@maskzh/chrome-cookies-cli 1.0.0

package/dist/browsers.d.ts

@@ -0,0 +1,10 @@
+export interface BrowserConfig {
+    basePath: string;
+    keychainAccount: string;
+    keychainService: string;
+}
+export declare function getBrowser(name: string): BrowserConfig;
+export declare function listBrowsers(): {
+    name: string;
+    basePath: string;
+}[];

package/dist/browsers.js

@@ -0,0 +1,53 @@
+import { existsSync } from "fs";
+import os from "os";
+const HOME = os.homedir();
+const BROWSER_REGISTRY = {
+    chrome: {
+        basePath: `${HOME}/Library/Application Support/Google/Chrome`,
+        keychainAccount: "Chrome",
+        keychainService: "Chrome Safe Storage",
+    },
+    chromium: {
+        basePath: `${HOME}/Library/Application Support/Chromium`,
+        keychainAccount: "Chromium",
+        keychainService: "Chromium Safe Storage",
+    },
+    arc: {
+        basePath: `${HOME}/Library/Application Support/Arc/User Data`,
+        keychainAccount: "Arc",
+        keychainService: "Arc Safe Storage",
+    },
+    edge: {
+        basePath: `${HOME}/Library/Application Support/Microsoft Edge`,
+        keychainAccount: "Microsoft Edge",
+        keychainService: "Microsoft Edge Safe Storage",
+    },
+    brave: {
+        basePath: `${HOME}/Library/Application Support/BraveSoftware/Brave-Browser`,
+        keychainAccount: "Brave",
+        keychainService: "Brave Safe Storage",
+    },
+    vivaldi: {
+        basePath: `${HOME}/Library/Application Support/Vivaldi`,
+        keychainAccount: "Vivaldi",
+        keychainService: "Vivaldi Safe Storage",
+    },
+    opera: {
+        basePath: `${HOME}/Library/Application Support/com.operasoftware.Opera`,
+        keychainAccount: "Opera",
+        keychainService: "Opera Safe Storage",
+    },
+};
+export function getBrowser(name) {
+    const config = BROWSER_REGISTRY[name.toLowerCase()];
+    if (!config) {
+        const available = Object.keys(BROWSER_REGISTRY).join(", ");
+        throw new Error(`Unknown browser: "${name}". Available: ${available}`);
+    }
+    return config;
+}
+export function listBrowsers() {
+    return Object.entries(BROWSER_REGISTRY)
+        .filter(([, config]) => existsSync(config.basePath))
+        .map(([name, config]) => ({ name, basePath: config.basePath }));
+}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -0,0 +1,135 @@
+#!/usr/bin/env node
+import { getCookies, listBrowsers, listProfiles } from "./index.js";
+import { getBrowser } from "./browsers.js";
+const HELP = `
+Usage:
+  bun src/cli.ts <url> [options]
+  bun src/cli.ts --list-profiles [--browser <name>]
+  bun src/cli.ts --list-browsers
+
+Options:
+  --browser, -b <name>     Browser name (default: chrome)
+  --profile, -p <name>     Profile name or directory name (default: Default)
+  --filter, -f <names>     Comma-separated cookie name prefixes to include
+  --json                   Output as JSON
+  --list-profiles          List available profiles for the specified browser
+  --list-browsers          List browsers installed on this system
+  --help, -h               Show this help
+
+Examples:
+  bun src/cli.ts https://example.com
+  bun src/cli.ts https://example.com -b chrome -p Youzan
+  bun src/cli.ts https://example.com -b chrome -p Youzan -f cas,xiaolv
+  bun src/cli.ts https://example.com --json
+  bun src/cli.ts --list-profiles --browser chrome
+`.trim();
+function parseArgs(argv) {
+    const args = argv.slice(2);
+    const result = {
+        url: "",
+        browser: "chrome",
+        browserSet: false,
+        profile: "Default",
+        filter: undefined,
+        json: false,
+        listProfiles: false,
+        listBrowsers: false,
+        help: false,
+    };
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        switch (arg) {
+            case "--browser":
+            case "-b":
+                result.browser = args[++i];
+                result.browserSet = true;
+                break;
+            case "--profile":
+            case "-p":
+                result.profile = args[++i];
+                break;
+            case "--filter":
+            case "-f":
+                result.filter = args[++i];
+                break;
+            case "--json":
+                result.json = true;
+                break;
+            case "--list-profiles":
+                result.listProfiles = true;
+                break;
+            case "--list-browsers":
+                result.listBrowsers = true;
+                break;
+            case "--help":
+            case "-h":
+                result.help = true;
+                break;
+            default:
+                if (!arg.startsWith("-"))
+                    result.url = arg;
+        }
+    }
+    return result;
+}
+async function main() {
+    const args = parseArgs(process.argv);
+    if (args.help) {
+        console.log(HELP);
+        process.exit(0);
+    }
+    if (args.listBrowsers) {
+        const browsers = listBrowsers();
+        if (args.json) {
+            console.log(JSON.stringify(browsers, null, 2));
+        }
+        else {
+            console.log("Installed browsers:");
+            browsers.forEach(({ name, basePath }) => console.log(`  ${name.padEnd(10)} ${basePath}`));
+        }
+        process.exit(0);
+    }
+    if (args.listProfiles) {
+        const browsers = args.browserSet
+            ? [{ name: args.browser, basePath: getBrowser(args.browser).basePath }]
+            : listBrowsers();
+        if (args.json) {
+            const result = Object.fromEntries(browsers.map(({ name, basePath }) => [name, listProfiles(basePath)]));
+            console.log(JSON.stringify(result, null, 2));
+        }
+        else {
+            for (const { name, basePath } of browsers) {
+                console.log(`Profiles for ${name}:`);
+                listProfiles(basePath).forEach(({ dir, name }) => console.log(`  ${dir.padEnd(12)} ${name}`));
+            }
+        }
+        process.exit(0);
+    }
+    if (!args.url) {
+        console.error("Error: URL is required.\n");
+        console.log(HELP);
+        process.exit(1);
+    }
+    const filterPrefixes = args.filter?.split(",").map((s) => s.trim().toLowerCase());
+    const cookieFilter = filterPrefixes
+        ? ({ name }) => {
+            const lower = name.toLowerCase();
+            return filterPrefixes.some((prefix) => lower === prefix || lower.startsWith(prefix));
+        }
+        : undefined;
+    const result = await getCookies(args.url, {
+        browser: args.browser,
+        profile: args.profile,
+        filter: cookieFilter,
+    });
+    if (args.json) {
+        console.log(JSON.stringify(result, null, 2));
+    }
+    else {
+        console.log(result.cookieString);
+    }
+}
+main().catch((err) => {
+    console.error("Error:", err.message);
+    process.exit(1);
+});

package/dist/db.d.ts

@@ -0,0 +1,13 @@
+export interface RawCookieRow {
+    hostKey: string;
+    path: string;
+    isSecure: number;
+    name: string;
+    encryptedValue: Buffer;
+    creationUtc: number;
+    expiresUtc: number;
+    isHttponly: number;
+    hasExpires: number;
+    isPersistent: number;
+}
+export declare function readRawCookies(cookiesDbPath: string, domain: string): Promise<RawCookieRow[]>;

package/dist/db.js

@@ -0,0 +1,45 @@
+import { copyFileSync, readFileSync, unlinkSync } from "fs";
+import { join } from "path";
+import os from "os";
+import initSqlJs from "sql.js";
+export async function readRawCookies(cookiesDbPath, domain) {
+    const tmpPath = join(os.tmpdir(), `chromium-cookies-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+    try {
+        copyFileSync(cookiesDbPath, tmpPath);
+        const SQL = await initSqlJs();
+        const db = new SQL.Database(readFileSync(tmpPath));
+        const stmt = db.prepare(`SELECT host_key, path, is_secure, name, encrypted_value, creation_utc, expires_utc, is_httponly, has_expires, is_persistent
+       FROM cookies
+       WHERE host_key LIKE :domain
+       ORDER BY LENGTH(path) DESC, creation_utc ASC`);
+        const rows = [];
+        stmt.bind({ ":domain": `%${domain}` });
+        while (stmt.step()) {
+            const row = stmt.get();
+            const [host_key, path, is_secure, name, encrypted_value, creation_utc, expires_utc, is_httponly, has_expires, is_persistent,] = row;
+            rows.push({
+                hostKey: host_key,
+                path,
+                isSecure: is_secure,
+                name,
+                encryptedValue: Buffer.from(encrypted_value.buffer, encrypted_value.byteOffset, encrypted_value.byteLength),
+                creationUtc: creation_utc,
+                expiresUtc: expires_utc,
+                isHttponly: is_httponly,
+                hasExpires: has_expires,
+                isPersistent: is_persistent,
+            });
+        }
+        stmt.free();
+        db.close();
+        return rows;
+    }
+    finally {
+        try {
+            unlinkSync(tmpPath);
+        }
+        catch {
+            /* 临时文件可能已不存在 */
+        }
+    }
+}

package/dist/decrypt.d.ts

@@ -0,0 +1,4 @@
+import crypto from "crypto";
+export declare function getKeychainPassword(account: string, service: string): Promise<string>;
+export declare function deriveKey(password: string): Promise<Buffer>;
+export declare function decryptCookieValue(key: crypto.CipherKey, encryptedValue: Buffer): string;

package/dist/decrypt.js

@@ -0,0 +1,36 @@
+import crypto from "crypto";
+import keychain from "keychain";
+const ITERATIONS = 1003;
+const KEYLENGTH = 16;
+const SALT = "saltysalt";
+export function getKeychainPassword(account, service) {
+    return new Promise((resolve, reject) => {
+        keychain.getPassword({ account, service }, (err, password) => {
+            if (err)
+                return reject(err);
+            resolve(password);
+        });
+    });
+}
+export function deriveKey(password) {
+    return new Promise((resolve, reject) => {
+        crypto.pbkdf2(password, SALT, ITERATIONS, KEYLENGTH, "sha1", (err, key) => {
+            if (err)
+                return reject(err);
+            resolve(key);
+        });
+    });
+}
+export function decryptCookieValue(key, encryptedValue) {
+    // Chromium 在 macOS 上加密的 cookie 前缀为 "v10"（3 字节），需跳过
+    const iv = Buffer.alloc(KEYLENGTH, " ");
+    const decipher = crypto.createDecipheriv("aes-128-cbc", key, iv);
+    decipher.setAutoPadding(false);
+    const data = encryptedValue.slice(3);
+    let decoded = Buffer.concat([decipher.update(data), decipher.final()]);
+    const padding = decoded[decoded.length - 1];
+    if (padding) {
+        decoded = decoded.slice(32, decoded.length - padding);
+    }
+    return decoded.toString("utf8");
+}

package/dist/filter.d.ts

@@ -0,0 +1,14 @@
+import url from "url";
+export interface Cookie {
+    name: string;
+    value: string;
+    hostKey: string;
+    path: string;
+    isSecure: number;
+    isHttponly: number;
+    isPersistent: number;
+    hasExpires: number;
+    creationUtc: number;
+    expiresUtc: number;
+}
+export declare function filterCookies(parsedUrl: url.UrlWithStringQuery, cookies: Cookie[]): Cookie[];

package/dist/filter.js

@@ -0,0 +1,30 @@
+import tough from "tough-cookie";
+export function filterCookies(parsedUrl, cookies) {
+    const path = parsedUrl.path ?? "/";
+    const hostname = parsedUrl.hostname;
+    const isSecure = parsedUrl.protocol === "https:";
+    const seen = new Set();
+    const filtered = [];
+    const matched = cookies.filter((cookie) => {
+        if (cookie.isSecure && !isSecure)
+            return false;
+        if (!tough.domainMatch(hostname, cookie.hostKey, true))
+            return false;
+        if (!tough.pathMatch(path, cookie.path))
+            return false;
+        // Chromium 的 expiresUtc 使用 Windows FILETIME 纪元（1601-01-01），
+        // 与 Unix 时间（1970-01-01）相差 11644473600 秒
+        if (cookie.expiresUtc) {
+            return cookie.expiresUtc / 1000 - 11644473600000 > Date.now();
+        }
+        return true;
+    });
+    for (let i = matched.length - 1; i >= 0; i--) {
+        const cookie = matched[i];
+        if (!seen.has(cookie.name)) {
+            seen.add(cookie.name);
+            filtered.push(cookie);
+        }
+    }
+    return filtered.reverse();
+}

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+export { listBrowsers } from "./browsers.js";
+export { listProfiles } from "./profiles.js";
+export interface GetCookiesOptions {
+    browser?: string;
+    profile?: string;
+    filter?: (cookie: {
+        name: string;
+        value: string;
+    }) => boolean;
+}
+export interface GetCookiesResult {
+    cookieString: string;
+    cookies: {
+        name: string;
+        value: string;
+    }[];
+}
+export declare function getCookies(uri: string, options?: GetCookiesOptions): Promise<GetCookiesResult>;

package/dist/index.js

@@ -0,0 +1,56 @@
+import assert from "assert";
+import { join } from "path";
+import tld from "tldjs";
+import { Cookie, CookieJar } from "tough-cookie";
+import url from "url";
+import { getBrowser } from "./browsers.js";
+import { readRawCookies } from "./db.js";
+import { decryptCookieValue, deriveKey, getKeychainPassword } from "./decrypt.js";
+import { filterCookies } from "./filter.js";
+import { resolveProfile } from "./profiles.js";
+export { listBrowsers } from "./browsers.js";
+export { listProfiles } from "./profiles.js";
+export async function getCookies(uri, options = {}) {
+    const { browser = "chrome", profile = "Default", filter } = options;
+    const parsedUrl = url.parse(uri);
+    assert(parsedUrl.protocol && parsedUrl.hostname, 'Could not parse URI, format should be "https://www.example.com/path/"');
+    const domain = tld.getDomain(uri);
+    assert(domain, `Could not extract domain from URI: ${uri}`);
+    const browserConfig = getBrowser(browser);
+    const profileDir = resolveProfile(browserConfig.basePath, profile);
+    const cookiesPath = join(browserConfig.basePath, profileDir, "Cookies");
+    const [derivedKey, rawRows] = await Promise.all([
+        getKeychainPassword(browserConfig.keychainAccount, browserConfig.keychainService).then(deriveKey),
+        readRawCookies(cookiesPath, domain),
+    ]);
+    const cookies = rawRows.map((row) => {
+        let value = "";
+        try {
+            value = decryptCookieValue(derivedKey, row.encryptedValue);
+        }
+        catch {
+            // 解密失败时跳过，返回空值
+        }
+        return {
+            name: row.name,
+            value,
+            hostKey: row.hostKey,
+            path: row.path,
+            isSecure: row.isSecure,
+            isHttponly: row.isHttponly,
+            isPersistent: row.isPersistent,
+            hasExpires: row.hasExpires,
+            creationUtc: row.creationUtc,
+            expiresUtc: row.expiresUtc,
+        };
+    });
+    const filteredByUser = filter ? cookies.filter(filter) : cookies;
+    const finalCookies = filterCookies(parsedUrl, filteredByUser);
+    const jar = new CookieJar();
+    await Promise.all(finalCookies.map(({ name, value }) => jar.setCookie(new Cookie({ key: name, value }), uri)));
+    const cookieString = await jar.getCookieString(uri);
+    return {
+        cookieString,
+        cookies: finalCookies.map(({ name, value }) => ({ name, value })),
+    };
+}

package/dist/profiles.d.ts

@@ -0,0 +1,6 @@
+export interface ProfileInfo {
+    dir: string;
+    name: string;
+}
+export declare function resolveProfile(basePath: string, nameOrDir?: string): string;
+export declare function listProfiles(basePath: string): ProfileInfo[];

package/dist/profiles.js

@@ -0,0 +1,37 @@
+import { readFileSync } from "fs";
+import { join } from "path";
+const DIR_NAME_RE = /^(Default|Profile \d+)$/;
+function loadInfoCache(basePath) {
+    try {
+        const content = readFileSync(join(basePath, "Local State"), "utf8");
+        return JSON.parse(content)?.profile?.info_cache ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+export function resolveProfile(basePath, nameOrDir) {
+    if (!nameOrDir)
+        return "Default";
+    if (DIR_NAME_RE.test(nameOrDir))
+        return nameOrDir;
+    const infoCache = loadInfoCache(basePath);
+    if (!infoCache) {
+        throw new Error(`Cannot resolve profile name "${nameOrDir}": browser has no "Local State" file at ${basePath}. ` +
+            `Please use the directory name directly (e.g. "Default", "Profile 1").`);
+    }
+    const entry = Object.entries(infoCache).find(([, info]) => info.name.toLowerCase() === nameOrDir.toLowerCase());
+    if (!entry) {
+        const available = Object.entries(infoCache)
+            .map(([dir, info]) => `  ${dir}: "${info.name}"`)
+            .join("\n");
+        throw new Error(`Profile "${nameOrDir}" not found. Available profiles:\n${available}`);
+    }
+    return entry[0];
+}
+export function listProfiles(basePath) {
+    const infoCache = loadInfoCache(basePath);
+    if (!infoCache)
+        return [{ dir: "Default", name: "Default" }];
+    return Object.entries(infoCache).map(([dir, info]) => ({ dir, name: info.name }));
+}

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "@maskzh/chrome-cookies-cli",
+  "version": "1.0.0",
+  "description": "Standalone Chromium cookie reader with profile name resolution",
+  "bin": {
+    "chrome-cookies": "./dist/cli.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build",
+    "typecheck": "tsc --noEmit",
+    "lint": "oxlint src",
+    "lint:fix": "oxlint src --fix",
+    "format": "oxfmt src",
+    "format:check": "oxfmt --check src",
+    "list-browsers": "bun src/cli.ts --list-browsers",
+    "list-profiles": "bun src/cli.ts --list-profiles"
+  },
+  "dependencies": {
+    "keychain": "^1.4.0",
+    "sql.js": "^1.10.0",
+    "tldjs": "^2.3.1",
+    "tough-cookie": "^4.1.4"
+  },
+  "devDependencies": {
+    "@types/keychain": "^1.4.4",
+    "@types/node": "^20.0.0",
+    "@types/sql.js": "^1.4.9",
+    "@types/tldjs": "^2.3.4",
+    "@types/tough-cookie": "^4.0.5",
+    "oxfmt": "^0.42.0",
+    "oxlint": "^1.57.0",
+    "typescript": "^5.0.0"
+  }
+}