npm - scripter-x - Versions diffs - 1.0.23 → 1.0.25 - Mend

scripter-x 1.0.23 → 1.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "scripter-x",
-  "version": "1.0.23",
+  "version": "1.0.25",
   "description": "ScripterX — local Flipkart session extractor (runs on your residential IP, syncs to marthunt)",
   "type": "module",
   "bin": {

package/src/commands.js CHANGED Viewed

@@ -3,7 +3,7 @@
 // stdin/stdout). Each command: async (io, api, args) => void.
 import * as config from './config.js';
 import { ApiClient, AuthError } from './api.js';
-import { saveSessions, CANCEL } from './util.js';
+import { saveSessions, saveSessionsLocal, CANCEL } from './util.js';
 import * as tp from './providers/tempotp.js';
 import * as oc from './providers/otpcart.js';
 import * as kuku from './providers/kuku.js';
@@ -205,18 +205,27 @@ export async function run(io, api, args = {}) {
   io.print(`  ✓ done — ${stats.succeeded} succeeded · ${stats.failed} failed · ${stats.cancelled} cancelled · ₹${stats.charges} spent`);
   if (stats.succeeded > 0) {
-    let saved = null, lastErr = null;
-    for (let a = 0; a < 5 && !saved; a++) {
-      if (a > 0) await new Promise((r) => setTimeout(r, 1000));
-      try { saved = await saveSessions(api, cid, { campaignName: name }); } catch (e) { lastErr = e; }
+    // PRIMARY: save LOCALLY from the worker's in-memory buffer — never depends on the
+    // server, so an expired dashboard JWT can't lose the JSONs the user paid for.
+    let saved = null;
+    try {
+      saved = saveSessionsLocal(worker.results, cid, { campaignName: name, out: args.out, checkMinutes });
+    } catch (e) {
+      io.print(`  ! local save error: ${e.message}`, 'danger');
+    }
+    // FALLBACK: only if the local buffer was somehow empty, try the server export.
+    if (!saved && worker.results.length === 0) {
+      for (let a = 0; a < 3 && !saved; a++) {
+        if (a > 0) await new Promise((r) => setTimeout(r, 1000));
+        try { saved = await saveSessions(api, cid, { campaignName: name, out: args.out }); } catch { /* */ }
+      }
     }
     if (saved) {
       io.print('  ✓ saved session(s) to:');
-      for (const res of saved) {
-        io.print(`     ${res.path} (${res.count} sessions)`, 'accent');
-      }
+      for (const res of saved) io.print(`     ${res.label}  ${res.path} (${res.count} sessions)`, 'accent');
+    } else {
+      io.print('  ! could not write the session file — check disk permissions', 'danger');
     }
-    else io.print(`  ! couldn't auto-save${lastErr ? ` (${lastErr.message})` : ''} — run \`export ${name}\` to retry`);
   } else io.print('  ◉ no sessions extracted — nothing to save.');
   if (worker.logPath) io.print(`  ◉ log saved to: ${worker.logPath}`);
 }

package/src/flipkart.js CHANGED Viewed

@@ -85,6 +85,7 @@ export class FlipkartLogin {
     this.reqId = null;
     this.sn = '';
     this.vid = '';
+    this.isNewUser = false; // set by sendOtp: new number → verify as SIGNUP, not LOGIN
   }
   async sendOtp(mobile) {
@@ -117,37 +118,78 @@ export class FlipkartLogin {
     // no requestId on a 200 = soft anti-bot throttle — also retryable (often clears on retry).
     if (!rid) throw new TransientError('blocked while sending OTP (no requestId — throttled)');
     this.reqId = rid;
+    // NEW vs EXISTING account: for an UNREGISTERED number FK still sends the OTP but
+    // routes the flow to signup. The reliable signals (verified against captures):
+    //   • landingPageAction.url starts with "/signup"  (existing accounts: no such url)
+    //   • eVar79 tracking is "New|…|Sign-Up|…"          (existing: "Existing|…|Sign-In|…")
+    // NOTE: a bare "isNewUser":true appears even for EXISTING accounts (unrelated page
+    // flag) — do NOT use it. verifyOtp uses type:SIGNUP when isNewUser, else LOGIN.
+    const landingUrl = data?.RESPONSE?.actionResponseContext?.landingPageAction?.url || '';
+    const eVar79 = data?.RESPONSE?.pageResponse?.pageData?.trackingContext?.tracking?.eVar79 || '';
+    this.isNewUser = /^\/signup\b/.test(landingUrl)
+      || /\bSign-?Up\b/i.test(eVar79)
+      || /^New\b/i.test(eVar79);
     this.sn = this.jar.SN || '';
     this.vid = this.sn ? this.sn.split('.')[0] : '';
     return rid;
   }
-  async verifyOtp(mobile, otp) {
+  // Low-level OTP verify with an explicit action type ("LOGIN" for existing
+  // accounts, "SIGNUP" for brand-new numbers). Returns { res, text, data }.
+  async _verifyWith(type, mobile, otp) {
     await throttle.wait();
     const secureToken = this.vid ? `${this.vid}:${this.vid}` : '';
     const body = { actionRequestContext: {
-      type: 'LOGIN', loginIdPrefix: '+91', loginId: mobile.slice(-10), password: null,
+      type, loginIdPrefix: '+91', loginId: mobile.slice(-10), password: null,
       otp, otpRequestId: this.reqId, remainingAttempts: 5, phoneNumberFormat: 'E164',
-      loginType: 'MOBILE', verificationType: 'OTP', sourceContext: 'GO_LOGIN', churned: false,
-      otpRegex: null, data: null, clientQueryParamMap: null } };
+      loginType: 'MOBILE', verificationType: 'OTP', sourceContext: type === 'SIGNUP' ? 'DEFAULT' : 'GO_LOGIN',
+      churned: false, otpRegex: null, data: null, clientQueryParamMap: null } };
     const res = await fetch(`${NATIVE_HOST}/1/action/view`, {
       method: 'POST', body: JSON.stringify(body),
       headers: {
         'User-Agent': 'okhttp/4.9.2', 'X-User-Agent': nativeUa(this.vid),
         'Content-Type': 'application/json; charset=UTF-8',
-        'x-request-metaInfo': '{"actionType":"LOGIN","pageUri":"questContext"}',
+        'x-request-metaInfo': `{"actionType":"${type}","pageUri":"questContext"}`,
         at: this.jar.at || '', sn: this.sn, secureToken, secureCookie: this.jar.S || '',
         Cookie: cookieHeader(this.jar),
       },
     });
     const text = await res.text();
+    let data = null;
+    try { data = JSON.parse(text); } catch { /* caller handles */ }
+    return { res, text, data };
+  }
+  async verifyOtp(mobile, otp) {
+    // New number → SIGNUP (FK rejects LOGIN with "account does not exist"); existing → LOGIN.
+    const primary = this.isNewUser ? 'SIGNUP' : 'LOGIN';
+    const fallback = this.isNewUser ? 'LOGIN' : 'SIGNUP';
+    let { res, text, data } = await this._verifyWith(primary, mobile, otp);
     // 529/5xx = Flipkart overloaded / soft-blocking this IP — NOT the OTP's fault.
     if (res.status === 429 || res.status === 529 || res.status >= 500) {
       throw new TransientError(`Flipkart busy (HTTP ${res.status}) — will retry`);
     }
-    let data;
-    try { data = JSON.parse(text); } catch { throw new TransientError('Flipkart returned a non-JSON response — will retry'); }
-    const env = data.SESSION;
+    if (!data) throw new TransientError('Flipkart returned a non-JSON response — will retry');
+    let env = data.SESSION;
+    // If the primary type didn't log in AND the failure looks like a wrong account-type
+    // (not a wrong OTP), retry once with the other type. This auto-creates a new account
+    // when a number we thought existed doesn't (and vice-versa) — same OTP, no extra SMS.
+    if ((!env || !env.isLoggedIn)) {
+      const fkMsg0 = flipkartErrorMessage(data, text);
+      const low0 = (fkMsg0 + ' ' + text).toLowerCase();
+      const wrongType = /does not exist|not registered|no account|sign\s*up|signup|already (registered|exists)|please login/.test(low0);
+      const wrongOtp = /incorrect|wrong|invalid|expired|otp.*not.*match|verification code/.test(low0);
+      if (wrongType && !wrongOtp) {
+        const r2 = await this._verifyWith(fallback, mobile, otp);
+        if (r2.data && r2.data.SESSION && r2.data.SESSION.isLoggedIn) {
+          ({ res, text, data } = r2);
+          env = data.SESSION;
+        }
+      }
+    }
     if (!env || !env.isLoggedIn) {
       // pull Flipkart's own human message if present (the real reason)
       const fkMsg = flipkartErrorMessage(data, text);

package/src/util.js CHANGED Viewed

@@ -31,34 +31,19 @@ export const log = {
   err: (m) => console.log(`  ${paint.err('✗')} ${m}`),
 };
-// Resolve + write a campaign's sessions to a file. Returns {path, count} or null
-// (null when there are no extracted sessions). Mirrors the Python CLI's behavior:
-//   out=<file>  → that file;  out=<dir>/ → default name inside;  no out → ~/Downloads/scripterx/
-export async function saveSessions(api, cid, { campaignName, out } = {}) {
-  let name = (campaignName || cid.slice(0, 8)).replace(/[^A-Za-z0-9._-]+/g, '-').replace(/^-+|-+$/g, '') || cid.slice(0, 8);
-  const accounts = await api.exportCampaign(cid);
+// Core: partition an accounts array by Minutes status and write the JSON file(s).
+// accounts = [{ session, coupon_eligible? }]. Pure local I/O — no server.
+// Returns [{label, path, count}] or null.
+function writeAccounts(accounts, { name, out, checkMinutes } = {}) {
   if (!accounts || !accounts.length) return null;
-  let checkMinutes = false;
-  try {
-    const { campaign } = await api.getCampaign(cid);
-    checkMinutes = !!campaign.check_minutes;
-  } catch (e) {
-    // ignore
-  }
   // Resolve base directory and optional forced filename.
   let baseDir, forcedName = null;
-  const defaultName = `${name}-${cid.slice(0, 8)}.json`;
   if (out) {
     const expanded = out.startsWith('~') ? join(homedir(), out.slice(1)) : out;
     const isDir = (existsSync(expanded) && statSync(expanded).isDirectory()) || /[/\\]$/.test(out);
-    if (isDir) {
-      baseDir = expanded;
-    } else {
-      baseDir = dirname(expanded);
-      forcedName = expanded.split(/[/\\]/).pop();
-    }
+    if (isDir) baseDir = expanded;
+    else { baseDir = dirname(expanded); forcedName = expanded.split(/[/\\]/).pop(); }
   } else {
     const downloads = join(homedir(), 'Downloads');
     const base = existsSync(downloads) ? downloads : homedir();
@@ -67,22 +52,19 @@ export async function saveSessions(api, cid, { campaignName, out } = {}) {
   function write(suffix, sessionsToWrite) {
     if (!sessionsToWrite || !sessionsToWrite.length) return null;
-    let fname;
-    if (forcedName) {
-      fname = suffix === '' ? forcedName : forcedName.replace(/\.json$/i, `${suffix}.json`);
-    } else {
-      fname = `${name}-${cid.slice(0, 8)}${suffix}.json`;
-    }
+    const fname = forcedName
+      ? (suffix === '' ? forcedName : forcedName.replace(/\.json$/i, `${suffix}.json`))
+      : `${name}${suffix}.json`;
     const dest = join(baseDir, fname);
     mkdirSync(baseDir, { recursive: true });
     writeFileSync(dest, JSON.stringify(sessionsToWrite, null, 2));
     return dest;
   }
-  // Partition by coupon_eligible when minutes check was requested.
+  // Partition by coupon_eligible when the Minutes check was requested.
   const minutesFree = [];   // coupon_eligible=true  → no Minutes order, ₹100 coupon available
   const minutesUsed = [];   // coupon_eligible=false → already placed a Minutes order
-  const unchecked = [];      // coupon_eligible absent → check wasn't done for this account
+  const unchecked = [];      // coupon_eligible absent → check wasn't done
   let hasChecked = false;
   for (const a of accounts) {
@@ -101,10 +83,8 @@ export async function saveSessions(api, cid, { campaignName, out } = {}) {
   if (hasChecked || (checkMinutes && (minutesFree.length || minutesUsed.length))) {
     const destFree = write('-minutes-free', minutesFree);
     if (destFree) results.push({ label: '🟢 minutes-free (₹100 coupon)', path: destFree, count: minutesFree.length });
     const destUsed = write('-minutes-used', minutesUsed);
     if (destUsed) results.push({ label: '🔴 minutes-used (coupon gone)', path: destUsed, count: minutesUsed.length });
     if (unchecked.length) {
       const destUnk = write('-unchecked', unchecked);
       if (destUnk) results.push({ label: '⚪ unchecked', path: destUnk, count: unchecked.length });
@@ -114,6 +94,27 @@ export async function saveSessions(api, cid, { campaignName, out } = {}) {
     const dest = write('', allSessions);
     if (dest) results.push({ label: 'combined', path: dest, count: allSessions.length });
   }
   return results.length ? results : null;
 }
+function campaignFileStem(campaignName, cid) {
+  const name = (campaignName || cid.slice(0, 8)).replace(/[^A-Za-z0-9._-]+/g, '-').replace(/^-+|-+$/g, '') || cid.slice(0, 8);
+  return `${name}-${cid.slice(0, 8)}`;
+}
+// LOCAL autosave — the primary save path. Writes directly from the worker's
+// in-memory results, so a campaign's JSONs are ALWAYS saved even if the dashboard
+// JWT expired mid-run (no server round-trip). Returns [{label,path,count}] or null.
+export function saveSessionsLocal(accounts, cid, { campaignName, out, checkMinutes } = {}) {
+  return writeAccounts(accounts, { name: campaignFileStem(campaignName, cid), out, checkMinutes });
+}
+// Resolve + write a campaign's sessions to a file, fetching from the SERVER.
+// Used by the standalone `export` command (no local buffer available there).
+export async function saveSessions(api, cid, { campaignName, out } = {}) {
+  const accounts = await api.exportCampaign(cid);
+  if (!accounts || !accounts.length) return null;
+  let checkMinutes = false;
+  try { const { campaign } = await api.getCampaign(cid); checkMinutes = !!campaign.check_minutes; } catch { /* ignore */ }
+  return writeAccounts(accounts, { name: campaignFileStem(campaignName, cid), out, checkMinutes });
+}

package/src/worker.js CHANGED Viewed

@@ -39,6 +39,10 @@ export class Worker {
     this.slots = {};
     this.seq = 0;
     this.stopped = false;
+    // Local buffer of every successful session — the source of truth for autosave.
+    // We NEVER depend on a server round-trip to save: even if the dashboard JWT
+    // expires mid-run, the file still gets written from here.
+    this.results = [];
     this.logger = new CampaignLogger({ campaignId, name: name || campaignId, provider: provider.name });
   }
@@ -69,6 +73,21 @@ export class Worker {
     else { this.stats.failed++; this.stats.charges += res.cost || 0; } // failed w/ SMS = charged by provider
     this.onEvent('progress', this.stats);
     this.onEvent('row', res);
+    // Buffer every successful session LOCALLY first — autosave reads from here, so a
+    // failed/expired server ingest can never lose the JSON the user paid for.
+    if (res.status === 'success' && res.session) {
+      this.results.push({
+        id_no: res.id_no, mobile: res.mobile || '', session: res.session,
+        minutes_checked: !!res.minutes_checked,
+        coupon_eligible: res.coupon_eligible ?? undefined,
+        has_minutes_order: res.has_minutes_order ?? undefined,
+        minutes_order_count: res.minutes_order_count ?? undefined,
+        minutes_orders: res.minutes_orders ?? undefined,
+        linked_email: res.linked_email ?? undefined,
+        email_linked: res.email_linked ?? undefined,
+        email_reason: res.email_reason ?? undefined,
+      });
+    }
     try {
       await this.api.ingestAccount(this.cid, {
         id_no: res.id_no, mobile: res.mobile || '', status: res.status, cost: res.cost || 0,