blox-api
Version:
Roblox web API wrapper for Node.js
116 lines • 4.1 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.refreshSessionFromCookie = exports.getSecuritySettingsToken = exports.getCSRFToken = void 0;
const request = __importStar(require("superagent"));
/**
* Gets the current CSRF token by sending an invalid request to the sign-out endpoint
*
* @param session Current [[RobloxClient]] session
*/
async function getCSRFToken(session) {
try {
const httpRes = await request
.post("https://auth.roblox.com/v1/logout")
.set("Cookie", session.cookie)
.redirects(0)
.ok((res) => {
return res.status === 403;
});
const csrfToken = httpRes.header["x-csrf-token"];
if (csrfToken) {
return csrfToken;
}
else {
throw new Error("Did not receive x-csrf-token header");
}
}
catch (e) {
throw new Error(e);
}
}
exports.getCSRFToken = getCSRFToken;
/**
* Gets the token required to make changes to security settings
*
* @param session Current [[RobloxClient]] session
*/
async function getSecuritySettingsToken(session) {
try {
const httpRes = await request
.get("https://www.roblox.com/my/account#!/security")
.set("Cookie", session.cookie)
.set("Accept", "*/*")
.redirects(0)
.ok((res) => {
return res.status === 200 || res.status === 302;
});
if (httpRes.status === 302) {
throw new Error("Invalid cookie: " + session.cookie);
}
if (httpRes.header["set-cookie"]) {
const match = httpRes.header["set-cookie"].toString().match(/__RequestVerificationToken=(.*?);/);
if (match) {
return match[1];
}
}
throw new Error("Did not receive __RequestVerificationToken");
}
catch (e) {
throw new Error(e);
}
}
exports.getSecuritySettingsToken = getSecuritySettingsToken;
/**
* Signs out all other sessions and generates a new .ROBLOSECURITY cookie
*
* @param cookie .ROBLOSECURITY cookie value
*/
async function refreshSessionFromCookie(cookie) {
const newSession = {
cookie,
};
if (!newSession.cookie.includes(".ROBLOSECURITY=")) {
newSession.cookie = ".ROBLOSECURITY=" + cookie;
}
const secToken = await getSecuritySettingsToken(newSession);
const csrfToken = await getCSRFToken(newSession);
const httpRes = await request
.post("https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate")
.send("__RequestVerificationToken=" + secToken)
.set("X-CSRF-TOKEN", csrfToken)
.set("Cookie", newSession.cookie);
if (httpRes.header["set-cookie"]) {
const match = httpRes.header["set-cookie"].toString().match(/\.ROBLOSECURITY=(.*?);/);
if (match) {
newSession.cookie = ".ROBLOSECURITY=" + match[1];
}
else {
throw new Error(".ROBLOSECURITY was not set");
}
}
else {
throw new Error("No cookies were set");
}
return newSession;
}
exports.refreshSessionFromCookie = refreshSessionFromCookie;
//# sourceMappingURL=auth.js.map