zalo-agent-cli 1.0.30 → 1.1.0

package/src/commands/profile.js

@@ -182,6 +182,70 @@ export function registerProfileCommands(program) {
             }
         });
 
+    profile
+        .command("avatars")
+        .description("List your avatar gallery")
+        .option("-c, --count <n>", "Page size", parseInt, 50)
+        .option("-p, --page <n>", "Page number", parseInt, 1)
+        .action(async (opts) => {
+            try {
+                const result = await getApi().getAvatarList(opts.count, opts.page);
+                output(result, program.opts().json);
+            } catch (e) {
+                error(`Get avatars failed: ${e.message}`);
+            }
+        });
+
+    profile
+        .command("full-avatar <friendId>")
+        .description("Get full-size avatar URL for a user")
+        .action(async (friendId) => {
+            try {
+                const result = await getApi().getFullAvatar(friendId);
+                output(result, program.opts().json, () => {
+                    info(`Avatar: ${result?.avatar || "?"}`);
+                });
+            } catch (e) {
+                error(`Get full avatar failed: ${e.message}`);
+            }
+        });
+
+    profile
+        .command("avatar-url <friendIds...>")
+        .description("Get avatar URLs for one or more users")
+        .action(async (friendIds) => {
+            try {
+                const result = await getApi().getAvatarUrlProfile(friendIds);
+                output(result, program.opts().json);
+            } catch (e) {
+                error(`Get avatar URLs failed: ${e.message}`);
+            }
+        });
+
+    profile
+        .command("delete-avatar <photoIds...>")
+        .description("Delete avatar(s) from your gallery")
+        .action(async (photoIds) => {
+            try {
+                const result = await getApi().deleteAvatar(photoIds);
+                output(result, program.opts().json, () => success(`Deleted ${photoIds.length} avatar(s)`));
+            } catch (e) {
+                error(`Delete avatar failed: ${e.message}`);
+            }
+        });
+
+    profile
+        .command("reuse-avatar <photoId>")
+        .description("Reuse a previous avatar from your gallery")
+        .action(async (photoId) => {
+            try {
+                const result = await getApi().reuseAvatar(photoId);
+                output(result, program.opts().json, () => success("Avatar reused"));
+            } catch (e) {
+                error(`Reuse avatar failed: ${e.message}`);
+            }
+        });
+
     profile
         .command("set <setting> <value>")
         .description("Update a privacy setting (use 'profile settings' to see options)")

package/src/commands/quick-msg.js

@@ -0,0 +1,55 @@
+/**
+ * Quick message commands — list, add, update, remove saved quick messages.
+ */
+
+import { getApi } from "../core/zalo-client.js";
+import { success, error, output } from "../utils/output.js";
+
+export function registerQuickMsgCommands(program) {
+    const qm = program.command("quick-msg").description("Manage quick/saved messages");
+
+    qm.command("list")
+        .description("List all quick messages")
+        .action(async () => {
+            try {
+                const result = await getApi().getQuickMessageList();
+                output(result, program.opts().json);
+            } catch (e) {
+                error(`Get quick messages failed: ${e.message}`);
+            }
+        });
+
+    qm.command("add <keyword> <title>")
+        .description("Add a quick message")
+        .action(async (keyword, title) => {
+            try {
+                const result = await getApi().addQuickMessage({ keyword, title });
+                output(result, program.opts().json, () => success(`Quick message added: "${keyword}" → "${title}"`));
+            } catch (e) {
+                error(`Add quick message failed: ${e.message}`);
+            }
+        });
+
+    qm.command("update <itemId> <keyword> <title>")
+        .description("Update a quick message")
+        .action(async (itemId, keyword, title) => {
+            try {
+                const result = await getApi().updateQuickMessage({ keyword, title }, Number(itemId));
+                output(result, program.opts().json, () => success(`Quick message ${itemId} updated`));
+            } catch (e) {
+                error(`Update quick message failed: ${e.message}`);
+            }
+        });
+
+    qm.command("remove <itemIds...>")
+        .description("Remove quick message(s)")
+        .action(async (itemIds) => {
+            try {
+                const ids = itemIds.map(Number);
+                const result = await getApi().removeQuickMessage(ids);
+                output(result, program.opts().json, () => success(`Removed ${ids.length} quick message(s)`));
+            } catch (e) {
+                error(`Remove quick message failed: ${e.message}`);
+            }
+        });
+}

package/src/core/oa-client.js

@@ -0,0 +1,391 @@
+/**
+ * Zalo Official Account API v3.0 client.
+ * Wraps OA REST endpoints with node-fetch. No dependency on zca-js.
+ * Credentials stored in ~/.zalo-agent/oa-credentials.json.
+ */
+
+import fs from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+import nodefetch from "node-fetch";
+
+const V3_BASE = "https://openapi.zalo.me/v3.0/oa";
+const V2_BASE = "https://openapi.zalo.me/v2.0/oa";
+const DATA_DIR = join(homedir(), ".zalo-agent");
+const OA_CREDS_FILE = join(DATA_DIR, "oa-credentials.json");
+
+/** Ensure data directory exists. */
+function ensureDir() {
+    if (!fs.existsSync(DATA_DIR)) fs.mkdirSync(DATA_DIR, { recursive: true });
+}
+
+const OAUTH_URL = "https://oauth.zaloapp.com/v4/oa/permission";
+const TOKEN_URL = "https://oauth.zaloapp.com/v4/oa/access_token";
+
+/** Save full OA credentials to disk with restricted file permissions. */
+export function saveOACreds(data, oaId = "default") {
+    ensureDir();
+    let creds = {};
+    if (fs.existsSync(OA_CREDS_FILE)) {
+        creds = JSON.parse(fs.readFileSync(OA_CREDS_FILE, "utf8"));
+    }
+    creds[oaId] = { ...creds[oaId], ...data, updatedAt: new Date().toISOString() };
+    fs.writeFileSync(OA_CREDS_FILE, JSON.stringify(creds, null, 2), { mode: 0o600 });
+}
+
+/** Save OA access token to disk (backward compat). */
+export function saveOAToken(accessToken, oaId = "default") {
+    saveOACreds({ accessToken }, oaId);
+}
+
+/** Load full OA credentials from disk. */
+export function loadOACreds(oaId = "default") {
+    if (!fs.existsSync(OA_CREDS_FILE)) return null;
+    const creds = JSON.parse(fs.readFileSync(OA_CREDS_FILE, "utf8"));
+    return creds[oaId] || null;
+}
+
+/** Load OA access token from disk. */
+export function loadOAToken(oaId = "default") {
+    return loadOACreds(oaId)?.accessToken || null;
+}
+
+/** Get token or throw. */
+function getToken(oaId) {
+    const creds = loadOACreds(oaId);
+    if (!creds?.accessToken) {
+        throw new Error("OA not configured. Run: zalo-agent oa login --app-id <id> --secret <key>");
+    }
+    return creds.accessToken;
+}
+
+/** Build OAuth authorization URL. */
+export function getOAuthUrl(appId, redirectUri = "http://localhost:3456/callback") {
+    const params = new URLSearchParams({
+        app_id: appId,
+        redirect_uri: redirectUri,
+    });
+    return `${OAUTH_URL}?${params}`;
+}
+
+/** Exchange authorization code for access + refresh tokens. */
+export async function exchangeCode(code, appId, secretKey, redirectUri = "http://localhost:3456/callback") {
+    const res = await nodefetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded", secret_key: secretKey },
+        body: new URLSearchParams({
+            code,
+            app_id: appId,
+            grant_type: "authorization_code",
+            redirect_uri: redirectUri,
+        }),
+    });
+    return res.json();
+}
+
+/** Refresh access token using refresh token. */
+export async function refreshAccessToken(refreshToken, appId, secretKey) {
+    const res = await nodefetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded", secret_key: secretKey },
+        body: new URLSearchParams({
+            refresh_token: refreshToken,
+            app_id: appId,
+            grant_type: "refresh_token",
+        }),
+    });
+    return res.json();
+}
+
+/** Make authenticated request to Zalo OA API. */
+async function oaFetch(url, { method = "GET", body, token, isFormData = false } = {}) {
+    const headers = { access_token: token };
+    if (!isFormData) headers["Content-Type"] = "application/json";
+
+    const opts = { method, headers };
+    if (body && !isFormData) opts.body = JSON.stringify(body);
+    if (body && isFormData) opts.body = body;
+
+    const res = await nodefetch(url, opts);
+    const data = await res.json();
+    if (data.error && data.error !== 0) {
+        throw new Error(`OA API error ${data.error}: ${data.message || JSON.stringify(data)}`);
+    }
+    return data;
+}
+
+// ─── Messaging (v3.0) ────────────────────────────────────────────────
+
+const VALID_MSG_TYPES = ["cs", "transaction", "promotion"];
+
+/** Validate messageType to prevent path injection. */
+function validateMsgType(messageType) {
+    if (!VALID_MSG_TYPES.includes(messageType)) {
+        throw new Error(`Invalid message type "${messageType}". Must be: ${VALID_MSG_TYPES.join(", ")}`);
+    }
+    return messageType;
+}
+
+/** Send text message via OA. messageType: cs | transaction | promotion */
+export async function sendText(userId, text, messageType = "cs", oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/message/${validateMsgType(messageType)}`, {
+        method: "POST",
+        token,
+        body: { recipient: { user_id: userId }, message: { text } },
+    });
+}
+
+/** Send image message via OA (by URL or attachment_id). */
+export async function sendImage(userId, { imageUrl, imageId }, messageType = "cs", oaId = "default") {
+    const token = getToken(oaId);
+    const element = { media_type: "image" };
+    if (imageUrl) element.url = imageUrl;
+    else if (imageId) element.attachment_id = imageId;
+    else throw new Error("Provide --image-url or --image-id");
+
+    return oaFetch(`${V3_BASE}/message/${validateMsgType(messageType)}`, {
+        method: "POST",
+        token,
+        body: {
+            recipient: { user_id: userId },
+            message: {
+                attachment: {
+                    type: "template",
+                    payload: { template_type: "media", elements: [element] },
+                },
+            },
+        },
+    });
+}
+
+/** Send file message via OA (requires pre-uploaded file attachment_id). */
+export async function sendFile(userId, fileId, messageType = "cs", oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/message/${validateMsgType(messageType)}`, {
+        method: "POST",
+        token,
+        body: {
+            recipient: { user_id: userId },
+            message: { attachment: { type: "file", payload: { token: fileId } } },
+        },
+    });
+}
+
+/** Send list message via OA. elements: [{ title, subtitle, image_url, default_action }] */
+export async function sendList(userId, elements, messageType = "cs", oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/message/${validateMsgType(messageType)}`, {
+        method: "POST",
+        token,
+        body: {
+            recipient: { user_id: userId },
+            message: {
+                attachment: {
+                    type: "template",
+                    payload: { template_type: "list", elements },
+                },
+            },
+        },
+    });
+}
+
+/** Get message delivery status. */
+export async function getMessageStatus(messageId, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/message/status?message_id=${messageId}`, { token });
+}
+
+// ─── User / Follower Management ──────────────────────────────────────
+
+/** Get OA profile info. */
+export async function getOAProfile(oaId = "default") {
+    const token = getToken(oaId);
+    // v2 fallback — v3 docs incomplete for getoa
+    return oaFetch(`${V2_BASE}/getoa`, { token });
+}
+
+/** Get follower info by user_id. */
+export async function getFollowerInfo(userId, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/user/detail?user_id=${userId}`, { token });
+}
+
+/** Get followers list (paginated). */
+export async function getFollowers(offset = 0, count = 50, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/user/getlist?offset=${offset}&count=${count}`, { token });
+}
+
+/** Update follower info (name, phone, address, etc.). */
+export async function updateFollowerInfo(userId, updates, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/user/update`, {
+        method: "POST",
+        token,
+        body: { user_id: userId, ...updates },
+    });
+}
+
+// ─── Tags ────────────────────────────────────────────────────────────
+
+/** Get all tags. */
+export async function getTags(oaId = "default") {
+    const token = getToken(oaId);
+    // v2 endpoint — v3 not documented
+    return oaFetch(`${V2_BASE}/tag/gettagsofoa`, { token });
+}
+
+/** Assign tag to follower. */
+export async function assignTag(userId, tagName, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/tag/taguser`, {
+        method: "POST",
+        token,
+        body: { user_id: userId, tag_name: tagName },
+    });
+}
+
+/** Remove tag. */
+export async function removeTag(tagName, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/tag/rmtag`, {
+        method: "POST",
+        token,
+        body: { tag_name: tagName },
+    });
+}
+
+/** Remove follower from tag. */
+export async function removeFollowerFromTag(userId, tagName, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/tag/rmfollowerfromtag`, {
+        method: "POST",
+        token,
+        body: { user_id: userId, tag_name: tagName },
+    });
+}
+
+// ─── Media Upload ────────────────────────────────────────────────────
+
+/** Upload image to OA (returns attachment_id). */
+export async function uploadImage(filePath, oaId = "default") {
+    const token = getToken(oaId);
+    const { default: FormData } = await import("node-fetch");
+    // Use native FormData-like via node-fetch's Blob
+    const fileData = fs.readFileSync(filePath);
+    const blob = new (await import("node:buffer")).Blob([fileData]);
+    const form = new globalThis.FormData();
+    form.append("file", blob, filePath.split("/").pop());
+
+    return oaFetch(`${V3_BASE}/upload/image`, {
+        method: "POST",
+        token,
+        body: form,
+        isFormData: true,
+    });
+}
+
+/** Upload file to OA (returns token/attachment_id). */
+export async function uploadFile(filePath, oaId = "default") {
+    const token = getToken(oaId);
+    const fileData = fs.readFileSync(filePath);
+    const blob = new (await import("node:buffer")).Blob([fileData]);
+    const form = new globalThis.FormData();
+    form.append("file", blob, filePath.split("/").pop());
+
+    return oaFetch(`${V3_BASE}/upload/file`, {
+        method: "POST",
+        token,
+        body: form,
+        isFormData: true,
+    });
+}
+
+// ─── Conversations ───────────────────────────────────────────────────
+
+/** Get recent chat list (v2 API). */
+export async function getRecentChat(offset = 0, count = 10, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V2_BASE}/listrecentchat?offset=${offset}&count=${count}`, { token });
+}
+
+/** Get conversation history with a user (v2 API). */
+export async function getConversation(userId, offset = 0, count = 10, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V2_BASE}/conversation?user_id=${userId}&offset=${offset}&count=${count}`, {
+        token,
+    });
+}
+
+// ─── Menu ────────────────────────────────────────────────────────────
+
+/** Update OA menu. */
+export async function updateMenu(menuData, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/menu`, { method: "POST", token, body: menuData });
+}
+
+// ─── Articles ────────────────────────────────────────────────────────
+
+/** Create article (broadcast). */
+export async function createArticle(articleData, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/article/create`, { method: "POST", token, body: articleData });
+}
+
+/** Get article list. */
+export async function getArticleList(offset = 0, limit = 10, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/article/getlist?offset=${offset}&limit=${limit}`, { token });
+}
+
+/** Get article detail. */
+export async function getArticleDetail(articleId, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/article/getdetail?id=${articleId}`, { token });
+}
+
+// ─── Store ───────────────────────────────────────────────────────────
+
+/** Create product in OA store. */
+export async function createProduct(productData, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/store/product/create`, { method: "POST", token, body: productData });
+}
+
+/** Get product list. */
+export async function getProductList(offset = 0, limit = 10, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/store/product/getproductofoa?offset=${offset}&limit=${limit}`, {
+        token,
+    });
+}
+
+/** Get product detail. */
+export async function getProductInfo(productId, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/store/product/getproduct?id=${productId}`, { token });
+}
+
+/** Create category in OA store. */
+export async function createCategory(categoryData, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/store/category/create`, {
+        method: "POST",
+        token,
+        body: categoryData,
+    });
+}
+
+/** Get category list. */
+export async function getCategoryList(oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/store/category/getcategoryofoa`, { token });
+}
+
+/** Create order. */
+export async function createOrder(orderData, oaId = "default") {
+    const token = getToken(oaId);
+    return oaFetch(`${V3_BASE}/store/order/create`, { method: "POST", token, body: orderData });
+}

package/src/index.js

@@ -21,7 +21,12 @@ import { registerAccountCommands } from "./commands/account.js";
 import { registerProfileCommands } from "./commands/profile.js";
 import { registerPollCommands } from "./commands/poll.js";
 import { registerReminderCommands } from "./commands/reminder.js";
+import { registerAutoReplyCommands } from "./commands/auto-reply.js";
+import { registerQuickMsgCommands } from "./commands/quick-msg.js";
+import { registerLabelCommands } from "./commands/label.js";
+import { registerCatalogCommands } from "./commands/catalog.js";
 import { registerListenCommand } from "./commands/listen.js";
+import { registerOACommands } from "./commands/oa.js";
 import { autoLogin } from "./core/zalo-client.js";
 import { checkForUpdates, selfUpdate } from "./utils/update-check.js";
 import { success, error, warning } from "./utils/output.js";
@@ -37,16 +42,17 @@ program
     .version(pkg.version)
     .option("--json", "Output results as JSON (machine-readable)")
     .hook("preAction", async (thisCommand) => {
+        const cmdName = thisCommand.args?.[0] || thisCommand.name();
         // Suppress zca-js internal logs in JSON mode to keep stdout clean for piping
         if (program.opts().json) {
             process.env.ZALO_JSON_MODE = "1";
-        } else {
+        } else if (cmdName !== "oa") {
+            // OA commands use official Zalo API — no disclaimer needed
             warning(DISCLAIMER);
             console.log();
         }
-        // Auto-login before any command that needs it (skip for login/account commands)
-        const cmdName = thisCommand.args?.[0] || thisCommand.name();
-        const skipAutoLogin = ["login", "account", "help", "version", "update"].includes(cmdName);
+        // Auto-login before any command that needs it (skip for login/account/oa commands)
+        const skipAutoLogin = ["login", "account", "help", "version", "update", "oa"].includes(cmdName);
         if (!skipAutoLogin) {
             await autoLogin(program.opts().json);
         }
@@ -76,6 +82,11 @@ registerAccountCommands(program);
 registerProfileCommands(program);
 registerPollCommands(program);
 registerReminderCommands(program);
+registerAutoReplyCommands(program);
+registerQuickMsgCommands(program);
+registerLabelCommands(program);
+registerCatalogCommands(program);
 registerListenCommand(program);
+registerOACommands(program);
 
 program.parse();