py-auth-client 0.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,47 @@
+# py-auth-client
+
+TypeScript/Node.js client for **py-auth**. Compatible with the Python and Go clients in this repository.
+
+## Install
+
+```bash
+npm i py-auth-client
+```
+
+## Usage
+
+```ts
+import { AuthClient, AuthorizationError } from "py-auth-client";
+
+const client = new AuthClient({
+  serverUrl: "http://localhost:8000",
+  softwareName: "我的软件",
+  clientSecret: process.env.CLIENT_SECRET!,
+  // debug: true,
+});
+
+try {
+  await client.requireAuthorization();
+  console.log("authorized");
+} catch (e) {
+  if (e instanceof AuthorizationError) {
+    console.error(e.message);
+    process.exit(1);
+  }
+  throw e;
+}
+```
+
+## API
+
+- `new AuthClient(config)`
+- `client.checkAuthorization()`
+- `client.requireAuthorization()`
+- `client.getAuthorizationInfo()`
+- `client.clearCache()`
+
+## Notes
+
+- Requires `clientSecret` or environment variable `CLIENT_SECRET`.
+- Uses Fernet-compatible encryption derived from `CLIENT_SECRET`.
+- Uses an obfuscated local cache file with a 7-day validity window.

package/dist/cache.d.ts

@@ -0,0 +1,24 @@
+import type { CacheRecord } from "./types";
+export declare class AuthCache {
+    readonly cacheValiditySeconds: number;
+    readonly checkIntervalSeconds: number;
+    readonly cacheFile: string;
+    private readonly encryptKey;
+    private readonly deviceId;
+    private readonly softwareName;
+    private readonly cacheValidityDays;
+    constructor(args: {
+        cacheDir?: string;
+        deviceId: string;
+        serverUrl: string;
+        softwareName: string;
+        cacheValidityDays: number;
+        checkIntervalDays: number;
+    });
+    getCache(): CacheRecord | null;
+    saveCache(authorized: boolean, message: string): boolean;
+    isCacheValid(): boolean;
+    clearCache(): boolean;
+    private obfuscate;
+    private deobfuscate;
+}

package/dist/cache.js

@@ -0,0 +1,204 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthCache = void 0;
+const node_os_1 = __importDefault(require("node:os"));
+const node_path_1 = __importDefault(require("node:path"));
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_crypto_1 = __importDefault(require("node:crypto"));
+const node_zlib_1 = __importDefault(require("node:zlib"));
+const node_child_process_1 = require("node:child_process");
+class AuthCache {
+    cacheValiditySeconds;
+    checkIntervalSeconds;
+    cacheFile;
+    encryptKey;
+    deviceId;
+    softwareName;
+    cacheValidityDays;
+    constructor(args) {
+        this.deviceId = args.deviceId;
+        this.softwareName = args.softwareName;
+        this.cacheValidityDays = args.cacheValidityDays;
+        this.cacheValiditySeconds = args.cacheValidityDays * 24 * 60 * 60;
+        this.checkIntervalSeconds = args.checkIntervalDays * 24 * 60 * 60;
+        const cacheDir = args.cacheDir ?? defaultCacheDir();
+        try {
+            node_fs_1.default.mkdirSync(cacheDir, { recursive: true });
+        }
+        catch {
+            // ignore
+        }
+        const cacheKey = `${args.deviceId}:${args.softwareName}`;
+        const fileHash = node_crypto_1.default.createHash("md5").update(cacheKey, "utf8").digest("hex").slice(0, 12);
+        this.cacheFile = node_path_1.default.join(cacheDir, `runtime_${fileHash}.dat`);
+        const material = `${args.serverUrl}:${args.deviceId}:${args.softwareName}:obfuscate_v1`;
+        this.encryptKey = node_crypto_1.default.createHash("sha256").update(material, "utf8").digest();
+    }
+    getCache() {
+        try {
+            if (!node_fs_1.default.existsSync(this.cacheFile))
+                return null;
+            const encrypted = node_fs_1.default.readFileSync(this.cacheFile);
+            const decrypted = this.deobfuscate(encrypted);
+            if (!decrypted)
+                return null;
+            const raw = JSON.parse(decrypted.toString("utf8"));
+            return {
+                authorized: !!raw.a,
+                message: raw.m ?? "",
+                cachedAt: Number(raw.c ?? 0),
+                lastCheck: Number(raw.l ?? 0),
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    saveCache(authorized, message) {
+        try {
+            const now = Date.now() / 1000;
+            const timeStr = formatPythonTimeString(now);
+            const fake = node_crypto_1.default.createHash("md5").update(timeStr, "utf8").digest("hex").slice(0, 8);
+            const payload = {
+                a: authorized,
+                m: message,
+                c: now,
+                l: now,
+                v: 2,
+                f: fake,
+            };
+            const json = JSON.stringify(payload);
+            const encrypted = this.obfuscate(Buffer.from(json, "utf8"));
+            if (!encrypted)
+                return false;
+            try {
+                node_fs_1.default.mkdirSync(node_path_1.default.dirname(this.cacheFile), { recursive: true });
+            }
+            catch {
+                // ignore
+            }
+            try {
+                node_fs_1.default.writeFileSync(this.cacheFile, encrypted);
+            }
+            catch {
+                try {
+                    if (node_fs_1.default.existsSync(this.cacheFile))
+                        node_fs_1.default.unlinkSync(this.cacheFile);
+                    node_fs_1.default.writeFileSync(this.cacheFile, encrypted);
+                }
+                catch {
+                    return false;
+                }
+            }
+            if (process.platform === "win32") {
+                try {
+                    (0, node_child_process_1.execFileSync)("attrib", ["+H", this.cacheFile], { stdio: "ignore" });
+                }
+                catch {
+                    // ignore
+                }
+            }
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    isCacheValid() {
+        const cache = this.getCache();
+        if (!cache)
+            return false;
+        const elapsed = Date.now() / 1000 - cache.cachedAt;
+        return elapsed < this.cacheValiditySeconds;
+    }
+    clearCache() {
+        try {
+            if (node_fs_1.default.existsSync(this.cacheFile))
+                node_fs_1.default.unlinkSync(this.cacheFile);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    obfuscate(data) {
+        try {
+            const compressed = node_zlib_1.default.deflateSync(data, { level: 9 });
+            const xored = xorWithKey(compressed, this.encryptKey);
+            const timeSeed = Math.floor(Date.now() / 1000 / 3600);
+            const prefixSeed = node_crypto_1.default
+                .createHash("md5")
+                .update(`${this.deviceId}:${this.softwareName}:${timeSeed}`, "utf8")
+                .digest()
+                .subarray(0, 4);
+            const lenBuf = Buffer.alloc(4);
+            lenBuf.writeUInt32BE(xored.length, 0);
+            const packed = Buffer.concat([prefixSeed, lenBuf, xored]);
+            const finalKey = node_crypto_1.default.createHash("sha256").update(Buffer.concat([this.encryptKey, prefixSeed])).digest();
+            return xorWithKey(packed, finalKey);
+        }
+        catch {
+            return null;
+        }
+    }
+    deobfuscate(data) {
+        if (data.length < 8)
+            return null;
+        const currentHour = Math.floor(Date.now() / 1000 / 3600);
+        const maxOffset = Math.max(2, this.cacheValidityDays * 24 + 12);
+        for (let hourOffset = -maxOffset; hourOffset <= maxOffset; hourOffset++) {
+            const timeSeed = currentHour + hourOffset;
+            const prefixSeed = node_crypto_1.default
+                .createHash("md5")
+                .update(`${this.deviceId}:${this.softwareName}:${timeSeed}`, "utf8")
+                .digest()
+                .subarray(0, 4);
+            const finalKey = node_crypto_1.default.createHash("sha256").update(Buffer.concat([this.encryptKey, prefixSeed])).digest();
+            const unpacked = xorWithKey(data, finalKey);
+            if (!unpacked.subarray(0, 4).equals(prefixSeed))
+                continue;
+            const length = unpacked.readUInt32BE(4);
+            if (length > unpacked.length - 8)
+                continue;
+            const xored = unpacked.subarray(8, 8 + length);
+            const compressed = xorWithKey(xored, this.encryptKey);
+            try {
+                return node_zlib_1.default.inflateSync(compressed);
+            }
+            catch {
+                continue;
+            }
+        }
+        return null;
+    }
+}
+exports.AuthCache = AuthCache;
+function xorWithKey(data, key) {
+    const out = Buffer.allocUnsafe(data.length);
+    for (let i = 0; i < data.length; i++) {
+        out[i] = data[i] ^ key[i % key.length];
+    }
+    return out;
+}
+function defaultCacheDir() {
+    const home = node_os_1.default.homedir();
+    if (process.platform === "win32") {
+        const local = process.env.LOCALAPPDATA ?? node_path_1.default.join(home, "AppData", "Local");
+        return node_path_1.default.join(local, "Microsoft", "CLR_v4.0");
+    }
+    if (process.platform === "darwin") {
+        return node_path_1.default.join(home, "Library", "Caches", ".com.apple.metadata");
+    }
+    return node_path_1.default.join(home, ".cache", ".fontconfig");
+}
+function formatPythonTimeString(nowSeconds) {
+    // 目标：模拟 Python str(time.time()) 的大致风格（最短表示，必要时带 .0）
+    // 这里按 Go 实现保持一致：g/最短，但确保有小数点或 e
+    let s = String(nowSeconds);
+    if (!s.includes(".") && !s.includes("e"))
+        s += ".0";
+    return s;
+}

package/dist/client.d.ts

@@ -0,0 +1,18 @@
+import type { AuthClientConfig, AuthResult, AuthorizationInfo } from "./types";
+export declare class AuthClient {
+    private readonly serverUrl;
+    private readonly softwareName;
+    private readonly deviceId;
+    private readonly deviceInfo;
+    private readonly clientSecret;
+    private readonly debug;
+    private readonly cache?;
+    constructor(config: AuthClientConfig);
+    private logDebug;
+    private formatRemainingTime;
+    private checkOnline;
+    checkAuthorization(): Promise<AuthResult>;
+    requireAuthorization(): Promise<boolean>;
+    clearCache(): boolean;
+    getAuthorizationInfo(): Promise<AuthorizationInfo>;
+}

package/dist/client.js

@@ -0,0 +1,202 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthClient = void 0;
+const errors_1 = require("./errors");
+const crypto_1 = require("./crypto");
+const cache_1 = require("./cache");
+const device_1 = require("./device");
+const http_1 = require("./http");
+class AuthClient {
+    serverUrl;
+    softwareName;
+    deviceId;
+    deviceInfo;
+    clientSecret;
+    debug;
+    cache;
+    constructor(config) {
+        if (!config.serverUrl)
+            throw new Error("serverUrl不能为空");
+        if (!config.softwareName)
+            throw new Error("softwareName不能为空");
+        const secret = config.clientSecret ?? process.env.CLIENT_SECRET ?? "";
+        if (!secret) {
+            throw new Error("CLIENT_SECRET未配置！请在初始化时传入clientSecret参数，或设置环境变量CLIENT_SECRET。这是安全要求，必须配置。");
+        }
+        this.serverUrl = config.serverUrl.replace(/\/+$/, "");
+        this.softwareName = config.softwareName;
+        this.clientSecret = secret;
+        this.debug = !!config.debug;
+        this.deviceId = (0, device_1.buildDeviceId)(this.serverUrl, config.deviceId, this.softwareName);
+        this.deviceInfo = config.deviceInfo ?? (0, device_1.collectDeviceInfo)();
+        const enableCache = config.enableCache ?? true;
+        const cacheValidityDays = config.cacheValidityDays ?? 7;
+        const checkIntervalDays = config.checkIntervalDays ?? 2;
+        if (enableCache) {
+            this.cache = new cache_1.AuthCache({
+                cacheDir: config.cacheDir,
+                deviceId: this.deviceId,
+                serverUrl: this.serverUrl,
+                softwareName: this.softwareName,
+                cacheValidityDays,
+                checkIntervalDays,
+            });
+        }
+    }
+    logDebug(msg) {
+        if (this.debug) {
+            // 不加额外依赖，直接输出
+            // eslint-disable-next-line no-console
+            console.debug(`[ts-auth-client][DEBUG] ${msg}`);
+        }
+    }
+    formatRemainingTime(cachedAtSeconds) {
+        if (!cachedAtSeconds || cachedAtSeconds <= 0 || !this.cache)
+            return "未知";
+        const now = Date.now() / 1000;
+        const elapsed = now - cachedAtSeconds;
+        const remaining = this.cache.cacheValiditySeconds - elapsed;
+        if (remaining <= 0)
+            return "已过期";
+        const days = Math.floor(remaining / 86400);
+        const hours = Math.floor((remaining % 86400) / 3600);
+        const minutes = Math.floor((remaining % 3600) / 60);
+        const parts = [];
+        if (days > 0)
+            parts.push(`${days}天`);
+        if (hours > 0)
+            parts.push(`${hours}小时`);
+        if (minutes > 0 || parts.length === 0)
+            parts.push(`${minutes}分钟`);
+        return parts.join("");
+    }
+    async checkOnline() {
+        try {
+            this.logDebug("开始在线订阅请求...");
+            const requestData = {
+                device_id: this.deviceId,
+                software_name: this.softwareName,
+                device_info: this.deviceInfo,
+            };
+            const encrypted = (0, crypto_1.encryptData)(JSON.stringify(requestData), this.clientSecret);
+            const { status, json, text } = await (0, http_1.postJson)(`${this.serverUrl}/api/auth/heartbeat`, { encrypted_data: encrypted }, 10_000);
+            if (status === 200) {
+                const token = json?.encrypted_data ?? "";
+                const decryptedText = token ? (0, crypto_1.decryptData)(token, this.clientSecret) : null;
+                if (!decryptedText) {
+                    this.logDebug("在线订阅响应解密失败");
+                    return { authorized: false, message: "解密响应失败", success: false, from_cache: false };
+                }
+                const decrypted = JSON.parse(decryptedText);
+                this.logDebug(`在线订阅成功，authorized=${!!decrypted.authorized}`);
+                return {
+                    authorized: !!decrypted.authorized,
+                    message: decrypted.message ?? "",
+                    success: true,
+                    from_cache: false,
+                };
+            }
+            // Python 逻辑：403 取 detail，其它返回 “服务器错误: status”
+            const detail = json?.detail;
+            const msg = status === 403 && typeof detail === "string" ? detail : `服务器错误: ${status}`;
+            this.logDebug(`在线订阅失败，status=${status}, message=${msg}; raw=${text}`);
+            return { authorized: false, message: msg, success: false, from_cache: false, is_auth_error: status === 403 };
+        }
+        catch (e) {
+            const msg = e?.name === "AbortError" ? "连接失败: timeout" : `连接失败: ${String(e?.message ?? e)}`;
+            this.logDebug(`在线订阅请求异常: ${msg}`);
+            return { authorized: false, message: msg, success: false, from_cache: false };
+        }
+    }
+    async checkAuthorization() {
+        if (!this.cache) {
+            return this.checkOnline();
+        }
+        let cacheData = this.cache.getCache();
+        let cacheValid = false;
+        if (cacheData?.cachedAt) {
+            const elapsed = Date.now() / 1000 - cacheData.cachedAt;
+            if (elapsed < this.cache.cacheValiditySeconds) {
+                cacheValid = true;
+                this.logDebug("命中有效缓存，直接授权通过");
+            }
+        }
+        if (cacheValid) {
+            this.logDebug("缓存有效，继续尝试在线订阅来更新订阅");
+        }
+        else {
+            this.logDebug(cacheData ? "缓存存在但已过期，准备发起在线订阅请求" : "未找到缓存，准备发起在线订阅请求");
+        }
+        const onlineResult = await this.checkOnline();
+        if (onlineResult.success) {
+            this.logDebug("在线订阅成功，更新缓存");
+            this.cache.saveCache(onlineResult.authorized, onlineResult.message);
+            return onlineResult;
+        }
+        if (cacheValid && cacheData) {
+            const remaining = this.formatRemainingTime(cacheData.cachedAt);
+            this.logDebug(`在线订阅失败，但缓存有效，使用缓存结果，订阅剩余时间: ${remaining}`);
+            return {
+                authorized: cacheData.authorized,
+                message: cacheData.message,
+                success: true,
+                from_cache: true,
+            };
+        }
+        return onlineResult;
+    }
+    async requireAuthorization() {
+        const result = await this.checkAuthorization();
+        if (!result.success) {
+            throw new errors_1.AuthorizationError({
+                message: result.message,
+                result,
+                deviceId: this.deviceId,
+                serverUrl: this.serverUrl,
+            });
+        }
+        if (!result.authorized) {
+            throw new errors_1.AuthorizationError({
+                message: result.message,
+                result,
+                deviceId: this.deviceId,
+                serverUrl: this.serverUrl,
+            });
+        }
+        return true;
+    }
+    clearCache() {
+        if (!this.cache)
+            return true;
+        return this.cache.clearCache();
+    }
+    async getAuthorizationInfo() {
+        const result = await this.checkAuthorization();
+        const info = {
+            authorized: result.authorized,
+            success: result.success,
+            from_cache: result.from_cache,
+            message: result.message,
+            device_id: this.deviceId,
+            server_url: this.serverUrl,
+        };
+        if (this.cache) {
+            const cache = this.cache.getCache();
+            if (cache) {
+                const remaining = this.formatRemainingTime(cache.cachedAt);
+                info.remaining_time = remaining;
+                info.cache_valid = this.cache.isCacheValid();
+                info.cached_at = cache.cachedAt;
+                if (cache.cachedAt > 0) {
+                    info.cached_at_readable = new Date(cache.cachedAt * 1000).toISOString().replace("T", " ").slice(0, 19);
+                }
+            }
+            else {
+                info.remaining_time = "无缓存";
+                info.cache_valid = false;
+            }
+        }
+        return info;
+    }
+}
+exports.AuthClient = AuthClient;

package/dist/crypto.d.ts

@@ -0,0 +1,2 @@
+export declare function encryptData(plaintextUtf8Json: string, clientSecret: string): string;
+export declare function decryptData(token: string, clientSecret: string): string | null;

package/dist/crypto.js

@@ -0,0 +1,95 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptData = encryptData;
+exports.decryptData = decryptData;
+const node_crypto_1 = require("node:crypto");
+function b64UrlEncode(buf) {
+    return buf
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/g, "");
+}
+function b64UrlDecode(s) {
+    const padded = s.replace(/-/g, "+").replace(/_/g, "/") + "===".slice((s.length + 3) % 4);
+    return Buffer.from(padded, "base64");
+}
+function timingSafeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++)
+        diff |= a[i] ^ b[i];
+    return diff === 0;
+}
+function deriveFernetKey(clientSecret) {
+    const digest = (0, node_crypto_1.createHash)("sha256").update(Buffer.from(clientSecret, "utf8")).digest();
+    return digest.subarray(0, 32);
+}
+function pkcs7Pad(data, blockSize = 16) {
+    const padLen = blockSize - (data.length % blockSize || blockSize);
+    return Buffer.concat([data, Buffer.alloc(padLen, padLen)]);
+}
+function pkcs7Unpad(data, blockSize = 16) {
+    if (data.length === 0 || data.length % blockSize !== 0)
+        return null;
+    const padLen = data[data.length - 1];
+    if (padLen <= 0 || padLen > blockSize)
+        return null;
+    for (let i = 0; i < padLen; i++) {
+        if (data[data.length - 1 - i] !== padLen)
+            return null;
+    }
+    return data.subarray(0, data.length - padLen);
+}
+function aesCbcEncrypt(key, iv, plaintext) {
+    const cipher = require("node:crypto").createCipheriv("aes-128-cbc", key, iv);
+    cipher.setAutoPadding(false);
+    const padded = pkcs7Pad(plaintext, 16);
+    return Buffer.concat([cipher.update(padded), cipher.final()]);
+}
+function aesCbcDecrypt(key, iv, ciphertext) {
+    const decipher = require("node:crypto").createDecipheriv("aes-128-cbc", key, iv);
+    decipher.setAutoPadding(false);
+    const padded = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return pkcs7Unpad(padded, 16);
+}
+function encryptData(plaintextUtf8Json, clientSecret) {
+    if (!clientSecret)
+        throw new Error("client_secret不能为空");
+    const key = deriveFernetKey(clientSecret);
+    const signingKey = key.subarray(0, 16);
+    const encryptionKey = key.subarray(16, 32);
+    const version = Buffer.from([0x80]);
+    const timestamp = Buffer.alloc(8);
+    const ts = BigInt(Math.floor(Date.now() / 1000));
+    timestamp.writeBigUInt64BE(ts, 0);
+    const iv = (0, node_crypto_1.randomBytes)(16);
+    const ciphertext = aesCbcEncrypt(encryptionKey, iv, Buffer.from(plaintextUtf8Json, "utf8"));
+    const payload = Buffer.concat([version, timestamp, iv, ciphertext]);
+    const hmac = (0, node_crypto_1.createHmac)("sha256", signingKey).update(payload).digest();
+    return b64UrlEncode(Buffer.concat([payload, hmac]));
+}
+function decryptData(token, clientSecret) {
+    if (!clientSecret)
+        throw new Error("client_secret不能为空");
+    const raw = b64UrlDecode(token);
+    if (raw.length < 1 + 8 + 16 + 32)
+        return null;
+    const key = deriveFernetKey(clientSecret);
+    const signingKey = key.subarray(0, 16);
+    const encryptionKey = key.subarray(16, 32);
+    const payload = raw.subarray(0, raw.length - 32);
+    const mac = raw.subarray(raw.length - 32);
+    const expected = (0, node_crypto_1.createHmac)("sha256", signingKey).update(payload).digest();
+    if (!timingSafeEqual(mac, expected))
+        return null;
+    if (payload[0] !== 0x80)
+        return null;
+    const iv = payload.subarray(1 + 8, 1 + 8 + 16);
+    const ciphertext = payload.subarray(1 + 8 + 16);
+    const plaintext = aesCbcDecrypt(encryptionKey, iv, ciphertext);
+    if (!plaintext)
+        return null;
+    return plaintext.toString("utf8");
+}

package/dist/device.d.ts

@@ -0,0 +1,5 @@
+import type { DeviceInfo } from "./types";
+export declare function loadPersistedDeviceId(serverUrl: string, softwareName: string): string | null;
+export declare function persistDeviceId(serverUrl: string, softwareName: string, deviceId: string): void;
+export declare function buildDeviceId(serverUrl: string, providedDeviceId: string | undefined, softwareName: string): string;
+export declare function collectDeviceInfo(): DeviceInfo;

package/dist/device.js

@@ -0,0 +1,85 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadPersistedDeviceId = loadPersistedDeviceId;
+exports.persistDeviceId = persistDeviceId;
+exports.buildDeviceId = buildDeviceId;
+exports.collectDeviceInfo = collectDeviceInfo;
+const node_os_1 = __importDefault(require("node:os"));
+const node_path_1 = __importDefault(require("node:path"));
+const node_crypto_1 = __importDefault(require("node:crypto"));
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_machine_id_1 = require("node-machine-id");
+function deviceIdStorePath(serverUrl, softwareName) {
+    const home = node_os_1.default.homedir();
+    const base = node_path_1.default.join(home, ".py_auth_device");
+    try {
+        node_fs_1.default.mkdirSync(base, { recursive: true });
+    }
+    catch {
+        // ignore
+    }
+    const serverHash = node_crypto_1.default.createHash("sha256").update(serverUrl, "utf8").digest("hex").slice(0, 12);
+    const softwareHash = softwareName
+        ? node_crypto_1.default.createHash("sha256").update(softwareName, "utf8").digest("hex").slice(0, 8)
+        : "default";
+    return node_path_1.default.join(base, `device_${serverHash}_${softwareHash}.txt`);
+}
+function loadPersistedDeviceId(serverUrl, softwareName) {
+    try {
+        const p = deviceIdStorePath(serverUrl, softwareName);
+        if (!node_fs_1.default.existsSync(p))
+            return null;
+        const content = node_fs_1.default.readFileSync(p, "utf8").trim();
+        return content || null;
+    }
+    catch {
+        return null;
+    }
+}
+function persistDeviceId(serverUrl, softwareName, deviceId) {
+    try {
+        const p = deviceIdStorePath(serverUrl, softwareName);
+        node_fs_1.default.writeFileSync(p, deviceId, "utf8");
+    }
+    catch {
+        // ignore
+    }
+}
+function buildDeviceId(serverUrl, providedDeviceId, softwareName) {
+    if (providedDeviceId) {
+        persistDeviceId(serverUrl, softwareName, providedDeviceId);
+        return providedDeviceId;
+    }
+    const persisted = loadPersistedDeviceId(serverUrl, softwareName);
+    if (persisted)
+        return persisted;
+    // Node 环境下用机器 ID 做稳定输入；再混入 softwareName 保证同机不同软件不同 device_id
+    let base = "";
+    try {
+        base = (0, node_machine_id_1.machineIdSync)();
+    }
+    catch {
+        base = node_crypto_1.default.randomUUID();
+    }
+    const deviceId = node_crypto_1.default.createHash("sha256").update(`${base}-${softwareName}`, "utf8").digest("hex").slice(0, 32);
+    persistDeviceId(serverUrl, softwareName, deviceId);
+    return deviceId;
+}
+function collectDeviceInfo() {
+    const info = {
+        hostname: node_os_1.default.hostname(),
+        system: node_os_1.default.platform(),
+        release: node_os_1.default.release(),
+        machine: node_os_1.default.arch(),
+    };
+    try {
+        info.username = node_os_1.default.userInfo().username;
+    }
+    catch {
+        // ignore
+    }
+    return info;
+}

package/dist/errors.d.ts

@@ -0,0 +1,15 @@
+import type { AuthResult } from "./types";
+export declare class AuthorizationError extends Error {
+    readonly result?: AuthResult;
+    readonly deviceId?: string;
+    readonly serverUrl?: string;
+    constructor(args: {
+        message: string;
+        result?: AuthResult;
+        deviceId?: string;
+        serverUrl?: string;
+    });
+    get isNetworkError(): boolean;
+    get isUnauthorized(): boolean;
+    get isValidationError(): boolean;
+}

package/dist/errors.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationError = void 0;
+class AuthorizationError extends Error {
+    result;
+    deviceId;
+    serverUrl;
+    constructor(args) {
+        super(args.message);
+        this.name = "AuthorizationError";
+        this.result = args.result;
+        this.deviceId = args.deviceId;
+        this.serverUrl = args.serverUrl;
+    }
+    get isNetworkError() {
+        const message = (this.result?.message ?? this.message).toLowerCase();
+        const keywords = ["连接失败", "连接", "network", "timeout", "connection"];
+        return keywords.some((k) => message.includes(k.toLowerCase()));
+    }
+    get isUnauthorized() {
+        if (this.result) {
+            return !this.result.authorized && this.result.success;
+        }
+        return this.message.includes("未授权") || this.message.includes("禁用");
+    }
+    get isValidationError() {
+        if (this.result) {
+            return !this.result.success;
+        }
+        return this.message.includes("无法验证授权") || this.message.includes("验证失败");
+    }
+}
+exports.AuthorizationError = AuthorizationError;

package/dist/http.d.ts

@@ -0,0 +1,5 @@
+export declare function postJson<TResponse>(url: string, body: unknown, timeoutMs: number): Promise<{
+    status: number;
+    json: TResponse | null;
+    text: string;
+}>;

package/dist/http.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.postJson = postJson;
+async function postJson(url, body, timeoutMs) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        const res = await fetch(url, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(body),
+            signal: controller.signal,
+        });
+        const text = await res.text();
+        let json = null;
+        try {
+            json = text ? JSON.parse(text) : null;
+        }
+        catch {
+            json = null;
+        }
+        return { status: res.status, json, text };
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export { AuthClient } from "./client";
+export { AuthorizationError } from "./errors";
+export type { AuthClientConfig, AuthResult, AuthorizationInfo, DeviceInfo } from "./types";

package/dist/index.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationError = exports.AuthClient = void 0;
+var client_1 = require("./client");
+Object.defineProperty(exports, "AuthClient", { enumerable: true, get: function () { return client_1.AuthClient; } });
+var errors_1 = require("./errors");
+Object.defineProperty(exports, "AuthorizationError", { enumerable: true, get: function () { return errors_1.AuthorizationError; } });

package/dist/types.d.ts

@@ -0,0 +1,60 @@
+export interface DeviceInfo {
+    hostname?: string;
+    system?: string;
+    release?: string;
+    version?: string;
+    machine?: string;
+    processor?: string;
+    mac_address?: string;
+    ip_address?: string;
+    cpu_count?: number;
+    cpu_freq_mhz?: number;
+    memory_total_gb?: number;
+    disk_total_gb?: number;
+    username?: string;
+}
+export interface AuthResult {
+    authorized: boolean;
+    message: string;
+    success: boolean;
+    from_cache: boolean;
+    is_auth_error?: boolean;
+}
+export interface AuthorizationInfo {
+    authorized: boolean;
+    success: boolean;
+    from_cache: boolean;
+    message: string;
+    device_id: string;
+    server_url: string;
+    remaining_time?: string;
+    cache_valid?: boolean;
+    cached_at?: number;
+    cached_at_readable?: string;
+}
+export interface CacheRecordWire {
+    a: boolean;
+    m: string;
+    c: number;
+    l: number;
+    v: number;
+    f: string;
+}
+export interface CacheRecord {
+    authorized: boolean;
+    message: string;
+    cachedAt: number;
+    lastCheck: number;
+}
+export interface AuthClientConfig {
+    serverUrl: string;
+    softwareName: string;
+    deviceId?: string;
+    deviceInfo?: DeviceInfo;
+    clientSecret?: string;
+    cacheDir?: string;
+    enableCache?: boolean;
+    cacheValidityDays?: number;
+    checkIntervalDays?: number;
+    debug?: boolean;
+}

package/dist/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "py-auth-client",
+  "version": "0.0.1",
+  "description": "TypeScript/Node.js client for py-auth (compatible with Python/Go clients)",
+  "keywords": [
+    "auth",
+    "licensing",
+    "client",
+    "fernet"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Paper-Dragon/py-auth.git",
+    "directory": "client/ts"
+  },
+  "bugs": {
+    "url": "https://github.com/Paper-Dragon/py-auth/issues"
+  },
+  "homepage": "https://github.com/Paper-Dragon/py-auth#readme",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "sideEffects": false,
+  "engines": {
+    "node": ">=18"
+  },
+  "files": [
+    "dist"
+  ],
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "node-machine-id": "^1.1.12"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.21.0",
+    "typescript": "^5.5.0"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "clean": "node -e \"require('fs').rmSync('dist',{recursive:true,force:true})\"",
+    "dev": "tsx example.ts"
+  }
+}