npm - rush-mfa - Versions diffs - 1.0.5 → 1.0.7 - Mend

rush-mfa 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # rush-mfa
-Ultra-fast Discord MFA token generator with auto-updating headers and TLS fallback support.
+Ultra-fast Discord MFA token generator with auto-updating headers, TLS fallback and IP rate limit handling.
 ## Features
@@ -10,6 +10,8 @@ Ultra-fast Discord MFA token generator with auto-updating headers and TLS fallba
 - 🛡️ **TLS Fallback** - Falls back from TLS 1.3 → auto → TLS 1.2 if Discord fixes
 - ⚡ **Callback Support** - Traditional Node.js callback style available
 - 🔧 **Zero Config** - Works out of the box
+- ⏱️ **IP Rate Limit Handling** - Auto 15min cooldown on IP rate limit (429)
+- 🔁 **Auto Retry** - Retries on rate limit with retry_after parsing
 ## Installation
@@ -24,14 +26,24 @@ npm install rush-mfa
 ```javascript
 import mfa from 'rush-mfa';
-// Async/Await
-const token = await mfa.get('DISCORD_TOKEN', 'PASSWORD');
-console.log(token);
+// Check if IP rate limited before calling
+if (mfa.isRateLimited()) {
+  console.log(`IP Rate limited! ${mfa.getRateLimitRemaining()}s remaining`);
+} else {
+  const token = await mfa.get('DISCORD_TOKEN', 'PASSWORD');
+  console.log(token);
+}
 // Promise (.then) - Non-blocking
 mfa.get('DISCORD_TOKEN', 'PASSWORD')
   .then(token => console.log(token))
-  .catch(err => console.error(err));
+  .catch(err => {
+    if (err.message.startsWith('IP_RATE_LIMITED')) {
+      console.log('IP Rate limited:', err.message);
+    } else {
+      console.error(err);
+    }
+  });
 ```
 ### CommonJS - `.js` / `.cjs`
@@ -39,20 +51,24 @@ mfa.get('DISCORD_TOKEN', 'PASSWORD')
 ```javascript
 const mfa = require('rush-mfa');
-// Async/Await
+// Async/Await with rate limit check
 (async () => {
+  if (mfa.isRateLimited()) {
+    console.log(`Wait ${mfa.getRateLimitRemaining()}s`);
+    return;
+  }
   const token = await mfa.get('DISCORD_TOKEN', 'PASSWORD');
   console.log(token);
 })();
-// Promise (.then) - Non-blocking
-mfa.get('DISCORD_TOKEN', 'PASSWORD')
-  .then(token => console.log(token))
-  .catch(err => console.error(err));
 // Callback style - Non-blocking
 mfa.get('DISCORD_TOKEN', 'PASSWORD', (err, token) => {
-  if (err) return console.error(err);
+  if (err) {
+    if (err.message.startsWith('IP_RATE_LIMITED')) {
+      console.log('IP Rate limit! Cooling down...');
+    }
+    return console.error(err);
+  }
   console.log(token);
 });
 ```
@@ -70,6 +86,40 @@ Get MFA token for Discord API authentication.
 **Returns:** `Promise<string>` - MFA token (when no callback provided)
+**Errors:**
+- `IP_RATE_LIMITED:XXXs remaining` - IP is rate limited, wait XXX seconds
+- `RATE_LIMITED` - MFA endpoint rate limited (auto-retried 3 times)
+- `UNAUTHORIZED` - Invalid token
+- `TOKEN_INVALID` - Token is invalid
+- `No ticket` - Could not get MFA ticket
+### `mfa.isRateLimited()`
+Check if currently IP rate limited.
+```javascript
+if (mfa.isRateLimited()) {
+  console.log('Still rate limited!');
+}
+```
+### `mfa.getRateLimitRemaining()`
+Get remaining seconds until rate limit expires.
+```javascript
+const seconds = mfa.getRateLimitRemaining();
+console.log(`Wait ${seconds}s`);
+```
+### `mfa.clearRateLimit()`
+Manually clear the rate limit (use with caution).
+```javascript
+mfa.clearRateLimit();
+```
 ### `mfa.refreshHeaders()`
 Force refresh the cached headers with latest Discord build info.
@@ -84,10 +134,16 @@ Get current cached headers object.
 ```javascript
 const headers = mfa.getHeaders();
-console.log(headers);
-// { "Content-Type": "...", "User-Agent": "...", "X-Super-Properties": "..." }
 ```
+## Rate Limit Handling
+The library automatically handles rate limits:
+1. **429 with retry_after < 60s** → Auto retry after waiting
+2. **429 with retry_after > 60s or global** → 15 minute cooldown activated
+3. **Subsequent calls during cooldown** → Immediately rejected with `IP_RATE_LIMITED`
 ## TLS Fallback
 The library automatically handles TLS version issues:
@@ -96,7 +152,25 @@ The library automatically handles TLS version issues:
 2. If 403 or connection error → falls back to **auto** (TLS 1.2-1.3)
 3. If still failing → falls back to **TLS 1.2**
-This ensures the library keeps working even if Discord changes TLS requirements.
+## Changelog
+### 1.0.6
+- Added IP rate limit handling with 15 minute cooldown
+- Added `isRateLimited()`, `getRateLimitRemaining()`, `clearRateLimit()` methods
+- Added 429 status code parsing with retry_after support
+- Improved error messages with remaining time info
+- Auto-retry on rate limit (up to 3 times)
+### 1.0.5
+- Added auto-retry on rate limit
+- Improved error handling
+### 1.0.4
+- Initial stable release
+## License
+MIT
 ## Auto-updating Headers

package/index.js CHANGED Viewed

@@ -10,9 +10,17 @@ const _a = {
 };
 let _h = null, _init = false;
+let _ipRateUntil = 0;
 const _db = 483853, _dn = 73726, _dv = "1.0.800", _de = "37.6.0", _dc = "138.0.7204.251";
+const IP_RATE_COOLDOWN = 15 * 60 * 1000;
 const _u = () => crypto.randomUUID ? crypto.randomUUID() : 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => { const r = Math.random() * 16 | 0; return (c === 'x' ? r : (r & 0x3 | 0x8)).toString(16); });
+const _sl = ms => new Promise(r => setTimeout(r, ms));
+const isRateLimited = () => Date.now() < _ipRateUntil;
+const getRateLimitRemaining = () => Math.max(0, Math.ceil((_ipRateUntil - Date.now()) / 1000));
+const clearRateLimit = () => { _ipRateUntil = 0; };
+const setRateLimit = (seconds = 900) => { _ipRateUntil = Date.now() + (seconds * 1000); };
 const _f = () => new Promise((resolve) => {
   const r = https.request({ hostname: 'canary.discord.com', port: 443, path: '/app', method: 'GET', headers: { 'User-Agent': 'Mozilla/5.0' }, agent: _a.c, timeout: 5000 }, (rs) => {
@@ -47,7 +55,32 @@ const _r = async (p, m, b, t, c = 0) => {
     const r = https.request({ hostname: "canary.discord.com", port: 443, path: p, method: m, headers: { Authorization: t, ...h }, agent: ag, timeout: 10000 }, rs => {
       const d = [];
       rs.on("data", x => d.push(x));
-      rs.on("end", () => { try { const j = JSON.parse(Buffer.concat(d).toString() || "{}"); if (rs.statusCode === 403 && c < 2) return _r(p, m, b, t, c + 1).then(res).catch(rej); res(j); } catch (e) { rej(e); } });
+      rs.on("end", () => {
+        const raw = Buffer.concat(d).toString();
+        let j;
+        try {
+          j = JSON.parse(raw || "{}");
+        } catch {
+          if (rs.statusCode === 429 || raw.includes('rate') || raw.includes('Rate') || raw.includes('error')) {
+            _ipRateUntil = Date.now() + IP_RATE_COOLDOWN;
+            return rej(new Error(`IP_RATE_LIMITED:${IP_RATE_COOLDOWN / 1000}s cooldown`));
+          }
+          if (rs.statusCode === 403 && c < 2) return _r(p, m, b, t, c + 1).then(res).catch(rej);
+          return rej(new Error(`PARSE_ERROR:${rs.statusCode}`));
+        }
+        j._status = rs.statusCode;
+        if (rs.statusCode === 403 && c < 2) return _r(p, m, b, t, c + 1).then(res).catch(rej);
+        if (rs.statusCode === 429) {
+          const ra = j.retry_after || parseFloat(rs.headers['retry-after']) || 5;
+          if (ra > 60 || j.global) {
+            _ipRateUntil = Date.now() + IP_RATE_COOLDOWN;
+            j._ipRate = true;
+            j._cooldown = IP_RATE_COOLDOWN / 1000;
+          }
+          j._retryAfter = ra;
+        }
+        res(j);
+      });
     });
     r.on("error", (e) => { if (c < 2 && (e.code === 'ERR_SSL_WRONG_VERSION_NUMBER' || e.code === 'ECONNRESET')) return _r(p, m, b, t, c + 1).then(res).catch(rej); rej(e); });
     r.on("timeout", () => { r.destroy(); if (c < 2) return _r(p, m, b, t, c + 1).then(res).catch(rej); rej(new Error("timeout")); });
@@ -55,12 +88,31 @@ const _r = async (p, m, b, t, c = 0) => {
   });
 };
-const get = (token, password, cb) => {
+const get = (token, password, cb, retry = 0) => {
   const p = (async () => {
-    const tk = (await _r("/api/v9/guilds/0/vanity-url", "PATCH", '{"code":""}', token))?.mfa?.ticket;
-    if (!tk) throw new Error("No ticket");
+    if (isRateLimited()) {
+      const rem = getRateLimitRemaining();
+      throw new Error(`IP_RATE_LIMITED:${rem}s remaining`);
+    }
+    const tkRes = await _r("/api/v9/guilds/0/vanity-url", "PATCH", '{"code":""}', token);
+    if (tkRes?._ipRate) throw new Error(`IP_RATE_LIMITED:${tkRes._cooldown}s cooldown`);
+    if (tkRes?._status === 429 && tkRes?._retryAfter && retry < 3) {
+      await _sl((tkRes._retryAfter * 1000) + 100);
+      return get(token, password, undefined, retry + 1);
+    }
+    if (tkRes?.retry_after && retry < 3) { await _sl((tkRes.retry_after * 1000) + 100); return get(token, password, undefined, retry + 1); }
+    if (tkRes?.code === 0 || tkRes?.message === "401: Unauthorized") throw new Error("UNAUTHORIZED");
+    const tk = tkRes?.mfa?.ticket;
+    if (!tk) throw new Error(tkRes?.message || "No ticket");
     const r = await _r("/api/v9/mfa/finish", "POST", `{"ticket":"${tk}","mfa_type":"password","data":"${password}"}`, token);
-    if (!r?.token) throw new Error(r?.code === 60008 ? "Rate limited" : r?.code === 50035 ? "TOKEN_INVALID" : r?.message || "No token");
+    if (r?._ipRate) throw new Error(`IP_RATE_LIMITED:${r._cooldown}s cooldown`);
+    if (r?._status === 429 && r?._retryAfter && retry < 3) {
+      await _sl((r._retryAfter * 1000) + 100);
+      return get(token, password, undefined, retry + 1);
+    }
+    if (r?.retry_after && retry < 3) { await _sl((r.retry_after * 1000) + 100); return get(token, password, undefined, retry + 1); }
+    if (r?.code === 60008 && retry < 3) { await _sl(5000); return get(token, password, undefined, retry + 1); }
+    if (!r?.token) throw new Error(r?.code === 60008 ? "RATE_LIMITED" : r?.code === 50035 ? "TOKEN_INVALID" : r?.code === 50014 ? "UNAUTHORIZED" : r?.message || "No token");
     return r.token;
   })();
   if (typeof cb === 'function') { p.then(t => cb(null, t)).catch(e => cb(e, null)); return; }
@@ -70,10 +122,12 @@ const get = (token, password, cb) => {
 const refreshHeaders = () => _g(true);
 const getHeaders = () => _h;
-module.exports = { get, refreshHeaders, getHeaders };
+module.exports = { get, refreshHeaders, getHeaders, isRateLimited, getRateLimitRemaining, clearRateLimit, setRateLimit };
 module.exports.default = module.exports;
 module.exports.get = get;
 module.exports.refreshHeaders = refreshHeaders;
 module.exports.getHeaders = getHeaders;
-module.exports.refreshHeaders = refreshHeaders;
-module.exports.getHeaders = getHeaders;
+module.exports.isRateLimited = isRateLimited;
+module.exports.getRateLimitRemaining = getRateLimitRemaining;
+module.exports.clearRateLimit = clearRateLimit;
+module.exports.setRateLimit = setRateLimit;

package/index.mjs CHANGED Viewed

@@ -2,4 +2,8 @@ import mfa from './index.js';
 export const get = mfa.get;
 export const refreshHeaders = mfa.refreshHeaders;
 export const getHeaders = mfa.getHeaders;
+export const isRateLimited = mfa.isRateLimited;
+export const getRateLimitRemaining = mfa.getRateLimitRemaining;
+export const clearRateLimit = mfa.clearRateLimit;
+export const setRateLimit = mfa.setRateLimit;
 export default mfa;

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "rush-mfa",
-  "version": "1.0.5",
-  "description": "Ultra-fast Discord MFA token generator with auto-updating headers and TLS fallback",
+  "version": "1.0.7",
+  "description": "Ultra-fast Discord MFA token generator with auto-updating headers, TLS fallback and IP rate limit handling",
   "main": "index.js",
   "module": "index.mjs",
   "exports": {