yidaconnector 2026.6.11

package/lib/auth/auth.js

@@ -0,0 +1,294 @@
+/**
+ * auth.js - 登录态管理模块
+ *
+ * 提供统一的登录态管理能力，支持：
+ *   - 登录态状态查询
+ *   - 钉钉扫码登录
+ *   - 登录态刷新
+ *   - 安全退出
+ *
+ * 导出函数：
+ *   authStatus()     - 查询当前登录状态
+ *   authLogin()      - 执行登录（扫码/钉钉自动登录）
+ *   authRefresh()    - 刷新登录态
+ *   authLogout()     - 退出登录
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const { findProjectRoot, loadCookieData, extractInfoFromCookies, resolveBaseUrl, detectActiveTool, hasDesktopEnvironment } = require('../core/utils');
+const { logout, checkLoginOnly, interactiveLogin } = require('./login');
+const { t } = require('../core/i18n');
+
+const AUTH_CACHE_FILE = '.cache/auth.json';
+
+// ── 配置读取 ──────────────────────────────────────────
+
+function loadAuthConfig() {
+  const projectRoot = findProjectRoot();
+  const authConfigPath = path.join(projectRoot, AUTH_CACHE_FILE);
+
+  if (fs.existsSync(authConfigPath)) {
+    try {
+      const content = fs.readFileSync(authConfigPath, 'utf-8').trim();
+      if (content) {
+        return JSON.parse(content);
+      }
+    } catch {
+      // ignore
+    }
+  }
+  return null;
+}
+
+function saveAuthConfig(config) {
+  const projectRoot = findProjectRoot();
+  const cacheDir = path.join(projectRoot, '.cache');
+  const authConfigPath = path.join(cacheDir, 'auth.json');
+
+  fs.mkdirSync(cacheDir, { recursive: true });
+  fs.writeFileSync(authConfigPath, JSON.stringify(config, null, 2), 'utf-8');
+}
+
+// ── 登录态状态查询 ────────────────────────────────────
+
+/**
+ * 查询当前登录状态
+ * @returns {object} 登录状态信息
+ */
+function authStatus() {
+  const { banner, warn, success: chalkSuccess, label, sep, hint } = require('../core/chalk');
+
+  banner(t('auth.status_title'), { stderr: false });
+
+  // 读取 Cookie 缓存
+  const cookieData = loadCookieData();
+
+  if (!cookieData || !cookieData.cookies || cookieData.cookies.length === 0) {
+    warn(t('auth.not_logged_in'), false);
+    hint(t('auth.login_hint'), false);
+    console.log(`  ${sep()}\n`);
+    return {
+      status: 'not_logged_in',
+      canAutoUse: false,
+    };
+  }
+
+  const { csrfToken, corpId, userId } = extractInfoFromCookies(cookieData.cookies);
+  const baseUrl = resolveBaseUrl(cookieData);
+  const authConfig = loadAuthConfig();
+
+  if (!csrfToken) {
+    warn(t('auth.no_csrf_token'), false);
+    hint(t('auth.relogin_hint'), false);
+    console.log(`  ${sep()}\n`);
+    return {
+      status: 'invalid',
+      canAutoUse: false,
+    };
+  }
+
+  // 登录态有效
+  chalkSuccess(t('auth.logged_in'), false);
+  label('Base URL', baseUrl, { stderr: false });
+  if (corpId) {
+    label('Corp ID', corpId, { stderr: false });
+  }
+  if (userId) {
+    label('User ID', userId, { stderr: false });
+  }
+  label('CSRF', `${csrfToken.slice(0, 16)}…`, { stderr: false });
+
+  // 显示登录信息
+  if (authConfig) {
+    if (authConfig.loginType) {
+      label('Login Type', authConfig.loginType, { stderr: false });
+    }
+    if (authConfig.loginTime) {
+      label('Login Time', authConfig.loginTime, { stderr: false });
+    }
+  }
+
+  console.log(`  ${sep()}\n`);
+
+  return {
+    status: 'ok',
+    canAutoUse: true,
+    csrfToken,
+    corpId,
+    userId,
+    baseUrl,
+    loginType: authConfig?.loginType,
+    loginTime: authConfig?.loginTime,
+  };
+}
+
+// ── 执行登录 ──────────────────────────────────────────
+
+/**
+ * 执行登录
+ * @param {object} options - 登录选项
+ * @param {string} options.type - 登录类型：'qrcode' | 'dingtalk' | 'browser' | 'codex' | 'qoder' | 'wukong'
+ * @param {string} [options.corpId] - 多组织登录时指定目标组织
+ * @returns {Promise<object>|object} 登录结果
+ */
+async function authLogin(options = {}) {
+  const { type = 'qrcode', corpId, forceTerminalQr = false } = options;
+
+  const { info, success: chalkSuccess, label } = require('../core/chalk');
+  info(t('auth.login_start', type));
+
+  // 调用现有的登录逻辑
+  let result;
+  const cachedResult = checkLoginOnly({ includeSecrets: true });
+  if (cachedResult.status === 'ok') {
+    result = cachedResult;
+  } else if (type === 'browser') {
+    result = interactiveLogin({ playwrightFallback: true });
+  } else if (type === 'codex' || type === 'qoder' || type === 'wukong') {
+    result = await require('./codex-login').codexLogin({
+      tool: type,
+    });
+  } else if (type === 'qrcode' && !forceTerminalQr && isAgentConversationEnvironment()) {
+    result = await loginInAgentConversation({ corpId });
+  } else if (type === 'qrcode' && !forceTerminalQr && hasDesktopEnvironment()) {
+    result = interactiveLogin({ playwrightFallback: true }) ||
+      await require('./qr-login').qrLogin({ corpId });
+  } else {
+    result = await require('./qr-login').qrLogin({ corpId });
+  }
+
+  if (!result) {
+    return result;
+  }
+
+  if (!result.csrf_token || !result.cookies) {
+    return result;
+  }
+
+  // 保存登录信息
+  const authConfig = {
+    loginType: type,
+    loginTime: new Date().toISOString(),
+    corpId: result.corp_id,
+    userId: result.user_id,
+  };
+  saveAuthConfig(authConfig);
+
+  chalkSuccess(t('auth.login_success'));
+  if (result.corp_id) {
+    label('Corp ID', result.corp_id);
+  }
+
+  return result;
+}
+
+function isAgentConversationEnvironment() {
+  return !!detectActiveTool() || process.env.YIDACONNECTOR_AGENT_MODE === '1';
+}
+
+function shouldUsePlaywrightFallbackInAgentLogin() {
+  return hasDesktopEnvironment() || process.env.YIDACONNECTOR_AGENT_PLAYWRIGHT_FALLBACK === '1';
+}
+
+async function loginInAgentConversation(options = {}) {
+  const activeTool = detectActiveTool();
+
+  const browserResult = interactiveLogin({
+    playwrightFallback: shouldUsePlaywrightFallbackInAgentLogin(),
+  });
+  if (browserResult) {
+    return browserResult;
+  }
+
+  if (activeTool && (activeTool.tool === 'wukong' || activeTool.tool === 'qoderwork')) {
+    return require('./codex-login').codexLogin({ tool: activeTool.tool });
+  }
+
+  return require('./qr-login').startCodexQrLogin({ corpId: options.corpId });
+}
+
+// ── 刷新登录态 ────────────────────────────────────────
+
+/**
+ * 刷新登录态（从本地缓存重新提取 csrf_token）
+ * @returns {object} 刷新结果
+ */
+function authRefresh() {
+  const { info: chalkInfo, fail: chalkFail, success: chalkSuccess2, label: chalkLabel } = require('../core/chalk');
+  chalkInfo(t('auth.refresh_start'));
+
+  const cookieData = loadCookieData();
+
+  if (!cookieData || !cookieData.cookies) {
+    chalkFail(t('auth.no_cookie_cache'), { exit: false });
+    return {
+      status: 'error',
+      message: 'No cookie cache',
+    };
+  }
+
+  const { csrfToken, corpId, userId } = extractInfoFromCookies(cookieData.cookies);
+
+  if (!csrfToken) {
+    chalkFail(t('auth.no_csrf_in_cache'), { exit: false });
+    return {
+      status: 'error',
+      message: 'No csrf_token in cache',
+    };
+  }
+
+  const baseUrl = resolveBaseUrl(cookieData);
+
+  // 更新登录时间
+  const authConfig = loadAuthConfig() || {};
+  authConfig.refreshTime = new Date().toISOString();
+  authConfig.corpId = corpId;
+  authConfig.userId = userId;
+  saveAuthConfig(authConfig);
+
+  chalkSuccess2(t('auth.refresh_success'));
+  chalkLabel('CSRF', `${csrfToken.slice(0, 16)}…`);
+
+  return {
+    status: 'ok',
+    csrfToken,
+    corpId,
+    userId,
+    baseUrl,
+  };
+}
+
+// ── 退出登录 ──────────────────────────────────────────
+
+/**
+ * 退出登录
+ */
+function authLogout() {
+  // 调用现有的退出逻辑
+  logout();
+
+  // 清空 auth 配置
+  const projectRoot = findProjectRoot();
+  const authConfigPath = path.join(projectRoot, AUTH_CACHE_FILE);
+
+  // 确保目录存在
+  const authConfigDir = path.dirname(authConfigPath);
+  if (!fs.existsSync(authConfigDir)) {
+    fs.mkdirSync(authConfigDir, { recursive: true });
+  }
+  fs.writeFileSync(authConfigPath, '{}', 'utf-8');
+  const { success: chalkSuccess3 } = require('../core/chalk');
+  chalkSuccess3(t('auth.auth_config_cleared'));
+}
+
+module.exports = {
+  authStatus,
+  authLogin,
+  authRefresh,
+  authLogout,
+  loadAuthConfig,
+  saveAuthConfig,
+};

package/lib/auth/cdp-browser-login.js

@@ -0,0 +1,390 @@
+/**
+ * cdp-browser-login.js - dependency-free local browser login via Chrome DevTools Protocol
+ *
+ * Opens an isolated Chrome/Edge/Chromium profile, waits for Yida login cookies,
+ * prints the cookies as JSON to the parent process, then closes the browser.
+ */
+
+'use strict';
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const net = require('net');
+const crypto = require('crypto');
+const { execFileSync, spawn } = require('child_process');
+const { deriveBaseUrlFromCookies, deriveBaseUrlFromLoginState } = require('../core/env-manager');
+
+function findBrowserExecutable() {
+  if (process.env.YIDACONNECTOR_CHROME_PATH && fs.existsSync(process.env.YIDACONNECTOR_CHROME_PATH)) {
+    return process.env.YIDACONNECTOR_CHROME_PATH;
+  }
+
+  const candidates = process.platform === 'darwin'
+    ? [
+      '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
+      '/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge',
+      '/Applications/Chromium.app/Contents/MacOS/Chromium',
+    ]
+    : process.platform === 'win32'
+      ? [
+        path.join(process.env.PROGRAMFILES || 'C:\\Program Files', 'Google', 'Chrome', 'Application', 'chrome.exe'),
+        path.join(process.env['PROGRAMFILES(X86)'] || 'C:\\Program Files (x86)', 'Google', 'Chrome', 'Application', 'chrome.exe'),
+        path.join(process.env.PROGRAMFILES || 'C:\\Program Files', 'Microsoft', 'Edge', 'Application', 'msedge.exe'),
+      ]
+      : [
+        '/usr/bin/google-chrome',
+        '/usr/bin/google-chrome-stable',
+        '/usr/bin/chromium',
+        '/usr/bin/chromium-browser',
+        '/usr/bin/microsoft-edge',
+      ];
+
+  return candidates.find((candidate) => fs.existsSync(candidate)) || null;
+}
+
+function getFreePort() {
+  return new Promise((resolve, reject) => {
+    const server = net.createServer();
+    server.listen(0, '127.0.0.1', () => {
+      const { port } = server.address();
+      server.close(() => resolve(port));
+    });
+    server.on('error', reject);
+  });
+}
+
+async function waitForJson(url, timeoutMs = 30000) {
+  const deadline = Date.now() + timeoutMs;
+  let lastError = null;
+  while (Date.now() < deadline) {
+    try {
+      const response = await fetch(url);
+      if (response.ok) {
+        return response.json();
+      }
+      lastError = new Error(`HTTP ${response.status}`);
+    } catch (err) {
+      lastError = err;
+    }
+    await new Promise((resolve) => setTimeout(resolve, 300));
+  }
+  throw lastError || new Error(`Timed out waiting for ${url}`);
+}
+
+function encodeClientFrame(text, opcode = 1) {
+  const payload = Buffer.from(text);
+  const mask = crypto.randomBytes(4);
+  let header;
+
+  if (payload.length < 126) {
+    header = Buffer.alloc(2);
+    header[1] = 0x80 | payload.length;
+  } else if (payload.length <= 0xffff) {
+    header = Buffer.alloc(4);
+    header[1] = 0x80 | 126;
+    header.writeUInt16BE(payload.length, 2);
+  } else {
+    header = Buffer.alloc(10);
+    header[1] = 0x80 | 127;
+    header.writeBigUInt64BE(BigInt(payload.length), 2);
+  }
+
+  header[0] = 0x80 | opcode;
+  const maskedPayload = Buffer.alloc(payload.length);
+  for (let index = 0; index < payload.length; index++) {
+    maskedPayload[index] = payload[index] ^ mask[index % 4];
+  }
+
+  return Buffer.concat([header, mask, maskedPayload]);
+}
+
+function tryDecodeFrame(buffer) {
+  if (buffer.length < 2) {return null;}
+
+  const firstByte = buffer[0];
+  const secondByte = buffer[1];
+  const opcode = firstByte & 0x0f;
+  const masked = (secondByte & 0x80) !== 0;
+  let length = secondByte & 0x7f;
+  let offset = 2;
+
+  if (length === 126) {
+    if (buffer.length < offset + 2) {return null;}
+    length = buffer.readUInt16BE(offset);
+    offset += 2;
+  } else if (length === 127) {
+    if (buffer.length < offset + 8) {return null;}
+    length = Number(buffer.readBigUInt64BE(offset));
+    offset += 8;
+  }
+
+  let mask = null;
+  if (masked) {
+    if (buffer.length < offset + 4) {return null;}
+    mask = buffer.subarray(offset, offset + 4);
+    offset += 4;
+  }
+
+  if (buffer.length < offset + length) {return null;}
+
+  const payload = Buffer.from(buffer.subarray(offset, offset + length));
+  if (mask) {
+    for (let index = 0; index < payload.length; index++) {
+      payload[index] ^= mask[index % 4];
+    }
+  }
+
+  return {
+    opcode,
+    payload,
+    remaining: buffer.subarray(offset + length),
+  };
+}
+
+function createCdpClient(wsUrl) {
+  return new Promise((resolve, reject) => {
+    const parsedUrl = new URL(wsUrl);
+    if (parsedUrl.protocol !== 'ws:') {
+      reject(new Error(`Unsupported CDP WebSocket protocol: ${parsedUrl.protocol}`));
+      return;
+    }
+
+    const key = crypto.randomBytes(16).toString('base64');
+    const socket = net.createConnection({
+      host: parsedUrl.hostname,
+      port: Number(parsedUrl.port || 80),
+    });
+    const pending = new Map();
+    let nextId = 1;
+    let handshakeDone = false;
+    let buffer = Buffer.alloc(0);
+    let settled = false;
+
+    function settleReject(err) {
+      if (!settled) {
+        settled = true;
+        reject(err);
+      }
+    }
+
+    function sendJson(payload) {
+      socket.write(encodeClientFrame(JSON.stringify(payload)));
+    }
+
+    function closePending(err) {
+      for (const { reject: rejectPending } of pending.values()) {
+        rejectPending(err);
+      }
+      pending.clear();
+    }
+
+    socket.on('connect', () => {
+      const requestPath = `${parsedUrl.pathname}${parsedUrl.search}`;
+      socket.write([
+        `GET ${requestPath} HTTP/1.1`,
+        `Host: ${parsedUrl.host}`,
+        'Upgrade: websocket',
+        'Connection: Upgrade',
+        `Sec-WebSocket-Key: ${key}`,
+        'Sec-WebSocket-Version: 13',
+        '',
+        '',
+      ].join('\r\n'));
+    });
+
+    socket.on('data', (chunk) => {
+      buffer = Buffer.concat([buffer, chunk]);
+
+      if (!handshakeDone) {
+        const headerEnd = buffer.indexOf('\r\n\r\n');
+        if (headerEnd === -1) {return;}
+        const header = buffer.subarray(0, headerEnd).toString('utf8');
+        if (!/^HTTP\/1\.1 101\b/i.test(header)) {
+          settleReject(new Error(`CDP WebSocket handshake failed: ${header.split('\r\n')[0]}`));
+          socket.destroy();
+          return;
+        }
+        handshakeDone = true;
+        buffer = buffer.subarray(headerEnd + 4);
+        if (!settled) {
+          settled = true;
+          resolve({
+            send(method, params = {}) {
+              const id = nextId++;
+              sendJson({ id, method, params });
+              return new Promise((resolvePending, rejectPending) => {
+                pending.set(id, { resolve: resolvePending, reject: rejectPending });
+              });
+            },
+            close() {
+              try { socket.end(encodeClientFrame('', 8)); } catch { /* ignore */ }
+            },
+          });
+        }
+      }
+
+      let decoded;
+      while ((decoded = tryDecodeFrame(buffer))) {
+        buffer = decoded.remaining;
+
+        if (decoded.opcode === 8) {
+          closePending(new Error('CDP WebSocket closed'));
+          socket.end();
+          return;
+        }
+
+        if (decoded.opcode === 9) {
+          socket.write(encodeClientFrame(decoded.payload.toString('utf8'), 10));
+          continue;
+        }
+
+        if (decoded.opcode !== 1) {continue;}
+
+        let message;
+        try {
+          message = JSON.parse(decoded.payload.toString('utf8'));
+        } catch {
+          continue;
+        }
+
+        if (!message.id || !pending.has(message.id)) {continue;}
+        const { resolve: resolvePending, reject: rejectPending } = pending.get(message.id);
+        pending.delete(message.id);
+        if (message.error) {
+          rejectPending(new Error(message.error.message || JSON.stringify(message.error)));
+        } else {
+          resolvePending(message.result || {});
+        }
+      }
+    });
+
+    socket.on('error', (err) => {
+      settleReject(err);
+      closePending(err);
+    });
+    socket.on('close', () => closePending(new Error('CDP WebSocket closed')));
+  });
+}
+
+function deriveBaseUrl(cookies, fallbackUrl) {
+  return deriveBaseUrlFromCookies(cookies, fallbackUrl);
+}
+
+async function getCurrentPageUrl(client, fallbackUrl) {
+  try {
+    const result = await client.send('Runtime.evaluate', {
+      expression: 'window.location.href',
+      returnByValue: true,
+    });
+    const value = result && result.result && result.result.value;
+    return typeof value === 'string' && value ? value : fallbackUrl;
+  } catch {
+    return fallbackUrl;
+  }
+}
+
+function deriveBaseUrlFromBrowserState(cookies, loginUrl, currentPageUrl) {
+  return deriveBaseUrlFromLoginState(cookies, loginUrl, currentPageUrl);
+}
+
+async function runCdpBrowserLogin(options = {}) {
+  const browserPath = options.browserPath || findBrowserExecutable();
+  if (!browserPath) {
+    throw new Error('No Chrome, Edge, or Chromium executable found');
+  }
+
+  const loginUrl = options.loginUrl || 'https://www.aliwork.com/workPlatform';
+  const profileDir = fs.mkdtempSync(path.join(os.tmpdir(), 'yidaconnector-browser-login-'));
+  const port = await getFreePort();
+  const timeoutMs = options.timeoutMs || 10 * 60 * 1000;
+  const child = spawn(browserPath, [
+    `--user-data-dir=${profileDir}`,
+    `--remote-debugging-port=${port}`,
+    '--no-first-run',
+    '--no-default-browser-check',
+    '--disable-features=Translate',
+    loginUrl,
+  ], {
+    stdio: ['ignore', 'ignore', 'pipe'],
+  });
+  child.stderr.on('data', () => {});
+
+  let client = null;
+  try {
+    await waitForJson(`http://127.0.0.1:${port}/json/version`, 30000);
+
+    let target = null;
+    const targetDeadline = Date.now() + 30000;
+    while (Date.now() < targetDeadline) {
+      const targets = await waitForJson(`http://127.0.0.1:${port}/json/list`, 5000);
+      target = targets.find((item) => item.type === 'page' && item.webSocketDebuggerUrl) || null;
+      if (target) {break;}
+      await new Promise((resolve) => setTimeout(resolve, 300));
+    }
+    if (!target) {
+      throw new Error('No debuggable browser page found');
+    }
+
+    client = await createCdpClient(target.webSocketDebuggerUrl);
+    await client.send('Network.enable').catch(() => {});
+
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+      const result = await client.send('Network.getAllCookies')
+        .catch(() => client.send('Storage.getCookies'));
+      const cookies = Array.isArray(result.cookies) ? result.cookies : [];
+      if (cookies.some((cookie) => cookie.name === 'tianshu_csrf_token' && cookie.value)) {
+        const currentPageUrl = await getCurrentPageUrl(client, target.url || loginUrl);
+        return {
+          cookies,
+          base_url: deriveBaseUrlFromBrowserState(cookies, loginUrl, currentPageUrl),
+        };
+      }
+      await new Promise((resolve) => setTimeout(resolve, 2000));
+    }
+
+    throw new Error('Login timed out before tianshu_csrf_token appeared');
+  } finally {
+    if (client) {client.close();}
+    if (!child.killed) {child.kill('SIGTERM');}
+    try { fs.rmSync(profileDir, { recursive: true, force: true }); } catch { /* ignore */ }
+  }
+}
+
+function cdpBrowserLogin(options = {}) {
+  const scriptPath = path.join(os.tmpdir(), `yidaconnector-cdp-login-${Date.now()}.js`);
+  const modulePath = __filename;
+  fs.writeFileSync(scriptPath, `
+const { runCdpBrowserLogin } = require(${JSON.stringify(modulePath)});
+runCdpBrowserLogin(${JSON.stringify(options)})
+  .then((result) => {
+    console.log(JSON.stringify(result));
+  })
+  .catch((err) => {
+    console.error(err && err.message ? err.message : String(err));
+    process.exit(1);
+  });
+`, 'utf8');
+
+  try {
+    const stdout = execFileSync(process.execPath, [scriptPath], {
+      encoding: 'utf8',
+      stdio: ['inherit', 'pipe', 'inherit'],
+      timeout: (options.timeoutMs || 10 * 60 * 1000) + 60000,
+    });
+    const lines = stdout.trim().split('\n').filter(Boolean);
+    return JSON.parse(lines[lines.length - 1]);
+  } finally {
+    try { fs.unlinkSync(scriptPath); } catch { /* ignore */ }
+  }
+}
+
+module.exports = {
+  cdpBrowserLogin,
+  createCdpClient,
+  deriveBaseUrl,
+  deriveBaseUrlFromBrowserState,
+  findBrowserExecutable,
+  runCdpBrowserLogin,
+};