RubyGems - teems - Versions diffs - 0.1.0 - Mend

teems 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +24 -0
data/LICENSE +21 -0
data/README.md +136 -0
data/bin/teems +7 -0
data/lib/teems/api/calendar.rb +94 -0
data/lib/teems/api/channels.rb +26 -0
data/lib/teems/api/chats.rb +29 -0
data/lib/teems/api/client.rb +40 -0
data/lib/teems/api/files.rb +12 -0
data/lib/teems/api/messages.rb +58 -0
data/lib/teems/api/users.rb +88 -0
data/lib/teems/api/users_mailbox.rb +16 -0
data/lib/teems/api/users_presence.rb +43 -0
data/lib/teems/cli.rb +133 -0
data/lib/teems/commands/activity.rb +222 -0
data/lib/teems/commands/auth.rb +268 -0
data/lib/teems/commands/base.rb +146 -0
data/lib/teems/commands/cal.rb +891 -0
data/lib/teems/commands/channels.rb +115 -0
data/lib/teems/commands/chats.rb +159 -0
data/lib/teems/commands/help.rb +107 -0
data/lib/teems/commands/messages.rb +281 -0
data/lib/teems/commands/ooo.rb +385 -0
data/lib/teems/commands/org.rb +232 -0
data/lib/teems/commands/status.rb +224 -0
data/lib/teems/commands/sync.rb +390 -0
data/lib/teems/commands/who.rb +377 -0
data/lib/teems/formatters/calendar_formatter.rb +227 -0
data/lib/teems/formatters/format_utils.rb +56 -0
data/lib/teems/formatters/markdown_formatter.rb +113 -0
data/lib/teems/formatters/message_formatter.rb +67 -0
data/lib/teems/formatters/output.rb +105 -0
data/lib/teems/models/account.rb +59 -0
data/lib/teems/models/channel.rb +31 -0
data/lib/teems/models/chat.rb +111 -0
data/lib/teems/models/duration.rb +46 -0
data/lib/teems/models/event.rb +124 -0
data/lib/teems/models/message.rb +125 -0
data/lib/teems/models/parsing.rb +56 -0
data/lib/teems/models/user.rb +25 -0
data/lib/teems/models/user_profile.rb +45 -0
data/lib/teems/runner.rb +81 -0
data/lib/teems/services/api_client.rb +217 -0
data/lib/teems/services/cache_store.rb +32 -0
data/lib/teems/services/configuration.rb +56 -0
data/lib/teems/services/file_downloader.rb +39 -0
data/lib/teems/services/headless_extract.rb +192 -0
data/lib/teems/services/safari_oauth.rb +285 -0
data/lib/teems/services/sync_dir_naming.rb +42 -0
data/lib/teems/services/sync_engine.rb +194 -0
data/lib/teems/services/sync_store.rb +193 -0
data/lib/teems/services/teams_url_parser.rb +78 -0
data/lib/teems/services/token_exchange_scripts.rb +56 -0
data/lib/teems/services/token_extractor.rb +401 -0
data/lib/teems/services/token_extractor_scripts.rb +116 -0
data/lib/teems/services/token_refresher.rb +169 -0
data/lib/teems/services/token_store.rb +116 -0
data/lib/teems/support/error_logger.rb +35 -0
data/lib/teems/support/help_formatter.rb +80 -0
data/lib/teems/support/timezone.rb +44 -0
data/lib/teems/support/xdg_paths.rb +62 -0
data/lib/teems/version.rb +5 -0
data/lib/teems.rb +117 -0
data/support/token_helper.swift +485 -0
metadata +110 -0

data/lib/teems/services/headless_extract.rb ADDED Viewed

@@ -0,0 +1,192 @@
+# frozen_string_literal: true
+require 'open3'
+require 'json'
+require 'net/http'
+require 'uri'
+module Teems
+  module Services
+    # Compiles and manages the Swift WKWebView helper binary
+    module HelperBinary
+      SWIFT_FRAMEWORKS = %w[WebKit Security AppKit].freeze
+      private
+      def ensure_helper_binary
+        source = helper_source_path
+        binary = helper_binary_path
+        return nil unless File.exist?(source)
+        return binary if File.exist?(binary) && File.mtime(binary) >= File.mtime(source)
+        compile_helper(source, binary)
+      end
+      def compile_helper(source, binary)
+        log('Compiling headless token helper...')
+        _stdout, stderr, status = Open3.capture3(*swiftc_command(source, binary))
+        log_helper_stderr(stderr)
+        status.success? ? binary : log_and_nil('Failed to compile helper')
+      rescue Errno::ENOENT
+        log_and_nil('swiftc not found')
+      end
+      # :reek:UtilityFunction
+      def swiftc_command(source, binary)
+        ['swiftc', *SWIFT_FRAMEWORKS.flat_map { |fw| ['-framework', fw] }, source, '-o', binary]
+      end
+      def log_and_nil(message)
+        log(message)
+        nil
+      end
+      def log_helper_stderr(stderr)
+        stderr.each_line { |line| log("[helper] #{line.chomp}") }
+      end
+      def helper_source_path
+        File.expand_path('../../../support/token_helper.swift', __dir__)
+      end
+      def helper_binary_path
+        helper_source_path.sub(/\.swift$/, '')
+      end
+    end
+    # HTTP-based Skype token exchange (no browser needed)
+    module HttpSkypeExchange
+      AUTHSVC_URL = 'https://teams.microsoft.com/api/authsvc/v1.0/authz'
+      private
+      # :reek:UtilityFunction :reek:TooManyStatements :reek:UncommunicativeVariableName
+      def exchange_skype_via_http(skype_spaces_token)
+        return nil unless skype_spaces_token
+        response = post_authsvc_exchange(skype_spaces_token)
+        return nil unless response.is_a?(Net::HTTPSuccess)
+        JSON.parse(response.body).dig('tokens', 'skypeToken')
+      rescue StandardError => e
+        log("Skype exchange failed: #{e.message}")
+        nil
+      end
+      # :reek:UtilityFunction
+      def post_authsvc_exchange(token)
+        uri = URI(AUTHSVC_URL)
+        http = build_authsvc_http(uri)
+        http.request(build_authsvc_request(uri, token))
+      end
+      # :reek:UtilityFunction
+      def build_authsvc_http(uri)
+        Net::HTTP.new(uri.host, uri.port).tap do |http|
+          http.use_ssl = true
+          http.open_timeout = 10
+          http.read_timeout = 30
+        end
+      end
+      # :reek:UtilityFunction
+      def build_authsvc_request(uri, token)
+        Net::HTTP::Post.new(uri).tap do |req|
+          req['Authorization'] = "Bearer #{token}"
+          req['Content-Type'] = 'application/json'
+          req.body = '{}'
+        end
+      end
+    end
+    # Headless token extraction via WKWebView Swift helper.
+    # Uses OAuth2 implicit flow with redirect interception — no Safari needed.
+    # Falls through to Safari when no cached Entra ID session exists.
+    module HeadlessExtract
+      include HelperBinary
+      include HttpSkypeExchange
+      HELPER_TIMEOUT = 15
+      NEEDS_SAFARI_EXIT = 2
+      private
+      # :reek:TooManyStatements :reek:UncommunicativeVariableName
+      def try_headless_extract
+        binary = ensure_helper_binary
+        return nil unless binary
+        log('Trying headless token extraction...')
+        output, stderr, status = Open3.capture3(binary, *build_helper_args)
+        log_helper_stderr(stderr)
+        handle_helper_result(output, status.exitstatus)
+      rescue StandardError => e
+        log("Headless extraction error: #{e.message}")
+        nil
+      end
+      def handle_helper_result(output, exit_code)
+        return parse_headless_result(output) if exit_code.zero?
+        message = exit_code == NEEDS_SAFARI_EXIT ? 'No cached session' : "Helper exited #{exit_code}"
+        log("#{message}, falling back to Safari...")
+        nil
+      end
+      def build_helper_args
+        hint, tenant = stored_login_hint
+        ['--timeout', HELPER_TIMEOUT.to_s,
+         *(hint ? ['--login-hint', hint] : []),
+         *(tenant ? ['--tenant-id', tenant] : []),
+         *(@auth_mode == :certauth ? ['--certauth'] : [])]
+      end
+      # :reek:UtilityFunction
+      def stored_login_hint
+        path = locate_token_store
+        return [nil, nil] unless path && File.exist?(path)
+        data = JSON.parse(File.read(path))
+        [extract_upn(data['auth_token']), data['tenant_id']]
+      rescue StandardError
+        [nil, nil]
+      end
+      # :reek:UtilityFunction
+      def extract_upn(jwt)
+        return nil unless jwt && (payload = jwt.split('.')[1])
+        padded = payload.tr('-_', '+/').ljust((payload.length + 3) & ~3, '=')
+        JSON.parse(padded.unpack1('m'))['upn']
+      rescue StandardError
+        nil
+      end
+      # :reek:UtilityFunction
+      def locate_token_store
+        config = ENV.fetch('XDG_CONFIG_HOME', File.join(Dir.home, '.config'))
+        File.join(config, 'teems', 'tokens.json')
+      end
+      # :reek:TooManyStatements :reek:UncommunicativeVariableName
+      def parse_headless_result(output)
+        parsed = JSON.parse(output.strip)
+        return nil unless parsed['auth_token']
+        build_headless_tokens(parsed)
+      rescue JSON::ParserError => e
+        log("Failed to parse headless result: #{e.message}")
+        nil
+      end
+      # :reek:FeatureEnvy
+      def build_headless_tokens(parsed)
+        spaces_token = parsed['skype_spaces_token']
+        { auth_token: parsed['auth_token'], skype_token: exchange_skype_via_http(spaces_token),
+          skype_spaces_token: spaces_token, chatsvc_token: nil,
+          refresh_token: parsed['refresh_token'], client_id: parsed['client_id'], tenant_id: parsed['tenant_id'] }
+      end
+    end
+  end
+end

data/lib/teems/services/safari_oauth.rb ADDED Viewed

@@ -0,0 +1,285 @@
+# frozen_string_literal: true
+require 'securerandom'
+require 'digest'
+require 'net/http'
+require 'json'
+require 'uri'
+module Teems
+  module Services
+    # Builds OAuth authorize URLs for the Teams app registration
+    module OAuthUrlBuilder
+      TEAMS_APP_ID = '5e3ce6c0-2b1f-4285-8d4b-75ee78787346'
+      REDIRECT_URI = 'https://teams.microsoft.com/go'
+      AUTHORIZE_ENDPOINT = 'https://login.microsoftonline.com/%s/oauth2/authorize'
+      private
+      def build_authorize_url(context, response_type, **opts)
+        params = base_authorize_params(response_type)
+        apply_optional_params(params, context[:hint], opts)
+        build_authorize_uri(context[:tenant], params)
+      end
+      def apply_optional_params(params, hint, opts)
+        resource = opts[:resource]
+        pkce = opts[:pkce]
+        params['resource'] = resource if resource
+        add_login_hints(params, hint)
+        add_pkce_params(params, pkce) if pkce
+      end
+      def base_authorize_params(response_type)
+        nonces = Array.new(2) { SecureRandom.uuid }
+        { 'response_type' => response_type, 'client_id' => TEAMS_APP_ID,
+          'redirect_uri' => REDIRECT_URI, 'state' => nonces[0], 'nonce' => nonces[1] }
+      end
+      def add_login_hints(params, hint)
+        return unless hint
+        params['login_hint'] = hint
+        domain = hint.split('@').last
+        params['domain_hint'] = domain if domain
+      end
+      def add_pkce_params(params, pkce)
+        params['code_challenge'] = pkce[:challenge]
+        params['code_challenge_method'] = 'S256'
+      end
+      def build_authorize_uri(tenant, params)
+        uri = URI(format(AUTHORIZE_ENDPOINT, tenant))
+        uri.query = URI.encode_www_form(params)
+        uri.to_s
+      end
+    end
+    # PKCE helpers and Graph authorization code exchange
+    module OAuthCodeExchange
+      TOKEN_ENDPOINT = 'https://login.microsoftonline.com/%s/oauth2/token'
+      GRAPH_RESOURCE = 'https://graph.microsoft.com'
+      private
+      def generate_pkce
+        verifier = base64url(SecureRandom.random_bytes(32))
+        challenge = base64url(Digest::SHA256.digest(verifier))
+        { verifier: verifier, challenge: challenge }
+      end
+      def base64url(data) = [data].pack('m0').tr('+/', '-_').delete('=')
+      def exchange_graph_code(exchange)
+        response = post_token_exchange(exchange)
+        return nil unless response.is_a?(Net::HTTPSuccess)
+        JSON.parse(response.body)
+      rescue StandardError => e
+        log("Graph code exchange failed: #{e.message}")
+        nil
+      end
+      def post_token_exchange(exchange)
+        uri = URI(format(TOKEN_ENDPOINT, exchange[:tenant]))
+        post = build_exchange_request(uri, exchange)
+        Net::HTTP.start(uri.host, uri.port, use_ssl: true,
+                                            open_timeout: 10, read_timeout: 30) { |http| http.request(post) }
+      end
+      def build_exchange_request(uri, exchange)
+        Net::HTTP::Post.new(uri, 'Content-Type' => 'application/x-www-form-urlencoded',
+                                 'Origin' => 'https://teams.microsoft.com').tap do |post|
+          post.body = token_exchange_body(exchange)
+        end
+      end
+      def token_exchange_body(exchange)
+        URI.encode_www_form(
+          'grant_type' => 'authorization_code', 'client_id' => OAuthUrlBuilder::TEAMS_APP_ID,
+          'code' => exchange[:code], 'redirect_uri' => OAuthUrlBuilder::REDIRECT_URI,
+          'resource' => GRAPH_RESOURCE, 'code_verifier' => exchange[:verifier]
+        )
+      end
+      def decode_jwt(token)
+        payload = token.split('.')[1]
+        return nil unless payload
+        padded = payload.tr('-_', '+/').ljust((payload.length + 3) & ~3, '=')
+        JSON.parse(padded.unpack1('m'))
+      rescue StandardError
+        nil
+      end
+    end
+    # Polls Safari's URL bar via AppleScript and manages Safari tab navigation
+    module SafariOAuthPolling
+      private
+      def poll_safari_query_redirect
+        raw = run_applescript(poll_query_redirect_script).to_s
+        if raw.empty? || raw == 'timeout'
+          log('Safari OAuth: fast capture missed, falling back')
+          return nil
+        end
+        log('Safari OAuth: captured authorization code')
+        parse_oauth_params(raw)
+      end
+      # Poll for ?code= in the URL — Safari's URL property includes query strings
+      def poll_query_redirect_script
+        <<~APPLESCRIPT
+          tell application "Safari"
+            repeat 600 times
+              try
+                set pageURL to URL of current tab of front window
+                if pageURL contains "teams.microsoft.com/go?" then
+                  set codeStart to offset of "?" in pageURL
+                  return text (codeStart + 1) thru -1 of pageURL
+                end if
+              end try
+              delay 0.02
+            end repeat
+            return "timeout"
+          end tell
+        APPLESCRIPT
+      end
+      def parse_oauth_params(raw)
+        raw.split('&').each_with_object({}) do |pair, hash|
+          key, value = pair.split('=', 2)
+          hash[key] = URI.decode_www_form_component(value.to_s)
+        end
+      end
+      def open_safari_to(url)
+        run_applescript(open_safari_tab_script(url))
+      end
+      def open_safari_tab_script(url)
+        <<~APPLESCRIPT
+          tell application "Safari"
+            activate
+            if (count of windows) = 0 then
+              make new document with properties {URL:"#{url}"}
+            else
+              tell front window
+                set current tab to (make new tab with properties {URL:"#{url}"})
+              end tell
+            end if
+          end tell
+        APPLESCRIPT
+      end
+      def navigate_safari_to(url)
+        run_applescript(<<~APPLESCRIPT)
+          tell application "Safari"
+            set URL of current tab of front window to "#{url}"
+          end tell
+        APPLESCRIPT
+      end
+    end
+    # Single-hop Safari OAuth: one authorization code request via Safari (SSO Extension
+    # handles device auth), then HTTP exchanges for remaining tokens. Uses query string
+    # (?code=...) which Safari preserves, unlike fragments (#token=...) which get lost.
+    module SafariOAuth
+      include OAuthUrlBuilder
+      include OAuthCodeExchange
+      include SafariOAuthPolling
+      SKYPE_RESOURCE = 'https://api.spaces.skype.com'
+      private
+      def try_safari_oauth
+        hint, tenant = stored_login_hint
+        return nil unless tenant
+        log('Trying fast Safari OAuth flow...')
+        safari_code_flow({ tenant: tenant, hint: hint })
+      rescue StandardError => e
+        log("Safari OAuth error: #{e.class}: #{e.message}")
+        nil
+      ensure
+        close_teams_tab if tenant
+      end
+      def safari_code_flow(context)
+        graph = fetch_graph_via_safari(context)
+        return nil unless graph
+        skype = fetch_skype_via_refresh(graph, context[:tenant])
+        return nil unless skype
+        log('Safari OAuth: all tokens acquired!')
+        assemble_safari_result(context, graph, skype)
+      end
+      def fetch_graph_via_safari(context)
+        pkce = generate_pkce
+        url = build_authorize_url(context, 'code', resource: GRAPH_RESOURCE, pkce: pkce)
+        log('Safari OAuth: requesting authorization code...')
+        open_safari_to(url)
+        params = poll_safari_query_redirect
+        return nil unless params&.dig('code')
+        log('Safari OAuth: exchanging code for Graph tokens...')
+        exchange_graph_code(code: params['code'], verifier: pkce[:verifier], tenant: context[:tenant])
+      end
+      def fetch_skype_via_refresh(graph, tenant)
+        graph_rt = graph['refresh_token']
+        return nil unless graph_rt
+        log('Safari OAuth: refreshing for Skype token...')
+        result = refresh_for_resource(token: graph_rt, tenant: tenant, resource: SKYPE_RESOURCE)
+        return nil unless result
+        { spaces_token: result['access_token'], refresh_token: result['refresh_token'] }
+      end
+      def refresh_for_resource(grant)
+        response = post_refresh_request(grant)
+        return log_refresh_error(response) unless response.is_a?(Net::HTTPSuccess)
+        JSON.parse(response.body)
+      rescue StandardError => e
+        log("Token refresh failed: #{e.class}: #{e.message}")
+        nil
+      end
+      def log_refresh_error(response)
+        log("Token refresh failed: HTTP #{response.code}")
+        nil
+      end
+      # :reek:FeatureEnvy
+      def post_refresh_request(grant)
+        uri = URI(format(OAuthCodeExchange::TOKEN_ENDPOINT, grant[:tenant]))
+        post = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/x-www-form-urlencoded',
+                                        'Origin' => 'https://teams.microsoft.com')
+        post.body = URI.encode_www_form('grant_type' => 'refresh_token',
+                                        'client_id' => OAuthUrlBuilder::TEAMS_APP_ID,
+                                        'refresh_token' => grant[:token],
+                                        'resource' => grant[:resource])
+        Net::HTTP.start(uri.host, uri.port, use_ssl: true,
+                                            open_timeout: 10, read_timeout: 30) { |http| http.request(post) }
+      end
+      # :reek:FeatureEnvy
+      def assemble_safari_result(context, graph, skype)
+        spaces_token = skype[:spaces_token]
+        { auth_token: graph['access_token'],
+          skype_token: exchange_skype_via_http(spaces_token),
+          skype_spaces_token: spaces_token, chatsvc_token: nil,
+          refresh_token: skype[:refresh_token],
+          client_id: OAuthUrlBuilder::TEAMS_APP_ID,
+          tenant_id: context[:tenant] }
+      end
+    end
+  end
+end

data/lib/teems/services/sync_dir_naming.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+module Teems
+  module Services
+    # Directory naming helpers for SyncStore
+    module SyncDirNaming
+      GENERIC_LABELS = ['Group Chat', '1:1 Chat', 'Meeting Chat', 'Channel', 'Space'].freeze
+      MAX_DIR_NAME_LENGTH = 100
+      TYPE_DIRS = {
+        'oneOnOne' => 'dms', 'group' => 'groups', 'meeting' => 'meetings',
+        'channel' => 'channels', 'space' => 'spaces'
+      }.freeze
+      module_function
+      def type_dir(chat_type) = TYPE_DIRS[chat_type] || 'other'
+      private
+      def sanitize_id(id)
+        id.gsub(/[:@]/, '_')
+      end
+      def sanitize_display_name(name)
+        return nil if name.to_s.strip.empty?
+        sanitized = name.strip.gsub(%r{[/\\:*?"<>|]}, '-').gsub(/\s+/, ' ')
+        sanitized = sanitized[0, MAX_DIR_NAME_LENGTH].gsub(/[\s.]+\z/, '')
+        sanitized.empty? ? nil : sanitized
+      end
+      def build_dir_name(chat_id, display_name)
+        sanitized = sanitize_display_name(display_name)
+        safe_id = sanitize_id(chat_id)
+        return safe_id unless sanitized
+        return sanitized unless GENERIC_LABELS.include?(display_name.strip)
+        "#{sanitized} (#{safe_id[0, 20]})"
+      end
+    end
+  end
+end