py-auth-client 0.1.3 → 0.1.5

package/README.md

@@ -1,14 +1,14 @@
-# py-auth-client
+# py-auth-client（TypeScript / Node.js）
 
-TypeScript/Node.js client for **py-auth**. Compatible with the Python and Go clients in this repository.
+与仓库内 Python、Go 客户端协议一致。安装与最小示例见下；**完整文档（配置、缓存、存储、`device_info`）见上一级 [client/README.md](../README.md#typescript)**（与 [STORAGE.md](../STORAGE.md) 对照阅读）。
 
-## Install
+## 安装
 
 ```bash
 npm i py-auth-client
 ```
 
-## Usage
+## 最小示例
 
 ```ts
 import { AuthClient, AuthorizationError } from "py-auth-client";
@@ -16,13 +16,11 @@ import { AuthClient, AuthorizationError } from "py-auth-client";
 const client = new AuthClient({
   serverUrl: "http://localhost:8000",
   softwareName: "我的软件",
-  clientSecret: process.env.CLIENT_SECRET!,
-  // debug: true,
+  clientSecret: process.env.CLIENT_SECRET ?? "",
 });
 
 try {
   await client.requireAuthorization();
-  console.log("authorized");
 } catch (e) {
   if (e instanceof AuthorizationError) {
     console.error(e.message);
@@ -31,17 +29,3 @@ try {
   throw e;
 }
 ```
-
-## API
-
-- `new AuthClient(config)`
-- `client.checkAuthorization()`
-- `client.requireAuthorization()`
-- `client.getAuthorizationInfo()`
-- `client.clearCache()`
-
-## Notes
-
-- Requires `clientSecret` or environment variable `CLIENT_SECRET`.
-- Uses Fernet-compatible encryption derived from `CLIENT_SECRET`.
-- Uses an obfuscated local cache file with a 7-day validity window.

package/dist/cache.d.ts

@@ -1,24 +1,30 @@
-import type { CacheRecord } from "./types";
+import type { CacheRecord, DeviceInfo } from "./types";
 export declare class AuthCache {
     readonly cacheValiditySeconds: number;
     readonly checkIntervalSeconds: number;
     readonly cacheFile: string;
-    private readonly encryptKey;
     private readonly deviceId;
+    private readonly serverUrl;
     private readonly softwareName;
-    private readonly cacheValidityDays;
+    private readonly cacheDir;
     constructor(args: {
-        cacheDir?: string;
+        storageRoot: string;
         deviceId: string;
         serverUrl: string;
         softwareName: string;
         cacheValidityDays: number;
         checkIntervalDays: number;
     });
+    private readRow;
+    private cacheRecordFromRow;
+    snapshotForAuthorizationCheck(): {
+        cacheData: CacheRecord | null;
+        storedHeartbeatTimes: number;
+    };
+    isCacheTTLValid(cache: CacheRecord | null): boolean;
+    needsCheck(): boolean;
     getCache(): CacheRecord | null;
-    saveCache(authorized: boolean, message: string): boolean;
-    isCacheValid(): boolean;
+    loadDeviceInfoSnapshot(): DeviceInfo | null;
+    saveCache(authorized: boolean, _message: string, nextHeartbeat?: number, deviceInfoSnapshot?: DeviceInfo): boolean;
     clearCache(): boolean;
-    private obfuscate;
-    private deobfuscate;
 }

package/dist/cache.js

@@ -4,201 +4,179 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthCache = void 0;
-const node_os_1 = __importDefault(require("node:os"));
-const node_path_1 = __importDefault(require("node:path"));
 const node_fs_1 = __importDefault(require("node:fs"));
-const node_crypto_1 = __importDefault(require("node:crypto"));
-const node_zlib_1 = __importDefault(require("node:zlib"));
-const node_child_process_1 = require("node:child_process");
+const stateBundle_1 = require("./stateBundle");
 class AuthCache {
     cacheValiditySeconds;
     checkIntervalSeconds;
     cacheFile;
-    encryptKey;
     deviceId;
+    serverUrl;
     softwareName;
-    cacheValidityDays;
+    cacheDir;
     constructor(args) {
         this.deviceId = args.deviceId;
+        this.serverUrl = (0, stateBundle_1.normalizeServerUrl)(args.serverUrl);
         this.softwareName = args.softwareName;
-        this.cacheValidityDays = args.cacheValidityDays;
-        this.cacheValiditySeconds = args.cacheValidityDays * 24 * 60 * 60;
-        this.checkIntervalSeconds = args.checkIntervalDays * 24 * 60 * 60;
-        const cacheDir = args.cacheDir ?? defaultCacheDir();
+        const cacheValidityDays = args.cacheValidityDays > 0 ? args.cacheValidityDays : 7;
+        this.cacheValiditySeconds = cacheValidityDays * 24 * 60 * 60;
+        this.checkIntervalSeconds = (args.checkIntervalDays > 0 ? args.checkIntervalDays : 2) * 24 * 60 * 60;
+        this.cacheDir = args.storageRoot;
+        this.cacheFile = (0, stateBundle_1.bundlePath)(this.serverUrl, this.cacheDir);
+    }
+    readRow() {
+        const d = (0, stateBundle_1.readStateDict)(this.serverUrl, this.cacheDir);
+        if (!d)
+            return null;
+        const row = (0, stateBundle_1.loadAppsMap)(d)[this.softwareName];
+        return row && typeof row === "object" && !Array.isArray(row) ? row : null;
+    }
+    cacheRecordFromRow(row) {
+        if (!row)
+            return null;
+        const ts = (0, stateBundle_1.rowLastSuccessTs)(row);
+        if (ts === null)
+            return null;
+        return {
+            authorized: true,
+            message: "设备已授权",
+            cachedAt: ts,
+        };
+    }
+    snapshotForAuthorizationCheck() {
         try {
-            node_fs_1.default.mkdirSync(cacheDir, { recursive: true });
+            const row = this.readRow();
+            if (!row || (0, stateBundle_1.rowLastSuccessTs)(row) === null)
+                return { cacheData: null, storedHeartbeatTimes: 0 };
+            const raw = row.heartbeat_times;
+            const n = typeof raw === "number" && Number.isFinite(raw) ? Math.floor(raw) : Number(raw);
+            if (!Number.isFinite(n) || n < 1) {
+                this.clearCache();
+                return { cacheData: null, storedHeartbeatTimes: 0 };
+            }
+            return { cacheData: this.cacheRecordFromRow(row), storedHeartbeatTimes: n };
         }
         catch {
-            // ignore
+            return { cacheData: null, storedHeartbeatTimes: 0 };
         }
-        const cacheKey = `${args.deviceId}:${args.softwareName}`;
-        const fileHash = node_crypto_1.default.createHash("md5").update(cacheKey, "utf8").digest("hex").slice(0, 12);
-        this.cacheFile = node_path_1.default.join(cacheDir, `runtime_${fileHash}.dat`);
-        const material = `${args.serverUrl}:${args.deviceId}:${args.softwareName}:obfuscate_v1`;
-        this.encryptKey = node_crypto_1.default.createHash("sha256").update(material, "utf8").digest();
+    }
+    isCacheTTLValid(cache) {
+        if (!cache?.cachedAt)
+            return false;
+        const elapsed = Date.now() / 1000 - cache.cachedAt;
+        return elapsed < this.cacheValiditySeconds;
+    }
+    needsCheck() {
+        const cache = this.getCache();
+        if (!cache?.cachedAt)
+            return true;
+        const elapsed = Date.now() / 1000 - cache.cachedAt;
+        return elapsed >= this.checkIntervalSeconds;
     }
     getCache() {
         try {
-            if (!node_fs_1.default.existsSync(this.cacheFile))
-                return null;
-            const encrypted = node_fs_1.default.readFileSync(this.cacheFile);
-            const decrypted = this.deobfuscate(encrypted);
-            if (!decrypted)
-                return null;
-            const raw = JSON.parse(decrypted.toString("utf8"));
-            return {
-                authorized: !!raw.a,
-                message: raw.m ?? "",
-                cachedAt: Number(raw.c ?? 0),
-                lastCheck: Number(raw.l ?? 0),
-            };
+            return this.cacheRecordFromRow(this.readRow());
         }
         catch {
             return null;
         }
     }
-    saveCache(authorized, message) {
+    loadDeviceInfoSnapshot() {
         try {
-            const now = Date.now() / 1000;
-            const timeStr = formatPythonTimeString(now);
-            const fake = node_crypto_1.default.createHash("md5").update(timeStr, "utf8").digest("hex").slice(0, 8);
-            const payload = {
-                a: authorized,
-                m: message,
-                c: now,
-                l: now,
-                v: 2,
-                f: fake,
-            };
-            const json = JSON.stringify(payload);
-            const encrypted = this.obfuscate(Buffer.from(json, "utf8"));
-            if (!encrypted)
-                return false;
-            try {
-                node_fs_1.default.mkdirSync(node_path_1.default.dirname(this.cacheFile), { recursive: true });
-            }
-            catch {
-                // ignore
-            }
-            try {
-                node_fs_1.default.writeFileSync(this.cacheFile, encrypted);
-            }
-            catch {
+            const row = this.readRow();
+            if (!row)
+                return null;
+            const raw = row[stateBundle_1.BUNDLE_PRODUCT_DEVICE_INFO_SNAPSHOT_KEY];
+            if (raw == null)
+                return null;
+            if (typeof raw === "string") {
+                if (!raw.trim())
+                    return null;
                 try {
-                    if (node_fs_1.default.existsSync(this.cacheFile))
-                        node_fs_1.default.unlinkSync(this.cacheFile);
-                    node_fs_1.default.writeFileSync(this.cacheFile, encrypted);
+                    const p = JSON.parse(raw);
+                    if (!p || typeof p !== "object" || Array.isArray(p))
+                        return null;
+                    return JSON.parse(JSON.stringify(p));
                 }
                 catch {
-                    return false;
+                    return null;
                 }
             }
-            if (process.platform === "win32") {
-                try {
-                    (0, node_child_process_1.execFileSync)("attrib", ["+H", this.cacheFile], { stdio: "ignore" });
-                }
-                catch {
-                    // ignore
-                }
+            if (typeof raw === "object" && !Array.isArray(raw)) {
+                return JSON.parse(JSON.stringify(raw));
             }
-            return true;
+            return null;
         }
         catch {
-            return false;
+            return null;
         }
     }
-    isCacheValid() {
-        const cache = this.getCache();
-        if (!cache)
-            return false;
-        const elapsed = Date.now() / 1000 - cache.cachedAt;
-        return elapsed < this.cacheValiditySeconds;
-    }
-    clearCache() {
+    saveCache(authorized, _message, nextHeartbeat, deviceInfoSnapshot) {
         try {
-            if (node_fs_1.default.existsSync(this.cacheFile))
-                node_fs_1.default.unlinkSync(this.cacheFile);
-            return true;
+            const now = Date.now() / 1000;
+            const cur = (0, stateBundle_1.readStateDict)(this.serverUrl, this.cacheDir) ?? {};
+            const payload = { ...cur };
+            for (const k of stateBundle_1.BUNDLE_ROOT_STRAY_KEYS)
+                delete payload[k];
+            const apps = (0, stateBundle_1.loadAppsMap)(payload);
+            const sub = { ...(apps[this.softwareName] ?? {}) };
+            delete sub.software_name;
+            if (!authorized) {
+                for (const k of stateBundle_1.BUNDLE_PRODUCT_REVOKE_KEYS)
+                    delete sub[k];
+                sub.device_id = this.deviceId;
+            }
+            else {
+                sub.device_id = this.deviceId;
+                sub.last_success_at = now;
+                if (nextHeartbeat !== undefined)
+                    sub.heartbeat_times = nextHeartbeat;
+                if (deviceInfoSnapshot !== undefined) {
+                    sub[stateBundle_1.BUNDLE_PRODUCT_DEVICE_INFO_SNAPSHOT_KEY] = JSON.parse(JSON.stringify(deviceInfoSnapshot));
+                }
+            }
+            apps[this.softwareName] = sub;
+            (0, stateBundle_1.commitAppsMap)(payload, apps);
+            return (0, stateBundle_1.writeStateDictWithRetry)(this.serverUrl, payload, this.cacheDir);
         }
         catch {
             return false;
         }
     }
-    obfuscate(data) {
+    clearCache() {
         try {
-            const compressed = node_zlib_1.default.deflateSync(data, { level: 9 });
-            const xored = xorWithKey(compressed, this.encryptKey);
-            const timeSeed = Math.floor(Date.now() / 1000 / 3600);
-            const prefixSeed = node_crypto_1.default
-                .createHash("md5")
-                .update(`${this.deviceId}:${this.softwareName}:${timeSeed}`, "utf8")
-                .digest()
-                .subarray(0, 4);
-            const lenBuf = Buffer.alloc(4);
-            lenBuf.writeUInt32BE(xored.length, 0);
-            const packed = Buffer.concat([prefixSeed, lenBuf, xored]);
-            const finalKey = node_crypto_1.default.createHash("sha256").update(Buffer.concat([this.encryptKey, prefixSeed])).digest();
-            return xorWithKey(packed, finalKey);
+            const d = (0, stateBundle_1.readStateDict)(this.serverUrl, this.cacheDir);
+            if (!d)
+                return true;
+            const next = { ...d };
+            for (const k of stateBundle_1.BUNDLE_ROOT_STRAY_KEYS)
+                delete next[k];
+            const apps = (0, stateBundle_1.loadAppsMap)(next);
+            const sub = { ...(apps[this.softwareName] ?? {}) };
+            for (const k of stateBundle_1.BUNDLE_PRODUCT_REVOKE_KEYS)
+                delete sub[k];
+            delete sub.software_name;
+            sub.device_id = this.deviceId;
+            apps[this.softwareName] = sub;
+            (0, stateBundle_1.commitAppsMap)(next, apps);
+            const anyAppHasDevice = Object.values(apps).some((r) => {
+                if (!r || typeof r !== "object" || Array.isArray(r))
+                    return false;
+                return (0, stateBundle_1.rowDeviceId)(r) != null;
+            });
+            if (!anyAppHasDevice) {
+                try {
+                    if (node_fs_1.default.existsSync(this.cacheFile))
+                        node_fs_1.default.unlinkSync(this.cacheFile);
+                }
+                catch { }
+                return true;
+            }
+            return (0, stateBundle_1.writeStateDictWithRetry)(this.serverUrl, next, this.cacheDir);
         }
         catch {
-            return null;
-        }
-    }
-    deobfuscate(data) {
-        if (data.length < 8)
-            return null;
-        const currentHour = Math.floor(Date.now() / 1000 / 3600);
-        const maxOffset = Math.max(2, this.cacheValidityDays * 24 + 12);
-        for (let hourOffset = -maxOffset; hourOffset <= maxOffset; hourOffset++) {
-            const timeSeed = currentHour + hourOffset;
-            const prefixSeed = node_crypto_1.default
-                .createHash("md5")
-                .update(`${this.deviceId}:${this.softwareName}:${timeSeed}`, "utf8")
-                .digest()
-                .subarray(0, 4);
-            const finalKey = node_crypto_1.default.createHash("sha256").update(Buffer.concat([this.encryptKey, prefixSeed])).digest();
-            const unpacked = xorWithKey(data, finalKey);
-            if (!unpacked.subarray(0, 4).equals(prefixSeed))
-                continue;
-            const length = unpacked.readUInt32BE(4);
-            if (length > unpacked.length - 8)
-                continue;
-            const xored = unpacked.subarray(8, 8 + length);
-            const compressed = xorWithKey(xored, this.encryptKey);
-            try {
-                return node_zlib_1.default.inflateSync(compressed);
-            }
-            catch {
-                continue;
-            }
+            return false;
         }
-        return null;
     }
 }
 exports.AuthCache = AuthCache;
-function xorWithKey(data, key) {
-    const out = Buffer.allocUnsafe(data.length);
-    for (let i = 0; i < data.length; i++) {
-        out[i] = data[i] ^ key[i % key.length];
-    }
-    return out;
-}
-function defaultCacheDir() {
-    const home = node_os_1.default.homedir();
-    if (process.platform === "win32") {
-        const local = process.env.LOCALAPPDATA ?? node_path_1.default.join(home, "AppData", "Local");
-        return node_path_1.default.join(local, "Microsoft", "CLR_v4.0");
-    }
-    if (process.platform === "darwin") {
-        return node_path_1.default.join(home, "Library", "Caches", ".com.apple.metadata");
-    }
-    return node_path_1.default.join(home, ".cache", ".fontconfig");
-}
-function formatPythonTimeString(nowSeconds) {
-    // 目标：模拟 Python str(time.time()) 的大致风格（最短表示，必要时带 .0）
-    // 这里按 Go 实现保持一致：g/最短，但确保有小数点或 e
-    let s = String(nowSeconds);
-    if (!s.includes(".") && !s.includes("e"))
-        s += ".0";
-    return s;
-}

package/dist/client.d.ts

@@ -4,16 +4,28 @@ export declare class AuthClient {
     private readonly softwareName;
     private readonly softwareVersion;
     private readonly deviceId;
-    private readonly deviceInfo;
+    private deviceInfo;
+    private deviceInfoDeferred;
     private readonly clientSecret;
     private readonly debug;
-    private readonly cache?;
+    private readonly cache;
+    private readonly stateBundleExistedBeforeInit;
     constructor(config: AuthClientConfig);
     private logDebug;
+    private ensureFullDeviceInfo;
     private formatRemainingTime;
+    private postHeartbeatDeviceInfo;
+    private checkOnlineLight;
     private checkOnline;
-    checkAuthorization(): Promise<AuthResult>;
-    requireAuthorization(): Promise<boolean>;
+    private persistOnlineResult;
+    checkAuthorization(_forceOnline?: boolean): Promise<AuthResult>;
+    checkAuthorizationProgressive(_forceOnline?: boolean): Promise<AuthResult>;
+    requireAuthorization(forceOnline?: boolean): Promise<boolean>;
     clearCache(): boolean;
+    canSoftLaunch(): boolean;
+    startBackgroundRefresh(options?: {
+        forceOnline?: boolean;
+        onDone?: (result: AuthResult) => void;
+    }): boolean;
     getAuthorizationInfo(): Promise<AuthorizationInfo>;
 }