opensoma 0.1.3 → 0.2.1

package/src/http.test.ts

@@ -1,7 +1,7 @@
 import { afterEach, describe, expect, mock, test } from 'bun:test'
 
-import { MENU_NO } from '@/constants'
-import { SomaHttp } from '@/http'
+import { MENU_NO } from './constants'
+import { SomaHttp } from './http'
 
 const originalFetch = globalThis.fetch
 
@@ -12,8 +12,13 @@ afterEach(() => {
 
 describe('SomaHttp', () => {
   test('get sends query params and stores cookies', async () => {
-    const fetchMock = mock(async (input: RequestInfo | URL) => {
+    const fetchMock = mock(async (input: RequestInfo | URL, init?: RequestInit) => {
       expect(String(input)).toBe(`https://www.swmaestro.ai/sw/member/user/forLogin.do?menuNo=${MENU_NO.LOGIN}`)
+      expect(init?.headers).toEqual({
+        'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
+        'User-Agent':
+          'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
+      })
       return createResponse('<html></html>', ['JSESSIONID=session-1; Path=/', 'XSRF-TOKEN=csrf-1; Path=/'])
     })
     globalThis.fetch = fetchMock as typeof fetch
@@ -30,6 +35,9 @@ describe('SomaHttp', () => {
     const fetchMock = mock(async (_input: RequestInfo | URL, init?: RequestInit) => {
       expect(init?.method).toBe('POST')
       expect(init?.headers).toEqual({
+        'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
+        'User-Agent':
+          'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
         cookie: 'JSESSIONID=session-1',
         'Content-Type': 'application/x-www-form-urlencoded',
       })
@@ -47,6 +55,9 @@ describe('SomaHttp', () => {
   test('postJson returns parsed json', async () => {
     const fetchMock = mock(async (_input: RequestInfo | URL, init?: RequestInit) => {
       expect(init?.headers).toEqual({
+        'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
+        'User-Agent':
+          'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
         cookie: 'JSESSIONID=session-1',
         Accept: 'application/json',
         'Content-Type': 'application/x-www-form-urlencoded',
@@ -56,7 +67,9 @@ describe('SomaHttp', () => {
     globalThis.fetch = fetchMock as typeof fetch
 
     const http = new SomaHttp({ sessionCookie: 'session-1', csrfToken: 'csrf-1' })
-    const json = await http.postJson<{ resultCode: string }>('/mypage/officeMng/rentTime.do', { itemId: '17' })
+    const json = await http.postJson<{ resultCode: string }>('/mypage/officeMng/rentTime.do', {
+      itemId: '17',
+    })
 
     expect(json).toEqual({ resultCode: 'SUCCESS' })
   })
@@ -67,6 +80,11 @@ describe('SomaHttp', () => {
 
       if (url.includes('/forLogin.do')) {
         expect(init?.method).toBe('GET')
+        expect(init?.headers).toEqual({
+          'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
+          'User-Agent':
+            'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
+        })
         return createResponse('<form><input type="hidden" name="csrfToken" value="csrf-login"></form>', [
           'JSESSIONID=session-2; Path=/',
         ])
@@ -75,6 +93,9 @@ describe('SomaHttp', () => {
       expect(url).toBe('https://www.swmaestro.ai/sw/member/user/toLogin.do')
       expect(init?.method).toBe('POST')
       expect(init?.headers).toEqual({
+        'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
+        'User-Agent':
+          'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
         cookie: 'JSESSIONID=session-2',
         'Content-Type': 'application/x-www-form-urlencoded',
       })
@@ -96,16 +117,32 @@ describe('SomaHttp', () => {
   })
 
   test('checkLogin returns user identity when logged in, null otherwise', async () => {
-    const loggedInMock = mock(async () =>
+    const loggedInMock = mock(async (_input: RequestInfo | URL, _init?: RequestInit) =>
       createResponse(
-        JSON.stringify({ resultCode: 'fail', userVO: { userId: 'user@example.com', userNm: 'Test' } }),
+        JSON.stringify({
+          resultCode: 'fail',
+          userVO: { userId: 'user@example.com', userNm: 'Test' },
+        }),
         [],
         'application/json',
       ),
     )
     globalThis.fetch = loggedInMock as typeof fetch
 
-    await expect(new SomaHttp().checkLogin()).resolves.toEqual({ userId: 'user@example.com', userNm: 'Test' })
+    await expect(new SomaHttp().checkLogin()).resolves.toEqual({
+      userId: 'user@example.com',
+      userNm: 'Test',
+    })
+    expect(loggedInMock).toHaveBeenCalledWith('https://www.swmaestro.ai/sw/member/user/checkLogin.json', {
+      method: 'GET',
+      redirect: 'manual',
+      headers: {
+        'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
+        'User-Agent':
+          'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
+        Accept: 'application/json',
+      },
+    })
 
     const notLoggedInMock = mock(async () =>
       createResponse(JSON.stringify({ resultCode: 'fail', userVO: { userId: '', userSn: 0 } }), [], 'application/json'),
@@ -115,6 +152,29 @@ describe('SomaHttp', () => {
     await expect(new SomaHttp().checkLogin()).resolves.toBeNull()
   })
 
+  test('checkLogin returns null when the server redirects to login', async () => {
+    const fetchMock = mock(async () =>
+      createResponse('', [], 'text/html', {
+        status: 302,
+        headers: { Location: 'http://www.swmaestro.ai/sw/member/user/loginForward.do' },
+      }),
+    )
+    globalThis.fetch = fetchMock as typeof fetch
+
+    await expect(new SomaHttp({ sessionCookie: 'session-1' }).checkLogin()).resolves.toBeNull()
+  })
+
+  test('checkLogin returns null when the server serves login html instead of json', async () => {
+    const fetchMock = mock(async () =>
+      createResponse(
+        '<html><head><title>AI·SW마에스트로</title></head><body><form><input name="username"><input name="password"></form></body></html>',
+      ),
+    )
+    globalThis.fetch = fetchMock as typeof fetch
+
+    await expect(new SomaHttp({ sessionCookie: 'session-1' }).checkLogin()).resolves.toBeNull()
+  })
+
   test('logout calls logout endpoint', async () => {
     const fetchMock = mock(async (input: RequestInfo | URL) => {
       expect(String(input)).toBe('https://www.swmaestro.ai/sw/member/user/logout.do')
@@ -138,9 +198,14 @@ describe('SomaHttp', () => {
   })
 })
 
-function createResponse(body: string, cookies: string[] = [], contentType = 'text/html'): Response {
-  const headers = new Headers({ 'Content-Type': contentType })
-  const response = new Response(body, { headers })
+function createResponse(
+  body: string,
+  cookies: string[] = [],
+  contentType = 'text/html',
+  options: { status?: number; headers?: Record<string, string> } = {},
+): Response {
+  const headers = new Headers({ 'Content-Type': contentType, ...(options.headers ?? {}) })
+  const response = new Response(body, { headers, status: options.status })
   const cookieHeaders = cookies
 
   Object.defineProperty(response.headers, 'getSetCookie', {

package/src/http.ts

@@ -1,9 +1,16 @@
-import { BASE_URL, MENU_NO } from '@/constants'
-import { parseCsrfToken } from '@/formatters'
+import { BASE_URL, MENU_NO } from './constants'
+import { AuthenticationError } from './errors'
+import { parseCsrfToken } from './formatters'
+
+const DEFAULT_USER_AGENT =
+  'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36'
+const DEFAULT_ACCEPT_LANGUAGE = 'ko,en-US;q=0.9,en;q=0.8'
 
 interface RequestOptions {
   sessionCookie?: string
+  cookies?: string
   csrfToken?: string
+  verbose?: boolean
 }
 
 interface CheckLoginResponse {
@@ -23,11 +30,17 @@ interface HeadersWithCookieHelpers extends Omit<Headers, 'getSetCookie'> {
 export class SomaHttp {
   private cookies = new Map<string, string>()
   private csrfToken: string | null
+  private verbose: boolean
 
   constructor(options?: RequestOptions) {
     this.csrfToken = options?.csrfToken ?? null
+    this.verbose = options?.verbose ?? false
 
-    if (options?.sessionCookie) {
+    if (options?.cookies) {
+      for (const cookie of options.cookies.split(';')) {
+        this.setCookie(cookie.trim())
+      }
+    } else if (options?.sessionCookie) {
       this.setCookie(
         options.sessionCookie.includes('=') ? options.sessionCookie : `JSESSIONID=${options.sessionCookie}`,
       )
@@ -41,22 +54,152 @@ export class SomaHttp {
     })
 
     this.updateFromResponse(response)
-    return response.text()
+    const body = await response.text()
+
+    const errorInfo = this.extractErrorFromResponse(body, null, path)
+    if (errorInfo === '__AUTH_ERROR__') {
+      throw new AuthenticationError()
+    }
+
+    return body
   }
 
   async post(path: string, body: Record<string, string>): Promise<string> {
+    const url = this.buildUrl(path)
     const formBody = new URLSearchParams(this.buildBody(body))
-    const response = await fetch(this.buildUrl(path), {
+
+    let response = await fetch(url, {
       method: 'POST',
       headers: {
         ...this.buildHeaders(),
         'Content-Type': 'application/x-www-form-urlencoded',
       },
       body: formBody.toString(),
+      redirect: 'manual',
     })
 
     this.updateFromResponse(response)
-    return response.text()
+
+    if (response.status >= 300 && response.status < 400) {
+      const location = response.headers.get('location')
+      const intermediateBody = await response.clone().text()
+      const errorInfo = this.extractErrorFromResponse(intermediateBody, location, path)
+      if (errorInfo) {
+        if (errorInfo === '__AUTH_ERROR__') {
+          throw new AuthenticationError()
+        }
+        throw new Error(errorInfo)
+      }
+    }
+
+    let finalUrl = url
+    while (response.status >= 300 && response.status < 400) {
+      const location = response.headers.get('location')
+      if (!location) break
+
+      const redirectUrl = location.startsWith('http') ? location : new URL(location, `${BASE_URL}/`).toString()
+      finalUrl = redirectUrl
+      response = await fetch(redirectUrl, {
+        method: 'GET',
+        headers: this.buildHeaders(),
+        redirect: 'manual',
+      })
+      this.updateFromResponse(response)
+    }
+
+    if (!response.ok) {
+      throw new Error(`HTTP ${response.status}: ${response.statusText}`)
+    }
+
+    const finalBody = await response.text()
+    this.log('POST', path, '-> Final URL:', finalUrl)
+    this.log('POST', path, '-> Response body (first 200 chars):', finalBody.slice(0, 200))
+
+    // Use final URL path for auth check, not original path (login flow redirects to main page)
+    const finalPath = new URL(finalUrl).pathname
+    const errorInfo = this.extractErrorFromResponse(finalBody, null, finalPath)
+    if (errorInfo) {
+      this.log('POST', path, '-> Error detected:', errorInfo)
+      if (errorInfo === '__AUTH_ERROR__') {
+        throw new AuthenticationError()
+      }
+      throw new Error(errorInfo)
+    }
+
+    if (finalPath.includes('insertForm') || finalPath.includes('error') || finalPath.includes('fail')) {
+      this.log('POST', path, '-> Suspicious final URL:', finalUrl)
+      throw new Error('멘토링 등록에 실패했습니다.')
+    }
+
+    return finalBody
+  }
+
+  private extractErrorFromResponse(body: string, location: string | null, path?: string): string | null {
+    this.log(
+      'extractErrorFromResponse',
+      path,
+      'body length:',
+      body.length,
+      'title:',
+      body.match(/<title>([^<]*)<\/title>/)?.[1],
+    )
+
+    const alertMatch = body.match(/<script>\s*alert\(['"](.+?)['"]\)\s*<\/script>/)
+    if (alertMatch) {
+      this.log('Found alert match:', alertMatch[1])
+      return alertMatch[1]
+    }
+
+    const titleMatch = body.match(/<title>([^<]*)<\/title>/i)
+    const pageTitle = titleMatch?.[1] ?? ''
+
+    if (this.isAuthRedirect(location)) {
+      return '__AUTH_ERROR__'
+    }
+
+    // Check for login page - server returns login page HTML (with login form) when session is invalid
+    // The login page has both the SW마에스트로 title AND a login form with username/password inputs
+    // Skip this check during login flow (forLogin = GET for CSRF, toLogin = POST credentials)
+    const isLoginPath = path?.includes('/member/user/forLogin') || path?.includes('/member/user/toLogin')
+    const hasUsername = body.includes('name="username"')
+    const hasPassword = body.includes('name="password"')
+    if (
+      !isLoginPath &&
+      hasUsername &&
+      hasPassword &&
+      (pageTitle.includes('AI·SW마에스트로') || pageTitle.includes('SW마에스트로'))
+    ) {
+      return '__AUTH_ERROR__'
+    }
+
+    const errorTitleMatch = body.match(/<title>(에러안내|오류|Error)[^<]*<\/title>/i)
+    if (errorTitleMatch) {
+      this.log('Found error title match')
+      const msgVarMatch = body.match(/var\s+msg\s*=\s*['"](.+?)['"];/)
+      if (msgVarMatch) {
+        this.log('Found msg var:', msgVarMatch[1].slice(0, 100))
+        return msgVarMatch[1]
+      }
+      const errorPatterns = [
+        '등록에 실패',
+        '저장에 실패',
+        '오류가 발생',
+        '실패하였습니다',
+        '잘못된 접근',
+        '권한이 없습니다',
+        'SQLException',
+        'Error updating database',
+      ]
+      for (const pattern of errorPatterns) {
+        if (body.includes(pattern)) {
+          this.log('Found error pattern:', pattern)
+          return `멘토링 등록에 실패했습니다: ${pattern}`
+        }
+      }
+      return '에러가 발생했습니다'
+    }
+
+    return null
   }
 
   async postJson<T>(path: string, body: Record<string, string>): Promise<T> {
@@ -78,26 +221,78 @@ export class SomaHttp {
   async login(username: string, password: string): Promise<void> {
     const csrfToken = await this.extractCsrfToken()
 
-    await this.post('/member/user/toLogin.do', {
+    const html = await this.post('/member/user/toLogin.do', {
       username,
       password,
       csrfToken,
       loginFlag: '',
       menuNo: MENU_NO.LOGIN,
     })
+
+    // SWMaestro returns an intermediate form that auto-submits via JS:
+    //   <form action="/sw/login.do"><input name="password" value="bcrypt_hash"/>...
+    // We need to parse and submit this form to complete authentication.
+    const actionMatch = html.match(/action=["']([^"']+)["']/)
+    const fields: Record<string, string> = {}
+
+    // Match name="..." or name='...' followed by value="..." or value='...'
+    // Uses backreferences (\1 and \3) to match the same quote type for closing
+    for (const match of html.matchAll(/name=(['"])([^'"]+)\1\s+value=(['"])(.*?)\3/g)) {
+      fields[match[2]] = match[4]
+    }
+
+    if (actionMatch?.[1] && Object.keys(fields).length > 0) {
+      const action = actionMatch[1].replace(/^\/sw/, '')
+      await this.post(action, fields)
+    }
   }
 
   async checkLogin(): Promise<UserIdentity | null> {
-    const response = await fetch(this.buildUrl('/member/user/checkLogin.json'), {
+    const path = '/member/user/checkLogin.json'
+    const response = await fetch(this.buildUrl(path), {
       method: 'GET',
       headers: {
         ...this.buildHeaders(),
         Accept: 'application/json',
       },
+      redirect: 'manual',
     })
 
     this.updateFromResponse(response)
-    const json = (await response.json()) as CheckLoginResponse
+    const location = response.headers.get('location')
+
+    if (response.status >= 300 && response.status < 400) {
+      if (this.isAuthRedirect(location)) {
+        return null
+      }
+
+      throw new Error(`Unexpected redirect while checking login: ${location ?? response.status}`)
+    }
+
+    const body = await response.text()
+    const errorInfo = this.extractErrorFromResponse(body, location, path)
+    if (errorInfo === '__AUTH_ERROR__') {
+      return null
+    }
+
+    if (errorInfo) {
+      throw new Error(errorInfo)
+    }
+
+    const contentType = response.headers.get('content-type') ?? ''
+    if (contentType.includes('text/html')) {
+      return null
+    }
+
+    let json: CheckLoginResponse
+    try {
+      json = JSON.parse(body) as CheckLoginResponse
+    } catch (error) {
+      throw new Error(
+        `Failed to parse checkLogin response: ${error instanceof Error ? error.message : 'unknown error'}`,
+      )
+    }
+
     const userId = json.userVO?.userId
     if (!userId) return null
     return { userId, userNm: json.userVO?.userNm ?? '' }
@@ -141,7 +336,24 @@ export class SomaHttp {
 
   private buildHeaders(): Record<string, string> {
     const cookieHeader = this.serializeCookies()
-    return cookieHeader ? { cookie: cookieHeader } : {}
+    return {
+      'Accept-Language': DEFAULT_ACCEPT_LANGUAGE,
+      'User-Agent': DEFAULT_USER_AGENT,
+      ...(cookieHeader ? { cookie: cookieHeader } : {}),
+    }
+  }
+
+  private isAuthRedirect(location: string | null): boolean {
+    if (!location) {
+      return false
+    }
+
+    return [
+      '/member/user/loginForward.do',
+      '/member/user/forLogin.do',
+      '/member/user/toLogin.do',
+      '/member/user/logout.do',
+    ].some((path) => location.includes(path))
   }
 
   private buildBody(body: Record<string, string>): Record<string, string> {
@@ -193,4 +405,10 @@ export class SomaHttp {
   private serializeCookies(): string {
     return [...this.cookies.entries()].map(([name, value]) => `${name}=${value}`).join('; ')
   }
+
+  private log(...args: unknown[]): void {
+    if (this.verbose) {
+      console.log('[opensoma]', ...args)
+    }
+  }
 }

package/src/index.ts

@@ -1,5 +1,6 @@
 export { SomaClient } from './client'
 export type { SomaClientOptions } from './client'
+export { AuthenticationError } from './errors'
 export { SomaHttp } from './http'
 export { CredentialManager } from './credential-manager'
 export * from './types'

package/src/session-recovery.ts

@@ -0,0 +1,56 @@
+import { CredentialManager } from './credential-manager'
+import { type UserIdentity, SomaHttp } from './http'
+import type { Credentials } from './types'
+
+type CredentialStore = Pick<CredentialManager, 'setCredentials'>
+type ReloginHttp = Pick<SomaHttp, 'checkLogin' | 'getCsrfToken' | 'getSessionCookie' | 'login'>
+
+export function canRecoverSession(credentials: Credentials): credentials is Credentials & {
+  password: string
+  username: string
+} {
+  return Boolean(credentials.username && credentials.password)
+}
+
+export async function recoverSession(
+  credentials: Credentials,
+  manager: CredentialStore = new CredentialManager(),
+  createHttp: () => ReloginHttp = () => new SomaHttp(),
+): Promise<Credentials | null> {
+  if (!canRecoverSession(credentials)) {
+    return null
+  }
+
+  const http = createHttp()
+  await http.login(credentials.username, credentials.password)
+
+  const identity = await http.checkLogin()
+  if (!identity) {
+    return null
+  }
+
+  const refreshedCredentials = buildRefreshedCredentials(credentials, identity, http)
+  await manager.setCredentials(refreshedCredentials)
+  return refreshedCredentials
+}
+
+function buildRefreshedCredentials(
+  credentials: Credentials & { password: string; username: string },
+  identity: UserIdentity,
+  http: Pick<SomaHttp, 'getCsrfToken' | 'getSessionCookie'>,
+): Credentials {
+  const sessionCookie = http.getSessionCookie()
+  const csrfToken = http.getCsrfToken()
+
+  if (!sessionCookie || !csrfToken) {
+    throw new Error('Automatic re-login succeeded but session state is incomplete')
+  }
+
+  return {
+    sessionCookie,
+    csrfToken,
+    username: identity.userId || credentials.username,
+    password: credentials.password,
+    loggedInAt: new Date().toISOString(),
+  }
+}

package/src/shared/utils/mentoring-params.test.ts

@@ -1,7 +1,6 @@
 import { describe, expect, test } from 'bun:test'
 
-import { MENU_NO, REPORT_CD } from '@/constants'
-
+import { MENU_NO, REPORT_CD } from '../../constants'
 import { buildMentoringListParams, parseSearchQuery } from './mentoring-params'
 
 describe('parseSearchQuery', () => {
@@ -40,7 +39,10 @@ describe('buildMentoringListParams', () => {
   })
 
   test('status maps open to A, closed to C', () => {
-    expect(buildMentoringListParams({ status: 'open' })).toEqual({ menuNo: MENU_NO.MENTORING, searchStatMentolec: 'A' })
+    expect(buildMentoringListParams({ status: 'open' })).toEqual({
+      menuNo: MENU_NO.MENTORING,
+      searchStatMentolec: 'A',
+    })
     expect(buildMentoringListParams({ status: 'closed' })).toEqual({
       menuNo: MENU_NO.MENTORING,
       searchStatMentolec: 'C',
@@ -107,6 +109,9 @@ describe('buildMentoringListParams', () => {
   })
 
   test('page sets pageIndex', () => {
-    expect(buildMentoringListParams({ page: 3 })).toEqual({ menuNo: MENU_NO.MENTORING, pageIndex: '3' })
+    expect(buildMentoringListParams({ page: 3 })).toEqual({
+      menuNo: MENU_NO.MENTORING,
+      pageIndex: '3',
+    })
   })
 })

package/src/shared/utils/mentoring-params.ts

@@ -1,8 +1,11 @@
-import { MENU_NO, REPORT_CD } from '@/constants'
-import type { UserIdentity } from '@/http'
+import { MENU_NO, REPORT_CD } from '../../constants'
+import type { UserIdentity } from '../../http'
 
 const STATUS_MAP: Record<string, string> = { open: 'A', closed: 'C' }
-const TYPE_MAP: Record<string, string> = { public: REPORT_CD.PUBLIC_MENTORING, lecture: REPORT_CD.MENTOR_LECTURE }
+const TYPE_MAP: Record<string, string> = {
+  public: REPORT_CD.PUBLIC_MENTORING,
+  lecture: REPORT_CD.MENTOR_LECTURE,
+}
 const SEARCH_FIELD_MAP: Record<string, string> = { title: '1', author: '2', content: '3' }
 
 export interface MentoringSearchQuery {

package/src/shared/utils/swmaestro.ts

@@ -1,7 +1,7 @@
 import { parse } from 'node-html-parser'
 
-import { MENU_NO, REPORT_CD, ROOM_IDS, TIME_SLOTS } from '@/constants'
-import { ApplicationHistoryItemSchema, type ApplicationHistoryItem } from '@/types'
+import { MENU_NO, REPORT_CD, ROOM_IDS, TIME_SLOTS } from '../../constants'
+import { ApplicationHistoryItemSchema, type ApplicationHistoryItem } from '../../types'
 
 export function toReportCd(type: 'public' | 'lecture'): string {
   return type === 'lecture' ? REPORT_CD.MENTOR_LECTURE : REPORT_CD.PUBLIC_MENTORING

package/src/token-extractor.test.ts

@@ -1,3 +1,4 @@
+import { Database } from 'bun:sqlite'
 import { afterEach, describe, expect, test } from 'bun:test'
 import { execSync } from 'node:child_process'
 import { createCipheriv, pbkdf2Sync } from 'node:crypto'
@@ -5,7 +6,6 @@ import { mkdirSync, rmSync, writeFileSync } from 'node:fs'
 import { mkdtemp } from 'node:fs/promises'
 import { tmpdir } from 'node:os'
 import { dirname, join } from 'node:path'
-import { Database } from 'bun:sqlite'
 
 import { BROWSERS, TokenExtractor } from './token-extractor'
 
@@ -34,9 +34,7 @@ describe('TokenExtractor', () => {
 
     expect(paths).toHaveLength(BROWSERS.length)
     for (const browser of BROWSERS) {
-      expect(paths).toContainEqual(
-        join(home, 'Library', 'Application Support', browser.macPath, 'Default', 'Cookies'),
-      )
+      expect(paths).toContainEqual(join(home, 'Library', 'Application Support', browser.macPath, 'Default', 'Cookies'))
     }
   })
 
@@ -67,6 +65,45 @@ describe('TokenExtractor', () => {
     expect(await extractor.extract()).toEqual({ sessionCookie: 'my-session-id' })
   })
 
+  test('finds cookie databases across numbered browser profiles', async () => {
+    const home = await makeTempDir()
+    createCookieFile(join(home, '.config', 'google-chrome', 'Default', 'Cookies'))
+    createCookieFile(join(home, '.config', 'google-chrome', 'Profile 1', 'Cookies'))
+    createCookieFile(join(home, '.config', 'google-chrome', 'Profile 2', 'Cookies'))
+
+    const extractor = new TokenExtractor('linux', home)
+
+    expect(extractor.findCookieDatabases()).toEqual([
+      join(home, '.config', 'google-chrome', 'Default', 'Cookies'),
+      join(home, '.config', 'google-chrome', 'Profile 1', 'Cookies'),
+      join(home, '.config', 'google-chrome', 'Profile 2', 'Cookies'),
+    ])
+  })
+
+  test('extractCandidates keeps the newest unique cookie across profiles', async () => {
+    const home = await makeTempDir()
+    createCookieDbWithPlaintext(join(home, '.config', 'google-chrome', 'Default', 'Cookies'), 'stale-session', 10)
+    createCookieDbWithPlaintext(join(home, '.config', 'google-chrome', 'Profile 1', 'Cookies'), 'valid-session', 20)
+    createCookieDbWithPlaintext(join(home, '.config', 'google-chrome', 'Profile 2', 'Cookies'), 'stale-session', 30)
+
+    const extractor = new TokenExtractor('linux', home)
+
+    await expect(extractor.extractCandidates()).resolves.toEqual([
+      {
+        browser: 'Chrome',
+        lastAccessUtc: 30,
+        profile: 'Profile 2',
+        sessionCookie: 'stale-session',
+      },
+      {
+        browser: 'Chrome',
+        lastAccessUtc: 20,
+        profile: 'Profile 1',
+        sessionCookie: 'valid-session',
+      },
+    ])
+  })
+
   test('decrypts encrypted cookie on Linux', async () => {
     const home = await makeTempDir()
     const dbPath = join(home, '.config', 'google-chrome', 'Default', 'Cookies')
@@ -111,15 +148,16 @@ function createCookieFile(filePath: string): void {
   writeFileSync(filePath, '')
 }
 
-function createCookieDbWithPlaintext(filePath: string, value: string): void {
+function createCookieDbWithPlaintext(filePath: string, value: string, lastAccessUtc = 0): void {
   mkdirSync(dirname(filePath), { recursive: true })
   const db = new Database(filePath)
   db.run(
     'CREATE TABLE cookies (host_key TEXT, name TEXT, value TEXT, encrypted_value BLOB, creation_utc INTEGER, expires_utc INTEGER, is_httponly INTEGER, has_expires INTEGER, is_persistent INTEGER, priority INTEGER, samesite INTEGER, source_scheme INTEGER, is_secure INTEGER, path TEXT, last_access_utc INTEGER, last_update_utc INTEGER, source_port INTEGER, source_type INTEGER)',
   )
-  db.run("INSERT INTO cookies (host_key, name, value, encrypted_value) VALUES ('swmaestro.ai', 'JSESSIONID', ?, '')", [
-    value,
-  ])
+  db.run(
+    "INSERT INTO cookies (host_key, name, value, encrypted_value, last_access_utc) VALUES ('swmaestro.ai', 'JSESSIONID', ?, '', ?)",
+    [value, lastAccessUtc],
+  )
   db.close()
 }