@hienlh/ppm 0.8.85 → 0.8.87

package/test-tokens.mjs

@@ -1,212 +0,0 @@
-#!/usr/bin/env bun
-/**
- * Test script to check access token & refresh token expiry behavior.
- *
- * Usage:
- *   bun test-tokens.mjs                  # test all accounts in dev DB
- *   bun test-tokens.mjs <account-id>     # test specific account
- *   bun test-tokens.mjs --refresh <id>   # force refresh and show new expiry
- */
-
-import Database from "bun:sqlite";
-import { join } from "node:path";
-import { homedir } from "node:os";
-import { createDecipheriv } from "node:crypto";
-
-// --- Config ---
-const DB_PATH = join(homedir(), ".ppm", "ppm.dev.db");
-const OAUTH_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
-const OAUTH_TOKEN_URL = "https://api.anthropic.com/v1/oauth/token";
-const PROFILE_URL = "https://api.anthropic.com/api/oauth/profile";
-
-// --- Crypto (matches src/lib/account-crypto.ts) ---
-function getEncryptionKey() {
-  const keyPath = join(homedir(), ".ppm", "account.key");
-  try {
-    const hex = require("node:fs").readFileSync(keyPath, "utf-8").trim();
-    return Buffer.from(hex, "hex");
-  } catch {
-    console.error(`Cannot find encryption key at ${keyPath}`);
-    process.exit(1);
-  }
-}
-
-function decrypt(encryptedValue) {
-  if (!encryptedValue || encryptedValue === "") return "";
-  const parts = encryptedValue.split(":");
-  if (parts.length !== 3) return encryptedValue; // not encrypted
-  const [ivHex, authTagHex, cipherHex] = parts;
-  const key = getEncryptionKey();
-  const decipher = createDecipheriv("aes-256-gcm", key, Buffer.from(ivHex, "hex"));
-  decipher.setAuthTag(Buffer.from(authTagHex, "hex"));
-  let decrypted = decipher.update(Buffer.from(cipherHex, "hex"), undefined, "utf8");
-  decrypted += decipher.final("utf8");
-  return decrypted;
-}
-
-// --- Helpers ---
-function formatExpiry(expiresAt) {
-  if (!expiresAt) return "N/A (no expiry)";
-  const now = Math.floor(Date.now() / 1000);
-  const diff = expiresAt - now;
-  const absMin = Math.abs(Math.floor(diff / 60));
-  const absHr = Math.floor(absMin / 60);
-  const remMin = absMin % 60;
-  const date = new Date(expiresAt * 1000).toLocaleString("vi-VN", { timeZone: "Asia/Saigon" });
-  if (diff > 0) {
-    return `${date} (còn ${absHr}h${remMin}m)`;
-  } else {
-    return `${date} (HẾT HẠN ${absHr}h${remMin}m trước)`;
-  }
-}
-
-async function testAccessToken(token) {
-  try {
-    const res = await fetch(PROFILE_URL, {
-      headers: {
-        Accept: "application/json",
-        Authorization: `Bearer ${token}`,
-        "anthropic-beta": "oauth-2025-04-20",
-        "User-Agent": "ppm-token-test/1.0",
-      },
-      signal: AbortSignal.timeout(10_000),
-    });
-    if (res.status === 200) {
-      const data = await res.json();
-      return { status: "VALID", code: 200, email: data.account?.email, name: data.account?.display_name };
-    }
-    if (res.status === 429) return { status: "VALID (rate-limited)", code: 429 };
-    const body = await res.text().catch(() => "");
-    return { status: "INVALID", code: res.status, error: body.slice(0, 200) };
-  } catch (e) {
-    return { status: "ERROR", error: e.message };
-  }
-}
-
-async function testRefreshToken(refreshToken) {
-  if (!refreshToken || refreshToken === "") {
-    return { status: "NO_TOKEN", error: "Empty refresh token (temporary account)" };
-  }
-  try {
-    const res = await fetch(OAUTH_TOKEN_URL, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        grant_type: "refresh_token",
-        client_id: OAUTH_CLIENT_ID,
-        refresh_token: refreshToken,
-      }),
-    });
-    if (res.ok) {
-      const data = await res.json();
-      return {
-        status: "VALID",
-        code: 200,
-        newAccessToken: data.access_token?.slice(0, 20) + "...",
-        newRefreshToken: data.refresh_token ? "YES (rotated)" : "NO (same)",
-        expiresIn: data.expires_in,
-        expiresInReadable: `${Math.floor(data.expires_in / 3600)}h${Math.floor((data.expires_in % 3600) / 60)}m`,
-      };
-    }
-    const body = await res.text().catch(() => "");
-    return { status: "INVALID", code: res.status, error: body.slice(0, 300) };
-  } catch (e) {
-    return { status: "ERROR", error: e.message };
-  }
-}
-
-// --- Main ---
-const args = process.argv.slice(2);
-const doRefresh = args.includes("--refresh");
-const targetId = args.find((a) => a !== "--refresh");
-
-console.log("=".repeat(70));
-console.log("PPM Token Expiry Test");
-console.log(`DB: ${DB_PATH}`);
-console.log(`Time: ${new Date().toLocaleString("vi-VN", { timeZone: "Asia/Saigon" })}`);
-console.log("=".repeat(70));
-
-let db;
-try {
-  db = new Database(DB_PATH, { readonly: true });
-} catch (e) {
-  console.error(`Cannot open DB: ${e.message}`);
-  process.exit(1);
-}
-
-const query = targetId
-  ? db.prepare("SELECT * FROM accounts WHERE id = ?").all(targetId)
-  : db.prepare("SELECT * FROM accounts ORDER BY priority ASC, created_at ASC").all();
-
-if (query.length === 0) {
-  console.log("No accounts found.");
-  process.exit(0);
-}
-
-for (const row of query) {
-  console.log("\n" + "-".repeat(70));
-  console.log(`Account: ${row.label ?? "N/A"}`);
-  console.log(`  ID:       ${row.id}`);
-  console.log(`  Email:    ${row.email ?? "N/A"}`);
-  console.log(`  Status:   ${row.status}`);
-  console.log(`  Expires:  ${formatExpiry(row.expires_at)}`);
-
-  let accessToken, refreshToken;
-  try {
-    accessToken = decrypt(row.access_token);
-    refreshToken = decrypt(row.refresh_token);
-  } catch (e) {
-    console.log(`  ⚠ Decrypt failed: ${e.message}`);
-    continue;
-  }
-
-  const isOAuth = accessToken.startsWith("sk-ant-oat");
-  console.log(`  Type:     ${isOAuth ? "OAuth token" : "API key"}`);
-  console.log(`  Has refresh token: ${refreshToken && refreshToken !== "" ? "YES" : "NO"}`);
-
-  if (!isOAuth) {
-    console.log(`  → API keys don't expire. Skipping token tests.`);
-    continue;
-  }
-
-  // Test 1: Is access token still valid?
-  console.log("\n  [1] Testing access token against profile API...");
-  const accessResult = await testAccessToken(accessToken);
-  if (accessResult.status.startsWith("VALID")) {
-    console.log(`  ✓ Access token: ${accessResult.status}`);
-    if (accessResult.email) console.log(`    Email: ${accessResult.email}, Name: ${accessResult.name}`);
-  } else {
-    console.log(`  ✗ Access token: ${accessResult.status} (HTTP ${accessResult.code})`);
-    if (accessResult.error) console.log(`    Error: ${accessResult.error}`);
-  }
-
-  // Test 2: Is refresh token still valid?
-  if (doRefresh) {
-    console.log("\n  [2] Testing refresh token (will actually refresh!)...");
-    const refreshResult = await testRefreshToken(refreshToken);
-    if (refreshResult.status === "VALID") {
-      console.log(`  ✓ Refresh token: VALID`);
-      console.log(`    New access token: ${refreshResult.newAccessToken}`);
-      console.log(`    New refresh token: ${refreshResult.newRefreshToken}`);
-      console.log(`    New expires_in: ${refreshResult.expiresIn}s (${refreshResult.expiresInReadable})`);
-      console.log(`    ⚠ NOTE: Old access token may now be invalidated!`);
-      console.log(`    ⚠ Run this script WITHOUT --refresh to avoid side effects.`);
-    } else {
-      console.log(`  ✗ Refresh token: ${refreshResult.status}`);
-      if (refreshResult.error) console.log(`    Error: ${refreshResult.error}`);
-    }
-  } else {
-    console.log("\n  [2] Refresh token: SKIPPED (use --refresh to test)");
-    console.log(`      ⚠ --refresh sẽ tạo access token MỚI, token cũ có thể bị invalidate!`);
-  }
-}
-
-console.log("\n" + "=".repeat(70));
-console.log("Summary:");
-console.log("  - Access token (sk-ant-oat*): thường hết hạn sau ~1h (expires_in từ OAuth)");
-console.log("  - Refresh token: không có expiry rõ ràng, chết khi Anthropic trả invalid_grant");
-console.log("  - Khi refresh: Anthropic CÓ THỂ rotate refresh token (trả token mới)");
-console.log("  - PPM auto-refresh mỗi 5 phút cho token sắp hết hạn (<5 phút)");
-console.log("=".repeat(70));
-
-db.close();