问题描述 / Problem
在 VPS 上部署 boss-cli 做自动化招聘时,登录状态大约 2 小时就会失效。每次失效后需要手动复制 Cookie 到配置文件,严重影响无人值守运行。
When running boss-cli on a headless VPS for automated recruiting workflows, the session expires approximately every 2 hours. Each expiry requires manually copying fresh cookies into the credential file, breaking unattended operation.
根因分析 / Root Cause
当前 load_credential() 里有一个 7 天 TTL 自动刷新逻辑(auth.py ~L122),但它调用 extract_browser_credential(),依赖本地安装的 Chrome/Firefox 来读取 cookie。VPS 无头环境没有浏览器,这条路完全走不通。
The existing 7-day TTL refresh in load_credential() (auth.py ~L122) calls extract_browser_credential(), which requires a locally installed browser. Headless servers have no browser, so this path always fails silently and returns stale credentials.
期望的解决方案 / Proposed Solutions
方案 A — QR 二维码自动重登(推荐 for VPS)
当检测到 token 失效时(HTTP 401/403),触发 qr_login() 并将二维码打印到终端(或通过 Webhook/邮件发送图片),让用户扫码一次完成刷新,无需手动操作文件。
When a 401/403 is detected, trigger qr_login() and surface the QR code (terminal or Webhook/email notification), so the user scans once without touching any files.
方案 B — Webhook 通知 + 等待扫码
提供 --webhook-url 配置项,token 失效时将 QR 码图片 POST 到指定 URL(飞书/企微/Slack Bot),用户在手机上扫码完成续期。
Add --webhook-url config: on expiry, POST the QR image to a webhook (Feishu/WeCom/Slack), user scans from phone.
方案 C — 后台守护进程 / boss refresh-daemon
新增子命令 boss auth refresh-daemon,在后台定期(如每 90 分钟)检测 token 健康状态,在失效前主动触发刷新流程。
New subcommand boss auth refresh-daemon that periodically checks token health and proactively triggers refresh before expiry.
使用场景 / Use Case
# 典型 VPS 部署
crontab: */30 * * * * boss recommend --limit 20 >> /var/log/boss.log
# Token 2h 后失效 → 整夜无人值守任务全部 401 失败
当前临时方案 / Current Workaround
在本地机器登录后,手动 scp ~/.config/boss-cli/credential.json user@vps:~/.config/boss-cli/ 覆盖,约每 2 小时操作一次,极不方便。
Manually scp the credential file from a local machine to the VPS every ~2 hours — very tedious.
环境信息 / Environment
- boss-cli version: latest
main
- Platform: Linux VPS (headless, no desktop browser)
- Python: 3.11
非常感谢大佬们的维护!这个项目对批量招聘自动化很有价值,期待 VPS 长期运行支持 🙏
Thanks for maintaining this project! It's extremely useful for recruiting automation. VPS long-running support would make it much more powerful.
问题描述 / Problem
在 VPS 上部署 boss-cli 做自动化招聘时,登录状态大约 2 小时就会失效。每次失效后需要手动复制 Cookie 到配置文件,严重影响无人值守运行。
When running boss-cli on a headless VPS for automated recruiting workflows, the session expires approximately every 2 hours. Each expiry requires manually copying fresh cookies into the credential file, breaking unattended operation.
根因分析 / Root Cause
当前
load_credential()里有一个 7 天 TTL 自动刷新逻辑(auth.py~L122),但它调用extract_browser_credential(),依赖本地安装的 Chrome/Firefox 来读取 cookie。VPS 无头环境没有浏览器,这条路完全走不通。The existing 7-day TTL refresh in
load_credential()(auth.py~L122) callsextract_browser_credential(), which requires a locally installed browser. Headless servers have no browser, so this path always fails silently and returns stale credentials.期望的解决方案 / Proposed Solutions
方案 A — QR 二维码自动重登(推荐 for VPS)
当检测到 token 失效时(HTTP 401/403),触发
qr_login()并将二维码打印到终端(或通过 Webhook/邮件发送图片),让用户扫码一次完成刷新,无需手动操作文件。When a 401/403 is detected, trigger
qr_login()and surface the QR code (terminal or Webhook/email notification), so the user scans once without touching any files.方案 B — Webhook 通知 + 等待扫码
提供
--webhook-url配置项,token 失效时将 QR 码图片 POST 到指定 URL(飞书/企微/Slack Bot),用户在手机上扫码完成续期。Add
--webhook-urlconfig: on expiry, POST the QR image to a webhook (Feishu/WeCom/Slack), user scans from phone.方案 C — 后台守护进程 /
boss refresh-daemon新增子命令
boss auth refresh-daemon,在后台定期(如每 90 分钟)检测 token 健康状态,在失效前主动触发刷新流程。New subcommand
boss auth refresh-daemonthat periodically checks token health and proactively triggers refresh before expiry.使用场景 / Use Case
当前临时方案 / Current Workaround
在本地机器登录后,手动
scp ~/.config/boss-cli/credential.json user@vps:~/.config/boss-cli/覆盖,约每 2 小时操作一次,极不方便。Manually
scpthe credential file from a local machine to the VPS every ~2 hours — very tedious.环境信息 / Environment
main非常感谢大佬们的维护!这个项目对批量招聘自动化很有价值,期待 VPS 长期运行支持 🙏
Thanks for maintaining this project! It's extremely useful for recruiting automation. VPS long-running support would make it much more powerful.