opensoma 0.2.0 → 0.3.0

package/src/http.test.ts

@@ -52,6 +52,163 @@ describe('SomaHttp', () => {
     expect(html).toBe('<html>ok</html>')
   })
 
+  test('post surfaces alert errors from script tags with attributes', async () => {
+    const fetchMock = mock(async () =>
+      createResponse(
+        `<html><head><title>빈페이지</title></head><body><script type='text/javascript'>alert('아이디 혹은 비밀번호가 일치 하지 않습니다.');location.href='/login';</script></body></html>`,
+      ),
+    )
+    globalThis.fetch = fetchMock as typeof fetch
+
+    const http = new SomaHttp({ sessionCookie: 'session-1', csrfToken: 'csrf-1' })
+
+    await expect(http.post('/member/user/toLogin.do', { username: 'neo@example.com' })).rejects.toThrow(
+      '아이디 혹은 비밀번호가 일치 하지 않습니다.',
+    )
+  })
+
+  test('post surfaces alert errors followed by history.back()', async () => {
+    const fetchMock = mock(async () =>
+      createResponse(
+        `<html><head></head><body><script language='JavaScript'>\nalert('잘못된 접근입니다.');\nhistory.back();\n</script></body></html>`,
+      ),
+    )
+    globalThis.fetch = fetchMock as typeof fetch
+
+    const http = new SomaHttp({ sessionCookie: 'session-1', csrfToken: 'csrf-1' })
+
+    await expect(http.post('/mypage/test.do', {})).rejects.toThrow('잘못된 접근입니다.')
+  })
+
+  test('post ignores alert() inside function bodies (form validation scripts)', async () => {
+    const pageWithValidationScript = `<html><head><title>AI·SW마에스트로 서울</title></head><body>
+      <ul class="bbs-reserve"><li class="item">room data</li></ul>
+      <script>
+      function fn_search() {
+        var searchWrd = document.getElementById('searchWrd');
+        if (searchWrd.value == '') {
+          alert('검색어를 입력하세요.');
+          return;
+        }
+        document.forms[0].submit();
+      }
+      </script>
+    </body></html>`
+
+    const fetchMock = mock(async () => createResponse(pageWithValidationScript))
+    globalThis.fetch = fetchMock as typeof fetch
+
+    const http = new SomaHttp({ sessionCookie: 'session-1', csrfToken: 'csrf-1' })
+
+    const html = await http.post('/mypage/officeMng/list.do', { menuNo: '200058' })
+    expect(html).toContain('room data')
+  })
+
+  describe('postMultipart', () => {
+    test('passes FormData to fetch', async () => {
+      const fetchMock = mock(async (_input: RequestInfo | URL, init?: RequestInit) => {
+        expect(init?.body).toBeInstanceOf(FormData)
+        return createResponse('<html>ok</html>')
+      })
+      globalThis.fetch = fetchMock as typeof fetch
+
+      const http = new SomaHttp({ sessionCookie: 'session-1', csrfToken: 'csrf-1' })
+
+      await expect(http.postMultipart('/test', new FormData())).resolves.toBe('<html>ok</html>')
+    })
+
+    test('does not set Content-Type manually', async () => {
+      const fetchMock = mock(async (_input: RequestInfo | URL, init?: RequestInit) => {
+        expect(init?.headers).toEqual({
+          'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
+          'User-Agent':
+            'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
+          cookie: 'JSESSIONID=session-1',
+          Referer: 'https://www.swmaestro.ai/sw/test',
+        })
+        const headers = init?.headers as Record<string, string> | undefined
+        expect(headers?.['Content-Type']).toBeUndefined()
+        expect(headers?.['content-type']).toBeUndefined()
+        return createResponse('<html>ok</html>')
+      })
+      globalThis.fetch = fetchMock as typeof fetch
+
+      const http = new SomaHttp({ sessionCookie: 'session-1', csrfToken: 'csrf-1' })
+
+      await http.postMultipart('/test', new FormData())
+    })
+
+    test('appends csrf token to FormData', async () => {
+      const fetchMock = mock(async (_input: RequestInfo | URL, init?: RequestInit) => {
+        const body = init?.body
+        expect(body).toBeInstanceOf(FormData)
+        expect((body as FormData).get('csrfToken')).toBe('csrf-known')
+        return createResponse('<html>ok</html>')
+      })
+      globalThis.fetch = fetchMock as typeof fetch
+
+      const http = new SomaHttp({ csrfToken: 'csrf-known' })
+
+      await http.postMultipart('/test', new FormData())
+    })
+
+    test('follows redirects manually', async () => {
+      const fetchMock = mock(async (input: RequestInfo | URL, init?: RequestInit) => {
+        const url = String(input)
+
+        if (url === 'https://www.swmaestro.ai/sw/test') {
+          expect(init).toMatchObject({
+            method: 'POST',
+            redirect: 'manual',
+          })
+          return createResponse('', [], 'text/html', {
+            status: 302,
+            headers: { Location: '/mypage/mentoLec/result.do' },
+          })
+        }
+
+        expect(url).toBe('https://www.swmaestro.ai/mypage/mentoLec/result.do')
+        expect(init).toEqual({
+          method: 'GET',
+          redirect: 'manual',
+          headers: {
+            'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
+            'User-Agent':
+              'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
+            cookie: 'JSESSIONID=session-1',
+          },
+        })
+        return createResponse('<html>redirected</html>')
+      })
+      globalThis.fetch = fetchMock as typeof fetch
+
+      const http = new SomaHttp({ sessionCookie: 'session-1', csrfToken: 'csrf-1' })
+
+      await expect(http.postMultipart('/test', new FormData())).resolves.toBe('<html>redirected</html>')
+      expect(fetchMock).toHaveBeenCalledTimes(2)
+    })
+
+    test('keeps existing post() behavior unchanged', async () => {
+      const fetchMock = mock(async (_input: RequestInfo | URL, init?: RequestInit) => {
+        expect(init?.method).toBe('POST')
+        expect(init?.headers).toEqual({
+          'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
+          'User-Agent':
+            'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
+          cookie: 'JSESSIONID=session-1',
+          'Content-Type': 'application/x-www-form-urlencoded',
+        })
+        expect(init?.body).toBe('title=%ED%85%8C%EC%8A%A4%ED%8A%B8&csrfToken=csrf-1')
+        return createResponse('<html>ok</html>')
+      })
+      globalThis.fetch = fetchMock as typeof fetch
+
+      const http = new SomaHttp({ sessionCookie: 'session-1', csrfToken: 'csrf-1' })
+
+      await expect(http.post('/mypage/mentoLec/insert.do', { title: '테스트' })).resolves.toBe('<html>ok</html>')
+    })
+  })
+
   test('postJson returns parsed json', async () => {
     const fetchMock = mock(async (_input: RequestInfo | URL, init?: RequestInit) => {
       expect(init?.headers).toEqual({
@@ -117,7 +274,7 @@ describe('SomaHttp', () => {
   })
 
   test('checkLogin returns user identity when logged in, null otherwise', async () => {
-    const loggedInMock = mock(async (_input: RequestInfo | URL, init?: RequestInit) =>
+    const loggedInMock = mock(async (_input: RequestInfo | URL, _init?: RequestInit) =>
       createResponse(
         JSON.stringify({
           resultCode: 'fail',
@@ -135,6 +292,7 @@ describe('SomaHttp', () => {
     })
     expect(loggedInMock).toHaveBeenCalledWith('https://www.swmaestro.ai/sw/member/user/checkLogin.json', {
       method: 'GET',
+      redirect: 'manual',
       headers: {
         'Accept-Language': 'ko,en-US;q=0.9,en;q=0.8',
         'User-Agent':
@@ -151,6 +309,29 @@ describe('SomaHttp', () => {
     await expect(new SomaHttp().checkLogin()).resolves.toBeNull()
   })
 
+  test('checkLogin returns null when the server redirects to login', async () => {
+    const fetchMock = mock(async () =>
+      createResponse('', [], 'text/html', {
+        status: 302,
+        headers: { Location: 'http://www.swmaestro.ai/sw/member/user/loginForward.do' },
+      }),
+    )
+    globalThis.fetch = fetchMock as typeof fetch
+
+    await expect(new SomaHttp({ sessionCookie: 'session-1' }).checkLogin()).resolves.toBeNull()
+  })
+
+  test('checkLogin returns null when the server serves login html instead of json', async () => {
+    const fetchMock = mock(async () =>
+      createResponse(
+        '<html><head><title>AI·SW마에스트로</title></head><body><form><input name="username"><input name="password"></form></body></html>',
+      ),
+    )
+    globalThis.fetch = fetchMock as typeof fetch
+
+    await expect(new SomaHttp({ sessionCookie: 'session-1' }).checkLogin()).resolves.toBeNull()
+  })
+
   test('logout calls logout endpoint', async () => {
     const fetchMock = mock(async (input: RequestInfo | URL) => {
       expect(String(input)).toBe('https://www.swmaestro.ai/sw/member/user/logout.do')
@@ -174,9 +355,14 @@ describe('SomaHttp', () => {
   })
 })
 
-function createResponse(body: string, cookies: string[] = [], contentType = 'text/html'): Response {
-  const headers = new Headers({ 'Content-Type': contentType })
-  const response = new Response(body, { headers })
+function createResponse(
+  body: string,
+  cookies: string[] = [],
+  contentType = 'text/html',
+  options: { status?: number; headers?: Record<string, string> } = {},
+): Response {
+  const headers = new Headers({ 'Content-Type': contentType, ...options.headers })
+  const response = new Response(body, { headers, status: options.status })
   const cookieHeaders = cookies
 
   Object.defineProperty(response.headers, 'getSetCookie', {

package/src/http.ts

@@ -134,6 +134,75 @@ export class SomaHttp {
     return finalBody
   }
 
+  async postMultipart(path: string, formData: FormData): Promise<string> {
+    const url = this.buildUrl(path)
+
+    if (this.csrfToken) {
+      formData.append('csrfToken', this.csrfToken)
+    }
+
+    let response = await fetch(url, {
+      method: 'POST',
+      headers: this.buildMultipartHeaders(url),
+      body: formData,
+      redirect: 'manual',
+    })
+
+    this.updateFromResponse(response)
+
+    if (response.status >= 300 && response.status < 400) {
+      const location = response.headers.get('location')
+      const intermediateBody = await response.clone().text()
+      const errorInfo = this.extractErrorFromResponse(intermediateBody, location, path)
+      if (errorInfo) {
+        if (errorInfo === '__AUTH_ERROR__') {
+          throw new AuthenticationError()
+        }
+        throw new Error(errorInfo)
+      }
+    }
+
+    let finalUrl = url
+    while (response.status >= 300 && response.status < 400) {
+      const location = response.headers.get('location')
+      if (!location) break
+
+      const redirectUrl = location.startsWith('http') ? location : new URL(location, `${BASE_URL}/`).toString()
+      finalUrl = redirectUrl
+      response = await fetch(redirectUrl, {
+        method: 'GET',
+        headers: this.buildHeaders(),
+        redirect: 'manual',
+      })
+      this.updateFromResponse(response)
+    }
+
+    if (!response.ok) {
+      throw new Error(`HTTP ${response.status}: ${response.statusText}`)
+    }
+
+    const finalBody = await response.text()
+    this.log('POST MULTIPART', path, '-> Final URL:', finalUrl)
+    this.log('POST MULTIPART', path, '-> Response body (first 200 chars):', finalBody.slice(0, 200))
+
+    const finalPath = new URL(finalUrl).pathname
+    const errorInfo = this.extractErrorFromResponse(finalBody, null, finalPath)
+    if (errorInfo) {
+      this.log('POST MULTIPART', path, '-> Error detected:', errorInfo)
+      if (errorInfo === '__AUTH_ERROR__') {
+        throw new AuthenticationError()
+      }
+      throw new Error(errorInfo)
+    }
+
+    if (finalPath.includes('insertForm') || finalPath.includes('error') || finalPath.includes('fail')) {
+      this.log('POST MULTIPART', path, '-> Suspicious final URL:', finalUrl)
+      throw new Error('멘토링 등록에 실패했습니다.')
+    }
+
+    return finalBody
+  }
+
   private extractErrorFromResponse(body: string, location: string | null, path?: string): string | null {
     this.log(
       'extractErrorFromResponse',
@@ -144,7 +213,7 @@ export class SomaHttp {
       body.match(/<title>([^<]*)<\/title>/)?.[1],
     )
 
-    const alertMatch = body.match(/<script>\s*alert\(['"](.+?)['"]\)\s*<\/script>/)
+    const alertMatch = body.match(/<script\b[^>]*>\s*alert\(['"](.+?)['"]\);?\s*(history\.|location\.)/i)
     if (alertMatch) {
       this.log('Found alert match:', alertMatch[1])
       return alertMatch[1]
@@ -153,6 +222,10 @@ export class SomaHttp {
     const titleMatch = body.match(/<title>([^<]*)<\/title>/i)
     const pageTitle = titleMatch?.[1] ?? ''
 
+    if (this.isAuthRedirect(location)) {
+      return '__AUTH_ERROR__'
+    }
+
     // Check for login page - server returns login page HTML (with login form) when session is invalid
     // The login page has both the SW마에스트로 title AND a login form with username/password inputs
     // Skip this check during login flow (forLogin = GET for CSRF, toLogin = POST credentials)
@@ -189,7 +262,7 @@ export class SomaHttp {
       for (const pattern of errorPatterns) {
         if (body.includes(pattern)) {
           this.log('Found error pattern:', pattern)
-          return '멘토링 등록에 실패했습니다: ' + pattern
+          return `멘토링 등록에 실패했습니다: ${pattern}`
         }
       }
       return '에러가 발생했습니다'
@@ -244,16 +317,51 @@ export class SomaHttp {
   }
 
   async checkLogin(): Promise<UserIdentity | null> {
-    const response = await fetch(this.buildUrl('/member/user/checkLogin.json'), {
+    const path = '/member/user/checkLogin.json'
+    const response = await fetch(this.buildUrl(path), {
       method: 'GET',
       headers: {
         ...this.buildHeaders(),
         Accept: 'application/json',
       },
+      redirect: 'manual',
     })
 
     this.updateFromResponse(response)
-    const json = (await response.json()) as CheckLoginResponse
+    const location = response.headers.get('location')
+
+    if (response.status >= 300 && response.status < 400) {
+      if (this.isAuthRedirect(location)) {
+        return null
+      }
+
+      throw new Error(`Unexpected redirect while checking login: ${location ?? response.status}`)
+    }
+
+    const body = await response.text()
+    const errorInfo = this.extractErrorFromResponse(body, location, path)
+    if (errorInfo === '__AUTH_ERROR__') {
+      return null
+    }
+
+    if (errorInfo) {
+      throw new Error(errorInfo)
+    }
+
+    const contentType = response.headers.get('content-type') ?? ''
+    if (contentType.includes('text/html')) {
+      return null
+    }
+
+    let json: CheckLoginResponse
+    try {
+      json = JSON.parse(body) as CheckLoginResponse
+    } catch (error) {
+      throw new Error(
+        `Failed to parse checkLogin response: ${error instanceof Error ? error.message : 'unknown error'}`,
+      )
+    }
+
     const userId = json.userVO?.userId
     if (!userId) return null
     return { userId, userNm: json.userVO?.userNm ?? '' }
@@ -304,6 +412,26 @@ export class SomaHttp {
     }
   }
 
+  private buildMultipartHeaders(referer: string): Record<string, string> {
+    return {
+      ...this.buildHeaders(),
+      Referer: referer,
+    }
+  }
+
+  private isAuthRedirect(location: string | null): boolean {
+    if (!location) {
+      return false
+    }
+
+    return [
+      '/member/user/loginForward.do',
+      '/member/user/forLogin.do',
+      '/member/user/toLogin.do',
+      '/member/user/logout.do',
+    ].some((path) => location.includes(path))
+  }
+
   private buildBody(body: Record<string, string>): Record<string, string> {
     if (this.csrfToken && !('csrfToken' in body)) {
       return { ...body, csrfToken: this.csrfToken }

package/src/session-recovery.ts

@@ -0,0 +1,56 @@
+import { CredentialManager } from './credential-manager'
+import { type UserIdentity, SomaHttp } from './http'
+import type { Credentials } from './types'
+
+type CredentialStore = Pick<CredentialManager, 'setCredentials'>
+type ReloginHttp = Pick<SomaHttp, 'checkLogin' | 'getCsrfToken' | 'getSessionCookie' | 'login'>
+
+export function canRecoverSession(credentials: Credentials): credentials is Credentials & {
+  password: string
+  username: string
+} {
+  return Boolean(credentials.username && credentials.password)
+}
+
+export async function recoverSession(
+  credentials: Credentials,
+  manager: CredentialStore = new CredentialManager(),
+  createHttp: () => ReloginHttp = () => new SomaHttp(),
+): Promise<Credentials | null> {
+  if (!canRecoverSession(credentials)) {
+    return null
+  }
+
+  const http = createHttp()
+  await http.login(credentials.username, credentials.password)
+
+  const identity = await http.checkLogin()
+  if (!identity) {
+    return null
+  }
+
+  const refreshedCredentials = buildRefreshedCredentials(credentials, identity, http)
+  await manager.setCredentials(refreshedCredentials)
+  return refreshedCredentials
+}
+
+function buildRefreshedCredentials(
+  credentials: Credentials & { password: string; username: string },
+  identity: UserIdentity,
+  http: Pick<SomaHttp, 'getCsrfToken' | 'getSessionCookie'>,
+): Credentials {
+  const sessionCookie = http.getSessionCookie()
+  const csrfToken = http.getCsrfToken()
+
+  if (!sessionCookie || !csrfToken) {
+    throw new Error('Automatic re-login succeeded but session state is incomplete')
+  }
+
+  return {
+    sessionCookie,
+    csrfToken,
+    username: identity.userId || credentials.username,
+    password: credentials.password,
+    loggedInAt: new Date().toISOString(),
+  }
+}

package/src/shared/utils/report-params.ts

@@ -0,0 +1,41 @@
+export function buildReportListParams(options?: {
+  page?: number
+  searchField?: string // '' | '0' | '1' (전체/제목/내용)
+  searchKeyword?: string
+}): Record<string, string> {
+  const params: Record<string, string> = {
+    pageIndex: String(options?.page ?? 1),
+    menuNo: '200049',
+  }
+
+  if (options?.searchField !== undefined) {
+    params.searchCnd = options.searchField
+  }
+
+  if (options?.searchKeyword) {
+    params.searchWrd = options.searchKeyword
+  }
+
+  return params
+}
+
+export function buildApprovalListParams(options?: {
+  page?: number
+  month?: string // '01'-'12' or 'all'
+  reportType?: string // '' | 'MRC010' | 'MRC020'
+}): Record<string, string> {
+  const params: Record<string, string> = {
+    pageIndex: String(options?.page ?? 1),
+    menuNo: '200073',
+  }
+
+  if (options?.month) {
+    params.searchMonth = options.month
+  }
+
+  if (options?.reportType !== undefined) {
+    params.searchReport = options.reportType
+  }
+
+  return params
+}

package/src/shared/utils/swmaestro.ts

@@ -1,7 +1,7 @@
 import { parse } from 'node-html-parser'
 
 import { MENU_NO, REPORT_CD, ROOM_IDS, TIME_SLOTS } from '../../constants'
-import { ApplicationHistoryItemSchema, type ApplicationHistoryItem } from '../../types'
+import { type ApplicationHistoryItem, ApplicationHistoryItemSchema } from '../../types'
 
 export function toReportCd(type: 'public' | 'lecture'): string {
   return type === 'lecture' ? REPORT_CD.MENTOR_LECTURE : REPORT_CD.PUBLIC_MENTORING
@@ -41,6 +41,16 @@ export function buildMentoringPayload(params: {
   }
 }
 
+export function buildUpdateMentoringPayload(
+  id: number,
+  params: Parameters<typeof buildMentoringPayload>[0],
+): Record<string, string> {
+  return {
+    ...buildMentoringPayload(params),
+    qustnrSn: String(id),
+  }
+}
+
 export function buildDeleteMentoringPayload(id: number): Record<string, string> {
   return {
     menuNo: MENU_NO.MENTORING,
@@ -178,10 +188,8 @@ export function parseEventDetail(html: string): Record<string, unknown> {
     root.querySelector('.content-body')
 
   return {
-    id: extractNumber(
-      labels.NO ?? labels['번호'] ?? root.querySelector('[name="bbsId"]')?.getAttribute('value') ?? '0',
-    ),
-    title: labels['제목'] ?? cleanText(root.querySelector('h1, h2, .title')?.text),
+    id: extractNumber(labels.NO ?? labels.번호 ?? root.querySelector('[name="bbsId"]')?.getAttribute('value') ?? '0'),
+    title: labels.제목 ?? cleanText(root.querySelector('h1, h2, .title')?.text),
     content: contentNode?.innerHTML.trim() ?? '',
     fields: labels,
   }
@@ -216,3 +224,67 @@ function extractNumber(value: string): number {
   const match = value.match(/\d+/)
   return match ? Number.parseInt(match[0], 10) : 0
 }
+
+export function toRegionCode(region: string): 'S' | 'B' {
+  if (region.includes('부산') || region === 'B') return 'B'
+  return 'S'
+}
+
+export function toReportTypeCd(type: string): 'MRC010' | 'MRC020' {
+  if (type.includes('특강') || type === 'MRC020') return 'MRC020'
+  return 'MRC010'
+}
+
+export function buildReportPayload(options: {
+  menteeRegion: 'S' | 'B'
+  reportType: 'MRC010' | 'MRC020'
+  progressDate: string // yyyy-mm-dd
+  teamNames?: string
+  venue: string
+  attendanceCount: number
+  attendanceNames: string
+  progressStartTime: string // HH:mm
+  progressEndTime: string // HH:mm
+  exceptStartTime?: string
+  exceptEndTime?: string
+  exceptReason?: string
+  subject: string
+  content: string
+  mentorOpinion?: string
+  nonAttendanceNames?: string
+  etc?: string
+  menuNo?: string
+  reportId?: number
+}): Record<string, string> {
+  const { progressDate, reportType } = options
+  const [year, month, day] = progressDate.split('-')
+  const typeNames: Record<string, string> = {
+    MRC010: '자유 멘토링',
+    MRC020: '멘토 특강',
+  }
+  const typeName = typeNames[reportType] ?? reportType
+  const nttSj = `[${typeName}] ${year}년 ${month}월 ${day}일 멘토링 보고`
+
+  return {
+    menuNo: options.menuNo ?? '200049',
+    menteeRegionCd: options.menteeRegion,
+    reportGubunCd: reportType,
+    progressDt: progressDate,
+    teamNms: options.teamNames ?? '',
+    progressPlace: options.venue,
+    attendanceCnt: String(options.attendanceCount),
+    attendanceNms: options.attendanceNames,
+    progressStime: options.progressStartTime,
+    progressEtime: options.progressEndTime,
+    exceptStime: options.exceptStartTime ?? '',
+    exceptEtime: options.exceptEndTime ?? '',
+    exceptReason: options.exceptReason ?? '',
+    subject: options.subject,
+    nttCn: options.content,
+    mentoOpn: options.mentorOpinion ?? '',
+    nonAttendanceNms: options.nonAttendanceNames ?? '',
+    etc: options.etc ?? '',
+    nttSj,
+    ...(options.reportId !== undefined ? { reportId: String(options.reportId) } : {}),
+  }
+}