@lightharu/krouter 1.8.0

package/out-server/main/registration/email-service.js

@@ -0,0 +1,801 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProtonWebviewService = exports.TingamefiMailService = exports.TempMailPlusService = exports.MoEmailService = void 0;
+exports.extractCode = extractCode;
+exports.parseOutlookLines = parseOutlookLines;
+exports.refreshOutlookToken = refreshOutlookToken;
+exports.getInboxCount = getInboxCount;
+exports.waitForOTP = waitForOTP;
+const tls = __importStar(require("tls"));
+const undici_1 = require("undici");
+const systemProxy_1 = require("../proxy/systemProxy");
+const names_1 = require("./names");
+function getRegistrationProxyUrl() {
+    return process.env.HTTPS_PROXY || process.env.https_proxy || process.env.HTTP_PROXY || process.env.http_proxy || (0, systemProxy_1.getSystemProxy)() || undefined;
+}
+async function proxyFetch(url, options) {
+    const agent = (0, systemProxy_1.safeCreateProxyAgent)(getRegistrationProxyUrl());
+    if (agent) {
+        return await (0, undici_1.fetch)(url, { ...options, dispatcher: agent });
+    }
+    return await fetch(url, options);
+}
+// ============ 验证码提取 ============
+const OTP_PATTERN = /\b(\d{6})\b/g;
+function extractCode(body) {
+    const matches = body.match(OTP_PATTERN);
+    if (!matches || matches.length === 0)
+        return '';
+    return matches[matches.length - 1];
+}
+/** 可被 AbortSignal 中断的 sleep：停止注册时立刻 reject，不再傻等 */
+function abortableSleep(ms, signal) {
+    if (signal?.aborted)
+        return Promise.reject(new Error('Đăng ký đã bị hủy'));
+    return new Promise((resolve, reject) => {
+        const timer = setTimeout(() => {
+            signal?.removeEventListener('abort', onAbort);
+            resolve();
+        }, ms);
+        const onAbort = () => {
+            clearTimeout(timer);
+            reject(new Error('Đăng ký đã bị hủy'));
+        };
+        signal?.addEventListener('abort', onAbort, { once: true });
+    });
+}
+// ============ MoEmail 临时邮箱 ============
+class MoEmailService {
+    baseURL;
+    apiKey;
+    address = '';
+    constructor(baseURL, apiKey) {
+        this.baseURL = MoEmailService.normalizeBaseURL(baseURL);
+        this.apiKey = apiKey;
+    }
+    /**
+     * 归一化用户输入的 baseURL：
+     *   - 去除首尾空白与末尾斜杠
+     *   - 缺少 protocol 时补 `https://`
+     *   - 校验协议仅允许 http / https，否则抛清晰错误
+     * 用于规避 fetch 因协议不合法抛出
+     * "Invalid URL protocol: the URL must start with `http:` or `https:`."
+     */
+    static normalizeBaseURL(raw) {
+        const trimmed = (raw || '').trim().replace(/\/+$/, '');
+        if (!trimmed)
+            throw new Error('Chưa cấu hình MoEmail BaseURL');
+        const withScheme = /^[a-z][a-z0-9+.-]*:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
+        let u;
+        try {
+            u = new URL(withScheme);
+        }
+        catch {
+            throw new Error(`Định dạng MoEmail BaseURL không hợp lệ: ${raw}`);
+        }
+        if (u.protocol !== 'http:' && u.protocol !== 'https:') {
+            throw new Error(`MoEmail BaseURL không hỗ trợ giao thức này (chỉ hỗ trợ http/https): ${u.protocol}`);
+        }
+        return withScheme;
+    }
+    async create() {
+        const url = `${this.baseURL}/api/mail/create`;
+        const headers = { 'Content-Type': 'application/json' };
+        if (this.apiKey)
+            headers['Authorization'] = `Bearer ${this.apiKey}`;
+        const resp = await proxyFetch(url, { method: 'POST', headers, signal: AbortSignal.timeout(30000) });
+        const data = (await resp.json());
+        const addr = data.address ||
+            data.email ||
+            data.data?.address ||
+            data.data?.email ||
+            '';
+        if (!addr) {
+            console.log('[MoEmail] Tạo email thất bại:', JSON.stringify(data));
+            return '';
+        }
+        this.address = addr;
+        return addr;
+    }
+    async waitForCode(timeoutSec, intervalSec, signal) {
+        if (!this.address)
+            throw new Error('Địa chỉ email đang trống');
+        const maxRetries = Math.floor(timeoutSec / intervalSec);
+        for (let attempt = 1; attempt <= maxRetries; attempt++) {
+            if (signal?.aborted)
+                throw new Error('Đăng ký đã bị hủy');
+            await abortableSleep(intervalSec * 1000, signal);
+            try {
+                const code = await this.fetchCode();
+                if (code)
+                    return code;
+            }
+            catch (err) {
+                if (attempt % 5 === 0)
+                    console.log(`[MoEmail] [${attempt}/${maxRetries}] Truy vấn thất bại:`, err);
+            }
+            if (attempt % 5 === 0)
+                console.log(`[MoEmail] [${attempt}/${maxRetries}] Chưa có mã xác minh...`);
+        }
+        throw new Error(`Hết thời gian chờ mã xác minh (${timeoutSec} giây)`);
+    }
+    getAddress() {
+        return this.address;
+    }
+    async fetchCode() {
+        const url = `${this.baseURL}/api/mail/messages?address=${this.address}`;
+        const headers = {};
+        if (this.apiKey)
+            headers['Authorization'] = `Bearer ${this.apiKey}`;
+        const resp = await proxyFetch(url, { headers, signal: AbortSignal.timeout(15000) });
+        const raw = await resp.json();
+        let messages = [];
+        if (Array.isArray(raw)) {
+            messages = raw;
+        }
+        else if (typeof raw === 'object' && raw !== null) {
+            const wrapper = raw;
+            if (Array.isArray(wrapper.data)) {
+                messages = wrapper.data;
+            }
+        }
+        for (const msg of messages) {
+            const text = msg.text || msg.body || msg.html || '';
+            if (text) {
+                const code = extractCode(text);
+                if (code)
+                    return code;
+            }
+        }
+        return '';
+    }
+}
+exports.MoEmailService = MoEmailService;
+// ============ TempMail.Plus + 自建域名 ============
+class TempMailPlusService {
+    static BASE_URL = 'https://tempmail.plus/api';
+    tmEmail; // tempmail.plus 用户名（不含 @mailto.plus）
+    epin;
+    /** 支持多域名（用户填多行/逗号/空格分隔），每次 create 随机挑一个，降低单域名被风控关联 */
+    domains;
+    domain = '';
+    address = '';
+    constructor(tmEmail, epin, domain) {
+        this.tmEmail = tmEmail;
+        this.epin = epin;
+        this.domains = domain
+            .split(/[\s,;]+/)
+            .map((d) => d.trim().replace(/^@/, ''))
+            .filter(Boolean);
+        if (this.domains.length === 0) {
+            throw new Error('Tên miền riêng của TempMail.Plus đang trống');
+        }
+    }
+    get headers() {
+        return {
+            'accept': 'application/json, text/javascript, */*; q=0.01',
+            'accept-language': 'zh-CN,zh;q=0.9,en;q=0.8',
+            'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36',
+            'x-requested-with': 'XMLHttpRequest',
+            'Referer': 'https://tempmail.plus/zh/',
+            'cookie': `email=${encodeURIComponent(this.fullEmail)}`
+        };
+    }
+    async create() {
+        const prefix = (0, names_1.randomEmailPrefix)();
+        this.domain = this.domains[Math.floor(Math.random() * this.domains.length)];
+        this.address = `${prefix}@${this.domain}`;
+        if (this.domains.length > 1) {
+            console.log(`[TempMailPlus] Đã tạo email: ${this.address} (kho tên miền có ${this.domains.length} mục)`);
+        }
+        else {
+            console.log(`[TempMailPlus] Đã tạo email: ${this.address}`);
+        }
+        return this.address;
+    }
+    getAddress() {
+        return this.address;
+    }
+    async waitForCode(timeoutSec, intervalSec, signal) {
+        if (!this.address)
+            throw new Error('Địa chỉ email đang trống');
+        const maxRetries = Math.floor(timeoutSec / intervalSec);
+        const checkedIds = new Set();
+        for (let attempt = 1; attempt <= maxRetries; attempt++) {
+            if (signal?.aborted)
+                throw new Error('Đăng ký đã bị hủy');
+            await abortableSleep(intervalSec * 1000, signal);
+            try {
+                const mails = await this.fetchMailList();
+                if (attempt === 1 || attempt % 5 === 0) {
+                    console.log(`[TempMailPlus] [${attempt}/${maxRetries}] Số email: ${mails.length}`);
+                }
+                for (const mail of mails) {
+                    const mailId = mail.mail_id;
+                    if (checkedIds.has(mailId))
+                        continue;
+                    checkedIds.add(mailId);
+                    const detail = await this.fetchMailDetail(mailId);
+                    if (!detail)
+                        continue;
+                    // 验证收件人匹配
+                    const toField = String(detail.to || '').toLowerCase();
+                    if (!toField.includes(this.address.toLowerCase())) {
+                        console.log(`[TempMailPlus] Người nhận không khớp: ${toField} (cần chứa: ${this.address})`);
+                        continue;
+                    }
+                    // 提取验证码
+                    const code = this.extractOTP(detail);
+                    if (code) {
+                        console.log(`[TempMailPlus] Mã xác minh: ${code}`);
+                        await this.deleteMail(mailId);
+                        return code;
+                    }
+                    else {
+                        console.log(`[TempMailPlus] Không lấy được mã xác minh từ email ${mailId}`);
+                    }
+                }
+            }
+            catch (err) {
+                console.log(`[TempMailPlus] [${attempt}/${maxRetries}] Truy vấn thất bại:`, err);
+            }
+            if (attempt % 5 === 0)
+                console.log(`[TempMailPlus] [${attempt}/${maxRetries}] Chưa có mã xác minh...`);
+        }
+        throw new Error(`Hết thời gian chờ mã xác minh (${timeoutSec} giây)`);
+    }
+    get fullEmail() {
+        return `${this.tmEmail}@mailto.plus`;
+    }
+    async fetchMailList() {
+        const url = `${TempMailPlusService.BASE_URL}/mails?email=${encodeURIComponent(this.fullEmail)}&first_id=0&epin=${encodeURIComponent(this.epin)}`;
+        const resp = await proxyFetch(url, { headers: this.headers, signal: AbortSignal.timeout(15000) });
+        const data = (await resp.json());
+        if (!data.result)
+            return [];
+        return data.mail_list || [];
+    }
+    async fetchMailDetail(mailId) {
+        const url = `${TempMailPlusService.BASE_URL}/mails/${mailId}?email=${encodeURIComponent(this.fullEmail)}&epin=${encodeURIComponent(this.epin)}`;
+        const resp = await proxyFetch(url, { headers: this.headers, signal: AbortSignal.timeout(15000) });
+        const data = (await resp.json());
+        return data.result ? data : null;
+    }
+    async deleteMail(mailId) {
+        const url = `${TempMailPlusService.BASE_URL}/mails/${mailId}`;
+        const headers = { ...this.headers, 'content-type': 'application/x-www-form-urlencoded; charset=UTF-8' };
+        const body = `email=${encodeURIComponent(this.fullEmail)}&epin=${encodeURIComponent(this.epin)}`;
+        try {
+            await proxyFetch(url, { method: 'DELETE', headers, body, signal: AbortSignal.timeout(10000) });
+            console.log(`[TempMailPlus] Đã xóa email: ${mailId}`);
+        }
+        catch (err) {
+            console.log(`[TempMailPlus] Xóa email thất bại:`, err);
+        }
+    }
+    extractOTP(detail) {
+        // 从主题提取
+        const subject = String(detail.subject || '');
+        const subjectMatch = subject.match(/(\d{6})/);
+        if (subjectMatch)
+            return subjectMatch[1];
+        // 从正文提取
+        const text = String(detail.text || '');
+        const code = extractCode(text);
+        if (code)
+            return code;
+        // 从 HTML 提取
+        const html = String(detail.html || '');
+        return extractCode(html);
+    }
+}
+exports.TempMailPlusService = TempMailPlusService;
+// ============ Tingamefi Temp Email / Cloudflare Email Worker ============
+class TingamefiMailService {
+    apiUrl;
+    adminPassword;
+    configuredDomain;
+    address = '';
+    constructor(apiUrl, adminPassword, domain) {
+        this.apiUrl = TingamefiMailService.normalizeApiUrl(apiUrl || 'https://temp-email-worker.thienp1301.workers.dev');
+        this.adminPassword = (adminPassword || '').trim();
+        this.configuredDomain = (domain || 'mail.tingamefi.com').trim().replace(/^@/, '');
+        if (!this.adminPassword)
+            throw new Error('Tingamefi mail admin password is empty');
+    }
+    static normalizeApiUrl(raw) {
+        const trimmed = raw.trim().replace(/\/+$/, '');
+        if (!trimmed)
+            return 'https://temp-email-worker.thienp1301.workers.dev';
+        return /^[a-z][a-z0-9+.-]*:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
+    }
+    get headers() {
+        return {
+            'Content-Type': 'application/json',
+            'x-admin-auth': this.adminPassword,
+            'x-lang': 'en',
+            'x-fingerprint': 'kiro-account-manager-web'
+        };
+    }
+    async create() {
+        const domain = await this.resolveDomain();
+        let lastError = '';
+        for (let attempt = 1; attempt <= 5; attempt++) {
+            const name = (0, names_1.randomEmailPrefix)();
+            try {
+                const data = await this.fetchJson('/admin/new_address', {
+                    method: 'POST',
+                    headers: this.headers,
+                    body: JSON.stringify({
+                        enablePrefix: true,
+                        enableRandomSubdomain: false,
+                        name,
+                        domain
+                    }),
+                    signal: AbortSignal.timeout(30000)
+                });
+                const address = String(data.address || '');
+                if (address) {
+                    this.address = address;
+                    console.log(`[TingamefiMail] created address: ${address}`);
+                    return address;
+                }
+                lastError = JSON.stringify(data).slice(0, 300);
+            }
+            catch (error) {
+                lastError = error instanceof Error ? error.message : String(error);
+            }
+        }
+        throw new Error(`Tingamefi mail address creation failed: ${lastError || 'empty response'}`);
+    }
+    getAddress() {
+        return this.address;
+    }
+    async waitForCode(timeoutSec, intervalSec, signal) {
+        if (!this.address)
+            throw new Error('Tingamefi mail address is empty');
+        const maxRetries = Math.max(1, Math.floor(timeoutSec / intervalSec));
+        for (let attempt = 1; attempt <= maxRetries; attempt++) {
+            if (signal?.aborted)
+                throw new Error('Registration was cancelled');
+            await abortableSleep(intervalSec * 1000, signal);
+            try {
+                const messages = await this.fetchMessages();
+                if (attempt === 1 || attempt % 5 === 0) {
+                    console.log(`[TingamefiMail] [${attempt}/${maxRetries}] messages: ${messages.length}`);
+                }
+                const preferred = messages.filter((message) => /no-reply@signin\.aws/i.test(String(message.source || message.raw || '')));
+                for (const message of [...preferred, ...messages.filter((message) => !preferred.includes(message))]) {
+                    const text = [
+                        message.subject,
+                        message.text,
+                        message.html,
+                        message.message,
+                        message.raw
+                    ].map((value) => String(value || '')).join('\n');
+                    const code = extractCode(text);
+                    if (code) {
+                        console.log(`[TingamefiMail] verification code: ${code}`);
+                        await this.deleteMail(message.id).catch(() => undefined);
+                        return code;
+                    }
+                }
+            }
+            catch (error) {
+                if (attempt % 5 === 0)
+                    console.log(`[TingamefiMail] [${attempt}/${maxRetries}] query failed:`, error);
+            }
+            if (attempt % 5 === 0)
+                console.log(`[TingamefiMail] [${attempt}/${maxRetries}] no verification code yet...`);
+        }
+        throw new Error(`Timed out waiting for verification code (${timeoutSec}s)`);
+    }
+    async resolveDomain() {
+        if (this.configuredDomain)
+            return this.configuredDomain;
+        const settings = await this.fetchJson('/open_api/settings', {
+            headers: { 'x-lang': 'en', 'x-fingerprint': 'kiro-account-manager-web' },
+            signal: AbortSignal.timeout(15000)
+        });
+        const domains = Array.isArray(settings.defaultDomains) ? settings.defaultDomains : settings.domains;
+        const first = Array.isArray(domains) ? String(domains[0] || '') : '';
+        if (!first)
+            throw new Error('Tingamefi mail domain is empty');
+        return first.replace(/^@/, '');
+    }
+    async fetchMessages() {
+        const query = `/admin/mails?limit=10&offset=0&address=${encodeURIComponent(this.address)}`;
+        const data = await this.fetchJson(query, {
+            headers: this.headers,
+            signal: AbortSignal.timeout(15000)
+        });
+        return Array.isArray(data.results) ? data.results : [];
+    }
+    async deleteMail(id) {
+        if (id === undefined || id === null || id === '')
+            return;
+        await this.fetchJson(`/admin/mails/${encodeURIComponent(String(id))}`, {
+            method: 'DELETE',
+            headers: this.headers,
+            signal: AbortSignal.timeout(10000)
+        });
+    }
+    async fetchJson(pathname, init) {
+        const response = await proxyFetch(`${this.apiUrl}${pathname}`, init);
+        const text = await response.text();
+        if (!response.ok) {
+            throw new Error(`Tingamefi mail API ${response.status}: ${text.slice(0, 300)}`);
+        }
+        return (text ? JSON.parse(text) : {});
+    }
+}
+exports.TingamefiMailService = TingamefiMailService;
+/** 按 ---- 拆分；多出的连字符(N-4)归还前一字段（refreshToken 等 base64url 可能以 '-' 结尾） */
+function splitByDashes(line) {
+    const parts = [];
+    const re = /-{4,}/g;
+    let last = 0;
+    let m;
+    while ((m = re.exec(line)) !== null) {
+        parts.push(line.slice(last, m.index) + '-'.repeat(m[0].length - 4));
+        last = m.index + m[0].length;
+    }
+    parts.push(line.slice(last));
+    return parts;
+}
+function parseOutlookLines(data) {
+    const accounts = [];
+    data = data.trim();
+    if (!data)
+        return accounts;
+    const lines = data.split('\n');
+    const parseEntry = (entry) => {
+        entry = entry.trim();
+        if (!entry)
+            return;
+        const parts = splitByDashes(entry);
+        if (parts.length === 4) {
+            accounts.push({
+                email: parts[0].trim(),
+                password: parts[1].trim(),
+                clientId: parts[2].trim(),
+                refreshToken: parts[3].trim()
+            });
+        }
+    };
+    if (lines.length === 1) {
+        for (const part of data.split(/\s+/))
+            parseEntry(part);
+    }
+    else {
+        for (const line of lines)
+            parseEntry(line);
+    }
+    return accounts;
+}
+async function refreshOutlookToken(acc) {
+    const form = new URLSearchParams({
+        client_id: acc.clientId,
+        refresh_token: acc.refreshToken,
+        grant_type: 'refresh_token',
+        scope: 'https://outlook.office.com/IMAP.AccessAsUser.All offline_access'
+    });
+    const resp = await proxyFetch('https://login.microsoftonline.com/consumers/oauth2/v2.0/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: form.toString() });
+    const data = (await resp.json());
+    if (resp.status !== 200)
+        throw new Error(`Làm mới thất bại ${resp.status}: ${JSON.stringify(data).slice(0, 300)}`);
+    const token = data.access_token;
+    if (!token)
+        throw new Error('Phản hồi không có access_token');
+    return token;
+}
+function buildXOAuth2(email, accessToken) {
+    const auth = `user=${email}\x01auth=Bearer ${accessToken}\x01\x01`;
+    return Buffer.from(auth).toString('base64');
+}
+class IMAPClient {
+    socket = null;
+    buffer = '';
+    tag = 0;
+    async connect() {
+        return new Promise((resolve, reject) => {
+            const socket = tls.connect(993, 'outlook.office365.com', { servername: 'outlook.office365.com' });
+            const timer = setTimeout(() => {
+                socket.destroy();
+                reject(new Error('Kết nối hết thời gian chờ'));
+            }, 15000);
+            socket.once('error', (err) => { clearTimeout(timer); reject(err); });
+            socket.once('secureConnect', () => {
+                clearTimeout(timer);
+                this.socket = socket;
+                this.readLine().then(() => resolve()).catch(reject);
+            });
+        });
+    }
+    readLine(timeoutMs = 30000) {
+        return new Promise((resolve, reject) => {
+            if (!this.socket)
+                return reject(new Error('Chưa kết nối'));
+            let settled = false;
+            const timer = setTimeout(() => {
+                if (settled)
+                    return;
+                settled = true;
+                this.socket?.removeListener('data', onData);
+                this.socket?.removeListener('error', onError);
+                reject(new Error('IMAP readLine 超时'));
+            }, timeoutMs);
+            const done = (line) => {
+                if (settled)
+                    return;
+                settled = true;
+                clearTimeout(timer);
+                this.socket?.removeListener('data', onData);
+                this.socket?.removeListener('error', onError);
+                resolve(line);
+            };
+            const onError = (err) => {
+                if (settled)
+                    return;
+                settled = true;
+                clearTimeout(timer);
+                this.socket?.removeListener('data', onData);
+                reject(err);
+            };
+            const check = () => {
+                const idx = this.buffer.indexOf('\r\n');
+                if (idx >= 0) {
+                    const line = this.buffer.slice(0, idx);
+                    this.buffer = this.buffer.slice(idx + 2);
+                    done(line);
+                    return true;
+                }
+                return false;
+            };
+            if (check())
+                return;
+            const onData = (chunk) => {
+                this.buffer += chunk.toString();
+                check();
+            };
+            this.socket.on('data', onData);
+            this.socket.once('error', onError);
+        });
+    }
+    async sendCommand(cmd) {
+        if (!this.socket)
+            throw new Error('Chưa kết nối');
+        this.tag++;
+        const tagStr = `A${String(this.tag).padStart(3, '0')}`;
+        this.socket.write(`${tagStr} ${cmd}\r\n`);
+        return tagStr;
+    }
+    async readUntilTag(tag) {
+        const lines = [];
+        while (true) {
+            const line = await this.readLine();
+            if (line.startsWith(`${tag} `))
+                return { lines, result: line };
+            lines.push(line);
+        }
+    }
+    async authenticate(email, accessToken) {
+        const xoauth2 = buildXOAuth2(email, accessToken);
+        const tag = await this.sendCommand(`AUTHENTICATE XOAUTH2 ${xoauth2}`);
+        const { result } = await this.readUntilTag(tag);
+        if (!result.includes('OK'))
+            throw new Error(`Xác thực thất bại: ${result}`);
+        console.log('[IMAP] Xác thực thành công');
+        await sleep(800);
+    }
+    async selectInbox() {
+        for (let retry = 0; retry < 3; retry++) {
+            const tag = await this.sendCommand('SELECT INBOX');
+            const { lines, result } = await this.readUntilTag(tag);
+            if (result.includes('OK')) {
+                for (const line of lines) {
+                    const m = line.match(/\*\s+(\d+)\s+EXISTS/);
+                    if (m)
+                        return parseInt(m[1], 10);
+                }
+                return 0;
+            }
+            if (retry < 2) {
+                console.log(`[IMAP] SELECT INBOX thất bại (${result}), thử lại ${retry + 1}/3...`);
+                await sleep((1 + retry) * 1000);
+            }
+        }
+        throw new Error('SELECT INBOX vẫn thất bại sau tất cả lần thử');
+    }
+    async fetchLatestBody(seq) {
+        if (seq <= 0)
+            throw new Error('Số thứ tự email không hợp lệ');
+        const tag = await this.sendCommand(`FETCH ${seq} (BODY.PEEK[TEXT])`);
+        const { lines, result } = await this.readUntilTag(tag);
+        if (!result.includes('OK'))
+            throw new Error(`FETCH TEXT thất bại: ${result}`);
+        const rawLines = [];
+        let inBody = false;
+        for (const line of lines) {
+            if (line.includes('FETCH')) {
+                inBody = true;
+                continue;
+            }
+            if (line === ')')
+                continue;
+            if (inBody)
+                rawLines.push(line);
+        }
+        const raw = rawLines.join('\n');
+        // 尝试解码 MIME base64
+        const parts = raw.split('------=_Part_');
+        let decoded = '';
+        for (const part of parts) {
+            if (part.includes('base64')) {
+                const idx = part.indexOf('base64');
+                const content = part.slice(idx + 6);
+                const b64 = content.replace(/[\s]/g, '');
+                try {
+                    decoded += Buffer.from(b64, 'base64').toString() + ' ';
+                }
+                catch { /* ignore */ }
+            }
+        }
+        if (decoded)
+            return decoded;
+        // 整体 base64 解码
+        const cleaned = raw.replace(/[\s]/g, '');
+        try {
+            return Buffer.from(cleaned, 'base64').toString();
+        }
+        catch {
+            return raw;
+        }
+    }
+    close() {
+        if (this.socket) {
+            try {
+                this.socket.write('A999 LOGOUT\r\n');
+            }
+            catch { /* ignore */ }
+            this.socket.destroy();
+            this.socket = null;
+        }
+    }
+}
+async function getInboxCount(acc) {
+    const accessToken = await refreshOutlookToken(acc);
+    const client = new IMAPClient();
+    try {
+        await client.connect();
+        await client.authenticate(acc.email, accessToken);
+        return await client.selectInbox();
+    }
+    finally {
+        client.close();
+    }
+}
+async function waitForOTP(acc, beforeCount, timeout, interval, signal) {
+    console.log(`[Outlook IMAP] Đang chờ mã xác minh, email=${acc.email}, số email trước khi gửi=${beforeCount}`);
+    let accessToken = await refreshOutlookToken(acc);
+    const maxRetries = Math.floor(timeout / interval);
+    for (let attempt = 1; attempt <= maxRetries; attempt++) {
+        if (signal?.aborted)
+            throw new Error('Đăng ký đã bị hủy');
+        let client = null;
+        try {
+            client = new IMAPClient();
+            await client.connect();
+            await client.authenticate(acc.email, accessToken);
+            const total = await client.selectInbox();
+            if (total <= beforeCount) {
+                if (attempt % 5 === 0)
+                    console.log(`[Outlook IMAP] [${attempt}/${maxRetries}] Chưa có email mới (hiện có ${total})...`);
+                await abortableSleep(interval * 1000, signal);
+                continue;
+            }
+            for (let i = total; i > beforeCount; i--) {
+                try {
+                    const body = await client.fetchLatestBody(i);
+                    const code = extractCode(body);
+                    if (code) {
+                        console.log(`[Outlook IMAP] Đã lấy mã xác minh: ${code}`);
+                        return code;
+                    }
+                }
+                catch { /* continue */ }
+            }
+            if (attempt % 5 === 0)
+                console.log(`[Outlook IMAP] [${attempt}/${maxRetries}] Không tìm thấy mã xác minh trong email mới...`);
+        }
+        catch (err) {
+            if (attempt % 5 === 0)
+                console.log(`[Outlook IMAP] Kết nối thất bại:`, err);
+            try {
+                accessToken = await refreshOutlookToken(acc);
+            }
+            catch { /* ignore */ }
+        }
+        finally {
+            client?.close();
+        }
+        await abortableSleep(interval * 1000, signal);
+    }
+    throw new Error(`Hết thời gian chờ mã xác minh (${timeout} giây)`);
+}
+// ============ Proton 邮箱（webview 借壳官方网页，轻量读 DOM 取码） ============
+/**
+ * Proton 点号别名取码源：用一个 Proton 母邮箱（如 evanbartellchae@protonmail.com），
+ * 前端用 dotVariants 生成点号变体（evanbar.tellcha.e@protonmail.com）作为每个账号的注册邮箱，
+ * 所有变体都进同一个 Proton 收件箱。读码经由主进程的隐藏 Proton 窗口（见 proton-mail-window.ts），
+ * 官方网页负责登录与 PGP 解密，本类只接收前端生成好的具体地址并等待取码。
+ */
+class ProtonWebviewService {
+    /** 本次注册使用的具体邮箱地址（母邮箱或其点号变体，由前端生成传入） */
+    address;
+    /** 日志回调：传入 registrar.this.log 时，取码日志会推送到注册页面日志面板；缺省回退 console */
+    log;
+    constructor(presetAddress, log) {
+        this.address = (presetAddress || '').trim();
+        if (!this.address) {
+            throw new Error('Địa chỉ email Proton đang trống');
+        }
+        this.log = log || ((m) => console.log(m));
+    }
+    async create() {
+        this.log(`[Proton] Sử dụng email: ${this.address}`);
+        return this.address;
+    }
+    getAddress() {
+        return this.address;
+    }
+    async waitForCode(timeoutSec, intervalSec, signal) {
+        const runtime = process.versions.electron
+            ? await Promise.resolve().then(() => __importStar(require('./proton-mail-window')))
+            : await Promise.resolve().then(() => __importStar(require('../../server/services/protonBrowserRuntime')));
+        const { waitProtonOtp } = runtime;
+        return waitProtonOtp(this.address, {
+            timeoutSec,
+            intervalSec,
+            signal,
+            log: this.log
+        });
+    }
+}
+exports.ProtonWebviewService = ProtonWebviewService;
+function sleep(ms) {
+    return new Promise((r) => setTimeout(r, ms));
+}