cyymall-cli 0.1.0 → 0.1.2

package/README.md

@@ -1,4 +1,4 @@
-# cyymall-cli (`cyy`)
+# cyymall-cli (`cyy`)
 
 Node.js CLI for CyyMall / 菜洋洋商城 APIs. Spec: [`../app-api-cli-spec.md`](../app-api-cli-spec.md).
 
@@ -25,7 +25,7 @@ Then run `cyy --help`.
 
 1. 在 [npmjs.com](https://www.npmjs.com/) 登录；发布策略若要求 **2FA**，必须先完成账号安全设置。
 2. 本机认证二选一（**不要把 token 写进仓库或发给他人**）：
-   - **`npm login`**（交互式）；或  
+   - **`npm login`**（交互式）；或
    - **`npm config set //registry.npmjs.org/:_authToken=<token>`**（仅本机 `~/.npmrc`，勿提交 Git）。
 3. 在项目目录发布：
 
@@ -55,7 +55,8 @@ npm publish --otp=123456
 
 ```bash
 cyy config path
-cyy auth login --phone <mobile> --password <pwd>
+cyy auth send-code --phone <mobile>
+cyy auth login --phone <mobile> --code <sms>
 cyy auth whoami
 cyy shop list
 cyy shop sites --shop-id <门店ID>
@@ -69,23 +70,26 @@ cyy serve --port 8787
 
 ## Session vs bootstrap env
 
-**After `cyy auth login` succeeds**, the CLI reads the session token from **`data.token`** or **`data.appToken`** (plus optional **`shopId` / `siteId` / `versionCode` / `loginId`→`memberId`** when present) and saves them under **`~/.cyymall/config.json`**. If the API omits `shopId`/`siteId`, previously saved or bootstrap values are kept where applicable.  
-后续 **`api call`、`product search`、`order quick`** 等命令都会从该文件加载并组装 Header —— **正常情况下不再需要设置 `CYY_BOOTSTRAP_*`**，等价于「登录接口返回什么就持久化什么，进程退出后仍可用」（磁盘配置，不是仅限内存）。
+**After `cyy auth login` succeeds**, the CLI reads the session token from **`data.token`** or **`data.appToken`** (plus optional **`shopId` / `siteId` / `versionCode` / `loginId`->`memberId`** when present) and saves them under **`~/.cyymall/config.json`**. If the API omits `shopId`/`siteId`, previously saved or bootstrap values are kept where applicable.
+后续 **`api call`、`product search`、`order quick`** 等命令都会从该文件加载并组装 Header，正常情况下不再需要设置 `CYY_BOOTSTRAP_*`。
 
 **`CYY_BOOTSTRAP_*` 仅用于「尚未登录」时**（例如第一次调用 `/app/auth/ua/registerMember/v2` 本身需要的网关 Header）。若你的环境里登录接口在未带 shop/token 时会被网关拒绝，再按需配置这些变量；**登录成功后的业务请求一律优先使用配置文件里的会话字段**。
 
 | Variable | Purpose |
 |----------|---------|
 | `CYY_BASE_URL` | Override API host (default `https://dhcmall.ifoodbuy.com`) |
-| `CYY_PASSWORD` | Used by `auth login` if `--password` omitted |
-| `CYY_BOOTSTRAP_TOKEN` | Optional — **only before login**, gateway may expect placeholder token |
-| `CYY_BOOTSTRAP_SHOP_ID` | Optional — **only before login** |
+| `CYY_ENCRYPT_OFF` | `1` / `true`: disable hybrid crypto (plaintext `sendCodeV2`) |
+| `CYY_ENCRYPT_DEBUG` | `1` / `true`: print RSA/AES diagnostics for hybrid decrypt failures |
+| `CYY_BOOTSTRAP_TOKEN` | Optional - **only before login**, gateway may expect placeholder token |
+| `CYY_BOOTSTRAP_SHOP_ID` | Optional - **only before login** |
 | `CYY_BOOTSTRAP_SITE_ID` | Default `1` when bootstrapping |
-| `CYY_BOOTSTRAP_MEMBER_ID` | Optional — **only before login** |
+| `CYY_BOOTSTRAP_MEMBER_ID` | Optional - **only before login** |
 | `CYY_BOOTSTRAP_VERSION_CODE` | App version header when bootstrapping / fallback (`22118`) |
 
+`sendCodeV2` 固定使用 `src/embeddedCyyKeys.js` 中与 Android `cyy_native_key.cpp` 一致的内置密钥，不再支持从环境变量或文件覆盖公私钥。
+
 权威规格（含请求体附录）建议以 Android 工程内的 **`docs/app-api-cli-spec.md`** 为准；若与本仓库根目录同名文档不一致，以该版本为准。
 
 ## Implementation phases
 
-See [`../README_CLI.md`](../README_CLI.md) for staged rollout and acceptance notes.
+See [`../README_CLI.md`](../README_CLI.md) for staged rollout and acceptance notes.

package/bin/cyy.js

@@ -1,2 +1,2 @@
 #!/usr/bin/env node
-require("../src/cli.js");
+require("../src/cli.js");

package/package.json

@@ -1,33 +1,33 @@
-{
-  "name": "cyymall-cli",
-  "version": "0.1.0",
-  "description": "CyyMall / 菜洋洋商城 API CLI (per app-api-cli-spec)",
-  "bin": {
-    "cyy": "bin/cyy.js"
-  },
-  "main": "src/cli.js",
-  "type": "commonjs",
-  "files": [
-    "bin",
-    "src",
-    "README.md",
-    "package.json"
-  ],
-  "engines": {
-    "node": ">=18"
-  },
-  "scripts": {
-    "start": "node bin/cyy.js",
-    "lint": "node --check src/cli.js",
-    "prepublishOnly": "node --check src/cli.js && node --check bin/cyy.js"
-  },
-  "keywords": [
-    "cyymall",
-    "cli",
-    "dhcmall"
-  ],
-  "license": "MIT",
-  "dependencies": {
-    "commander": "^12.1.0"
-  }
-}
+{
+  "name": "cyymall-cli",
+  "version": "0.1.2",
+  "description": "CyyMall / 菜洋洋商城 API CLI (per app-api-cli-spec)",
+  "bin": {
+    "cyy": "bin/cyy.js"
+  },
+  "main": "src/cli.js",
+  "type": "commonjs",
+  "files": [
+    "bin",
+    "src",
+    "README.md",
+    "package.json"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "start": "node bin/cyy.js",
+    "lint": "node --check src/cli.js && node --check src/encrypt.js && node --check src/embeddedCyyKeys.js",
+    "prepublishOnly": "node --check src/cli.js && node --check src/encrypt.js && node --check src/embeddedCyyKeys.js && node --check bin/cyy.js"
+  },
+  "keywords": [
+    "cyymall",
+    "cli",
+    "dhcmall"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^12.1.0"
+  }
+}

package/src/biz.js

@@ -1,14 +1,14 @@
-"use strict";
-
-/**
- * @param {unknown} upstream
- */
-function isBizSuccess(upstream) {
-  if (upstream == null || typeof upstream !== "object") return false;
-  const o = /** @type {{success?:boolean,code?:unknown}} */ (upstream);
-  if (o.success === true) return true;
-  if (o.code === "00000" || o.code === 0 || o.code === "0") return true;
-  return false;
-}
-
-module.exports = { isBizSuccess };
+"use strict";
+
+/**
+ * @param {unknown} upstream
+ */
+function isBizSuccess(upstream) {
+  if (upstream == null || typeof upstream !== "object") return false;
+  const o = /** @type {{success?:boolean,code?:unknown}} */ (upstream);
+  if (o.success === true) return true;
+  if (o.code === "00000" || o.code === 0 || o.code === "0") return true;
+  return false;
+}
+
+module.exports = { isBizSuccess };

package/src/cli.js

@@ -1,208 +1,234 @@
-"use strict";
-
-const path = require("path");
-const pkg = require(path.join(__dirname, "..", "package.json"));
-
-const config = require("./config");
-const apiCall = require("./commands/apiCall");
-const auth = require("./commands/auth");
-const product = require("./commands/product");
-const cart = require("./commands/cart");
-const order = require("./commands/order");
-const serve = require("./commands/serve");
-const shop = require("./commands/shop");
-
-const { Command } = require("commander");
-const program = new Command();
-
-program
-  .name("cyy")
-  .description("CyyMall / 菜洋洋商城 CLI (see app-api-cli-spec.md)")
-  .version(pkg.version);
-
-const cfgCmd = program.command("config").description("Configuration");
-
-cfgCmd
-  .command("path")
-  .description("Print config file path")
-  .action(() => {
-    console.log(config.getConfigPath());
-  });
-
-cfgCmd
-  .command("show")
-  .description("Show config (token masked)")
-  .action(() => {
-    const c = config.loadConfig();
-    if (!c) {
-      console.log(JSON.stringify({ loggedIn: false }, null, 2));
-      return;
-    }
-    const masked = { ...c, token: config.maskToken(String(c.token || "")) };
-    console.log(JSON.stringify(masked, null, 2));
-  });
-
-function collect(value, previous) {
-  return previous.concat([value]);
-}
-
-const api = program.command("api").description("Low-level API calls");
-
-api
-  .command("call")
-  .description("Invoke any mapped endpoint (spec §3)")
-  .requiredOption("--method <verb>", "HTTP method: GET, POST, PUT, PATCH, DELETE")
-  .requiredOption("--module <name>", "DEFAULT | ORDER | PRODUCT | PLATFORM | PAYMENT | OSS | BIZ")
-  .requiredOption("--path <path>", "Path starting with /, e.g. /app/product/getSkuList")
-  .option("--body-json <json>", "JSON body string")
-  .option("--body-file <file>", "Read JSON body from UTF-8 file")
-  .option("--query <pair>", "Repeatable: key=value for query string", collect, [])
-  .option("--header <h>", 'Repeatable: "Name: value"', collect, [])
-  .option("--bare", "Bootstrap headers only (do not merge saved session)")
-  .action(async (opts) => {
-    await apiCall.runApiCall({
-      ...opts,
-      noAuth: Boolean(opts.bare),
-    });
-  });
-
-const authCmd = program.command("auth").description("Authentication");
-
-authCmd
-  .command("login")
-  .description("Password login (SHA-256); saves ~/.cyymall/config.json")
-  .requiredOption("--phone <p>", "Mobile phone")
-  .option("--password <pwd>", "Plain password (or set env CYY_PASSWORD)")
-  .action(async (opts) => {
-    const pwd = opts.password || process.env.CYY_PASSWORD;
-    if (!pwd) {
-      console.error("cyy: provide --password or set CYY_PASSWORD");
-      process.exit(1);
-    }
-    await auth.login(opts.phone, pwd);
-  });
-
-authCmd
-  .command("whoami")
-  .description("GET /member/getInfo/V2 using saved token")
-  .action(async () => {
-    await auth.whoami();
-  });
-
-const prod = program.command("product").description("Product helpers");
-
-prod
-  .command("search")
-  .description("POST /mall-product/app/product/getSkuList")
-  .requiredOption("--keyword <k>", "spuName keyword")
-  .option("--shop-id <id>", "Override shopId (default from session)")
-  .option("--site-id <id>", "Override siteId")
-  .option("--page <n>", "pageNum", "1")
-  .option("--page-size <n>", "pageSize", "10")
-  .option("--stock-flag <s>", "stockFlag string (Java SearchCommodityReq)", "0")
-  .action(async (opts) => {
-    await product.search(opts);
-  });
-
-const shopCmd = program.command("shop").description("Member shops and delivery sites");
-
-shopCmd
-  .command("list")
-  .description("POST /shop/member/list — paginated shops for current member (GetShopReq)")
-  .option("--page <n>", "pageNum", "1")
-  .option("--page-size <n>", "pageSize", "20")
-  .option("--name <s>", "shopName filter", "")
-  .option("--object-code <n>", "objectCode", "3")
-  .action(async (opts) => {
-    await shop.list(opts);
-  });
-
-shopCmd
-  .command("sites")
-  .description("GET /shop/member/store/list — sites for a shop")
-  .option("--shop-id <id>", "Shop id (default: session shop_id)")
-  .option("--site-name <s>", "Optional siteName filter")
-  .action(async (opts) => {
-    await shop.sites(opts);
-  });
-
-shopCmd
-  .command("use")
-  .description("Set default shop_id only in ~/.cyymall/config.json (site_id unchanged; validate via shop list)")
-  .requiredOption("--shop-id <id>", "Numeric shop id from cyy shop list")
-  .action(async (opts) => {
-    await shop.useShop(opts);
-  });
-
-shopCmd
-  .command("use-site")
-  .description("Set default site_id for current session shop_id (validates against shop sites)")
-  .requiredOption("--site-id <id>", "Site id from shop sites")
-  .action(async (opts) => {
-    await shop.useSite(opts);
-  });
-
-const cartCmd = program.command("cart").description("Shopping cart");
-
-cartCmd
-  .command("add")
-  .description("POST /mall-order/app/order/cart")
-  .option("--body-file <file>", "Cart JSON body")
-  .option("--body-json <json>", "Cart JSON string")
-  .action(async (opts) => {
-    await cart.add(opts);
-  });
-
-const orderCmd = program.command("order").description("Order flow");
-
-orderCmd
-  .command("pre-settle")
-  .description("POST /mall-order/app/order/preSettleOrder")
-  .option("--body-file <file>", "")
-  .option("--body-json <json>", "")
-  .action(async (opts) => {
-    await order.preSettle(opts);
-  });
-
-orderCmd
-  .command("confirm")
-  .description("POST /mall-order/app/order/confirmOrder")
-  .option("--body-file <file>", "")
-  .option("--body-json <json>", "")
-  .action(async (opts) => {
-    await order.confirm(opts);
-  });
-
-orderCmd
-  .command("pay-url")
-  .description("Build H5 replacePay URL for order")
-  .requiredOption("--order-id <id>", "Order id from confirm response")
-  .action(async (opts) => {
-    await order.payUrl(opts);
-  });
-
-orderCmd
-  .command("quick")
-  .description("Search → cart → pre-settle → confirm → pay URL (first search hit)")
-  .requiredOption("--keyword <k>", "Product keyword")
-  .option("--quantity <n>", "Qty", "1")
-  .option("--unit <u>", "袋 | 提 | 箱", "袋")
-  .option("--shop-id <id>", "shopId override")
-  .option("--site-id <id>", "siteId override")
-  .action(async (opts) => {
-    await order.quick(opts);
-  });
-
-program
-  .command("serve")
-  .description("Local HTTP shim: POST /invoke JSON body { method, module, path, body?, query?, noAuth? }")
-  .option("-p, --port <n>", "port", "8787")
-  .option("--host <h>", "bind address", "127.0.0.1")
-  .action((opts) => {
-    serve.runServe({ port: opts.port, host: opts.host });
-  });
-
-program.parseAsync(process.argv).catch((e) => {
-  console.error(e);
-  process.exit(1);
-});
+"use strict";
+
+const path = require("path");
+const pkg = require(path.join(__dirname, "..", "package.json"));
+
+const config = require("./config");
+const apiCall = require("./commands/apiCall");
+const auth = require("./commands/auth");
+const product = require("./commands/product");
+const cart = require("./commands/cart");
+const order = require("./commands/order");
+const serve = require("./commands/serve");
+const shop = require("./commands/shop");
+
+const { Command } = require("commander");
+const program = new Command();
+
+program
+  .name("cyy")
+  .description("CyyMall / 菜洋洋商城 CLI (see app-api-cli-spec.md)")
+  .version(pkg.version);
+
+const cfgCmd = program.command("config").description("Configuration");
+
+cfgCmd
+  .command("path")
+  .description("Print config file path")
+  .action(() => {
+    console.log(config.getConfigPath());
+  });
+
+cfgCmd
+  .command("show")
+  .description("Show config (token masked)")
+  .action(() => {
+    const c = config.loadConfig();
+    if (!c) {
+      console.log(JSON.stringify({ loggedIn: false }, null, 2));
+      return;
+    }
+    const masked = { ...c, token: config.maskToken(String(c.token || "")) };
+    console.log(JSON.stringify(masked, null, 2));
+  });
+
+function collect(value, previous) {
+  return previous.concat([value]);
+}
+
+const api = program.command("api").description("Low-level API calls");
+
+api
+  .command("call")
+  .description("Invoke any mapped endpoint (spec §3)")
+  .requiredOption("--method <verb>", "HTTP method: GET, POST, PUT, PATCH, DELETE")
+  .requiredOption("--module <name>", "DEFAULT | ORDER | PRODUCT | PLATFORM | PAYMENT | OSS | BIZ")
+  .requiredOption("--path <path>", "Path starting with /, e.g. /app/product/getSkuList")
+  .option("--body-json <json>", "JSON body string")
+  .option("--body-file <file>", "Read JSON body from UTF-8 file")
+  .option("--query <pair>", "Repeatable: key=value for query string", collect, [])
+  .option("--header <h>", 'Repeatable: "Name: value"', collect, [])
+  .option("--bare", "Bootstrap headers only (do not merge saved session)")
+  .action(async (opts) => {
+    await apiCall.runApiCall({
+      ...opts,
+      noAuth: Boolean(opts.bare),
+    });
+  });
+
+const authCmd = program.command("auth").description("Authentication");
+
+authCmd
+  .command("login")
+  .description("SMS login; sends code then waits for code input unless --code is provided")
+  .requiredOption("--phone <p>", "Mobile phone")
+  .option("--code <code>", "SMS verification code (skip interactive prompt)")
+  .action(async (opts) => {
+    await auth.login(opts.phone, opts.code);
+  });
+
+authCmd
+  .command("send-code")
+  .description("Send SMS verification code for login")
+  .requiredOption("--phone <p>", "Mobile phone")
+  .action(async (opts) => {
+    await auth.sendCode(opts.phone);
+  });
+
+authCmd
+  .command("whoami")
+  .description("GET /member/getInfo/V2 using saved token")
+  .action(async () => {
+    await auth.whoami();
+  });
+
+const prod = program.command("product").description("Product helpers");
+
+prod
+  .command("search")
+  .description("POST /mall-product/app/product/getSkuList")
+  .requiredOption("--keyword <k>", "spuName keyword")
+  .option("--shop-id <id>", "Override shopId (default from session)")
+  .option("--site-id <id>", "Override siteId")
+  .option("--page <n>", "pageNum", "1")
+  .option("--page-size <n>", "pageSize", "10")
+  .option("--stock-flag <s>", "stockFlag string (Java SearchCommodityReq)", "0")
+  .action(async (opts) => {
+    await product.search(opts);
+  });
+
+const shopCmd = program.command("shop").description("Member shops and delivery sites");
+
+shopCmd
+  .command("list")
+  .description("POST /shop/member/list — paginated shops for current member (GetShopReq)")
+  .option("--page <n>", "pageNum", "1")
+  .option("--page-size <n>", "pageSize", "20")
+  .option("--name <s>", "shopName filter", "")
+  .option("--object-code <n>", "objectCode", "3")
+  .action(async (opts) => {
+    await shop.list(opts);
+  });
+
+shopCmd
+  .command("sites")
+  .description("GET /shop/member/store/list — sites for a shop")
+  .option("--shop-id <id>", "Shop id (default: session shop_id)")
+  .option("--site-name <s>", "Optional siteName filter")
+  .action(async (opts) => {
+    await shop.sites(opts);
+  });
+
+shopCmd
+  .command("use")
+  .description("Set default shop_id only in ~/.cyymall/config.json (site_id unchanged; validate via shop list)")
+  .requiredOption("--shop-id <id>", "Numeric shop id from cyy shop list")
+  .action(async (opts) => {
+    await shop.useShop(opts);
+  });
+
+shopCmd
+  .command("use-site")
+  .description("Set default site_id for current session shop_id (validates against shop sites)")
+  .requiredOption("--site-id <id>", "Site id from shop sites")
+  .action(async (opts) => {
+    await shop.useSite(opts);
+  });
+
+const cartCmd = program.command("cart").description("Shopping cart");
+
+cartCmd
+  .command("add")
+  .description("POST /mall-order/app/order/cart")
+  .option("--body-file <file>", "Cart JSON body")
+  .option("--body-json <json>", "Cart JSON string")
+  .action(async (opts) => {
+    await cart.add(opts);
+  });
+
+const orderCmd = program.command("order").description("Order flow");
+
+orderCmd
+  .command("pre-settle")
+  .description("POST /mall-order/app/order/preSettleOrder")
+  .option("--body-file <file>", "")
+  .option("--body-json <json>", "")
+  .action(async (opts) => {
+    await order.preSettle(opts);
+  });
+
+orderCmd
+  .command("confirm")
+  .description("POST /mall-order/app/order/confirmOrder")
+  .option("--body-file <file>", "")
+  .option("--body-json <json>", "")
+  .action(async (opts) => {
+    await order.confirm(opts);
+  });
+
+orderCmd
+  .command("pay-url")
+  .description("Build H5 replacePay URL for order")
+  .requiredOption("--order-id <id>", "Order id from confirm response")
+  .action(async (opts) => {
+    await order.payUrl(opts);
+  });
+
+orderCmd
+  .command("list")
+  .description("POST /mall-multishop/order/queryPage (OrderQeq)")
+  .option("--page <n>", "pageNum", "1")
+  .option("--page-size <n>", "pageSize", "10")
+  .option("--status <s>", "status filter (empty = all)", "")
+  .option("--shop-id <id>", "shopId override")
+  .option("--object-code <n>", "objectCode", "1")
+  .option("--all", "set queryAllFlag true", false)
+  .option("--shop-keyword <s>", "shopKeyWord", "")
+  .action(async (opts) => {
+    await order.list(opts);
+  });
+
+orderCmd
+  .command("cancel")
+  .description("POST /mall-order/app/order/cancelOrder")
+  .requiredOption("--order-id <id>", "Order id")
+  .option("--child-id <id>", "child order id (optional)")
+  .action(async (opts) => {
+    await order.cancel(opts);
+  });
+
+orderCmd
+  .command("quick")
+  .description("Search → cart → pre-settle → confirm → pay URL (first search hit)")
+  .requiredOption("--keyword <k>", "Product keyword")
+  .option("--quantity <n>", "Qty", "1")
+  .option("--unit <u>", "袋 | 提 | 箱", "袋")
+  .option("--shop-id <id>", "shopId override")
+  .option("--site-id <id>", "siteId override")
+  .action(async (opts) => {
+    await order.quick(opts);
+  });
+
+program
+  .command("serve")
+  .description("Local HTTP shim: POST /invoke JSON body { method, module, path, body?, query?, noAuth? }")
+  .option("-p, --port <n>", "port", "8787")
+  .option("--host <h>", "bind address", "127.0.0.1")
+  .action((opts) => {
+    serve.runServe({ port: opts.port, host: opts.host });
+  });
+
+program.parseAsync(process.argv).catch((e) => {
+  console.error(e);
+  process.exit(1);
+});