Files
xianyu-hunter-hermes-skill/skill/xianyu-hunter-monitor/references/web-login-cookie-panel-2026-05.md
T

3.0 KiB
Raw Blame History

Web Login + Cookie Persistence Panel (2026-05)

Context: BOSS wanted the xianyu-hunter Web UI to support login like the original project, saving cookies for reuse. A plain “open login window” button was not enough; the Web UI needed a visible login/cookie panel with status detection.

Implemented shape

Files in /Users/chick/.Hermes/workspace/research/xianyu-hunter:

  • lib/browser.mjs
    • Added getOpenPagesInfo() to report whether the persistent Playwright browser context is open and list page title/URL.
  • lib/login.mjs
    • Added openLoginPage(emitLog).
    • Added getLoginStatus(existingPage = null).
    • checkLogin() now uses stronger login status detection and logs cookie count + browser-data/ persistence.
  • server.mjs
    • Imports checkLogin, getLoginStatus, openLoginPage, closeBrowser, getOpenPagesInfo.
    • Added APIs:
      • GET /api/login/status
      • POST /api/login/open
      • POST /api/login/wait
      • POST /api/login/close-browser
  • public/index.html
    • Header button: 账号登录 / Cookie.
    • Login modal: status card, actions, help text, log panel.
  • public/app.js
    • Added showLoginModal, hideLoginModal, renderLoginStatus, appendLoginLog, checkLoginStatus, openLoginWindow, waitLoginStatus, closeLoginBrowser.
  • public/style.css
    • Added login modal styles (.login-modal, .login-status-card, .login-actions, .login-help, .login-log).

Login detection rule

Do not trust homepage-only checks. In this session, CLI login said OK while the real search page still showed:

  • 登录后可以更懂你,推荐你喜欢的商品!
  • 立即登录

Use a real search probe such as:

https://www.goofish.com/search?q=e3%201245%20v3

Treat status as logged in only if:

  • login wall text is absent, and
  • either product cards load or enough Goofish/Taobao/Alibaba cookies exist.

nick-- and avatar elements alone are false-positive prone on login-wall pages.

Verification commands

cd /Users/chick/.Hermes/workspace/research/xianyu-hunter
node --check server.mjs
node --check lib/browser.mjs
node --check lib/login.mjs
node --check public/app.js

# Restart if needed
lsof -tiTCP:3000 -sTCP:LISTEN | xargs -r kill
PORT=3000 node server.mjs

# Verify UI markers and API
curl -sS http://127.0.0.1:3000/ | grep -E '账号登录 / Cookie|闲鱼账号登录 / Cookie'
curl -sS http://127.0.0.1:3000/api/login/status | python3 -m json.tool
lsof -nP -iTCP:3000 -sTCP:LISTEN

Expected LAN URL for BOSSs Mac in this environment:

http://192.168.2.69:3000

Operational notes

  • Cookies are stored in browser-data/ via Playwright persistent context. Do not print raw cookies.
  • POST /api/login/open opens a visible Chromium window on the Mac desktop. BOSS must use remote control/screen sharing to scan QR or complete captcha there.
  • POST /api/login/close-browser should not delete cookies; it only closes the context.
  • If a stale server process keeps old routes, kill the listener on port 3000 before starting the new server.