</button>
+    </div>
+
+    <div class="result-section">
+      <div class="section-header">
+        <label>解密结果：</label>
+        <button
+          v-if="result && result !== '{}' && result !== 'null'"
+          class="copy-btn"
+          @click="copyResult"
+        >
+          复制
+        </button>
+      </div>
+      <pre class="decode-result" v-html="highlightedResult"></pre>
+    </div>
+
+    <div class="example-section">
+      <h2>使用示例</h2>
+      <img src="/static/eapi_params.png" alt="请求示例" />
+      <img src="/static/eapi_response.png" alt="响应示例" />
+
+      <div class="example-grid">
+        <div class="example-card">
+          <span class="tag tag-eapi">eapi</span>
+          <h3>请求参数解密</h3>
+          <pre>输入 hex 字符串，解密后得到请求 URL 和参数</pre>
+          <button class="copy-btn" @click="loadExampleData('eapi_req')">加载示例</button>
+        </div>
+        <div class="example-card">
+          <span class="tag tag-linuxapi">linuxapi</span>
+          <h3>请求 eparams 解密</h3>
+          <pre>AES-ECB 解密 linuxapi 的 eparams 参数（hex）</pre>
+          <button class="copy-btn" @click="loadExampleData('linuxapi_req')">加载示例</button>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <script src="https://fastly.jsdelivr.net/npm/axios"></script>
+  <script src="https://fastly.jsdelivr.net/npm/vue@3"></script>
+
+  <script>
+    const cryptoInfos = {
+      eapi: {
+        label: 'eapi',
+        badge: 'AES-ECB',
+        inputLabel: '十六进制字符串（Hex）',
+        placeholder: '粘贴 eapi 加密后的 Hex 字符串...',
+        hint: 'eapi 使用 AES-ECB 加密，密钥 e82ckenh8dichen8。请求格式: url-36cd479b6b5-data-36cd479b6b5-md5',
+        warning: false,
+        reqDisabled: false,
+        respDisabled: false,
+      },
+      weapi: {
+        label: 'weapi',
+        badge: 'AES-CBC+RSA',
+        inputLabel: '十六进制字符串（Hex）',
+        placeholder: '粘贴 weapi 返回数据的 Hex 字符串（e_r=true 时）...',
+        hint: 'weapi 请求解密需要 RSA 私钥，暂不支持。仅支持返回数据解密（同 eapi 的 AES-ECB）',
+        warning: true,
+        reqDisabled: true,
+        respDisabled: false,
+      },
+      linuxapi: {
+        label: 'linuxapi',
+        badge: 'AES-ECB',
+        inputLabel: '十六进制字符串（Hex）',
+        placeholder: '粘贴 linuxapi 的 eparams (Hex 格式)...',
+        hint: 'linuxapi 请求 eparams 使用 AES-ECB 加密，密钥 rFgB&h#%2?^eDg:Q。返回为明文 JSON',
+        warning: false,
+        reqDisabled: false,
+        respDisabled: false,
+      },
+      xeapi: {
+        label: 'xeapi',
+        badge: 'X25519+AES',
+        inputLabel: 'Base64 编码字符串',
+        placeholder: '粘贴 xeapi 返回数据的 Base64 原始二进制...',
+        hint: 'xeapi 请求涉及 X25519 ECDH 密钥交换，暂不支持。返回数据使用 AES-ECB + eapiKey 加密，可能带 gzip',
+        warning: true,
+        reqDisabled: true,
+        respDisabled: false,
+      },
+      api: {
+        label: 'api',
+        badge: '明文',
+        inputLabel: 'JSON 文本',
+        placeholder: '粘贴 api 的请求或返回 JSON...',
+        hint: 'api（明文）不经加密，直接传递 JSON 数据',
+        warning: false,
+        reqDisabled: false,
+        respDisabled: false,
+      },
+    }
+
+    const examples = {
+      eapi_req:
+        'AD96DDB984491E79B6F429DD650C6E2AE524627AC223AC9A123C66BB0997965950FED137544A93DFC718E16F57C8C121AF537086F395570A5602A3922366D11964DAFACD7830AACABF62E5650E67F457E79C1D2E13502391FC3487216CC5BF8681843FCB8E05559487EB18AAC1BE0EFEA4F7B6A050478366153A9426C238B8869600B275704555A9EB94C92E4F3FDABE9E0BCE07645410D0AA7B675698A4CAE6CD3620633ABF0B849A4244CC8DFC5DB2646D5EA9B3954E62BFEF19AFEAFDDC34E55C3E9A1DD3167CF53D443617108141',
+      linuxapi_req:
+        'A0D9583F4C5FF68DE851D2893A49DE98CC059A8845B664AA2459CEA7271A2C0E5BCA8A188E1BE398DB4C9A3FC117E19C9BAC491F454D17D403C2389476AB0FF4296B00294AD1EBDA141C188DF918F6B9599DAA5739928FD52B4AE580D8657903CE3C6633D2E46AD242408AE219B8191E',
+    }
+
+    const app = Vue.createApp({
+      data() {
+        return {
+          crypto: 'eapi',
+          encryptedData: '',
+          result: '{}',
+          isReq: true,
+          cryptoList: [
+            { value: 'eapi', label: 'eapi', badge: 'AES-ECB' },
+            { value: 'weapi', label: 'weapi', badge: 'AES-CBC+RSA' },
+            { value: 'linuxapi', label: 'linuxapi', badge: 'AES-ECB' },
+            { value: 'xeapi', label: 'xeapi', badge: 'X25519+AES' },
+            { value: 'api', label: 'api', badge: '明文' },
+          ],
+        }
+      },
+      mounted() {
+        this.loadExample()
+      },
+      computed: {
+        cryptoInfo() {
+          return cryptoInfos[this.crypto] || cryptoInfos.eapi
+        },
+        isRequestMode() {
+          return this.isReq === true || this.isReq === 'true'
+        },
+        canSend() {
+          if (!this.isRequestMode) return false
+          if (!this.result || this.result === '{}' || this.result === 'null') return false
+          try {
+            JSON.parse(this.result)
+            return true
+          } catch (error) {
+            return false
+          }
+        },
+        highlightedResult() {
+          if (!this.result || this.result === '') return ''
+          try {
+            const parsed = typeof this.result === 'string' ? JSON.parse(this.result) : this.result
+            const json = JSON.stringify(parsed, null, 2)
+            return this.syntaxHighlight(json)
+          } catch (error) {
+            return this.escapeHtml(String(this.result))
+          }
+        },
+      },
+      watch: {
+        crypto(val) {
+          const info = cryptoInfos[val]
+          if (this.isReq && info.reqDisabled) {
+            this.isReq = false
+          } else if (!this.isReq && info.respDisabled) {
+            this.isReq = true
+          }
+        },
+      },
+      methods: {
+        selectCrypto(val) {
+          this.crypto = val
+        },
+        syntaxHighlight(json) {
+          const escaped = this.escapeHtml(json)
+          return escaped
+            .replace(/(?:"(?:\\.|[^"\\])*")\s*:/g, '<span class="json-key">$&</span>')
+            .replace(/:(\s*)(?:"(?:\\.|[^"\\])*")/g, ':<span class="json-string">$1$2</span>')
+            .replace(/:\s*(\d+(?:\.\d+)?)/g, ': <span class="json-number">$1</span>')
+            .replace(/:\s*(true|false)/g, ': <span class="json-boolean">$1</span>')
+            .replace(/:\s*(null)/g, ': <span class="json-null">$1</span>')
+        },
+        escapeHtml(text) {
+          const div = document.createElement('div')
+          div.textContent = text
+          return div.innerHTML
+        },
+        formatResult(value) {
+          if (value == null || value === '') return ''
+          try {
+            const parsed = typeof value === 'string' ? JSON.parse(value) : value
+            return JSON.stringify(parsed, null, 2)
+          } catch (error) {
+            return String(value)
+          }
+        },
+        async decrypt() {
+          if (!this.encryptedData || !this.encryptedData.trim()) {
+            alert('请先输入要解密的数据')
+            return
+          }
+          try {
+            const res = await axios({
+              url: `/decrypt?crypto=${this.crypto}&isReq=${this.isReq}&timestamp=${Date.now()}`,
+              method: 'post',
+              data: { data: this.encryptedData },
+            })
+            this.result = JSON.stringify(res.data.data)
+          } catch (error) {
+            console.error(error)
+            const msg = error?.response?.data?.message || error?.message || '解密失败，数据格式错误'
+            alert(msg)
+            this.result = '{}'
+          }
+        },
+        sendToApi() {
+          if (!this.canSend) return
+          const payload = JSON.parse(this.result)
+          const params = new URLSearchParams()
+          const uri = payload.uri || payload.url || payload.path || ''
+          params.set('uri', uri)
+          params.set('crypto', this.crypto)
+          const data = payload.params || payload.data || payload.body || payload.payload || payload.request || {}
+          params.set('data', JSON.stringify(data))
+          window.open(`/api.html?${params.toString()}`, '_blank')
+        },
+        loadExample() {
+          switch (this.crypto) {
+            case 'eapi':
+              this.encryptedData = examples.eapi_req
+              break
+            case 'linuxapi':
+              this.isReq = true
+              this.encryptedData = examples.linuxapi_req
+              break
+            case 'xeapi':
+              this.isReq = false
+              this.encryptedData = ''
+              break
+            default:
+              this.encryptedData = ''
+          }
+          if (this.encryptedData) this.decrypt()
+        },
+        loadExampleData(type) {
+          switch (type) {
+            case 'eapi_req':
+              this.crypto = 'eapi'
+              this.isReq = true
+              this.encryptedData = examples.eapi_req
+              break
+            case 'linuxapi_req':
+              this.crypto = 'linuxapi'
+              this.isReq = true
+              this.encryptedData = examples.linuxapi_req
+              break
+          }
+          if (this.encryptedData) this.decrypt()
+        },
+        clearAll() {
+          this.encryptedData = ''
+          this.result = '{}'
+        },
+        copyResult() {
+          const text = typeof this.result === 'string' ? this.result : JSON.stringify(this.result, null, 2)
+          navigator.clipboard.writeText(text).then(() => {
+            alert('已复制到剪贴板')
+          })
+        },
+      },
+    })
+    app.mount('#app')
+  </script>
+</body>
+</html>

public/docs/_coverpage.md

@@ -1,13 +1,14 @@
-# 网易云音乐 API Enhanced
+# NeteaseCloudMusicAPI Enhanced
 
-> 🔍 网易云音乐API Node.js服务的复兴项目
+> 🎉 全网收集最全的网易云音乐api接口 基于[NeteaseCloudMusicAPI](https://github.com/binaryify/NeteaseCloudMusicApi)的复刻版本
 
-- 基于原版网易云API新增更多有趣的功能
-- 具备登录接口,多达200多个接口
-- 更完善的文档
+- ⚡ 四种加密模式 · 后端代理
+- 🪛 具备多达200多个接口
+- 📄 更完善的文档
 
 
 [Github](https://github.com/neteasecloudmusicapienhanced/api-enhanced)
-[Get Started](#neteasecloudmusicapienhanced)
+[前往本家](https://github.com/binaryify/NeteaseCloudMusicApi)
+[快速开始](#neteasecloudmusicapienhanced)
 
 ![color](#ffffff)

public/docs/home.md

@@ -2,8 +2,6 @@
 
 网易云音乐 NodeJS API Enhanced
 
-最后更新于: 2026.2.15
-
 ## 灵感来自
 
 [disoul/electron-cloud-music](https://github.com/disoul/electron-cloud-music)
@@ -211,14 +209,19 @@ $ sudo docker run -d -p 3000:3000 netease-music-api
 
 ## 调试工具
 
-- `eapi` 请求参数或返回内容可在 `/eapi_decrypt.html` 里解析
+- 大部分请求参数或返回内容可在 `/api_decrypt.html` 里解析
 - 请求参数模式下, 解密结果可直接带到 `/api.html` 继续调试
 - 需要返回值加密时, 可传 `e_r=1`, `weapi` 和 `eapi` 都支持
+- 目前支持算法 有 `weapi`, `eapi`, `linuxapi` 和 `xeapi` (xeapi 是一种不加密的特殊算法, 主要用于调试加密前的原始请求参数)
 
 ## 接口文档
 
 ### 调用前须知
 
+AI 生成的图,仅供娱乐()
+
+![ai generated](./aigen.png)
+
 !> 本项目不提供线上 demo, 只提供在线文档服务, 请不要轻易信任使用他人提供的公开服务，以免发生安全问题,泄露自己的账号和密码
 
 !> 为使用方便,降低门槛, 文档示例接口直接使用了 GET 请求,本项目同时支持 GET/POST 请按实际需求使用 (POST 请求 url 必须添加时间戳,使每次请求 url 不一样,不然请求会被缓存)
@@ -261,11 +264,7 @@ $ sudo docker run -d -p 3000:3000 netease-music-api
 
 !> ~~因网易增加了网易云盾验证,密码登录暂时不要使用,尽量使用短信验证码登录和二维码登录,否则调用某些接口会触发需要验证的错误~~
 
-!> ~~二开作者再注: 现在二维码登录也无法使用了, 网易云官方最近查的太严了, 现在尝试调用会提示环境异常, 如果各位有绕过的方法请一定开`Pull Request`~~
-
-!> ~~二开作者注: 二维码登录现在是修复了, 但是密码登录和短信登录还是不行, 如果各位有绕过的方法请一定开`Pull Request`~~
-
-!> 二开作者注: 在`v4.29.18`版本中修复了密码登录和短信登录的问题, 现在可以正常使用了
+!> 二开作者注: 在`v4.29.18`版本中修复了短信登录的问题, 现在可以正常使用了
 
 #### 1. 手机登录
 
@@ -1523,7 +1522,7 @@ tags: 歌单标签
 1. 歌词行显示开始时间戳 (毫秒)
 2. 歌词行显示总时长(毫秒)
 3. 逐字显示开始时间戳 (毫秒)
-4. 逐字显示时长 (厘秒/0.01s)
+4. 逐字显示时长 (毫秒)
 5. 未知
 6. 文字
 
@@ -2493,6 +2492,18 @@ privilege:权限相关信息
 
 **调用例子 :** `/scrobble?id=518066366&sourceid=36780169&time=291`
 
+### 提交歌曲播放状态
+
+说明 : 调用此接口可提交歌曲播放状态，支持会话追踪和播放模式记录，未传入 `sessionId` 时后端会自动生成
+
+**必选参数 :** `id`: 歌曲 id
+
+**可选参数 :** `sessionId`: 播放会话 ID（12 位大写字母和数字），不传则自动生成, `progress`: 播放进度（秒），默认 0, `playMode`: 播放模式，默认 `list_loop`, `type`: 资源类型，默认 `song`
+
+**接口地址 :** `/relay/play/state/submit`
+
+**调用例子 :** `/relay/play/state/submit?id=518066366&progress=30`
+
 ### 热门歌手
 
 说明 : 调用此接口 , 可获取热门歌手数据
@@ -5031,7 +5042,7 @@ let data = encodeURIComponent(
 
 **调用例子:** `/vip/sign`
 
-### 黑胶乐签打卡信息
+### 黑胶乐签未来打卡信息
 
 说明: 登录后调用此接口, 获取黑胶乐签打卡信息
 
@@ -5309,6 +5320,86 @@ let data = encodeURIComponent(
 
 **调用例子 :* `/comment/report?id=2058263032&cid=123456789&reason=人身攻击`
 
+### 多级行政区划数据
+
+说明 : 调用此接口,可获取多级行政区划数据
+
+**可选参数 :** `bizCode`: 业务类型,默认空字符串。传入 `chart` 时获取支持城市榜的城市列表,传空时获取所有城市列表
+
+**接口地址 :** `/lbs/city/code`
+
+**调用例子 :** `/lbs/city/code`
+
+### 指定维度音乐排行榜详情
+
+说明 : 调用此接口,可获取城市榜、城市风格榜等指定维度音乐排行榜详情
+
+**必选参数 :**
+
+`chartCode`: 榜单编码,如 `CITY_SONG_CHART`、`CITY_STYLE_SONG_CHART`
+
+`targetId`: 目标 id,城市榜如 `110000`,城市风格榜如 北京华语流行榜 `110000_1020`。城市风格榜格式通常为 `城市 id_曲风 id`,其中曲风 id 可通过[曲风列表](#曲风列表)接口 `/style/list` 获取。城市榜的城市列表可通过[多级行政区划数据](#多级行政区划数据)接口传入 `bizCode=chart` 获取；城市风格榜的城市列表可通过该接口传空 `bizCode` 获取
+
+`targetType`: 目标类型,如 `CITY`、`CITY_STYLE`
+
+**接口地址 :** `/chart/detail`
+
+**调用例子 :** `/chart/detail?chartCode=CITY_SONG_CHART&targetId=110000&targetType=CITY`
+
+### 指定维度音乐排行榜列表
+
+说明 : 调用此接口,可获取城市榜、城市风格榜等指定维度音乐排行榜歌曲列表
+
+**必选参数 :**
+
+`chartCode`: 榜单编码,如 `CITY_SONG_CHART`、`CITY_STYLE_SONG_CHART`
+
+`targetId`: 目标 id,城市榜如 `110000`,城市风格榜如 北京华语流行榜 `110000_1020`。城市风格榜格式通常为 `城市 id_曲风 id`,其中曲风 id 可通过[曲风列表](#曲风列表)接口 `/style/list` 获取。城市榜的城市列表可通过[多级行政区划数据](#多级行政区划数据)接口传入 `bizCode=chart` 获取；城市风格榜的城市列表可通过该接口传空 `bizCode` 获取
+
+`targetType`: 目标类型,如 `CITY`、`CITY_STYLE`
+
+**接口地址 :** `/chart/song/detail`
+
+**调用例子 :** `/chart/song/detail?chartCode=CITY_STYLE_SONG_CHART&targetId=110000_1020&targetType=CITY_STYLE`
+
+### 会员任务 - 新版
+
+说明 : 登录后调用此接口, 获取会员任务
+
+**可选参数** `id`: 用户 id, 传入后可获取指定用户的会员任务, 不传入则获取当前登录用户的会员任务
+
+**接口地址 :** `/vip/task/v1`
+
+**调用例子 :** `/vip/task/v1` `/vip/task/v1?id=32953014`
+
+### 黑胶乐签详情
+
+说明 : 登录后调用此接口, 传入时间戳, 获取黑胶乐签详情
+
+**必选参数 :** `timestamp`: 时间戳, 单位毫秒, 如 `1704067200000` 表示 2024 年 12 月 31 日 0 点 (不传入会出现随机的乐签详情)
+
+**接口地址 :** `/vip/sign/detail`
+
+**调用例子 :** `/vip/sign/detail`
+
+### 黑胶乐签历史
+
+说明 : 登录后调用此接口, 获取黑胶乐签历史
+
+**接口地址 :** `/vip/sign/history`
+
+**调用例子 :** `/vip/sign/history`
+
+### 直接获取云盘歌曲下载链接
+
+说明 : 调用此接口, 传入云盘歌曲 id, 可直接获取云盘歌曲下载链接
+
+**必选参数 :** `id`: 云盘歌曲 id
+
+**接口地址 :** `/song/cloud/download`
+
+**调用例子 :** `/song/cloud/download?id=123456789`
+
 ## 离线访问此文档
 
 此文档同时也是 Progressive Web Apps(PWA), 加入了 serviceWorker, 可离线访问

public/docs/index.html

@@ -108,7 +108,7 @@
     name: '网易云音乐 API Enhanced',
     repo: 'https://github.com/neteasecloudmusicapienhanced/api-enhanced',
     coverpage: true,
-    homepage: 'https://cdn.jsdelivr.net/gh/NeteaseCloudMusicApiEnhanced/api-enhanced@main/public/docs/home.md',
+    homepage: 'home.md',
   }
 </script>
 <script src="https://unpkg.com/docsify@4.11.3/lib/docsify.min.js"></script>

public/eapi_decrypt.html

@@ -1,265 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>eapi 参数和返回内容解析</title>
-  <style>
-    * {
-      margin: 0;
-      padding: 0;
-      box-sizing: border-box;
-    }
-
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
-      min-height: 100vh;
-      background: #f5f5f5;
-      padding: 20px;
-    }
-
-    .container {
-      max-width: 900px;
-      margin: 0 auto;
-      background: white;
-      border-radius: 12px;
-      padding: 32px;
-      box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1);
-    }
-
-    h1 {
-      font-size: 24px;
-      font-weight: 600;
-      color: #333;
-      margin-bottom: 24px;
-    }
-
-    .form-group {
-      margin-bottom: 24px;
-    }
-
-    label {
-      display: block;
-      font-size: 14px;
-      font-weight: 500;
-      color: #555;
-      margin-bottom: 8px;
-    }
-
-    textarea {
-      width: 100%;
-      padding: 12px;
-      border: 1px solid #ddd;
-      border-radius: 6px;
-      font-family: 'Courier New', monospace;
-      font-size: 13px;
-      resize: vertical;
-      min-height: 200px;
-      outline: none;
-    }
-
-    textarea:focus {
-      border-color: #333;
-    }
-
-    .radio-group {
-      display: flex;
-      gap: 24px;
-      margin-bottom: 24px;
-    }
-
-    .radio-item {
-      display: flex;
-      align-items: center;
-      gap: 8px;
-    }
-
-    .radio-item input[type="radio"] {
-      cursor: pointer;
-    }
-
-    .radio-item label {
-      margin: 0;
-      cursor: pointer;
-      font-size: 14px;
-    }
-
-    button {
-      background: #333;
-      color: white;
-      padding: 12px 28px;
-      border: none;
-      border-radius: 6px;
-      font-size: 15px;
-      font-weight: 500;
-      cursor: pointer;
-      transition: background 0.2s ease;
-    }
-
-    button + button {
-      margin-left: 12px;
-    }
-
-    button:hover {
-      background: #555;
-    }
-
-    .result-section {
-      margin-top: 24px;
-    }
-
-    .result-section label {
-      margin-bottom: 12px;
-    }
-
-    .decode-result {
-      white-space: pre-wrap;
-      word-break: break-all;
-      background: #f9f9f9;
-      padding: 16px;
-      border-radius: 6px;
-      border: 1px solid #eee;
-      min-height: 200px;
-      max-height: 400px;
-      overflow: auto;
-      font-family: 'Courier New', monospace;
-      font-size: 13px;
-    }
-
-    .example-section {
-      margin-top: 32px;
-      padding-top: 24px;
-      border-top: 1px solid #eee;
-    }
-
-    .example-section h2 {
-      font-size: 18px;
-      font-weight: 600;
-      color: #333;
-      margin-bottom: 16px;
-    }
-
-    .example-section img {
-      max-width: 100%;
-      height: auto;
-      border-radius: 6px;
-      margin-bottom: 16px;
-      border: 1px solid #eee;
-    }
-  </style>
-</head>
-
-<body>
-  <div id="app" class="container">
-    <h1>eapi 参数和返回内容解析</h1>
-
-    <div class="form-group">
-      <label for="hexString">十六进制字符串</label>
-      <textarea id="hexString" v-model="hexString" rows="10"></textarea>
-    </div>
-
-    <div class="radio-group">
-      <div class="radio-item">
-        <input type="radio" id="req" name="format" v-model="isReq" value="true">
-        <label for="req">请求数据 request params</label>
-      </div>
-      <div class="radio-item">
-        <input type="radio" id="resp" name="format" v-model="isReq" value="false">
-        <label for="resp">返回数据 response 二进制数据</label>
-      </div>
-    </div>
-
-    <button @click="decrypt">解密</button>
-    <button @click="sendToApi" :disabled="!canSend" :class="[{ 'opacity-50 cursor-not-allowed pointer-events-none': !canSend },]">填入 API 调试</button>
-
-    <div class="result-section">
-      <label>解密结果：</label>
-      <pre class="decode-result">{{ formatResult(result) }}</pre>
-    </div>
-
-    <div class="example-section">
-      <h2>使用示例</h2>
-      <img src="/static/eapi_params.png" alt="请求示例" />
-      <img src="/static/eapi_response.png" alt="响应示例" />
-    </div>
-  </div>
-
-  <script src="https://fastly.jsdelivr.net/npm/axios"></script>
-  <script src="https://fastly.jsdelivr.net/npm/vue@3"></script>
-
-  <script>
-    const app = Vue.createApp({
-      data() {
-        return {
-          hexString: 'AD96DDB984491E79B6F429DD650C6E2AE524627AC223AC9A123C66BB0997965950FED137544A93DFC718E16F57C8C121AF537086F395570A5602A3922366D11964DAFACD7830AACABF62E5650E67F457E79C1D2E13502391FC3487216CC5BF8681843FCB8E05559487EB18AAC1BE0EFEA4F7B6A050478366153A9426C238B8869600B275704555A9EB94C92E4F3FDABE9E0BCE07645410D0AA7B675698A4CAE6CD3620633ABF0B849A4244CC8DFC5DB2646D5EA9B3954E62BFEF19AFEAFDDC34E55C3E9A1DD3167CF53D443617108141',
-          result: '{}',
-          isReq: true
-        }
-      },
-      mounted() {
-        this.decrypt()
-      },
-      computed: {
-        isRequestMode() {
-          return this.isReq === true || this.isReq === 'true'
-        },
-        canSend() {
-          if (!this.isRequestMode) return false
-          if (!this.result || this.result === '{}' || this.result === 'null') return false
-          try {
-            JSON.parse(this.result)
-            return true
-          } catch (error) {
-            return false
-          }
-        },
-      },
-      methods: {
-        formatResult(value) {
-          if (value == null || value === '') return ''
-          try {
-            const parsed = typeof value === 'string' ? JSON.parse(value) : value
-            return JSON.stringify(parsed, null, 2)
-          } catch (error) {
-            return String(value)
-          }
-        },
-        async decrypt() {
-          try {
-            const res = await axios({
-              url: `/eapi/decrypt?isReq=${this.isReq}&timestamp=${Date.now()}`,
-              method: 'post',
-              data: {
-                hexString: this.hexString
-              }
-            })
-            this.result = JSON.stringify(res.data.data)
-            console.log(res.data);
-          } catch (error) {
-            console.error(error)
-            alert(error?.response?.data?.message || '解密失败,数据格式错误')
-          }
-        },
-        sendToApi() {
-          if (!this.canSend) return
-          const payload = JSON.parse(this.result)
-          const params = new URLSearchParams()
-          params.set('uri', payload.uri || payload.url || payload.path || '')
-          params.set('crypto', 'eapi')
-          const data =
-            payload.params ||
-            payload.data ||
-            payload.body ||
-            payload.payload ||
-            payload.request ||
-            {}
-          params.set('data', JSON.stringify(data))
-          window.open(`/api.html?${params.toString()}`, '_blank')
-        },
-      }
-    })
-    app.mount('#app')
-  </script>
-</body>
-
-</html>

public/index.html

@@ -92,7 +92,7 @@ curl -s {origin}/search?keywords=网易云</code></pre>
         <a href="/audio_match_demo/index.html">听歌识曲 Demo</a> ·
         <a href="/cloud.html">云盘上传</a> ·
         <a href="/playlist_import.html">歌单导入</a> ·
-        <a href="/eapi_decrypt.html">EAPI 解密</a> ·
+        <a href="/api_decrypt.html">API 解密</a> ·
         <a href="/listen_together_host.html">一起听示例</a> ·
         <a href="/playlist_cover_update.html">更新歌单封面示例</a> ·
         <a href="/avatar_update.html">头像更新示例</a>

server.js

@@ -303,8 +303,13 @@ async function constructServer(moduleDefs) {
           // 参数注入客户端IP
           const obj = [...params]
           const options = obj[2] || {}
-          if (!options.randomCNIP) {
-            let ip = req.ip
+          let ip = ''
+
+          if (options.randomCNIP) {
+            ip = global.cnIp
+            // logger.info('Using random Chinese IP for request:', ip)
+          } else {
+            ip = req.ip
 
             if (ip.substring(0, 7) == '::ffff:') {
               ip = ip.substring(7)
@@ -313,10 +318,11 @@ async function constructServer(moduleDefs) {
               ip = global.cnIp
             }
             // logger.info('Requested from ip:', ip)
-            obj[2] = {
-              ...options,
-              ip,
-            }
+          }
+
+          obj[2] = {
+            ...options,
+            ip,
           }
 
           return request(...obj)

util/config.json

@@ -11,6 +11,7 @@
   },
   "APP_CONF": {
     "apiDomain": "https://interface.music.163.com",
+    "xeapiDomain": "https://interface3.music.163.com",
     "domain": "https://music.163.com",
     "encrypt": true,
     "encryptResponse": false,

util/crypto.js

@@ -1,4 +1,5 @@
 const CryptoJS = require('crypto-js')
+const crypto = require('crypto')
 const forge = require('node-forge')
 const zlib = require('zlib')
 const iv = '0102030405060708'
@@ -9,6 +10,13 @@ const publicKey = `-----BEGIN PUBLIC KEY-----
 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgtQn2JZ34ZC28NWYpAUd98iZ37BUrX/aKzmFbt7clFSs6sXqHauqKWqdtLkF2KexO40H1YTX8z2lSgBBOAxLsvaklV8k4cBFK9snQXE9/DDaFt6Rr7iVZMldczhC0JNgTz+SHXT6CBHuX3e9SdB1Ua44oncaTWz7OBGLbCiK45wIDAQAB
 -----END PUBLIC KEY-----`
 const eapiKey = 'e82ckenh8dichen8'
+const xeapiStaticKey = Buffer.from(
+  'ab1d5a430f6bb04a3f01e81ddd72bd916d5ce591248ac128714806d7f8fb1b84',
+  'hex',
+)
+const xeapiSignKey =
+  'mUHCwVNWJbunMqAHf5MImuirT6plvs6VSFW62MGHstFQxhBGdEoIhLItH3djc4+FB/OKty3+lL2rGeoFBpVe5g=='
+const x25519SpkiPrefix = Buffer.from('302a300506032b656e032100', 'hex')
 
 const aesEncrypt = (text, mode, key, iv, format = 'base64') => {
   let encrypted = CryptoJS.AES.encrypt(
@@ -141,13 +149,172 @@ const decrypt = (cipher) => {
   return decryptedBytes
 }
 
+const aesEcbEncrypt = (key, plaintext) => {
+  const cipher = crypto.createCipheriv(`aes-${key.length * 8}-ecb`, key, null)
+  return Buffer.concat([cipher.update(Buffer.from(plaintext)), cipher.final()])
+}
+
+const aesEcbDecrypt = (key, ciphertext) => {
+  const decipher = crypto.createDecipheriv(
+    `aes-${key.length * 8}-ecb`,
+    key,
+    null,
+  )
+  return Buffer.concat([decipher.update(ciphertext), decipher.final()])
+}
+
+const createX25519PublicKey = (raw) => {
+  // Node's crypto API expects X25519 public keys as DER SubjectPublicKeyInfo.
+  // The Android SDK stores only the 32-byte raw key, so prepend the fixed
+  // RFC 8410 SPKI header for id-X25519 before importing it.
+  return crypto.createPublicKey({
+    key: Buffer.concat([x25519SpkiPrefix, raw]),
+    format: 'der',
+    type: 'spki',
+  })
+}
+
+const deriveX25519AesKey = (sharedSecret, ephemeralPublicKey) => {
+  const prk = crypto
+    .createHmac('sha256', Buffer.alloc(32))
+    .update(sharedSecret.length ? sharedSecret : Buffer.alloc(32))
+    .digest()
+  return crypto
+    .createHmac('sha256', prk)
+    .update(Buffer.concat([ephemeralPublicKey, Buffer.from([1])]))
+    .digest()
+    .subarray(0, 16)
+}
+
+const xeapiSign = (timestamp, nonce) => {
+  return crypto
+    .createHmac('sha256', xeapiSignKey)
+    .update(String(timestamp) + nonce)
+    .digest('base64')
+}
+
+const xeapiMidTransform = (ciphertext) => {
+  const random = crypto.randomBytes(16)
+  const xored = Buffer.alloc(ciphertext.length)
+  for (let i = 0; i < ciphertext.length; i++) {
+    xored[i] = ciphertext[i] ^ random[i & 0x0f]
+  }
+  const b64 = Buffer.from(xored.toString('base64'))
+  const rot = b64.length ? (random[0] & 0x0f) % b64.length : 0
+  return Buffer.concat([random, b64.subarray(rot), b64.subarray(0, rot)])
+}
+
+const xeapiEncryptS = (dynamicKey, publicKeyState, os) => {
+  const peerRaw = Buffer.from(publicKeyState.publicKey, 'base64')
+  const peerKey = createX25519PublicKey(peerRaw)
+  const { publicKey, privateKey } = crypto.generateKeyPairSync('x25519')
+  const ephemeralRaw = Buffer.from(
+    publicKey.export({ format: 'der', type: 'spki' }),
+  ).subarray(-32)
+  const sharedSecret = crypto.diffieHellman({
+    privateKey,
+    publicKey: peerKey,
+  })
+  const aesKey = deriveX25519AesKey(sharedSecret, ephemeralRaw)
+  const iv = crypto.randomBytes(12)
+  const cipher = crypto.createCipheriv('aes-128-gcm', aesKey, iv)
+  const plaintext = Buffer.from(
+    `${dynamicKey.toString('base64')}|${os}|${publicKeyState.sk || ''}`,
+  )
+  const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()])
+  return Buffer.concat([ephemeralRaw, iv, encrypted, cipher.getAuthTag()])
+}
+
+const buildXeapiPlaintext = (uri, data, options = {}) => {
+  const fields = {}
+  const contentType =
+    options.contentType || 'application/x-www-form-urlencoded;charset=utf-8'
+  const mediaType = contentType.split(';', 1)[0].toLowerCase()
+  if (mediaType !== 'application/x-www-form-urlencoded') {
+    fields.contentType = contentType
+  }
+
+  const method = (options.method || 'POST').toUpperCase()
+  if (method !== 'POST') fields.method = method
+
+  const url = new URL(uri, 'https://interface.music.163.com')
+  if (url.search) fields.queryString = url.search.slice(1)
+
+  if (data !== undefined && data !== null) {
+    const bodyData = { ...data }
+    delete bodyData.e_r
+    const body = Buffer.from(new URLSearchParams(bodyData).toString())
+    fields.body = body.toString('base64')
+  }
+
+  if (fields.queryString) {
+    fields.queryString += '&e_r=true'
+  } else {
+    fields.queryString = 'e_r=true'
+  }
+  return JSON.stringify(fields)
+}
+
+const xeapi = (uri, data, options = {}) => {
+  const publicKeyState = options.publicKeyState
+  if (!publicKeyState) {
+    throw new Error('xeapi publicKeyState is required')
+  }
+  const activeSessionKey = options.sessionKey
+    ? Buffer.from(String(options.sessionKey))
+    : null
+  const activeSessionId = options.sessionId || ''
+  const dynamicKey = activeSessionKey || crypto.randomBytes(16)
+  const plaintext = Buffer.from(buildXeapiPlaintext(uri, data, options))
+
+  const b = aesEcbEncrypt(
+    dynamicKey,
+    xeapiMidTransform(aesEcbEncrypt(xeapiStaticKey, plaintext)),
+  )
+  const s = xeapiEncryptS(dynamicKey, publicKeyState, options.os || 'android')
+  const r = aesEcbEncrypt(
+    xeapiStaticKey,
+    Buffer.from(
+      `${publicKeyState.version}|${activeSessionKey ? activeSessionId : ''}`,
+    ),
+  )
+
+  return {
+    B: b.toString('base64'),
+    S: s.toString('base64'),
+    R: r.toString('base64'),
+  }
+}
+
+const xeapiResDecrypt = (body) => {
+  const decrypted = aesEcbDecrypt(eapiKey, body)
+  const plaintext =
+    decrypted[0] === 0x1f && decrypted[1] === 0x8b
+      ? zlib.gunzipSync(decrypted)
+      : decrypted
+  return JSON.parse(plaintext.toString())
+}
+
+const xeapiDecryptPublicKey = (encryptedData) => {
+  return JSON.parse(
+    aesEcbDecrypt(
+      xeapiStaticKey,
+      Buffer.from(encryptedData, 'base64'),
+    ).toString(),
+  )
+}
+
 module.exports = {
   weapi,
   linuxapi,
   eapi,
+  xeapi,
   decrypt,
   aesEncrypt,
   aesDecrypt,
   eapiReqDecrypt,
   eapiResDecrypt,
+  xeapiSign,
+  xeapiResDecrypt,
+  xeapiDecryptPublicKey,
 }

util/option.js

@@ -5,7 +5,10 @@ const createOption = (query, crypto = '') => {
     ua: query.ua || '',
     proxy: query.proxy,
     realIP: query.realIP,
-    randomCNIP: query.randomCNIP || false,
+    randomCNIP:
+      process.env.ENABLE_RANDOM_CN_IP === 'true'
+        ? !['false', false].includes(query.randomCNIP)
+        : ['true', true].includes(query.randomCNIP),
     e_r: query.e_r || undefined,
     domain: query.domain || '',
     checkToken: query.checkToken || false,

util/request.js

@@ -2,6 +2,7 @@
 const encrypt = require('./crypto')
 const CryptoJS = require('crypto-js')
 const { default: axios } = require('axios')
+const logger = require('./logger')
 const { PacProxyAgent } = require('pac-proxy-agent')
 const http = require('http')
 const https = require('https')
@@ -23,6 +24,20 @@ const anonymous_token = fs.readFileSync(
   path.resolve(tmpPath, './anonymous_token'),
   'utf-8',
 )
+const xeapiPublicKeyPath = path.resolve(tmpPath, './xeapi_public_key')
+let xeapi_public_key = null
+const loadXeapiPublicKey = () => {
+  if (!xeapi_public_key && fs.existsSync(xeapiPublicKeyPath)) {
+    try {
+      xeapi_public_key = JSON.parse(
+        fs.readFileSync(xeapiPublicKeyPath, 'utf-8'),
+      )
+    } catch (error) {
+      console.log('[ERR]', error)
+    }
+  }
+  return xeapi_public_key
+}
 
 // 预先绑定常用函数和常量
 const floor = Math.floor
@@ -95,9 +110,13 @@ const userAgentMap = {
 // 预先定义常量
 const DOMAIN = APP_CONF.domain
 const API_DOMAIN = APP_CONF.apiDomain
+const XEAPI_DOMAIN = APP_CONF.xeapiDomain
 const ENCRYPT_RESPONSE = APP_CONF.encryptResponse
 const SPECIAL_STATUS_CODES = new Set([201, 302, 400, 502, 800, 801, 802, 803])
 
+let xeapiSessionId = ''
+let xeapiSessionKey = ''
+
 // chooseUserAgent函数
 const chooseUserAgent = (crypto, uaType = 'pc') => {
   return (userAgentMap[crypto] && userAgentMap[crypto][uaType]) || ''
@@ -216,6 +235,52 @@ const createRequest = (uri, data, options) => {
         url = (options.domain || DOMAIN) + '/api/linux/forward'
         break
 
+      case 'xeapi':
+        const xeapiPublicKey = loadXeapiPublicKey()
+        if (!xeapiPublicKey) {
+          throw new Error('xeapi public key is missing')
+        }
+        const xeapiOs = cookie.os === 'android' ? cookie.os : 'android'
+        const xeapiAppver =
+          cookie.os === 'android' && cookie.appver ? cookie.appver : '9.1.65'
+        const xeapiOsver =
+          cookie.os === 'android' && cookie.osver ? cookie.osver : '16'
+        const xeapiBuildver = cookie.buildver || now().toString().substr(0, 10)
+        headers['User-Agent'] = options.ua || chooseUserAgent('api', 'android')
+        headers['X-Client-Enc-State'] = 'ENCRYPTED'
+        headers['x-aeapi'] = true
+        headers['content-type'] =
+          'application/x-www-form-urlencoded;charset=utf-8'
+        headers['x-deviceid'] = cookie.deviceId
+        headers['x-os'] = xeapiOs
+        headers['x-osver'] = xeapiOsver
+        headers['x-appver'] = xeapiAppver
+        headers['x-sdeviceid'] = cookie.sDeviceId || cookie.deviceId
+        headers['x-buildver'] = xeapiBuildver
+        if (cookie.MUSIC_U) headers['x-music-u'] = cookie.MUSIC_U
+        const xeapiCookie = {
+          ...cookie,
+          os: xeapiOs,
+          osver: xeapiOsver,
+          appver: xeapiAppver,
+          buildver: xeapiBuildver,
+          deviceId: cookie.deviceId,
+          sDeviceId: cookie.sDeviceId || cookie.deviceId,
+        }
+        headers['Cookie'] = cookieObjToString(xeapiCookie)
+        url = (options.domain || XEAPI_DOMAIN) + '/xeapi/' + uri.substr(5)
+        encryptData = encrypt.xeapi(uri, data, {
+          ...options,
+          publicKeyState: xeapiPublicKey,
+          sessionId: xeapiSessionId,
+          sessionKey: xeapiSessionKey,
+          appver: xeapiAppver,
+          deviceId: cookie.deviceId,
+          os: xeapiOs,
+          uid: cookie.uid || cookie.userId || '',
+        })
+        break
+
       case 'eapi':
       case 'api':
         // header创建
@@ -259,7 +324,6 @@ const createRequest = (uri, data, options) => {
         console.log('[ERR]', 'Unknown Crypto:', crypto)
         break
     }
-    // console.log(url);
     // settings创建
     let settings = {
       method: 'POST',
@@ -272,7 +336,8 @@ const createRequest = (uri, data, options) => {
 
     // 使用返回值加密
     const use_e_r = (crypto === 'eapi' || crypto === 'weapi') && data.e_r
-    if (use_e_r) {
+    const use_xeapi = crypto === 'xeapi'
+    if (use_e_r || use_xeapi) {
       settings.encoding = null
       settings.responseType = 'arraybuffer'
     }
@@ -319,8 +384,25 @@ const createRequest = (uri, data, options) => {
           x.replace(/\s*Domain=[^(;|$)]+;*/, ''),
         )
 
+        // debug: 统一注释块，需要时取消注释查看请求/返回的原始密文
+
+        // logger.debug(`[${crypto}]`, uri)
+        // logger.debug(`[${crypto}] encrypted data:`, JSON.stringify(encryptData))
+        // logger.debug(
+        //   `[RAW] [${crypto}]`,
+        //   use_xeapi
+        //     ? Buffer.from(body).toString('base64')
+        //     : body.toString('hex').toUpperCase(),
+        // )
+
         try {
-          if (use_e_r) {
+          if (use_xeapi) {
+            if (res.headers['x-encr-ssid'] && res.headers['x-encr-sskey']) {
+              xeapiSessionId = res.headers['x-encr-ssid']
+              xeapiSessionKey = res.headers['x-encr-sskey']
+            }
+            answer.body = encrypt.xeapiResDecrypt(Buffer.from(body))
+          } else if (use_e_r) {
             answer.body = encrypt.eapiResDecrypt(
               body.toString('hex').toUpperCase(),
               headers['x-aeapi'],

util/xeapiKey.js

@@ -0,0 +1,24 @@
+const registerXeapiKey = require('../module/register_xeapikey')
+
+const getXeapiPublicKey = async (currentPublicKey = {}, deviceId = '') => {
+  const result = await registerXeapiKey(
+    {
+      deviceId,
+      currentKeyVersion: currentPublicKey.version || '',
+    },
+    null,
+  )
+
+  const publicKey = result.body
+  if (!publicKey.sk && currentPublicKey.sk) {
+    publicKey.sk = currentPublicKey.sk
+  }
+  if (!publicKey.sk) {
+    throw new Error('xeapi public key response missing sk')
+  }
+  return publicKey
+}
+
+module.exports = {
+  getXeapiPublicKey,
+}