npm - scripter-x - Versions diffs - 1.0.0 - Mend

scripter-x 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,55 @@
+# scripter-x
+Local Flipkart session extractor. It rents virtual numbers, logs into Flipkart, and
+extracts the login session JSON — **running on your own machine (your residential IP)**,
+which is the only way the Flipkart login-verify completes (datacenter IPs get blocked).
+Results sync automatically to your ScripterX dashboard for storage + export.
+## Install
+```bash
+npm install -g scripter-x
+```
+That installs the `scripterx` command. Needs Node 18+.
+## Use
+Just run it for the interactive shell:
+```bash
+scripterx
+```
+You get a prompt. Type a command, or press **`/`** to open the command palette.
+### Selecting from a menu — three ways
+- **Press `1`–`9`** to instantly pick that row ⭐ (most reliable)
+- **`↑`/`↓` then Enter** to navigate
+- **Click** a row (best-effort; works when the screen hasn't scrolled)
+Yes/no questions: **`←`/`→`** to toggle (or `y`/`n`), Enter to accept.
+### One-shot commands
+You can also run any command directly without the shell:
+```bash
+scripterx login
+scripterx run --provider otpcart --count 10 --concurrency 2 --check-minutes
+scripterx campaigns
+scripterx export <name>          # → ~/Downloads/scripterx/<name>.json
+scripterx balance
+scripterx config set server <url>
+```
+## How it works
+1. **You** run it locally → all Flipkart calls go from your residential IP (with a
+   built-in 2-second gap between calls so you're never rate-limited).
+2. It rents a number (OTPCart or TempOTP), sends the OTP, reads the SMS, verifies,
+   and extracts the full session.
+3. Each result is pushed to your ScripterX server (encrypted at rest) — view and export
+   from the web dashboard, or auto-saved locally to `~/Downloads/scripterx/`.
+4. **Only successful extractions cost money** — failed/cancelled numbers are refunded.
+Config + token live in `~/.scripterx/config.json`. Point at a different backend with
+`scripterx config set server <url>` or the `SCRIPTERX_SERVER` env var.

package/package.json ADDED Viewed

@@ -0,0 +1,33 @@
+{
+  "name": "scripter-x",
+  "version": "1.0.0",
+  "description": "ScripterX — local Flipkart session extractor (runs on your residential IP, syncs to marthunt)",
+  "type": "module",
+  "bin": {
+    "scripterx": "src/index.js"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "files": [
+    "src",
+    "README.md"
+  ],
+  "keywords": [
+    "flipkart",
+    "cli",
+    "scripterx",
+    "session",
+    "otp"
+  ],
+  "scripts": {
+    "start": "node src/index.js"
+  },
+  "dependencies": {
+    "ink": "^5.0.1",
+    "ink-spinner": "^5.0.0",
+    "react": "^18.3.1",
+    "ws": "^8.18.0"
+  },
+  "license": "MIT"
+}

package/src/api.js ADDED Viewed

@@ -0,0 +1,89 @@
+// Client for the marthunt ScripterX backend (auth + campaign + ingest + export).
+// Uses Node's built-in fetch (Node 18+). The CLI never touches the DB directly.
+import * as config from './config.js';
+export class AuthError extends Error {}
+export class ApiError extends Error {}
+export class ApiClient {
+  constructor({ baseUrl, token } = {}) {
+    const cfg = config.load();
+    this.base = (baseUrl || cfg.server_base_url).replace(/\/+$/, '');
+    this.token = token || cfg.jwt || null;
+  }
+  async _req(method, path, { auth = true, body } = {}) {
+    const headers = { 'Content-Type': 'application/json', Accept: 'application/json' };
+    if (auth && this.token) headers.Authorization = `Bearer ${this.token}`;
+    let res;
+    try {
+      res = await fetch(this.base + path, {
+        method, headers, body: body ? JSON.stringify(body) : undefined,
+      });
+    } catch (e) {
+      throw new ApiError(`cannot reach server (${this.base}): ${e.message}`);
+    }
+    if (res.status === 401) throw new AuthError('session expired — run `scripterx login`');
+    let data;
+    try { data = await res.json(); } catch {
+      throw new ApiError(`server returned ${res.status}`);
+    }
+    if (!res.ok || data.success === false) {
+      throw new ApiError(data.error || `server error ${res.status}`);
+    }
+    return data;
+  }
+  // ── auth ──
+  async login(username, password) {
+    const d = await this._req('POST', '/scriptx/auth/login', { auth: false, body: { username, password } });
+    this.token = d.token;
+    config.setToken(this.token, username);
+    return d.user || {};
+  }
+  async register(username, password, email) {
+    const body = { username, password };
+    if (email) body.email = email;
+    const d = await this._req('POST', '/scriptx/auth/register', { auth: false, body });
+    this.token = d.token;
+    config.setToken(this.token, username);
+    return d.user || {};
+  }
+  async me() { return (await this._req('GET', '/scriptx/auth/me')).user || {}; }
+  async creds() { try { return await this._req('GET', '/scriptx/otpcart-creds'); } catch { return {}; } }
+  // ── campaign lifecycle ──
+  async createCampaign({ name, provider, count, concurrency, checkMinutes = false, tempotpServiceId = '940', deepCheck = false }) {
+    const d = await this._req('POST', '/scriptx/campaigns', {
+      body: { name, provider, count, concurrency, check_minutes: checkMinutes,
+              tempotp_service_id: tempotpServiceId, deep_check: deepCheck, local: true },
+    });
+    return d.data.id;
+  }
+  async markRunning(cid) { try { await this._req('POST', `/scriptx/campaigns/${cid}/mark-running`); } catch { /* */ } }
+  async ingestAccount(cid, payload) {
+    return this._req('POST', `/scriptx/campaigns/${cid}/accounts`, { body: payload });
+  }
+  async finishCampaign(cid, stats) {
+    return this._req('POST', `/scriptx/campaigns/${cid}/finish`, { body: stats });
+  }
+  // ── management (parity with the web dashboard) ──
+  async listCampaigns() { return (await this._req('GET', '/scriptx/campaigns')).data || []; }
+  async getCampaign(cid) { const d = await this._req('GET', `/scriptx/campaigns/${cid}`); return { campaign: d.data || {}, accounts: d.accounts || [] }; }
+  async exportCampaign(cid) { return (await this._req('GET', `/scriptx/campaigns/${cid}/export`)).accounts || []; }
+  async stopCampaign(cid) { return this._req('POST', `/scriptx/campaigns/${cid}/stop`); }
+  async deleteCampaign(cid) { return this._req('DELETE', `/scriptx/campaigns/${cid}`); }
+  // ── server-side creds ──
+  async saveCreds(provider, { email, password, apiKey } = {}) {
+    const body = { provider };
+    if (email != null) body.email = email;
+    if (password != null) body.password = password;
+    if (apiKey != null) body.api_key = apiKey;
+    return this._req('POST', '/scriptx/otpcart-creds', { body });
+  }
+  async testCreds(provider) { return this._req('POST', '/scriptx/otpcart-creds/test', { body: { provider } }); }
+  async serverBalance(provider) { return this._req('GET', `/scriptx/balance?provider=${provider}`); }
+  async tempotpServices() { return this._req('GET', '/scriptx/tempotp-services'); }
+}

package/src/commands.js ADDED Viewed

@@ -0,0 +1,247 @@
+// Command implementations, written against an `io` interface so they work BOTH in the
+// interactive ink shell (io = in-tree prompts/output) and one-shot CLI mode (io = plain
+// stdin/stdout). Each command: async (io, api, args) => void.
+import * as config from './config.js';
+import { ApiClient, AuthError } from './api.js';
+import { saveSessions } from './util.js';
+import * as tp from './providers/tempotp.js';
+import * as oc from './providers/otpcart.js';
+import { Worker } from './worker.js';
+import { RunController } from './controller.js';
+import { STATUS } from './theme.js';
+async function getApi(io) {
+  const api = new ApiClient();
+  if (!api.token) return loginFlow(io, api);
+  try { await api.me(); return api; }
+  catch (e) {
+    if (e instanceof AuthError) { io.print('  ! session expired'); config.clearToken(); return loginFlow(io, api); }
+    throw e;
+  }
+}
+async function loginFlow(io, api) {
+  api = api || new ApiClient();
+  io.print(`  ◉ Sign in  ·  ${api.base}`);
+  const username = await io.ask('username');
+  const password = await io.ask('password', { mask: true });
+  const user = await api.login(username, password);
+  io.print(`  ✓ Welcome, ${user.username || username}`);
+  if (io.setUser) io.setUser(user.username || username);
+  return api;
+}
+// mask a secret for display: keep first 4 + last 4
+function maskSecret(s) {
+  if (!s) return '';
+  if (s.length <= 8) return '••••';
+  return s.slice(0, 4) + '…' + s.slice(-4);
+}
+// ── provider setup (shared by run) ──
+async function buildProvider(io, name) {
+  const cfg = config.load();
+  if (name === 'tempotp') {
+    let key = cfg.tempotp_api_key;
+    // If a key is saved locally, show it (masked) and let the user pick: use it or add new.
+    if (key) {
+      const choice = await io.select(`saved TempOTP key: ${maskSecret(key)}`, [
+        { label: 'use saved', value: 'use', description: maskSecret(key) },
+        { label: 'add new', value: 'new', description: 'enter a different key' }]);
+      if ((choice.value || choice) === 'new') key = null;
+    }
+    let freshlyEntered = false;
+    if (!key) { key = await io.ask('TempOTP API key'); freshlyEntered = true; }
+    const bal = await tp.balance(key);
+    if (bal == null) throw new Error('TempOTP key invalid or unreachable');
+    io.print(`  ✓ TempOTP balance: ₹${bal}`);
+    if (freshlyEntered && await io.confirm('save this key locally for next time?', true)) config.setMany({ tempotp_api_key: key });
+    const svc = await io.select('service id', Object.keys(tp.SERVICES).map((id) => ({ label: id, value: id, description: `₹${tp.SERVICES[id]}` })));
+    return new tp.TempOTPProvider(key, svc.value || svc);
+  }
+  // OTPCart: same use-saved / add-new flow
+  let email = cfg.otpcart_email, password = cfg.otpcart_password;
+  if (email && password) {
+    const choice = await io.select(`saved OTPCart: ${email}`, [
+      { label: 'use saved', value: 'use', description: email },
+      { label: 'add new', value: 'new', description: 'enter different creds' }]);
+    if ((choice.value || choice) === 'new') { email = null; password = null; }
+  }
+  let freshlyEntered = false;
+  if (!email || !password) {
+    email = await io.ask('OTPCart email');
+    password = await io.ask('OTPCart password', { mask: true });
+    freshlyEntered = true;
+  }
+  const jwt = await oc.login(email, password);
+  io.print('  ✓ OTPCart connected');
+  if (freshlyEntered && await io.confirm('save these creds locally for next time?', true)) config.setMany({ otpcart_email: email, otpcart_password: password });
+  const deep = await io.confirm('deep number check?', false);
+  return new oc.OTPCartProvider(jwt, deep);
+}
+export async function run(io, api, args = {}) {
+  api = api || await getApi(io);
+  const pSel = args.provider || (await io.select('provider', [
+    { label: 'otpcart', value: 'otpcart', description: 'email/password · WebSocket OTP' },
+    { label: 'tempotp', value: 'tempotp', description: 'API key · HTTP poll' }])).value;
+  const provider = await buildProvider(io, pSel);
+  const count = args.count || Number(await io.ask('how many JSONs?', { dflt: '5' }));
+  const concurrency = args.concurrency || Number(await io.ask('concurrency (keep low — one IP)', { dflt: String(config.get('default_concurrency', 2)) }));
+  const checkMinutes = args.checkMinutes != null ? args.checkMinutes : await io.confirm('check Minutes (₹100 coupon)?', false);
+  const name = args.name || `ScripterX-${Math.floor(Date.now() / 1000)}`;
+  if (!(await io.confirm(`start ${count} extraction(s) at concurrency ${concurrency}?`, true))) return;
+  const cid = await api.createCampaign({ name, provider: pSel, count, concurrency, checkMinutes,
+    tempotpServiceId: provider.serviceId || '940', deepCheck: provider.deepCheck || false });
+  io.print('  ✓ campaign created · syncing to your dashboard');
+  const controller = new RunController({ name, provider: pSel, requested: count });
+  const worker = new Worker(api, provider, { campaignId: cid, requested: count, concurrency, checkMinutes,
+    onEvent: controller.handleEvent,
+    // on a failed/rejected OTP: pause, show the real reason, ask continue-or-stop
+    onFailure: async ({ mobile, reason }) => {
+      io.print(`  ✗ ${mobile.slice(-10)} — ${reason}`, 'danger');
+      return io.confirm('OTP failed. Buy a new number and keep going?', true);
+    } });
+  if (io.startRun) io.startRun(controller);          // mount the live view (interactive)
+  const onSigint = () => worker.stop();
+  process.on('SIGINT', onSigint);
+  const stats = await worker.run();
+  process.off('SIGINT', onSigint);
+  if (io.endRun) io.endRun();
+  io.print(`  ✓ done — ${stats.succeeded} succeeded · ${stats.failed} failed · ${stats.cancelled} cancelled · ₹${stats.charges} spent`);
+  if (stats.succeeded > 0) {
+    let saved = null, lastErr = null;
+    for (let a = 0; a < 5 && !saved; a++) {
+      if (a > 0) await new Promise((r) => setTimeout(r, 1000));
+      try { saved = await saveSessions(api, cid, { campaignName: name }); } catch (e) { lastErr = e; }
+    }
+    if (saved) { io.print(`  ✓ saved ${saved.count} session(s) to:`); io.print(`     ${saved.path}`, 'accent'); }
+    else io.print(`  ! couldn't auto-save${lastErr ? ` (${lastErr.message})` : ''} — run \`export ${name}\` to retry`);
+  } else io.print('  ◉ no sessions extracted — nothing to save.');
+}
+export async function campaigns(io, api) {
+  api = api || await getApi(io);
+  const camps = await api.listCampaigns();
+  if (!camps.length) { io.print('  ◉ No campaigns yet. Type `run`.'); return; }
+  io.print('  ' + 'name'.padEnd(20) + 'provider'.padEnd(10) + 'status'.padEnd(13) + '✓  ✗  ⊘   ₹      created');
+  for (const c of camps.slice(0, 30)) {
+    const st = STATUS[c.status] || STATUS.pending;
+    io.print('  ' + (c.name || '—').slice(0, 18).padEnd(20) + (c.provider || '—').padEnd(10) +
+      `${st.glyph} ${c.status}`.padEnd(13) + `${c.succeeded || 0}  ${c.failed || 0}  ${c.cancelled || 0}   ₹${c.charges_deducted || 0}`.padEnd(12) +
+      (c.created_at || '').slice(0, 10));
+  }
+}
+async function pickCampaign(io, api, partial) {
+  const camps = await api.listCampaigns();
+  if (!camps.length) throw new Error('no campaigns');
+  if (partial) {
+    const m = camps.find((c) => c.id === partial || c.id.startsWith(partial) || c.name === partial);
+    if (m) return m;
+    throw new Error(`no campaign matching '${partial}'`);
+  }
+  // interactive picker
+  const sel = await io.select('which campaign?', camps.slice(0, 20).map((c) => ({ label: c.name || c.id.slice(0, 8), value: c.id, description: `${c.succeeded || 0} ok · ₹${c.charges_deducted || 0}` })));
+  return camps.find((c) => c.id === (sel.value || sel));
+}
+export async function exportCmd(io, api, args = {}) {
+  api = api || await getApi(io);
+  const c = await pickCampaign(io, api, args.campaign);
+  let saved = null, lastErr = null;
+  for (let a = 0; a < 3 && !saved; a++) {
+    if (a > 0) await new Promise((r) => setTimeout(r, 800));
+    try { saved = await saveSessions(api, c.id, { campaignName: c.name, out: args.out }); } catch (e) { lastErr = e; }
+  }
+  if (saved) { io.print(`  ✓ exported ${saved.count} session(s) to:`); io.print(`     ${saved.path}`, 'accent'); }
+  else if (lastErr) io.print(`  ✗ ${lastErr.message}`);
+  else io.print('  ! no extracted sessions in this campaign yet.');
+}
+export async function balance(io, api, args = {}) {
+  api = api || await getApi(io);
+  for (const p of args.provider ? [args.provider] : ['otpcart', 'tempotp']) {
+    try { const r = await api.serverBalance(p); io.print(r.balance != null ? `  ✓ ${p}: ₹${r.balance}` : `  ◉ ${p}: ${r.note || 'no balance'}`); }
+    catch (e) { io.print(`  ! ${p}: ${e.message}`); }
+  }
+}
+export async function creds(io, api, args = {}) {
+  api = api || await getApi(io);
+  const action = args.action || (await io.select('credentials', [
+    { label: 'show', value: 'show', description: 'what is saved' },
+    { label: 'save', value: 'save', description: 'store provider creds' },
+    { label: 'test', value: 'test', description: 'verify creds' }])).value;
+  if (action === 'show') {
+    const r = await api.creds();
+    for (const p of ['otpcart', 'tempotp']) io.print(`  ◉ ${p}: ${r[p]?.has_creds ? '✓ saved' : '— not set'}`);
+  } else if (action === 'save') {
+    const provider = (await io.select('provider', [{ label: 'otpcart', value: 'otpcart' }, { label: 'tempotp', value: 'tempotp' }])).value;
+    if (provider === 'tempotp') await api.saveCreds('tempotp', { apiKey: await io.ask('TempOTP API key') });
+    else await api.saveCreds('otpcart', { email: await io.ask('OTPCart email'), password: await io.ask('OTPCart password', { mask: true }) });
+    io.print(`  ✓ ${provider} credentials saved.`);
+  } else {
+    const provider = (await io.select('provider', [{ label: 'otpcart', value: 'otpcart' }, { label: 'tempotp', value: 'tempotp' }])).value;
+    try { const r = await api.testCreds(provider); io.print(`  ✓ ${provider} verified${r.balance != null ? ` · ₹${r.balance}` : ''}`); }
+    catch (e) { io.print(`  ✗ ${e.message}`); }
+  }
+}
+export async function stop(io, api, args = {}) {
+  api = api || await getApi(io);
+  const c = await pickCampaign(io, api, args.campaign);
+  await api.stopCampaign(c.id); io.print('  ✓ stop requested.');
+}
+export async function del(io, api, args = {}) {
+  api = api || await getApi(io);
+  const c = await pickCampaign(io, api, args.campaign);
+  if (!(await io.confirm(`delete '${c.name}'?`, false))) return;
+  await api.deleteCampaign(c.id); io.print('  ✓ deleted.');
+}
+export async function whoami(io) {
+  const api = new ApiClient();
+  if (!api.token) { io.print('  ! not signed in — type `login`'); return; }
+  try { const u = await api.me(); io.print(`  ✓ ${u.username} · ${api.base}`); } catch (e) { io.print(`  ✗ ${e.message}`); }
+}
+export async function login(io) { await loginFlow(io); }
+export function logout(io) { config.clearToken(); if (io.setUser) io.setUser(null); io.print('  ✓ signed out.'); }
+export async function configCmd(io, _api, args = {}) {
+  const cfg = config.load();
+  const action = args.action || (await io.select('config', [
+    { label: 'show', value: 'show' },
+    { label: 'server', value: 'server', description: 'change backend URL' },
+    { label: 'concurrency', value: 'concurrency', description: 'default parallelism' }])).value;
+  if (action === 'show') {
+    for (const k of ['server_base_url', 'username', 'default_concurrency']) io.print(`  ${k.padEnd(20)} ${cfg[k]}`);
+    io.print(`  ${'logged_in'.padEnd(20)} ${cfg.jwt ? 'yes' : 'no'}`);
+  } else if (action === 'server') {
+    const v = args.value || await io.ask('server URL', { dflt: cfg.server_base_url });
+    config.setMany({ server_base_url: v }); io.print(`  ✓ server → ${v}`);
+  } else if (action === 'concurrency') {
+    const v = args.value || await io.ask('default concurrency', { dflt: String(cfg.default_concurrency) });
+    config.setMany({ default_concurrency: parseInt(v, 10) }); io.print(`  ✓ concurrency → ${v}`);
+  }
+}
+export function help(io) {
+  io.print('  commands: run · campaigns · export · balance · creds · stop · delete · whoami · config · logout · exit');
+}
+// dispatch table used by the interactive shell
+export const REGISTRY = {
+  run, campaigns, export: exportCmd, balance, creds, stop, delete: del,
+  whoami, login, logout, config: configCmd, help,
+};

package/src/config.js ADDED Viewed

@@ -0,0 +1,67 @@
+// Local config + token store at ~/.scripterx/config.json (0600).
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { mkdirSync, readFileSync, writeFileSync, existsSync, chmodSync } from 'node:fs';
+export const CONFIG_DIR = join(homedir(), '.scripterx');
+export const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
+const DEFAULT_SERVER = process.env.SCRIPTERX_SERVER || 'https://api.marthunt.tech';
+const DEFAULTS = {
+  server_base_url: DEFAULT_SERVER,
+  jwt: null,
+  username: null,
+  tempotp_api_key: null,
+  otpcart_email: null,
+  otpcart_password: null,
+  default_concurrency: 2,
+};
+function ensureDir() {
+  if (!existsSync(CONFIG_DIR)) mkdirSync(CONFIG_DIR, { mode: 0o700, recursive: true });
+}
+export function load() {
+  ensureDir();
+  let data = {};
+  if (existsSync(CONFIG_FILE)) {
+    try { data = JSON.parse(readFileSync(CONFIG_FILE, 'utf8')); } catch { data = {}; }
+  }
+  const merged = { ...DEFAULTS, ...data };
+  if (process.env.SCRIPTERX_SERVER) merged.server_base_url = process.env.SCRIPTERX_SERVER;
+  return merged;
+}
+export function save(cfg) {
+  ensureDir();
+  writeFileSync(CONFIG_FILE, JSON.stringify(cfg, null, 2));
+  try { chmodSync(CONFIG_FILE, 0o600); } catch { /* ignore */ }
+}
+export function get(key, dflt = null) {
+  const v = load()[key];
+  return v === undefined ? dflt : v;
+}
+export function setMany(kv) {
+  const cfg = load();
+  Object.assign(cfg, kv);
+  save(cfg);
+  return cfg;
+}
+export const getToken = () => load().jwt;
+export function setToken(token, username) {
+  const cfg = load();
+  cfg.jwt = token;
+  if (username) cfg.username = username;
+  save(cfg);
+}
+export function clearToken() {
+  const cfg = load();
+  cfg.jwt = null;
+  save(cfg);
+}

package/src/controller.js ADDED Viewed

@@ -0,0 +1,27 @@
+// RunController — shared, subscribable state for a live extraction run.
+// The Worker writes via onEvent(); RunView subscribes and re-renders on each event.
+// Decouples the worker from the UI and (crucially) makes updates actually propagate.
+export class RunController {
+  constructor({ name, provider, requested }) {
+    this.name = name;
+    this.provider = provider;
+    this.requested = requested;
+    this.stats = { total: requested, succeeded: 0, failed: 0, cancelled: 0, generated: 0, attempts: 0, charges: 0 };
+    this.slots = {};
+    this.rows = [];
+    this._subs = new Set();
+    this.onFinish = null;
+  }
+  // the callback the Worker is given
+  handleEvent = (kind, payload) => {
+    if (kind === 'slot') this.slots[payload.slot] = { ...payload };
+    else if (kind === 'progress' || kind === 'done') this.stats = { ...payload };
+    else if (kind === 'row') this.rows.push(payload);
+    this._emit(kind, payload);
+  };
+  subscribe(fn) { this._subs.add(fn); }
+  unsubscribe(fn) { this._subs.delete(fn); }
+  _emit(kind, payload) { for (const fn of this._subs) { try { fn(kind, payload); } catch { /* */ } } }
+}