fanfou 0.1.0

package/dist/config.js

@@ -0,0 +1,81 @@
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { mkdirSync, readFileSync, writeFileSync, existsSync, chmodSync } from "node:fs";
+// Default consumer credentials shared with the existing Fanfou clients.
+export const DEFAULT_CONSUMER_KEY = "175d9183cc2a7298abed2ca2280daa2a";
+export const DEFAULT_CONSUMER_SECRET = "7c541eab37d4a8be432119c3fcf5c3a0";
+export function configDir() {
+    if (process.env.FANFOU_CONFIG_DIR)
+        return process.env.FANFOU_CONFIG_DIR;
+    const base = process.env.XDG_CONFIG_HOME || join(homedir(), ".config");
+    return join(base, "fanfou");
+}
+function configPath() {
+    return join(configDir(), "config.json");
+}
+function emptyConfig() {
+    return { currentProfile: "default", profiles: {} };
+}
+export function loadConfig() {
+    const path = configPath();
+    if (!existsSync(path))
+        return emptyConfig();
+    try {
+        const parsed = JSON.parse(readFileSync(path, "utf8"));
+        if (!parsed.profiles)
+            parsed.profiles = {};
+        if (!parsed.currentProfile)
+            parsed.currentProfile = "default";
+        return parsed;
+    }
+    catch {
+        return emptyConfig();
+    }
+}
+export function saveConfig(config) {
+    const dir = configDir();
+    mkdirSync(dir, { recursive: true });
+    const path = configPath();
+    writeFileSync(path, JSON.stringify(config, null, 2) + "\n", { mode: 0o600 });
+    try {
+        chmodSync(path, 0o600);
+    }
+    catch {
+        /* best effort */
+    }
+}
+export function resolveProfileName(explicit) {
+    return explicit || process.env.FANFOU_PROFILE || loadConfig().currentProfile || "default";
+}
+/** Merge stored profile with environment overrides; env always wins. */
+export function resolveProfile(explicit) {
+    const config = loadConfig();
+    const name = resolveProfileName(explicit);
+    const stored = config.profiles[name] ?? {};
+    const profile = {
+        consumerKey: process.env.FANFOU_CONSUMER_KEY || stored.consumerKey || DEFAULT_CONSUMER_KEY,
+        consumerSecret: process.env.FANFOU_CONSUMER_SECRET || stored.consumerSecret || DEFAULT_CONSUMER_SECRET,
+        token: process.env.FANFOU_OAUTH_TOKEN || stored.token,
+        tokenSecret: process.env.FANFOU_OAUTH_TOKEN_SECRET || stored.tokenSecret,
+        user: stored.user,
+    };
+    return { name, profile };
+}
+export function saveProfile(name, profile, setCurrent = true) {
+    const config = loadConfig();
+    config.profiles[name] = { ...config.profiles[name], ...profile };
+    if (setCurrent)
+        config.currentProfile = name;
+    saveConfig(config);
+}
+export function clearProfile(name) {
+    const config = loadConfig();
+    delete config.profiles[name];
+    if (config.currentProfile === name)
+        config.currentProfile = "default";
+    saveConfig(config);
+}
+export function listProfiles() {
+    const config = loadConfig();
+    return { current: config.currentProfile, names: Object.keys(config.profiles) };
+}

package/dist/index.js

@@ -0,0 +1,100 @@
+#!/usr/bin/env node
+import { parseArgs, flagBool, flagString } from "./args.js";
+import { buildRootCommand } from "./commands.js";
+import { UsageError } from "./commands.js";
+import { FanfouClient, FanfouHttpError } from "./client.js";
+import { resolveProfile } from "./config.js";
+import { collectBooleanFlags, commandSchema, renderHelpText, resolveCommand, } from "./registry.js";
+import { isOutputFormat, printData, printError } from "./output.js";
+const VERSION = "0.1.0";
+function resolveFormat(flags) {
+    if (flagBool(flags, "json"))
+        return "json";
+    const explicit = flagString(flags, "format");
+    if (explicit) {
+        if (isOutputFormat(explicit))
+            return explicit;
+        throw new UsageError(`未知的输出格式：${explicit}（可选 json|ndjson|table|raw）`);
+    }
+    return "json";
+}
+async function main() {
+    const argv = process.argv.slice(2);
+    const root = buildRootCommand();
+    const booleanFlags = collectBooleanFlags(root);
+    const { positionals, flags } = parseArgs(argv, booleanFlags);
+    if (flagBool(flags, "version")) {
+        process.stdout.write(VERSION + "\n");
+        return 0;
+    }
+    let format;
+    try {
+        format = resolveFormat(flags);
+    }
+    catch (err) {
+        printError({ type: "usage", message: err.message }, "json");
+        return 2;
+    }
+    const { command, path, rest } = resolveCommand(root, positionals);
+    const wantsHelp = flagBool(flags, "help");
+    const hasRun = typeof command.run === "function";
+    if (wantsHelp || !hasRun) {
+        if (format === "json") {
+            printData(commandSchema(command, path), "json");
+        }
+        else {
+            process.stdout.write(renderHelpText(command, path) + "\n");
+        }
+        // No runnable command and no help requested = usage error exit code.
+        return hasRun || wantsHelp ? 0 : positionals.length === 0 ? 0 : 2;
+    }
+    const dryRun = flagBool(flags, "dry-run");
+    const profileName = flagString(flags, "profile") ?? "";
+    const { name, profile } = resolveProfile(profileName || undefined);
+    const client = new FanfouClient({
+        consumerKey: profile.consumerKey,
+        consumerSecret: profile.consumerSecret,
+        token: profile.token,
+        tokenSecret: profile.tokenSecret,
+        dryRun,
+    });
+    if (command.requiresAuth && !client.isAuthenticated && !dryRun) {
+        printError({
+            type: "auth_required",
+            message: `命令 "${path.join(" ")}" 需要登录`,
+            hint: "先运行：fanfou auth login -u <用户名> -p <密码>，或用 --dry-run 预览请求",
+        }, format);
+        return 3;
+    }
+    const ctx = {
+        client,
+        args: rest,
+        flags,
+        format,
+        dryRun,
+        profileName: name,
+    };
+    const result = await command.run(ctx);
+    printData(result, format);
+    return 0;
+}
+main()
+    .then((code) => process.exit(code))
+    .catch((err) => {
+    const format = "json";
+    if (err instanceof UsageError) {
+        printError({ type: "usage", message: err.message }, format);
+        process.exit(2);
+    }
+    if (err instanceof FanfouHttpError) {
+        printError({
+            type: "http_error",
+            message: err.message.split("\n")[0] ?? err.message,
+            status: err.status,
+            body: err.body.slice(0, 1000),
+        }, format);
+        process.exit(1);
+    }
+    printError({ type: "error", message: err?.message ?? String(err) }, format);
+    process.exit(1);
+});

package/dist/oauth1.js

@@ -0,0 +1,73 @@
+import { createHmac, randomBytes } from "node:crypto";
+/** RFC 3986 percent-encoding (unreserved set only). */
+export function percentEncode(value) {
+    return encodeURIComponent(value).replace(/[!'()*]/g, (c) => "%" + c.charCodeAt(0).toString(16).toUpperCase());
+}
+function baseURLString(url) {
+    const scheme = url.protocol.replace(/:$/, "");
+    const host = url.hostname;
+    let portPart = "";
+    if (url.port &&
+        !((scheme === "http" && url.port === "80") || (scheme === "https" && url.port === "443"))) {
+        portPart = `:${url.port}`;
+    }
+    const path = url.pathname && url.pathname.length > 0 ? url.pathname : "/";
+    return `${scheme}://${host}${portPart}${path}`;
+}
+function queryPairs(url) {
+    const pairs = [];
+    for (const [name, value] of url.searchParams.entries()) {
+        pairs.push([name, value]);
+    }
+    return pairs;
+}
+/**
+ * Fanfou signs the base string with an http:// scheme even though requests go over
+ * https. Mirror the iOS client's `fanfouSignatureURL` quirk so signatures validate.
+ */
+export function fanfouSignatureURL(url) {
+    if (url.protocol === "https:" && url.hostname.endsWith("fanfou.com")) {
+        const copy = new URL(url.toString());
+        copy.protocol = "http:";
+        return copy;
+    }
+    return url;
+}
+export function sign(baseString, consumerSecret, tokenSecret) {
+    const key = `${percentEncode(consumerSecret)}&${percentEncode(tokenSecret)}`;
+    return createHmac("sha1", key).update(baseString, "utf8").digest("base64");
+}
+export function authorizationHeader(opts) {
+    const nonce = opts.nonce ?? randomBytes(16).toString("hex");
+    const timestamp = opts.timestampSeconds ?? String(Math.floor(Date.now() / 1000));
+    const oauthParameters = [
+        ["oauth_consumer_key", opts.consumerKey],
+        ["oauth_nonce", nonce],
+        ["oauth_signature_method", "HMAC-SHA1"],
+        ["oauth_timestamp", timestamp],
+        ["oauth_version", "1.0"],
+    ];
+    if (opts.token && opts.token.length > 0) {
+        oauthParameters.push(["oauth_token", opts.token]);
+    }
+    if (opts.extraParameters) {
+        oauthParameters.push(...opts.extraParameters);
+    }
+    const allParameters = [
+        ...oauthParameters,
+        ...queryPairs(opts.url),
+        ...(opts.bodyParameters ?? []),
+    ];
+    const encoded = allParameters.map(([k, v]) => [percentEncode(k), percentEncode(v)]);
+    encoded.sort((a, b) => (a[0] === b[0] ? (a[1] < b[1] ? -1 : a[1] > b[1] ? 1 : 0) : a[0] < b[0] ? -1 : 1));
+    const signingParameters = encoded.map(([k, v]) => `${k}=${v}`).join("&");
+    const baseString = [
+        opts.method.toUpperCase(),
+        percentEncode(baseURLString(opts.signatureURL ?? opts.url)),
+        percentEncode(signingParameters),
+    ].join("&");
+    const signature = sign(baseString, opts.consumerSecret, opts.tokenSecret ?? "");
+    const headerParameters = [...oauthParameters, ["oauth_signature", signature]];
+    return ("OAuth " +
+        headerParameters.map(([k, v]) => `${percentEncode(k)}="${percentEncode(v)}"`).join(", "));
+}

package/dist/output.js

@@ -0,0 +1,80 @@
+export function isOutputFormat(value) {
+    return value === "json" || value === "ndjson" || value === "table" || value === "raw";
+}
+function asArray(data) {
+    return Array.isArray(data) ? data : null;
+}
+function truncate(value, max) {
+    const oneLine = value.replace(/\s+/g, " ").trim();
+    return oneLine.length > max ? oneLine.slice(0, max - 1) + "…" : oneLine;
+}
+/** Best-effort one-line summary for a Fanfou status or user object. */
+function summarizeRow(item) {
+    if (item == null || typeof item !== "object")
+        return null;
+    const o = item;
+    // Status-like
+    if (typeof o["text"] === "string" && o["user"] && typeof o["user"] === "object") {
+        const user = o["user"];
+        const name = user["name"] ?? user["id"] ?? "?";
+        const id = o["id"] ?? "";
+        const created = o["created_at"] ?? "";
+        const fav = o["favorited"] ? " ★" : "";
+        return `${id}\t@${name}${fav}\t${truncate(o["text"], 70)}\t${created}`;
+    }
+    // Direct message-like
+    if (typeof o["text"] === "string" && (o["sender_id"] || o["sender"])) {
+        const sender = o["sender"]?.["name"] ?? o["sender_id"];
+        const id = o["id"] ?? "";
+        return `${id}\t@${sender}\t${truncate(o["text"], 70)}`;
+    }
+    // User-like
+    if (typeof o["id"] === "string" && (o["screen_name"] || o["name"])) {
+        const followers = o["followers_count"] ?? "";
+        const statuses = o["statuses_count"] ?? "";
+        return `${o["id"]}\t${o["name"] ?? ""}\tfollowers=${followers}\tstatuses=${statuses}`;
+    }
+    return null;
+}
+function renderTable(data) {
+    const arr = asArray(data);
+    if (arr) {
+        const lines = arr.map((item) => summarizeRow(item) ?? JSON.stringify(item));
+        return lines.join("\n");
+    }
+    return summarizeRow(data) ?? JSON.stringify(data, null, 2);
+}
+export function formatOutput(data, format) {
+    switch (format) {
+        case "json":
+            return JSON.stringify(data, null, 2);
+        case "ndjson": {
+            const arr = asArray(data);
+            if (arr)
+                return arr.map((item) => JSON.stringify(item)).join("\n");
+            return JSON.stringify(data);
+        }
+        case "table":
+            return renderTable(data);
+        case "raw":
+            return typeof data === "string" ? data : JSON.stringify(data, null, 2);
+    }
+}
+export function printData(data, format) {
+    if (data === undefined)
+        return;
+    const out = formatOutput(data, format);
+    if (out.length > 0)
+        process.stdout.write(out + "\n");
+}
+export function printError(error, format) {
+    if (format === "table" || format === "raw") {
+        let line = `错误 (${error.type}): ${error.message}`;
+        if (error.hint)
+            line += `\n提示: ${error.hint}`;
+        process.stderr.write(line + "\n");
+    }
+    else {
+        process.stderr.write(JSON.stringify({ error }, null, 2) + "\n");
+    }
+}

package/dist/registry.js

@@ -0,0 +1,122 @@
+export const GLOBAL_BOOLEAN_FLAGS = ["help", "dry-run", "verbose", "quiet", "version", "json", "no-color"];
+export function collectBooleanFlags(root) {
+    const set = new Set(GLOBAL_BOOLEAN_FLAGS);
+    const walk = (cmd) => {
+        for (const flag of cmd.flags ?? []) {
+            if (flag.type === "boolean") {
+                set.add(flag.name);
+                if (flag.alias)
+                    set.add(flag.alias);
+            }
+        }
+        for (const sub of cmd.subcommands ?? [])
+            walk(sub);
+    };
+    walk(root);
+    return set;
+}
+export function resolveCommand(root, positionals) {
+    let command = root;
+    const path = [];
+    let i = 0;
+    while (i < positionals.length) {
+        const token = positionals[i];
+        const next = command.subcommands?.find((c) => c.name === token);
+        if (!next)
+            break;
+        command = next;
+        path.push(token);
+        i++;
+    }
+    return { command, path, rest: positionals.slice(i) };
+}
+export function commandSchema(command, path) {
+    return {
+        name: command.name,
+        path: ["fanfou", ...path].join(" "),
+        summary: command.summary,
+        description: command.description,
+        requiresAuth: command.requiresAuth ?? false,
+        mutates: command.mutates ?? false,
+        arguments: (command.args ?? []).map((a) => ({
+            name: a.name,
+            description: a.description,
+            required: a.required ?? false,
+            variadic: a.variadic ?? false,
+        })),
+        flags: (command.flags ?? []).map((f) => ({
+            name: f.name,
+            alias: f.alias,
+            type: f.type,
+            description: f.description,
+            required: f.required ?? false,
+            default: f.default,
+        })),
+        subcommands: (command.subcommands ?? []).map((s) => ({ name: s.name, summary: s.summary })),
+        examples: command.examples ?? [],
+    };
+}
+function usageLine(command, path) {
+    const parts = ["fanfou", ...path];
+    if (command.subcommands && command.subcommands.length > 0)
+        parts.push("<command>");
+    for (const arg of command.args ?? []) {
+        const token = arg.variadic ? `${arg.name}...` : arg.name;
+        parts.push(arg.required ? `<${token}>` : `[${token}]`);
+    }
+    if ((command.flags ?? []).length > 0)
+        parts.push("[flags]");
+    return parts.join(" ");
+}
+export function renderHelpText(command, path) {
+    const lines = [];
+    const title = path.length > 0 ? path.join(" ") : "fanfou";
+    lines.push(`${title} — ${command.summary}`);
+    lines.push("");
+    if (command.description) {
+        lines.push(command.description);
+        lines.push("");
+    }
+    lines.push("Usage:");
+    lines.push(`  ${usageLine(command, path)}`);
+    if (command.args && command.args.length > 0) {
+        lines.push("");
+        lines.push("Arguments:");
+        for (const arg of command.args) {
+            const flag = arg.required ? " (required)" : "";
+            lines.push(`  ${arg.name.padEnd(18)} ${arg.description}${flag}`);
+        }
+    }
+    if (command.flags && command.flags.length > 0) {
+        lines.push("");
+        lines.push("Flags:");
+        for (const flag of command.flags) {
+            const alias = flag.alias ? `, -${flag.alias}` : "";
+            const valueHint = flag.type === "boolean" ? "" : ` <${flag.type}>`;
+            const head = `--${flag.name}${alias}${valueHint}`;
+            const req = flag.required ? " (required)" : "";
+            const def = flag.default !== undefined ? ` [default: ${flag.default}]` : "";
+            lines.push(`  ${head.padEnd(26)} ${flag.description}${req}${def}`);
+        }
+    }
+    if (command.subcommands && command.subcommands.length > 0) {
+        lines.push("");
+        lines.push("Commands:");
+        for (const sub of command.subcommands) {
+            lines.push(`  ${sub.name.padEnd(18)} ${sub.summary}`);
+        }
+    }
+    if (command.examples && command.examples.length > 0) {
+        lines.push("");
+        lines.push("Examples:");
+        for (const ex of command.examples)
+            lines.push(`  ${ex}`);
+    }
+    lines.push("");
+    lines.push("Global flags:");
+    lines.push("  --format, -o <json|ndjson|table|raw>   Output format (default: json)");
+    lines.push("  --profile <name>                       Account profile to use");
+    lines.push("  --dry-run, -n                          Print the request without sending it");
+    lines.push("  --help, -h                             Show help (add --format json for schema)");
+    return lines.join("\n");
+}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "fanfou",
+  "version": "0.1.0",
+  "description": "An LLM-friendly command line for the Fanfou (饭否) API, with a bundled agent skill.",
+  "type": "module",
+  "bin": {
+    "fanfou": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "skills",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=22.6.0"
+  },
+  "scripts": {
+    "dev": "node src/index.ts",
+    "build": "tsc -p tsconfig.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "test": "node --test 'test/**/*.test.ts'",
+    "install-skill": "node scripts/install-skill.mjs",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "fanfou",
+    "饭否",
+    "cli",
+    "llm",
+    "agent",
+    "oauth1"
+  ],
+  "license": "MIT",
+  "author": "Leaking",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Leaking/fanfou-cli.git"
+  },
+  "homepage": "https://github.com/Leaking/fanfou-cli#readme",
+  "bugs": "https://github.com/Leaking/fanfou-cli/issues",
+  "devDependencies": {
+    "@types/node": "^22.10.0",
+    "typescript": "^5.8.0"
+  }
+}

package/skills/fanfou/SKILL.md

@@ -0,0 +1,122 @@
+---
+name: fanfou
+description: >-
+  Read and write Fanfou (饭否) through the `fanfou` command-line tool. Use when the
+  user wants to browse their Fanfou home/public/mentions timeline, post / reply /
+  repost / delete a status (发饭/回复/转发), favorite (收藏), follow or search users,
+  send direct messages (私信), or call any Fanfou API endpoint. Triggers on "饭否",
+  "fanfou", "发饭", "刷饭", or requests mentioning the fanfou CLI.
+---
+
+# Fanfou (饭否) via the `fanfou` CLI
+
+`fanfou` is an LLM-friendly command line over the Fanfou API. It prints **JSON to
+stdout by default**, so parse stdout as JSON. Errors are JSON on **stderr** with a
+non-zero exit code: `{ "error": { "type", "message", "status?", "body?", "hint?" } }`.
+
+## Running the CLI
+
+Install the CLI once, then call `fanfou` directly:
+
+```bash
+npm install -g fanfou      # global; or one-off without installing: npx fanfou <command>
+fanfou <command> ...
+```
+
+(Developing from a clone? Node ≥ 22.6 runs the source with no build:
+`node src/index.ts <command> ...`.)
+
+Discover anything at runtime — every command supports `--help` (and
+`--help --format json` returns a machine-readable schema of args/flags):
+
+```bash
+fanfou --help                 # top-level command list
+fanfou status post --help     # text help for one command
+fanfou timeline home --help --format json   # schema for tooling
+```
+
+## Three layers (pick the simplest that fits)
+
+1. **Shortcuts** — `+`-prefixed, high-frequency, smart defaults:
+   `+timeline`, `+post`, `+reply`, `+repost`, `+mentions`, `+me`, `+search`, `+fav`, `+dm`.
+2. **Resource commands** — full coverage grouped by resource:
+   `auth`, `timeline`, `status`, `favorite`, `user`, `friendship`, `dm`, `account`, `search`.
+3. **Raw API** — `fanfou api <GET|POST> <path> [--query k=v&..] [--form k=v&..]`
+   for any endpoint not covered above.
+
+## Authentication (required for most commands)
+
+Two flows are supported; tokens are stored per-profile under `~/.config/fanfou`.
+
+```bash
+# XAuth (simplest, recommended for automation): username + password
+fanfou auth login -u <用户名/邮箱> -p <密码>
+# or via env, to keep secrets out of argv / shell history:
+FANFOU_USERNAME=... FANFOU_PASSWORD=... fanfou auth login
+
+# OAuth web flow (two scriptable steps):
+fanfou auth oauth-url                 # prints authorize_url + request token
+#   -> open authorize_url in a browser, approve
+fanfou auth oauth-exchange --token <request_token> --secret <request_token_secret> [--verifier <code>]
+
+fanfou auth status      # check login state (no network)
+fanfou auth whoami      # verify against the server
+fanfou auth logout
+```
+
+Multiple accounts: `fanfou auth login --profile work ...`, then add
+`--profile work` to any command, or `fanfou auth use work` to set the default.
+
+## Common recipes
+
+```bash
+fanfou +timeline --count 10                 # home timeline, latest 10
+fanfou timeline mentions --count 5          # who mentioned me
+fanfou +post "今天天气不错"                   # post a status (≤140 chars)
+fanfou +reply <status-id> "说得对"           # reply (auto-prepends @name)
+fanfou +repost <status-id>                  # repost ("转@用户 原文" if no text)
+fanfou status delete <status-id>            # delete your own status
+fanfou +fav <status-id>                     # favorite
+fanfou user show <login-id>                 # someone's profile
+fanfou user follow <login-id>               # follow
+fanfou +search "关键词"                       # search public statuses
+fanfou +dm <login-id> "在吗"                 # send a direct message
+fanfou api GET statuses/home_timeline.json --query count=3   # raw endpoint
+```
+
+### Output formats
+
+`--format` / `-o`: `json` (default), `ndjson` (one object per line; good for
+piping/streaming arrays), `table` (compact human summary), `raw` (response text
+as-is). Example: `fanfou +timeline --format table`.
+
+## Important behaviors & gotchas
+
+- **JSON by default.** Parse stdout as JSON. On error, read the JSON on stderr and
+  check the exit code (`2` usage, `3` auth-required, `1` other/HTTP).
+- **Preview before writing.** Every state-changing command supports `--dry-run`
+  (`-n`): it prints the exact signed request `{method,url,form,...}` without
+  sending it. Use this to confirm a destructive call (e.g. `status delete`) first.
+- **Status IDs can start with `-`** (e.g. `-A_ycI00_Kc`). The parser handles this,
+  but if you ever build args dynamically and hit trouble, use `--` to end flag
+  parsing: `fanfou status delete -- -A_ycI00_Kc`.
+- **140-character limit** on statuses; longer text is rejected by the server.
+- **`id` means loginname**, not the numeric/`rawid`. Pass the string `id` field.
+- **Destructive ops** (`status delete`, `dm delete`, `user block`, `unfollow`)
+  act on the live account — confirm intent, and prefer `--dry-run` to preview.
+- **Reading is safe**; writing posts to the real account. Don't post test/spam
+  content to a user's real account without being asked.
+
+## Endpoint coverage map (resource command → Fanfou API)
+
+| Command | API |
+| --- | --- |
+| `timeline home/public/user/mentions/context/photos` | `statuses/*_timeline`, `statuses/context_timeline`, `photos/user_timeline` |
+| `status show/post/reply/repost/delete/photo` | `statuses/show`, `statuses/update`, `statuses/destroy`, `photos/upload` |
+| `favorite list/add/remove` | `favorites`, `favorites/create/<id>`, `favorites/destroy/<id>` |
+| `user show/friends/followers/follow/unfollow/search/block/unblock/blocks/blocked` | `users/*`, `friendships/create|destroy`, `search/users`, `blocks/*` |
+| `friendship requests/accept/deny/exists` | `friendships/requests|accept|deny|exists` |
+| `dm list/thread/inbox/sent/send/delete` | `direct_messages/*` |
+| `account verify/notification/update-profile/update-avatar` | `account/*` |
+| `search statuses/users` | `search/public_timeline`, `search/users` |
+| anything else | `fanfou api <METHOD> <path>` |