@share-crm/sharecrm-cli 1.1.0

package/dist/core/http/apiClient.js

@@ -0,0 +1,320 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiClient = void 0;
+const node_crypto_1 = require("node:crypto");
+const tokenManager_1 = require("../auth/tokenManager");
+const configStore_1 = require("../state/configStore");
+const sessionStore_1 = require("../state/sessionStore");
+const errors_1 = require("../output/errors");
+const runtimeDebug_1 = require("../debug/runtimeDebug");
+const debugOutput_1 = require("../debug/debugOutput");
+const env_1 = require("../../shared/env");
+const locale_1 = require("../config/locale");
+class ApiClient {
+    configStore;
+    constructor(configStore = new configStore_1.ConfigStore()) {
+        this.configStore = configStore;
+    }
+    async _fetch(input, init) {
+        const urlStr = input instanceof URL ? input.toString() : input;
+        if ((0, runtimeDebug_1.isDebugEnabled)()) {
+            (0, debugOutput_1.writeDebugRequest)({ url: urlStr, method: String(init.method ?? 'GET'), headers: (init.headers ?? {}), body: init.body });
+        }
+        let response;
+        try {
+            response = await fetch(input, init);
+        }
+        catch (err) {
+            if ((0, runtimeDebug_1.isDebugEnabled)()) {
+                (0, debugOutput_1.writeDebugException)({ name: err.name, message: err.message, stack: err.stack });
+            }
+            throw err;
+        }
+        let bodyText;
+        try {
+            bodyText = await response.text();
+        }
+        catch (err) {
+            if ((0, runtimeDebug_1.isDebugEnabled)()) {
+                (0, debugOutput_1.writeDebugException)({ name: err.name, message: err.message, stack: err.stack });
+            }
+            throw err;
+        }
+        if ((0, runtimeDebug_1.isDebugEnabled)()) {
+            try {
+                const parsed = JSON.parse(bodyText);
+                (0, debugOutput_1.writeDebugResponse)({
+                    url: urlStr,
+                    status: response.status,
+                    statusText: response.statusText,
+                    headers: {},
+                    body: parsed,
+                });
+            }
+            catch (err) {
+                (0, debugOutput_1.writeDebugException)({ name: err.name, message: err.message, stack: err.stack });
+            }
+        }
+        return { bodyText, status: response.status, statusText: response.statusText, url: urlStr };
+    }
+    async request(options) {
+        const environment = await (0, env_1.resolveEnvironment)();
+        if (!environment.authBaseUrl) {
+            throw new errors_1.CliError('FS_CLI_AUTH_BASE_URL is required for auth API requests.', 1);
+        }
+        if (!environment.authBaseUrl.startsWith('https://')) {
+            throw new errors_1.CliError('FS_CLI_AUTH_BASE_URL 必须使用 HTTPS 协议。', 1);
+        }
+        const config = await this.configStore.initialize();
+        const locale = config.locale ?? environment.locale;
+        const { bodyText, status, statusText, url: requestUrl } = await this._fetch(new URL(options.path, environment.authBaseUrl), {
+            method: options.method ?? 'POST',
+            headers: {
+                'content-type': 'application/json',
+                'X-fs-cli-id': config.cliId,
+                'X-fs-cli-version': config.cliVersion,
+                'X-fs-source': 'cli',
+                'Accept-Language': locale,
+                'X-FS-Locale': locale,
+                ...(options.headers ?? {}),
+            },
+            body: options.body === undefined ? undefined : JSON.stringify(options.body),
+        });
+        let payload;
+        try {
+            payload = JSON.parse(bodyText);
+        }
+        catch {
+            const err = new errors_1.CliError('Failed to parse auth API response as JSON.', 1, {
+                url: requestUrl,
+                status,
+                statusText,
+                path: options.path,
+                responsePreview: bodyText.slice(0, 500),
+            });
+            if ((0, runtimeDebug_1.isDebugEnabled)()) {
+                (0, debugOutput_1.writeDebugException)({ name: err.name, message: err.message, exitCode: err.exitCode, details: err.details });
+            }
+            throw err;
+        }
+        if (payload.errorCode !== 0) {
+            const err = new errors_1.ApiResponseCliError(payload.errorMessage, payload.errorCode, {
+                traceId: payload.traceId,
+                path: options.path,
+            });
+            if ((0, runtimeDebug_1.isDebugEnabled)()) {
+                (0, debugOutput_1.writeDebugException)({ name: err.name, message: err.message, exitCode: err.exitCode, errorCode: err.errorCode, details: err.details });
+            }
+            throw err;
+        }
+        return payload;
+    }
+    async requestDeviceCode() {
+        return this.request({ path: '/oauth2.0/device/code' });
+    }
+    async requestDeviceToken(deviceCode) {
+        return this.request({
+            path: '/oauth2.0/deviceToken',
+            body: { deviceCode },
+        });
+    }
+    async refreshToken(refreshToken, appId) {
+        return this.request({
+            path: '/oauth2.0/token',
+            body: {
+                appId,
+                grantType: 'refresh_token',
+                refreshToken,
+            },
+        });
+    }
+    async fetchCommandManifest(session, commandKey) {
+        const current = await this.ensureValidSession(session);
+        return this.withAuthRetry(current, (s) => this.fetchCommandManifestOnce(s, commandKey));
+    }
+    async executeRemoteCommand(session, commandKey, argumentsPayload) {
+        const current = await this.ensureValidSession(session);
+        return this.withAuthRetry(current, (s) => this.executeRemoteCommandOnce(s, commandKey, argumentsPayload));
+    }
+    async ensureValidSession(session) {
+        const tm = new tokenManager_1.TokenManager();
+        if (!tm.shouldRefresh(session)) {
+            return session;
+        }
+        if (!session.refreshToken || !session.appId) {
+            return session;
+        }
+        try {
+            const refreshed = await tm.refreshSession(session);
+            if (refreshed.accessToken === session.accessToken) {
+                return session;
+            }
+            return refreshed;
+        }
+        catch (error) {
+            if (error instanceof tokenManager_1.SessionRefreshPersistenceError && error.session.accessToken !== session.accessToken) {
+                return error.session;
+            }
+            return session;
+        }
+    }
+    async fetchCommandManifestOnce(session, commandKey) {
+        const url = await this.createCommandUrl(session, '/api/v1/commands/manifest');
+        if (commandKey) {
+            url.searchParams.set('commandKey', commandKey);
+        }
+        const headers = await this.buildCommandHeaders(session);
+        const { bodyText, status, statusText, url: requestUrl } = await this._fetch(url, {
+            method: 'GET',
+            headers,
+        });
+        let payload;
+        try {
+            payload = JSON.parse(bodyText);
+        }
+        catch {
+            const err = new errors_1.CliError('Failed to parse command manifest response as JSON.', 1, {
+                url: requestUrl,
+                status,
+                statusText,
+                commandKey,
+                responsePreview: bodyText.slice(0, 500),
+            });
+            if ((0, runtimeDebug_1.isDebugEnabled)()) {
+                (0, debugOutput_1.writeDebugException)({ name: err.name, message: err.message, exitCode: err.exitCode, details: err.details });
+            }
+            throw err;
+        }
+        if (payload.resultCode !== 'SUCCESS') {
+            const err = new errors_1.CliError('Failed to fetch command manifest.', 1, {
+                traceId: payload.traceId,
+                commandKey,
+                resultCode: payload.resultCode,
+                remoteError: payload.data,
+            });
+            if ((0, runtimeDebug_1.isDebugEnabled)()) {
+                (0, debugOutput_1.writeDebugException)({ name: err.name, message: err.message, exitCode: err.exitCode, details: err.details });
+            }
+            throw err;
+        }
+        return payload.data;
+    }
+    async executeRemoteCommandOnce(session, commandKey, argumentsPayload) {
+        const headers = await this.buildCommandHeaders(session);
+        const { bodyText, status, statusText, url: requestUrl } = await this._fetch(await this.createCommandUrl(session, '/api/v1/commands/execute'), {
+            method: 'POST',
+            headers,
+            body: JSON.stringify({
+                commandKey,
+                arguments: argumentsPayload,
+            }),
+        });
+        let payload;
+        try {
+            payload = JSON.parse(bodyText);
+        }
+        catch {
+            const err = new errors_1.CliError('Failed to parse remote command response as JSON.', 1, {
+                url: requestUrl,
+                status,
+                statusText,
+                commandKey,
+                responsePreview: bodyText.slice(0, 500),
+            });
+            if ((0, runtimeDebug_1.isDebugEnabled)()) {
+                (0, debugOutput_1.writeDebugException)({ name: err.name, message: err.message, exitCode: err.exitCode, details: err.details });
+            }
+            throw err;
+        }
+        if (payload.resultCode !== 'SUCCESS') {
+            const err = new errors_1.CliError('Failed to execute remote command.', 1, {
+                traceId: payload.traceId,
+                commandKey,
+                resultCode: payload.resultCode,
+                remoteError: payload.data,
+            });
+            if ((0, runtimeDebug_1.isDebugEnabled)()) {
+                (0, debugOutput_1.writeDebugException)({ name: err.name, message: err.message, exitCode: err.exitCode, details: err.details });
+            }
+            throw err;
+        }
+        return payload.data;
+    }
+    async withAuthRetry(session, request) {
+        try {
+            return await request(session);
+        }
+        catch (error) {
+            if (!this.isAuthFailError(error)) {
+                throw error;
+            }
+            if (!session.refreshToken || !session.appId) {
+                await this.clearStoredSession();
+                throw new errors_1.LoginExpiredCliError();
+            }
+            let refreshedSession;
+            try {
+                refreshedSession = await new tokenManager_1.TokenManager().refreshSession(session);
+            }
+            catch (error) {
+                if (error instanceof tokenManager_1.SessionRefreshPersistenceError && error.session.accessToken !== session.accessToken) {
+                    refreshedSession = error.session;
+                }
+                else {
+                    await this.clearStoredSession();
+                    throw new errors_1.LoginExpiredCliError();
+                }
+            }
+            if (refreshedSession.accessToken === session.accessToken) {
+                await this.clearStoredSession();
+                throw new errors_1.LoginExpiredCliError();
+            }
+            try {
+                return await request(refreshedSession);
+            }
+            catch (retryError) {
+                if (!this.isAuthFailError(retryError)) {
+                    throw retryError;
+                }
+                await this.clearStoredSession();
+                throw new errors_1.LoginExpiredCliError();
+            }
+        }
+    }
+    async clearStoredSession() {
+        try {
+            await new sessionStore_1.SessionStore().clear();
+        }
+        catch {
+            // Ignore storage cleanup failure and still surface login expiration.
+        }
+    }
+    isAuthFailError(error) {
+        return error instanceof errors_1.CliError && error.details?.resultCode === 'AUTH_FAIL';
+    }
+    async createCommandUrl(session, path) {
+        const baseUrl = session.apiUrl ?? (await (0, env_1.resolveEnvironment)()).apiBaseUrl;
+        if (!baseUrl) {
+            throw new errors_1.CliError('Current session is missing apiUrl.', 1);
+        }
+        if (!baseUrl.startsWith('https://')) {
+            throw new errors_1.CliError('API 地址必须使用 HTTPS 协议。', 1);
+        }
+        return new URL(path.replace(/^\//, ''), baseUrl);
+    }
+    async buildCommandHeaders(session) {
+        const config = await this.configStore.initialize();
+        const locale = config.locale ?? locale_1.DEFAULT_LOCALE;
+        return {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${session.accessToken}`,
+            'X-CLI-Id': config.cliId,
+            'X-CLI-Version': config.cliVersion,
+            'Accept-Language': locale,
+            'X-FS-Locale': locale,
+            'X-Request-Id': (0, node_crypto_1.randomUUID)(),
+            'X-Caller-Type': 'cli',
+        };
+    }
+}
+exports.ApiClient = ApiClient;

package/dist/core/http/requestTypes.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/core/output/errors.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiResponseCliError = exports.LoginExpiredCliError = exports.AuthenticationRequiredCliError = exports.NotImplementedCliError = exports.CliError = void 0;
+class CliError extends Error {
+    exitCode;
+    details;
+    constructor(message, exitCode = 1, details) {
+        super(message);
+        this.name = 'CliError';
+        this.exitCode = exitCode;
+        this.details = details;
+    }
+}
+exports.CliError = CliError;
+class NotImplementedCliError extends CliError {
+    constructor(feature) {
+        super(`${feature} is not implemented yet.`, 2, { feature });
+        this.name = 'NotImplementedCliError';
+    }
+}
+exports.NotImplementedCliError = NotImplementedCliError;
+class AuthenticationRequiredCliError extends CliError {
+    constructor() {
+        super('You must login before executing remote commands.\nsharecrm auth login', 1);
+        this.name = 'AuthenticationRequiredCliError';
+    }
+}
+exports.AuthenticationRequiredCliError = AuthenticationRequiredCliError;
+class LoginExpiredCliError extends CliError {
+    constructor() {
+        super('\n提示：登录状态已失效，请重新登录授权。\n执行命令：sharecrm auth login', 1);
+        this.name = 'LoginExpiredCliError';
+    }
+}
+exports.LoginExpiredCliError = LoginExpiredCliError;
+class ApiResponseCliError extends CliError {
+    errorCode;
+    constructor(message, errorCode, details) {
+        super(message, 1, details);
+        this.name = 'ApiResponseCliError';
+        this.errorCode = errorCode;
+    }
+}
+exports.ApiResponseCliError = ApiResponseCliError;

package/dist/core/output/stderr.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writeStderr = writeStderr;
+function writeStderr(message) {
+    process.stderr.write(`${message}\n`);
+}

package/dist/core/output/stdout.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writeStdout = writeStdout;
+function writeStdout(message) {
+    process.stdout.write(`${message}\n`);
+}

package/dist/core/state/authSessionStore.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthSessionStore = void 0;
+const legacySessionMigration_1 = require("./legacySessionMigration");
+const fileLock_1 = require("./fileLock");
+const secretStore_1 = require("./secretStore");
+const sessionMetaStore_1 = require("./sessionMetaStore");
+class AuthSessionStore {
+    metaStore;
+    secretStore;
+    constructor(metaStore = new sessionMetaStore_1.SessionMetaStore(), secretStore = (0, secretStore_1.createSecretStore)()) {
+        this.metaStore = metaStore;
+        this.secretStore = secretStore;
+    }
+    async load() {
+        return (0, fileLock_1.withSessionLock)(async () => {
+            await (0, legacySessionMigration_1.migrateLegacySessionIfNeeded)(this.metaStore, this.secretStore);
+            const config = await this.metaStore.load();
+            const meta = config?.session;
+            if (!meta?.appId || !meta.userId) {
+                return null;
+            }
+            const secret = (0, legacySessionMigration_1.parseStoredSecretRecord)(await this.secretStore.get((0, legacySessionMigration_1.toSessionAccountKey)(meta.appId, meta.userId)));
+            if (!secret) {
+                return null;
+            }
+            return {
+                ...meta,
+                accessToken: secret.accessToken,
+                refreshToken: secret.refreshToken,
+            };
+        });
+    }
+    async save(session) {
+        await (0, fileLock_1.withSessionLock)(async () => {
+            await (0, legacySessionMigration_1.migrateLegacySessionIfNeeded)(this.metaStore, this.secretStore);
+            const previousMeta = (await this.metaStore.load())?.session;
+            const previousAccount = previousMeta?.appId && previousMeta.userId
+                ? (0, legacySessionMigration_1.toSessionAccountKey)(previousMeta.appId, previousMeta.userId)
+                : null;
+            if (!session.appId || !session.userId) {
+                const previousSecret = previousAccount
+                    ? await this.secretStore.get(previousAccount)
+                    : null;
+                await this.metaStore.saveSession(undefined);
+                try {
+                    if (previousAccount) {
+                        await this.secretStore.remove(previousAccount);
+                    }
+                    await (0, legacySessionMigration_1.removeLegacySessionFile)();
+                }
+                catch (error) {
+                    await this.restoreClearedSession(previousMeta, previousAccount, previousSecret, error);
+                }
+                return;
+            }
+            const nextAccount = (0, legacySessionMigration_1.toSessionAccountKey)(session.appId, session.userId);
+            const previousSecretForSameAccount = previousAccount === nextAccount && previousAccount
+                ? await this.secretStore.get(previousAccount)
+                : null;
+            await this.secretStore.set(nextAccount, JSON.stringify((0, legacySessionMigration_1.toStoredSecretRecord)(session)));
+            try {
+                await this.metaStore.saveSession((0, legacySessionMigration_1.toSessionMetaRecord)(session));
+            }
+            catch (error) {
+                if (nextAccount !== previousAccount) {
+                    await this.secretStore.remove(nextAccount).catch(() => { });
+                }
+                else if (previousSecretForSameAccount !== null) {
+                    await this.secretStore.set(nextAccount, previousSecretForSameAccount).catch(() => { });
+                }
+                else {
+                    await this.secretStore.remove(nextAccount).catch(() => { });
+                }
+                throw error;
+            }
+            if (previousAccount && previousAccount !== nextAccount) {
+                await this.secretStore.remove(previousAccount).catch(() => { });
+            }
+            await (0, legacySessionMigration_1.removeLegacySessionFile)();
+        });
+    }
+    async clear() {
+        await (0, fileLock_1.withSessionLock)(async () => {
+            const config = await this.metaStore.load();
+            const previousMeta = config?.session;
+            const previousAccount = previousMeta?.appId && previousMeta.userId
+                ? (0, legacySessionMigration_1.toSessionAccountKey)(previousMeta.appId, previousMeta.userId)
+                : null;
+            const previousSecret = previousAccount
+                ? await this.secretStore.get(previousAccount)
+                : null;
+            await this.metaStore.saveSession(undefined);
+            try {
+                if (previousAccount) {
+                    await this.secretStore.remove(previousAccount);
+                }
+                await (0, legacySessionMigration_1.removeLegacySessionFile)();
+            }
+            catch (error) {
+                await this.restoreClearedSession(previousMeta, previousAccount, previousSecret, error);
+            }
+        });
+    }
+    async restoreClearedSession(previousMeta, previousAccount, previousSecret, error) {
+        const rollbackErrors = [];
+        if (previousMeta) {
+            try {
+                await this.metaStore.saveSession(previousMeta);
+            }
+            catch (restoreError) {
+                rollbackErrors.push(restoreError);
+            }
+        }
+        if (previousAccount && previousSecret !== null) {
+            try {
+                await this.secretStore.set(previousAccount, previousSecret);
+            }
+            catch (restoreError) {
+                rollbackErrors.push(restoreError);
+            }
+        }
+        if (rollbackErrors.length > 0) {
+            throw new AggregateError([error, ...rollbackErrors], 'Failed to restore session after clear failure.');
+        }
+        throw error;
+    }
+}
+exports.AuthSessionStore = AuthSessionStore;

package/dist/core/state/authSessionTypes.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/core/state/configStore.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConfigStore = void 0;
+const promises_1 = require("node:fs/promises");
+const node_crypto_1 = require("node:crypto");
+const constants_1 = require("../../shared/constants");
+const paths_1 = require("./paths");
+class ConfigStore {
+    async load() {
+        try {
+            const content = await (0, promises_1.readFile)((0, paths_1.resolveCliPaths)().configFile, 'utf8');
+            return JSON.parse(content);
+        }
+        catch {
+            return null;
+        }
+    }
+    async initialize() {
+        const paths = (0, paths_1.resolveCliPaths)();
+        await (0, promises_1.mkdir)(paths.rootDir, { recursive: true });
+        await (0, promises_1.chmod)(paths.rootDir, 0o700);
+        const existing = await this.load();
+        if (existing) {
+            return existing;
+        }
+        const record = {
+            cliId: (0, node_crypto_1.randomUUID)(),
+            cliVersion: constants_1.CLI_VERSION,
+        };
+        await (0, promises_1.writeFile)(paths.configFile, JSON.stringify(record, null, 2), 'utf8');
+        await (0, promises_1.chmod)(paths.configFile, 0o600);
+        return record;
+    }
+    async save(record) {
+        const paths = (0, paths_1.resolveCliPaths)();
+        await (0, promises_1.mkdir)(paths.rootDir, { recursive: true });
+        await (0, promises_1.chmod)(paths.rootDir, 0o700);
+        const sanitizedRecord = {
+            cliId: record.cliId,
+            cliVersion: record.cliVersion,
+            locale: record.locale,
+            authBaseUrl: record.authBaseUrl,
+            session: record.session
+                ? {
+                    userId: record.session.userId,
+                    userName: record.session.userName,
+                    appId: record.session.appId,
+                    apiUrl: record.session.apiUrl,
+                    scope: Array.isArray(record.session.scope) ? [...record.session.scope] : [],
+                    grantedAt: record.session.grantedAt,
+                    tokenExpireAt: record.session.tokenExpireAt,
+                    identity: record.session.identity,
+                }
+                : undefined,
+        };
+        const tmpFile = `${paths.configFile}.${process.pid}.${(0, node_crypto_1.randomUUID)()}.tmp`;
+        await (0, promises_1.writeFile)(tmpFile, JSON.stringify(sanitizedRecord, null, 2), {
+            encoding: 'utf8',
+            mode: 0o600,
+            flag: 'wx',
+        });
+        await (0, promises_1.rename)(tmpFile, paths.configFile);
+    }
+}
+exports.ConfigStore = ConfigStore;

package/dist/core/state/fileLock.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.withSessionLock = withSessionLock;
+const promises_1 = require("node:fs/promises");
+const paths_1 = require("./paths");
+const LOCK_RETRY_INTERVAL_MS = 50;
+const LOCK_TIMEOUT_MS = 10_000;
+const STALE_LOCK_MS = 30_000;
+function isProcessAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function tryClearStaleLock(lockFile) {
+    try {
+        const lockStat = await (0, promises_1.stat)(lockFile);
+        if (Date.now() - lockStat.mtimeMs > STALE_LOCK_MS) {
+            await (0, promises_1.unlink)(lockFile).catch(() => { });
+            return;
+        }
+        const content = await (0, promises_1.readFile)(lockFile, 'utf8').catch(() => '');
+        const lockPid = Number(content.trim());
+        if (Number.isInteger(lockPid) && !isProcessAlive(lockPid)) {
+            await (0, promises_1.unlink)(lockFile).catch(() => { });
+        }
+    }
+    catch {
+        // ignore — will retry next iteration
+    }
+}
+async function withSessionLock(fn) {
+    const lockFile = (0, paths_1.resolveCliPaths)().sessionLockFile;
+    const rootDir = (0, paths_1.resolveCliPaths)().rootDir;
+    await (0, promises_1.mkdir)(rootDir, { recursive: true });
+    const deadline = Date.now() + LOCK_TIMEOUT_MS;
+    let locked = false;
+    while (!locked && Date.now() < deadline) {
+        try {
+            await (0, promises_1.writeFile)(lockFile, String(process.pid), {
+                encoding: 'utf8',
+                flag: 'wx',
+            });
+            locked = true;
+        }
+        catch (err) {
+            if (err.code !== 'EEXIST') {
+                throw err;
+            }
+            await tryClearStaleLock(lockFile);
+            await new Promise((resolve) => setTimeout(resolve, LOCK_RETRY_INTERVAL_MS));
+        }
+    }
+    if (!locked) {
+        throw new Error('获取会话文件锁超时，可能存在其他进程正在操作。');
+    }
+    try {
+        return await fn();
+    }
+    finally {
+        await (0, promises_1.unlink)(lockFile).catch(() => { });
+    }
+}