roblox-ts-core 0.0.1-security.1 → 4.6.8

package/lib/util/getPageResults.js

@@ -0,0 +1,89 @@
+// Includes
+const http = require('./http.js').func
+
+// Args
+exports.required = ['url', 'query', 'limit']
+exports.optional = ['jar', 'sortOrder']
+
+// Docs
+/**
+ * ✅ Handle pagination returned by Roblox.
+ * @category Utility
+ * @alias getPageResults
+ * @param {string} url - The url to retrieve the page results from.
+ * @param {string} query - Any query parameters to add to the url.
+ * @param {SortOrder=} sortOrder - The order to sort the results by.
+ * @param {Limit=} limit - The maximum number of results to return. Following 'pages' of results will be requested until
+ * this limit of results is reached.
+ * @param {string=} pageCursor - Current page index
+ * @returns {Promise<Array>}
+ * @example const noblox = require("noblox.js")
+ * const inventory = await noblox.getPageResults("//inventory.roblox.com/v2/users/1/inventory", "Shirt", "Asc", 100)
+**/
+
+// Define
+function getPageResults (jar, url, query, sortOrder, limit, pageCursor, results) {
+  return new Promise((resolve, reject) => {
+    const allowedLimits = [10, 25, 50, 100]
+
+    const httpOpt = {
+      url: url,
+      options: {
+        qs: {
+          limit: limit <= 100 ? allowedLimits.reduce((prev, curr) => Math.abs(curr - limit) < Math.abs(prev - limit) ? curr : prev) : 100, // Get the most fit page limit within the boundries.
+          cursor: pageCursor || '', // Add page cursor.
+          ...query // Add asset types.
+        },
+        method: 'GET',
+        resolveWithFullResponse: true,
+        jar: jar,
+        json: true
+      }
+    }
+    return http(httpOpt).then((res) => {
+      let body = res.body
+      if (typeof (body) === 'string') body = JSON.parse(body.trim())
+
+      const data = body.data
+
+      if (body.errors && body.errors.length > 0) {
+        const errors = body.errors.map((e) => {
+          return e.message
+        })
+
+        return reject(new Error(`${res.statusCode} ${errors.join(', ')}`))
+      }
+
+      results = results ? results.concat(data) : data
+
+      if (results.length > limit) {
+        results = results.slice(0, limit)
+      }
+
+      if (results.length >= limit || data.length === 0 || !body.nextPageCursor) {
+        return resolve(results)
+      }
+
+      resolve(getPageResults(jar, url, query, sortOrder, limit, body.nextPageCursor, results))
+    })
+      .catch(error => reject(error))
+  })
+}
+
+function parseDates (results) {
+  return new Promise((resolve, reject) => {
+    if (!results) return resolve([])
+
+    resolve(results.map(result => {
+      if (result.created) result.created = new Date(result.created)
+      if (result.updated) result.updated = new Date(result.updated)
+      return result
+    }))
+  })
+}
+
+exports.func = function (args) {
+  return getPageResults(args.jar, args.url, args.query, args.sortOrder, args.limit).then(results => {
+    return parseDates(results)
+  })
+}

package/lib/util/getSenderUserId.js

@@ -0,0 +1,30 @@
+// Includes
+const getCurrentUser = require('./getCurrentUser.js').func
+const getHash = require('./getHash.js').func
+const cache = require('../cache')
+
+// Args
+exports.optional = ['jar']
+
+// Docs
+/**
+ * 🔐 Get the userId of the current user and cache it.
+ * @category Utility
+ * @alias getSenderUserId
+ * @param {CookieJar=} jar - The CookieJar containing the .ROBLOSECURITY cookie.
+ * @returns {Promise<number>}
+ * @example const noblox = require("noblox.js")
+ * // Login using your cookie.
+ * const userId = await noblox.getSenderUserId()
+**/
+
+// Define
+exports.func = function (args) {
+  const jar = args.jar
+  return cache.wrap('SenderID', getHash({ jar: jar }), function () {
+    return getCurrentUser({ jar: jar })
+      .then(function (info) {
+        return info.UserID
+      })
+  })
+}

package/lib/util/getSession.js

@@ -0,0 +1,38 @@
+// Includes
+const settings = require('../../settings.json')
+const options = require('../options.js')
+
+// Args
+exports.optional = ['jar']
+
+// Docs
+/**
+ * 🔐 Get the .ROBLOSECURITY cookie from the jar.
+ * @category Utility
+ * @alias getSession
+ * @param {CookieJar=} jar - The cookie jar containing the .ROBLOSECURITY cookie.
+ * @returns {string}
+ * @example const noblox = require("noblox.js")
+ * // Login using your cookie.
+ * const cookie = await noblox.getSession()
+**/
+
+// Define
+exports.func = function (args) {
+  const jar = args.jar || options.jar
+  if (settings.session_only) {
+    if (typeof jar === 'string') {
+      return jar
+    }
+    return jar.session
+  } else {
+    const cookies = jar.getCookies('https://roblox.com')
+    for (let i = 0; i < cookies.length; i++) {
+      const element = cookies[i]
+      if (element.key === '.ROBLOSECURITY') {
+        return element.value
+      }
+    }
+    return ''
+  }
+}

package/lib/util/getVerification.js

@@ -0,0 +1,60 @@
+// Includes
+const http = require('./http.js').func
+const getHash = require('./getHash.js').func
+const getVerificationInputs = require('./getVerificationInputs.js').func
+const cache = require('../cache')
+const URL = require('url').URL
+
+// Args
+exports.required = ['url']
+exports.optional = ['ignoreCache', 'getBody', 'jar']
+
+// Docs
+/**
+ * 🔐 Get the RequestVerificationToken from a url.
+ * @category Utility
+ * @alias getVerification
+ * @param {string} url - The url to get the token from.
+ * @param {boolean=} [ignoreCache=false] - Determines whether the cache be ignored or not.
+ * @param {boolean=} [getBody=false] - If the body and inputs should be returned in an object
+ * @param {CookieJar=} jar - The CookieJar containing the .ROBLOSECURITY cookie.
+ * @returns {Promise<GetVerificationResponse>}
+ * @example const noblox = require("noblox.js")
+ * // Login using your cookie.
+ * const verificationTokenInfo = await noblox.getVerification()
+**/
+
+// Define
+function getVerification (jar, url, getBody) {
+  const httpOpt = {
+    url: url,
+    options: {
+      resolveWithFullResponse: true,
+      jar: jar
+    }
+  }
+  return http(httpOpt)
+    .then(function (res) {
+      const inputs = getVerificationInputs({ html: res.body })
+      let match
+      if (res.headers && res.headers['set-cookie']) {
+        match = res.headers['set-cookie'].toString().match(/__RequestVerificationToken=(.*?);/)
+      }
+      return {
+        body: (getBody ? res.body : null),
+        inputs: inputs,
+        header: match && match[1]
+      }
+    })
+}
+
+exports.func = function (args) {
+  const jar = args.jar
+  if (args.ignoreCache) {
+    return getVerification(jar, args.url, args.getBody)
+  } else {
+    return cache.wrap('Verify', new URL(args.url).pathname + getHash({ jar: jar }), function () {
+      return getVerification(jar, args.url, args.getBody)
+    })
+  }
+}

package/lib/util/getVerificationInputs.js

@@ -0,0 +1,31 @@
+// Dependencies
+const parser = require('cheerio')
+
+// Args
+exports.required = [['html', 'selector']]
+
+// Docs
+/**
+ * ✅ Get the verification inputs from the html.
+ * @category Utility
+ * @alias getVerificationInputs
+ * @param {string | function} html | selector - The html to search or the cheerio selector to use.
+ * @returns {Inputs}
+ * @example const noblox = require("noblox.js")
+ * const inputs = noblox.getVerificationInputs("htmlstuff")
+**/
+
+// Define
+exports.func = function (args) {
+  let $ = args.selector
+  if (!$) {
+    $ = parser.load(args.html)
+  }
+  const inputs = {}
+  const find = ['__VIEWSTATE', '__VIEWSTATEGENERATOR', '__EVENTVALIDATION', '__RequestVerificationToken']
+  for (let i = 0; i < find.length; i++) {
+    const get = find[i]
+    inputs[get] = $('input[name=' + get + ']').val()
+  }
+  return inputs
+}

package/lib/util/http.js

@@ -0,0 +1,110 @@
+// Dependencies
+let request = require('request-promise')
+
+// Includes
+const options = require('../options.js')
+const settings = require('../../settings.json')
+const cache = require('../cache')
+const getHash = require('./getHash.js').func
+
+// Args
+exports.required = ['url']
+exports.optional = ['options', 'ignoreLoginError']
+
+// Define
+request = request.defaults({
+  forever: true,
+  agentOptions: {
+    maxSockets: Infinity
+  },
+  simple: false,
+  gzip: true,
+  timeout: settings.timeout
+})
+
+// Docs
+/**
+ * ✅ Send an http request to url with options.
+ * @category Utility
+ * @alias http
+ * @param {string} url - The url to request to.
+ * @param {object} options - The options to send with the request.
+ * @param {boolean} ignoreLoginError - If any login errors should be ignored.
+ * @returns {Promise<string>}
+ * @example const noblox = require("noblox.js")
+ * const body = await noblox.http("https://roblox.com/login", { method: "GET" })
+**/
+
+function http (url, opt) {
+  if (opt && !opt.jar && Object.keys(opt).indexOf('jar') > -1) {
+    opt.jar = options.jar
+  }
+  if (settings.session_only && opt && opt.jar) {
+    if (!opt.headers) {
+      opt.headers = {}
+    }
+    opt.headers.cookie = '.ROBLOSECURITY=' + opt.jar.session + ';'
+    opt.headers['x-api-key'] = opt.jar.apiKey
+    opt.jar = null
+  }
+  if (opt && opt.verification) {
+    if (!opt.headers) {
+      opt.headers = {}
+    }
+    const verify = '__RequestVerificationToken=' + opt.verification + ';'
+    if (opt.headers.cookie) {
+      opt.headers.cookie += verify
+    } else {
+      opt.headers.cookie = verify
+    }
+  }
+  if (url.indexOf('http') !== 0) {
+    url = 'https:' + url
+  }
+  return request(url, opt)
+}
+
+exports.func = function (args) {
+  const opt = args.options || {}
+  if (typeof opt.jar === 'string') {
+    opt.jar = { session: opt.jar }
+  }
+  const jar = opt.jar
+  let depth = args.depth || 0
+  const full = opt.resolveWithFullResponse || false
+  opt.resolveWithFullResponse = true
+  const follow = opt.followRedirect === undefined || opt.followRedirect
+  opt.followRedirect = function (res) {
+    if (!args.ignoreLoginError && res.headers.location && (res.headers.location.startsWith('https://www.roblox.com/newlogin') || res.headers.location.startsWith('/Login/Default.aspx'))) {
+      return false
+    }
+    return follow
+  }
+  return http(args.url, opt).then(function (res) {
+    if (opt && opt.headers && opt.headers['X-CSRF-TOKEN']) {
+      if (res.statusCode === 403 && (res.statusMessage === 'XSRF Token Validation Failed' || res.statusMessage === 'Token Validation Failed')) {
+        depth++
+        if (depth >= 3) {
+          throw new Error('Tried ' + depth + ' times and could not refresh XCSRF token successfully')
+        }
+        const token = res.headers['x-csrf-token']
+        if (token) {
+          opt.headers['X-CSRF-TOKEN'] = token
+          opt.jar = jar
+          args.depth = depth + 1
+          return exports.func(args)
+        } else {
+          throw new Error('Could not refresh X-CSRF-TOKEN')
+        }
+      } else {
+        if (depth > 0) {
+          cache.add(options.cache, 'XCSRF', getHash({ jar: jar }), opt.headers['X-CSRF-TOKEN'])
+        }
+      }
+    }
+    if (res.statusCode === 302 && !args.ignoreLoginError && res.headers.location && (res.headers.location.startsWith('https://www.roblox.com/newlogin') || res.headers.location.startsWith('/Login/Default.aspx'))) {
+      throw new Error('You are not logged in')
+    }
+    return full ? res : res.body
+  })
+}

package/lib/util/jar.js

@@ -0,0 +1,24 @@
+// Dependencies
+const request = require('request-promise')
+
+// Includes
+const settings = require('../../settings.json')
+
+// Docs
+/**
+ * ✅ Create a jar file based on sessionOnly.
+ * @category Utility
+ * @alias jar
+ * @param {boolean=} sessionOnly - The session to use to create the jar file.
+ * @returns {CookieJar}
+ * @example const noblox = require("noblox.js")
+ * const jar = noblox.jar()
+**/
+
+// Define
+exports.func = function (sessionOnly) {
+  if (!sessionOnly) {
+    sessionOnly = settings.session_only
+  }
+  return (sessionOnly ? { session: '' } : request.jar())
+}

package/lib/util/refreshCookie.js

@@ -0,0 +1,52 @@
+// Includes
+const options = require('../options.js')
+const getGeneralToken = require('./getGeneralToken.js').func
+const http = require('./http.js').func
+// Args
+exports.required = []
+exports.optional = ['cookie']
+
+// Docs
+/**
+ * 🔐 Refreshes the stored cookie, stores it, and returns it.
+ * @category Utility
+ * @deprecated [Retrieving your .ROBLOSECURITY cookie in incognito mode should make a cookie that does not expire.]{@link https://noblox.js.org/tutorial-Authentication.html}
+ * @alias refreshCookie
+ * @param {string=} cookie - The cookie to refresh.
+ * @returns {Promise<string>}
+ * @example const noblox = require("noblox.js")
+ * const newCookie = await noblox.refreshCookie("COOKIEHERE")
+**/
+
+// Refreshes the internally stored cookie, or the cookie provided
+// Stores the new cookie & returns it
+function refreshCookie (cookie) {
+  if (cookie) {
+    options.jar.session = cookie
+  }
+
+  return getGeneralToken({}).then((token) => {
+    return http({
+      url: 'https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate',
+      options: {
+        method: 'POST',
+        resolveWithFullResponse: true,
+        jar: null,
+        headers: {
+          'X-CSRF-TOKEN': token
+        }
+      }
+    }).then((res) => {
+      const cookies = res.headers['set-cookie']
+      if (cookies) {
+        const cookie = cookies.toString().match(/\.ROBLOSECURITY=(.*?);/)[1]
+        options.jar.session = cookie
+        return cookie
+      } else {
+        throw new Error('Failed to refresh cookie: None returned.')
+      }
+    })
+  })
+}
+
+module.exports = refreshCookie

package/lib/util/relog.js

@@ -0,0 +1,81 @@
+// Includes
+const options = require('../options.js')
+const getGeneralToken = require('./getGeneralToken.js').func
+const getVerification = require('./getVerification.js').func
+const getCurrentUser = require('./getCurrentUser.js').func
+const http = require('./http.js').func
+const cookieFile = './cookie'
+const fs = require('fs')
+// Args
+exports.required = ['cookie']
+exports.optional = []
+
+const day = 86400000
+
+// Define
+const relog = (cookie) => {
+  if (!cookie) throw new Error('no cookie supplied?')
+  options.jar.session = cookie
+  return getVerification({ url: 'https://www.roblox.com/my/account#!/security' })
+    .then((ver) => {
+      if (!ver.header) console.log('Bad cookie.')
+      return getGeneralToken({}).then((token) => {
+        return http({
+          url: 'https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate',
+          options: {
+            method: 'POST',
+            resolveWithFullResponse: true,
+            verification: ver.header,
+            jar: null,
+            headers: {
+              'X-CSRF-TOKEN': token
+            },
+            form: {
+              __RequestVerificationToken: ver.inputs.__RequestVerificationToken
+            }
+          }
+        }).then((res) => {
+          const cookies = res.headers['set-cookie']
+          if (cookies) {
+            options.jar.session = cookies.toString().match(/\.ROBLOSECURITY=(.*?);/)[1]
+
+            fs.writeFile(cookieFile, JSON.stringify({ cookie: options.jar.session, time: Date.now() }), (err) => {
+              if (err) {
+                console.error('Failed to write cookie')
+              }
+              return true
+            })
+          }
+        })
+      })
+    })
+}
+module.exports = c
+
+async function c (cookie) {
+  // Check for file
+  if (fs.existsSync(cookieFile)) {
+    const json = JSON.parse(fs.readFileSync(cookieFile))
+
+    // Check its new enough
+    if (json.time + day > Date.now()) {
+      // Its recent enough. Try it.
+      try {
+        await relog(json.cookie)
+        return getCurrentUser({})
+      } catch (e) {
+        console.log('Stored relog failed. Trying with given.')
+      }
+    }
+  }
+  if (cookie) {
+    // Try the user's cookie
+    try {
+      await relog(cookie)
+      return getCurrentUser({})
+    } catch (e) {
+      console.error(e)
+    }
+  }
+  throw new Error('No cookie supplied and no cookie file available.')
+}

package/lib/util/setOptions.js

@@ -0,0 +1,54 @@
+const settings = require('../../settings.json')
+
+// Docs
+/**
+ * ✅ Updates library options. This allows you to modify settings such as time-out, or number of event retries without
+ * altering the settings.json file. Objects passed to this function should match the format of the settings.json file.
+ * Unknown keys, or malformed options will be rejected with an error.
+ * @category Utility
+ * @param {NobloxOptions} newOptions - The new options to set, structured as per [settings.json](https://github.com/noblox/noblox.js/blob/master/settings.json)
+ * @returns void
+ * @see [settings.json](https://github.com/noblox/noblox.js/blob/master/settings.json) - default package settings
+ * @example const noblox = require("noblox.js")
+ * // This example overrides getPlayerThumbnail()'s response URL when a thumbnail is moderated.
+ * // You usually want to run this before logging in with your cookie.
+ * noblox.setOptions({
+ *  thumbnail: {
+ *    failedUrl: {
+ *      blocked: "https://raw.githubusercontent.com/noblox/noblox.js/master/img/noblox-js.png"
+ *    }
+ *  }
+ * })
+ */
+function setOptions (newOptions) {
+  return setOptionsLevel(settings, newOptions)
+}
+
+// This function allows key validation to be performed at different "levels" of nesting.
+// Ensures the provided keys already exist, and discards invalid keys.
+function setOptionsLevel (settingsLevel, inputObj) {
+  const keys = Object.keys(inputObj)
+
+  for (const key of keys) {
+    const newValue = inputObj[key]
+    const currentValue = settingsLevel[key]
+
+    if (currentValue !== undefined) {
+      if (typeof currentValue === 'object') {
+        if (typeof inputObj[key] !== 'object') {
+          throw new Error(`Tried to set options key ${key}, an object, to a non-object value: ${newValue}`)
+        }
+
+        setOptionsLevel(currentValue, newValue)
+      } else {
+        // it's not undefined, and it's not a nested object - set the value.
+        settingsLevel[key] = newValue
+      }
+    } else {
+      // The key doesn't exist
+      throw new Error(`Tried to set option "${key}". This option does not exist, or has been nested incorrectly.`)
+    }
+  }
+}
+
+exports.func = setOptions

package/lib/util/shortPoll.js

@@ -0,0 +1,102 @@
+// Dependencies
+const events = require('events')
+
+// Includes
+const settings = require('../../settings.json')
+const promiseTimeout = require('../internal/timeout')
+
+// Args
+exports.required = ['getLatest', 'delay']
+exports.optional = ['timeout']
+
+// Docs
+/**
+ * @typedef {function} getLatest
+ * @param {number} latest - A value representing the latest version.
+ * @param {EventEmitter} event - The event emitter to emit to.
+*/
+
+/**
+ * ✅ This is the base for events that do not rely on true streams. The `getLatest` function receives some value that represents the latest version of something (eg. a date or unique ID) and determines if there is new information, every time it is fired it waits `delay` ms before being fired again. Every time it must return an object with the field `latest`, representing the latest value (which will not change if new information was not received), and an array `data` which has the new values (if there are multiple they each have their own index, if there is only one then it is by itself in the array). If `latest` is equal to -2, the returned data will be processed even if it is the initial run (which usually only establishes the latest value). If the return object has a true `repeat` value, the function latest will be run again immediately after. If `delay` is a string it will take the number from that string key in the `event` object of the settings.json file.
+ * When the function is first called it will initialize `getLatest` with the value -1 and then emit the `connect` event. Whenever data is received, it will emit the `data` event for each value. If the `close` event is emitted the function will no longer run. If an error occurs the `error` event will be emitted, the function will log a retry and after the number of max retries as specified by settings, it will emit the `close` event.
+ * The `getLatest` function will be marked as failed if it does not resolve within `timeout` ms (which can be disabled if timeout is negative). If getLatest fails for any reason (including timeout) it will be retried `maxRetries` times before stopping.
+ * @category Utility
+ * @alias shortPoll
+ * @param {function} getLatest - The function to use to get the latest. Should return an object with key 'data' - an array containing output data,
+ * and the new 'latest' value.
+ * @returns {Promise<GetLatestResponse>}
+**/
+
+// Define
+exports.func = function (args) {
+  const latest = args.getLatest
+  let delay = args.delay
+  delay = (typeof delay === 'string' || delay instanceof String ? settings.event[delay] : delay) || settings.event.defaultDelay
+  let retries = 0
+  const max = settings.event.maxRetries
+  const timeout = args.timeout || settings.event.timeout
+  let stop = false
+  let current
+  const evt = new events.EventEmitter()
+  const run = function (value) {
+    if (stop) {
+      return
+    }
+    let promise = latest(value, evt)
+    if (timeout > 0) {
+      promise = promiseTimeout(promise, timeout)
+    }
+    return promise.then(function (response) {
+      if (stop) {
+        return
+      }
+      if (value === -1) {
+        current = response.latest
+      }
+      retries = 0
+      const data = response.data
+      if (data.length > 0 && (value !== -1 || current === -2)) {
+        current = response.latest
+        for (let i = 0; i < data.length; i++) {
+          evt.emit('data', data[i])
+        }
+      }
+      if (response.repeat) {
+        run(current)
+      } else {
+        setTimeout(run, delay, current)
+      }
+      return response
+    })
+      .catch(function (err) {
+        if (stop) {
+          return
+        }
+        evt.emit('error', err)
+        retries++
+        if (retries > max) {
+          evt.emit('close', new Error('Max retries reached'))
+        } else {
+          setTimeout(run, delay, current)
+        }
+      })
+  }
+
+  run(-1)
+    .then(function (response) {
+      if (stop) {
+        return
+      }
+      evt.emit('connect', response.latest)
+    })
+    .catch(function (err) {
+      evt.emit('close', new Error('Initialization failed: ' + err.message))
+    })
+  evt.on('close', function (err) {
+    stop = true
+    if (err) {
+      evt.emit('error', err)
+    }
+  })
+  return evt
+}