gjrequest.js 1.0.0

package/README.md

@@ -0,0 +1,88 @@
+# gjrequest.js
+
+> A lightweight Node.js SDK for interacting with the **Geometry Dash API** (GDPlatform-powered).
+> Handles login, reading/sending messages, and fetching level scores using `gjp2`.
+
+---
+
+## Features
+
+* Login with `accountID` + password (generates `gjp2`)
+* Read inbox or sent messages
+* Send messages (Base64-encoded)
+* Fetch level scores
+* Generic endpoint requests via `requestEndpoint()`
+
+---
+
+## Installation
+
+```bash
+npm install gjrequest.js
+```
+
+> Or copy the module locally if not published.
+
+---
+
+## Usage
+
+```js
+require("dotenv").config();
+const { Client } = require("gjrequest.js");
+
+(async () => {
+    const client = new Client();
+
+    // Login securely via environment variables
+    await client.login({
+        accountID: process.env.GD_ACCOUNT_ID,
+        password: process.env.GD_PASSWORD
+    });
+
+    // Read inbox messages
+    const inbox = await client.readMessages();
+    console.log(inbox);
+
+    // Send a message
+    const sent = await client.sendMessage(
+        29294657,
+        "Hello World",
+        "This is a test message!"
+    );
+    console.log(sent);
+
+    // Get level scores
+    const scores = await client.getLevelScores(1234567);
+    console.log(scores);
+
+    // Generic endpoint request
+    const response = await client.requestEndpoint("uploadGJMessage20.php", {
+        toAccountID: 29294657,
+        subject: Buffer.from("Test").toString("base64"),
+        body: Buffer.from("Hello!").toString("base64")
+    });
+    console.log(response);
+})();
+```
+
+---
+
+## Security Notes
+
+* **Do NOT hardcode your GD password** in public repositories.
+* Use environment variables (`.env`) or other secure storage.
+* `gjp2` is generated locally; no real login is sent except the hashed payload.
+
+---
+
+## References
+
+* [GD Docs by Wyliemaster](https://wyliemaster.github.io/gddocs/)
+* [Geometry Dash API Endpoints](https://www.boomlings.com/database/)
+
+---
+
+## License
+
+MIT © SkunkPlatform

package/index.js

@@ -0,0 +1,93 @@
+const { generateGjp2 } = require("./modules/gjp");
+const { messages, read, upload } = require("./modules/message");
+const { getScores } = require("./modules/scores"); // new module we defined
+const { doPost } = require("./modules/endpoint-httprequest");
+
+class Client {
+    constructor() {
+        this.accountID = null;
+        this.gjp2 = null;
+    }
+
+    /**
+     * "Login" by providing your account ID and password
+     * for APIs that accept gjp2 (no actual login call needed)
+     */
+    async login({ accountID, password }) {
+        if (!accountID || !password) {
+            throw new Error("AccountID and password are required.");
+        }
+
+        this.accountID = accountID;
+        this.gjp2 = generateGjp2(password);
+
+        return {
+            accountID: this.accountID,
+            gjp2: this.gjp2
+        };
+    }
+
+    async getLevelScores(levelID) {
+        this._requireLogin();
+        return getScores({
+            accountID: this.accountID,
+            gjp2: this.gjp2,
+            levelID
+        });
+    }
+
+    async sendMessage(toAccountID, subject = "untitled", body = "") {
+        this._requireLogin();
+
+        // Helper to match the Python base64.b64encode(b"...").decode() logic
+        const encode = (str) => Buffer.from(str).toString('base64');
+
+        return upload({
+            accountID: this.accountID,
+            gjp2: this.gjp2,
+            toAccountID: toAccountID,
+            subject: encode(subject), // Encodes "You're dumb lol"
+            body: encode(body)         // Encodes "Mhm yep..."
+        });
+    }
+
+    async readMessage(messageID) {
+        this._requireLogin();
+
+        return read({
+            accountID: this.accountID,
+            gjp: this.gjp2,
+            messageID
+        });
+    }
+
+    async readMessages({ page = 0, sent = false } = {}) {
+        this._requireLogin();
+
+        return messages({
+            accountID: this.accountID,
+            gjp2: this.gjp2,
+            page,
+            sent
+        });
+    }
+
+    async requestEndpoint(endpoint, params = {}, secret = "Wmfd2893gb7") {
+        this._requireLogin();
+
+        // Always include accountID and gjp2
+        params.accountID = this.accountID;
+        params.gjp2 = this.gjp2;
+        params.secret = secret;
+
+        return doPost(`/database/${endpoint}`, params);
+    }
+
+    _requireLogin() {
+        if (!this.accountID || !this.gjp2) {
+            throw new Error("Client not logged in. Call login() first.");
+        }
+    }
+}
+
+module.exports = { Client };

package/modules/authentication.js

@@ -0,0 +1,54 @@
+const https = require("https");
+const querystring = require("querystring");
+
+const GD_SERVER = "www.boomlings.com";
+const SECRET = "Wmfd2893gb7"; // standard for user/score APIs
+
+function doPost(path, params) {
+    return new Promise((resolve, reject) => {
+        const postData = querystring.stringify(params);
+
+        const options = {
+            hostname: GD_SERVER,
+            path,
+            method: "POST",
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Content-Length": Buffer.byteLength(postData),
+                "User-Agent": "GeometryDash/2.11"
+            }
+        };
+
+        const req = https.request(options, (res) => {
+            let data = "";
+            res.on("data", chunk => data += chunk);
+            res.on("end", () => resolve(data));
+        });
+
+        req.on("error", reject);
+        req.write(postData);
+        req.end();
+    });
+}
+
+/**
+ * Get scores for a level
+ * @param {Object} opts
+ * Required fields:
+ *   - accountID
+ *   - gjp2 (encrypted password)
+ *   - levelID
+ *   - secret (optional, defaults to GD_SERVER secret)
+ */
+async function getScores({ accountID, gjp2, levelID }) {
+    const params = {
+        accountID,
+        gjp2,
+        levelID,
+        secret: SECRET
+    };
+
+    return doPost("/database/getGJScores20.php", params);
+}
+
+module.exports = { getScores };

package/modules/endpoint-httprequest.js

@@ -0,0 +1,36 @@
+const https = require("https");
+const querystring = require("querystring");
+
+const GD_SERVER = "www.boomlings.com";
+
+/**
+ * Generic POST request helper for Geometry Dash endpoints
+ */
+function doPost(path, params, userAgent = "GeometryDash/2.11") {
+    return new Promise((resolve, reject) => {
+        const postData = querystring.stringify(params);
+
+        const options = {
+            hostname: GD_SERVER,
+            path,
+            method: "POST",
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Content-Length": Buffer.byteLength(postData),
+                "User-Agent": userAgent
+            }
+        };
+
+        const req = https.request(options, (res) => {
+            let data = "";
+            res.on("data", chunk => data += chunk);
+            res.on("end", () => resolve(data));
+        });
+
+        req.on("error", reject);
+        req.write(postData);
+        req.end();
+    });
+}
+
+module.exports = { doPost };

package/modules/gjp.js

@@ -0,0 +1,60 @@
+const crypto = require("crypto");
+
+const XOR_KEY = "37526";
+const SALT = "mI29fmAnxgTs";
+
+// XOR cipher
+function xorCipher(input, key = XOR_KEY) {
+    const inputBuffer = Buffer.from(input, "utf8");
+    const keyBuffer = Buffer.from(key, "utf8");
+
+    const output = Buffer.alloc(inputBuffer.length);
+
+    for (let i = 0; i < inputBuffer.length; i++) {
+        output[i] = inputBuffer[i] ^ keyBuffer[i % keyBuffer.length];
+    }
+
+    return output.toString("utf8");
+}
+
+// SHA1(password + salt)
+function generateGjp2(password = "", salt = SALT) {
+    return crypto
+        .createHash("sha1")
+        .update(password + salt)
+        .digest("hex");
+}
+
+// XOR + Base64 (URL-safe)
+function encodeGjp(password) {
+    const xored = xorCipher(password);
+
+    return Buffer.from(xored, "utf8")
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, ""); // remove padding (GD-safe)
+}
+
+// Reverse URL-safe Base64 + XOR
+function decodeGjp(gjp) {
+    // Restore URL-safe chars
+    let normalized = gjp
+        .replace(/-/g, "+")
+        .replace(/_/g, "/");
+
+    // Restore padding
+    while (normalized.length % 4) {
+        normalized += "=";
+    }
+
+    const decoded = Buffer.from(normalized, "base64").toString("utf8");
+
+    return xorCipher(decoded);
+}
+
+module.exports = {
+    generateGjp2,
+    encodeGjp,
+    decodeGjp
+};

package/modules/message.js

@@ -0,0 +1,94 @@
+const https = require("https");
+const querystring = require("querystring");
+
+const GD_SERVER = "www.boomlings.com"; // primary Geometry Dash API server
+const SECRET = "Wmfd2893gb7"; // the secret param required for most GD API requests
+
+function doPost(path, params) {
+    return new Promise((resolve, reject) => {
+        const postData = querystring.stringify(params);
+
+        const options = {
+            hostname: GD_SERVER,
+            path,
+            method: "POST",
+            headers: {
+                "User-Agent": "",
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Content-Length": Buffer.byteLength(postData)
+            }
+        };
+
+        const req = https.request(options, (res) => {
+            let data = "";
+            res.on("data", (chunk) => {
+                data += chunk;
+            });
+            res.on("end", () => {
+                resolve(data);
+            });
+        });
+
+        req.on("error", reject);
+        req.write(postData);
+        req.end();
+    });
+}
+
+/**
+ * Upload (send) a private message
+ * @param {Object} opts 
+ * Required fields typically include:
+ *   - accountID
+ *   - gjp (GJP2 hash of password)
+ *   - message (text)
+ *   - toAccountID (the user you’re messaging)
+ */
+async function upload(opts) {
+    const params = {
+        secret: SECRET,
+        accountID: opts.accountID,
+        gjp2: opts.gjp2, // Use gjp2 for modern 2.2+ auth
+        toAccountID: opts.toAccountID,
+        subject: opts.subject, // API expects 'subject'
+        body: opts.body,       // API expects 'body'
+        gameVersion: 22,
+        binaryVersion: 42,
+        gdw: 0
+    };
+
+    return doPost("/database/uploadGJMessage20.php", params);
+}
+
+/**
+ * Read (download) a private message
+ * @param {Object} opts 
+ * Required fields typically include:
+ *   - accountID
+ *   - gjp
+ *   - messageID (the ID of the message to download)
+ */
+async function read(opts) {
+    const params = {
+        secret: SECRET,
+        accountID: opts.accountID,
+        gjp: opts.gjp,
+        messageID: opts.messageID,
+    };
+
+    return doPost("/database/downloadGJMessage20.php", params);
+}
+
+async function messages(opts) {
+    const params = {
+        secret: SECRET,
+        accountID: opts.accountID,
+        gjp2: opts.gjp2, // SHA1(password + "mI29fmAnxgTs")
+        page: opts.page || 0,     // optional (default 0)
+        getSent: opts.sent ? 1 : 0 // optional (0 = inbox, 1 = sent)
+    };
+
+    return doPost("/database/getGJMessages20.php", params);
+}
+
+module.exports = { upload, read, messages };

package/modules/scores.js

@@ -0,0 +1,53 @@
+const https = require("https");
+const querystring = require("querystring");
+
+const GD_SERVER = "www.boomlings.com";
+const SECRET = "Wmfd2893gb7"; // standard for user/score APIs
+
+function doPost(path, params) {
+    return new Promise((resolve, reject) => {
+        const postData = querystring.stringify(params);
+
+        const options = {
+            hostname: GD_SERVER,
+            path,
+            method: "POST",
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Content-Length": Buffer.byteLength(postData),
+                "User-Agent": "GeometryDash/2.11"
+            }
+        };
+
+        const req = https.request(options, (res) => {
+            let data = "";
+            res.on("data", chunk => data += chunk);
+            res.on("end", () => resolve(data));
+        });
+
+        req.on("error", reject);
+        req.write(postData);
+        req.end();
+    });
+}
+
+/**
+ * Get scores for a level
+ * @param {Object} opts
+ * Required fields:
+ *   - accountID
+ *   - gjp2 (SHA1 hash of your password)
+ *   - levelID
+ */
+async function getScores({ accountID, gjp2, levelID }) {
+    const params = {
+        accountID,
+        gjp2,
+        levelID,
+        secret: SECRET
+    };
+
+    return doPost("/database/getGJScores20.php", params);
+}
+
+module.exports = { getScores };

package/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "gjrequest.js",
+  "version": "1.0.0",
+  "description": "Geometry Dash API - Powered by GDPlatform.",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "geometry dash",
+    "gd",
+    "api",
+    "gjrequest"
+  ],
+  "author": "SkunkPlatform",
+  "license": "MIT",
+  "type": "commonjs"
+}

package/test.js

@@ -0,0 +1,21 @@
+const { Client } = require("./index");
+
+(async () => {
+    const client = new Client();
+
+    await client.login({
+        accountID: 1234567890, // AccountID
+        password: "insert your gd password" // Use your Geometry Dash Password on other account. ACTION REQUIRED: Environment Variables, DO NOT SHARE GD PASSWORD TO YOUR PUBLIC REPOSITORY THAT WILL POSSIBLE CAUSE RISKS. DO NOT ATTEMP TO SHARE.
+    });
+
+    const messages = await client.readMessages();
+    console.log(messages);
+
+    const submitted = await client.sendMessage(
+        29294657, // Send to an Account ID
+        "Subject", // this subject will be base64.
+        "Body" // this body will be base64.
+    );
+
+    console.log(submitted);
+})();