codex-auth-automation 0.1.0

package/src/automation.ts

@@ -0,0 +1,129 @@
+import { GmailReader, GmailReaderError } from './gmail-reader.js';
+import { OAuthFlowError, fullBrowserFlow } from './oauth-flow.js';
+import { TokenStore, TokenStoreError } from './token-store.js';
+
+export interface AutomationConfig {
+  gmailAddr: string;
+  gmailAppPassword: string;
+  storePath?: string;
+  headless?: boolean;
+}
+
+export class CodexAuthAutomation {
+  private gmail: GmailReader;
+  private store: TokenStore;
+  private headless: boolean;
+  private aliasCounter = 0;
+
+  constructor(config: AutomationConfig) {
+    this.gmail = new GmailReader({ email: config.gmailAddr, appPassword: config.gmailAppPassword });
+    this.store = new TokenStore(config.storePath);
+    this.headless = config.headless ?? true;
+  }
+
+  private nextAlias(): string {
+    this.aliasCounter += 1;
+    const [base, domain] = this.gmail.email.split('@');
+    return `${base}+codex${this.aliasCounter}@${domain}`;
+  }
+
+  async createAccount(alias?: string): Promise<{ email: string; index: number; tokens: Record<string, unknown> } | null> {
+    const targetAlias = alias || this.nextAlias();
+
+    console.log(`[Create] Using alias: ${targetAlias}`);
+    console.log('[Create] Waiting for OpenAI verification email (up to 90s)...');
+
+    let otpCode: string | null;
+    try {
+      otpCode = await this.gmail.searchForCode(targetAlias, 90000, 3000);
+    } catch (err) {
+      console.log(`[Create] Gmail error: ${err instanceof Error ? err.message : String(err)}`);
+      return null;
+    }
+
+    if (!otpCode) {
+      console.log('[Create] No verification code found in Gmail');
+      return null;
+    }
+
+    console.log(`[Create] Got OTP code: ${otpCode}`);
+    console.log('[Create] Starting browser OAuth flow...');
+
+    let tokens: Record<string, unknown>;
+    try {
+      tokens = await fullBrowserFlow(targetAlias, otpCode, this.headless);
+    } catch (err) {
+      console.log(`[Create] OAuth flow failed: ${err instanceof Error ? err.message : String(err)}`);
+      return null;
+    }
+
+    let idx: number;
+    try {
+      idx = this.store.addAccount(tokens, targetAlias);
+      console.log(`[Create] Account saved at index ${idx}: ${targetAlias}`);
+    } catch (err) {
+      console.log(`[Create] Store error: ${err instanceof Error ? err.message : String(err)}`);
+      return null;
+    }
+
+    return { email: targetAlias, index: idx, tokens };
+  }
+
+  status(): void {
+    const accounts = this.store.listAccounts();
+    if (!accounts.length) {
+      console.log('No accounts in store.');
+      return;
+    }
+
+    console.log('\n' + '='.repeat(60));
+    console.log(`  Accounts (${accounts.length} total)`);
+    console.log('='.repeat(60));
+
+    const nowMs = Date.now();
+    const activeIdx = this.store.getActiveAccount()?.index ?? 0;
+
+    for (const acc of accounts) {
+      const marker = acc.index === activeIdx ? '>>>' : '   ';
+      let status = 'OK';
+      if (acc.authInvalid) status = 'AUTH INVALID';
+      else if (!acc.enabled) status = 'DISABLED';
+      else if (acc.expiresAt < nowMs) status = 'EXPIRED';
+
+      let expiryStr = '';
+      if (acc.expiresAt) {
+        const expDt = new Date(acc.expiresAt);
+        expiryStr = ` (exp: ${expDt.toISOString().replace('T', ' ').slice(0, 16)} UTC)`;
+      }
+
+      console.log(`  ${marker} [${acc.index}] ${acc.email}`);
+      console.log(`       Status: ${status}${expiryStr} | Usage: ${acc.usageCount}`);
+    }
+
+    console.log('='.repeat(60) + '\n');
+  }
+
+  rotate(): void {
+    const accounts = this.store.listAccounts();
+    if (!accounts.length) {
+      console.log('No accounts to rotate to.');
+      return;
+    }
+
+    const current = this.store.getActiveAccount()?.index ?? 0;
+    const nextIdx = (current + 1) % accounts.length;
+
+    this.store.setActive(nextIdx);
+    const acc = this.store.getAccount(nextIdx);
+    if (acc) {
+      console.log(`Rotated to account #${nextIdx}: ${acc.email}`);
+    } else {
+      console.log(`Rotated to account #${nextIdx}`);
+    }
+  }
+
+  clean(): void {
+    const removed = this.store.cleanInvalid();
+    console.log(`Removed ${removed} invalid/expired accounts.`);
+  }
+}

package/src/cli.ts

@@ -0,0 +1,181 @@
+#!/usr/bin/env node
+
+import { Command } from 'commander';
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { CodexAuthAutomation } from './automation.js';
+
+const CONFIG_FILE = path.join(os.homedir(), '.config', 'codex-auth', 'config.json');
+
+interface Config {
+  gmail: string;
+  gmail_app_password: string;
+  headless: boolean;
+}
+
+function loadConfig(): Config {
+  if (fs.existsSync(CONFIG_FILE)) {
+    return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8'));
+  }
+  return { gmail: '', gmail_app_password: '', headless: true };
+}
+
+function saveConfig(config: Config): void {
+  fs.mkdirSync(path.dirname(CONFIG_FILE), { recursive: true });
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
+}
+
+async function cmdCreate(config: Config, alias?: string) {
+  if (!config.gmail || !config.gmail_app_password) {
+    console.error('Error: Gmail credentials not configured.');
+    console.error('Run: codex-auth config --set gmail your@email.com');
+    console.error('Run: codex-auth config --set gmail_app_password YOUR_APP_PASSWORD');
+    process.exit(1);
+  }
+
+  const app = new CodexAuthAutomation({
+    gmailAddr: config.gmail,
+    gmailAppPassword: config.gmail_app_password,
+    headless: config.headless,
+  });
+
+  const result = await app.createAccount(alias);
+  if (result) {
+    console.log(`\nSuccess! Account created: ${result.email}`);
+  } else {
+    console.error('\nFailed to create account.');
+    process.exit(1);
+  }
+}
+
+function cmdStatus(config: Config) {
+  const app = new CodexAuthAutomation({
+    gmailAddr: config.gmail,
+    gmailAppPassword: config.gmail_app_password,
+  });
+  app.status();
+}
+
+function cmdRotate(config: Config) {
+  const app = new CodexAuthAutomation({
+    gmailAddr: config.gmail,
+    gmailAppPassword: config.gmail_app_password,
+  });
+  app.rotate();
+}
+
+function cmdClean(config: Config) {
+  const app = new CodexAuthAutomation({
+    gmailAddr: config.gmail,
+    gmailAppPassword: config.gmail_app_password,
+  });
+  app.clean();
+}
+
+function cmdSetup(config: Config) {
+  const readline = require('readline').createInterface({
+    input: process.stdin,
+    output: process.stdout,
+  });
+
+  const question = (prompt: string): Promise<string> =>
+    new Promise((resolve) => readline.question(prompt, resolve));
+
+  (async () => {
+    console.log('codex-auth setup');
+    console.log('='.repeat(40));
+
+    const gmail = await question('Gmail address: ');
+    const appPw = await question('Gmail App Password: ');
+    const headlessInput = await question('Headless mode? (Y/n): ');
+    const headless = headlessInput.trim().toLowerCase() !== 'n';
+
+    config.gmail = gmail.trim();
+    config.gmail_app_password = appPw.trim();
+    config.headless = headless;
+    saveConfig(config);
+
+    console.log(`\nConfig saved to ${CONFIG_FILE}`);
+    console.log("Run 'codex-auth create' to create your first account.");
+    readline.close();
+  })();
+}
+
+function cmdConfig(config: Config, key?: string, value?: string) {
+  if (key && value !== undefined) {
+    let parsed: string | boolean = value;
+    if (key === 'headless') {
+      parsed = ['true', '1', 'yes'].includes(value.toLowerCase());
+    }
+    (config as unknown as Record<string, unknown>)[key] = parsed;
+    saveConfig(config);
+    console.log(`Set ${key} = ${parsed}`);
+  } else {
+    console.log(JSON.stringify(config, null, 2));
+  }
+}
+
+const program = new Command();
+
+program
+  .name('codex-auth')
+  .description('Automated OpenAI/Codex account creation with Gmail aliases')
+  .version('0.1.0');
+
+program
+  .command('create')
+  .description('Create a new Codex account')
+  .option('--alias <alias>', 'Specific alias (e.g. you+custom@gmail.com)')
+  .action((opts) => {
+    const config = loadConfig();
+    cmdCreate(config, opts.alias);
+  });
+
+program
+  .command('status')
+  .description('Show all accounts')
+  .action(() => {
+    const config = loadConfig();
+    cmdStatus(config);
+  });
+
+program
+  .command('rotate')
+  .description('Rotate to next account')
+  .action(() => {
+    const config = loadConfig();
+    cmdRotate(config);
+  });
+
+program
+  .command('clean')
+  .description('Remove invalid/expired accounts')
+  .action(() => {
+    const config = loadConfig();
+    cmdClean(config);
+  });
+
+program
+  .command('setup')
+  .description('Interactive setup wizard')
+  .action(() => {
+    const config = loadConfig();
+    cmdSetup(config);
+  });
+
+program
+  .command('config')
+  .description('View or set config')
+  .option('--set <key> <value>', 'Set config value')
+  .action((opts) => {
+    const config = loadConfig();
+    if (opts.set) {
+      const [key, value] = opts.set.split(' ');
+      cmdConfig(config, key, value);
+    } else {
+      cmdConfig(config);
+    }
+  });
+
+program.parse();

package/src/gmail-reader.ts

@@ -0,0 +1,205 @@
+import Imap from 'imap';
+import { simpleParser } from 'mailparser';
+import { Readable } from 'stream';
+
+export class GmailReaderError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'GmailReaderError';
+  }
+}
+
+export interface GmailConfig {
+  email: string;
+  appPassword: string;
+}
+
+export class GmailReader {
+  readonly email: string;
+  private appPassword: string;
+  private conn: Imap | null = null;
+
+  private static CODE_PATTERNS = [
+    /verification code[:\s]+(\d{6})/i,
+    /your code is[:\s]*(\d{6})/i,
+    /enter this code[:\s]+(\d{6})/i,
+    /your verification code is (\d{6})/i,
+    /code[:\s]+(\d{6})/i,
+    /\b(\d{6})\b/,
+  ];
+
+  constructor(config: GmailConfig) {
+    this.email = config.email;
+    this.appPassword = config.appPassword;
+  }
+
+  connect(): Promise<Imap> {
+    return new Promise((resolve, reject) => {
+      const conn = new Imap({
+        user: this.email,
+        password: this.appPassword.replace(/\s/g, ''),
+        host: 'imap.gmail.com',
+        port: 993,
+        tls: true,
+        tlsOptions: { rejectUnauthorized: true },
+      });
+
+      conn.once('ready', () => {
+        this.conn = conn;
+        resolve(conn);
+      });
+
+      conn.once('error', (err) => {
+        reject(new GmailReaderError(`IMAP login failed: ${err.message}`));
+      });
+
+      conn.connect();
+    });
+  }
+
+  private async ensureConnected(): Promise<Imap> {
+    if (!this.conn) {
+      return this.connect();
+    }
+    return this.conn;
+  }
+
+  async searchForCode(
+    alias: string,
+    timeout = 60000,
+    pollInterval = 3000,
+  ): Promise<string | null> {
+    const conn = await this.ensureConnected();
+    const deadline = Date.now() + timeout;
+    const seenUids = new Set<string>();
+
+    while (Date.now() < deadline) {
+      try {
+        const messages = await this.searchImap(conn, seenUids);
+        for (const msg of messages) {
+          if (seenUids.has(msg.uid)) continue;
+          seenUids.add(msg.uid);
+
+          const body = await this.fetchMessageBody(conn, msg.uid);
+          const code = this.extractCode(body);
+          if (code) return code;
+        }
+      } catch {
+        // transient error, keep polling
+      }
+
+      const remaining = deadline - Date.now();
+      if (remaining <= 0) break;
+      await this.sleep(Math.min(pollInterval, remaining));
+    }
+
+    return null;
+  }
+
+  async getLatestCode(): Promise<{ code: string; recipient: string } | null> {
+    const conn = await this.ensureConnected();
+
+    return new Promise((resolve, reject) => {
+      conn.openBox('INBOX', true, (err) => {
+        if (err) return reject(new GmailReaderError(`Failed to open inbox: ${err.message}`));
+
+        conn.search(['OR', ['FROM', 'auth.openai.com'], ['FROM', 'openai.com']], (err, results) => {
+          if (err || !results || results.length === 0) return resolve(null);
+
+          const uids = results.slice(-10);
+          const fetch = conn.fetch(uids, { bodies: '' });
+
+          fetch.on('message', (msg) => {
+            msg.on('body', (stream) => {
+              simpleParser(Readable.from(stream))
+                .then((parsed) => {
+                  const body = parsed.text || parsed.html || '';
+                  const code = this.extractCode(String(body));
+                  if (code) {
+                    const toText = parsed.to
+                      ? (Array.isArray(parsed.to) ? parsed.to[0]?.text : parsed.to.text)
+                      : '';
+                    resolve({ code, recipient: String(toText || '') });
+                  }
+                })
+                .catch(() => {});
+            });
+          });
+
+          fetch.once('error', reject);
+          fetch.once('end', () => resolve(null));
+        });
+      });
+    });
+  }
+
+  close(): void {
+    if (this.conn) {
+      try { this.conn.end(); } catch { }
+      this.conn = null;
+    }
+  }
+
+  private searchImap(
+    conn: Imap,
+    seenUids: Set<string>,
+  ): Promise<{ uid: string }[]> {
+    return new Promise((resolve, reject) => {
+      conn.openBox('INBOX', true, (err) => {
+        if (err) return reject(new GmailReaderError(`Failed to open inbox: ${err.message}`));
+
+        conn.search(['OR', ['FROM', 'auth.openai.com'], ['FROM', 'openai.com']], (err, results) => {
+          if (err) return reject(new GmailReaderError(`Search failed: ${err.message}`));
+          if (!results || results.length === 0) return resolve([]);
+
+          resolve(
+            results.map((uid) => ({ uid: String(uid) })).filter((m) => !seenUids.has(m.uid)),
+          );
+        });
+      });
+    });
+  }
+
+  private fetchMessageBody(conn: Imap, uid: string): Promise<string> {
+    return new Promise((resolve, reject) => {
+      const fetch = conn.fetch(uid, { bodies: '' });
+
+      fetch.on('message', (msg) => {
+        msg.on('body', (stream) => {
+          simpleParser(Readable.from(stream))
+            .then((parsed) => {
+              resolve(String(parsed.text || parsed.html || ''));
+            })
+            .catch(reject);
+        });
+        msg.once('error', reject);
+      });
+
+      fetch.once('error', reject);
+      fetch.once('end', () => resolve(''));
+    });
+  }
+
+  private extractCode(content: string): string | null {
+    if (!content) return null;
+
+    for (const pattern of GmailReader.CODE_PATTERNS) {
+      const match = pattern.exec(content);
+      if (match && !match[1].startsWith('20')) {
+        return match[1];
+      }
+    }
+
+    const allCodes = content.match(/\b(\d{6})\b/g);
+    if (allCodes) {
+      const valid = allCodes.filter((c) => !c.startsWith('20'));
+      if (valid.length > 0) return valid[valid.length - 1];
+    }
+
+    return null;
+  }
+
+  private sleep(ms: number): Promise<void> {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+}

package/src/index.ts

@@ -0,0 +1,4 @@
+export { GmailReader, GmailReaderError } from './gmail-reader.js';
+export { OAuthFlowError, fullBrowserFlow, browserSignup } from './oauth-flow.js';
+export { TokenStore, TokenStoreError } from './token-store.js';
+export { CodexAuthAutomation } from './automation.js';