easyai 1.0.2 → 1.0.4

data/lib/easyai/auth/jpslogin.rb

@@ -0,0 +1,384 @@
+#!/usr/bin/env ruby
+
+require 'webrick'
+require 'json'
+require 'net/http'
+require 'uri'
+require 'securerandom'
+require 'digest'
+require 'base64'
+require 'fileutils'
+
+module EasyAI
+  module Auth
+    class JPSLogin
+      attr_reader :access_token, :username, :expires_at
+
+      def initialize
+        @client_id = "cli_a7bc7fe9b3d1d00b"
+        @server_port = 8898
+        @state = "client_login"
+        @api_endpoint = "https://jps-api.devtestapp.com/api/lark_login"
+        @redirect_uri = "https://jps-new.devtestapp.com/auth/jwt/login"
+        @feishu_auth_url = 'https://passport.feishu.cn/suite/passport/oauth/authorize?'
+        
+        @scope_list = [
+          'task:task:write',
+          'task:section:write', 
+          'task:custom_field:write',
+          'task:tasklist:write'
+        ]
+
+        @access_token = nil
+        @username = nil
+        @expires_at = nil
+        
+        # token 存储路径
+        @token_dir = File.expand_path('~/.easyai')
+        @token_file = File.join(@token_dir, '.jpstoken')
+      end
+
+      # 主登录入口
+      def login
+        # 检查已存储的 token
+        if load_stored_token && validate_token
+          return true
+        end
+        
+        puts "🔐 需要登录 JPS..."
+        return authorize_and_login
+      end
+
+      # 获取用户名（登录后可用）
+      def get_username
+        return @username if @username
+        
+        # 如果没有用户名但有 token，尝试从存储中加载
+        if load_stored_token
+          return @username
+        end
+        
+        nil
+      end
+
+      # 检查 token 是否有效
+      def validate_token(token = nil)
+        token_to_check = token || @access_token
+        return false unless token_to_check
+        
+        # 检查过期时间
+        if @expires_at && Time.now.to_i > @expires_at
+          puts "Token 已过期，需要重新登录"
+          return false
+        end
+        
+        # 简单验证（实际项目中可以调用 API 验证）
+        return true
+      end
+
+      private
+
+      # 完整的授权和登录流程
+      def authorize_and_login
+        # 构建授权 URL
+        authorization_uri = build_authorization_uri
+        puts "正在打开浏览器进行飞书 OAuth 授权..."
+        puts "授权 URL: #{authorization_uri}"
+        
+        # 在浏览器中打开授权 URL
+        open_browser(authorization_uri)
+        
+        # 启动本地服务器处理回调
+        code = start_callback_server
+        
+        # 如果自动获取失败，提示用户手动输入
+        if code.nil?
+          puts "自动获取授权码失败，您可以手动输入："
+          puts "1. 授权码 (直接复制 'code=' 后面的内容)"
+          puts "2. 完整回调 URL"
+          print "> "
+          input = STDIN.gets.chomp
+          
+          if input.start_with?("http")
+            # 尝试从 URL 中提取 code
+            begin
+              uri = URI(input)
+              query_params = URI.decode_www_form(uri.query || '').to_h
+              code = query_params['code']
+              puts "从 URL 中成功提取授权码" if code
+            rescue => e
+              puts "无法从 URL 中提取授权码: #{e.message}"
+            end
+          else
+            # 将输入直接作为 code
+            code = input unless input.empty?
+          end
+        end
+        
+        if code
+          puts "成功获取授权码！正在使用飞书身份登录 JPS..."
+          if exchange_code_for_token(code)
+            puts "✓ JPS 登录成功！"
+            puts "  用户名: #{@username}"
+            store_token
+            return true
+          end
+          return false
+        else
+          puts "✗ 授权失败"
+          return false
+        end
+      end
+
+      # 构建授权 URI
+      def build_authorization_uri
+        uri = URI(@feishu_auth_url)
+        
+        params = {
+          'client_id' => @client_id,
+          'redirect_uri' => @redirect_uri,
+          'response_type' => 'code',
+          'state' => @state,
+          'scope' => @scope_list.join(' ')
+        }
+        
+        uri.query = URI.encode_www_form(params)
+        uri.to_s
+      end
+
+      # 在浏览器中打开 URL
+      def open_browser(url)
+        case RbConfig::CONFIG['host_os']
+        when /mswin|mingw|cygwin/
+          system("start", url)
+        when /darwin/
+          system("open", url)
+        when /linux|bsd/
+          system("xdg-open", url)
+        else
+          puts "无法自动打开浏览器，请手动访问: #{url}"
+        end
+      end
+
+      # 启动本地服务器处理回调
+      def start_callback_server
+        code = nil
+        
+        puts "启动本地服务器，监听端口 #{@server_port}..."
+        
+        server = WEBrick::HTTPServer.new(
+          Port: @server_port,
+          Logger: WEBrick::Log.new("/dev/null"),
+          AccessLog: []
+        )
+
+        # 处理根路径的请求
+        server.mount_proc '/' do |req, res|
+          begin
+            # 解析请求参数
+            query_params = URI.decode_www_form(req.query_string || '').to_h
+            puts "接收到回调请求，参数: #{query_params.inspect}"
+            
+            if query_params['error']
+              puts "授权错误: #{query_params['error']}"
+              res.content_type = "text/html; charset=UTF-8"
+              res.body = build_error_page(query_params['error'])
+            elsif query_params['code']
+              code = query_params['code']
+              puts "成功获取授权码"
+              res.content_type = "text/html; charset=UTF-8"
+              res.body = build_success_page
+            else
+              puts "未获取到授权码"
+              res.content_type = "text/html; charset=UTF-8"
+              res.body = build_error_page("未获取到授权码")
+            end
+
+            # 4秒后关闭服务器
+            Thread.new do
+              sleep 4
+              server.shutdown
+            end
+          rescue => e
+            puts "处理请求时出错: #{e.class} - #{e.message}"
+            res.content_type = "text/html; charset=UTF-8"
+            res.body = build_error_page("处理请求时出错")
+            
+            Thread.new do
+              sleep 4
+              server.shutdown
+            end
+          end
+        end
+        
+        # 捕获 Ctrl+C
+        trap('INT') { server.shutdown }
+        
+        # 在线程中运行服务器，最多等待 3 分钟
+        thread = Thread.new { server.start }
+        begin
+          thread.join(180) # 最多等待 3 分钟
+        rescue => e
+          puts "服务器等待超时"
+          server.shutdown
+        end
+
+        code
+      end
+
+      # 使用授权码换取 token
+      def exchange_code_for_token(code)
+        begin
+          request_data = {
+            'code' => code,
+            'redirectUri' => @redirect_uri,
+            'scope' => @scope_list.join(' ')
+          }
+          
+          uri = URI(@api_endpoint)
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = (uri.scheme == 'https')
+          
+          request = Net::HTTP::Post.new(uri)
+          request['Content-Type'] = 'application/json'
+          request.body = request_data.to_json
+          
+          puts "正在请求 JPS API: #{@api_endpoint}"
+          response = http.request(request)
+          
+          puts "API 响应状态码: #{response.code}"
+          
+          if response.body
+            result = JSON.parse(response.body)
+            puts "API 响应: #{result.inspect}"
+            
+            if result['meta'] && result['meta']['code'] == 200 && result['data']
+              data = result['data']
+              @access_token = data['token'] if data['token']
+              @username = data['username'] if data['username']
+              # 设置过期时间为 6 天后
+              @expires_at = Time.now.to_i + 6 * 24 * 60 * 60
+              
+              return true if @access_token
+            else
+              error_msg = result['meta'] && result['meta']['message'] ? result['meta']['message'] : '未知错误'
+              puts "JPS 登录失败: #{error_msg}"
+            end
+          else
+            puts "API 返回空响应"
+          end
+          
+          return false
+        rescue => e
+          puts "请求 JPS API 失败: #{e.class} - #{e.message}"
+          return false
+        end
+      end
+
+      # 存储 token 和用户名到 ~/.easyai/.jpstoken 文件
+      def store_token
+        return unless @access_token
+        
+        # 确保目录存在
+        FileUtils.mkdir_p(@token_dir) unless Dir.exist?(@token_dir)
+        
+        token_data = {
+          'token' => @access_token,
+          'username' => @username,
+          'expires_at' => @expires_at,
+          'created_at' => Time.now.to_i
+        }
+        
+        File.write(@token_file, token_data.to_json)
+        puts "✓ JPS Token 和用户名已存储到 #{@token_file}"
+      rescue => e
+        puts "⚠ 存储 JPS Token 失败: #{e.message}"
+      end
+
+      # 从 ~/.easyai/.jpstoken 文件加载 token 和用户名
+      def load_stored_token
+        return false unless File.exist?(@token_file)
+        
+        begin
+          token_data = JSON.parse(File.read(@token_file))
+          @access_token = token_data['token']
+          @username = token_data['username'] 
+          @expires_at = token_data['expires_at']
+          
+          return @access_token ? true : false
+        rescue => e
+          puts "⚠️  读取 JPS Token 失败: #{e.message}"
+          return false
+        end
+      end
+
+      # 构建成功页面
+      def build_success_page
+        <<~HTML
+        <!DOCTYPE html>
+        <html>
+        <head>
+          <meta charset="UTF-8">
+          <title>JPS 授权成功</title>
+          <style>
+            body { font-family: Arial, sans-serif; text-align: center; padding: 40px; background-color: #f5f5f5; }
+            .container { max-width: 600px; margin: 0 auto; background: white; padding: 40px; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); }
+            .success { color: #4CAF50; margin-bottom: 20px; }
+            .countdown { font-weight: bold; color: #FF5722; }
+            .close-btn { background: #4CAF50; color: white; border: none; padding: 10px 20px; cursor: pointer; border-radius: 4px; font-size: 16px; }
+          </style>
+          <script>
+            var secondsLeft = 3;
+            function updateCountdown() {
+              document.getElementById('countdown').innerText = secondsLeft;
+              if (secondsLeft <= 0) {
+                window.close();
+              } else {
+                secondsLeft -= 1;
+                setTimeout(updateCountdown, 1000);
+              }
+            }
+            window.onload = function() { updateCountdown(); }
+          </script>
+        </head>
+        <body>
+          <div class="container">
+            <h1 class="success">✓ JPS 授权成功！</h1>
+            <p>已获取授权码，正在返回命令行...</p>
+            <p>此窗口将在 <span id="countdown" class="countdown">3</span> 秒后自动关闭</p>
+            <button class="close-btn" onclick="window.close()">立即关闭</button>
+          </div>
+        </body>
+        </html>
+        HTML
+      end
+
+      # 构建错误页面
+      def build_error_page(error_msg)
+        <<~HTML
+        <!DOCTYPE html>
+        <html>
+        <head>
+          <meta charset="UTF-8">
+          <title>JPS 授权失败</title>
+          <style>
+            body { font-family: Arial, sans-serif; text-align: center; padding: 40px; background-color: #f5f5f5; }
+            .container { max-width: 600px; margin: 0 auto; background: white; padding: 40px; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); }
+            .error { color: #f44336; margin-bottom: 20px; }
+            .close-btn { background: #f44336; color: white; border: none; padding: 10px 20px; cursor: pointer; border-radius: 4px; font-size: 16px; }
+          </style>
+        </head>
+        <body>
+          <div class="container">
+            <h1 class="error">✗ JPS 授权失败</h1>
+            <p>错误信息: #{error_msg}</p>
+            <p>请返回命令行重试</p>
+            <button class="close-btn" onclick="window.close()">关闭窗口</button>
+          </div>
+        </body>
+        </html>
+        HTML
+      end
+    end
+  end
+end

data/lib/easyai/base/file_crypto.rb

@@ -0,0 +1,214 @@
+require 'openssl'
+require 'base64'
+require 'digest'
+require 'io/console'
+require 'fileutils'
+
+module EasyAI
+  module Base
+    module FileCrypto
+      
+      # 生成 AES-128 密钥
+      def self.generate_key(password)
+        Digest::MD5.hexdigest(password)[0, 16]
+      end
+      
+      # AES-128-ECB 加密字符串
+      def self.aes_128_ecb_encrypt(key, data)
+        cipher = OpenSSL::Cipher.new('AES-128-ECB')
+        cipher.encrypt
+        cipher.key = key
+        encrypted = cipher.update(data) + cipher.final
+        Base64.strict_encode64(encrypted)
+      end
+      
+      # AES-128-ECB 解密字符串
+      def self.aes_128_ecb_decrypt(key, encrypted_data)
+        cipher = OpenSSL::Cipher.new('AES-128-ECB')
+        cipher.decrypt
+        cipher.key = key
+        decrypted_data = Base64.strict_decode64(encrypted_data)
+        cipher.update(decrypted_data) + cipher.final
+      end
+      
+      # 加密文件
+      def self.encrypt_file(file_path, password, output_path = nil)
+        raise "文件不存在: #{file_path}" unless File.exist?(file_path)
+        raise "指定路径不是文件: #{file_path}" unless File.file?(file_path)
+        
+        # 如果没有指定输出路径，使用原文件路径加 .encrypted 后缀
+        output_path ||= "#{file_path}.encrypted"
+        
+        # 生成密钥
+        key = generate_key(password)
+        
+        # 读取文件内容
+        file_content = File.read(file_path)
+        
+        # 加密内容
+        encrypted_content = aes_128_ecb_encrypt(key, file_content)
+        
+        # 写入加密文件
+        File.write(output_path, encrypted_content)
+        
+        output_path
+      rescue => e
+        raise "加密文件失败: #{e.message}"
+      end
+      
+      # 加密目录中的所有文件
+      def self.encrypt_directory(dir_path, password, output_dir = nil)
+        raise "目录不存在: #{dir_path}" unless File.exist?(dir_path)
+        raise "指定路径不是目录: #{dir_path}" unless File.directory?(dir_path)
+        
+        # 如果没有指定输出目录，使用原目录路径加 _encrypted 后缀
+        output_dir ||= "#{dir_path}_encrypted"
+        
+        # 创建输出目录
+        Dir.mkdir(output_dir) unless File.exist?(output_dir)
+        
+        encrypted_files = []
+        
+        # 遍历目录中的所有文件（递归）
+        Dir.glob(File.join(dir_path, "**", "*")).each do |file_path|
+          next unless File.file?(file_path)
+          
+          # 计算相对路径
+          relative_path = file_path.gsub(/^#{Regexp.escape(dir_path)}\//, '')
+          output_file_path = File.join(output_dir, "#{relative_path}.encrypted")
+          
+          # 确保输出文件的目录存在
+          output_file_dir = File.dirname(output_file_path)
+          FileUtils.mkdir_p(output_file_dir) unless File.exist?(output_file_dir)
+          
+          begin
+            encrypt_file(file_path, password, output_file_path)
+            encrypted_files << output_file_path
+          rescue => e
+            puts "⚠️  跳过文件 #{relative_path}: #{e.message}"
+          end
+        end
+        
+        { output_dir: output_dir, encrypted_files: encrypted_files }
+      rescue => e
+        raise "加密目录失败: #{e.message}"
+      end
+      
+      # 解密文件
+      def self.decrypt_file(file_path, password, output_path = nil)
+        raise "文件不存在: #{file_path}" unless File.exist?(file_path)
+        raise "指定路径不是文件: #{file_path}" unless File.file?(file_path)
+        
+        # 如果没有指定输出路径，移除 .encrypted 后缀或加 .decrypted 后缀
+        if output_path.nil?
+          if file_path.end_with?('.encrypted')
+            output_path = file_path.gsub(/\.encrypted$/, '')
+          else
+            output_path = "#{file_path}.decrypted"
+          end
+        end
+        
+        # 生成密钥
+        key = generate_key(password)
+        
+        # 读取加密文件内容
+        encrypted_content = File.read(file_path)
+        
+        # 解密内容
+        decrypted_content = aes_128_ecb_decrypt(key, encrypted_content)
+        
+        # 写入解密文件
+        File.write(output_path, decrypted_content)
+        
+        output_path
+      rescue => e
+        raise "解密文件失败: #{e.message}"
+      end
+      
+      # 解密目录中的所有加密文件
+      def self.decrypt_directory(dir_path, password, output_dir = nil)
+        raise "目录不存在: #{dir_path}" unless File.exist?(dir_path)
+        raise "指定路径不是目录: #{dir_path}" unless File.directory?(dir_path)
+        
+        # 如果没有指定输出目录，智能判断输出路径
+        if output_dir.nil?
+          if dir_path.end_with?('_encrypted')
+            output_dir = dir_path.gsub(/_encrypted$/, '')
+          else
+            output_dir = "#{dir_path}_decrypted"
+          end
+        end
+        
+        # 创建输出目录
+        Dir.mkdir(output_dir) unless File.exist?(output_dir)
+        
+        decrypted_files = []
+        
+        # 遍历目录中的所有文件（递归）
+        Dir.glob(File.join(dir_path, "**", "*")).each do |file_path|
+          next unless File.file?(file_path)
+          
+          # 计算相对路径
+          relative_path = file_path.gsub(/^#{Regexp.escape(dir_path)}\//, '')
+          
+          # 智能处理输出文件路径
+          if relative_path.end_with?('.encrypted')
+            # 移除 .encrypted 后缀
+            output_relative_path = relative_path.gsub(/\.encrypted$/, '')
+          else
+            # 如果不是 .encrypted 文件，跳过或添加 .decrypted 后缀
+            puts "⚠️  跳过非加密文件: #{relative_path}"
+            next
+          end
+          
+          output_file_path = File.join(output_dir, output_relative_path)
+          
+          # 确保输出文件的目录存在
+          output_file_dir = File.dirname(output_file_path)
+          FileUtils.mkdir_p(output_file_dir) unless File.exist?(output_file_dir)
+          
+          begin
+            decrypt_file(file_path, password, output_file_path)
+            decrypted_files << output_file_path
+          rescue => e
+            puts "⚠️  跳过文件 #{relative_path}: #{e.message}"
+          end
+        end
+        
+        { output_dir: output_dir, decrypted_files: decrypted_files }
+      rescue => e
+        raise "解密目录失败: #{e.message}"
+      end
+      
+      # 获取用户密码输入
+      def self.get_password(prompt = "请输入密码: ")
+        # 如果设置了环境变量，直接使用（主要用于测试和脚本自动化）
+        if ENV['EASYAI_TEST_PASSWORD']
+          password = ENV['EASYAI_TEST_PASSWORD']
+          puts "使用环境变量密码"
+          return password
+        end
+        
+        begin
+          print prompt
+          password = STDIN.noecho(&:gets)&.chomp
+          puts # 换行
+          
+          if password.nil? || password.empty?
+            puts "❌ 密码不能为空"
+            return nil
+          end
+          
+          password
+        rescue Interrupt
+          puts "\n\n用户取消输入"
+          return nil
+        rescue => e
+          puts "\n❌ 密码输入出错: #{e.message}"
+          return nil
+        end
+      end
+      
+    end
+  end
+end