fieldtheory-cli-windowsport 0.1.0

package/dist/bookmarks.js

@@ -0,0 +1,190 @@
+import { pathExists, readJson, readJsonLines, writeJson, writeJsonLines } from './fs.js';
+import { ensureDataDir, twitterBookmarksCachePath, twitterBookmarksMetaPath } from './paths.js';
+import { loadTwitterOAuthToken } from './xauth.js';
+function makeBookmark(record) {
+    return {
+        id: record.id,
+        tweetId: record.tweetId,
+        url: record.url,
+        text: record.text,
+        authorHandle: record.authorHandle,
+        authorName: record.authorName,
+        bookmarkedAt: record.bookmarkedAt,
+        syncedAt: record.syncedAt ?? new Date().toISOString(),
+        media: record.media ?? [],
+        links: record.links ?? [],
+        tags: record.tags ?? [],
+    };
+}
+async function fetchJsonWithUserToken(url, accessToken) {
+    const response = await fetch(url, {
+        headers: {
+            Authorization: `Bearer ${accessToken}`,
+            'Content-Type': 'application/json',
+        },
+    });
+    const text = await response.text();
+    let parsed = null;
+    try {
+        parsed = JSON.parse(text);
+    }
+    catch {
+        parsed = null;
+    }
+    return {
+        ok: response.ok,
+        status: response.status,
+        parsed,
+        text,
+    };
+}
+async function fetchCurrentUserId(accessToken) {
+    const result = await fetchJsonWithUserToken('https://api.x.com/2/users/me', accessToken);
+    if (!result.ok) {
+        return {
+            ok: false,
+            status: result.status,
+            detail: result.parsed ? JSON.stringify(result.parsed) : result.text,
+        };
+    }
+    const id = result.parsed?.data?.id;
+    if (!id) {
+        return {
+            ok: false,
+            status: result.status,
+            detail: 'Could not find user id in /2/users/me response',
+        };
+    }
+    return {
+        ok: true,
+        id: String(id),
+        status: result.status,
+        detail: 'Resolved current user id',
+    };
+}
+function normalizeBookmarkPage(page, syncedAt) {
+    const userMap = new Map();
+    for (const user of page.includes?.users ?? []) {
+        userMap.set(String(user.id), { username: user.username, name: user.name });
+    }
+    return (page.data ?? []).map((tweet) => {
+        const user = tweet.author_id ? userMap.get(String(tweet.author_id)) : undefined;
+        const tweetId = String(tweet.id);
+        return makeBookmark({
+            id: tweetId,
+            tweetId,
+            url: `https://x.com/${user?.username ?? 'i'}/status/${tweetId}`,
+            text: tweet.text ?? '',
+            authorHandle: user?.username,
+            authorName: user?.name,
+            bookmarkedAt: tweet.created_at,
+            syncedAt,
+            links: (tweet.entities?.urls ?? []).map((u) => u.expanded_url ?? u.url ?? '').filter(Boolean),
+        });
+    });
+}
+async function fetchBookmarksPage(accessToken, userId, nextToken) {
+    const url = new URL(`https://api.x.com/2/users/${userId}/bookmarks`);
+    url.searchParams.set('max_results', '100');
+    url.searchParams.set('tweet.fields', 'created_at,author_id,entities');
+    url.searchParams.set('expansions', 'author_id');
+    url.searchParams.set('user.fields', 'username,name');
+    if (nextToken)
+        url.searchParams.set('pagination_token', nextToken);
+    const result = await fetchJsonWithUserToken(url.toString(), accessToken);
+    if (!result.ok) {
+        return {
+            ok: false,
+            status: result.status,
+            detail: result.parsed ? JSON.stringify(result.parsed) : result.text,
+            requestUrl: url.toString(),
+        };
+    }
+    return {
+        ok: true,
+        status: result.status,
+        detail: 'ok',
+        page: result.parsed,
+        requestUrl: url.toString(),
+    };
+}
+export async function syncTwitterBookmarks(mode, options = {}) {
+    const token = await loadTwitterOAuthToken();
+    if (!token?.access_token) {
+        throw new Error('Missing user-context OAuth token. Run: ftx auth');
+    }
+    const me = await fetchCurrentUserId(token.access_token);
+    if (!me.ok || !me.id) {
+        throw new Error(`Could not resolve current user id: ${me.detail}`);
+    }
+    ensureDataDir();
+    const cachePath = twitterBookmarksCachePath();
+    const metaPath = twitterBookmarksMetaPath();
+    const now = new Date().toISOString();
+    const existing = await readJsonLines(cachePath);
+    const existingById = new Map(existing.map((item) => [item.id, item]));
+    const allFetched = [];
+    let nextToken;
+    let pages = 0;
+    const maxPages = mode === 'full' ? 20 : 2;
+    while (pages < maxPages) {
+        const pageResult = await fetchBookmarksPage(token.access_token, me.id, nextToken);
+        if (!pageResult.ok || !pageResult.page) {
+            throw new Error(`Bookmark fetch failed (${pageResult.status}): ${pageResult.detail}`);
+        }
+        const normalized = normalizeBookmarkPage(pageResult.page, now);
+        allFetched.push(...normalized);
+        nextToken = pageResult.page.meta?.next_token;
+        pages += 1;
+        if (!nextToken)
+            break;
+        if (mode === 'incremental' && normalized.every((item) => existingById.has(item.id)))
+            break;
+        if (typeof options.targetAdds === 'number') {
+            const uniqueAddsSoFar = allFetched.filter((item, index, arr) => arr.findIndex((x) => x.id === item.id) === index).filter((item) => !existingById.has(item.id)).length;
+            if (uniqueAddsSoFar >= options.targetAdds)
+                break;
+        }
+    }
+    const merged = [...existing];
+    let added = 0;
+    for (const record of allFetched) {
+        if (!existingById.has(record.id)) {
+            merged.push(record);
+            existingById.set(record.id, record);
+            added += 1;
+            if (typeof options.targetAdds === 'number' && added >= options.targetAdds)
+                break;
+        }
+    }
+    merged.sort((a, b) => String(b.bookmarkedAt ?? b.syncedAt).localeCompare(String(a.bookmarkedAt ?? a.syncedAt)));
+    await writeJsonLines(cachePath, merged);
+    const previousMeta = (await pathExists(metaPath)) ? await readJson(metaPath) : undefined;
+    const meta = {
+        provider: 'twitter',
+        schemaVersion: 1,
+        lastFullSyncAt: mode === 'full' ? now : previousMeta?.lastFullSyncAt,
+        lastIncrementalSyncAt: mode === 'incremental' ? now : previousMeta?.lastIncrementalSyncAt,
+        totalBookmarks: merged.length,
+    };
+    await writeJson(metaPath, meta);
+    return {
+        mode,
+        totalBookmarks: merged.length,
+        added,
+        cachePath,
+        metaPath,
+    };
+}
+export async function getTwitterBookmarksStatus() {
+    const cachePath = twitterBookmarksCachePath();
+    const metaPath = twitterBookmarksMetaPath();
+    const meta = (await pathExists(metaPath))
+        ? await readJson(metaPath)
+        : { provider: 'twitter', schemaVersion: 1, totalBookmarks: 0 };
+    return {
+        ...meta,
+        cachePath,
+        metaPath,
+    };
+}

package/dist/chrome-cookies.js

@@ -0,0 +1,239 @@
+import { execFileSync } from 'node:child_process';
+import { copyFileSync, existsSync, readFileSync, unlinkSync } from 'node:fs';
+import { createDecipheriv, createHash, pbkdf2Sync, randomUUID } from 'node:crypto';
+import { join } from 'node:path';
+import { platform, tmpdir } from 'node:os';
+import { openDb } from './db.js';
+function getMacOSChromeKey() {
+    const candidates = [
+        { service: 'Chrome Safe Storage', account: 'Chrome' },
+        { service: 'Chrome Safe Storage', account: 'Google Chrome' },
+        { service: 'Google Chrome Safe Storage', account: 'Chrome' },
+        { service: 'Google Chrome Safe Storage', account: 'Google Chrome' },
+        { service: 'Chromium Safe Storage', account: 'Chromium' },
+        { service: 'Brave Safe Storage', account: 'Brave' },
+        { service: 'Brave Browser Safe Storage', account: 'Brave Browser' },
+    ];
+    for (const candidate of candidates) {
+        try {
+            const password = execFileSync('security', ['find-generic-password', '-w', '-s', candidate.service, '-a', candidate.account], { encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
+            if (password) {
+                return pbkdf2Sync(password, 'saltysalt', 1003, 16, 'sha1');
+            }
+        }
+        catch {
+            // Try the next known browser/keychain naming pair.
+        }
+    }
+    throw new Error('Could not read a browser Safe Storage password from the macOS Keychain.\n' +
+        'This is needed to decrypt Chrome-family cookies.\n' +
+        'Fix: open the browser profile that is logged into X, then retry.\n' +
+        'If you already use the API flow, prefer: ftx sync --api');
+}
+function sanitizeCookieValue(name, value) {
+    const cleaned = value.replace(/\0+$/g, '').trim();
+    if (!cleaned) {
+        throw new Error(`Cookie ${name} was empty after decryption.\n\n` +
+            'This usually happens when Chrome is open or the wrong profile is selected.\n\n' +
+            'Try:\n' +
+            '  1. Close Chrome completely and run ftx sync again\n' +
+            '  2. If that does not work, try a different profile:\n' +
+            '     ftx sync --chrome-profile-directory "Profile 1"\n' +
+            '  3. Or use the API method instead:\n' +
+            '     ftx auth && ftx sync --api');
+    }
+    if (!/^[\x21-\x7E]+$/.test(cleaned)) {
+        throw new Error(`Could not decrypt the ${name} cookie.\n\n` +
+            'This usually happens when Chrome is open or the wrong profile is selected.\n\n' +
+            'Try:\n' +
+            '  1. Close Chrome completely and run ftx sync again\n' +
+            '  2. Try a different profile:\n' +
+            '     ftx sync --chrome-profile-directory "Profile 1"\n' +
+            '  3. Or use the API method instead:\n' +
+            '     ftx auth && ftx sync --api');
+    }
+    return cleaned;
+}
+export function decryptCookieValue(encryptedValue, key, dbVersion = 0) {
+    if (encryptedValue.length === 0)
+        return '';
+    if (encryptedValue[0] === 0x76 && encryptedValue[1] === 0x31 && encryptedValue[2] === 0x30) {
+        const iv = Buffer.alloc(16, 0x20);
+        const ciphertext = encryptedValue.subarray(3);
+        const decipher = createDecipheriv('aes-128-cbc', key, iv);
+        let decrypted = decipher.update(ciphertext);
+        decrypted = Buffer.concat([decrypted, decipher.final()]);
+        if (dbVersion >= 24 && decrypted.length > 32) {
+            decrypted = decrypted.subarray(32);
+        }
+        return decrypted.toString('utf8');
+    }
+    return encryptedValue.toString('utf8');
+}
+export function decryptWindowsCookieValue(encryptedValue, masterKey, hostKey, dbVersion = 0) {
+    if (encryptedValue.length === 0)
+        return '';
+    const versionTag = encryptedValue.subarray(0, 3).toString('utf8');
+    if (versionTag === 'v10' || versionTag === 'v11') {
+        const iv = encryptedValue.subarray(3, 15);
+        const ciphertext = encryptedValue.subarray(15, encryptedValue.length - 16);
+        const authTag = encryptedValue.subarray(encryptedValue.length - 16);
+        const decipher = createDecipheriv('aes-256-gcm', masterKey, iv);
+        decipher.setAuthTag(authTag);
+        let decrypted = decipher.update(ciphertext);
+        decrypted = Buffer.concat([decrypted, decipher.final()]);
+        if (dbVersion >= 24 && decrypted.length > 32) {
+            const expectedHostHash = createHash('sha256').update(hostKey).digest();
+            if (decrypted.subarray(0, 32).equals(expectedHostHash)) {
+                decrypted = decrypted.subarray(32);
+            }
+        }
+        return decrypted.toString('utf8');
+    }
+    return unprotectWindowsData(encryptedValue).toString('utf8');
+}
+function runPowerShell(script) {
+    return execFileSync('powershell.exe', ['-NoProfile', '-NonInteractive', '-Command', script], {
+        encoding: 'utf8',
+        stdio: ['pipe', 'pipe', 'pipe'],
+        timeout: 15000,
+    }).trim();
+}
+function unprotectWindowsData(data) {
+    const base64 = data.toString('base64');
+    const script = `Add-Type -AssemblyName System.Security; ` +
+        `$bytes = [Convert]::FromBase64String('${base64}'); ` +
+        `$plain = [System.Security.Cryptography.ProtectedData]::Unprotect(` +
+        `$bytes, $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser); ` +
+        `[Convert]::ToBase64String($plain)`;
+    const output = runPowerShell(script);
+    if (!output) {
+        throw new Error('Windows DPAPI returned an empty response while decrypting Chrome cookies.');
+    }
+    return Buffer.from(output, 'base64');
+}
+function getWindowsChromeMasterKey(chromeUserDataDir) {
+    const localStatePath = join(chromeUserDataDir, 'Local State');
+    if (!existsSync(localStatePath)) {
+        throw new Error(`Chrome Local State not found at: ${localStatePath}\n` +
+            'Fix: Make sure Google Chrome is installed and has been opened at least once.');
+    }
+    const localState = JSON.parse(readFileSync(localStatePath, 'utf8'));
+    const encodedKey = localState.os_crypt?.encrypted_key;
+    if (!encodedKey) {
+        throw new Error('Chrome Local State does not contain os_crypt.encrypted_key.');
+    }
+    const encryptedKey = Buffer.from(encodedKey, 'base64');
+    const dpapiPrefix = Buffer.from('DPAPI');
+    const keyPayload = encryptedKey.subarray(0, 5).equals(dpapiPrefix)
+        ? encryptedKey.subarray(5)
+        : encryptedKey;
+    return unprotectWindowsData(keyPayload);
+}
+async function queryCookies(dbPath, domain, names) {
+    if (!existsSync(dbPath)) {
+        throw new Error(`Chrome Cookies database not found at: ${dbPath}\n` +
+            'Fix: Make sure Google Chrome is installed and has been opened at least once.\n' +
+            'If you use a non-default Chrome profile, pass --chrome-profile-directory <name>.');
+    }
+    const tempDbPath = join(tmpdir(), `ftx-cookies-${randomUUID()}.db`);
+    let queryPath = dbPath;
+    try {
+        copyFileSync(dbPath, tempDbPath);
+        queryPath = tempDbPath;
+    }
+    catch {
+        queryPath = dbPath;
+    }
+    const safeDomain = domain.replace(/'/g, "''");
+    const nameList = names.map((name) => `'${name.replace(/'/g, "''")}'`).join(', ');
+    const sql = `
+    SELECT
+      name,
+      host_key,
+      hex(encrypted_value) AS encrypted_value_hex,
+      value
+    FROM cookies
+    WHERE host_key LIKE '%${safeDomain}' AND name IN (${nameList})
+  `;
+    const db = await openDb(queryPath);
+    try {
+        const cookieRows = db.exec(sql);
+        const metaRows = db.exec("SELECT value FROM meta WHERE key = 'version' LIMIT 1");
+        const dbVersion = Number(metaRows[0]?.values?.[0]?.[0] ?? 0);
+        const cookies = (cookieRows[0]?.values ?? []).map((row) => ({
+            name: String(row[0] ?? ''),
+            hostKey: String(row[1] ?? ''),
+            encryptedValueHex: String(row[2] ?? ''),
+            value: String(row[3] ?? ''),
+        }));
+        return { cookies, dbVersion };
+    }
+    catch (error) {
+        throw new Error(`Could not read Chrome Cookies database.\n` +
+            `Path: ${dbPath}\n` +
+            `Error: ${error.message}\n` +
+            'Fix: If Chrome is open, close it and retry. The database may be locked.');
+    }
+    finally {
+        db.close();
+        if (queryPath === tempDbPath) {
+            try {
+                unlinkSync(tempDbPath);
+            }
+            catch {
+                // Best-effort cleanup.
+            }
+        }
+    }
+}
+export async function extractChromeXCookies(chromeUserDataDir, profileDirectory = 'Default') {
+    const os = platform();
+    if (os !== 'darwin' && os !== 'win32') {
+        throw new Error(`Direct cookie extraction is supported on macOS and Windows.\n` +
+            `Detected platform: ${os}\n` +
+            'Fix: Pass --csrf-token and --cookie-header directly, or use the OAuth API flow.');
+    }
+    const dbPath = join(chromeUserDataDir, profileDirectory, 'Cookies');
+    const key = os === 'darwin' ? getMacOSChromeKey() : getWindowsChromeMasterKey(chromeUserDataDir);
+    let result = await queryCookies(dbPath, '.x.com', ['ct0', 'auth_token']);
+    if (result.cookies.length === 0) {
+        result = await queryCookies(dbPath, '.twitter.com', ['ct0', 'auth_token']);
+    }
+    const decrypted = new Map();
+    for (const cookie of result.cookies) {
+        const hexValue = cookie.encryptedValueHex;
+        if (hexValue && hexValue.length > 0) {
+            const buffer = Buffer.from(hexValue, 'hex');
+            const value = os === 'darwin'
+                ? decryptCookieValue(buffer, key, result.dbVersion)
+                : decryptWindowsCookieValue(buffer, key, cookie.hostKey, result.dbVersion);
+            decrypted.set(cookie.name, value);
+        }
+        else if (cookie.value) {
+            decrypted.set(cookie.name, cookie.value);
+        }
+    }
+    const ct0 = decrypted.get('ct0');
+    const authToken = decrypted.get('auth_token');
+    if (!ct0) {
+        throw new Error('No ct0 CSRF cookie found for x.com in Chrome.\n' +
+            'This means you are not logged into X in the selected Chrome profile.\n\n' +
+            'Fix:\n' +
+            '  1. Open Google Chrome\n' +
+            '  2. Go to https://x.com and log in\n' +
+            '  3. Close Chrome completely\n' +
+            '  4. Re-run this command\n\n' +
+            (profileDirectory !== 'Default'
+                ? `Using Chrome profile: "${profileDirectory}"\n`
+                : 'Using the Default Chrome profile. If your X login is in a different profile,\n' +
+                    'pass --chrome-profile-directory <name> (for example "Profile 1").\n'));
+    }
+    const cookieParts = [`ct0=${sanitizeCookieValue('ct0', ct0)}`];
+    if (authToken)
+        cookieParts.push(`auth_token=${sanitizeCookieValue('auth_token', authToken)}`);
+    return {
+        csrfToken: sanitizeCookieValue('ct0', ct0),
+        cookieHeader: cookieParts.join('; '),
+    };
+}