@ha7ch/job-pro 1.0.93

package/extension/background.js

@@ -0,0 +1,177 @@
+// job-pro session bridge — background service worker.
+//
+// Captures cookies + recent CSRF / XSRF-Token headers from supported
+// careers sites and stores them in chrome.storage so the popup can hand
+// them off as a downloadable session.json file. The CLI's auto-apply
+// then loads `~/.jobpro/<co>.session.json` and re-uses the captured
+// credentials to fire the actual submission POST.
+//
+// Design constraint: this is a manifest-v3 service worker, so it
+// shouldn't hold state in module-scope (workers can be evicted at any
+// time). All state goes through chrome.storage.local.
+
+// Map of careers-site host → adapter key. Used both to identify which
+// "company" a session belongs to and to scope what we export.
+const HOST_TO_KEY = {
+  "join.qq.com": "tencent",
+  "jobs.bytedance.com": "bytedance",
+  "campus-talent.alibaba.com": "alibaba",
+  "zhaopin.meituan.com": "meituan",
+  "job.xiaohongshu.com": "xiaohongshu",
+  "campus.jd.com": "jd",
+  "campus.kuaishou.cn": "kuaishou",
+  "xiaomi.jobs.f.mioffice.cn": "xiaomi",
+  "talent.baidu.com": "baidu",
+  "hr.163.com": "netease",
+  "talent.didiglobal.com": "didi",
+  "jobs.bilibili.com": "bilibili",
+  "careers.pinduoduo.com": "pdd",
+  "career.huawei.com": "huawei",
+  "campus.pingan.com": "pingan",
+  "careers.ctrip.com": "trip",
+  "www.unitree.com": "unitree",
+  "job.byd.com": "byd",
+  "talent.antgroup.com": "antgroup",
+  "hrcareersweb.antgroup.com": "antgroup",
+  "hr.sensetime.com": "sensetime",
+  "wecruit.hotjob.cn": "horizonrobotics",
+  "app.mokahr.com": "moka",
+  "careers.oppo.com": "oppo",
+  "hr.vivo.com": "vivo",
+  "vivo.zhiye.com": "vivo",
+  "iflytek.zhiye.com": "iflytek",
+  "campus.sf-express.com": "sf",
+  "www.lixiang.com": "liauto",
+  "lilithgames.jobs.feishu.cn": "lilith",
+  "www.liepin.com": "liepin",
+};
+
+function adapterKeyForHost(host) {
+  if (HOST_TO_KEY[host]) return HOST_TO_KEY[host];
+  // .jobs.feishu.cn / .zhiye.com wildcard fallback — store by subdomain.
+  if (host.endsWith(".jobs.feishu.cn")) return `feishu:${host}`;
+  if (host.endsWith(".zhiye.com")) return `zhiye:${host}`;
+  return null;
+}
+
+// Cache the latest auth-related request headers per adapter key. We
+// don't keep XHR bodies — only `Cookie` / `X-Xsrf-Token` / `Authorization`
+// / `X-Csrf-Token` / `X-Fscp-Std-Info` etc.
+const AUTH_HEADER_NAMES = new Set([
+  "authorization",
+  "cookie",
+  "x-xsrf-token",
+  "x-csrf-token",
+  "x-csrftoken",
+  "x-requested-with",
+  "x-fscp-std-info",
+  "x-fscp-version",
+  "x-fscp-trace-id",
+  "x-client-type",
+  "langtype",
+  "x-token",
+  "x-auth-token",
+]);
+
+chrome.webRequest?.onSendHeaders?.addListener?.(
+  // Note: in MV3 you can't *modify* requests without `declarativeNetRequest`,
+  // but reading via webRequest is still allowed for hosts in host_permissions.
+  // If the user is on a network where webRequest isn't available we fall
+  // back to cookies-only capture (see chrome.cookies below).
+  (details) => {
+    try {
+      const u = new URL(details.url);
+      const key = adapterKeyForHost(u.hostname);
+      if (!key) return;
+      const captured = {};
+      for (const h of details.requestHeaders ?? []) {
+        const name = (h.name ?? "").toLowerCase();
+        if (AUTH_HEADER_NAMES.has(name)) captured[name] = h.value ?? "";
+      }
+      if (Object.keys(captured).length === 0) return;
+      const storageKey = `auth_headers:${key}`;
+      chrome.storage.local.get([storageKey]).then((existing) => {
+        chrome.storage.local.set({
+          [storageKey]: {
+            adapter: key,
+            host: u.hostname,
+            url: details.url,
+            captured_at: new Date().toISOString(),
+            headers: { ...(existing[storageKey]?.headers ?? {}), ...captured },
+          },
+        });
+      });
+    } catch (err) {
+      console.warn("[job-pro] header capture err:", err);
+    }
+  },
+  { urls: ["<all_urls>"] },
+  ["requestHeaders", "extraHeaders"]
+);
+
+// Expose a message API for the popup: "give me everything you have for
+// the active tab", and a "clear" command.
+chrome.runtime.onMessage.addListener((msg, _sender, sendResponse) => {
+  (async () => {
+    if (msg?.type === "list_sessions") {
+      const all = await chrome.storage.local.get(null);
+      const out = Object.entries(all)
+        .filter(([k]) => k.startsWith("auth_headers:"))
+        .map(([k, v]) => ({ key: k.slice("auth_headers:".length), ...v }));
+      sendResponse({ ok: true, sessions: out });
+      return;
+    }
+    if (msg?.type === "export_session" && typeof msg.key === "string") {
+      const stored = (await chrome.storage.local.get([`auth_headers:${msg.key}`]))[
+        `auth_headers:${msg.key}`
+      ];
+      if (!stored) {
+        sendResponse({ ok: false, message: `no session captured for ${msg.key}` });
+        return;
+      }
+      const cookies = await chrome.cookies.getAll({ url: `https://${stored.host}/` });
+      const session = {
+        adapter: msg.key,
+        host: stored.host,
+        exported_at: new Date().toISOString(),
+        headers: stored.headers,
+        cookies: cookies.map((c) => ({
+          name: c.name,
+          value: c.value,
+          domain: c.domain,
+          path: c.path,
+          expiresAt: c.expirationDate,
+          httpOnly: c.httpOnly,
+          secure: c.secure,
+          sameSite: c.sameSite,
+        })),
+      };
+      const blob = new Blob([JSON.stringify(session, null, 2)], { type: "application/json" });
+      const dataUrl = await new Promise((resolve) => {
+        const reader = new FileReader();
+        reader.onloadend = () => resolve(reader.result);
+        reader.readAsDataURL(blob);
+      });
+      try {
+        const dlId = await chrome.downloads.download({
+          url: dataUrl,
+          filename: `jobpro/${msg.key}.session.json`,
+          saveAs: false,
+        });
+        sendResponse({ ok: true, downloadId: dlId, host: stored.host, cookieCount: cookies.length });
+      } catch (err) {
+        sendResponse({ ok: false, message: `download failed: ${err?.message ?? String(err)}` });
+      }
+      return;
+    }
+    if (msg?.type === "clear_sessions") {
+      const all = await chrome.storage.local.get(null);
+      const keys = Object.keys(all).filter((k) => k.startsWith("auth_headers:"));
+      await chrome.storage.local.remove(keys);
+      sendResponse({ ok: true, cleared: keys.length });
+      return;
+    }
+    sendResponse({ ok: false, message: `unknown message type: ${msg?.type}` });
+  })().catch((err) => sendResponse({ ok: false, message: String(err) }));
+  return true; // async sendResponse
+});

package/extension/manifest.json

@@ -0,0 +1,55 @@
+{
+  "manifest_version": 3,
+  "name": "job-pro session bridge",
+  "short_name": "job-pro",
+  "version": "0.1.0",
+  "description": "Capture careers-site session cookies + CSRF headers for use by the job-pro CLI auto-apply.",
+  "permissions": [
+    "cookies",
+    "storage",
+    "activeTab",
+    "scripting",
+    "downloads"
+  ],
+  "host_permissions": [
+    "https://join.qq.com/*",
+    "https://jobs.bytedance.com/*",
+    "https://campus-talent.alibaba.com/*",
+    "https://zhaopin.meituan.com/*",
+    "https://job.xiaohongshu.com/*",
+    "https://campus.jd.com/*",
+    "https://campus.kuaishou.cn/*",
+    "https://xiaomi.jobs.f.mioffice.cn/*",
+    "https://talent.baidu.com/*",
+    "https://hr.163.com/*",
+    "https://talent.didiglobal.com/*",
+    "https://jobs.bilibili.com/*",
+    "https://careers.pinduoduo.com/*",
+    "https://career.huawei.com/*",
+    "https://campus.pingan.com/*",
+    "https://careers.ctrip.com/*",
+    "https://www.unitree.com/*",
+    "https://job.byd.com/*",
+    "https://talent.antgroup.com/*",
+    "https://hrcareersweb.antgroup.com/*",
+    "https://*.jobs.feishu.cn/*",
+    "https://*.zhiye.com/*",
+    "https://hr.sensetime.com/*",
+    "https://wecruit.hotjob.cn/*",
+    "https://app.mokahr.com/*",
+    "https://careers.oppo.com/*",
+    "https://hr.vivo.com/*",
+    "https://campus.sf-express.com/*",
+    "https://www.lixiang.com/*",
+    "https://lilithgames.jobs.feishu.cn/*",
+    "https://www.liepin.com/*"
+  ],
+  "background": {
+    "service_worker": "background.js",
+    "type": "module"
+  },
+  "action": {
+    "default_popup": "popup.html",
+    "default_title": "job-pro session bridge"
+  }
+}

package/extension/popup.html

@@ -0,0 +1,37 @@
+<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<title>job-pro session bridge</title>
+<style>
+  body { font: 13px/1.4 -apple-system, system-ui, sans-serif; margin: 12px; min-width: 320px; }
+  h1 { font-size: 14px; margin: 0 0 8px; }
+  p.lede { color: #555; margin: 0 0 12px; }
+  ul { margin: 0; padding: 0; list-style: none; }
+  li { display: flex; align-items: center; justify-content: space-between; padding: 6px 0; border-bottom: 1px solid #eee; }
+  li:last-child { border-bottom: 0; }
+  .key { font-weight: 600; }
+  .meta { color: #888; font-size: 11px; }
+  button { font: inherit; padding: 4px 8px; border: 1px solid #ccc; background: #f5f5f5; border-radius: 3px; cursor: pointer; }
+  button.danger { color: #c00; }
+  #status { margin-top: 12px; padding: 8px; background: #f5f9f0; border-left: 3px solid #5a5; font-size: 11px; white-space: pre-wrap; }
+  #status.error { background: #f9eef0; border-color: #c55; }
+  #empty { color: #888; padding: 16px 0; text-align: center; }
+</style>
+</head>
+<body>
+  <h1>job-pro session bridge</h1>
+  <p class="lede">
+    Captured careers-site sessions. Click <strong>Export</strong> on a row
+    to download <code>&lt;adapter&gt;.session.json</code>, then move it
+    into <code>~/.jobpro/</code> for the CLI's <code>apply</code> verb.
+  </p>
+  <ul id="sessions"></ul>
+  <div id="empty" hidden>No sessions captured yet. Browse a supported careers site (see <code>manifest.json</code>) while logged in, then re-open this popup.</div>
+  <div id="status" hidden></div>
+  <p style="margin-top:14px;text-align:right">
+    <button id="clear" class="danger">Clear all</button>
+  </p>
+  <script src="popup.js"></script>
+</body>
+</html>

package/extension/popup.js

@@ -0,0 +1,54 @@
+const sessionsEl = document.getElementById("sessions");
+const emptyEl = document.getElementById("empty");
+const statusEl = document.getElementById("status");
+const clearBtn = document.getElementById("clear");
+
+function showStatus(text, isError) {
+  statusEl.textContent = text;
+  statusEl.hidden = false;
+  statusEl.classList.toggle("error", !!isError);
+}
+
+function send(msg) {
+  return new Promise((resolve) => chrome.runtime.sendMessage(msg, resolve));
+}
+
+async function render() {
+  const r = await send({ type: "list_sessions" });
+  if (!r?.ok || !r.sessions?.length) {
+    sessionsEl.innerHTML = "";
+    emptyEl.hidden = false;
+    return;
+  }
+  emptyEl.hidden = true;
+  sessionsEl.innerHTML = "";
+  for (const s of r.sessions) {
+    const li = document.createElement("li");
+    const left = document.createElement("div");
+    const right = document.createElement("button");
+    left.innerHTML = `<span class="key">${s.key}</span> <span class="meta">${s.host} · ${s.captured_at?.slice(0, 19) ?? "?"}</span>`;
+    right.textContent = "Export";
+    right.addEventListener("click", async () => {
+      const exp = await send({ type: "export_session", key: s.key });
+      if (exp?.ok) {
+        showStatus(
+          `Saved jobpro/${s.key}.session.json — ${exp.cookieCount} cookies + headers from ${exp.host}.\n` +
+            `Move it into ~/.jobpro/${s.key}.session.json for the CLI.`
+        );
+      } else {
+        showStatus(`Export failed: ${exp?.message ?? "unknown error"}`, true);
+      }
+    });
+    li.appendChild(left);
+    li.appendChild(right);
+    sessionsEl.appendChild(li);
+  }
+}
+
+clearBtn.addEventListener("click", async () => {
+  const r = await send({ type: "clear_sessions" });
+  showStatus(r?.ok ? `Cleared ${r.cleared} session(s).` : `Failed: ${r?.message}`, !r?.ok);
+  render();
+});
+
+render();

package/package.json

@@ -0,0 +1,61 @@
+{
+  "name": "@ha7ch/job-pro",
+  "version": "1.0.93",
+  "description": "Query Chinese big-tech campus recruiting + auto-apply from your terminal. 50 companies, all 50 live (46 via official APIs, 4 via Liepin third-party fallback). 45/50 with end-to-end verified apply endpoints; 5 structurally-external (Liepin IM × 4 + Unitree WeChat). No signup, no token, no server.",
+  "homepage": "https://job.ha7ch.com",
+  "repository": "https://github.com/HA7CH/job-pro",
+  "license": "MIT",
+  "type": "module",
+  "bin": {
+    "job-pro": "./dist/index.js"
+  },
+  "files": [
+    "dist",
+    "extension"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "keywords": [
+    "campus-recruiting",
+    "校招",
+    "auto-apply",
+    "投递",
+    "tencent",
+    "bytedance",
+    "alibaba",
+    "meituan",
+    "xiaohongshu",
+    "job-search",
+    "ats",
+    "greenhouse",
+    "lever",
+    "feishu",
+    "moka",
+    "beisen",
+    "liepin",
+    "cli",
+    "claude-code"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/index.ts",
+    "test": "tsx test/smoke.ts",
+    "test:apply": "tsx test/apply-smoke.ts",
+    "test:debug-submit": "tsx test/debug-submit-smoke.ts",
+    "test:unit": "tsx test/unit-smoke.ts",
+    "prepublishOnly": "npm run build && rm -rf extension && cp -R ../extension extension"
+  },
+  "dependencies": {
+    "puppeteer-core": "^25.0.2"
+  },
+  "devDependencies": {
+    "@types/node": "^20",
+    "tsx": "^4",
+    "typescript": "^5"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}