cyymall-cli 0.1.6 → 0.1.8

package/README.md

@@ -57,6 +57,7 @@ npm publish --otp=123456
 cyy config path
 cyy auth send-code --phone <mobile>
 cyy auth login --phone <mobile> --code <sms>
+cyy auth import --token <appToken> [--member-id <id>] [--shop-id <id>] [--site-id <id>]
 cyy auth whoami
 cyy shop list
 cyy shop sites --shop-id <门店ID>
@@ -70,14 +71,28 @@ cyy serve --port 8787
 
 ## Session vs bootstrap env
 
-**After `cyy auth login` succeeds**, the CLI reads the session token from **`data.token`** or **`data.appToken`** (plus optional **`shopId` / `siteId` / `versionCode` / `loginId`->`memberId`** when present) and saves them under **`~/.cyymall/config.json`**. If the API omits `shopId`/`siteId`, previously saved or bootstrap values are kept where applicable.
-后续 **`api call`、`product search`、`order quick`** 等命令都会从该文件加载并组装 Header，正常情况下不再需要设置 `CYY_BOOTSTRAP_*`。
+**After `cyy auth login` or `cyy auth import` succeeds**, session fields live under **`~/.cyymall/config.json`** (`token`, `member_id`, `shop_id`, `site_id`, `version_code`, …). **`api call`、`product search`、`order quick`** 等命令读取**有效会话**：先合并配置文件，再用下表 `CYY_*` 覆盖（适合 Gateway / MCP 子进程注入、不落盘）。
 
-**`CYY_BOOTSTRAP_*` 仅用于「尚未登录」时**（例如第一次调用 `/app/auth/ua/registerMember/v2` 本身需要的网关 Header）。若你的环境里登录接口在未带 shop/token 时会被网关拒绝，再按需配置这些变量；**登录成功后的业务请求一律优先使用配置文件里的会话字段**。
+**External token (skip SMS login):**
+
+```bash
+cyy auth import --token "<appToken>" --member-id "<id>" --shop-id "<id>"
+# or ephemeral for one process:
+export CYY_TOKEN="<appToken>"
+export CYY_SHOP_ID="<id>"
+```
+
+**`CYY_BOOTSTRAP_*` 仅用于「尚未登录」时**（无 saved token 且无 `CYY_TOKEN`）。已登录时业务请求优先使用配置文件 + `CYY_TOKEN` 等会话变量。
 
 | Variable | Purpose |
 |----------|---------|
 | `CYY_BASE_URL` | Override API host (default `https://dhcmall.ifoodbuy.com`) |
+| `CYY_TOKEN` | Session token for current process (overrides saved config) |
+| `CYY_MEMBER_ID` | Override `member_id` header |
+| `CYY_SHOP_ID` | Override `shop_id` header |
+| `CYY_SITE_ID` | Override `site_id` header |
+| `CYY_VERSION_CODE` | Override `version_code` header |
+| `CYY_PHONE` | Optional label in config display |
 | `CYY_ENCRYPT_OFF` | `1` / `true`: disable hybrid crypto (plaintext `sendCodeV2`) |
 | `CYY_ENCRYPT_DEBUG` | `1` / `true`: print RSA/AES diagnostics for hybrid decrypt failures |
 | `CYY_BOOTSTRAP_TOKEN` | Optional - **only before login**, gateway may expect placeholder token |
@@ -92,4 +107,4 @@ cyy serve --port 8787
 
 ## Implementation phases
 
-See [`../README_CLI.md`](../README_CLI.md) for staged rollout and acceptance notes.
+See [`../README_CLI.md`](../README_CLI.md) for staged rollout and acceptance notes.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyymall-cli",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "CyyMall / 菜洋洋商城 API CLI (per app-api-cli-spec)",
   "bin": {
     "cyy": "bin/cyy.js"

package/src/Untitled

@@ -0,0 +1 @@
+shop

package/src/cli.js

@@ -4,6 +4,7 @@ const path = require("path");
 const pkg = require(path.join(__dirname, "..", "package.json"));
 
 const config = require("./config");
+const http = require("./http");
 const apiCall = require("./commands/apiCall");
 const auth = require("./commands/auth");
 const product = require("./commands/product");
@@ -31,14 +32,26 @@ cfgCmd
 
 cfgCmd
   .command("show")
-  .description("Show config (token masked)")
+  .description("Show config (token masked); includes effective session and env overrides")
   .action(() => {
-    const c = config.loadConfig();
-    if (!c) {
+    const file = config.loadConfig();
+    const session = config.getSession();
+    const envOverrides = config.getEnvSessionOverrideKeys();
+    if (!config.hasAuthToken(session) && !file) {
       console.log(JSON.stringify({ loggedIn: false }, null, 2));
       return;
     }
-    const masked = { ...c, token: config.maskToken(String(c.token || "")) };
+    const masked = {
+      loggedIn: config.hasAuthToken(session),
+      saved: file
+        ? { ...file, token: config.maskToken(String(file.token || "")) }
+        : null,
+      effective: {
+        ...session,
+        token: config.maskToken(String(session.token || "")),
+      },
+      envOverrides: envOverrides.length ? envOverrides : undefined,
+    };
     console.log(JSON.stringify(masked, null, 2));
   });
 
@@ -92,6 +105,32 @@ authCmd
     await auth.whoami();
   });
 
+authCmd
+  .command("import")
+  .description(
+    "Import external session token into ~/.cyymall/config.json (skip SMS login); optional --no-verify",
+  )
+  .option("--token <t>", "App session token (appToken / Authorization value)")
+  .option("--token-file <file>", "Read token from UTF-8 file (e.g. secret mount)")
+  .option("--member-id <id>", "memberId header")
+  .option("--shop-id <id>", "shopId header")
+  .option("--site-id <id>", "siteId header (default 1 if omitted and not in saved config)")
+  .option("--version-code <n>", "version-code header")
+  .option("--phone <p>", "Optional phone label for config display")
+  .option("--no-verify", "Save without calling GET /member/getInfo/V2")
+  .action(async (opts) => {
+    await auth.importSession({
+      token: opts.token,
+      tokenFile: opts.tokenFile,
+      memberId: opts.memberId,
+      shopId: opts.shopId,
+      siteId: opts.siteId,
+      versionCode: opts.versionCode,
+      phone: opts.phone,
+      noVerify: Boolean(opts.noVerify),
+    });
+  });
+
 const prod = program.command("product").description("Product helpers");
 
 prod

package/src/commands/apiCall.js

@@ -74,7 +74,7 @@ async function executeApiCall(opts) {
   let headers = {};
 
   if (!noAuth) {
-    const cfg = config.loadConfig();
+    const cfg = config.getSession();
     headers = /** @type {Record<string,string>} */ (
       http.buildAuthHeaders(cfg)
     );

package/src/commands/auth.js

@@ -1,5 +1,6 @@
 "use strict";
 
+const fs = require("fs");
 const crypto = require("crypto");
 const readline = require("readline/promises");
 const { stdin: input, stdout: output } = require("process");
@@ -258,12 +259,89 @@ async function login(phone, code) {
   await loginWithCode(phone, smsCode);
 }
 
-async function whoami() {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in. Run: cyy auth login --phone ...");
+/**
+ * Persist an externally supplied session (Native App / Gateway token), skipping SMS login.
+ * @param {object} opts
+ * @param {string} [opts.token]
+ * @param {string} [opts.tokenFile]
+ * @param {string} [opts.memberId]
+ * @param {string} [opts.shopId]
+ * @param {string} [opts.siteId]
+ * @param {string} [opts.versionCode]
+ * @param {string} [opts.phone]
+ * @param {boolean} [opts.noVerify]
+ */
+async function importSession(opts) {
+  let token = opts.token != null ? String(opts.token).trim() : "";
+  if (!token && opts.tokenFile) {
+    token = fs.readFileSync(opts.tokenFile, "utf8").trim();
+  }
+  if (!token) {
+    console.error("cyy: --token or --token-file is required");
     process.exit(1);
   }
+
+  const prev = config.loadConfig() || {};
+  const saved = {
+    ...prev,
+    token,
+    member_id:
+      opts.memberId != null && String(opts.memberId).trim() !== ""
+        ? String(opts.memberId).trim()
+        : String(prev.member_id || ""),
+    shop_id:
+      opts.shopId != null && String(opts.shopId).trim() !== ""
+        ? String(opts.shopId).trim()
+        : String(prev.shop_id || ""),
+    site_id:
+      opts.siteId != null && String(opts.siteId).trim() !== ""
+        ? String(opts.siteId).trim()
+        : String(prev.site_id || "1"),
+    version_code: String(
+      opts.versionCode != null && String(opts.versionCode).trim() !== ""
+        ? opts.versionCode
+        : prev.version_code ?? http.DEFAULT_VERSION,
+    ),
+    phone:
+      opts.phone != null && String(opts.phone).trim() !== ""
+        ? String(opts.phone).trim()
+        : String(prev.phone || ""),
+    login_time: Math.floor(Date.now() / 1000),
+    session_source: "import",
+  };
+
+  config.saveConfig(saved);
+
+  if (opts.noVerify) {
+    const traceId = buildTraceId();
+    console.log(
+      JSON.stringify(
+        {
+          success: true,
+          code: "OK",
+          message: "session imported (not verified)",
+          data: {
+            phone: saved.phone,
+            member_id: saved.member_id,
+            shop_id: saved.shop_id,
+            site_id: saved.site_id,
+            version_code: saved.version_code,
+            token_preview: config.maskToken(saved.token),
+          },
+          traceId,
+        },
+        null,
+        2,
+      ),
+    );
+    process.exit(0);
+  }
+
+  await whoami();
+}
+
+async function whoami() {
+  const cfg = config.requireAuthSession();
   const url = http.moduleUrl("DEFAULT", "/member/getInfo/V2");
   const headers = /** @type {Record<string,string>} */ (http.buildAuthHeaders(cfg));
   delete headers["Content-Type"];
@@ -291,4 +369,4 @@ async function whoami() {
   process.exit(success ? 0 : 2);
 }
 
-module.exports = { login, loginWithCode, sendCode, whoami };
+module.exports = { login, loginWithCode, sendCode, whoami, importSession };

package/src/commands/cart.js

@@ -10,11 +10,7 @@ const biz = require("../biz");
  * @param {{ bodyFile?: string, bodyJson?: string }} opts
  */
 async function add(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in.");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
 
   let raw = opts.bodyJson;
   if (opts.bodyFile) {

package/src/commands/order.js

@@ -28,11 +28,7 @@ function envelope(success, message, data, exitCode) {
  * @param {{ bodyFile?: string, bodyJson?: string }} opts
  */
 async function preSettle(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in.");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
   let raw = opts.bodyJson;
   if (opts.bodyFile) raw = fs.readFileSync(opts.bodyFile, "utf8");
   if (!raw) {
@@ -54,11 +50,7 @@ async function preSettle(opts) {
  * @param {{ bodyFile?: string, bodyJson?: string }} opts
  */
 async function confirm(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in.");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
   let raw = opts.bodyJson;
   if (opts.bodyFile) raw = fs.readFileSync(opts.bodyFile, "utf8");
   if (!raw) {
@@ -77,11 +69,7 @@ async function confirm(opts) {
 }
 
 async function payUrl(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in.");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
   const orderId = opts.orderId;
   if (!orderId) {
     console.error("cyy: --order-id required");
@@ -118,11 +106,7 @@ async function payUrl(opts) {
  * @param {object} opts
  */
 async function quick(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in.");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
 
   const keyword = opts.keyword;
   const quantity = Number(opts.quantity || 1);
@@ -329,11 +313,7 @@ async function quick(opts) {
  * @param {{ page?: string, pageSize?: string, status?: string, shopId?: string, objectCode?: string, all?: boolean, shopKeyword?: string }} opts
  */
 async function list(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in.");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
   const shopId = opts.shopId != null && opts.shopId !== "" ? Number(opts.shopId) : Number(cfg.shop_id);
   if (!Number.isFinite(shopId)) {
     console.error("cyy: shopId missing (set shop_id in config or pass --shop-id)");
@@ -371,11 +351,7 @@ async function list(opts) {
  * @param {{ orderId?: string, childId?: string }} opts
  */
 async function cancel(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in.");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
   const orderId = opts.orderId;
   if (!orderId) {
     console.error("cyy: --order-id required");

package/src/commands/product.js

@@ -9,11 +9,7 @@ const biz = require("../biz");
  * @param {object} opts
  */
 async function search(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in. Run: cyy auth login");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
 
   const shopId = Number(opts.shopId ?? cfg.shop_id);
   const siteId = Number(opts.siteId ?? cfg.site_id);

package/src/commands/shop.js

@@ -28,11 +28,7 @@ function envelope(success, message, upstream, exitCode) {
  * @param {{ page?: string, pageSize?: string, name?: string, objectCode?: string }} opts
  */
 async function list(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in. Run: cyy auth login");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
 
   const body = JSON.stringify({
     pageNum: Number(opts.page || 1),
@@ -62,11 +58,7 @@ async function list(opts) {
  * @param {{ shopId?: string, siteName?: string }} opts
  */
 async function sites(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in. Run: cyy auth login");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
 
   const shopId = opts.shopId ?? cfg.shop_id;
   if (shopId === undefined || shopId === null || String(shopId).trim() === "") {
@@ -179,11 +171,7 @@ async function shopIdBelongsToMember(cfg, shopId) {
  * @param {{ shopId?: string }} opts
  */
 async function useShop(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in. Run: cyy auth login");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
   const shopId = opts.shopId;
   if (shopId === undefined || shopId === null || String(shopId).trim() === "") {
     console.error("cyy: shop use requires --shop-id");
@@ -229,11 +217,7 @@ async function useShop(opts) {
  * @param {{ siteId?: string }} opts
  */
 async function useSite(opts) {
-  const cfg = config.loadConfig();
-  if (!cfg?.token) {
-    console.error("cyy: not logged in. Run: cyy auth login");
-    process.exit(1);
-  }
+  const cfg = config.requireAuthSession();
   const shopId = cfg.shop_id;
   if (shopId === undefined || shopId === null || String(shopId).trim() === "") {
     console.error("cyy: no shop_id in session; run: cyy shop use --shop-id <id>");

package/src/config.js

@@ -4,7 +4,7 @@ const fs = require("fs");
 const path = require("path");
 const os = require("os");
 
-const DEFAULT_BASE_URL = "https://dhcmall.ifoodbuy.com";
+const DEFAULT_BASE_URL = "https://yunping.ifoodbuy.com/";
 
 /** BuildConfig-style module prefixes (app-api-cli-spec §1.2) */
 const MODULE_MAP = {
@@ -69,9 +69,71 @@ function maskToken(t) {
   return `${t.slice(0, 8)}...${t.slice(-4)}`;
 }
 
+/** Env keys that override ~/.cyymall/config.json for the current process (ephemeral). */
+const SESSION_ENV_KEYS = [
+  ["token", "CYY_TOKEN"],
+  ["member_id", "CYY_MEMBER_ID"],
+  ["shop_id", "CYY_SHOP_ID"],
+  ["site_id", "CYY_SITE_ID"],
+  ["version_code", "CYY_VERSION_CODE"],
+  ["phone", "CYY_PHONE"],
+];
+
+/**
+ * Effective session: saved config merged with CYY_* env overrides (env wins when set).
+ * @returns {Record<string, unknown>}
+ */
+function getSession() {
+  const file = loadConfig() || {};
+  /** @type {Record<string, unknown>} */
+  const merged = { ...file };
+  for (const [field, envKey] of SESSION_ENV_KEYS) {
+    const v = process.env[envKey];
+    if (v != null && String(v).trim() !== "") {
+      merged[field] = String(v).trim();
+    }
+  }
+  return merged;
+}
+
+/**
+ * @param {Record<string, unknown>|null|undefined} [session]
+ */
+function hasAuthToken(session) {
+  const s = session ?? getSession();
+  const t = s?.token;
+  return t != null && String(t).trim() !== "";
+}
+
+/**
+ * @returns {Record<string, unknown>}
+ */
+function requireAuthSession() {
+  if (!hasAuthToken()) {
+    console.error(
+      "cyy: not logged in. Use one of: cyy auth login --phone ... | cyy auth import --token ... | CYY_TOKEN=...",
+    );
+    process.exit(1);
+  }
+  return getSession();
+}
+
+/** Names of CYY_* env vars currently overriding saved config. */
+function getEnvSessionOverrideKeys() {
+  const active = [];
+  for (const [, envKey] of SESSION_ENV_KEYS) {
+    const v = process.env[envKey];
+    if (v != null && String(v).trim() !== "") {
+      active.push(envKey);
+    }
+  }
+  return active;
+}
+
 module.exports = {
   DEFAULT_BASE_URL,
   MODULE_MAP,
+  SESSION_ENV_KEYS,
   getBaseUrl,
   getConfigDir,
   getConfigPath,
@@ -79,4 +141,8 @@ module.exports = {
   loadConfig,
   saveConfig,
   maskToken,
+  getSession,
+  hasAuthToken,
+  requireAuthSession,
+  getEnvSessionOverrideKeys,
 };

package/src/http.js

@@ -46,8 +46,7 @@ function buildAuthHeaders(cfg) {
 
 /** Headers for unauthenticated calls (e.g. login) — still need default shop/site for gateway */
 function buildDefaultHeaders() {
-  const cfg = config.loadConfig();
-  return buildAuthHeaders(cfg);
+  return buildAuthHeaders(config.getSession());
 }
 
 /**