@besile/scm-cli 2026.3.29

package/src/core/scm-errors.js

@@ -0,0 +1,20 @@
+"use strict";
+/**
+ * Copyright (c) 2026 WFS
+ * SPDX-License-Identifier: MIT
+ *
+ * @deprecated Import from src/internal/errors/scm-errors.js instead
+ */
+export {
+    ScmError,
+    ScmAuthError,
+    ScmTokenExpiredError,
+    ScmTokenInvalidError,
+    ScmUserNotLoggedInError,
+    ScmApiError,
+    ScmTimeoutError,
+    ScmNetworkError,
+    ScmParamError,
+    ScmPermissionDeniedError,
+    SCM_ERROR,
+} from '../internal/errors/scm-errors.js';

package/src/core/scm-logger.js

@@ -0,0 +1,18 @@
+"use strict";
+/**
+ * Copyright (c) 2026 WFS
+ * SPDX-License-Identifier: MIT
+ *
+ * @deprecated Import from src/internal/output/logger.js instead
+ */
+export {
+    scmLogger,
+    setRuntimeLoggerFactory,
+    setLogLevel,
+    getLogLevel,
+    coreLogger,
+    tokenLogger,
+    clientLogger,
+    loginLogger,
+    ordersLogger,
+} from '../internal/output/logger.js';

package/src/internal/auth/token-store.js

@@ -0,0 +1,155 @@
+"use strict";
+/**
+ * Copyright (c) 2026 WFS
+ * SPDX-License-Identifier: MIT
+ *
+ * 统一认证模块 - 处理 Token 读取、登录验证和交互式登录
+ */
+
+import { createInterface } from 'node:readline/promises';
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+
+const TOKEN_FILE = join(homedir(), '.scm_cache', 'user_tokens.json');
+
+/**
+ * 获取缓存的 Token
+ *
+ * @param {string} openId - 飞书用户 openId
+ * @returns {Promise<string>} Token 字符串
+ * @throws {Error} Token 不存在或已过期
+ */
+export async function getCachedToken(openId) {
+    try {
+        const data = await readFile(TOKEN_FILE, 'utf-8');
+        const tokens = JSON.parse(data);
+        const userToken = tokens[openId];
+
+        if (!userToken) {
+            throw new Error(`未找到 openId=${openId} 的缓存 Token，请先登录`);
+        }
+
+        const now = Date.now() / 1000;
+        if (userToken.expires_at <= now) {
+            throw new Error('Token 已过期，请重新登录');
+        }
+
+        return userToken.access_token;
+    } catch (error) {
+        if (error.code === 'ENOENT') {
+            throw new Error('未找到 Token 缓存，请先登录');
+        }
+        throw error;
+    }
+}
+
+/**
+ * 检查 Token 是否有效（不抛出异常）
+ *
+ * @param {string} openId - 飞书用户 openId
+ * @returns {Promise<{valid: boolean, message: string}>} 检查结果
+ */
+export async function checkToken(openId) {
+    try {
+        const data = await readFile(TOKEN_FILE, 'utf-8');
+        const tokens = JSON.parse(data);
+        const userToken = tokens[openId];
+
+        if (!userToken) {
+            return {
+                valid: false,
+                message: `未找到 openId=${openId} 的缓存 Token`,
+            };
+        }
+
+        const now = Date.now() / 1000;
+        if (userToken.expires_at <= now) {
+            return {
+                valid: false,
+                message: 'Token 已过期，请重新登录',
+            };
+        }
+
+        return { valid: true, message: 'Token 有效' };
+    } catch (error) {
+        if (error.code === 'ENOENT') {
+            return {
+                valid: false,
+                message: '未找到 Token 缓存文件，请先登录',
+            };
+        }
+        return {
+            valid: false,
+            message: `检查 Token 时出错: ${error.message}`,
+        };
+    }
+}
+
+/**
+ * Token 文件路径
+ */
+export const TOKEN_FILE_PATH = TOKEN_FILE;
+
+/**
+ * 打印未登录提示信息
+ *
+ * @param {string} openId - 飞书用户 openId
+ */
+export function printLoginHint(openId) {
+    console.error('\n⚠️  登录验证失败');
+    console.error(`   未找到 openId=${openId} 的缓存 Token`);
+    console.error('\n请先执行登录命令：');
+    console.error(`   scm-cli auth login --openId ${openId} --mobile <手机号> --password <密码>`);
+    console.error('\n或查看已缓存的 Token：');
+    console.error(`   scm-cli auth token show ${openId}`);
+}
+
+/**
+ * 交互式登录 - 提示用户输入手机号和密码
+ *
+ * @param {string} openId - 飞书用户 openId
+ * @returns {Promise<{success: boolean, mobile?: string, password?: string}>} 用户输入的凭证
+ */
+export async function promptLogin(openId) {
+    console.log('\n📱 请输入您的登录信息：');
+    console.log(`   openId: ${openId}\n`);
+
+    const rl = createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+
+    try {
+        const mobile = await rl.question('   手机号: ');
+        const password = await rl.question('   密码: ', { hideEchoBack: true });
+
+        console.log(); // 换行
+
+        if (!mobile.trim() || !password.trim()) {
+            console.error('❌ 手机号和密码不能为空');
+            return { success: false };
+        }
+
+        return { success: true, mobile: mobile.trim(), password: password.trim() };
+    } finally {
+        rl.close();
+    }
+}
+
+/**
+ * 需要认证的命令装饰器
+ *
+ * @param {Function} handler - 命令处理函数
+ * @returns {Function} 包装后的处理函数
+ */
+export function withAuth(handler) {
+    return async function (opts) {
+        const tokenCheck = await checkToken(opts.openId);
+        if (!tokenCheck.valid) {
+            printLoginHint(opts.openId);
+            process.exit(1);
+        }
+        return handler(opts);
+    };
+}

package/src/internal/client/scm-client.js

@@ -0,0 +1,420 @@
+"use strict";
+/**
+ * Copyright (c) 2026 WFS
+ * SPDX-License-Identifier: MIT
+ *
+ * SCM Client - 供应链管理系统统一客户端
+ *
+ * 参照 openclaw-lark 的 ToolClient 模式实现：
+ * - 单例模式管理客户端实例
+ * - Token 自动获取与刷新
+ * - 请求重试与超时控制
+ * - 统一错误处理
+ */
+
+import { createCipheriv, randomBytes } from 'node:crypto';
+import { promises as fs } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import {
+    ScmError,
+    ScmAuthError,
+    ScmTokenExpiredError,
+    ScmTokenInvalidError,
+    ScmApiError,
+    ScmTimeoutError,
+    ScmNetworkError,
+    SCM_ERROR,
+} from '../errors/scm-errors.js';
+import { clientLogger, tokenLogger } from '../output/logger.js';
+
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const DEFAULT_BASE_URL = 'https://fbscmtest.cogo.club';
+const DEFAULT_TIMEOUT_MS = 120000; // 2 分钟
+const DEFAULT_RETRY_COUNT = 2;
+// Token 提前刷新时间（秒），默认 12 小时
+// 可通过环境变量 SCM_TOKEN_BUFFER_SECONDS 覆盖
+const DEFAULT_TOKEN_BUFFER_SEC = parseInt(process.env.SCM_TOKEN_BUFFER_SECONDS || '43200', 10);
+const CACHE_DIR = join(homedir(), '.scm_cache');
+const TOKEN_FILE = join(CACHE_DIR, 'user_tokens.json');
+
+// ---------------------------------------------------------------------------
+// AES Encryption (for password)
+// ---------------------------------------------------------------------------
+function getAesKey() {
+    const key = process.env.SCM_AES_KEY;
+    if (!key) {
+        // 返回默认值，这样插件可以正常加载
+        return Buffer.from('8B4D23539C63D58D', 'ascii');
+    }
+    if (key.length !== 16) {
+        throw new ScmAuthError('环境变量 SCM_AES_KEY 长度必须为 16 字符');
+    }
+    return Buffer.from(key, 'ascii');
+}
+
+function getAesIv() {
+    const iv = process.env.SCM_AES_IV;
+    if (!iv) {
+        // 返回默认值，这样插件可以正常加载
+        return Buffer.from('826BFC61FE22DE18', 'ascii');
+    }
+    if (iv.length !== 16) {
+        throw new ScmAuthError('环境变量 SCM_AES_IV 长度必须为 16 字符');
+    }
+    return Buffer.from(iv, 'ascii');
+}
+
+function aesEncrypt(data) {
+    const key = getAesKey();
+    const iv = getAesIv();
+    const cipher = createCipheriv('aes-128-cbc', key, iv);
+    const dataBytes = Buffer.from(data, 'utf-8');
+    const encrypted = Buffer.concat([cipher.update(dataBytes), cipher.final()]);
+    return encrypted.toString('base64');
+}
+
+// ---------------------------------------------------------------------------
+// Token Manager (per-user)
+// ---------------------------------------------------------------------------
+class TokenManager {
+    constructor(baseUrl) {
+        this.baseUrl = baseUrl.replace(/\/$/, '');
+        this._cache = {};
+        this._initialized = false;
+    }
+
+    async _ensureInitialized() {
+        if (this._initialized) return;
+        await this._loadAllTokens();
+        this._initialized = true;
+    }
+
+    async _loadAllTokens() {
+        try {
+            await fs.mkdir(CACHE_DIR, { recursive: true });
+            const data = await fs.readFile(TOKEN_FILE, 'utf-8');
+            this._cache = JSON.parse(data);
+            tokenLogger.debug('Token 缓存加载成功', { count: Object.keys(this._cache).length });
+        } catch (error) {
+            if (error.code !== 'ENOENT') {
+                tokenLogger.warn('Token 缓存加载失败', { error: error.message });
+            }
+            this._cache = {};
+        }
+    }
+
+    async _saveAllTokens() {
+        try {
+            await fs.mkdir(CACHE_DIR, { recursive: true });
+            await fs.writeFile(TOKEN_FILE, JSON.stringify(this._cache, null, 2), 'utf-8');
+            if (process.platform !== 'win32') {
+                await fs.chmod(TOKEN_FILE, 0o600);
+            }
+        } catch (error) {
+            tokenLogger.error('保存 Token 失败', { error: error.message });
+        }
+    }
+
+    async getToken(openId, username, password) {
+        if (!openId) {
+            throw new ScmAuthError('必须提供飞书 open_id');
+        }
+
+        await this._ensureInitialized();
+
+        const userData = this._cache[openId];
+        const now = Date.now() / 1000;
+
+        if (userData && (userData.expires_at > now + DEFAULT_TOKEN_BUFFER_SEC)) {
+            tokenLogger.debug('使用缓存 Token', { openId });
+            return userData.access_token;
+        }
+
+        if (!username || !password) {
+            throw new ScmTokenExpiredError('用户 Token 已过期，需要提供 SCM 账号和密码重新登录', { openId });
+        }
+
+        tokenLogger.info('Token 失效，正在重新登录', { openId, username });
+        const newTokenInfo = await this._performLogin(username, password);
+
+        this._cache[openId] = {
+            access_token: newTokenInfo.access_token,
+            expires_at: newTokenInfo.expires_at,
+            user_id: newTokenInfo.user_id || '',
+            username: newTokenInfo.username || username,
+            last_login: now,
+        };
+
+        await this._saveAllTokens();
+        tokenLogger.info('登录成功，Token 已更新', { openId });
+
+        return newTokenInfo.access_token;
+    }
+
+    async _performLogin(username, password) {
+        const encryptedPwd = aesEncrypt(password);
+
+        // 记录登录信息用于调试
+        clientLogger.info('登录参数', {
+            username,
+            passwordLength: password ? password.length : 0,
+            encryptedPassword: encryptedPwd,
+            aesKey: getAesKey().toString('hex'),
+            aesIv: getAesIv().toString('hex'),
+        });
+
+        const loginUrl = `${this.baseUrl}/admin-api/system/auth/login`;
+
+        const payload = {
+            mobile: username,
+            password: encryptedPwd,
+        };
+
+        clientLogger.debug('发送登录请求', { url: loginUrl, username, payload });
+
+        const response = await fetch(loginUrl, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(payload),
+        });
+
+        const responseText = await response.text();
+        let data;
+
+        try {
+            data = JSON.parse(responseText);
+        } catch {
+            throw new ScmApiError(`响应格式错误，无法解析 JSON: ${responseText.substring(0, 200)}`);
+        }
+
+        if (!response.ok) {
+            throw new ScmNetworkError(`HTTP 错误 ${response.status}: ${response.statusText}`);
+        }
+
+        if (data.code === 200 || data.success === true) {
+            const tokenInfo = data.data || {};
+            const accessToken = tokenInfo.access_token || tokenInfo.token;
+            const expiresIn = tokenInfo.expires_in || 12 * 60 * 60;
+
+            if (!accessToken) {
+                throw new ScmAuthError('登录成功但未返回 access_token');
+            }
+
+            clientLogger.info('登录成功', { username, expiresIn });
+
+            return {
+                access_token: accessToken,
+                expires_at: Date.now() / 1000 + expiresIn,
+                user_id: tokenInfo.userId || '',
+                username: tokenInfo.username || username,
+            };
+        } else {
+            throw new ScmAuthError(`登录失败：${data.msg || `错误码: ${data.code}`}`, data.code);
+        }
+    }
+
+    async clearUserToken(openId) {
+        await this._ensureInitialized();
+        if (this._cache[openId]) {
+            delete this._cache[openId];
+            await this._saveAllTokens();
+            tokenLogger.info('用户 Token 已清除', { openId });
+        }
+    }
+
+    getUserId(openId) {
+        const userData = this._cache[openId] || {};
+        return userData.user_id || '';
+    }
+
+    getUsername(openId) {
+        const userData = this._cache[openId] || {};
+        return userData.username || '';
+    }
+}
+
+// ---------------------------------------------------------------------------
+// ScmClient
+// ---------------------------------------------------------------------------
+export class ScmClient {
+    constructor() {
+        this._baseUrl = DEFAULT_BASE_URL;
+        this._tokenManager = null;
+        this._runtime = null;
+    }
+
+    static getInstance() {
+        if (!ScmClient.instance) {
+            ScmClient.instance = new ScmClient();
+        }
+        return ScmClient.instance;
+    }
+
+    setRuntime(runtime) {
+        this._runtime = runtime;
+        clientLogger.info('Runtime 已设置', { hasRuntime: !!runtime });
+    }
+
+    setBaseUrl(url) {
+        this._baseUrl = url;
+        clientLogger.info('Base URL 已更新', { baseUrl: url });
+    }
+
+    getBaseUrl() {
+        return this._baseUrl;
+    }
+
+    getTokenManager() {
+        if (!this._tokenManager) {
+            this._tokenManager = new TokenManager(this._baseUrl);
+        }
+        return this._tokenManager;
+    }
+
+    /**
+     * 获取用户 Token
+     */
+    async getToken(openId, username, password) {
+        return this.getTokenManager().getToken(openId, username, password);
+    }
+
+    /**
+     * 执行 API 请求
+     * @param {string} endpoint - API 端点
+     * @param {Object} options - 请求选项
+     * @param {Object} context - 请求上下文（包含 token）
+     */
+    async invoke(endpoint, options = {}, context = {}) {
+        const { method = 'POST', body, timeout = DEFAULT_TIMEOUT_MS, retry = DEFAULT_RETRY_COUNT } = options;
+        const { token, headers = {} } = context;
+
+        const url = `${this._baseUrl}${endpoint}`;
+        const requestHeaders = {
+            'Content-Type': 'application/json',
+            ...headers,
+        };
+
+        if (token) {
+            requestHeaders['Authorization'] = `Bearer ${token}`;
+        }
+
+        let lastError;
+        for (let attempt = 0; attempt <= retry; attempt++) {
+            try {
+                const result = await this._doRequest(url, {
+                    method,
+                    headers: requestHeaders,
+                    body,
+                    timeout,
+                });
+                return result;
+            } catch (error) {
+                lastError = error;
+
+                // 判断是否应该重试
+                if (!this._shouldRetry(error, attempt, retry)) {
+                    throw error;
+                }
+
+                clientLogger.warn('请求失败，准备重试', {
+                    endpoint,
+                    attempt: attempt + 1,
+                    maxRetries: retry,
+                    error: error.message,
+                });
+            }
+        }
+
+        throw lastError;
+    }
+
+    async _doRequest(url, options) {
+        const { method, headers, body, timeout } = options;
+
+        clientLogger.debug('发送请求', { method, url });
+
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), timeout);
+
+        let response;
+        try {
+            response = await fetch(url, {
+                method,
+                headers,
+                body: body ? JSON.stringify(body) : undefined,
+                signal: controller.signal,
+            });
+            clearTimeout(timeoutId);
+        } catch (error) {
+            clearTimeout(timeoutId);
+            if (error.name === 'AbortError') {
+                throw new ScmTimeoutError('请求超时', { url, timeout });
+            }
+            throw new ScmNetworkError(`网络错误: ${error.message}`, {}, { originalError: error.message });
+        }
+
+        const responseText = await response.text();
+        clientLogger.debug('收到响应', { status: response.status, url });
+
+        let result;
+        try {
+            result = JSON.parse(responseText);
+        } catch {
+            throw new ScmApiError(`响应格式错误: ${responseText.substring(0, 200)}`);
+        }
+
+        // 检查业务状态码
+        if (result.code !== 0 && result.code !== 200 && result.success !== true) {
+            // 检查是否是 token 相关错误
+            if (result.code === 401 || result.code === SCM_ERROR.AUTH_TOKEN_EXPIRED) {
+                throw new ScmTokenExpiredError(result.msg || 'Token 已过期', { code: result.code });
+            }
+            if (result.code === SCM_ERROR.AUTH_TOKEN_INVALID) {
+                throw new ScmTokenInvalidError(result.msg || 'Token 无效', { code: result.code });
+            }
+
+            throw new ScmApiError(result.msg || `API 错误 ${result.code}`, result.code);
+        }
+
+        return result.data;
+    }
+
+    _shouldRetry(error, attempt, maxRetries) {
+        if (attempt >= maxRetries) return false;
+
+        // 网络错误和超时可以重试
+        if (error instanceof ScmNetworkError) return true;
+        if (error instanceof ScmTimeoutError) return true;
+
+        // Token 过期可以重试（会触发刷新）
+        if (error instanceof ScmTokenExpiredError) return true;
+
+        return false;
+    }
+
+    /**
+     * 清除用户 Token
+     */
+    async clearUserToken(openId) {
+        return this.getTokenManager().clearUserToken(openId);
+    }
+
+    /**
+     * 获取用户信息
+     */
+    getUserInfo(openId) {
+        const tm = this.getTokenManager();
+        return {
+            userId: tm.getUserId(openId),
+            username: tm.getUsername(openId),
+        };
+    }
+}
+
+// ---------------------------------------------------------------------------
+// Singleton export
+// ---------------------------------------------------------------------------
+export const scmClient = ScmClient.getInstance();

package/src/internal/config/config.js

@@ -0,0 +1,62 @@
+"use strict";
+/**
+ * Copyright (c) 2026 WFS
+ * SPDX-License-Identifier: MIT
+ *
+ * CLI 配置加载器
+ */
+
+import { readFile } from 'node:fs/promises';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { homedir } from 'node:os';
+import { existsSync } from 'node:fs';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+/**
+ * 加载配置
+ * 优先级: 环境变量 > 用户配置 > 默认值
+ */
+export function loadConfig() {
+    // 环境变量
+    const baseUrl = process.env.SCM_BASE_URL || 'https://fbscmtest.cogo.club';
+    const aesKey = process.env.SCM_AES_KEY || '8B4D23539C63D58D';
+    const aesIv = process.env.SCM_AES_IV || '826BFC61FE22DE18';
+    const debug = process.env.SCM_DEBUG === 'true';
+
+    // 用户配置 (可选)
+    const configPath = join(homedir(), '.scmrc');
+    let userConfig = {};
+    if (existsSync(configPath)) {
+        try {
+            const content = readFile(configPath, 'utf-8');
+            userConfig = JSON.parse(content);
+        } catch {
+            // 忽略解析错误
+        }
+    }
+
+    return {
+        baseUrl,
+        aesKey,
+        aesIv,
+        debug,
+        cacheDir: join(homedir(), '.scm_cache'),
+        tokenFile: join(homedir(), '.scm_cache', 'user_tokens.json'),
+        ...userConfig,
+    };
+}
+
+/**
+ * 创建日志函数
+ */
+export function createLogger(debug = false) {
+    return {
+        log: (...args) => console.log(...args),
+        error: (...args) => console.error(...args),
+        debug: debug ? (...args) => console.log('[DEBUG]', ...args) : () => {},
+        info: (...args) => console.log('[INFO]', ...args),
+    };
+}