npm - job-pro - Versions diffs - 1.0.16 → 1.0.17 - Mend

job-pro 1.0.16 → 1.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js CHANGED Viewed

@@ -55,6 +55,7 @@ import { createInterface } from "node:readline";
 import { memoryList, memoryGet, memorySet, memoryEvent, memoryClear, } from "./memory.js";
 import { writeFileSync, mkdirSync, existsSync, readdirSync, statSync } from "node:fs";
 import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
 import { homedir } from "node:os";
 import { createRequire as require_createRequire } from "node:module";
 function require_module() {
@@ -131,6 +132,8 @@ USAGE
                                       [--limit N] [--companies a,b,c]
                                       [--timeout ms] [--apply-ready]
                                       [--compact | --text]
+  job-pro extension                   print extension/ path + install steps
+  job-pro extension path              just the absolute path (scriptable)
   job-pro --version
   job-pro help
@@ -1095,6 +1098,49 @@ async function main() {
         printStatus(compact);
         return;
     }
+    if (cmd === "extension") {
+        // Locate the extension/ directory. The package ships it as a sibling of
+        // dist/, so __dirname is cli/dist and the extension lives at ../extension.
+        // For a `npx job-pro` run, that lands in the npm cache; for a global
+        // install, in the prefix. For local dev, the repo's top-level extension/.
+        const here = dirname(fileURLToPath(import.meta.url));
+        const candidates = [
+            join(here, "..", "extension"),
+            join(here, "..", "..", "extension"),
+        ];
+        const extPath = candidates.find((p) => existsSync(join(p, "manifest.json"))) ?? null;
+        const sub = args[1];
+        if (sub === "path") {
+            if (!extPath)
+                die("extension/ not found — please reinstall job-pro@latest");
+            console.log(extPath);
+            return;
+        }
+        // Default: print install walkthrough.
+        if (!extPath)
+            die("extension/ not found — please reinstall job-pro@latest");
+        console.log(`
+job-pro session-capture extension
+=================================
+Path:  ${extPath}
+Install (Chrome / Edge / Brave):
+  1. Open chrome://extensions
+  2. Enable "Developer mode" (top-right toggle)
+  3. Click "Load unpacked"
+  4. Pick the path above
+  5. Browse a careers site (e.g. jobs.bytedance.com), log in, then click
+     the extension's popup → "Export session" to drop
+     ~/Downloads/jobpro/<adapter>.session.json
+  6. Move it under ~/.jobpro/<adapter>.session.json — \`job-pro <co> apply\`
+     will pick it up automatically.
+Or copy the path to clipboard (macOS):
+  echo "${extPath}" | pbcopy
+`);
+        return;
+    }
     if (cmd === "find") {
         const compact = args.includes("--compact");
         const textMode = args.includes("--text");

package/extension/README.md ADDED Viewed

@@ -0,0 +1,79 @@
+# job-pro session bridge — Chrome extension
+Manifest v3 extension that captures careers-site session cookies + CSRF/XSRF
+headers for use by the CLI's auto-apply (Phase 2.1). Unlike the simple
+Greenhouse / Lever boards (where the apply form is open-access and the CLI
+can submit anonymously via `--debug-submit-to`), most Chinese ATS tenants
+gate `apply` behind a logged-in candidate session. This extension lets
+users log in once in their normal browser, then export the captured
+session into `~/.jobpro/<adapter>.session.json` for the CLI to re-use.
+## Install (developer mode, local)
+```bash
+# Repo root
+cd extension/
+# Optional: generate placeholder icons (just colored squares).
+# The extension still loads without them; popup just won't have an icon.
+```
+1. Open Chrome → `chrome://extensions/` → enable **Developer mode**.
+2. Click **Load unpacked** → select the `extension/` directory.
+3. Pin the puzzle-piece icon to the toolbar for quick access.
+## Capture a session
+1. Log into any supported careers site (e.g. `talent.antgroup.com`,
+   `iflytek.zhiye.com`, `app.mokahr.com/.../<org>/<siteId>`).
+2. Browse around — view a job, open the apply modal — so the SPA fires
+   its auth-bearing XHRs. The extension listens for `Cookie`,
+   `X-Xsrf-Token`, `Authorization`, and Feishu/Beisen-style headers
+   (`X-Fscp-Std-Info`, `langtype`, etc.) and caches them by adapter key.
+3. Click the toolbar icon → **Export** on the captured row. The
+   extension downloads `jobpro/<adapter>.session.json` via Chrome's
+   download manager.
+4. Move the file:
+   ```bash
+   mkdir -p ~/.jobpro
+   mv ~/Downloads/jobpro/<adapter>.session.json ~/.jobpro/
+   ```
+## What's in the JSON
+```json
+{
+  "adapter": "antgroup",
+  "host": "talent.antgroup.com",
+  "exported_at": "2026-05-16T08:00:00.000Z",
+  "headers": {
+    "x-xsrf-token": "VSQK2wSZQC-DRAZxaQevxQ",
+    "x-fscp-std-info": "{\"client_id\": \"40108\"}",
+    "cookie": "<full cookie header>",
+    "...": "..."
+  },
+  "cookies": [
+    { "name": "XSRF-TOKEN", "value": "…", "domain": ".liepin.com", "path": "/", … }
+  ]
+}
+```
+The CLI doesn't read this file yet — Phase 2.1 wires that in.
+Today the file is the deliverable; future iterations land the
+`<adapter>.applyWithSession(sessionPath, postId)` flow.
+## Why MV3, not a content script injection
+We need `chrome.cookies` to dump HttpOnly cookies (used by every Chinese
+ATS we've probed). Only background service workers can call
+`chrome.cookies.getAll()`. The popup just talks to the worker via
+`chrome.runtime.sendMessage`.
+## Scope (privacy)
+* Only captures headers from hosts explicitly listed in
+  `manifest.json#host_permissions`. Browsing anywhere else is invisible
+  to the extension.
+* Storage is `chrome.storage.local` — never synced, never sent to any
+  remote.
+* Exports are user-triggered downloads to `~/Downloads/jobpro/`. No
+  network egress.

package/extension/background.js ADDED Viewed

@@ -0,0 +1,177 @@
+// job-pro session bridge — background service worker.
+//
+// Captures cookies + recent CSRF / XSRF-Token headers from supported
+// careers sites and stores them in chrome.storage so the popup can hand
+// them off as a downloadable session.json file. The CLI's auto-apply
+// then loads `~/.jobpro/<co>.session.json` and re-uses the captured
+// credentials to fire the actual submission POST.
+//
+// Design constraint: this is a manifest-v3 service worker, so it
+// shouldn't hold state in module-scope (workers can be evicted at any
+// time). All state goes through chrome.storage.local.
+// Map of careers-site host → adapter key. Used both to identify which
+// "company" a session belongs to and to scope what we export.
+const HOST_TO_KEY = {
+  "join.qq.com": "tencent",
+  "jobs.bytedance.com": "bytedance",
+  "campus-talent.alibaba.com": "alibaba",
+  "zhaopin.meituan.com": "meituan",
+  "job.xiaohongshu.com": "xiaohongshu",
+  "campus.jd.com": "jd",
+  "campus.kuaishou.cn": "kuaishou",
+  "xiaomi.jobs.f.mioffice.cn": "xiaomi",
+  "talent.baidu.com": "baidu",
+  "hr.163.com": "netease",
+  "talent.didiglobal.com": "didi",
+  "jobs.bilibili.com": "bilibili",
+  "careers.pinduoduo.com": "pdd",
+  "career.huawei.com": "huawei",
+  "campus.pingan.com": "pingan",
+  "careers.ctrip.com": "trip",
+  "www.unitree.com": "unitree",
+  "job.byd.com": "byd",
+  "talent.antgroup.com": "antgroup",
+  "hrcareersweb.antgroup.com": "antgroup",
+  "hr.sensetime.com": "sensetime",
+  "wecruit.hotjob.cn": "horizonrobotics",
+  "app.mokahr.com": "moka",
+  "careers.oppo.com": "oppo",
+  "hr.vivo.com": "vivo",
+  "vivo.zhiye.com": "vivo",
+  "iflytek.zhiye.com": "iflytek",
+  "campus.sf-express.com": "sf",
+  "www.lixiang.com": "liauto",
+  "lilithgames.jobs.feishu.cn": "lilith",
+  "www.liepin.com": "liepin",
+};
+function adapterKeyForHost(host) {
+  if (HOST_TO_KEY[host]) return HOST_TO_KEY[host];
+  // .jobs.feishu.cn / .zhiye.com wildcard fallback — store by subdomain.
+  if (host.endsWith(".jobs.feishu.cn")) return `feishu:${host}`;
+  if (host.endsWith(".zhiye.com")) return `zhiye:${host}`;
+  return null;
+}
+// Cache the latest auth-related request headers per adapter key. We
+// don't keep XHR bodies — only `Cookie` / `X-Xsrf-Token` / `Authorization`
+// / `X-Csrf-Token` / `X-Fscp-Std-Info` etc.
+const AUTH_HEADER_NAMES = new Set([
+  "authorization",
+  "cookie",
+  "x-xsrf-token",
+  "x-csrf-token",
+  "x-csrftoken",
+  "x-requested-with",
+  "x-fscp-std-info",
+  "x-fscp-version",
+  "x-fscp-trace-id",
+  "x-client-type",
+  "langtype",
+  "x-token",
+  "x-auth-token",
+]);
+chrome.webRequest?.onSendHeaders?.addListener?.(
+  // Note: in MV3 you can't *modify* requests without `declarativeNetRequest`,
+  // but reading via webRequest is still allowed for hosts in host_permissions.
+  // If the user is on a network where webRequest isn't available we fall
+  // back to cookies-only capture (see chrome.cookies below).
+  (details) => {
+    try {
+      const u = new URL(details.url);
+      const key = adapterKeyForHost(u.hostname);
+      if (!key) return;
+      const captured = {};
+      for (const h of details.requestHeaders ?? []) {
+        const name = (h.name ?? "").toLowerCase();
+        if (AUTH_HEADER_NAMES.has(name)) captured[name] = h.value ?? "";
+      }
+      if (Object.keys(captured).length === 0) return;
+      const storageKey = `auth_headers:${key}`;
+      chrome.storage.local.get([storageKey]).then((existing) => {
+        chrome.storage.local.set({
+          [storageKey]: {
+            adapter: key,
+            host: u.hostname,
+            url: details.url,
+            captured_at: new Date().toISOString(),
+            headers: { ...(existing[storageKey]?.headers ?? {}), ...captured },
+          },
+        });
+      });
+    } catch (err) {
+      console.warn("[job-pro] header capture err:", err);
+    }
+  },
+  { urls: ["<all_urls>"] },
+  ["requestHeaders", "extraHeaders"]
+);
+// Expose a message API for the popup: "give me everything you have for
+// the active tab", and a "clear" command.
+chrome.runtime.onMessage.addListener((msg, _sender, sendResponse) => {
+  (async () => {
+    if (msg?.type === "list_sessions") {
+      const all = await chrome.storage.local.get(null);
+      const out = Object.entries(all)
+        .filter(([k]) => k.startsWith("auth_headers:"))
+        .map(([k, v]) => ({ key: k.slice("auth_headers:".length), ...v }));
+      sendResponse({ ok: true, sessions: out });
+      return;
+    }
+    if (msg?.type === "export_session" && typeof msg.key === "string") {
+      const stored = (await chrome.storage.local.get([`auth_headers:${msg.key}`]))[
+        `auth_headers:${msg.key}`
+      ];
+      if (!stored) {
+        sendResponse({ ok: false, message: `no session captured for ${msg.key}` });
+        return;
+      }
+      const cookies = await chrome.cookies.getAll({ url: `https://${stored.host}/` });
+      const session = {
+        adapter: msg.key,
+        host: stored.host,
+        exported_at: new Date().toISOString(),
+        headers: stored.headers,
+        cookies: cookies.map((c) => ({
+          name: c.name,
+          value: c.value,
+          domain: c.domain,
+          path: c.path,
+          expiresAt: c.expirationDate,
+          httpOnly: c.httpOnly,
+          secure: c.secure,
+          sameSite: c.sameSite,
+        })),
+      };
+      const blob = new Blob([JSON.stringify(session, null, 2)], { type: "application/json" });
+      const dataUrl = await new Promise((resolve) => {
+        const reader = new FileReader();
+        reader.onloadend = () => resolve(reader.result);
+        reader.readAsDataURL(blob);
+      });
+      try {
+        const dlId = await chrome.downloads.download({
+          url: dataUrl,
+          filename: `jobpro/${msg.key}.session.json`,
+          saveAs: false,
+        });
+        sendResponse({ ok: true, downloadId: dlId, host: stored.host, cookieCount: cookies.length });
+      } catch (err) {
+        sendResponse({ ok: false, message: `download failed: ${err?.message ?? String(err)}` });
+      }
+      return;
+    }
+    if (msg?.type === "clear_sessions") {
+      const all = await chrome.storage.local.get(null);
+      const keys = Object.keys(all).filter((k) => k.startsWith("auth_headers:"));
+      await chrome.storage.local.remove(keys);
+      sendResponse({ ok: true, cleared: keys.length });
+      return;
+    }
+    sendResponse({ ok: false, message: `unknown message type: ${msg?.type}` });
+  })().catch((err) => sendResponse({ ok: false, message: String(err) }));
+  return true; // async sendResponse
+});

package/extension/manifest.json ADDED Viewed

@@ -0,0 +1,55 @@
+{
+  "manifest_version": 3,
+  "name": "job-pro session bridge",
+  "short_name": "job-pro",
+  "version": "0.1.0",
+  "description": "Capture careers-site session cookies + CSRF headers for use by the job-pro CLI auto-apply.",
+  "permissions": [
+    "cookies",
+    "storage",
+    "activeTab",
+    "scripting",
+    "downloads"
+  ],
+  "host_permissions": [
+    "https://join.qq.com/*",
+    "https://jobs.bytedance.com/*",
+    "https://campus-talent.alibaba.com/*",
+    "https://zhaopin.meituan.com/*",
+    "https://job.xiaohongshu.com/*",
+    "https://campus.jd.com/*",
+    "https://campus.kuaishou.cn/*",
+    "https://xiaomi.jobs.f.mioffice.cn/*",
+    "https://talent.baidu.com/*",
+    "https://hr.163.com/*",
+    "https://talent.didiglobal.com/*",
+    "https://jobs.bilibili.com/*",
+    "https://careers.pinduoduo.com/*",
+    "https://career.huawei.com/*",
+    "https://campus.pingan.com/*",
+    "https://careers.ctrip.com/*",
+    "https://www.unitree.com/*",
+    "https://job.byd.com/*",
+    "https://talent.antgroup.com/*",
+    "https://hrcareersweb.antgroup.com/*",
+    "https://*.jobs.feishu.cn/*",
+    "https://*.zhiye.com/*",
+    "https://hr.sensetime.com/*",
+    "https://wecruit.hotjob.cn/*",
+    "https://app.mokahr.com/*",
+    "https://careers.oppo.com/*",
+    "https://hr.vivo.com/*",
+    "https://campus.sf-express.com/*",
+    "https://www.lixiang.com/*",
+    "https://lilithgames.jobs.feishu.cn/*",
+    "https://www.liepin.com/*"
+  ],
+  "background": {
+    "service_worker": "background.js",
+    "type": "module"
+  },
+  "action": {
+    "default_popup": "popup.html",
+    "default_title": "job-pro session bridge"
+  }
+}

package/extension/popup.html ADDED Viewed

@@ -0,0 +1,37 @@
+<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<title>job-pro session bridge</title>
+<style>
+  body { font: 13px/1.4 -apple-system, system-ui, sans-serif; margin: 12px; min-width: 320px; }
+  h1 { font-size: 14px; margin: 0 0 8px; }
+  p.lede { color: #555; margin: 0 0 12px; }
+  ul { margin: 0; padding: 0; list-style: none; }
+  li { display: flex; align-items: center; justify-content: space-between; padding: 6px 0; border-bottom: 1px solid #eee; }
+  li:last-child { border-bottom: 0; }
+  .key { font-weight: 600; }
+  .meta { color: #888; font-size: 11px; }
+  button { font: inherit; padding: 4px 8px; border: 1px solid #ccc; background: #f5f5f5; border-radius: 3px; cursor: pointer; }
+  button.danger { color: #c00; }
+  #status { margin-top: 12px; padding: 8px; background: #f5f9f0; border-left: 3px solid #5a5; font-size: 11px; white-space: pre-wrap; }
+  #status.error { background: #f9eef0; border-color: #c55; }
+  #empty { color: #888; padding: 16px 0; text-align: center; }
+</style>
+</head>
+<body>
+  <h1>job-pro session bridge</h1>
+  <p class="lede">
+    Captured careers-site sessions. Click <strong>Export</strong> on a row
+    to download <code>&lt;adapter&gt;.session.json</code>, then move it
+    into <code>~/.jobpro/</code> for the CLI's <code>apply</code> verb.
+  </p>
+  <ul id="sessions"></ul>
+  <div id="empty" hidden>No sessions captured yet. Browse a supported careers site (see <code>manifest.json</code>) while logged in, then re-open this popup.</div>
+  <div id="status" hidden></div>
+  <p style="margin-top:14px;text-align:right">
+    <button id="clear" class="danger">Clear all</button>
+  </p>
+  <script src="popup.js"></script>
+</body>
+</html>

package/extension/popup.js ADDED Viewed

@@ -0,0 +1,54 @@
+const sessionsEl = document.getElementById("sessions");
+const emptyEl = document.getElementById("empty");
+const statusEl = document.getElementById("status");
+const clearBtn = document.getElementById("clear");
+function showStatus(text, isError) {
+  statusEl.textContent = text;
+  statusEl.hidden = false;
+  statusEl.classList.toggle("error", !!isError);
+}
+function send(msg) {
+  return new Promise((resolve) => chrome.runtime.sendMessage(msg, resolve));
+}
+async function render() {
+  const r = await send({ type: "list_sessions" });
+  if (!r?.ok || !r.sessions?.length) {
+    sessionsEl.innerHTML = "";
+    emptyEl.hidden = false;
+    return;
+  }
+  emptyEl.hidden = true;
+  sessionsEl.innerHTML = "";
+  for (const s of r.sessions) {
+    const li = document.createElement("li");
+    const left = document.createElement("div");
+    const right = document.createElement("button");
+    left.innerHTML = `<span class="key">${s.key}</span> <span class="meta">${s.host} · ${s.captured_at?.slice(0, 19) ?? "?"}</span>`;
+    right.textContent = "Export";
+    right.addEventListener("click", async () => {
+      const exp = await send({ type: "export_session", key: s.key });
+      if (exp?.ok) {
+        showStatus(
+          `Saved jobpro/${s.key}.session.json — ${exp.cookieCount} cookies + headers from ${exp.host}.\n` +
+            `Move it into ~/.jobpro/${s.key}.session.json for the CLI.`
+        );
+      } else {
+        showStatus(`Export failed: ${exp?.message ?? "unknown error"}`, true);
+      }
+    });
+    li.appendChild(left);
+    li.appendChild(right);
+    sessionsEl.appendChild(li);
+  }
+}
+clearBtn.addEventListener("click", async () => {
+  const r = await send({ type: "clear_sessions" });
+  showStatus(r?.ok ? `Cleared ${r.cleared} session(s).` : `Failed: ${r?.message}`, !r?.ok);
+  render();
+});
+render();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "job-pro",
-  "version": "1.0.16",
+  "version": "1.0.17",
   "description": "Query Chinese big-tech campus recruiting from your terminal. 50 companies, all 50 live. 46 via each company's own API; the 4 with no public canonical feed (Hikvision, CICC, Cainiao, WeBank) surfaced via Liepin as a clearly-labeled third-party fallback. No signup, no token, no server.",
   "homepage": "https://job.ha7ch.com",
   "repository": "https://github.com/HA7CH/job-pro",
@@ -10,7 +10,8 @@
     "job-pro": "./dist/index.js"
   },
   "files": [
-    "dist"
+    "dist",
+    "extension"
   ],
   "keywords": [
     "campus-recruiting",
@@ -29,7 +30,7 @@
     "dev": "tsx src/index.ts",
     "test": "tsx test/smoke.ts",
     "test:apply": "tsx test/apply-smoke.ts",
-    "prepublishOnly": "npm run build"
+    "prepublishOnly": "npm run build && rm -rf extension && cp -R ../extension extension"
   },
   "dependencies": {
     "puppeteer-core": "^25.0.2"