tempmail-sdk 1.2.0 → 1.2.2-dev

package/src/providers/moakt.ts

@@ -0,0 +1,215 @@
+import { InternalEmailInfo, Email, Channel } from '../types';
+import { normalizeEmail } from '../normalize';
+import { fetchWithTimeout } from '../retry';
+
+const CHANNEL: Channel = 'moakt';
+const ORIGIN = 'https://www.moakt.com';
+const TOK_PREFIX = 'mok1:';
+
+const EMAIL_DIV_RE = /<div\s+id="email-address"\s*>([^<]+)<\/div>/is;
+const HREF_EMAIL_RE =
+  /href="(\/[^"]+\/email\/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})"/gi;
+const TITLE_RE = /<li\s+class="title"\s*>([^<]*)<\/li>/is;
+const DATE_RE = /<li\s+class="date"[^>]*>[\s\S]*?<span[^>]*>([^<]+)<\/span>/is;
+const SENDER_RE = /<li\s+class="sender"[^>]*>[\s\S]*?<span[^>]*>([\s\S]*?)<\/span>\s*<\/li>/is;
+const BODY_RE = /<div\s+class="email-body"\s*>([\s\S]*?)<\/div>/is;
+const FROM_ADDR_RE = /<([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})>/;
+const TAG_RE = /<[^>]+>/g;
+
+function setCookieLines(headers: Headers): string[] {
+  const h = headers as Headers & { getSetCookie?: () => string[] };
+  if (typeof h.getSetCookie === 'function') {
+    return h.getSetCookie();
+  }
+  const one = headers.get('set-cookie');
+  return one ? [one] : [];
+}
+
+function localeFromDomain(domain?: string | null): string {
+  const s = String(domain ?? '').trim();
+  if (!s || /[/?#\\]/.test(s)) return 'zh';
+  return s;
+}
+
+function parseCookieMap(hdr: string): Map<string, string> {
+  const m = new Map<string, string>();
+  for (const part of hdr.split(';')) {
+    const p = part.trim();
+    if (!p || !p.includes('=')) continue;
+    const i = p.indexOf('=');
+    const k = p.slice(0, i).trim();
+    const v = p.slice(i + 1).trim();
+    if (k) m.set(k, v);
+  }
+  return m;
+}
+
+function mergeCookieHeader(prev: string, headers: Headers): string {
+  const m = parseCookieMap(prev);
+  for (const line of setCookieLines(headers)) {
+    const first = line.split(';')[0] ?? '';
+    const i = first.indexOf('=');
+    if (i <= 0) continue;
+    const k = first.slice(0, i).trim();
+    const v = first.slice(i + 1).trim();
+    if (k) m.set(k, v);
+  }
+  return [...m.entries()]
+    .sort((a, b) => a[0].localeCompare(b[0]))
+    .map(([k, v]) => `${k}=${v}`)
+    .join('; ');
+}
+
+function lightUnescape(s: string): string {
+  return s
+    .replace(/&amp;/g, '\u0000')
+    .replace(/&quot;/g, '"')
+    .replace(/&#34;/g, '"')
+    .replace(/&#39;/g, "'")
+    .replace(/&lt;/g, '<')
+    .replace(/&gt;/g, '>')
+    .replace(/\u0000/g, '&');
+}
+
+function encSess(l: string, c: string): string {
+  const raw = JSON.stringify({ l, c });
+  return TOK_PREFIX + Buffer.from(raw, 'utf8').toString('base64');
+}
+
+function decSess(tok: string): { l: string; c: string } {
+  if (!tok.startsWith(TOK_PREFIX)) {
+    throw new Error('moakt: invalid session token');
+  }
+  let raw: string;
+  try {
+    raw = Buffer.from(tok.slice(TOK_PREFIX.length), 'base64').toString('utf8');
+  } catch {
+    throw new Error('moakt: invalid session token');
+  }
+  const o = JSON.parse(raw) as { l?: string; c?: string };
+  const l = (o.l ?? '').trim();
+  const c = (o.c ?? '').trim();
+  if (!l || !c) throw new Error('moakt: invalid session token');
+  return { l, c };
+}
+
+function pageHeaders(referer: string): Record<string, string> {
+  return {
+    Accept:
+      'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8',
+    'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
+    'Cache-Control': 'no-cache',
+    DNT: '1',
+    Pragma: 'no-cache',
+    Referer: referer,
+    'Upgrade-Insecure-Requests': '1',
+    'User-Agent':
+      'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0',
+  };
+}
+
+function parseInboxEmail(html: string): string {
+  const m = EMAIL_DIV_RE.exec(html);
+  if (!m?.[1]) throw new Error('moakt: email-address not found');
+  const addr = lightUnescape(m[1].trim());
+  if (!addr) throw new Error('moakt: empty email-address');
+  return addr;
+}
+
+function stripTags(s: string): string {
+  return s.replace(TAG_RE, ' ').replace(/\s+/g, ' ').trim();
+}
+
+function listMailIds(html: string): string[] {
+  const seen = new Set<string>();
+  const out: string[] = [];
+  HREF_EMAIL_RE.lastIndex = 0;
+  let cap: RegExpExecArray | null;
+  while ((cap = HREF_EMAIL_RE.exec(html)) !== null) {
+    const path = cap[1];
+    if (path.includes('/delete')) continue;
+    const id = path.split('/').pop() ?? '';
+    if (id.length === 36 && !seen.has(id)) {
+      seen.add(id);
+      out.push(id);
+    }
+  }
+  return out;
+}
+
+function parseDetail(page: string, id: string, recipient: string): Record<string, unknown> {
+  let fromS = '';
+  const sm = SENDER_RE.exec(page);
+  if (sm?.[1]) {
+    const inner = lightUnescape(sm[1]);
+    fromS = stripTags(inner);
+    const em = FROM_ADDR_RE.exec(inner);
+    if (em?.[1]) fromS = em[1].trim();
+  }
+  let subject = '';
+  const tm = TITLE_RE.exec(page);
+  if (tm?.[1]) subject = lightUnescape(tm[1].trim());
+  let date = '';
+  const dm = DATE_RE.exec(page);
+  if (dm?.[1]) date = lightUnescape(dm[1].trim());
+  let htmlBody = '';
+  const bm = BODY_RE.exec(page);
+  if (bm?.[1]) htmlBody = bm[1].trim();
+  return {
+    id,
+    to: recipient,
+    from: fromS,
+    subject,
+    date,
+    html: htmlBody,
+  };
+}
+
+export async function generateEmail(domain?: string | null): Promise<InternalEmailInfo> {
+  const loc = localeFromDomain(domain);
+  const base = `${ORIGIN}/${loc}`;
+  const inbox = `${base}/inbox`;
+
+  const r1 = await fetchWithTimeout(base, { headers: pageHeaders(base) });
+  if (!r1.ok) throw new Error(`moakt generate: ${r1.status}`);
+  let cookieHdr = mergeCookieHeader('', r1.headers);
+
+  const r2 = await fetchWithTimeout(inbox, {
+    headers: { ...pageHeaders(base), Cookie: cookieHdr },
+  });
+  if (!r2.ok) throw new Error(`moakt inbox: ${r2.status}`);
+  cookieHdr = mergeCookieHeader(cookieHdr, r2.headers);
+  const html = await r2.text();
+
+  const email = parseInboxEmail(html);
+  if (!parseCookieMap(cookieHdr).has('tm_session')) {
+    throw new Error('moakt: missing tm_session cookie');
+  }
+  const token = encSess(loc, cookieHdr);
+  return { channel: CHANNEL, email, token };
+}
+
+export async function getEmails(email: string, token: string): Promise<Email[]> {
+  const { l: loc, c: cookieHdr } = decSess(token);
+  const inbox = `${ORIGIN}/${loc}/inbox`;
+  const baseRef = `${ORIGIN}/${loc}`;
+
+  const r = await fetchWithTimeout(inbox, {
+    headers: { ...pageHeaders(baseRef), Cookie: cookieHdr },
+  });
+  if (!r.ok) throw new Error(`moakt inbox: ${r.status}`);
+  const inboxHtml = await r.text();
+  const ids = listMailIds(inboxHtml);
+  const out: Email[] = [];
+  for (const id of ids) {
+    const detail = `${ORIGIN}/${loc}/email/${id}/html`;
+    const refer = `${ORIGIN}/${loc}/email/${id}`;
+    const rd = await fetchWithTimeout(detail, {
+      headers: { ...pageHeaders(refer), Cookie: cookieHdr },
+    });
+    if (!rd.ok) continue;
+    const page = await rd.text();
+    out.push(normalizeEmail(parseDetail(page, id, email), email));
+  }
+  return out;
+}

package/src/providers/ta-easy.ts

@@ -0,0 +1,56 @@
+import { InternalEmailInfo, Email, Channel } from '../types';
+import { normalizeEmail } from '../normalize';
+import { fetchWithTimeout } from '../retry';
+
+const CHANNEL: Channel = 'ta-easy';
+const API_BASE = 'https://api-endpoint.ta-easy.com';
+const ORIGIN = 'https://www.ta-easy.com';
+
+function browserHeaders(): Record<string, string> {
+  return {
+    Accept: 'application/json',
+    'User-Agent':
+      'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0',
+    origin: ORIGIN,
+    referer: `${ORIGIN}/`,
+  };
+}
+
+/** POST /temp-email/address/new（空 body） */
+export async function generateEmail(): Promise<InternalEmailInfo> {
+  const res = await fetchWithTimeout(`${API_BASE}/temp-email/address/new`, {
+    method: 'POST',
+    headers: { ...browserHeaders(), 'Content-Length': '0' },
+  });
+  if (!res.ok) {
+    throw new Error(`ta-easy generate: ${res.status}`);
+  }
+  const data = await res.json();
+  if (data.status !== 'success' || !data.address || !data.token) {
+    throw new Error(data.message ? `ta-easy: ${data.message}` : 'ta-easy: create failed');
+  }
+  return {
+    channel: CHANNEL,
+    email: data.address as string,
+    token: data.token as string,
+    expiresAt: typeof data.expiresAt === 'number' ? data.expiresAt : undefined,
+  };
+}
+
+/** POST /temp-email/inbox/list */
+export async function getEmails(email: string, token: string): Promise<Email[]> {
+  const res = await fetchWithTimeout(`${API_BASE}/temp-email/inbox/list`, {
+    method: 'POST',
+    headers: { ...browserHeaders(), 'Content-Type': 'application/json' },
+    body: JSON.stringify({ token, email }),
+  });
+  if (!res.ok) {
+    throw new Error(`ta-easy inbox: ${res.status}`);
+  }
+  const data = await res.json();
+  if (data.status !== 'success') {
+    throw new Error(data.message ? `ta-easy: ${data.message}` : 'ta-easy: inbox failed');
+  }
+  const list = Array.isArray(data.data) ? data.data : [];
+  return list.map((raw: any) => normalizeEmail(raw, email));
+}

package/src/providers/tempmailg.ts

@@ -0,0 +1,208 @@
+/**
+ * tempmailg.com：无 Cookie 罐 GET /public/{locale} 拿会话，POST /public/get_messages 建邮与收信。
+ * Token 为 tmg1: + base64(JSON{locale,cookieHdr,csrf})。
+ */
+import { InternalEmailInfo, Email, Channel } from '../types';
+import { normalizeEmail } from '../normalize';
+import { fetchWithTimeout } from '../retry';
+
+const CHANNEL: Channel = 'tempmailg';
+const ORIGIN = 'https://tempmailg.com';
+const TOK_PREFIX = 'tmg1:';
+
+const CSRF_META_RE = /<meta\s+name="csrf-token"\s+content="([^"]+)"/i;
+
+const BROWSER_UA =
+  'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0';
+
+function localeFromDomain(domain?: string | null): string {
+  const s = String(domain ?? '').trim();
+  if (!s || /[/?#\\]/.test(s)) return 'zh';
+  return s;
+}
+
+function setCookieLines(headers: Headers): string[] {
+  const h = headers as Headers & { getSetCookie?: () => string[] };
+  if (typeof h.getSetCookie === 'function') {
+    return h.getSetCookie();
+  }
+  const one = headers.get('set-cookie');
+  return one ? [one] : [];
+}
+
+function cookieMap(cookieHdr: string): Map<string, string> {
+  const m = new Map<string, string>();
+  for (const part of cookieHdr.split(';')) {
+    const p = part.trim();
+    if (!p) continue;
+    const i = p.indexOf('=');
+    if (i <= 0 || i >= p.length - 1) continue;
+    const k = p.slice(0, i).trim();
+    const v = p.slice(i + 1).trim();
+    if (k) m.set(k, v);
+  }
+  return m;
+}
+
+function mergeCookies(prev: string, setCookieLinesFromResp: string[]): string {
+  const m = cookieMap(prev);
+  for (const line of setCookieLinesFromResp) {
+    const nv = line.split(';')[0]?.trim();
+    if (!nv) continue;
+    const i = nv.indexOf('=');
+    if (i <= 0) continue;
+    const k = nv.slice(0, i).trim();
+    const v = nv.slice(i + 1).trim();
+    if (k) m.set(k, v);
+  }
+  return [...m.entries()]
+    .sort(([a], [b]) => a.localeCompare(b))
+    .map(([k, v]) => `${k}=${v}`)
+    .join('; ');
+}
+
+function xsrfFromCookies(cookieHdr: string): string {
+  const m = cookieMap(cookieHdr);
+  for (const name of ['XSRF-TOKEN', 'xsrf-token']) {
+    const v = m.get(name);
+    if (v) return v;
+  }
+  for (const [k, v] of m) {
+    if (k.toLowerCase() === 'xsrf-token' && v) return v;
+  }
+  return '';
+}
+
+function parseCsrf(html: string): string {
+  const m = html.match(CSRF_META_RE);
+  const t = m?.[1]?.trim() ?? '';
+  if (!t) throw new Error('tempmailg: csrf-token not found in page');
+  return t;
+}
+
+function b64EncodeJson(obj: { l: string; c: string; s: string }): string {
+  const json = JSON.stringify(obj);
+  if (typeof Buffer !== 'undefined') {
+    return TOK_PREFIX + Buffer.from(json, 'utf8').toString('base64');
+  }
+  return TOK_PREFIX + btoa(unescape(encodeURIComponent(json)));
+}
+
+function decodeToken(tok: string): { l: string; c: string; s: string } {
+  if (!tok.startsWith(TOK_PREFIX)) {
+    throw new Error('tempmailg: invalid session token');
+  }
+  const raw = tok.slice(TOK_PREFIX.length);
+  let json: string;
+  if (typeof Buffer !== 'undefined') {
+    json = Buffer.from(raw, 'base64').toString('utf8');
+  } else {
+    json = decodeURIComponent(escape(atob(raw)));
+  }
+  const o = JSON.parse(json) as { l?: string; c?: string; s?: string };
+  if (!o.c || !o.s) throw new Error('tempmailg: invalid session token');
+  return { l: o.l || 'zh', c: o.c, s: o.s };
+}
+
+function pageHeaders(referer: string): Record<string, string> {
+  return {
+    'User-Agent': BROWSER_UA,
+    Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+    'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
+    'Cache-Control': 'no-cache',
+    DNT: '1',
+    Pragma: 'no-cache',
+    Referer: referer,
+    'Upgrade-Insecure-Requests': '1',
+  };
+}
+
+function apiHeaders(referer: string, cookieHdr: string, xsrf: string): Record<string, string> {
+  const h: Record<string, string> = {
+    'User-Agent': BROWSER_UA,
+    Accept: 'application/json, text/plain, */*',
+    'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
+    'Content-Type': 'application/json',
+    Origin: ORIGIN,
+    Referer: referer,
+    'Cache-Control': 'no-cache',
+    Pragma: 'no-cache',
+    DNT: '1',
+    Cookie: cookieHdr,
+  };
+  if (xsrf) h['X-XSRF-TOKEN'] = xsrf;
+  return h;
+}
+
+export async function generateEmail(domain?: string | null): Promise<InternalEmailInfo> {
+  const locale = localeFromDomain(domain);
+  const pageURL = `${ORIGIN}/public/${encodeURIComponent(locale)}`;
+
+  const res = await fetchWithTimeout(pageURL, { headers: pageHeaders(pageURL) });
+  if (!res.ok) {
+    throw new Error(`tempmailg page: ${res.status}`);
+  }
+  const html = await res.text();
+  const csrf = parseCsrf(html);
+  let cookieHdr = mergeCookies('', setCookieLines(res.headers));
+  let xsrf = xsrfFromCookies(cookieHdr);
+  if (!xsrf) {
+    throw new Error('tempmailg: missing XSRF-TOKEN cookie');
+  }
+
+  const postURL = `${ORIGIN}/public/get_messages`;
+  const res2 = await fetchWithTimeout(postURL, {
+    method: 'POST',
+    headers: apiHeaders(pageURL, cookieHdr, xsrf),
+    body: JSON.stringify({ _token: csrf }),
+  });
+  if (!res2.ok) {
+    throw new Error(`tempmailg get_messages: ${res2.status}`);
+  }
+  const wrap = (await res2.json()) as { status?: boolean; mailbox?: string; messages?: unknown[] };
+  if (!wrap.status || !wrap.mailbox) {
+    throw new Error('tempmailg: create mailbox failed');
+  }
+  cookieHdr = mergeCookies(cookieHdr, setCookieLines(res2.headers));
+  const xsrf2 = xsrfFromCookies(cookieHdr);
+  if (xsrf2) xsrf = xsrf2;
+
+  const token = b64EncodeJson({ l: locale, c: cookieHdr, s: csrf });
+  return {
+    channel: CHANNEL,
+    email: wrap.mailbox,
+    token,
+  };
+}
+
+export async function getEmails(email: string, token: string): Promise<Email[]> {
+  const sess = decodeToken(token);
+  const locale = sess.l || 'zh';
+  const pageURL = `${ORIGIN}/public/${encodeURIComponent(locale)}`;
+  const postURL = `${ORIGIN}/public/get_messages`;
+  const xsrf = xsrfFromCookies(sess.c);
+
+  const res = await fetchWithTimeout(postURL, {
+    method: 'POST',
+    headers: apiHeaders(pageURL, sess.c, xsrf),
+    body: JSON.stringify({ _token: sess.s }),
+  });
+  if (!res.ok) {
+    throw new Error(`tempmailg get_messages: ${res.status}`);
+  }
+  const wrap = (await res.json()) as { status?: boolean; mailbox?: string; messages?: unknown[] };
+  if (!wrap.status) {
+    throw new Error('tempmailg: get_messages failed');
+  }
+  if (wrap.mailbox && wrap.mailbox.trim().toLowerCase() !== email.trim().toLowerCase()) {
+    throw new Error('tempmailg: mailbox mismatch');
+  }
+  const rawList = Array.isArray(wrap.messages) ? wrap.messages : [];
+  const out: Email[] = [];
+  for (const rm of rawList) {
+    if (rm && typeof rm === 'object') {
+      out.push(normalizeEmail(rm as Record<string, unknown>, email));
+    }
+  }
+  return out;
+}

package/src/providers/tmpmails.ts

@@ -0,0 +1,168 @@
+import { InternalEmailInfo, Email, Channel } from '../types';
+import { normalizeEmail } from '../normalize';
+import { fetchWithTimeout } from '../retry';
+
+const CHANNEL: Channel = 'tmpmails';
+const ORIGIN = 'https://tmpmails.com';
+const TOKEN_SEP = '\t';
+
+const EMAIL_RE = /[a-zA-Z0-9._-]+@tmpmails\.com/g;
+const PAGE_CHUNK_RE = /\/_next\/static\/chunks\/app\/%5Blocale%5D\/page-[a-f0-9]+\.js/;
+const INBOX_ACTION_RE = /"([0-9a-f]+)",[^,]+,void 0,[^,]+,"getInboxList"/;
+
+function localeFromDomain(domain?: string | null): string {
+  const s = String(domain ?? '').trim();
+  return s || 'zh';
+}
+
+function setCookieLines(headers: Headers): string[] {
+  const h = headers as Headers & { getSetCookie?: () => string[] };
+  if (typeof h.getSetCookie === 'function') {
+    return h.getSetCookie();
+  }
+  const one = headers.get('set-cookie');
+  return one ? [one] : [];
+}
+
+function parseUserSign(headers: Headers): string {
+  for (const line of setCookieLines(headers)) {
+    const m = /^user_sign=([^;]+)/i.exec(line);
+    if (m) {
+      const v = m[1].trim();
+      if (v) return v;
+    }
+  }
+  throw new Error('tmpmails: missing user_sign cookie');
+}
+
+function pickEmail(html: string): string {
+  const support = 'support@tmpmails.com';
+  const counts = new Map<string, number>();
+  for (const m of html.matchAll(EMAIL_RE)) {
+    const addr = m[0];
+    if (addr.toLowerCase() === support) continue;
+    counts.set(addr, (counts.get(addr) ?? 0) + 1);
+  }
+  if (counts.size === 0) {
+    throw new Error('tmpmails: no inbox address in page');
+  }
+  let best = '';
+  let bestC = 0;
+  for (const [addr, c] of counts) {
+    if (c > bestC || (c === bestC && addr < best)) {
+      best = addr;
+      bestC = c;
+    }
+  }
+  return best;
+}
+
+async function fetchInboxActionID(html: string): Promise<string> {
+  const sub = html.match(PAGE_CHUNK_RE)?.[0];
+  if (!sub) throw new Error('tmpmails: page chunk script not found');
+  const res = await fetchWithTimeout(`${ORIGIN}${sub}`, {
+    headers: {
+      'User-Agent':
+        'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0',
+      Accept: '*/*',
+      Referer: `${ORIGIN}/`,
+    },
+  });
+  if (!res.ok) {
+    throw new Error(`tmpmails page chunk: ${res.status}`);
+  }
+  const js = await res.text();
+  const m = js.match(INBOX_ACTION_RE);
+  if (!m?.[1]) throw new Error('tmpmails: getInboxList action not found in chunk');
+  return m[1];
+}
+
+export async function generateEmail(domain?: string | null): Promise<InternalEmailInfo> {
+  const loc = localeFromDomain(domain);
+  const pageUrl = `${ORIGIN}/${loc}`;
+  const res = await fetchWithTimeout(pageUrl, {
+    headers: {
+      'User-Agent':
+        'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0',
+      Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+      'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
+      'Cache-Control': 'no-cache',
+      DNT: '1',
+      Pragma: 'no-cache',
+      Referer: pageUrl,
+      'Upgrade-Insecure-Requests': '1',
+    },
+  });
+  if (!res.ok) {
+    throw new Error(`tmpmails generate: ${res.status}`);
+  }
+  const html = await res.text();
+  const userSign = parseUserSign(res.headers);
+  const email = pickEmail(html);
+  const actionId = await fetchInboxActionID(html);
+  const token = `${loc}${TOKEN_SEP}${userSign}${TOKEN_SEP}${actionId}`;
+  return { channel: CHANNEL, email, token };
+}
+
+function parseInboxResponse(recipient: string, raw: string): Email[] {
+  const text = raw.split('"$undefined"').join('null');
+  const out: Email[] = [];
+  let dataErr: Error | null = null;
+  for (const line of text.split('\n')) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    const colon = trimmed.indexOf(':');
+    if (colon <= 0) continue;
+    const jsonPart = trimmed.slice(colon + 1).trim();
+    if (!jsonPart.startsWith('{')) continue;
+    let wrap: { code?: number; data?: { list?: unknown[] } };
+    try {
+      wrap = JSON.parse(jsonPart) as { code?: number; data?: { list?: unknown[] } };
+    } catch {
+      continue;
+    }
+    if (wrap.code !== 200 || !wrap.data) continue;
+    const list = wrap.data.list;
+    if (!Array.isArray(list)) {
+      dataErr = new Error('tmpmails: invalid list');
+      continue;
+    }
+    for (const item of list) {
+      if (item && typeof item === 'object') {
+        out.push(normalizeEmail(item, recipient));
+      }
+    }
+    return out;
+  }
+  if (dataErr) throw dataErr;
+  throw new Error('tmpmails: inbox payload not found');
+}
+
+export async function getEmails(email: string, token: string): Promise<Email[]> {
+  const parts = token.split(TOKEN_SEP);
+  if (parts.length !== 3) {
+    throw new Error('tmpmails: invalid session token');
+  }
+  const [locale, userSign, actionId] = parts;
+  const postUrl = `${ORIGIN}/${locale}`;
+  const body = JSON.stringify([userSign, email, 0]);
+  const res = await fetchWithTimeout(postUrl, {
+    method: 'POST',
+    headers: {
+      'User-Agent':
+        'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0',
+      Accept: 'text/x-component',
+      'Content-Type': 'text/plain;charset=UTF-8',
+      'Next-Action': actionId,
+      Origin: ORIGIN,
+      Referer: postUrl,
+      Cookie: `NEXT_LOCALE=${locale}; user_sign=${userSign}`,
+    },
+    body,
+  });
+  if (!res.ok) {
+    throw new Error(`tmpmails inbox: ${res.status}`);
+  }
+  const raw = await res.text();
+  return parseInboxResponse(email, raw);
+}