feat(mcp): add optional auth cookie injection for authenticated requests

[Itish2003]

Summary

• Adds optional cookie-based authentication for the MCP server's GraphQL requests
• Reads session cookies from a JSON file specified by the LEETCODE_COOKIES_FILE env var
• Injects Cookie and x-csrftoken headers into all outgoing requests when configured
• Falls back silently to unauthenticated mode when the env var is not set (fully backwards-compatible)
• Includes a Playwright-based cookie extraction script for easy setup
• Adds 9 new auth-required tools (37 total) for submissions, notes, streaks, and favorites

What this unlocks

Authenticated LeetCode API endpoints including:

• User submission history & accepted solutions
• Private problem lists & favorites
• Contest participation & rating data
• User-specific profile details (streak, calendar, etc.)

New auth-required tools (9)

All tools include [Auth Required] prefix in their descriptions and call requireAuth() before any API request, giving a clear error when cookies aren't configured.

User tools (3)

Tool	Description
leetcode_user_status	Authenticated user info: username, isPremium, checkedInToday, notifications
leetcode_user_streak	Daily streak: streakCount, daysSkipped, currentDayCompleted
leetcode_user_favorites	User's favorite/bookmark lists with problem IDs

Problem tools (6)

Tool	Description
leetcode_submission_details	Full submission: source code, runtime, memory, percentiles, errors
leetcode_problem_note	Read user's personal note on a problem
leetcode_problem_note_update	Create/update personal note on a problem
leetcode_problem_favorite_add	Add problem to a favorites list
leetcode_problem_favorite_remove	Remove problem from a favorites list
leetcode_problem_status	Solve status for a problem (ac/notac/null) — lighter than full select

Changes

File	Change
mcp/serverUtils.ts	Added loadAuthData() for cookie injection + requireAuth() guard
mcp/types.ts	Added SubmissionDetailArgs, QuestionNoteArgs, ToggleFavoriteArgs types
mcp/leetCodeService.ts	Added 9 auth-required service functions
mcp/modules/userTools.ts	Registered 3 new auth-required user tools
mcp/modules/problemTools.ts	Registered 6 new auth-required problem tools
src/GQLQueries/index.ts	Added 8 re-exports for new queries/mutations
src/GQLQueries/*.ts	8 new files: submissionDetails, streakCounter, userStatus, questionNote, updateNote, toggleFavorite, favoritesLists, problemStatus
scripts/extract-cookies.ts	Playwright-based login flow — opens browser, waits for auth, saves cookies
README.md	Added "Authenticated requests" section
.gitignore	Added leetcode-cookies.json to prevent accidental secret commits
package.json	Added playwright as optional dep + npm run extract-cookies script

Cookie file format

{
  "LEETCODE_SESSION": "<session cookie>",
  "csrftoken": "<csrf token>",
  "cf_clearance": "<cloudflare clearance cookie>"
}

Test plan

• Verify unauthenticated mode still works (no env var set)
• Verify authenticated mode works with valid cookie file
• Verify graceful fallback when cookie file is missing or malformed
• Verify x-csrftoken header is correctly injected
• Verify scripts/extract-cookies.ts opens browser and saves cookies on login
• Verify leetcode-cookies.json is ignored by git
• All 9 auth-required tools tested against live LeetCode API
• requireAuth() guard returns clear error when cookies not configured
• leetcode_submission_details returns full source code + runtime/memory percentiles
• leetcode_problem_note_update round-trip: write note → read back confirms persistence
• leetcode_problem_favorite_add / remove both return { ok: true }
• npm run lint clean, all 236 existing tests pass (0 regressions)

🤖 Generated with Claude Code