PrivHunterAI/deepseek.go

package main

import (
	"bytes"
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"net/http"
	"time"
)

const (
	apiURLDeepSeek = "https://api.deepseek.com/v1/chat/completions" // 根据实际 API 地址修改
	apiTimeout     = 30 * time.Second
)

type ChatCompletionRequestDeepSeek struct {
	Model       string            `json:"model"`
	Messages    []MessageDeepSeek `json:"messages"`
	Temperature float64           `json:"temperature,omitempty"`
	MaxTokens   int               `json:"max_tokens,omitempty"`
}

type MessageDeepSeek struct {
	Role    string `json:"role"`
	Content string `json:"content"`
}

type ChatCompletionResponseDeepSeek struct {
	ID      string           `json:"id"`
	Choices []ChoiceDeepSeek `json:"choices"`
	Error   struct {
		Message string `json:"message"`
	} `json:"error"`
}

type ChoiceDeepSeek struct {
	Message      MessageDeepSeek `json:"message"`
	FinishReason string          `json:"finish_reason"`
}

// CreateChatCompletion 发送请求到 DeepSeek API
func CreateChatCompletion(request ChatCompletionRequestDeepSeek) (*ChatCompletionResponseDeepSeek, error) {
	client := &http.Client{Timeout: apiTimeout}

	requestBody, err := json.Marshal(request)
	if err != nil {
		return nil, fmt.Errorf("marshal request failed: %v", err)
	}

	req, err := http.NewRequest("POST", apiURLDeepSeek, bytes.NewBuffer(requestBody))
	if err != nil {
		return nil, fmt.Errorf("create request failed: %v", err)
	}

	req.Header.Set("Content-Type", "application/json")
	req.Header.Set("Authorization", "Bearer "+apiKeyDeepSeek)

	resp, err := client.Do(req)
	if err != nil {
		return nil, fmt.Errorf("API request failed: %v", err)
	}
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		body, _ := io.ReadAll(resp.Body)
		return nil, fmt.Errorf("API returned status %d: %s", resp.StatusCode, body)
	}

	var response ChatCompletionResponseDeepSeek
	if err := json.NewDecoder(resp.Body).Decode(&response); err != nil {
		return nil, fmt.Errorf("decode response failed: %v", err)
	}

	if response.Error.Message != "" {
		return nil, fmt.Errorf("API error: %s", response.Error.Message)
	}

	return &response, nil
}

func deepSeek(respA, respB string) (string, error) {
	// 示例请求
	request := ChatCompletionRequestDeepSeek{
		Model: "deepseek-chat", // 根据实际模型名称修改
		Messages: []MessageDeepSeek{
			{
				Role:    "system",
				Content: "{\"role\": \"你是一个AI，负责通过比较两个HTTP响应数据包来检测潜在的越权行为，并自行做出判断。\",\"inputs\": {\"responseA\": \"账号A请求某接口的响应。\",\"responseB\": \"使用账号B的Cookie重放请求的响应。\"},\"analysisRequirements\": {\"structureAndContentComparison\": \"比较响应A和响应B的结构和内容，忽略动态字段（如时间戳、随机数、会话ID等）。\",\"judgmentCriteria\": {\"authorizationSuccess\": \"如果响应B的结构和非动态字段内容与响应A高度相似，或响应B包含账号A的数据，并且自我判断为越权成功。\",\"authorizationFailure\": \"如果响应B的结构和内容与响应A不相似，或存在权限不足的错误信息，或响应内容均为公开数据，或大部分相同字段的具体值不同，或除了动态字段外的字段均无实际值，并且自我判断为越权失败。\",\"unknown\": \"其他情况，或无法确定是否存在越权，并且自我判断为无法确定。\"}},\"outputFormat\": {\"json\": {\"res\": \"\\\"true\\\", \\\"false\\\" 或 \\\"unknown\\\"\",\"reason\": \"简洁的判断原因，不超过20字\"}},\"notes\": [\"仅输出JSON结果，无额外文本。\",\"确保JSON格式正确，便于后续处理。\",\"保持客观，仅根据响应内容进行分析。\"],\"process\": [\"接收并理解响应A和响应B。\",\"分析响应A和响应B，忽略动态字段。\",\"基于响应的结构、内容和相关性进行自我判断，包括但不限于：\",\"- 识别响应中可能的敏感数据或权限信息。\",\"- 评估响应与预期结果之间的一致性。\",\"- 确定是否存在明显的越权迹象。\",\"输出指定格式的JSON结果，包括判断和判断原因。\"]}",
			},
			{
				Role:    "user",
				Content: "A:" + respA + "B:" + respB,
			},
		},
		Temperature: 0.7,
		MaxTokens:   500,
	}

	response, err := CreateChatCompletion(request)
	if err != nil {
		fmt.Printf("Error: %v\n", err)
		return "", err
	}

	if len(response.Choices) > 0 {
		// fmt.Println("Response:")
		// fmt.Println(response.Choices[0].Message.Content)
		return response.Choices[0].Message.Content, nil
	} else {
		fmt.Println("No response received")
		return "", errors.New("no response received")
	}
}