zalo-agent-cli 1.0.0

package/src/utils/bank-helpers.js

@@ -0,0 +1,233 @@
+/**
+ * Vietnamese bank BIN mapping + VietQR image generation via qr.sepay.vn.
+ */
+
+import { mkdtempSync, writeFileSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+import nodefetch from "node-fetch";
+
+/** Bank name aliases (lowercase, no spaces) → BIN codes. */
+export const BANK_NAME_TO_BIN = {
+    abbank: 970425,
+    acb: 970416,
+    agribank: 970405,
+    bidv: 970418,
+    bvbank: 970454,
+    bacabank: 970409,
+    baoviet: 970438,
+    cake: 546034,
+    cbbank: 970444,
+    cimb: 422589,
+    coopbank: 970446,
+    dbs: 796500,
+    dongabank: 970406,
+    eximbank: 970431,
+    gpbank: 970408,
+    hdbank: 970437,
+    hsbc: 458761,
+    hongleong: 970442,
+    ibkhcm: 970456,
+    ibkhn: 970455,
+    indovina: 970434,
+    kbank: 668888,
+    kienlongbank: 970452,
+    kookminhcm: 970463,
+    kookminhn: 970462,
+    mbbank: 970422,
+    mb: 970422,
+    msb: 970426,
+    ncb: 970419,
+    namabank: 970428,
+    nonghyup: 801011,
+    ocb: 970448,
+    oceanbank: 970414,
+    pgbank: 970430,
+    pvcombank: 970412,
+    publicbank: 970439,
+    scb: 970429,
+    shb: 970443,
+    sacombank: 970403,
+    saigonbank: 970400,
+    seabank: 970440,
+    shinhan: 970424,
+    standardchartered: 970410,
+    tnex: 9704261,
+    tpbank: 970423,
+    techcombank: 970407,
+    timo: 963388,
+    ubank: 546035,
+    uob: 970458,
+    vib: 970441,
+    vpbank: 970432,
+    vrb: 970421,
+    vietabank: 970427,
+    vietbank: 970433,
+    vietcombank: 970436,
+    vcb: 970436,
+    vietinbank: 970415,
+    ctg: 970415,
+    woori: 970457,
+};
+
+/** BIN → display name. */
+export const BIN_TO_DISPLAY = {
+    970425: "ABBank",
+    970416: "ACB",
+    970405: "Agribank",
+    970418: "BIDV",
+    970454: "BVBank",
+    970409: "BacA Bank",
+    970438: "BaoViet Bank",
+    546034: "CAKE",
+    970444: "CB Bank",
+    422589: "CIMB",
+    970446: "Co-op Bank",
+    796500: "DBS",
+    970406: "DongA Bank",
+    970431: "Eximbank",
+    970408: "GPBank",
+    970437: "HDBank",
+    458761: "HSBC",
+    970442: "Hong Leong",
+    970456: "IBK HCM",
+    970455: "IBK HN",
+    970434: "Indovina",
+    668888: "KBank",
+    970452: "KienlongBank",
+    970463: "Kookmin HCM",
+    970462: "Kookmin HN",
+    970422: "MB Bank",
+    970426: "MSB",
+    970419: "NCB",
+    970428: "Nam A Bank",
+    801011: "NongHyup",
+    970448: "OCB",
+    970414: "OceanBank",
+    970430: "PGBank",
+    970412: "PVcomBank",
+    970439: "Public Bank",
+    970429: "SCB",
+    970443: "SHB",
+    970403: "Sacombank",
+    970400: "Saigon Bank",
+    970440: "SeABank",
+    970424: "Shinhan",
+    970410: "Standard Chartered",
+    9704261: "TNEX",
+    970423: "TPBank",
+    970407: "Techcombank",
+    963388: "Timo",
+    546035: "UBank",
+    970458: "UOB",
+    970441: "VIB",
+    970432: "VPBank",
+    970421: "VRB",
+    970427: "VietABank",
+    970433: "VietBank",
+    970436: "Vietcombank",
+    970415: "VietinBank",
+    970457: "Woori",
+};
+
+/** BIN → SePay short_name for qr.sepay.vn URL. */
+const BIN_TO_SEPAY = {
+    970415: "VietinBank",
+    970436: "Vietcombank",
+    970422: "MBBank",
+    970416: "ACB",
+    970432: "VPBank",
+    970423: "TPBank",
+    970426: "MSB",
+    970428: "NamABank",
+    970449: "LienVietPostBank",
+    970454: "VietCapitalBank",
+    970418: "BIDV",
+    970403: "Sacombank",
+    970441: "VIB",
+    970437: "HDBank",
+    970440: "SeABank",
+    970408: "GPBank",
+    970412: "PVcomBank",
+    970419: "NCB",
+    970424: "ShinhanBank",
+    970429: "SCB",
+    970430: "PGBank",
+    970405: "Agribank",
+    970407: "Techcombank",
+    970400: "SaigonBank",
+    970406: "DongABank",
+    970409: "BacABank",
+    970410: "StandardChartered",
+    970414: "Oceanbank",
+    970421: "VRB",
+    970425: "ABBANK",
+    970427: "VietABank",
+    970431: "Eximbank",
+    970433: "VietBank",
+    970434: "IndovinaBank",
+    970438: "BaoVietBank",
+    970439: "PublicBank",
+    970443: "SHB",
+    970444: "CBBank",
+    970448: "OCB",
+    970452: "KienLongBank",
+    422589: "CIMB",
+    458761: "HSBC",
+    796500: "DBSBank",
+    801011: "Nonghyup",
+    970442: "HongLeong",
+    970457: "Woori",
+    970458: "UnitedOverseas",
+    970462: "KookminHN",
+    970463: "KookminHCM",
+    970446: "COOPBANK",
+};
+
+/**
+ * Resolve bank name or BIN string to numeric BIN code.
+ * @param {string} input - Bank name alias or BIN number
+ * @returns {number|null}
+ */
+export function resolveBankBin(input) {
+    if (/^\d+$/.test(input)) {
+        const n = Number(input);
+        return BIN_TO_DISPLAY[n] ? n : null;
+    }
+    return BANK_NAME_TO_BIN[input.toLowerCase().replace(/[\s_]/g, "")] || null;
+}
+
+/**
+ * Download VietQR transfer image from qr.sepay.vn.
+ * @param {number} bin
+ * @param {string} accountNumber
+ * @param {number|null} amount
+ * @param {string|null} content - Max 50 chars, SePay param name is "des"
+ * @param {string} template - compact | print | qronly
+ * @returns {Promise<string|null>} Temp file path or null on failure
+ */
+export async function generateQrTransferImage(bin, accountNumber, amount = null, content = null, template = "compact") {
+    const sepayShort = BIN_TO_SEPAY[bin];
+    if (!sepayShort) return null;
+
+    const params = new URLSearchParams({ bank: sepayShort, acc: accountNumber, template });
+    if (amount !== null && amount !== undefined) params.set("amount", String(amount));
+    if (content) params.set("des", content);
+
+    const url = `https://qr.sepay.vn/img?${params}`;
+    const tmpDir = mkdtempSync(join(tmpdir(), "qr_transfer_"));
+    const outPath = join(tmpDir, "qr.png");
+
+    try {
+        const resp = await nodefetch(url, {
+            headers: { "User-Agent": "Mozilla/5.0" },
+            timeout: 15000,
+        });
+        if (!resp.ok) return null;
+        const buffer = Buffer.from(await resp.arrayBuffer());
+        writeFileSync(outPath, buffer);
+        return outPath;
+    } catch {
+        return null;
+    }
+}

package/src/utils/bank-helpers.test.js

@@ -0,0 +1,66 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { resolveBankBin, BIN_TO_DISPLAY, BANK_NAME_TO_BIN } from "./bank-helpers.js";
+
+describe("resolveBankBin", () => {
+    it("resolves OCB by name", () => {
+        assert.equal(resolveBankBin("ocb"), 970448);
+    });
+
+    it("resolves VCB alias", () => {
+        assert.equal(resolveBankBin("vcb"), 970436);
+    });
+
+    it("resolves Vietcombank full name", () => {
+        assert.equal(resolveBankBin("vietcombank"), 970436);
+    });
+
+    it("resolves BIDV by BIN string", () => {
+        assert.equal(resolveBankBin("970418"), 970418);
+    });
+
+    it("returns null for unknown name", () => {
+        assert.equal(resolveBankBin("unknown"), null);
+    });
+
+    it("returns null for unknown BIN", () => {
+        assert.equal(resolveBankBin("999999"), null);
+    });
+
+    it("is case insensitive", () => {
+        assert.equal(resolveBankBin("OCB"), 970448);
+        assert.equal(resolveBankBin("Vietcombank"), 970436);
+        assert.equal(resolveBankBin("BIDV"), 970418);
+    });
+
+    it("handles spaces and underscores", () => {
+        assert.equal(resolveBankBin("mb bank"), 970422);
+        assert.equal(resolveBankBin("mb_bank"), 970422);
+    });
+
+    it("resolves MB shorthand", () => {
+        assert.equal(resolveBankBin("mb"), 970422);
+    });
+
+    it("resolves CTG alias for VietinBank", () => {
+        assert.equal(resolveBankBin("ctg"), 970415);
+    });
+});
+
+describe("BIN_TO_DISPLAY", () => {
+    it("has at least 50 banks", () => {
+        assert.ok(Object.keys(BIN_TO_DISPLAY).length >= 50);
+    });
+
+    it("maps known BINs correctly", () => {
+        assert.equal(BIN_TO_DISPLAY[970448], "OCB");
+        assert.equal(BIN_TO_DISPLAY[970436], "Vietcombank");
+        assert.equal(BIN_TO_DISPLAY[970418], "BIDV");
+    });
+});
+
+describe("BANK_NAME_TO_BIN", () => {
+    it("has at least 50 aliases", () => {
+        assert.ok(Object.keys(BANK_NAME_TO_BIN).length >= 50);
+    });
+});

package/src/utils/output.js

@@ -0,0 +1,21 @@
+/**
+ * Output formatting utilities — JSON mode and colored human-readable output.
+ */
+
+import chalk from "chalk";
+
+/** Emit JSON or call human formatter based on --json flag. */
+export function output(data, jsonMode, humanFormatter) {
+    if (jsonMode) {
+        console.log(JSON.stringify(data, null, 2));
+    } else if (humanFormatter) {
+        humanFormatter(data);
+    } else {
+        console.log(JSON.stringify(data, null, 2));
+    }
+}
+
+export const success = (msg) => console.log(chalk.green("  ✓ " + msg));
+export const error = (msg) => console.log(chalk.red("  ✗ " + msg));
+export const info = (msg) => console.log(chalk.cyan("  ● " + msg));
+export const warning = (msg) => console.log(chalk.yellow("  ⚠ " + msg));

package/src/utils/proxy-helpers.js

@@ -0,0 +1,14 @@
+/**
+ * Proxy URL helpers — masking passwords for safe display.
+ */
+
+/**
+ * Mask password in proxy URL for safe display.
+ * Example: http://user:secret@host:8080 → http://user:***@host:8080
+ * @param {string|null} proxyUrl
+ * @returns {string}
+ */
+export function maskProxy(proxyUrl) {
+    if (!proxyUrl) return "none";
+    return proxyUrl.replace(/(\/\/[^:]+:)[^@]+(@)/, "$1***$2");
+}

package/src/utils/proxy-helpers.test.js

@@ -0,0 +1,36 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { maskProxy } from "./proxy-helpers.js";
+
+describe("maskProxy", () => {
+    it("masks password in http URL", () => {
+        assert.equal(maskProxy("http://user:secret@host:8080"), "http://user:***@host:8080");
+    });
+
+    it("masks password in socks5 URL", () => {
+        assert.equal(maskProxy("socks5://admin:p4ss@1.2.3.4:1080"), "socks5://admin:***@1.2.3.4:1080");
+    });
+
+    it("masks long password", () => {
+        assert.equal(
+            maskProxy("http://3AccFfq:pkLbHLRjhqids_session-Ntekoom2@geo.iproyal.com:12321"),
+            "http://3AccFfq:***@geo.iproyal.com:12321",
+        );
+    });
+
+    it("returns URL unchanged when no password", () => {
+        assert.equal(maskProxy("http://host:8080"), "http://host:8080");
+    });
+
+    it('returns "none" for null', () => {
+        assert.equal(maskProxy(null), "none");
+    });
+
+    it('returns "none" for empty string', () => {
+        assert.equal(maskProxy(""), "none");
+    });
+
+    it('returns "none" for undefined', () => {
+        assert.equal(maskProxy(undefined), "none");
+    });
+});

package/src/utils/qr-display.js

@@ -0,0 +1,78 @@
+/**
+ * Cross-platform QR display utility.
+ * Displays Zalo's official QR PNG inline in terminal and saves to file.
+ *
+ * IMPORTANT: Uses Zalo-server-generated PNG (via event.data.image base64),
+ * NOT qrcode-terminal which re-encodes the token text into a different QR
+ * that Zalo app cannot recognize as a login request.
+ *
+ * Display methods:
+ * 1. iTerm2/Kitty/WezTerm inline image (renders PNG directly in terminal)
+ * 2. Save PNG to config dir
+ * 3. Base64 data URL (for IDE/agent preview)
+ * 4. File path with platform-specific open hint
+ */
+
+import { resolve } from "path";
+import { writeFileSync, mkdirSync } from "fs";
+import { platform } from "os";
+import { CONFIG_DIR } from "../core/credentials.js";
+import { info } from "./output.js";
+
+const QR_PATH = resolve(CONFIG_DIR, "qr.png");
+
+/** Get platform-specific command to open a file. */
+function getOpenCommand() {
+    switch (platform()) {
+        case "darwin":
+            return "open";
+        case "win32":
+            return "start";
+        default:
+            return "xdg-open";
+    }
+}
+
+/**
+ * Display QR code from a zca-js login QR event.
+ * Synchronous — safe to call from zca-js callback.
+ * @param {object} event - zca-js QR callback event
+ */
+export function displayQR(event) {
+    const imageB64 = event.data?.image || "";
+
+    // 1. Display Zalo's official QR PNG inline in terminal
+    // Uses iTerm2 inline image protocol (also WezTerm, Hyper, Kitty)
+    // Terminals that don't support it simply ignore the escape sequence
+    if (imageB64) {
+        const b64ForTerm = Buffer.from(imageB64, "base64").toString("base64");
+        process.stdout.write(`\x1b]1337;File=inline=1;width=30;preserveAspectRatio=1:${b64ForTerm}\x07\n`);
+    }
+
+    // 2. Save PNG to config dir
+    if (imageB64) {
+        try {
+            mkdirSync(CONFIG_DIR, { recursive: true });
+            writeFileSync(QR_PATH, Buffer.from(imageB64, "base64"));
+            const openCmd = getOpenCommand();
+            info(`QR image saved: ${QR_PATH}`);
+            info(`To open: ${openCmd} "${QR_PATH}"`);
+        } catch {}
+    }
+
+    // 3. Also fire-and-forget the zca-js built-in save
+    if (event.actions?.saveToFile) {
+        event.actions.saveToFile(QR_PATH).catch(() => {});
+    }
+
+    // 4. Base64 data URL (for coding agents / IDE preview)
+    if (imageB64) {
+        info("QR data URL (for IDE preview):");
+        console.log(`  data:image/png;base64,${imageB64.substring(0, 100)}...`);
+    }
+}
+
+/** Get the QR image path. */
+export function getQRPath() {
+    return QR_PATH;
+}

package/src/utils/qr-http-server.js

@@ -0,0 +1,126 @@
+/**
+ * Temporary local HTTP server for QR display on headless/VPS environments.
+ * Serves QR image as a simple HTML page on localhost.
+ * Auto-closes after login completes.
+ */
+
+import http from "http";
+import { readFileSync, existsSync } from "fs";
+import nodefetch from "node-fetch";
+import { info } from "./output.js";
+
+/**
+ * Start a temporary HTTP server that serves the QR image.
+ * @param {string} qrImagePath - path to QR PNG file
+ * @param {number} port - default 18927
+ * @returns {{ url: string, close: () => void }}
+ */
+export function startQrServer(qrImagePath, port = 18927, tryPorts = [18927, 8080, 3000, 9000]) {
+    const server = http.createServer(async (req, res) => {
+        if (req.url === "/qr" || req.url === "/") {
+            if (!existsSync(qrImagePath)) {
+                res.writeHead(200, { "Content-Type": "text/html" });
+                res.end(`<!DOCTYPE html><html><head><meta charset="utf-8">
+<meta http-equiv="refresh" content="2">
+<title>Waiting for QR...</title></head>
+<body style="display:flex;justify-content:center;align-items:center;height:100vh;background:#111;color:#fff;font-family:system-ui">
+<p>QR code generating... auto-refreshing in 2s</p></body></html>`);
+                return;
+            }
+            const img = readFileSync(qrImagePath);
+            const b64 = img.toString("base64");
+            res.writeHead(200, { "Content-Type": "text/html" });
+            res.end(`<!DOCTYPE html>
+<html><head><meta charset="utf-8"><title>Zalo QR Login</title>
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<style>
+body{display:flex;justify-content:center;align-items:center;min-height:100vh;margin:0;background:#111;font-family:system-ui}
+.card{text-align:center;padding:2rem;background:#1a1a2e;border-radius:16px;max-width:400px}
+h2{color:#fff;margin-bottom:1rem}img{width:280px;border-radius:8px}
+p{color:#888;font-size:0.9rem;margin-top:1rem}
+.success{color:#4ade80;font-size:1.2rem;font-weight:bold}
+.hidden{display:none}
+</style></head>
+<body><div class="card">
+<div id="qr-view">
+<h2>Scan with Zalo app</h2>
+<img src="data:image/png;base64,${b64}" alt="QR Code"/>
+<p>Open Zalo > QR Scanner to scan this code</p>
+</div>
+<div id="success-view" class="hidden">
+<h2 style="color:#4ade80">Login Successful!</h2>
+<p class="success">You can close this page now.</p>
+<p>The CLI is ready to use.</p>
+</div>
+</div>
+<script>
+// Poll /status to detect login success
+setInterval(async()=>{
+  try{
+    const r=await fetch('/status');
+    const d=await r.json();
+    if(d.loggedIn){
+      document.getElementById('qr-view').classList.add('hidden');
+      document.getElementById('success-view').classList.remove('hidden');
+    }
+  }catch{}
+},2000);
+</script>
+</body></html>`);
+        } else if (req.url === "/status") {
+            // Login status endpoint for browser polling
+            let loggedIn = false;
+            try {
+                const { isLoggedIn } = await import("../core/zalo-client.js");
+                loggedIn = isLoggedIn();
+            } catch {}
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ loggedIn }));
+        } else {
+            res.writeHead(404);
+            res.end("Not found");
+        }
+    });
+
+    // Try ports in order until one works (avoids firewall issues)
+    let currentPortIdx = 0;
+
+    function tryListen() {
+        const p = tryPorts[currentPortIdx];
+        server.listen(p, "0.0.0.0");
+    }
+
+    server.on("listening", async () => {
+        const actualPort = server.address().port;
+        info(`QR available at: http://localhost:${actualPort}/qr`);
+        // Auto-detect public IP for VPS users
+        try {
+            const res = await nodefetch("https://api.ipify.org", { timeout: 3000 });
+            const ip = (await res.text()).trim();
+            if (ip) info(`On VPS, open: http://${ip}:${actualPort}/qr`);
+        } catch {
+            info(`On VPS, open: http://<your-server-ip>:${actualPort}/qr`);
+        }
+    });
+
+    server.on("error", (err) => {
+        if (err.code === "EADDRINUSE" || err.code === "EACCES") {
+            currentPortIdx++;
+            if (currentPortIdx < tryPorts.length) {
+                info(`Port ${tryPorts[currentPortIdx - 1]} unavailable, trying ${tryPorts[currentPortIdx]}...`);
+                tryListen();
+            }
+        }
+    });
+
+    tryListen();
+
+    return {
+        url: `http://localhost:${port}/qr`,
+        close: () => {
+            try {
+                server.close();
+            } catch {}
+        },
+    };
+}