Files
wehub-resource-sync 9b395f5cc3
E2E Headed Chrome / e2e-headed (macos-15) (push) Has been cancelled
E2E Headed Chrome / e2e-headed (ubuntu-latest) (push) Has been cancelled
E2E Headed Chrome / e2e-headed (windows-latest) (push) Has been cancelled
CI / build (macos-latest) (push) Has been cancelled
CI / build (ubuntu-latest) (push) Has been cancelled
CI / build (windows-latest) (push) Has been cancelled
CI / unit-test (push) Has been cancelled
CI / bun-test (push) Has been cancelled
CI / adapter-test (push) Has been cancelled
CI / smoke-test (macos-latest) (push) Has been cancelled
CI / smoke-test (ubuntu-latest) (push) Has been cancelled
Security Audit / audit (push) Has been cancelled
Build Chrome Extension / build (push) Has been cancelled
Trigger Website Rebuild (Docs Updated) / dispatch (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:39:48 +08:00

62 lines
3.0 KiB
JavaScript

import { AuthRequiredError, CommandExecutionError } from '@jackwener/opencli/errors';
import { registerSiteAuthCommands } from '../_shared/site-auth.js';
async function hasChatgptSessionCookie(page) {
const cookies = await page.getCookies({ url: 'https://chatgpt.com' });
// Prefix match: NextAuth chunks large session tokens into
// `__Secure-next-auth.session-token.0`, `.1`, … so an exact-name check
// false-negatives on chunked sessions (the `auth status`/`refresh`/login
// fast paths that consume this). See issue #2087.
return cookies.some(c => c.name.startsWith('__Secure-next-auth.session-token') && c.value);
}
async function verifyChatgptIdentity(page) {
// The `/api/auth/session` probe below is authoritative — do NOT pre-gate on the
// legacy `__Secure-next-auth.session-token` cookie. Current ChatGPT web
// sessions authenticate without that cookie, so gating on it produced false
// AUTH_REQUIRED for logged-in users. See issue #2087.
await page.goto('https://chatgpt.com/');
await page.wait(2);
const result = await page.evaluate(`(async () => {
try {
const res = await fetch('/api/auth/session', { credentials: 'include' });
if (res.status === 401 || res.status === 403) {
return { kind: 'auth', detail: 'ChatGPT /api/auth/session HTTP ' + res.status };
}
if (!res.ok) return { kind: 'http', httpStatus: res.status };
const d = await res.json();
const user = d && d.user;
if (!user || !user.id) {
return { kind: 'auth', detail: 'ChatGPT /api/auth/session has no user — anonymous' };
}
return { ok: true, user_id: String(user.id), name: String(user.name || '') };
} catch (e) {
return { kind: 'exception', detail: String(e && e.message || e) };
}
})()`);
if (result?.kind === 'auth') throw new AuthRequiredError('chatgpt.com', result.detail);
if (result?.kind === 'http') throw new CommandExecutionError(`HTTP ${result.httpStatus} from /api/auth/session`);
if (result?.kind === 'exception') throw new CommandExecutionError(`ChatGPT whoami failed: ${result.detail}`);
if (!result?.ok) throw new CommandExecutionError(`Unexpected ChatGPT probe: ${JSON.stringify(result)}`);
return { user_id: result.user_id, name: result.name };
}
registerSiteAuthCommands({
site: 'chatgpt',
domain: 'chatgpt.com',
loginUrl: 'https://auth.openai.com/log-in',
columns: ['user_id', 'name'],
quickCheck: hasChatgptSessionCookie,
verify: verifyChatgptIdentity,
// Poll keeps the cheap, non-navigating cookie gate: during `login` the browser
// sits on the OAuth page, and verify (which navigates to chatgpt.com) must not
// run every ~2s or it would yank the user off the login form. #2087 is about
// `whoami` (the verify path above); login-completion detection is unchanged.
poll: async (page) => {
if (!await hasChatgptSessionCookie(page)) {
throw new AuthRequiredError('chatgpt.com', 'Waiting for ChatGPT session cookie');
}
return verifyChatgptIdentity(page);
},
});