安全功能&U盘验证功能

修复 U盘绑定功能 ，新增对 Windows API调用 的错误处理和异常捕获机制
修复 ComboBox数据获取 ，优化当 currentData() 返回None时从显示文本中提取 盘符信息 的后备方案
修复 文件写入权限 ，新增使用 临时文件 策略避免secrets.json写入时的权限拒绝问题
修复 U盘验证布局 ，优化仅在需要 U盘验证 时才显示相关控件（状态标签和刷新按钮）
优化 界面显示逻辑 ，新增根据 验证配置 动态控制U盘验证组件的可见性

Author: lzy98276

CHANGELOG/v1.3.2-alpha.6/CHANGELOG.md

@@ -20,6 +20,7 @@ v2.0 - Koharu（小鸟游星野） Alpha 6
 - 优化 **闪抽动画关闭提示**，新增在动画结束后同时显示“x秒后关闭”和“连续点击3下关闭”
 - 优化 **配置查看窗口**，新增去除关闭按钮
 - 优化 **语音重试机制**，针对不同错误类型设置差异化重试间隔，提升成功率
+- 优化 **界面显示逻辑**，新增根据**验证配置**动态控制U盘验证组件的可见性
 
 ## 🐛 修复问题
 
@@ -36,6 +37,10 @@ v2.0 - Koharu（小鸟游星野） Alpha 6
 - 修复 **语音缓存系统**，新增WebSocketError异常处理增强连接稳定性
 - 修复 **Edge TTS库版本**，升级到最新版本 7.2.7，解决无法生成语音的问题
 - 修复 **Windows平台文件隐藏功能**，新增**返回值检查**和**错误码记录**功能
+- 修复 **U盘绑定功能**，新增对**Windows API调用**的错误处理和异常捕获机制
+- 修复 **ComboBox数据获取**，优化当`currentData()`返回None时从显示文本中提取**盘符信息**的后备方案
+- 修复 **文件写入权限**，新增使用**临时文件**策略避免secrets.json写入时的权限拒绝问题
+- 修复 **U盘验证布局**，优化仅在需要**U盘验证**时才显示相关控件（状态标签和刷新按钮）
 
 ## 🔧 其它变更
 

app/common/safety/secure_store.py

@@ -23,9 +23,9 @@ def _set_hidden(path: str) -> None:
             # Windows 平台：设置文件属性为隐藏和系统文件
             FILE_ATTRIBUTE_HIDDEN = 0x2
             FILE_ATTRIBUTE_SYSTEM = 0x4
-            # 确保路径是Unicode字符串
+            # 确保路径是Unicode字符串，使用 c_wchar_p 显式转换
             result = ctypes.windll.kernel32.SetFileAttributesW(
-                path, FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM
+                ctypes.c_wchar_p(path), FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM
             )
             if result == 0:  # 函数失败
                 logger.warning(
@@ -104,7 +104,7 @@ def read_secrets() -> dict:
         ensure_dir(os.path.dirname(p))
         with open(p, "wb") as f:
             f.write(b"")
-        _set_hidden(p)
+        _set_hidden(str(p))
         logger.debug(f"创建空安全配置文件：{p}")
         return {}
     if os.path.exists(p):
@@ -145,9 +145,41 @@ def write_secrets(d: dict) -> None:
         payload = _encrypt_payload(comp, key)
         with open(p, "wb") as f:
             f.write(b"SRV1" + payload)
-        _set_hidden(p)
+        _set_hidden(str(p))
         logger.debug(f"写入安全配置成功：{p}")
-    except Exception:
-        with open(p, "w", encoding="utf-8") as f:
-            json.dump(d, f, ensure_ascii=False, indent=4)
-        logger.warning(f"写入安全配置降级为明文JSON：{p}")
+    except PermissionError as e:
+        logger.error(
+            f"写入安全配置失败：权限被拒绝，文件可能被占用或无写权限：{p}, 错误：{e}"
+        )
+        # 尝试使用临时文件写入然后替换
+        try:
+            import tempfile
+
+            with tempfile.NamedTemporaryFile(
+                mode="wb", delete=False, dir=os.path.dirname(p)
+            ) as tmp_file:
+                tmp_file.write(b"SRV1" + payload)
+                tmp_path = tmp_file.name
+
+            # 替换原文件
+            os.replace(tmp_path, p)
+            _set_hidden(str(p))
+            logger.debug(f"使用临时文件写入安全配置成功：{p}")
+        except Exception as temp_e:
+            logger.error(f"使用临时文件写入安全配置也失败：{temp_e}")
+            # 降级到明文JSON写入
+            try:
+                with open(p, "w", encoding="utf-8") as f:
+                    json.dump(d, f, ensure_ascii=False, indent=4)
+                logger.warning(f"写入安全配置降级为明文JSON：{p}")
+            except Exception as e2:
+                logger.error(f"降级写入明文JSON也失败：{e2}")
+    except Exception as e:
+        logger.error(f"写入安全配置失败：{p}, 错误：{e}")
+        # 降级到明文JSON写入
+        try:
+            with open(p, "w", encoding="utf-8") as f:
+                json.dump(d, f, ensure_ascii=False, indent=4)
+            logger.warning(f"写入安全配置降级为明文JSON：{p}")
+        except Exception as e2:
+            logger.error(f"降级写入明文JSON也失败：{e2}")

app/common/safety/usb.py

@@ -213,23 +213,32 @@ def is_drive_removable(letter_or_path: str) -> bool:
 
 def get_volume_serial(letter_or_path: str) -> str:
     if platform.system() == "Windows":
-        buf_name = ctypes.create_unicode_buffer(256)
-        vol_serial = ctypes.c_uint()
-        max_comp_len = ctypes.c_uint()
-        fs_flags = ctypes.c_uint()
-        fs_name = ctypes.create_unicode_buffer(256)
-        ctypes.windll.kernel32.GetVolumeInformationW(
-            f"{letter_or_path}:\\",
-            buf_name,
-            ctypes.sizeof(buf_name),
-            ctypes.byref(vol_serial),
-            ctypes.byref(max_comp_len),
-            ctypes.byref(fs_flags),
-            fs_name,
-            ctypes.sizeof(fs_name),
-        )
-        if vol_serial.value:
-            return f"{vol_serial.value:08X}"
+        try:
+            buf_name = ctypes.create_unicode_buffer(256)
+            vol_serial = ctypes.c_uint()
+            max_comp_len = ctypes.c_uint()
+            fs_flags = ctypes.c_uint()
+            fs_name = ctypes.create_unicode_buffer(256)
+            result = ctypes.windll.kernel32.GetVolumeInformationW(
+                f"{letter_or_path}:\\",
+                buf_name,
+                ctypes.sizeof(buf_name),
+                ctypes.byref(vol_serial),
+                ctypes.byref(max_comp_len),
+                ctypes.byref(fs_flags),
+                fs_name,
+                ctypes.sizeof(fs_name),
+            )
+            if result and vol_serial.value:
+                logger.debug(
+                    f"获取卷序列号成功（GetVolumeInformationW）：{letter_or_path}: -> {vol_serial.value:08X}"
+                )
+                return f"{vol_serial.value:08X}"
+            logger.debug(
+                f"GetVolumeInformationW 返回失败或序列号为空：{letter_or_path}:, result={result}"
+            )
+        except Exception as e:
+            logger.warning(f"GetVolumeInformationW 异常：{letter_or_path}:, {e}")
         # 尝试获取卷GUID作为备用唯一标识
         try:
             buf = ctypes.create_unicode_buffer(64)
@@ -238,9 +247,17 @@ def get_volume_serial(letter_or_path: str) -> str:
             )
             if ok:
                 guid = buf.value  # 形如 "\\\\?\Volume{GUID}\""
+                logger.debug(
+                    f"获取卷GUID成功：{letter_or_path}: -> {guid.strip().upper()}"
+                )
                 return guid.strip().upper()
-        except Exception:
-            pass
+            logger.debug(
+                f"GetVolumeNameForVolumeMountPointW 返回失败：{letter_or_path}:"
+            )
+        except Exception as e:
+            logger.warning(
+                f"GetVolumeNameForVolumeMountPointW 异常：{letter_or_path}:, {e}"
+            )
         # 最终回退：QueryDosDevice 映射路径的哈希
         try:
             size = 256
@@ -253,9 +270,12 @@ def get_volume_serial(letter_or_path: str) -> str:
                     .hexdigest()
                     .upper()
                 )
+                logger.debug(f"使用设备路径哈希：{letter_or_path}: -> {h[:16]}")
                 return f"DEV-{h}"
-        except Exception:
-            pass
+            logger.debug(f"QueryDosDeviceW 返回失败：{letter_or_path}:")
+        except Exception as e:
+            logger.warning(f"QueryDosDeviceW 异常：{letter_or_path}:, {e}")
+        logger.warning(f"所有方法均失败，返回默认值：{letter_or_path}: -> 00000000")
         return "00000000"
     else:  # Linux
         try:
@@ -289,13 +309,13 @@ def get_volume_serial(letter_or_path: str) -> str:
 
 def get_volume_label(letter_or_path: str) -> str:
     if platform.system() == "Windows":
-        buf_name = ctypes.create_unicode_buffer(256)
-        vol_serial = ctypes.c_uint()
-        max_comp_len = ctypes.c_uint()
-        fs_flags = ctypes.c_uint()
-        fs_name = ctypes.create_unicode_buffer(256)
         try:
-            ctypes.windll.kernel32.GetVolumeInformationW(
+            buf_name = ctypes.create_unicode_buffer(256)
+            vol_serial = ctypes.c_uint()
+            max_comp_len = ctypes.c_uint()
+            fs_flags = ctypes.c_uint()
+            fs_name = ctypes.create_unicode_buffer(256)
+            result = ctypes.windll.kernel32.GetVolumeInformationW(
                 f"{letter_or_path}:\\",
                 buf_name,
                 ctypes.sizeof(buf_name),
@@ -305,8 +325,13 @@ def get_volume_label(letter_or_path: str) -> str:
                 fs_name,
                 ctypes.sizeof(fs_name),
             )
-            return buf_name.value
-        except Exception:
+            if result:
+                logger.debug(f"获取卷标成功：{letter_or_path}: -> {buf_name.value}")
+                return buf_name.value
+            logger.debug(f"获取卷标失败：{letter_or_path}:, result={result}")
+            return ""
+        except Exception as e:
+            logger.warning(f"获取卷标异常：{letter_or_path}:, {e}")
             return ""
     else:  # Linux
         try:

app/view/another_window/security/verify_password.py

@@ -234,13 +234,18 @@ def _configure_methods(self):
             self._required = list(dict.fromkeys(r))
             self._any_one = False
 
-        self.password_label.setVisible("password" in self._required)
-        self.password_edit.setVisible("password" in self._required)
-        self.totp_label.setVisible("totp" in self._required)
-        self.totp_edit.setVisible("totp" in self._required)
-        # 始终显示U盘解锁控件
-        self.usb_status_label.setVisible(True)
-        self.usb_refresh_button.setVisible(True)
+        # 只在需要密码验证时显示密码控件
+        password_visible = "password" in self._required
+        self.password_label.setVisible(password_visible)
+        self.password_edit.setVisible(password_visible)
+        # 只在需要TOTP验证时显示TOTP控件
+        totp_visible = "totp" in self._required
+        self.totp_label.setVisible(totp_visible)
+        self.totp_edit.setVisible(totp_visible)
+        # 只在需要USB验证时显示USB控件
+        usb_visible = "usb" in self._required
+        self.usb_status_label.setVisible(usb_visible)
+        self.usb_refresh_button.setVisible(usb_visible)
         present = bool(is_bound_present())
         self._last_usb_present = present
         self.usb_status_label.setText(

app/view/another_window/usb/bind_usb.py

@@ -111,19 +111,21 @@ def __refresh(self):
             if not letters:
                 # 回退到驱动类型为可移动盘的枚举
                 letters = list_removable_drives()
-            logger.debug(f"刷新可绑定设备，数量：{len(letters)}")
+            logger.debug(f"刷新可绑定设备，数量：{len(letters)}, 设备列表：{letters}")
             for device in letters:
                 if platform.system() == "Windows":
                     # Windows 平台：device 是盘符（如 "E"）
                     name = get_volume_label(device)
                     text = f"{name} ({device}:)" if name else f"({device}:)"
                     self.drive_combo.addItem(text, device)
+                    logger.debug(f"添加设备到下拉框：显示文本={text}, 数据={device}")
                 else:
                     # Linux 平台：device 是挂载点路径（如 "/media/user/USB Drive"）
                     name = get_volume_label(device)
                     # 在Linux上，name 可能就是挂载点的目录名，所以直接使用 device 作为显示文本
                     text = device
                     self.drive_combo.addItem(text, device)
+                    logger.debug(f"添加设备到下拉框：显示文本={text}, 数据={device}")
             if not letters:
                 self.drive_combo.setCurrentIndex(-1)
                 # 使占位文本可见
@@ -141,6 +143,7 @@ def __refresh(self):
             else:
                 try:
                     self.drive_combo.setEditable(False)
+                    self.drive_combo.setCurrentIndex(0)
                 except Exception:
                     pass
                 self.bind_button.setEnabled(True)
@@ -149,19 +152,35 @@ def __refresh(self):
 
     def __bind(self):
         idx = self.drive_combo.currentIndex()
+        logger.debug(f"当前选中索引：{idx}")
         if idx < 0:
             self._notify_error(
                 get_content_name_async("basic_safety_settings", "usb_no_removable")
             )
             return
         text = self.drive_combo.currentText()
         device = self.drive_combo.currentData()
-        import platform
+        logger.debug(
+            f"当前选中项：显示文本={text}, 数据={device}, 数据类型={type(device)}"
+        )
+
+        # 如果 currentData() 返回 None，尝试通过索引获取数据
+        if device is None:
+            logger.warning("currentData() 返回 None，尝试通过索引获取数据")
+            # 从文本中提取盘符
+            import re
+
+            match = re.search(r"\(([A-Z]):\)", text)
+            if match:
+                device = match.group(1)
+                logger.debug(f"从文本中提取到盘符：{device}")
 
         try:
             # 允许来自USB设备的逻辑盘（包括部分显示为固定盘的外置硬盘）
             serial = get_volume_serial(device)
+            logger.debug(f"尝试绑定设备：{device}, 序列号：{serial}")
             if not serial or serial == "00000000":
+                logger.warning(f"设备序列号无效：{device}, serial={serial}")
                 raise RuntimeError(
                     get_content_name_async("basic_safety_settings", "usb_no_removable")
                 )
@@ -192,14 +211,12 @@ def __bind(self):
                 key_value=key_value,
                 name=display_name,
             )
-            if platform.system() == "Windows":
-                logger.debug(f"绑定设备成功：{device}:")
-            else:
-                logger.debug(f"绑定设备成功：{device}")
+            logger.debug(f"绑定设备成功：{device}")
             self._notify_success(
                 f"{get_content_name_async('basic_safety_settings', 'usb_bind_success')}: {text}"
             )
         except Exception as e:
+            logger.error(f"绑定设备失败：{device}, 错误：{e}")
             self._notify_error(str(e))
 
     def __cancel(self):