feishu-user-plugin 1.0.0

package/src/oauth-auto.js

@@ -0,0 +1,196 @@
+#!/usr/bin/env node
+// Automated OAuth flow using Playwright — single page, no extra tabs
+const http = require('http');
+const { chromium } = require('playwright');
+const fs = require('fs');
+const path = require('path');
+const dotenv = require('dotenv');
+
+dotenv.config({ path: path.join(__dirname, '..', '.env') });
+
+const APP_ID = process.env.LARK_APP_ID;
+const APP_SECRET = process.env.LARK_APP_SECRET;
+const COOKIE_STR = process.env.LARK_COOKIE;
+const PORT = 9997;
+const REDIRECT_URI = `http://127.0.0.1:${PORT}/callback`;
+const SCOPES = 'im:message im:message:readonly im:chat:readonly contact:user.base:readonly';
+
+function parseCookies(cookieStr) {
+  return cookieStr.split(';').map(c => {
+    const [name, ...rest] = c.trim().split('=');
+    return { name: name.trim(), value: rest.join('=').trim(), domain: '.feishu.cn', path: '/' };
+  }).filter(c => c.name && c.value);
+}
+
+function saveToken(tokenData) {
+  const envPath = path.join(__dirname, '..', '.env');
+  let envContent = '';
+  try { envContent = fs.readFileSync(envPath, 'utf8'); } catch {}
+  const updates = {
+    LARK_USER_ACCESS_TOKEN: tokenData.access_token,
+    LARK_USER_REFRESH_TOKEN: tokenData.refresh_token || '',
+    LARK_UAT_SCOPE: tokenData.scope || '',
+    LARK_UAT_EXPIRES: String(Math.floor(Date.now() / 1000 + tokenData.expires_in)),
+  };
+  for (const [key, val] of Object.entries(updates)) {
+    const regex = new RegExp(`^${key}=.*$`, 'm');
+    if (regex.test(envContent)) {
+      envContent = envContent.replace(regex, `${key}=${val}`);
+    } else {
+      envContent += `\n${key}=${val}`;
+    }
+  }
+  fs.writeFileSync(envPath, envContent.trim() + '\n');
+}
+
+async function exchangeCode(code) {
+  console.log('[token] Exchanging code via v2...');
+  const res = await fetch('https://open.feishu.cn/open-apis/authen/v2/oauth/token', {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ grant_type: 'authorization_code', client_id: APP_ID, client_secret: APP_SECRET, code, redirect_uri: REDIRECT_URI }),
+  });
+  const raw = await res.text();
+  console.log('[token] Response:', raw.slice(0, 300));
+  const data = JSON.parse(raw);
+  if (data.access_token) return data;
+  if (data.data?.access_token) return data.data;
+  throw new Error(`Token exchange failed: ${raw.slice(0, 200)}`);
+}
+
+async function run() {
+  // Start callback server to capture the code
+  let resolveCode;
+  const codePromise = new Promise(resolve => { resolveCode = resolve; });
+
+  const server = http.createServer((req, res) => {
+    const url = new URL(req.url, `http://127.0.0.1:${PORT}`);
+    if (url.pathname === '/callback') {
+      const code = url.searchParams.get('code');
+      res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
+      res.end(code ? '<h2>OK</h2>' : '<h2>No code</h2>');
+      if (code) resolveCode(code);
+    } else {
+      res.writeHead(404); res.end();
+    }
+  });
+  server.listen(PORT, '127.0.0.1');
+  console.log(`[server] Listening on port ${PORT}`);
+
+  // Launch browser — use the first page directly (no extra about:blank)
+  const browser = await chromium.launch({ headless: false });
+  const context = await browser.newContext({ viewport: { width: 1200, height: 800 } });
+  await context.addCookies(parseCookies(COOKIE_STR));
+
+  // Listen for any new page (popup) that might open
+  context.on('page', async newPage => {
+    const url = newPage.url();
+    console.log('[context] New page opened:', url.slice(0, 200));
+  });
+
+  // Get the default page instead of creating a new one
+  const pages = context.pages();
+  const page = pages.length > 0 ? pages[0] : await context.newPage();
+  page.setDefaultTimeout(30000);
+
+  try {
+    const authUrl = `https://accounts.feishu.cn/open-apis/authen/v1/authorize?client_id=${APP_ID}&redirect_uri=${encodeURIComponent(REDIRECT_URI)}&response_type=code&scope=${encodeURIComponent(SCOPES)}`;
+    console.log('\n[auth] Opening authorize URL...');
+
+    // Use route interception to capture the callback redirect directly
+    let codeFromRoute = null;
+    await context.route('**/callback**', async route => {
+      const url = route.request().url();
+      console.log('[route] Intercepted callback:', url.slice(0, 200));
+      const parsed = new URL(url);
+      const code = parsed.searchParams.get('code');
+      if (code) {
+        codeFromRoute = code;
+        resolveCode(code);
+      }
+      await route.continue();
+    });
+
+    await page.goto(authUrl, { waitUntil: 'load' });
+    await page.waitForTimeout(2000);
+
+    const currentUrl = page.url();
+    console.log('[auth] Current URL:', currentUrl.slice(0, 200));
+
+    if (currentUrl.includes('callback?code=')) {
+      console.log('[auth] Auto-authorized!');
+    } else {
+      // Find and click authorize button
+      const authorizeBtn = page.locator('button:has-text("授权")').first();
+      if (await authorizeBtn.isVisible().catch(() => false)) {
+        console.log('[auth] Found 授权 button, clicking...');
+        await authorizeBtn.click();
+        console.log('[auth] Clicked, waiting for redirect...');
+        await page.waitForTimeout(5000);
+        console.log('[auth] After click URL:', page.url().slice(0, 200));
+
+        // Check all pages in context
+        const allPages = context.pages();
+        console.log(`[auth] Total pages: ${allPages.length}`);
+        for (let i = 0; i < allPages.length; i++) {
+          const pUrl = allPages[i].url();
+          console.log(`  [${i}] ${pUrl.slice(0, 200)}`);
+          if (pUrl.includes('callback?code=')) {
+            const parsed = new URL(pUrl);
+            resolveCode(parsed.searchParams.get('code'));
+          }
+        }
+      } else {
+        console.log('[auth] No authorize button found!');
+        await page.screenshot({ path: '/tmp/feishu-oauth-nobutton.png' });
+      }
+    }
+
+    // Wait for the code
+    console.log('\n[token] Waiting for code...');
+    const code = await Promise.race([
+      codePromise,
+      new Promise((_, rej) => setTimeout(() => rej(new Error('Timeout (30s)')), 30000)),
+    ]);
+    console.log('[token] Got code:', code.slice(0, 20) + '...');
+
+    const tokenData = await exchangeCode(code);
+    saveToken(tokenData);
+    console.log('\n=== SUCCESS ===');
+    console.log('access_token:', tokenData.access_token?.slice(0, 30) + '...');
+    console.log('scope:', tokenData.scope);
+    console.log('expires_in:', tokenData.expires_in, 's');
+
+    // Test P2P message reading
+    console.log('\n[test] Testing P2P message reading...');
+    const testRes = await fetch('https://open.feishu.cn/open-apis/im/v1/messages?container_id_type=chat&container_id=oc_97a52756ee2c4351a2a86e6aa33e8ca4&page_size=2&sort_type=ByCreateTimeDesc', {
+      headers: { 'Authorization': `Bearer ${tokenData.access_token}` },
+    });
+    const testData = await testRes.json();
+    if (testData.code === 0) {
+      console.log('[test] P2P: SUCCESS!', testData.data?.items?.length, 'messages');
+    } else {
+      console.log('[test] P2P: Error', testData.code, testData.msg);
+    }
+
+    // Test group messages
+    const grpRes = await fetch('https://open.feishu.cn/open-apis/im/v1/messages?container_id_type=chat&container_id=oc_6ae081b457d07e9651d615493b7f1096&page_size=2&sort_type=ByCreateTimeDesc', {
+      headers: { 'Authorization': `Bearer ${tokenData.access_token}` },
+    });
+    const grpData = await grpRes.json();
+    if (grpData.code === 0) {
+      console.log('[test] Group: SUCCESS!', grpData.data?.items?.length, 'messages');
+    } else {
+      console.log('[test] Group: Error', grpData.code, grpData.msg);
+    }
+
+  } catch (e) {
+    console.error('\nError:', e.message);
+    await page.screenshot({ path: '/tmp/feishu-oauth-error.png' }).catch(() => {});
+  } finally {
+    await browser.close();
+    server.close();
+  }
+}
+
+run();

package/src/oauth.js

@@ -0,0 +1,215 @@
+#!/usr/bin/env node
+/**
+ * OAuth 授权脚本 — 获取带 IM 权限的 user_access_token
+ *
+ * 用法: node src/oauth.js
+ *
+ * 流程 (新版 End User Consent):
+ * 1. 查询应用信息，提示用户选择正确的飞书账号
+ * 2. 启动本地 HTTP 服务器 (端口 9997)
+ * 3. 打开 accounts.feishu.cn 授权页面 (新版 OAuth 2.0)
+ * 4. 用户点击"授权"后，用 /authen/v2/oauth/token 交换 token
+ * 5. 保存 access_token + refresh_token 到 .env
+ */
+
+const http = require('http');
+const { execSync } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const dotenv = require('dotenv');
+
+dotenv.config({ path: path.join(__dirname, '..', '.env') });
+
+const APP_ID = process.env.LARK_APP_ID;
+const APP_SECRET = process.env.LARK_APP_SECRET;
+const PORT = 9997;
+const REDIRECT_URI = `http://127.0.0.1:${PORT}/callback`;
+// offline_access is required to get refresh_token for auto-renewal
+const SCOPES = 'offline_access im:message im:message:readonly im:chat:readonly contact:user.base:readonly';
+
+if (!APP_ID || !APP_SECRET) {
+  console.error('Missing LARK_APP_ID or LARK_APP_SECRET in .env');
+  process.exit(1);
+}
+
+// --- Fetch app info to help user pick the right account ---
+
+async function getAppInfo() {
+  try {
+    // Get app_access_token to query app details
+    const tokenRes = await fetch('https://open.feishu.cn/open-apis/auth/v3/app_access_token/internal', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ app_id: APP_ID, app_secret: APP_SECRET }),
+    });
+    const tokenData = await tokenRes.json();
+    if (!tokenData.app_access_token) return null;
+
+    // Get app info — try the direct app query first, fall back to underauditlist
+    let appName = null;
+    const directRes = await fetch(`https://open.feishu.cn/open-apis/application/v6/applications/${APP_ID}?lang=zh_cn`, {
+      headers: { 'Authorization': `Bearer ${tokenData.app_access_token}` },
+    });
+    const directData = await directRes.json();
+    appName = directData?.data?.app?.app_name;
+
+    if (!appName) {
+      const listRes = await fetch('https://open.feishu.cn/open-apis/application/v6/applications/underauditlist?lang=zh_cn&page_size=1', {
+        headers: { 'Authorization': `Bearer ${tokenData.app_access_token}` },
+      });
+      const listData = await listRes.json();
+      appName = listData?.data?.items?.[0]?.app_name;
+    }
+
+    return { appName, tenantKey: tokenData.tenant_key };
+  } catch {
+    return null;
+  }
+}
+
+async function exchangeCode(code) {
+  const body = {
+    grant_type: 'authorization_code',
+    client_id: APP_ID,
+    client_secret: APP_SECRET,
+    code,
+    redirect_uri: REDIRECT_URI,
+  };
+  console.log('Token exchange request:', JSON.stringify({ ...body, client_secret: '***' }));
+  const tokenRes = await fetch('https://open.feishu.cn/open-apis/authen/v2/oauth/token', {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify(body),
+  });
+  const raw = await tokenRes.text();
+  console.log('Token exchange raw response:', raw.slice(0, 500));
+  let tokenData;
+  try { tokenData = JSON.parse(raw); } catch (e) {
+    throw new Error(`Response not JSON: ${raw.slice(0, 200)}`);
+  }
+  if (tokenData.error) {
+    throw new Error(`${tokenData.error}: ${tokenData.error_description}`);
+  }
+  if (tokenData.code && tokenData.code !== 0) {
+    throw new Error(`Error ${tokenData.code}: ${tokenData.msg || JSON.stringify(tokenData)}`);
+  }
+  // v2 success: access_token at top level
+  if (tokenData.access_token) return tokenData;
+  if (tokenData.data?.access_token) return tokenData.data;
+  throw new Error(`No access_token in response: ${JSON.stringify(tokenData)}`);
+}
+
+function saveToken(tokenData) {
+  const envPath = path.join(__dirname, '..', '.env');
+  let envContent = '';
+  try { envContent = fs.readFileSync(envPath, 'utf8'); } catch {}
+
+  const updates = {
+    LARK_USER_ACCESS_TOKEN: tokenData.access_token,
+    LARK_USER_REFRESH_TOKEN: tokenData.refresh_token || '',
+    LARK_UAT_SCOPE: tokenData.scope || '',
+    LARK_UAT_EXPIRES: String(Math.floor(Date.now() / 1000 + tokenData.expires_in)),
+  };
+
+  for (const [key, val] of Object.entries(updates)) {
+    const regex = new RegExp(`^${key}=.*$`, 'm');
+    if (regex.test(envContent)) {
+      envContent = envContent.replace(regex, `${key}=${val}`);
+    } else {
+      envContent += `\n${key}=${val}`;
+    }
+  }
+
+  fs.writeFileSync(envPath, envContent.trim() + '\n');
+}
+
+const server = http.createServer(async (req, res) => {
+  const url = new URL(req.url, `http://127.0.0.1:${PORT}`);
+
+  if (url.pathname === '/callback') {
+    const code = url.searchParams.get('code');
+    if (!code) {
+      res.writeHead(400, { 'content-type': 'text/html; charset=utf-8' });
+      res.end('<h2>授权失败：未收到 code</h2>');
+      return;
+    }
+
+    try {
+      const tokenData = await exchangeCode(code);
+      saveToken(tokenData);
+
+      const hasRefresh = !!tokenData.refresh_token;
+      res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
+      res.end(`<h2>✅ 授权成功!</h2>
+<p>access_token: ${tokenData.access_token.slice(0, 20)}...</p>
+<p>scope: ${tokenData.scope}</p>
+<p>expires_in: ${tokenData.expires_in}s</p>
+<p>refresh_token: ${hasRefresh ? '✅ 已获取（30天有效，支持自动续期）' : '❌ 未返回（token 将在 2 小时后过期，需重新授权）'}</p>
+<p>已保存到 .env，可以关闭此页面。</p>`);
+
+      console.log('\n=== OAuth 授权成功 ===');
+      console.log('scope:', tokenData.scope);
+      console.log('expires_in:', tokenData.expires_in, 's');
+      console.log('refresh_token:', hasRefresh ? '✅ 已获取' : '❌ 未返回');
+      if (!hasRefresh) {
+        console.log('\n⚠️  未获取到 refresh_token。可能原因：');
+        console.log('   - 飞书应用未启用 offline_access 权限');
+        console.log('   - 授权时 scope 中未包含 offline_access');
+        console.log('   Token 将在 2 小时后过期，届时需要重新运行此脚本。');
+      }
+      console.log('token 已保存到 .env');
+
+      setTimeout(() => { server.close(); process.exit(0); }, 1000);
+    } catch (e) {
+      res.writeHead(500, { 'content-type': 'text/html; charset=utf-8' });
+      res.end(`<h2>Token 交换失败</h2><p>${e.message}</p>`);
+      console.error('Token exchange error:', e.message);
+    }
+    return;
+  }
+
+  res.writeHead(404);
+  res.end('Not found');
+});
+
+server.listen(PORT, '127.0.0.1', async () => {
+  const authUrl = `https://accounts.feishu.cn/open-apis/authen/v1/authorize?client_id=${APP_ID}&redirect_uri=${encodeURIComponent(REDIRECT_URI)}&response_type=code&scope=${encodeURIComponent(SCOPES)}`;
+
+  console.log('='.repeat(60));
+  console.log('  飞书 OAuth 授权');
+  console.log('='.repeat(60));
+  console.log(`  应用 ID: ${APP_ID}`);
+
+  // Try to get app info for better guidance
+  const appInfo = await getAppInfo();
+  if (appInfo?.appName) {
+    console.log(`  应用名称: ${appInfo.appName}`);
+  }
+
+  console.log('');
+  console.log('  ⚠️  重要：请在浏览器中选择正确的飞书账号！');
+  console.log('  如果你有多个飞书账号（个人/公司），请确保选择');
+  console.log(`  与应用 ${APP_ID} 同一租户的账号。`);
+  console.log('');
+  console.log('  如果浏览器显示了错误的账号，请：');
+  console.log('  1. 先在 feishu.cn 切换到正确的租户/账号');
+  console.log('  2. 然后重新运行此脚本');
+  console.log('='.repeat(60));
+  console.log('');
+  console.log('OAuth 服务器已启动，端口:', PORT);
+  console.log('正在打开浏览器...');
+  console.log('授权 URL:', authUrl);
+
+  try {
+    execSync(`open "${authUrl}"`);
+  } catch {
+    console.log('\n请手动在浏览器中打开上面的 URL');
+  }
+
+  console.log('\n等待授权回调... (120 秒超时)');
+  setTimeout(() => {
+    console.error('\n超时，未收到授权回调。');
+    server.close();
+    process.exit(1);
+  }, 120000);
+});