opensoma 0.1.2 → 0.2.0

package/src/http.ts

@@ -1,9 +1,16 @@
-import { BASE_URL, MENU_NO } from '@/constants'
-import { parseCsrfToken } from '@/formatters'
+import { BASE_URL, MENU_NO } from './constants'
+import { AuthenticationError } from './errors'
+import { parseCsrfToken } from './formatters'
+
+const DEFAULT_USER_AGENT =
+  'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36'
+const DEFAULT_ACCEPT_LANGUAGE = 'ko,en-US;q=0.9,en;q=0.8'
 
 interface RequestOptions {
   sessionCookie?: string
+  cookies?: string
   csrfToken?: string
+  verbose?: boolean
 }
 
 interface CheckLoginResponse {
@@ -23,11 +30,17 @@ interface HeadersWithCookieHelpers extends Omit<Headers, 'getSetCookie'> {
 export class SomaHttp {
   private cookies = new Map<string, string>()
   private csrfToken: string | null
+  private verbose: boolean
 
   constructor(options?: RequestOptions) {
     this.csrfToken = options?.csrfToken ?? null
+    this.verbose = options?.verbose ?? false
 
-    if (options?.sessionCookie) {
+    if (options?.cookies) {
+      for (const cookie of options.cookies.split(';')) {
+        this.setCookie(cookie.trim())
+      }
+    } else if (options?.sessionCookie) {
       this.setCookie(
         options.sessionCookie.includes('=') ? options.sessionCookie : `JSESSIONID=${options.sessionCookie}`,
       )
@@ -41,22 +54,148 @@ export class SomaHttp {
     })
 
     this.updateFromResponse(response)
-    return response.text()
+    const body = await response.text()
+
+    const errorInfo = this.extractErrorFromResponse(body, null, path)
+    if (errorInfo === '__AUTH_ERROR__') {
+      throw new AuthenticationError()
+    }
+
+    return body
   }
 
   async post(path: string, body: Record<string, string>): Promise<string> {
+    const url = this.buildUrl(path)
     const formBody = new URLSearchParams(this.buildBody(body))
-    const response = await fetch(this.buildUrl(path), {
+
+    let response = await fetch(url, {
       method: 'POST',
       headers: {
         ...this.buildHeaders(),
         'Content-Type': 'application/x-www-form-urlencoded',
       },
       body: formBody.toString(),
+      redirect: 'manual',
     })
 
     this.updateFromResponse(response)
-    return response.text()
+
+    if (response.status >= 300 && response.status < 400) {
+      const location = response.headers.get('location')
+      const intermediateBody = await response.clone().text()
+      const errorInfo = this.extractErrorFromResponse(intermediateBody, location, path)
+      if (errorInfo) {
+        if (errorInfo === '__AUTH_ERROR__') {
+          throw new AuthenticationError()
+        }
+        throw new Error(errorInfo)
+      }
+    }
+
+    let finalUrl = url
+    while (response.status >= 300 && response.status < 400) {
+      const location = response.headers.get('location')
+      if (!location) break
+
+      const redirectUrl = location.startsWith('http') ? location : new URL(location, `${BASE_URL}/`).toString()
+      finalUrl = redirectUrl
+      response = await fetch(redirectUrl, {
+        method: 'GET',
+        headers: this.buildHeaders(),
+        redirect: 'manual',
+      })
+      this.updateFromResponse(response)
+    }
+
+    if (!response.ok) {
+      throw new Error(`HTTP ${response.status}: ${response.statusText}`)
+    }
+
+    const finalBody = await response.text()
+    this.log('POST', path, '-> Final URL:', finalUrl)
+    this.log('POST', path, '-> Response body (first 200 chars):', finalBody.slice(0, 200))
+
+    // Use final URL path for auth check, not original path (login flow redirects to main page)
+    const finalPath = new URL(finalUrl).pathname
+    const errorInfo = this.extractErrorFromResponse(finalBody, null, finalPath)
+    if (errorInfo) {
+      this.log('POST', path, '-> Error detected:', errorInfo)
+      if (errorInfo === '__AUTH_ERROR__') {
+        throw new AuthenticationError()
+      }
+      throw new Error(errorInfo)
+    }
+
+    if (finalPath.includes('insertForm') || finalPath.includes('error') || finalPath.includes('fail')) {
+      this.log('POST', path, '-> Suspicious final URL:', finalUrl)
+      throw new Error('멘토링 등록에 실패했습니다.')
+    }
+
+    return finalBody
+  }
+
+  private extractErrorFromResponse(body: string, location: string | null, path?: string): string | null {
+    this.log(
+      'extractErrorFromResponse',
+      path,
+      'body length:',
+      body.length,
+      'title:',
+      body.match(/<title>([^<]*)<\/title>/)?.[1],
+    )
+
+    const alertMatch = body.match(/<script>\s*alert\(['"](.+?)['"]\)\s*<\/script>/)
+    if (alertMatch) {
+      this.log('Found alert match:', alertMatch[1])
+      return alertMatch[1]
+    }
+
+    const titleMatch = body.match(/<title>([^<]*)<\/title>/i)
+    const pageTitle = titleMatch?.[1] ?? ''
+
+    // Check for login page - server returns login page HTML (with login form) when session is invalid
+    // The login page has both the SW마에스트로 title AND a login form with username/password inputs
+    // Skip this check during login flow (forLogin = GET for CSRF, toLogin = POST credentials)
+    const isLoginPath = path?.includes('/member/user/forLogin') || path?.includes('/member/user/toLogin')
+    const hasUsername = body.includes('name="username"')
+    const hasPassword = body.includes('name="password"')
+    if (
+      !isLoginPath &&
+      hasUsername &&
+      hasPassword &&
+      (pageTitle.includes('AI·SW마에스트로') || pageTitle.includes('SW마에스트로'))
+    ) {
+      return '__AUTH_ERROR__'
+    }
+
+    const errorTitleMatch = body.match(/<title>(에러안내|오류|Error)[^<]*<\/title>/i)
+    if (errorTitleMatch) {
+      this.log('Found error title match')
+      const msgVarMatch = body.match(/var\s+msg\s*=\s*['"](.+?)['"];/)
+      if (msgVarMatch) {
+        this.log('Found msg var:', msgVarMatch[1].slice(0, 100))
+        return msgVarMatch[1]
+      }
+      const errorPatterns = [
+        '등록에 실패',
+        '저장에 실패',
+        '오류가 발생',
+        '실패하였습니다',
+        '잘못된 접근',
+        '권한이 없습니다',
+        'SQLException',
+        'Error updating database',
+      ]
+      for (const pattern of errorPatterns) {
+        if (body.includes(pattern)) {
+          this.log('Found error pattern:', pattern)
+          return '멘토링 등록에 실패했습니다: ' + pattern
+        }
+      }
+      return '에러가 발생했습니다'
+    }
+
+    return null
   }
 
   async postJson<T>(path: string, body: Record<string, string>): Promise<T> {
@@ -78,13 +217,30 @@ export class SomaHttp {
   async login(username: string, password: string): Promise<void> {
     const csrfToken = await this.extractCsrfToken()
 
-    await this.post('/member/user/toLogin.do', {
+    const html = await this.post('/member/user/toLogin.do', {
       username,
       password,
       csrfToken,
       loginFlag: '',
       menuNo: MENU_NO.LOGIN,
     })
+
+    // SWMaestro returns an intermediate form that auto-submits via JS:
+    //   <form action="/sw/login.do"><input name="password" value="bcrypt_hash"/>...
+    // We need to parse and submit this form to complete authentication.
+    const actionMatch = html.match(/action=["']([^"']+)["']/)
+    const fields: Record<string, string> = {}
+
+    // Match name="..." or name='...' followed by value="..." or value='...'
+    // Uses backreferences (\1 and \3) to match the same quote type for closing
+    for (const match of html.matchAll(/name=(['"])([^'"]+)\1\s+value=(['"])(.*?)\3/g)) {
+      fields[match[2]] = match[4]
+    }
+
+    if (actionMatch?.[1] && Object.keys(fields).length > 0) {
+      const action = actionMatch[1].replace(/^\/sw/, '')
+      await this.post(action, fields)
+    }
   }
 
   async checkLogin(): Promise<UserIdentity | null> {
@@ -141,7 +297,11 @@ export class SomaHttp {
 
   private buildHeaders(): Record<string, string> {
     const cookieHeader = this.serializeCookies()
-    return cookieHeader ? { cookie: cookieHeader } : {}
+    return {
+      'Accept-Language': DEFAULT_ACCEPT_LANGUAGE,
+      'User-Agent': DEFAULT_USER_AGENT,
+      ...(cookieHeader ? { cookie: cookieHeader } : {}),
+    }
   }
 
   private buildBody(body: Record<string, string>): Record<string, string> {
@@ -193,4 +353,10 @@ export class SomaHttp {
   private serializeCookies(): string {
     return [...this.cookies.entries()].map(([name, value]) => `${name}=${value}`).join('; ')
   }
+
+  private log(...args: unknown[]): void {
+    if (this.verbose) {
+      console.log('[opensoma]', ...args)
+    }
+  }
 }

package/src/index.ts

@@ -1,5 +1,6 @@
 export { SomaClient } from './client'
 export type { SomaClientOptions } from './client'
+export { AuthenticationError } from './errors'
 export { SomaHttp } from './http'
 export { CredentialManager } from './credential-manager'
 export * from './types'

package/src/shared/utils/mentoring-params.test.ts

@@ -1,7 +1,6 @@
 import { describe, expect, test } from 'bun:test'
 
-import { MENU_NO, REPORT_CD } from '@/constants'
-
+import { MENU_NO, REPORT_CD } from '../../constants'
 import { buildMentoringListParams, parseSearchQuery } from './mentoring-params'
 
 describe('parseSearchQuery', () => {
@@ -40,7 +39,10 @@ describe('buildMentoringListParams', () => {
   })
 
   test('status maps open to A, closed to C', () => {
-    expect(buildMentoringListParams({ status: 'open' })).toEqual({ menuNo: MENU_NO.MENTORING, searchStatMentolec: 'A' })
+    expect(buildMentoringListParams({ status: 'open' })).toEqual({
+      menuNo: MENU_NO.MENTORING,
+      searchStatMentolec: 'A',
+    })
     expect(buildMentoringListParams({ status: 'closed' })).toEqual({
       menuNo: MENU_NO.MENTORING,
       searchStatMentolec: 'C',
@@ -107,6 +109,9 @@ describe('buildMentoringListParams', () => {
   })
 
   test('page sets pageIndex', () => {
-    expect(buildMentoringListParams({ page: 3 })).toEqual({ menuNo: MENU_NO.MENTORING, pageIndex: '3' })
+    expect(buildMentoringListParams({ page: 3 })).toEqual({
+      menuNo: MENU_NO.MENTORING,
+      pageIndex: '3',
+    })
   })
 })

package/src/shared/utils/mentoring-params.ts

@@ -1,8 +1,11 @@
-import { MENU_NO, REPORT_CD } from '@/constants'
-import type { UserIdentity } from '@/http'
+import { MENU_NO, REPORT_CD } from '../../constants'
+import type { UserIdentity } from '../../http'
 
 const STATUS_MAP: Record<string, string> = { open: 'A', closed: 'C' }
-const TYPE_MAP: Record<string, string> = { public: REPORT_CD.PUBLIC_MENTORING, lecture: REPORT_CD.MENTOR_LECTURE }
+const TYPE_MAP: Record<string, string> = {
+  public: REPORT_CD.PUBLIC_MENTORING,
+  lecture: REPORT_CD.MENTOR_LECTURE,
+}
 const SEARCH_FIELD_MAP: Record<string, string> = { title: '1', author: '2', content: '3' }
 
 export interface MentoringSearchQuery {

package/src/shared/utils/swmaestro.ts

@@ -1,7 +1,7 @@
 import { parse } from 'node-html-parser'
 
-import { MENU_NO, REPORT_CD, ROOM_IDS, TIME_SLOTS } from '@/constants'
-import { ApplicationHistoryItemSchema, type ApplicationHistoryItem } from '@/types'
+import { MENU_NO, REPORT_CD, ROOM_IDS, TIME_SLOTS } from '../../constants'
+import { ApplicationHistoryItemSchema, type ApplicationHistoryItem } from '../../types'
 
 export function toReportCd(type: 'public' | 'lecture'): string {
   return type === 'lecture' ? REPORT_CD.MENTOR_LECTURE : REPORT_CD.PUBLIC_MENTORING

package/src/token-extractor.test.ts

@@ -1,10 +1,11 @@
+import { Database } from 'bun:sqlite'
 import { afterEach, describe, expect, test } from 'bun:test'
+import { execSync } from 'node:child_process'
 import { createCipheriv, pbkdf2Sync } from 'node:crypto'
 import { mkdirSync, rmSync, writeFileSync } from 'node:fs'
 import { mkdtemp } from 'node:fs/promises'
 import { tmpdir } from 'node:os'
 import { dirname, join } from 'node:path'
-import { Database } from 'bun:sqlite'
 
 import { BROWSERS, TokenExtractor } from './token-extractor'
 
@@ -33,9 +34,7 @@ describe('TokenExtractor', () => {
 
     expect(paths).toHaveLength(BROWSERS.length)
     for (const browser of BROWSERS) {
-      expect(paths).toContainEqual(
-        join(home, 'Library', 'Application Support', browser.macPath, 'Default', 'Cookies'),
-      )
+      expect(paths).toContainEqual(join(home, 'Library', 'Application Support', browser.macPath, 'Default', 'Cookies'))
     }
   })
 
@@ -66,6 +65,45 @@ describe('TokenExtractor', () => {
     expect(await extractor.extract()).toEqual({ sessionCookie: 'my-session-id' })
   })
 
+  test('finds cookie databases across numbered browser profiles', async () => {
+    const home = await makeTempDir()
+    createCookieFile(join(home, '.config', 'google-chrome', 'Default', 'Cookies'))
+    createCookieFile(join(home, '.config', 'google-chrome', 'Profile 1', 'Cookies'))
+    createCookieFile(join(home, '.config', 'google-chrome', 'Profile 2', 'Cookies'))
+
+    const extractor = new TokenExtractor('linux', home)
+
+    expect(extractor.findCookieDatabases()).toEqual([
+      join(home, '.config', 'google-chrome', 'Default', 'Cookies'),
+      join(home, '.config', 'google-chrome', 'Profile 1', 'Cookies'),
+      join(home, '.config', 'google-chrome', 'Profile 2', 'Cookies'),
+    ])
+  })
+
+  test('extractCandidates keeps the newest unique cookie across profiles', async () => {
+    const home = await makeTempDir()
+    createCookieDbWithPlaintext(join(home, '.config', 'google-chrome', 'Default', 'Cookies'), 'stale-session', 10)
+    createCookieDbWithPlaintext(join(home, '.config', 'google-chrome', 'Profile 1', 'Cookies'), 'valid-session', 20)
+    createCookieDbWithPlaintext(join(home, '.config', 'google-chrome', 'Profile 2', 'Cookies'), 'stale-session', 30)
+
+    const extractor = new TokenExtractor('linux', home)
+
+    await expect(extractor.extractCandidates()).resolves.toEqual([
+      {
+        browser: 'Chrome',
+        lastAccessUtc: 30,
+        profile: 'Profile 2',
+        sessionCookie: 'stale-session',
+      },
+      {
+        browser: 'Chrome',
+        lastAccessUtc: 20,
+        profile: 'Profile 1',
+        sessionCookie: 'valid-session',
+      },
+    ])
+  })
+
   test('decrypts encrypted cookie on Linux', async () => {
     const home = await makeTempDir()
     const dbPath = join(home, '.config', 'google-chrome', 'Default', 'Cookies')
@@ -75,6 +113,28 @@ describe('TokenExtractor', () => {
     const extractor = new TokenExtractor('linux', home)
     expect(await extractor.extract()).toEqual({ sessionCookie: 'decrypted-session' })
   })
+
+  test('extracts plaintext cookie under Node.js (compiled ESM)', async () => {
+    execSync('bun run build', { cwd: join(import.meta.dir, '..'), stdio: 'pipe' })
+    const home = await makeTempDir()
+    const dbPath = join(home, '.config', 'google-chrome', 'Default', 'Cookies')
+    createCookieDbWithPlaintext(dbPath, 'node-test-session')
+
+    const result = runNodeExtractor(home)
+
+    expect(JSON.parse(result.trim())).toEqual({ sessionCookie: 'node-test-session' })
+  })
+
+  test('extracts encrypted cookie under Node.js (compiled ESM)', async () => {
+    execSync('bun run build', { cwd: join(import.meta.dir, '..'), stdio: 'pipe' })
+    const home = await makeTempDir()
+    const dbPath = join(home, '.config', 'google-chrome', 'Default', 'Cookies')
+    createCookieDbWithEncrypted(dbPath, encryptLinuxCookie('node-encrypted-session'))
+
+    const result = runNodeExtractor(home)
+
+    expect(JSON.parse(result.trim())).toEqual({ sessionCookie: 'node-encrypted-session' })
+  })
 })
 
 async function makeTempDir(): Promise<string> {
@@ -88,15 +148,16 @@ function createCookieFile(filePath: string): void {
   writeFileSync(filePath, '')
 }
 
-function createCookieDbWithPlaintext(filePath: string, value: string): void {
+function createCookieDbWithPlaintext(filePath: string, value: string, lastAccessUtc = 0): void {
   mkdirSync(dirname(filePath), { recursive: true })
   const db = new Database(filePath)
   db.run(
     'CREATE TABLE cookies (host_key TEXT, name TEXT, value TEXT, encrypted_value BLOB, creation_utc INTEGER, expires_utc INTEGER, is_httponly INTEGER, has_expires INTEGER, is_persistent INTEGER, priority INTEGER, samesite INTEGER, source_scheme INTEGER, is_secure INTEGER, path TEXT, last_access_utc INTEGER, last_update_utc INTEGER, source_port INTEGER, source_type INTEGER)',
   )
-  db.run("INSERT INTO cookies (host_key, name, value, encrypted_value) VALUES ('swmaestro.ai', 'JSESSIONID', ?, '')", [
-    value,
-  ])
+  db.run(
+    "INSERT INTO cookies (host_key, name, value, encrypted_value, last_access_utc) VALUES ('swmaestro.ai', 'JSESSIONID', ?, '', ?)",
+    [value, lastAccessUtc],
+  )
   db.close()
 }
 
@@ -112,6 +173,21 @@ function createCookieDbWithEncrypted(filePath: string, encrypted: Buffer): void
   db.close()
 }
 
+function runNodeExtractor(home: string): string {
+  const projectRoot = join(import.meta.dir, '..')
+  const scriptPath = join(home, 'test-node-extract.mjs')
+  writeFileSync(
+    scriptPath,
+    [
+      `import { TokenExtractor } from ${JSON.stringify(join(projectRoot, 'dist', 'src', 'token-extractor.js'))};`,
+      `const ext = new TokenExtractor('linux', ${JSON.stringify(home)});`,
+      `const result = await ext.extract();`,
+      `console.log(JSON.stringify(result));`,
+    ].join('\n'),
+  )
+  return execSync(`node ${scriptPath}`, { encoding: 'utf-8', timeout: 15_000 })
+}
+
 function encryptLinuxCookie(value: string): Buffer {
   const key = pbkdf2Sync('peanuts', CHROMIUM_SALT, 1, 16, 'sha1')
   const cipher = createCipheriv('aes-128-cbc', key, CHROMIUM_IV)

package/src/token-extractor.ts

@@ -1,13 +1,17 @@
 import { execSync } from 'node:child_process'
 import { createDecipheriv, pbkdf2Sync } from 'node:crypto'
-import { copyFileSync, existsSync, mkdtempSync, rmSync } from 'node:fs'
+import { copyFileSync, existsSync, mkdtempSync, readdirSync, rmSync } from 'node:fs'
+import { createRequire } from 'node:module'
 import { homedir, tmpdir } from 'node:os'
-import { join } from 'node:path'
+import { basename, dirname, join } from 'node:path'
+
+const require = createRequire(import.meta.url)
 
 const COOKIE_QUERY =
-  "SELECT encrypted_value, value FROM cookies WHERE host_key LIKE '%swmaestro.ai' AND name = 'JSESSIONID' ORDER BY last_access_utc DESC LIMIT 1"
+  "SELECT encrypted_value, last_access_utc, value FROM cookies WHERE host_key LIKE '%swmaestro.ai' AND name = 'JSESSIONID' ORDER BY last_access_utc DESC LIMIT 1"
 const CHROMIUM_SALT = 'saltysalt'
 const CHROMIUM_IV = Buffer.alloc(16, 0x20)
+const PROFILE_DIR_PATTERN = /^Profile\s+\d+$/
 
 type BrowserConfig = {
   name: string
@@ -19,9 +23,17 @@ type BrowserConfig = {
 
 type CookieRow = {
   encrypted_value: Uint8Array | Buffer | null
+  last_access_utc?: number | bigint | null
   value: string | null
 }
 
+export interface ExtractedSessionCandidate {
+  browser: string
+  lastAccessUtc: number
+  profile: string
+  sessionCookie: string
+}
+
 export const BROWSERS: BrowserConfig[] = [
   {
     name: 'Chrome',
@@ -79,12 +91,36 @@ function queryCookieDb(dbPath: string): CookieRow | undefined {
     }
   }
 
-  const Database = require('better-sqlite3')
-  const db = new Database(dbPath, { readonly: true })
   try {
-    return db.prepare(COOKIE_QUERY).get() as CookieRow | undefined
-  } finally {
-    db.close()
+    const { DatabaseSync } = require('node:sqlite') as {
+      DatabaseSync: new (
+        path: string,
+        options?: { readonly?: boolean },
+      ) => {
+        close: () => void
+        prepare: (query: string) => { get: () => CookieRow | undefined }
+      }
+    }
+    const db = new DatabaseSync(dbPath, { readonly: true })
+    try {
+      return db.prepare(COOKIE_QUERY).get() ?? undefined
+    } finally {
+      db.close()
+    }
+  } catch {
+    const Database = require('better-sqlite3') as new (
+      path: string,
+      options?: { readonly?: boolean },
+    ) => {
+      close: () => void
+      prepare: (query: string) => { get: () => CookieRow | undefined }
+    }
+    const db = new Database(dbPath, { readonly: true })
+    try {
+      return db.prepare(COOKIE_QUERY).get() ?? undefined
+    } finally {
+      db.close()
+    }
   }
 }
 
@@ -95,12 +131,27 @@ export class TokenExtractor {
   ) {}
 
   async extract(): Promise<{ sessionCookie: string } | null> {
+    const candidates = await this.extractCandidates()
+    const firstCandidate = candidates[0]
+
+    if (!firstCandidate) {
+      return null
+    }
+
+    return { sessionCookie: firstCandidate.sessionCookie }
+  }
+
+  async extractCandidates(): Promise<ExtractedSessionCandidate[]> {
+    const candidates = new Map<string, ExtractedSessionCandidate>()
+
     for (const databasePath of this.findCookieDatabases()) {
       const browser = this.getBrowserByPath(databasePath)
       if (!browser) {
         continue
       }
 
+      const profile = basename(dirname(databasePath))
+
       const tempDirectory = mkdtempSync(join(tmpdir(), 'opensoma-cookie-db-'))
       const tempDatabasePath = join(tempDirectory, 'Cookies')
 
@@ -114,7 +165,13 @@ export class TokenExtractor {
 
         const plaintextValue = typeof row.value === 'string' ? row.value.trim() : ''
         if (plaintextValue) {
-          return { sessionCookie: plaintextValue }
+          this.addCandidate(candidates, {
+            browser: browser.name,
+            lastAccessUtc: this.normalizeLastAccessUtc(row.last_access_utc),
+            profile,
+            sessionCookie: plaintextValue,
+          })
+          continue
         }
 
         if (!row.encrypted_value || row.encrypted_value.length === 0) {
@@ -123,29 +180,24 @@ export class TokenExtractor {
 
         const decryptedValue = await this.decryptCookie(Buffer.from(row.encrypted_value), browser.name)
         if (decryptedValue) {
-          return { sessionCookie: decryptedValue }
+          this.addCandidate(candidates, {
+            browser: browser.name,
+            lastAccessUtc: this.normalizeLastAccessUtc(row.last_access_utc),
+            profile,
+            sessionCookie: decryptedValue,
+          })
         }
       } catch {
-        continue
       } finally {
         rmSync(tempDirectory, { recursive: true, force: true })
       }
     }
 
-    return null
+    return [...candidates.values()].sort((left, right) => right.lastAccessUtc - left.lastAccessUtc)
   }
 
   findCookieDatabases(): string[] {
-    const browserPaths =
-      this.platform === 'darwin'
-        ? BROWSERS.map((browser) =>
-            join(this.homeDirectory, 'Library', 'Application Support', browser.macPath, 'Default', 'Cookies'),
-          )
-        : this.platform === 'linux'
-          ? BROWSERS.map((browser) => join(this.homeDirectory, '.config', browser.linuxPath, 'Default', 'Cookies'))
-          : []
-
-    return browserPaths.filter((databasePath) => existsSync(databasePath))
+    return BROWSERS.flatMap((browser) => this.findBrowserCookieDatabases(browser))
   }
 
   private async decryptCookie(encryptedValue: Buffer, browserName: string): Promise<string> {
@@ -202,4 +254,48 @@ export class TokenExtractor {
       (browser) => databasePath.includes(`${browser.macPath}/`) || databasePath.includes(`${browser.linuxPath}/`),
     )
   }
+
+  private addCandidate(candidates: Map<string, ExtractedSessionCandidate>, candidate: ExtractedSessionCandidate): void {
+    const existing = candidates.get(candidate.sessionCookie)
+    if (!existing || existing.lastAccessUtc < candidate.lastAccessUtc) {
+      candidates.set(candidate.sessionCookie, candidate)
+    }
+  }
+
+  private findBrowserCookieDatabases(browser: BrowserConfig): string[] {
+    const browserRoot = this.getBrowserRoot(browser)
+    if (!browserRoot || !existsSync(browserRoot)) {
+      return []
+    }
+
+    return readdirSync(browserRoot, { withFileTypes: true })
+      .filter((entry) => entry.isDirectory() && this.isSupportedProfileDirectory(entry.name))
+      .sort((left, right) => left.name.localeCompare(right.name))
+      .map((entry) => join(browserRoot, entry.name, 'Cookies'))
+      .filter((databasePath) => existsSync(databasePath))
+  }
+
+  private getBrowserRoot(browser: BrowserConfig): string | null {
+    if (this.platform === 'darwin') {
+      return join(this.homeDirectory, 'Library', 'Application Support', browser.macPath)
+    }
+
+    if (this.platform === 'linux') {
+      return join(this.homeDirectory, '.config', browser.linuxPath)
+    }
+
+    return null
+  }
+
+  private isSupportedProfileDirectory(profileName: string): boolean {
+    return profileName === 'Default' || PROFILE_DIR_PATTERN.test(profileName)
+  }
+
+  private normalizeLastAccessUtc(lastAccessUtc: number | bigint | null | undefined): number {
+    if (typeof lastAccessUtc === 'bigint') {
+      return Number(lastAccessUtc)
+    }
+
+    return typeof lastAccessUtc === 'number' ? lastAccessUtc : 0
+  }
 }

package/src/types.test.ts

@@ -13,7 +13,7 @@ import {
   PaginationSchema,
   RoomCardSchema,
   TeamInfoSchema,
-} from '@/types'
+} from './types'
 
 describe('schemas', () => {
   test('accept valid values', () => {
@@ -161,7 +161,9 @@ describe('schemas', () => {
     expect(() => RoomCardSchema.parse({ itemId: '17' })).toThrow()
     expect(() => DashboardSchema.parse({ name: '전수열' })).toThrow()
     expect(() => NoticeListItemSchema.parse({ id: 1, title: '공지' })).toThrow()
-    expect(() => NoticeDetailSchema.parse({ id: 1, title: '공지', author: '관리자', createdAt: '2026-04-01' })).toThrow()
+    expect(() =>
+      NoticeDetailSchema.parse({ id: 1, title: '공지', author: '관리자', createdAt: '2026-04-01' }),
+    ).toThrow()
     expect(() => TeamInfoSchema.parse({ teams: [{ name: '김개발' }], currentTeams: 1, maxTeams: 100 })).toThrow()
     expect(() => MemberInfoSchema.parse({ email: 1, name: '전수열' })).toThrow()
     expect(() => EventListItemSchema.parse({ id: 1, title: '행사', status: '접수중' })).toThrow()