feat: 统一配置模块 + 补丁自动上传 + 多语言框架 (#84)

* feat: add encryption file scanning before patch packaging

- Add EncryptionDetectionService with multi-layered detection:
  - Extension blacklist matching (40+ known encrypted extensions)
  - PE file deep analysis (section name fingerprinting for 50+ protectors
    like .NET Reactor, ConfuserEx, VMProtect, Themida, UPX, etc.)
  - PE CLR/COR20 header integrity check for .NET assemblies
  - ELF file section analysis (, )
  - JAR/Class CAFEBABE magic number validation
  - Python .pyc magic number range check
  - Full-file Shannon entropy analysis (threshold 7.8, auto-skip
    compressed/media formats like .zip, .png, .mp4)
- Risk level classification: High / Medium / Low
- Toggle switch in PatchView UI, enabled by default
- Dialog prompt with grouped results when suspicious files found
  (Skip / Include All / Cancel)
- Full i18n support (zh-CN / en-US)

Closes #TBD

* fix: address Copilot review suggestions

- Fix dialog hang when user closes window via X button
  (set TCS result before Close, register Closed event as fallback)
- Replace hardcoded 'cancelled by user' with localized string
- Add ConfigureAwait(false) in scan loop to avoid UI thread
  context switching on every file iteration

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat: add config persistence, HTTP upload, and Lingua i18n framework

- Add unified configuration module (AppConfig) persisted to %APPDATA%
- Implement ConfigService with JSON serialization, auto-backup, and schema migration
- Add AuthCredential with DPAPI encryption for sensitive fields (passwords, tokens, API keys)
- Add Settings page with upload server config, auth scheme selection, feature toggles
- Implement HttpUploadService with multipart upload, progress tracking, exponential backoff retry
- Add auto-upload toggle in PatchView with upload progress bar
- Integrate Irihi.Lingua 0.2.0 for i18n
- Extract ~80 translation strings to zh-CN.json and en-US.json files
- Refactor LocalizationService to load from embedded JSON with hardcoded fallback
- Persist UI preferences: theme, language, window size/position
- Persist path memory across all pages (Patch, Simulate, Config, Extension)
- Add IntEqualsConverter for conditional visibility in SettingsView

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix: address Copilot review suggestions

- Fix 1: Persist AutoUploadEnabled to AppConfig on toggle change
- Fix 2: Bind hard-coded 'Upload' header to i18n (new Patch.Upload key)
- Fix 3: Localize hard-coded 'Uploading...' string (new Upload.Uploading key)
- Fix 4: Always consult FallbackStrings in LocalizationService, not just when cache empty
- Fix 5: ValidateConnectionAsync now returns false for 401/403/404 (auth-aware)
- Fix 6: Add TryBuildUrl with early validation, return clear error for invalid URLs
- Fix 7: Return empty string on CryptographicException instead of leaking ciphertext
- Fix 8: Replace fragile index-based auth visibility with IsBasicAuthVisible etc. properties
- Fix 9: Add SemaphoreSlim guard to ConfigService.SaveAsync for concurrent write safety

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

Author: JusterZhu

src/App.axaml.cs

@@ -1,18 +1,83 @@
-using Avalonia;
+using System;
+using System.Threading.Tasks;
+using Avalonia;
+using Avalonia.Controls;
 using Avalonia.Controls.ApplicationLifetimes;
 using Avalonia.Markup.Xaml;
+using GeneralUpdate.Tools.Configuration;
 using GeneralUpdate.Tools.ViewModels;
 using GeneralUpdate.Tools.Views;
 
 namespace GeneralUpdate.Tools;
 
 public partial class App : Application
 {
-    public override void Initialize() { AvaloniaXamlLoader.Load(this); }
-    public override void OnFrameworkInitializationCompleted()
+    public override void Initialize()
+    {
+        AvaloniaXamlLoader.Load(this);
+
+        // Load translations from embedded JSON files (falls back to built-in dictionaries)
+        Services.LocalizationService.Instance.LoadFromResources();
+    }
+
+    public override async void OnFrameworkInitializationCompleted()
     {
         if (ApplicationLifetime is IClassicDesktopStyleApplicationLifetime desktop)
-            desktop.MainWindow = new MainWindow { DataContext = new MainWindowViewModel() };
+        {
+            // Initialize configuration
+            var configService = ConfigServiceSingleton.Instance;
+            await configService.LoadAsync();
+            var config = configService.Config;
+
+            // Apply saved theme
+            RequestedThemeVariant = config.Theme == "Dark"
+                ? Avalonia.Styling.ThemeVariant.Dark
+                : Avalonia.Styling.ThemeVariant.Light;
+
+            // Apply saved locale
+            Services.LocalizationService.Instance.Locale = config.Language;
+
+            var mainWindow = new MainWindow
+            {
+                DataContext = new MainWindowViewModel(config)
+            };
+
+            // Restore window state
+            mainWindow.Width = config.WindowWidth;
+            mainWindow.Height = config.WindowHeight;
+            if (config.WindowMaximized)
+                mainWindow.WindowState = WindowState.Maximized;
+
+            // Save window state on close
+            mainWindow.Closing += (_, _) =>
+            {
+                if (mainWindow.WindowState == WindowState.Maximized)
+                {
+                    config.WindowMaximized = true;
+                }
+                else
+                {
+                    config.WindowMaximized = false;
+                    config.WindowWidth = mainWindow.Width;
+                    config.WindowHeight = mainWindow.Height;
+                }
+
+                // Fire-and-forget save
+                _ = configService.SaveAsync();
+            };
+
+            desktop.MainWindow = mainWindow;
+        }
+
         base.OnFrameworkInitializationCompleted();
     }
 }
+
+/// <summary>
+/// Singleton accessor for <see cref="ConfigService"/>.
+/// Mirrors the pattern used by <see cref="Services.LocalizationService"/>.
+/// </summary>
+public static class ConfigServiceSingleton
+{
+    public static ConfigService Instance { get; } = new();
+}

src/Configuration/AppConfig.cs

@@ -0,0 +1,115 @@
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace GeneralUpdate.Tools.Configuration;
+
+/// <summary>
+/// Top-level application configuration model.
+/// Persisted to <c>%APPDATA%/GeneralUpdate.Tools/config.json</c>.
+/// </summary>
+public class AppConfig
+{
+    /// <summary>Configuration schema version, for migration support.</summary>
+    [JsonProperty("_schemaVersion")]
+    public int SchemaVersion { get; set; } = 1;
+
+    // ── UI Preferences ────────────────────────────────────────
+
+    [JsonProperty("language")]
+    public string Language { get; set; } = "zh-CN";
+
+    [JsonProperty("theme")]
+    public string Theme { get; set; } = "Light";
+
+    [JsonProperty("windowWidth")]
+    public double WindowWidth { get; set; } = 960;
+
+    [JsonProperty("windowHeight")]
+    public double WindowHeight { get; set; } = 640;
+
+    [JsonProperty("windowMaximized")]
+    public bool WindowMaximized { get; set; }
+
+    // ── Path Memory ───────────────────────────────────────────
+
+    [JsonProperty("lastPatchOldDir")]
+    public string LastPatchOldDir { get; set; } = string.Empty;
+
+    [JsonProperty("lastPatchNewDir")]
+    public string LastPatchNewDir { get; set; } = string.Empty;
+
+    [JsonProperty("lastPatchOutputDir")]
+    public string LastPatchOutputDir { get; set; } = string.Empty;
+
+    [JsonProperty("lastSimulateAppDir")]
+    public string LastSimulateAppDir { get; set; } = string.Empty;
+
+    [JsonProperty("lastSimulatePatchFile")]
+    public string LastSimulatePatchFile { get; set; } = string.Empty;
+
+    [JsonProperty("lastSimulateOutputDir")]
+    public string LastSimulateOutputDir { get; set; } = string.Empty;
+
+    [JsonProperty("lastConfigClientPath")]
+    public string LastConfigClientPath { get; set; } = string.Empty;
+
+    [JsonProperty("lastConfigUpgradePath")]
+    public string LastConfigUpgradePath { get; set; } = string.Empty;
+
+    [JsonProperty("lastOssOutputDir")]
+    public string LastOssOutputDir { get; set; } = string.Empty;
+
+    [JsonProperty("lastExtensionDir")]
+    public string LastExtensionDir { get; set; } = string.Empty;
+
+    [JsonProperty("lastExtensionOutputDir")]
+    public string LastExtensionOutputDir { get; set; } = string.Empty;
+
+    // ── Upload Configuration ──────────────────────────────────
+
+    [JsonProperty("uploadServerUrl")]
+    public string UploadServerUrl { get; set; } = string.Empty;
+
+    [JsonProperty("uploadEndpoint")]
+    public string UploadEndpoint { get; set; } = "/api/v1/packages/upload";
+
+    [JsonProperty("uploadTimeoutSeconds")]
+    public int UploadTimeoutSeconds { get; set; } = 300;
+
+    [JsonProperty("uploadRetryCount")]
+    public int UploadRetryCount { get; set; } = 3;
+
+    [JsonProperty("autoUploadEnabled")]
+    public bool AutoUploadEnabled { get; set; }
+
+    [JsonProperty("uploadAuth")]
+    public AuthCredential UploadAuth { get; set; } = new();
+
+    // ── Simulation Configuration ──────────────────────────────
+
+    [JsonProperty("simulationServerPort")]
+    public string SimulationServerPort { get; set; } = "5000";
+
+    [JsonProperty("simulationRequireAuth")]
+    public bool SimulationRequireAuth { get; set; }
+
+    [JsonProperty("simulationAuth")]
+    public AuthCredential SimulationAuth { get; set; } = new();
+
+    [JsonProperty("simulationPlatformType")]
+    public string SimulationPlatformType { get; set; } = "Windows";
+
+    [JsonProperty("simulationAppType")]
+    public string SimulationAppType { get; set; } = "Client";
+
+    // ── Feature Switches ──────────────────────────────────────
+
+    [JsonProperty("encryptionScanEnabled")]
+    public bool EncryptionScanEnabled { get; set; } = true;
+
+    [JsonProperty("autoValidateSemver")]
+    public bool AutoValidateSemver { get; set; } = true;
+
+    [JsonProperty("showJsonPreview")]
+    public bool ShowJsonPreview { get; set; } = true;
+}

src/Configuration/AuthCredential.cs

@@ -0,0 +1,38 @@
+namespace GeneralUpdate.Tools.Configuration;
+
+/// <summary>
+/// Generic authentication credential used for both upload and simulation scenarios.
+/// Sensitive fields (passwords, tokens, API keys) are stored encrypted via DPAPI.
+/// </summary>
+public class AuthCredential
+{
+    /// <summary>Authentication scheme to use.</summary>
+    public AuthScheme Scheme { get; set; } = AuthScheme.None;
+
+    // ── Basic Auth ────────────────────────────────────────────
+
+    /// <summary>Username for Basic Authentication.</summary>
+    public string Username { get; set; } = string.Empty;
+
+    /// <summary>DPAPI-encrypted password for Basic Authentication.</summary>
+    public string EncryptedPassword { get; set; } = string.Empty;
+
+    // ── Bearer Token ──────────────────────────────────────────
+
+    /// <summary>DPAPI-encrypted bearer token / JWT.</summary>
+    public string EncryptedToken { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Optional login endpoint URL. When set, the upload service can
+    /// automatically obtain a fresh token by POSTing credentials to this endpoint.
+    /// </summary>
+    public string LoginUrl { get; set; } = string.Empty;
+
+    // ── API Key ───────────────────────────────────────────────
+
+    /// <summary>Custom HTTP header name for API Key (e.g. "X-API-Key").</summary>
+    public string ApiKeyHeaderName { get; set; } = "X-API-Key";
+
+    /// <summary>DPAPI-encrypted API key value.</summary>
+    public string EncryptedApiKey { get; set; } = string.Empty;
+}

src/Configuration/AuthCredentialEncryptor.cs

@@ -0,0 +1,113 @@
+using System;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace GeneralUpdate.Tools.Configuration;
+
+/// <summary>
+/// Encrypts and decrypts sensitive credential fields using Windows Data Protection API (DPAPI).
+/// On non-Windows platforms, falls back to Base64 encoding (not cryptographically secure).
+/// </summary>
+public static class AuthCredentialEncryptor
+{
+    private static readonly DataProtectionScope Scope = DataProtectionScope.CurrentUser;
+
+    /// <summary>Encrypt a plain-text secret. Returns Base64-encoded ciphertext.</summary>
+    public static string Protect(string plainText)
+    {
+        if (string.IsNullOrEmpty(plainText))
+            return string.Empty;
+
+        try
+        {
+            var plainBytes = Encoding.UTF8.GetBytes(plainText);
+            var cipherBytes = ProtectedData.Protect(plainBytes, null, Scope);
+            return Convert.ToBase64String(cipherBytes);
+        }
+        catch (PlatformNotSupportedException)
+        {
+            // Fallback for non-Windows: Base64 (reversible, NOT secure)
+            return Convert.ToBase64String(Encoding.UTF8.GetBytes(plainText));
+        }
+    }
+
+    /// <summary>Decrypt a protected secret. Returns the original plain text.</summary>
+    public static string Unprotect(string cipherText)
+    {
+        if (string.IsNullOrEmpty(cipherText))
+            return string.Empty;
+
+        try
+        {
+            var cipherBytes = Convert.FromBase64String(cipherText);
+            var plainBytes = ProtectedData.Unprotect(cipherBytes, null, Scope);
+            return Encoding.UTF8.GetString(plainBytes);
+        }
+        catch (PlatformNotSupportedException)
+        {
+            // Fallback for non-Windows
+            return Encoding.UTF8.GetString(Convert.FromBase64String(cipherText));
+        }
+        catch (FormatException)
+        {
+            // Data was stored in plain text before encryption was introduced
+            return cipherText;
+        }
+        catch (CryptographicException)
+        {
+            // Data was encrypted under a different user context — cannot decrypt.
+            // Return empty to avoid leaking ciphertext into UI.
+            return string.Empty;
+        }
+    }
+
+    /// <summary>
+    /// Convenience: decrypts all sensitive fields in an <see cref="AuthCredential"/> in-place
+    /// and returns a copy with plain-text values for use in HTTP clients.
+    /// </summary>
+    public static AuthCredentialPlain Decrypt(AuthCredential credential)
+    {
+        return new AuthCredentialPlain
+        {
+            Scheme = credential.Scheme,
+            Username = credential.Username,
+            Password = Unprotect(credential.EncryptedPassword),
+            Token = Unprotect(credential.EncryptedToken),
+            LoginUrl = credential.LoginUrl,
+            ApiKeyHeaderName = credential.ApiKeyHeaderName,
+            ApiKey = Unprotect(credential.EncryptedApiKey),
+        };
+    }
+
+    /// <summary>
+    /// Convenience: encrypts plain-text values back into an <see cref="AuthCredential"/>.
+    /// </summary>
+    public static AuthCredential Encrypt(AuthCredentialPlain plain)
+    {
+        return new AuthCredential
+        {
+            Scheme = plain.Scheme,
+            Username = plain.Username,
+            EncryptedPassword = Protect(plain.Password),
+            EncryptedToken = Protect(plain.Token),
+            LoginUrl = plain.LoginUrl,
+            ApiKeyHeaderName = plain.ApiKeyHeaderName,
+            EncryptedApiKey = Protect(plain.ApiKey),
+        };
+    }
+}
+
+/// <summary>
+/// Plain-text version of <see cref="AuthCredential"/> for use at runtime.
+/// Never persisted to disk.
+/// </summary>
+public class AuthCredentialPlain
+{
+    public AuthScheme Scheme { get; set; }
+    public string Username { get; set; } = string.Empty;
+    public string Password { get; set; } = string.Empty;
+    public string Token { get; set; } = string.Empty;
+    public string LoginUrl { get; set; } = string.Empty;
+    public string ApiKeyHeaderName { get; set; } = "X-API-Key";
+    public string ApiKey { get; set; } = string.Empty;
+}

src/Configuration/AuthScheme.cs

@@ -0,0 +1,19 @@
+namespace GeneralUpdate.Tools.Configuration;
+
+/// <summary>
+/// Authentication scheme for server communication.
+/// </summary>
+public enum AuthScheme
+{
+    /// <summary>No authentication required.</summary>
+    None,
+
+    /// <summary>HTTP Basic Authentication (username + password encoded in Authorization header).</summary>
+    Basic,
+
+    /// <summary>Bearer Token authentication (JWT or opaque token in Authorization header).</summary>
+    BearerToken,
+
+    /// <summary>Custom API Key in a configurable HTTP header (e.g. X-API-Key).</summary>
+    ApiKey,
+}