@mkterswingman/5mghost-wonder 0.0.1

package/dist/wecom/browser.js

@@ -0,0 +1,344 @@
+// src/wecom/browser.ts
+// CDP cookie extraction: spawn Chrome/Edge → WebSocket → Storage.getCookies poll.
+// Uses ws package (NOT native WebSocket) for Node 18/20 compatibility.
+import { spawn } from "node:child_process";
+import { existsSync, mkdirSync } from "node:fs";
+import { createServer } from "node:net";
+import { join } from "node:path";
+import WebSocket from "ws";
+// ---------------------------------------------------------------------------
+// Constants (validated in /tmp/wonder-cookie-grab.ts prototype)
+// ---------------------------------------------------------------------------
+const LOGIN_URL = "https://doc.weixin.qq.com";
+const LOGIN_TIMEOUT_MS = 3 * 60 * 1000;
+const COOKIE_POLL_INTERVAL_MS = 2000;
+const CDP_CALL_TIMEOUT_MS = 5000;
+const MIN_KEY_COOKIES_REQUIRED = 3;
+const KEY_COOKIES = [
+    "TOK",
+    "wedrive_sid",
+    "uid",
+    "uid_key",
+    "wedrive_ticket",
+    "wedrive_skey",
+];
+const TRUSTED_DOMAINS = ["doc.weixin.qq.com", "weixin.qq.com"];
+// ---------------------------------------------------------------------------
+// Security helpers
+// ---------------------------------------------------------------------------
+/**
+ * C-03: Validate that a debugger URL is a localhost HTTP endpoint.
+ * Prevents connecting to remote CDP endpoints which would expose all cookies.
+ */
+function assertLocalhostUrl(url) {
+    let u;
+    try {
+        u = new URL(url);
+    }
+    catch {
+        throw new Error(`debuggerUrl is not a valid URL: ${url}`);
+    }
+    if (u.hostname !== "127.0.0.1" && u.hostname !== "localhost") {
+        throw new Error(`debuggerUrl must be a localhost address, got: ${url}`);
+    }
+    if (u.protocol !== "http:") {
+        throw new Error(`debuggerUrl must use http:, got: ${url}`);
+    }
+}
+/**
+ * Spawn Chrome → connect via CDP WebSocket → poll Storage.getCookies until
+ * ≥ MIN_KEY_COOKIES_REQUIRED key cookies are present → return Record<string,string>.
+ */
+export async function collectWecomCookiesViaBrowser(options) {
+    const timeoutMs = options.timeoutMs ?? LOGIN_TIMEOUT_MS;
+    let endpoint = options.debuggerUrl;
+    let child = null;
+    // C-03: Validate that a provided debuggerUrl is a localhost endpoint.
+    if (endpoint) {
+        assertLocalhostUrl(endpoint);
+    }
+    if (!endpoint) {
+        const browser = findInstalledBrowser(options.executablePath);
+        const port = await getFreePort();
+        endpoint = `http://127.0.0.1:${port}`;
+        mkdirSync(options.chromeProfilePath, { recursive: true });
+        options.io?.stdout(`Opening ${browser.label} for WeCom login...`);
+        child = spawn(browser.executablePath, [
+            `--remote-debugging-port=${port}`,
+            `--user-data-dir=${options.chromeProfilePath}`,
+            "--no-first-run",
+            "--no-default-browser-check",
+            "--disable-features=DialMediaRouteProvider",
+            LOGIN_URL,
+        ], {
+            stdio: "ignore",
+            detached: process.platform !== "win32",
+        });
+    }
+    try {
+        await waitForDebugger(endpoint, 20_000);
+        const wsUrl = await getWebSocketDebuggerUrl(endpoint, 20_000);
+        const socket = await openDevToolsSocket(wsUrl);
+        try {
+            const startedAt = Date.now();
+            while (Date.now() - startedAt < timeoutMs) {
+                const cookies = await readWecomCookies(socket);
+                if (cookies !== null)
+                    return cookies;
+                await delay(COOKIE_POLL_INTERVAL_MS);
+            }
+            throw new Error(`Timed out waiting for WeCom login after ${Math.round(timeoutMs / 1000)}s. ` +
+                "Sign in to WeCom in the opened browser, then rerun `wonder wecom cookie`.");
+        }
+        finally {
+            socket.close();
+        }
+    }
+    finally {
+        if (child)
+            await terminateBrowserProcess(child);
+    }
+}
+function getKnownBrowserPaths() {
+    if (process.platform === "darwin") {
+        return [
+            {
+                label: "Google Chrome",
+                executablePath: "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
+            },
+            {
+                label: "Microsoft Edge",
+                executablePath: "/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge",
+            },
+        ];
+    }
+    if (process.platform === "win32") {
+        const lad = process.env["LOCALAPPDATA"] ?? "";
+        const pf = process.env["PROGRAMFILES"] ?? "C:\\Program Files";
+        const pf86 = process.env["PROGRAMFILES(X86)"] ?? "C:\\Program Files (x86)";
+        return [
+            {
+                label: "Google Chrome",
+                executablePath: join(lad, "Google", "Chrome", "Application", "chrome.exe"),
+            },
+            {
+                label: "Google Chrome",
+                executablePath: join(pf, "Google", "Chrome", "Application", "chrome.exe"),
+            },
+            {
+                label: "Google Chrome",
+                executablePath: join(pf86, "Google", "Chrome", "Application", "chrome.exe"),
+            },
+            {
+                label: "Microsoft Edge",
+                executablePath: join(pf, "Microsoft", "Edge", "Application", "msedge.exe"),
+            },
+            {
+                label: "Microsoft Edge",
+                executablePath: join(pf86, "Microsoft", "Edge", "Application", "msedge.exe"),
+            },
+            {
+                label: "Microsoft Edge",
+                executablePath: join(lad, "Microsoft", "Edge", "Application", "msedge.exe"),
+            },
+        ];
+    }
+    // Linux
+    return [
+        {
+            label: "Google Chrome",
+            executablePath: "/usr/bin/google-chrome-stable",
+        },
+        { label: "Google Chrome", executablePath: "/usr/bin/google-chrome" },
+        { label: "Chromium", executablePath: "/usr/bin/chromium" },
+        { label: "Chromium", executablePath: "/usr/bin/chromium-browser" },
+        { label: "Microsoft Edge", executablePath: "/usr/bin/microsoft-edge" },
+    ];
+}
+function findInstalledBrowser(executablePath) {
+    if (executablePath) {
+        // C-02: validate path exists before passing to spawn to prevent arbitrary execution.
+        if (!existsSync(executablePath)) {
+            throw new Error(`Configured browser not found: ${executablePath}`);
+        }
+        return { label: "Configured browser", executablePath };
+    }
+    for (const candidate of getKnownBrowserPaths()) {
+        if (existsSync(candidate.executablePath)) {
+            return candidate;
+        }
+    }
+    throw new Error("Could not find a supported Chrome/Edge installation.\n" +
+        "Install Chrome from https://www.google.com/chrome/, then rerun `wonder wecom cookie`.");
+}
+// ---------------------------------------------------------------------------
+// CDP helpers
+// ---------------------------------------------------------------------------
+// C-04: Monotonically increasing counter for CDP message IDs to avoid
+// collision when multiple commands are in-flight on the same WebSocket.
+let _cdpNextId = 1;
+function delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function getFreePort() {
+    return new Promise((resolve, reject) => {
+        const server = createServer();
+        server.listen(0, "127.0.0.1", () => {
+            const address = server.address();
+            if (!address || typeof address === "string") {
+                server.close();
+                reject(new Error("Failed to allocate a browser debugging port"));
+                return;
+            }
+            const port = address.port;
+            // C-01: Resolve only after the server is fully closed so the caller
+            // can spawn Chrome with the port number immediately after resolution,
+            // minimising the TOCTOU window between close and bind.
+            server.close((err) => {
+                if (err)
+                    reject(err);
+                else
+                    resolve(port);
+            });
+        });
+        server.on("error", reject);
+    });
+}
+async function waitForDebugger(endpoint, timeoutMs) {
+    const startedAt = Date.now();
+    while (Date.now() - startedAt < timeoutMs) {
+        try {
+            const res = await fetch(`${endpoint}/json/version`);
+            if (res.ok)
+                return;
+        }
+        catch {
+            // Browser startup races are expected; keep polling until timeout.
+        }
+        await delay(500);
+    }
+    throw new Error("Browser did not expose the remote debugging endpoint in time");
+}
+async function getWebSocketDebuggerUrl(endpoint, timeoutMs) {
+    const startedAt = Date.now();
+    while (Date.now() - startedAt < timeoutMs) {
+        try {
+            const res = await fetch(`${endpoint}/json/version`);
+            if (res.ok) {
+                const payload = (await res.json());
+                if (payload.webSocketDebuggerUrl)
+                    return payload.webSocketDebuggerUrl;
+            }
+        }
+        catch {
+            // Browser startup races are expected; keep polling until timeout.
+        }
+        await delay(500);
+    }
+    throw new Error("Browser did not expose a DevTools websocket in time");
+}
+async function openDevToolsSocket(url) {
+    return new Promise((resolve, reject) => {
+        const socket = new WebSocket(url);
+        const timer = setTimeout(() => {
+            socket.close();
+            reject(new Error("Timed out connecting to the browser DevTools websocket"));
+        }, CDP_CALL_TIMEOUT_MS);
+        const handleOpen = () => {
+            clearTimeout(timer);
+            socket.removeEventListener("error", handleError);
+            resolve(socket);
+        };
+        const handleError = () => {
+            clearTimeout(timer);
+            socket.removeEventListener("open", handleOpen);
+            reject(new Error("Failed to connect to the browser DevTools websocket"));
+        };
+        socket.addEventListener("open", handleOpen);
+        socket.addEventListener("error", handleError);
+    });
+}
+async function sendCdpCommand(socket, method, params = {}) {
+    const id = _cdpNextId++;
+    return new Promise((resolve, reject) => {
+        const timer = setTimeout(() => {
+            socket.removeEventListener("message", handleMessage);
+            reject(new Error(`CDP timeout: ${method}`));
+        }, CDP_CALL_TIMEOUT_MS);
+        const handleMessage = (event) => {
+            const payload = JSON.parse(String(event.data));
+            if (payload.id !== id)
+                return;
+            clearTimeout(timer);
+            socket.removeEventListener("message", handleMessage);
+            if (payload.error) {
+                reject(new Error(payload.error.message ?? `CDP error: ${method}`));
+            }
+            else {
+                resolve((payload.result ?? {}));
+            }
+        };
+        socket.addEventListener("message", handleMessage);
+        socket.send(JSON.stringify({ id, method, params }));
+    });
+}
+// ---------------------------------------------------------------------------
+// Cookie filtering
+// ---------------------------------------------------------------------------
+function isTrustedDomain(domain) {
+    const d = domain.trim().toLowerCase().replace(/^\./, "");
+    return TRUSTED_DOMAINS.some((trusted) => d === trusted || d.endsWith(`.${trusted}`));
+}
+/**
+ * Poll CDP for WeCom cookies. Returns Record<string,string> when
+ * MIN_KEY_COOKIES_REQUIRED are present, null otherwise.
+ */
+async function readWecomCookies(socket) {
+    const payload = await sendCdpCommand(socket, "Storage.getCookies");
+    const trusted = (payload.cookies ?? []).filter((c) => isTrustedDomain(c.domain));
+    const cookieNames = new Set(trusted.map((c) => c.name));
+    const presentKeys = KEY_COOKIES.filter((k) => cookieNames.has(k));
+    if (presentKeys.length < MIN_KEY_COOKIES_REQUIRED)
+        return null;
+    // Build Record; later entries overwrite earlier ones for the same name.
+    const result = {};
+    for (const c of trusted) {
+        result[c.name] = c.value;
+    }
+    return result;
+}
+// ---------------------------------------------------------------------------
+// Browser process cleanup
+// ---------------------------------------------------------------------------
+async function terminateBrowserProcess(child) {
+    if (child.exitCode !== null)
+        return;
+    // W-08: On macOS/Linux Chrome is spawned with detached:true, so child.kill()
+    // only signals the direct process. Send to the whole process group (-pid) to
+    // ensure renderer sub-processes release the --user-data-dir lock.
+    if (process.platform !== "win32" && child.pid) {
+        try {
+            process.kill(-child.pid, "SIGTERM");
+        }
+        catch {
+            child.kill();
+        }
+    }
+    else {
+        child.kill();
+    }
+    await delay(500);
+    if (child.exitCode === null) {
+        try {
+            if (process.platform !== "win32" && child.pid) {
+                process.kill(-child.pid, "SIGKILL");
+            }
+            else {
+                child.kill("SIGKILL");
+            }
+        }
+        catch {
+            // Already dead — ignore.
+        }
+    }
+}

package/dist/wecom/cache.js

@@ -0,0 +1,119 @@
+// src/wecom/cache.ts
+// Local xlsx/docx/pptx cache keyed by (docId, TOK-hash).
+//
+// Purpose: `wonder read <url> --tab <name>` should not repeat the
+// export_office → poll → download loop when the same document was just
+// exported a minute ago. The export API does not expose a content hash or
+// mtime, so we use a short TTL and the TOK cookie as a coarse freshness
+// signal (if the user re-authenticated, cache is invalidated).
+//
+// Layout:
+//   <cacheDir>/<docId>/<tokHash>.meta.json
+//   <cacheDir>/<docId>/<tokHash>.<ext>        (the actual downloaded file)
+//
+// The meta file records fileName, fileSizeBytes, docType, savedAt, ttlMs.
+// The file itself lives next to meta so we can hand its path back directly.
+import { existsSync, mkdirSync, readdirSync, readFileSync, renameSync, rmSync, writeFileSync, statSync, copyFileSync, } from "node:fs";
+import { createHash } from "node:crypto";
+import { join, extname } from "node:path";
+/** Default cache TTL: 10 minutes. Long enough to cover a `read` followed
+ *  immediately by one or two `--tab` calls, short enough that stale data
+ *  does not accumulate if the user is editing the source document. */
+export const DEFAULT_CACHE_TTL_MS = 10 * 60 * 1000;
+function hashTok(tok) {
+    // Short, filesystem-safe identifier. Not used for auth — only cache keying.
+    return createHash("sha256").update(tok).digest("hex").slice(0, 16);
+}
+function entryPaths(cacheDir, docId, tokHash) {
+    const dir = join(cacheDir, docId);
+    return {
+        dir,
+        metaPath: join(dir, `${tokHash}.meta.json`),
+    };
+}
+export function lookupCachedExport(input) {
+    const tokHash = hashTok(input.tokValue);
+    const { dir, metaPath } = entryPaths(input.cacheDir, input.docId, tokHash);
+    if (!existsSync(metaPath))
+        return null;
+    let meta;
+    try {
+        meta = JSON.parse(readFileSync(metaPath, "utf8"));
+    }
+    catch {
+        return null;
+    }
+    const age = Date.now() - meta.savedAtMs;
+    if (age < 0 || age > input.maxAgeMs)
+        return null;
+    const filePath = join(dir, meta.fileBasename);
+    if (!existsSync(filePath))
+        return null;
+    // Size sanity check — cheap guard against truncated cache
+    try {
+        const st = statSync(filePath);
+        if (st.size !== meta.fileSizeBytes)
+            return null;
+    }
+    catch {
+        return null;
+    }
+    return {
+        filePath,
+        fileName: meta.fileName,
+        fileSizeBytes: meta.fileSizeBytes,
+        docType: meta.docType,
+        savedAtMs: meta.savedAtMs,
+    };
+}
+export function saveExportToCache(input) {
+    const tokHash = hashTok(input.tokValue);
+    const { dir, metaPath } = entryPaths(input.cacheDir, input.docId, tokHash);
+    mkdirSync(dir, { recursive: true });
+    // Copy via the filesystem to avoid loading the entire file into a V8
+    // Buffer — xlsx exports can be hundreds of MB and would double-allocate
+    // (once in the caller, once here) if we went through readFileSync.
+    const ext = extname(input.sourceFilePath) || ".bin";
+    const fileBasename = `${tokHash}${ext}`;
+    const cachedFilePath = join(dir, fileBasename);
+    const tmp = `${cachedFilePath}.tmp`;
+    copyFileSync(input.sourceFilePath, tmp);
+    try {
+        renameSync(tmp, cachedFilePath);
+    }
+    catch (err) {
+        try {
+            rmSync(tmp, { force: true });
+        }
+        catch { /* ignore */ }
+        throw err;
+    }
+    const meta = {
+        fileName: input.fileName,
+        fileSizeBytes: input.fileSizeBytes,
+        docType: input.docType,
+        savedAtMs: Date.now(),
+        fileBasename,
+    };
+    writeFileSync(metaPath, JSON.stringify(meta, null, 2), "utf8");
+    return {
+        filePath: cachedFilePath,
+        fileName: input.fileName,
+        fileSizeBytes: input.fileSizeBytes,
+        docType: input.docType,
+        savedAtMs: meta.savedAtMs,
+    };
+}
+/** Diagnostic helper used by `wonder check` to describe cache state. */
+export function describeCacheDir(cacheDir) {
+    if (!existsSync(cacheDir))
+        return { exists: false, entries: 0 };
+    try {
+        const subdirs = readdirSync(cacheDir, { withFileTypes: true })
+            .filter((d) => d.isDirectory());
+        return { exists: true, entries: subdirs.length };
+    }
+    catch {
+        return { exists: true, entries: 0 };
+    }
+}

package/dist/wecom/cookies.js

@@ -0,0 +1,151 @@
+// src/wecom/cookies.ts
+// Cookie persistence: load / save / validate / status / parseCookieInput.
+// Storage: ~/.wonder/cookies.json  (atomic write via tmp+rename, chmod 600)
+import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, rmSync, writeFileSync, } from "node:fs";
+import { dirname } from "node:path";
+// ---------------------------------------------------------------------------
+// Atomic write helper
+// ---------------------------------------------------------------------------
+function writeCookiesAtomic(cookiesPath, cookies) {
+    mkdirSync(dirname(cookiesPath), { recursive: true });
+    const tmp = `${cookiesPath}.tmp`;
+    writeFileSync(tmp, JSON.stringify(cookies, null, 2), {
+        encoding: "utf8",
+        mode: 0o600,
+    });
+    // W-09: clean up the tmp file if rename fails (e.g. cross-device EXDEV or
+    // permission error) to avoid leaving plaintext cookies on disk.
+    try {
+        renameSync(tmp, cookiesPath);
+    }
+    catch (err) {
+        try {
+            rmSync(tmp, { force: true });
+        }
+        catch { /* ignore secondary error */ }
+        throw err;
+    }
+    try {
+        chmodSync(cookiesPath, 0o600);
+    }
+    catch {
+        // chmod failure is expected on Windows; do not interrupt the flow.
+    }
+}
+// ---------------------------------------------------------------------------
+// load / save / remove
+// ---------------------------------------------------------------------------
+export function loadCookies(cookiesPath) {
+    if (!existsSync(cookiesPath))
+        return null;
+    try {
+        const raw = JSON.parse(readFileSync(cookiesPath, "utf8"));
+        if (typeof raw === "object" &&
+            raw !== null &&
+            !Array.isArray(raw)) {
+            return raw;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+export function saveCookies(cookiesPath, cookies) {
+    writeCookiesAtomic(cookiesPath, cookies);
+}
+export function removeCookies(cookiesPath) {
+    rmSync(cookiesPath, { force: true });
+}
+// ---------------------------------------------------------------------------
+// Live validation (HTTP probe)
+// ---------------------------------------------------------------------------
+/**
+ * Probe a real WeCom API endpoint to confirm cookies are still valid.
+ *
+ * - HTTP 200 or 400 ("operation not found") → cookies valid
+ * - HTTP 401 or 403 → cookies expired
+ * - Network error → conservatively return true (avoid false "expired" on offline)
+ */
+export async function validateCookies(cookies) {
+    // W-02: strip `;` and `\n` from cookie values to prevent header injection.
+    const cookieHeader = Object.entries(cookies)
+        .map(([k, v]) => `${k}=${String(v).replace(/[;\n]/g, "")}`)
+        .join("; ");
+    const tok = cookies["TOK"] ?? "";
+    try {
+        const res = await fetch(`https://doc.weixin.qq.com/v1/export/query_progress?operationId=PROBE_VALIDITY_CHECK&xsrf=${encodeURIComponent(tok)}`, { headers: { Cookie: cookieHeader } });
+        return res.status !== 401 && res.status !== 403;
+    }
+    catch {
+        // Network error: conservatively treat as valid.
+        return true;
+    }
+}
+// ---------------------------------------------------------------------------
+// Status
+// ---------------------------------------------------------------------------
+export async function getCookieStatus(cookiesPath) {
+    const cookies = loadCookies(cookiesPath);
+    if (!cookies) {
+        return { exists: false, valid: null, path: cookiesPath, error: null };
+    }
+    try {
+        const valid = await validateCookies(cookies);
+        return { exists: true, valid, path: cookiesPath, error: null };
+    }
+    catch (err) {
+        return {
+            exists: true,
+            valid: null,
+            path: cookiesPath,
+            error: String(err),
+        };
+    }
+}
+// ---------------------------------------------------------------------------
+// parseCookieInput (for wonder wecom set-cookie)
+// ---------------------------------------------------------------------------
+/**
+ * Parse a cookie string in one of two formats:
+ *
+ *   Format A — JSON object:
+ *     '{"TOK":"xxx","wedrive_sid":"yyy"}'
+ *
+ *   Format B — HTTP Cookie header:
+ *     'TOK=xxx; wedrive_sid=yyy; uid=zzz'
+ *
+ * Returns null if the input is empty or cannot be parsed.
+ */
+export function parseCookieInput(input) {
+    const trimmed = input.trim();
+    if (!trimmed)
+        return null;
+    // Try JSON first
+    if (trimmed.startsWith("{")) {
+        try {
+            const obj = JSON.parse(trimmed);
+            if (typeof obj === "object" && obj !== null && !Array.isArray(obj)) {
+                return obj;
+            }
+        }
+        catch {
+            // Fall through to cookie-header parse.
+        }
+    }
+    // Try "key=value; key2=value2" format
+    const pairs = trimmed
+        .split(";")
+        .map((p) => p.trim())
+        .filter(Boolean);
+    const result = {};
+    for (const pair of pairs) {
+        const eqIdx = pair.indexOf("=");
+        if (eqIdx < 1)
+            return null; // malformed
+        const key = pair.slice(0, eqIdx).trim();
+        const value = pair.slice(eqIdx + 1).trim();
+        result[key] = value;
+    }
+    return Object.keys(result).length > 0 ? result : null;
+}