nutstore-webdav-secret-cli 0.1.0

package/README.md

@@ -0,0 +1,265 @@
+# Nutstore WebDAV Secret CLI
+
+一个基于 Bun、Solid 和 OpenTUI 的终端工具，用来查看和管理坚果云 WebDAV 第三方应用密码。
+
+## 功能
+
+- 读取并缓存本地 Cookie
+- 拉取 `mobile_asp` 页面并解析已有 app passwords
+- 创建新的 app password
+- 删除已有 app password
+- 复制：
+  - secret
+  - WebDAV URL
+  - account
+
+## 环境
+
+- Bun `1.3+`
+
+安装依赖：
+
+```bash
+bun install
+```
+
+## npm 安装
+
+这个项目现在按“源码版 Bun CLI”发布到 npm。
+
+安装：
+
+```bash
+npm i -g nutstore-webdav-secret-cli
+```
+
+安装后命令是：
+
+```bash
+nswds
+```
+
+注意：
+
+- 机器上仍然需要先安装 Bun
+- npm 包当前分发的是源码入口，不是跨平台预编译二进制
+- 本地单文件二进制仍然走下面的构建流程
+
+## 运行
+
+开发模式：
+
+```bash
+bun run dev
+```
+
+调试模式：
+
+```bash
+bun run debug
+```
+
+`debug` 脚本会：
+
+- 关闭 alternate screen
+- 打开 OpenTUI console overlay
+- 更方便查看日志和错误
+
+## 本地发布
+
+这个项目现在支持本地编译成单文件 CLI 可执行物。
+
+构建走的是：
+
+- `Bun.build(...)`
+- `@opentui/solid/bun-plugin`
+- `compile.target` 根据当前本机平台自动推断
+
+类型检查：
+
+```bash
+bun run typecheck
+```
+
+构建本地二进制：
+
+```bash
+bun run build
+```
+
+产物路径：
+
+```bash
+./dist/nswds
+```
+
+运行已构建二进制：
+
+```bash
+bun run run:dist
+```
+
+本地发布流程：
+
+```bash
+bun run release:local
+```
+
+它会执行：
+
+- `bun run typecheck`
+- `bun run build`
+
+如果你想手动指定目标平台，可以覆盖：
+
+```bash
+BUILD_TARGET=bun-darwin-arm64 bun run build
+BUILD_TARGET=bun-linux-x64 bun run build
+```
+
+## npm 发布
+
+发布前检查：
+
+```bash
+bun run typecheck
+bun run pack:check
+```
+
+发布：
+
+```bash
+bun publish
+```
+
+如果你用 npm：
+
+```bash
+npm publish --access public
+```
+
+当前 `package.json` 已经配置：
+
+- `bin.nswds -> ./src/cli.tsx`
+- `publishConfig.access = public`
+- `prepublishOnly` 会先跑类型检查和 `npm pack --dry-run`
+
+## GitHub 发布流
+
+仓库现在按 `Changesets + GitHub Actions + npm trusted publishing` 设计。
+
+日常流程：
+
+1. 开功能分支
+2. 改代码
+3. 运行 `bun run changeset`
+4. 提交 PR
+5. `CI` workflow 会跑类型检查、二进制构建和 `npm pack --dry-run`
+6. PR 合并到 `main`
+7. `Release` workflow 会自动创建或更新一个 release PR
+8. 合并这个 release PR
+9. workflow 自动发布 npm
+
+也就是说：
+
+- 普通功能 PR 不会直接发 npm
+- 只有 release PR 合并后才真正发布
+- 版本号和 changelog 由 changesets 自动维护
+
+### 在 npm 侧你需要做什么
+
+1. 登录 npm
+2. 进入这个包的设置页
+3. 打开 `Trusted Publishers`
+4. 添加一个 GitHub Actions publisher
+
+建议填写：
+
+- Owner: 你的 GitHub 用户名或组织名
+- Repository: `nutstore-webdav-secret-cli`
+- Workflow file: `release.yml`
+- Environment: 留空
+
+配置完成后，GitHub Action 就可以通过 OIDC 直接发布，不需要单独保存 `NPM_TOKEN`。
+
+### 在 GitHub 侧你需要做什么
+
+1. 把默认分支确认成 `main`
+2. 打开仓库 `Settings -> Actions -> General`
+3. 确保允许工作流读写 Pull Requests 和 Contents
+4. 如果你启用了分支保护，允许 `GITHUB_TOKEN` 创建 release PR
+
+### 创建 changeset
+
+```bash
+bun run changeset
+```
+
+常用选择：
+
+- `patch`: 修 bug、文案调整、小优化
+- `minor`: 新功能
+- `major`: 破坏性变更
+
+## Cookie
+
+首次启动如果没有本地 Cookie，会进入手动输入流程。
+
+Cookie 会保存到：
+
+```bash
+~/.config/nswds/cookie
+```
+
+这里保存的是完整的 `Cookie` header 内容。
+
+## 快捷键
+
+列表页：
+
+- `Up/Down` 选择 secret
+- `Enter` 复制当前 secret
+- `U` 复制 WebDAV URL
+- `A` 复制 account
+- `N` 新增 secret
+- `D` 删除当前 secret
+- `R` 刷新列表
+- `Q` 退出
+
+新增 secret：
+
+- `Enter` 提交创建
+- `Esc` 取消
+
+删除 secret：
+
+- `D` 进入确认
+- `Y` 确认删除
+- `Esc` 取消
+
+## 请求接口
+
+当前已经接上的接口：
+
+- 列表：`https://www.jianguoyun.com/d/mobile_asp`
+- 创建：`https://www.jianguoyun.com/d/ajax/userop/generateAsp`
+- 删除：`https://www.jianguoyun.com/d/ajax/userop/revokeAsp`
+
+创建和删除接口都按浏览器同源 AJAX 请求的方式发送：
+
+- `application/x-www-form-urlencoded`
+- `X-Requested-With: XMLHttpRequest`
+- `Origin: https://www.jianguoyun.com`
+- `Referer: https://www.jianguoyun.com/d/mobile_asp`
+
+如果创建或删除返回 `403`，优先检查：
+
+- 本地保存的 Cookie 是否完整
+- Cookie 是否仍然有效
+- 是否包含接口依赖的关键字段
+
+## 当前限制
+
+- account 目前是从返回 HTML 里做启发式提取，不是严格结构化字段
+- 自动检测浏览器 Cookie 入口还没有启用
+- 删除和创建成功后依赖刷新列表同步状态

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "nutstore-webdav-secret-cli",
+  "version": "0.1.0",
+  "description": "Terminal UI for managing Nutstore WebDAV app passwords.",
+  "type": "module",
+  "private": false,
+  "bin": {
+    "nswds": "./src/cli.tsx"
+  },
+  "files": [
+    "src",
+    "scripts",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "bun": ">=1.3.0"
+  },
+  "scripts": {
+    "dev": "bun run --watch src/cli.tsx",
+    "debug": "OTUI_USE_ALTERNATE_SCREEN=false OTUI_USE_CONSOLE=true SHOW_CONSOLE=true bun run --watch src/cli.tsx",
+    "typecheck": "bunx tsc --noEmit --pretty false",
+    "changeset": "changeset",
+    "version-packages": "changeset version",
+    "build": "mkdir -p dist && bun run ./scripts/build.ts",
+    "run:dist": "./dist/nswds",
+    "release:local": "bun run typecheck && bun run build",
+    "pack:check": "mkdir -p .cache/npm && npm_config_cache=./.cache/npm npm pack --dry-run",
+    "release:npm": "npm publish --access public",
+    "prepublishOnly": "bun run typecheck && bun run pack:check"
+  },
+  "devDependencies": {
+    "@changesets/cli": "^2.31.0",
+    "@types/bun": "latest"
+  },
+  "peerDependencies": {
+    "typescript": "^5"
+  },
+  "dependencies": {
+    "@babel/core": "^7.29.0",
+    "@babel/preset-typescript": "^7.28.5",
+    "@effect/atom-solid": "^4.0.0-beta.78",
+    "@effect/platform-bun": "4.0.0-beta.78",
+    "@effect/platform-node": "4.0.0-beta.78",
+    "@opentui/core": "^0.3.2",
+    "@opentui/solid": "^0.3.2",
+    "add": "^2.0.6",
+    "babel-preset-solid": "1.9.12",
+    "effect": "^4.0.0-beta.78",
+    "solid-js": "1.9.12"
+  }
+}

package/scripts/build.ts

@@ -0,0 +1,56 @@
+import solidPlugin from "@opentui/solid/bun-plugin";
+
+const APP_NAME = "nswds";
+
+type BuildTarget =
+  | "bun-darwin-arm64"
+  | "bun-darwin-x64"
+  | "bun-linux-arm64"
+  | "bun-linux-x64"
+  | "bun-windows-arm64"
+  | "bun-windows-x64";
+
+const target = (process.env.BUILD_TARGET as BuildTarget | undefined) ?? inferBuildTarget();
+const outfile = process.env.BUILD_OUTFILE ?? `dist/${APP_NAME}`;
+
+await Bun.build({
+  entrypoints: ["./src/cli.tsx"],
+  plugins: [solidPlugin],
+  compile: {
+    target,
+    outfile,
+  },
+});
+
+console.log(`Built ${outfile} for ${target}`);
+
+function inferBuildTarget(): BuildTarget {
+  const platform = process.platform;
+  const arch = process.arch;
+
+  if (platform === "darwin" && arch === "arm64") {
+    return "bun-darwin-arm64";
+  }
+
+  if (platform === "darwin" && arch === "x64") {
+    return "bun-darwin-x64";
+  }
+
+  if (platform === "linux" && arch === "x64") {
+    return "bun-linux-x64";
+  }
+
+  if (platform === "linux" && arch === "arm64") {
+    return "bun-linux-arm64";
+  }
+
+  if (platform === "win32" && arch === "x64") {
+    return "bun-windows-x64";
+  }
+
+  if (platform === "win32" && arch === "arm64") {
+    return "bun-windows-arm64";
+  }
+
+  throw new Error(`Unsupported build target for ${platform}-${arch}`);
+}

package/src/App.tsx

@@ -0,0 +1,57 @@
+import { useAtomValue } from "@effect/atom-solid";
+import { Match, Switch, createMemo } from "solid-js";
+import { AuthGate } from "./components/auth-gate";
+import { SecretsPage } from "./components/secrets-page";
+import { authStateAtom, cookieAtom } from "./atom/auth";
+import { useThemeMode } from "./hooks/useThemeMode";
+import type { OpenTUIElement } from "./opentui-jsx";
+import { getPalette } from "./theme";
+
+function AuthChecking(props: {
+  cookie: string | null;
+  muted: string;
+  fg: string;
+}): OpenTUIElement {
+  return (
+    <box
+      alignItems="center"
+      flexDirection="column"
+      flexGrow={1}
+      gap={1}
+      justifyContent="center"
+      paddingX={2}
+    >
+      <text fg={props.fg}>Checking stored cookie...</text>
+      <text fg={props.muted}>
+        {props.cookie ? "Refreshing existing session..." : "Loading authentication state..."}
+      </text>
+    </box>
+  );
+}
+
+export function App(): OpenTUIElement {
+  const themeMode = useThemeMode();
+  const palette = createMemo(() => getPalette(themeMode()));
+  const authState = useAtomValue(() => authStateAtom);
+  const cookie = useAtomValue(() => cookieAtom);
+
+  return (
+    <Switch>
+      <Match when={authState() === "authenticated"}>
+        <SecretsPage palette={palette()} themeMode={themeMode()} />
+      </Match>
+
+      <Match when={authState() === "checking"}>
+        <AuthChecking
+          cookie={cookie()}
+          fg={palette().fg}
+          muted={palette().muted}
+        />
+      </Match>
+
+      <Match when={true}>
+        <AuthGate palette={palette()} />
+      </Match>
+    </Switch>
+  );
+}

package/src/atom/auth.ts

@@ -0,0 +1,55 @@
+import { Data } from "effect";
+import * as Effect from "effect/Effect";
+import * as Atom from "effect/unstable/reactivity/Atom";
+import * as AsyncResult from "effect/unstable/reactivity/AsyncResult";
+import { ConfigFileError, readCookie, saveCookie } from "../effect/auth";
+import { runtimeAtom } from "./platform";
+
+export type AuthState = "checking" | "anonymous" | "authenticated";
+export type SaveCookieError = InvalidCookieError | ConfigFileError;
+
+class InvalidCookieError extends Data.TaggedError("InvalidCookieError")<{
+  readonly message: string;
+}> {}
+
+export const storedCookieAtom = runtimeAtom.atom(
+  readCookie.pipe(Effect.map((cookie) => cookie.trim())),
+).pipe(Atom.keepAlive);
+
+export const saveCookieAtom = runtimeAtom.fn((cookie: string) => {
+  const normalized = cookie.trim();
+
+  if (normalized.length === 0) {
+    return Effect.fail<SaveCookieError>(
+      new InvalidCookieError({
+        message: "Cookie is empty. Paste a Cookie header to continue.",
+      }),
+    );
+  }
+
+  return saveCookie(normalized).pipe(
+    Effect.as(normalized),
+    Effect.mapError((error): SaveCookieError => error),
+  );
+}).pipe(Atom.keepAlive);
+
+export const authStateAtom = Atom.make((get): AuthState => {
+  const storedResult = get(storedCookieAtom);
+  const saveResult = get(saveCookieAtom);
+
+  if (AsyncResult.isInitial(storedResult) || storedResult.waiting) {
+    return "checking";
+  }
+
+  const cookie = AsyncResult.getOrElse(saveResult, () =>
+    AsyncResult.getOrElse(storedResult, () => null as string | null),
+  );
+
+  return cookie && cookie.trim().length > 0 ? "authenticated" : "anonymous";
+}).pipe(Atom.keepAlive);
+
+export const cookieAtom = Atom.make((get) =>
+  AsyncResult.getOrElse(get(saveCookieAtom), () =>
+    AsyncResult.getOrElse(get(storedCookieAtom), () => null as string | null),
+  ),
+).pipe(Atom.keepAlive);

package/src/atom/platform.ts

@@ -0,0 +1,10 @@
+import { BunServices } from "@effect/platform-bun";
+import { NodeServices } from "@effect/platform-node";
+import * as Atom from "effect/unstable/reactivity/Atom";
+
+const platformLayer =
+  typeof Bun !== "undefined"
+    ? BunServices.layer
+    : NodeServices.layer;
+
+export const runtimeAtom = Atom.runtime(platformLayer).pipe(Atom.keepAlive);

package/src/atom/secrets.ts

@@ -0,0 +1,94 @@
+import * as Effect from "effect/Effect";
+import * as Option from "effect/Option";
+import * as Atom from "effect/unstable/reactivity/Atom";
+import * as AsyncResult from "effect/unstable/reactivity/AsyncResult";
+import { AddSecretHttpError, AddSecretParseError, addSecret } from "../effect/add-secret";
+import { DeleteSecretHttpError, DeleteSecretValidationError, deleteSecret } from "../effect/delete-secret";
+import { MobileAspHttpError, MobileAspParseError, querySecretsList } from "../effect/list-secrets";
+import type { SecretItem } from "../types";
+import { cookieAtom } from "./auth";
+import { runtimeAtom } from "./platform";
+
+export type SecretsLoadState = "loading" | "ready" | "empty" | "error";
+type SecretsError = MobileAspHttpError | MobileAspParseError;
+export type AddSecretError = MissingCookieError | AddSecretHttpError | AddSecretParseError;
+export type DeleteSecretError = MissingCookieError | DeleteSecretHttpError | DeleteSecretValidationError;
+
+const EMPTY_SECRETS: SecretItem[] = [];
+
+class MissingCookieError extends Error {
+  constructor() {
+    super("Cookie unavailable. Re-authenticate before creating an app password.");
+  }
+}
+
+export const secretsPageInfoAtom: Atom.Atom<
+  AsyncResult.AsyncResult<SecretItem[], SecretsError>
+> = runtimeAtom.atom((get): Effect.Effect<SecretItem[], SecretsError> => {
+  const cookie = get(cookieAtom);
+
+  if (!cookie) {
+    return Effect.succeed(EMPTY_SECRETS);
+  }
+
+  return querySecretsList(cookie);
+}).pipe(Atom.keepAlive);
+
+export const secretsListAtom = Atom.make((get) =>
+  AsyncResult.getOrElse(get(secretsPageInfoAtom), () => EMPTY_SECRETS),
+).pipe(Atom.keepAlive);
+
+export const secretsLoadStateAtom = Atom.make((get): SecretsLoadState => {
+  const result = get(secretsPageInfoAtom);
+
+  if (AsyncResult.isInitial(result) || result.waiting) {
+    return "loading";
+  }
+
+  if (AsyncResult.isFailure(result)) {
+    return "error";
+  }
+
+  return result.value.length > 0 ? "ready" : "empty";
+}).pipe(Atom.keepAlive);
+
+export const secretsStatusMessageAtom = Atom.make((get): string => {
+  const result = get(secretsPageInfoAtom);
+
+  if (AsyncResult.isInitial(result) || result.waiting) {
+    return "Loading app passwords...";
+  }
+
+  if (AsyncResult.isFailure(result)) {
+    return Option.match(AsyncResult.error(result), {
+      onNone: () => "Failed to load app passwords",
+      onSome: (error) => error.message,
+    });
+  }
+
+  return `Loaded ${result.value.length} app passwords`;
+}).pipe(Atom.keepAlive);
+
+export const addSecretAtom = runtimeAtom.fn((name: string, get) => {
+  const cookie = get(cookieAtom);
+
+  if (!cookie) {
+    return Effect.fail<AddSecretError>(new MissingCookieError());
+  }
+
+  return addSecret(cookie, name).pipe(
+    Effect.mapError((error): AddSecretError => error),
+  );
+}).pipe(Atom.keepAlive);
+
+export const deleteSecretAtom = runtimeAtom.fn((name: string, get) => {
+  const cookie = get(cookieAtom);
+
+  if (!cookie) {
+    return Effect.fail<DeleteSecretError>(new MissingCookieError());
+  }
+
+  return deleteSecret(cookie, name).pipe(
+    Effect.mapError((error): DeleteSecretError => error),
+  );
+}).pipe(Atom.keepAlive);

package/src/authMock.ts

@@ -0,0 +1,11 @@
+export const mockStoredCookie = async () => {
+  return null;
+};
+
+export const mockAutoDetectCookie = async () => {
+  return "nutstore_mock_cookie=auto-detected; session=mock";
+};
+
+export const mockValidateCookie = async (cookie: string) => {
+  return cookie.trim().length > 0;
+};

package/src/cli.tsx

@@ -0,0 +1,6 @@
+#!/usr/bin/env bun
+
+import { render } from "@opentui/solid";
+import { App } from "./App";
+
+render(() => <App />);