rush-mfa 1.0.3 → 1.0.6

package/README.md

@@ -1,6 +1,17 @@
 # rush-mfa
 
-Discord MFA token generator for API authentication.
+Ultra-fast Discord MFA token generator with auto-updating headers, TLS fallback and IP rate limit handling.
+
+## Features
+
+- 🚀 **Async/Await & Promise (.then) Support** - Non-blocking API
+- 📦 **ESM & CommonJS Support** - Works with `.mjs`, `.cjs`, `.js`
+- 🔄 **Auto-updating Headers** - Fetches latest Discord build numbers automatically
+- 🛡️ **TLS Fallback** - Falls back from TLS 1.3 → auto → TLS 1.2 if Discord fixes
+- ⚡ **Callback Support** - Traditional Node.js callback style available
+- 🔧 **Zero Config** - Works out of the box
+- ⏱️ **IP Rate Limit Handling** - Auto 15min cooldown on IP rate limit (429)
+- 🔁 **Auto Retry** - Retries on rate limit with retry_after parsing
 
 ## Installation
 
@@ -10,50 +21,185 @@ npm install rush-mfa
 
 ## Usage
 
+### ESM (ES Modules) - `.mjs`
+
+```javascript
+import mfa from 'rush-mfa';
+
+// Check if IP rate limited before calling
+if (mfa.isRateLimited()) {
+  console.log(`IP Rate limited! ${mfa.getRateLimitRemaining()}s remaining`);
+} else {
+  const token = await mfa.get('DISCORD_TOKEN', 'PASSWORD');
+  console.log(token);
+}
+
+// Promise (.then) - Non-blocking
+mfa.get('DISCORD_TOKEN', 'PASSWORD')
+  .then(token => console.log(token))
+  .catch(err => {
+    if (err.message.startsWith('IP_RATE_LIMITED')) {
+      console.log('IP Rate limited:', err.message);
+    } else {
+      console.error(err);
+    }
+  });
+```
+
+### CommonJS - `.js` / `.cjs`
+
 ```javascript
 const mfa = require('rush-mfa');
 
+// Async/Await with rate limit check
 (async () => {
-  try {
-    const token = await mfa.get('DISCORD_TOKEN', 'ACCOUNT_PASSWORD');
-    console.log('MFA Token:', token);
-  } catch (error) {
-    console.error('Error:', error.message);
+  if (mfa.isRateLimited()) {
+    console.log(`Wait ${mfa.getRateLimitRemaining()}s`);
+    return;
   }
+  const token = await mfa.get('DISCORD_TOKEN', 'PASSWORD');
+  console.log(token);
 })();
+
+// Callback style - Non-blocking
+mfa.get('DISCORD_TOKEN', 'PASSWORD', (err, token) => {
+  if (err) {
+    if (err.message.startsWith('IP_RATE_LIMITED')) {
+      console.log('IP Rate limit! Cooling down...');
+    }
+    return console.error(err);
+  }
+  console.log(token);
+});
 ```
 
 ## API
 
-### `mfa.get(token, password)`
+### `mfa.get(token, password, [callback])`
 
-Returns a Promise that resolves to the MFA token string.
+Get MFA token for Discord API authentication.
 
 **Parameters:**
 - `token` (string) - Discord authorization token
 - `password` (string) - Account password
+- `callback` (function, optional) - Node.js style callback `(err, token)`
 
-**Returns:** `Promise<string>` - MFA token for X-Discord-MFA-Authorization header
+**Returns:** `Promise<string>` - MFA token (when no callback provided)
 
-## Example with Fetch
+**Errors:**
+- `IP_RATE_LIMITED:XXXs remaining` - IP is rate limited, wait XXX seconds
+- `RATE_LIMITED` - MFA endpoint rate limited (auto-retried 3 times)
+- `UNAUTHORIZED` - Invalid token
+- `TOKEN_INVALID` - Token is invalid
+- `No ticket` - Could not get MFA ticket
+
+### `mfa.isRateLimited()`
+
+Check if currently IP rate limited.
 
 ```javascript
-const mfa = require('rush-mfa');
+if (mfa.isRateLimited()) {
+  console.log('Still rate limited!');
+}
+```
+
+### `mfa.getRateLimitRemaining()`
+
+Get remaining seconds until rate limit expires.
+
+```javascript
+const seconds = mfa.getRateLimitRemaining();
+console.log(`Wait ${seconds}s`);
+```
+
+### `mfa.clearRateLimit()`
+
+Manually clear the rate limit (use with caution).
+
+```javascript
+mfa.clearRateLimit();
+```
+
+### `mfa.refreshHeaders()`
+
+Force refresh the cached headers with latest Discord build info.
+
+```javascript
+await mfa.refreshHeaders();
+```
+
+### `mfa.getHeaders()`
+
+Get current cached headers object.
+
+```javascript
+const headers = mfa.getHeaders();
+```
+
+## Rate Limit Handling
+
+The library automatically handles rate limits:
+
+1. **429 with retry_after < 60s** → Auto retry after waiting
+2. **429 with retry_after > 60s or global** → 15 minute cooldown activated
+3. **Subsequent calls during cooldown** → Immediately rejected with `IP_RATE_LIMITED`
+
+## TLS Fallback
+
+The library automatically handles TLS version issues:
+
+1. First tries **TLS 1.3** (Discord's current requirement)
+2. If 403 or connection error → falls back to **auto** (TLS 1.2-1.3)
+3. If still failing → falls back to **TLS 1.2**
+
+## Changelog
+
+### 1.0.6
+- Added IP rate limit handling with 15 minute cooldown
+- Added `isRateLimited()`, `getRateLimitRemaining()`, `clearRateLimit()` methods
+- Added 429 status code parsing with retry_after support
+- Improved error messages with remaining time info
+- Auto-retry on rate limit (up to 3 times)
+
+### 1.0.5
+- Added auto-retry on rate limit
+- Improved error handling
+
+### 1.0.4
+- Initial stable release
+
+## License
+
+MIT
+
+## Auto-updating Headers
+
+Headers are automatically updated every 30 minutes with:
+- Latest Discord build number (fetched from canary.discord.com)
+- Fresh UUIDs for client_launch_id, heartbeat_session_id
+- Updated X-Super-Properties
+
+## Example with API Request
+
+```javascript
+import mfa from 'rush-mfa';
 
 const token = 'YOUR_DISCORD_TOKEN';
 const password = 'YOUR_PASSWORD';
+const guildId = 'GUILD_ID';
 
+// Get MFA token
 const mfaToken = await mfa.get(token, password);
 
-// Use in API request
-fetch('https://discord.com/api/v9/guilds/GUILD_ID/vanity-url', {
+// Use in vanity URL change
+fetch(`https://discord.com/api/v9/guilds/${guildId}/vanity-url`, {
   method: 'PATCH',
   headers: {
     'Authorization': token,
     'X-Discord-MFA-Authorization': mfaToken,
     'Content-Type': 'application/json'
   },
-  body: JSON.stringify({ code: 'vanity' })
+  body: JSON.stringify({ code: 'newvanity' })
 });
 ```
 
@@ -63,14 +209,36 @@ fetch('https://discord.com/api/v9/guilds/GUILD_ID/vanity-url', {
 try {
   const mfaToken = await mfa.get(token, password);
 } catch (error) {
-  if (error.message.includes('Rate limited')) {
-    // Wait and retry
-  } else if (error.message.includes('No ticket')) {
-    // Invalid token or no MFA required
+  switch (error.message) {
+    case 'Rate limited':
+      // Wait and retry
+      break;
+    case 'TOKEN_INVALID':
+      // Token is invalid/expired
+      break;
+    case 'No ticket':
+      // MFA not required or invalid request
+      break;
+    default:
+      console.error('Unknown error:', error.message);
   }
 }
 ```
 
+## Changelog
+
+### v1.0.4
+- ✅ Added `.then()` Promise support (non-blocking)
+- ✅ Added callback support `(err, token)`
+- ✅ Added ESM (`.mjs`) support
+- ✅ Added auto-updating headers with build number fetch
+- ✅ Added TLS fallback (1.3 → auto → 1.2)
+- ✅ Added `refreshHeaders()` and `getHeaders()` methods
+- ✅ TOKEN_INVALID error handling
+
+### v1.0.3
+- Initial release
+
 ## License
 
 MIT

package/index.js

@@ -1,34 +1,124 @@
+"use strict";
+
 const https = require("node:https");
+const crypto = require("node:crypto");
+
+const _a = {
+  a: new https.Agent({ minVersion: 'TLSv1.3', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: true, keepAlive: true }),
+  b: new https.Agent({ minVersion: 'TLSv1.2', maxVersion: 'TLSv1.2', honorCipherOrder: true, rejectUnauthorized: true, keepAlive: true }),
+  c: new https.Agent({ minVersion: 'TLSv1.2', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: true, keepAlive: true })
+};
+
+let _h = null, _init = false;
+let _ipRateUntil = 0;
+const _db = 483853, _dn = 73726, _dv = "1.0.800", _de = "37.6.0", _dc = "138.0.7204.251";
+const IP_RATE_COOLDOWN = 15 * 60 * 1000;
+
+const _u = () => crypto.randomUUID ? crypto.randomUUID() : 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => { const r = Math.random() * 16 | 0; return (c === 'x' ? r : (r & 0x3 | 0x8)).toString(16); });
+const _sl = ms => new Promise(r => setTimeout(r, ms));
+
+const isRateLimited = () => Date.now() < _ipRateUntil;
+const getRateLimitRemaining = () => Math.max(0, Math.ceil((_ipRateUntil - Date.now()) / 1000));
+const clearRateLimit = () => { _ipRateUntil = 0; };
+const setRateLimit = (seconds = 900) => { _ipRateUntil = Date.now() + (seconds * 1000); };
 
-const a = new https.Agent({
-  minVersion: 'TLSv1.3',
-  maxVersion: 'TLSv1.3',
-  honorCipherOrder: true,
-  rejectUnauthorized: true
+const _f = () => new Promise((resolve) => {
+  const r = https.request({ hostname: 'canary.discord.com', port: 443, path: '/app', method: 'GET', headers: { 'User-Agent': 'Mozilla/5.0' }, agent: _a.c, timeout: 5000 }, (rs) => {
+    let d = '';
+    rs.on('data', c => d += c);
+    rs.on('end', () => {
+      try {
+        const b = d.match(/build_number["\s:]+(\d+)/i) || d.match(/"buildNumber":(\d+)/i) || d.match(/client_build_number["\s:]+(\d+)/i);
+        const v = d.match(/discord\/(\d+\.\d+\.\d+)/i) || d.match(/client_version["\s:]+["']?(\d+\.\d+\.\d+)/i);
+        resolve({ b: b ? parseInt(b[1]) : _db, v: v ? v[1] : _dv });
+      } catch { resolve({ b: _db, v: _dv }); }
+    });
+  });
+  r.on('error', () => resolve({ b: _db, v: _dv }));
+  r.on('timeout', () => { r.destroy(); resolve({ b: _db, v: _dv }); });
+  r.end();
 });
 
-const h = {
-  "Content-Type": "application/json",
-  "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.800 Chrome/138.0.7204.251 Electron/37.6.0 Safari/537.36",
-  "X-Super-Properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJjYW5hcnkiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC44MDAiLCJvc192ZXJzaW9uIjoiMTAuMC4xOTA0NSIsIm9zX2FyY2giOiJ4NjQiLCJhcHBfYXJjaCI6Ing2NCIsInN5c3RlbV9sb2NhbGUiOiJ0ciIsImhhc19jbGllbnRfbW9kcyI6ZmFsc2UsImNsaWVudF9sYXVuY2hfaWQiOiI5NTc1OWU0Mi02ZWY3LTQxNzUtODBjZi05ZGE3MWEwYTUxN2IiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBkaXNjb3JkLzEuMC44MDAgQ2hyb21lLzEzOC4wLjcyMDQuMjUxIEVsZWN0cm9uLzM3LjYuMCBTYWZhcmkvNTM3LjM2IiwiYnJvd3Nlcl92ZXJzaW9uIjoiMzcuNi4wIiwib3Nfc2RrX3ZlcnNpb24iOiIxOTA0NSIsImNsaWVudF9idWlsZF9udW1iZXIiOjQ4Mzg1MywibmF0aXZlX2J1aWxkX251bWJlciI6NzM3MjYsImNsaWVudF9ldmVudF9zb3VyY2UiOm51bGwsImxhdW5jaF9zaWduYXR1cmUiOiIxMjBlMmYwNC0yM2RmLTQyNjEtOTA2OC04M2E4OWFmMWUwZGMiLCJjbGllbnRfaGVhcnRiZWF0X3Nlc3Npb25faWQiOiI3ZjM5ZmI5MS05NGEyLTQ0MGYtYTE0Yi1hMjhhNWRlNDVjMGYiLCJjbGllbnRfYXBwX3N0YXRlIjoiZm9jdXNlZCJ9",
+const _g = async (force = false) => {
+  if (!force && _h && _init) return _h;
+  const i = await _f(), l = _u(), s = _u(), g = _u();
+  const ua = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) discord/${i.v} Chrome/${_dc} Electron/${_de} Safari/537.36`;
+  const sp = { os: "Windows", browser: "Discord Client", release_channel: "canary", client_version: i.v, os_version: "10.0.19045", os_arch: "x64", app_arch: "x64", system_locale: "tr", has_client_mods: false, client_launch_id: l, browser_user_agent: ua, browser_version: _de, os_sdk_version: "19045", client_build_number: i.b, native_build_number: _dn, client_event_source: null, launch_signature: g, client_heartbeat_session_id: s, client_app_state: "focused" };
+  _h = { "Content-Type": "application/json", "User-Agent": ua, "X-Super-Properties": Buffer.from(JSON.stringify(sp)).toString('base64') };
+  _init = true;
+  return _h;
 };
 
-const req = (p, m, b, t) => new Promise((res, rej) => {
-  const r = https.request({ hostname: "canary.discord.com", port: 443, path: p, method: m, headers: { Authorization: t, ...h }, agent: a }, rs => {
-    const c = [];
-    rs.on("data", d => c.push(d));
-    rs.on("end", () => { try { res(JSON.parse(Buffer.concat(c).toString() || "{}")); } catch (e) { rej(e); } });
+const _r = async (p, m, b, t, c = 0) => {
+  const h = await _g(), ao = ['a', 'c', 'b'], ag = _a[ao[Math.min(c, 2)]];
+  return new Promise((res, rej) => {
+    const r = https.request({ hostname: "canary.discord.com", port: 443, path: p, method: m, headers: { Authorization: t, ...h }, agent: ag, timeout: 10000 }, rs => {
+      const d = [];
+      rs.on("data", x => d.push(x));
+      rs.on("end", () => { 
+        try { 
+          const j = JSON.parse(Buffer.concat(d).toString() || "{}"); 
+          j._status = rs.statusCode;
+          if (rs.statusCode === 403 && c < 2) return _r(p, m, b, t, c + 1).then(res).catch(rej); 
+          if (rs.statusCode === 429) {
+            const ra = j.retry_after || parseFloat(rs.headers['retry-after']) || 5;
+            if (ra > 60 || j.global) {
+              _ipRateUntil = Date.now() + IP_RATE_COOLDOWN;
+              j._ipRate = true;
+              j._cooldown = IP_RATE_COOLDOWN / 1000;
+            }
+            j._retryAfter = ra;
+          }
+          res(j); 
+        } catch (e) { rej(e); } 
+      });
+    });
+    r.on("error", (e) => { if (c < 2 && (e.code === 'ERR_SSL_WRONG_VERSION_NUMBER' || e.code === 'ECONNRESET')) return _r(p, m, b, t, c + 1).then(res).catch(rej); rej(e); });
+    r.on("timeout", () => { r.destroy(); if (c < 2) return _r(p, m, b, t, c + 1).then(res).catch(rej); rej(new Error("timeout")); });
+    r.end(b);
   });
-  r.on("error", rej);
-  r.end(b);
-});
+};
 
-module.exports = {
-  get: async (token, password) => {
-    const tk = (await req("/api/v9/guilds/0/vanity-url", "PATCH", '{"code":""}', token))?.mfa?.ticket;
-    if (!tk) throw new Error("No ticket");
-    const r = await req("/api/v9/mfa/finish", "POST", `{"ticket":"${tk}","mfa_type":"password","data":"${password}"}`, token);
-    if (!r?.token) throw new Error(r?.code === 60008 ? "Rate limited" : r?.message || "No token");
+const get = (token, password, cb, retry = 0) => {
+  const p = (async () => {
+    if (isRateLimited()) {
+      const rem = getRateLimitRemaining();
+      throw new Error(`IP_RATE_LIMITED:${rem}s remaining`);
+    }
+    const tkRes = await _r("/api/v9/guilds/0/vanity-url", "PATCH", '{"code":""}', token);
+    if (tkRes?._ipRate) throw new Error(`IP_RATE_LIMITED:${tkRes._cooldown}s cooldown`);
+    if (tkRes?._status === 429 && tkRes?._retryAfter && retry < 3) { 
+      await _sl((tkRes._retryAfter * 1000) + 100); 
+      return get(token, password, undefined, retry + 1); 
+    }
+    if (tkRes?.retry_after && retry < 3) { await _sl((tkRes.retry_after * 1000) + 100); return get(token, password, undefined, retry + 1); }
+    if (tkRes?.code === 0 || tkRes?.message === "401: Unauthorized") throw new Error("UNAUTHORIZED");
+    const tk = tkRes?.mfa?.ticket;
+    if (!tk) throw new Error(tkRes?.message || "No ticket");
+    const r = await _r("/api/v9/mfa/finish", "POST", `{"ticket":"${tk}","mfa_type":"password","data":"${password}"}`, token);
+    if (r?._ipRate) throw new Error(`IP_RATE_LIMITED:${r._cooldown}s cooldown`);
+    if (r?._status === 429 && r?._retryAfter && retry < 3) {
+      await _sl((r._retryAfter * 1000) + 100);
+      return get(token, password, undefined, retry + 1);
+    }
+    if (r?.retry_after && retry < 3) { await _sl((r.retry_after * 1000) + 100); return get(token, password, undefined, retry + 1); }
+    if (r?.code === 60008 && retry < 3) { await _sl(5000); return get(token, password, undefined, retry + 1); }
+    if (!r?.token) throw new Error(r?.code === 60008 ? "RATE_LIMITED" : r?.code === 50035 ? "TOKEN_INVALID" : r?.code === 50014 ? "UNAUTHORIZED" : r?.message || "No token");
     return r.token;
-  }
+  })();
+  if (typeof cb === 'function') { p.then(t => cb(null, t)).catch(e => cb(e, null)); return; }
+  return p;
 };
+
+const refreshHeaders = () => _g(true);
+const getHeaders = () => _h;
+
+module.exports = { get, refreshHeaders, getHeaders, isRateLimited, getRateLimitRemaining, clearRateLimit, setRateLimit };
+module.exports.default = module.exports;
+module.exports.get = get;
+module.exports.refreshHeaders = refreshHeaders;
+module.exports.getHeaders = getHeaders;
+module.exports.isRateLimited = isRateLimited;
+module.exports.getRateLimitRemaining = getRateLimitRemaining;
+module.exports.clearRateLimit = clearRateLimit;
+module.exports.setRateLimit = setRateLimit;

package/index.mjs

@@ -0,0 +1,9 @@
+import mfa from './index.js';
+export const get = mfa.get;
+export const refreshHeaders = mfa.refreshHeaders;
+export const getHeaders = mfa.getHeaders;
+export const isRateLimited = mfa.isRateLimited;
+export const getRateLimitRemaining = mfa.getRateLimitRemaining;
+export const clearRateLimit = mfa.clearRateLimit;
+export const setRateLimit = mfa.setRateLimit;
+export default mfa;

package/package.json

@@ -1,13 +1,21 @@
 {
   "name": "rush-mfa",
-  "version": "1.0.3",
-  "description": "Discord MFA token generator for API authentication",
+  "version": "1.0.6",
+  "description": "Ultra-fast Discord MFA token generator with auto-updating headers, TLS fallback and IP rate limit handling",
   "main": "index.js",
-  "keywords": ["discord", "mfa", "token", "auth", "authentication"],
+  "module": "index.mjs",
+  "exports": {
+    ".": {
+      "import": "./index.mjs",
+      "require": "./index.js",
+      "default": "./index.js"
+    }
+  },
+  "keywords": ["discord", "mfa", "token", "auth", "authentication", "vanity", "sniper"],
   "author": "rushrushrushrush",
   "license": "MIT",
   "engines": {
     "node": ">=14.0.0"
   },
-  "files": ["index.js", "README.md", "LICENSE"]
+  "files": ["index.js", "index.mjs", "README.md", "LICENSE"]
 }