rush-mfa 1.0.7 → 1.0.8

package/README.md

@@ -1,17 +1,19 @@
 # rush-mfa
 
-Ultra-fast Discord MFA token generator with auto-updating headers, TLS fallback and IP rate limit handling.
+Discord MFA token generator with HTTP/2, host fallback and IP rate limit handling.
 
 ## Features
 
 - 🚀 **Async/Await & Promise (.then) Support** - Non-blocking API
 - 📦 **ESM & CommonJS Support** - Works with `.mjs`, `.cjs`, `.js`
-- 🔄 **Auto-updating Headers** - Fetches latest Discord build numbers automatically
-- 🛡️ **TLS Fallback** - Falls back from TLS 1.3 → auto → TLS 1.2 if Discord fixes
+- 🌐 **HTTP/2 Protocol** - Faster multiplexed connections
+- 🔄 **Host Fallback** - canary.discord.com → discord.com on rate limit
 - ⚡ **Callback Support** - Traditional Node.js callback style available
 - 🔧 **Zero Config** - Works out of the box
-- ⏱️ **IP Rate Limit Handling** - Auto 15min cooldown on IP rate limit (429)
+- ⏱️ **IP Rate Limit Handling** - Auto 30min cooldown on IP rate limit (429)
 - 🔁 **Auto Retry** - Retries on rate limit with retry_after parsing
+- 🆔 **X-Installation-ID** - Discord client fingerprint support
+- 🛡️ **Safe JSON Parse** - Handles HTML/Cloudflare responses gracefully
 
 ## Installation
 
@@ -34,6 +36,9 @@ if (mfa.isRateLimited()) {
   console.log(token);
 }
 
+// Set your own installation ID (optional)
+mfa.setInstallationId('1465561582800081062.6ov7tRO-------');
+
 // Promise (.then) - Non-blocking
 mfa.get('DISCORD_TOKEN', 'PASSWORD')
   .then(token => console.log(token))
@@ -88,7 +93,7 @@ Get MFA token for Discord API authentication.
 
 **Errors:**
 - `IP_RATE_LIMITED:XXXs remaining` - IP is rate limited, wait XXX seconds
-- `RATE_LIMITED` - MFA endpoint rate limited (auto-retried 3 times)
+- `MFA_FAILED:password_wrong_or_token_ratelimited_or_patched` - Password wrong, token rate limited, or MFA patched
 - `UNAUTHORIZED` - Invalid token
 - `TOKEN_INVALID` - Token is invalid
 - `No ticket` - Could not get MFA ticket
@@ -136,24 +141,91 @@ Get current cached headers object.
 const headers = mfa.getHeaders();
 ```
 
+### `mfa.getInstallationId()`
+
+Get the current X-Installation-ID.
+
+```javascript
+const installId = mfa.getInstallationId();
+console.log(installId); // "1234567890.abc123xyz..."
+```
+
+### `mfa.setInstallationId(id)`
+
+Set a custom X-Installation-ID (from your Discord client).
+
+```javascript
+// Use your own Discord client's installation ID
+mfa.setInstallationId('1465561582800081062.6ov7tROCKtZoFslCqgqzvbgeUiA');
+```
+
+### `mfa.generateInstallationId()`
+
+Generate a new random X-Installation-ID.
+
+```javascript
+const newId = mfa.generateInstallationId();
+console.log(newId); // "1738423456789012345.aB3dEfGhIjKlMnOpQrStUvWxYz0"
+```
+
+## Headers Included
+
+The library sends only essential Discord client headers:
+
+| Header | Description |
+|--------|-------------|
+| `Content-Type` | `application/json` |
+| `Origin` | `https://canary.discord.com` |
+| `Referer` | `https://canary.discord.com/channels/@me` |
+| `Sec-Fetch-Dest` | `empty` |
+| `Sec-Fetch-Mode` | `cors` |
+| `Sec-Fetch-Site` | `same-origin` |
+| `User-Agent` | Discord client UA |
+| `X-Debug-Options` | `bugReporterEnabled` |
+| `X-Discord-Locale` | `tr` |
+| `X-Discord-Timezone` | `Europe/Istanbul` |
+| `X-Installation-Id` | Unique client fingerprint |
+| `X-Super-Properties` | Base64 encoded client info |
+
 ## Rate Limit Handling
 
 The library automatically handles rate limits:
 
 1. **429 with retry_after < 60s** → Auto retry after waiting
-2. **429 with retry_after > 60s or global** → 15 minute cooldown activated
-3. **Subsequent calls during cooldown** → Immediately rejected with `IP_RATE_LIMITED`
+2. **Rate limited on canary** → Fallback to discord.com (stable)
+3. **Rate limited on both hosts** → 30 minute cooldown activated
+4. **Cloudflare/HTML response** → Safe JSON parse, extracts retry_after if available
+5. **Subsequent calls during cooldown** → Immediately rejected with `IP_RATE_LIMITED`
+
+## Host Fallback
 
-## TLS Fallback
+The library uses HTTP/2 with automatic host fallback:
 
-The library automatically handles TLS version issues:
+1. First tries **canary.discord.com** with canary X-Super-Properties
+2. If rate limited → tries **discord.com** with stable X-Super-Properties
+3. If both fail → 30 minute cooldown activated
 
-1. First tries **TLS 1.3** (Discord's current requirement)
-2. If 403 or connection error → falls back to **auto** (TLS 1.2-1.3)
-3. If still failing → falls back to **TLS 1.2**
+### Build Numbers
+
+| Host | release_channel | client_version | native_build_number |
+|------|-----------------|----------------|---------------------|
+| canary.discord.com | canary | 1.0.816 | 74605 |
+| discord.com | stable | 1.0.9221 | 74058 |
 
 ## Changelog
 
+### 1.0.8
+- **🚀 HTTP/2 Protocol** - Switched from HTTPS to HTTP/2 for faster connections
+- **🔄 Host Fallback** - canary.discord.com → discord.com on rate limit
+- **🛡️ Safe JSON Parse** - Handles HTML/Cloudflare responses without crashing
+- **📊 Dual X-Super-Properties** - Separate configs for canary and stable
+- Updated build numbers (canary: 492018/74605, stable: 492022/74058)
+- Added `closeSessions()` method to cleanup HTTP/2 connections
+- 30 minute cooldown on IP rate limit
+- Better error messages for 60008 (password wrong/token rate limited/patched)
+- Added `X-Installation-Id` header support (device fingerprint)
+- Added `getInstallationId()`, `setInstallationId()`, `generateInstallationId()` methods
+
 ### 1.0.6
 - Added IP rate limit handling with 15 minute cooldown
 - Added `isRateLimited()`, `getRateLimitRemaining()`, `clearRateLimit()` methods

package/index.js

@@ -1,128 +1,244 @@
 "use strict";
 
-const https = require("node:https");
+const http2 = require("node:http2");
 const crypto = require("node:crypto");
+const tls = require("node:tls");
 
-const _a = {
-  a: new https.Agent({ minVersion: 'TLSv1.3', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: true, keepAlive: true }),
-  b: new https.Agent({ minVersion: 'TLSv1.2', maxVersion: 'TLSv1.2', honorCipherOrder: true, rejectUnauthorized: true, keepAlive: true }),
-  c: new https.Agent({ minVersion: 'TLSv1.2', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: true, keepAlive: true })
+const _tlsOpts = {
+  a: { minVersion: 'TLSv1.3', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: true },
+  b: { minVersion: 'TLSv1.2', maxVersion: 'TLSv1.2', honorCipherOrder: true, rejectUnauthorized: true },
+  c: { minVersion: 'TLSv1.2', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: true }
 };
 
-let _h = null, _init = false;
+let _sessions = { canary: null, stable: null };
+let _h = { canary: null, stable: null }, _init = { canary: false, stable: false }, _installId = null;
 let _ipRateUntil = 0;
-const _db = 483853, _dn = 73726, _dv = "1.0.800", _de = "37.6.0", _dc = "138.0.7204.251";
-const IP_RATE_COOLDOWN = 15 * 60 * 1000;
+
+const _builds = {
+  canary: { b: 492018, n: 74605, v: "1.0.816", ch: "canary" },
+  stable: { b: 492022, n: 74058, v: "1.0.9221", ch: "stable" }
+};
+const _de = "37.6.0", _dc = "138.0.7204.251";
+const IP_RATE_COOLDOWN = 30 * 60 * 1000;
+const HOSTS = { canary: "canary.discord.com", stable: "discord.com" };
 
 const _u = () => crypto.randomUUID ? crypto.randomUUID() : 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => { const r = Math.random() * 16 | 0; return (c === 'x' ? r : (r & 0x3 | 0x8)).toString(16); });
 const _sl = ms => new Promise(r => setTimeout(r, ms));
 
+const _genInstallId = () => {
+  const ts = BigInt(Date.now() - 1420070400000) << 22n;
+  const snowflake = ts | (BigInt(Math.floor(Math.random() * 31)) << 17n) | (BigInt(Math.floor(Math.random() * 31)) << 12n) | BigInt(Math.floor(Math.random() * 4095));
+  const rand = crypto.randomBytes(20).toString('base64').replace(/[+/=]/g, c => c === '+' ? 'a' : c === '/' ? 'b' : '').slice(0, 27);
+  return `${snowflake}.${rand}`;
+};
+const _getInstallId = () => { if (!_installId) _installId = _genInstallId(); return _installId; };
+
 const isRateLimited = () => Date.now() < _ipRateUntil;
 const getRateLimitRemaining = () => Math.max(0, Math.ceil((_ipRateUntil - Date.now()) / 1000));
 const clearRateLimit = () => { _ipRateUntil = 0; };
-const setRateLimit = (seconds = 900) => { _ipRateUntil = Date.now() + (seconds * 1000); };
+const setRateLimit = (seconds = 1800) => { _ipRateUntil = Date.now() + (seconds * 1000); };
 
-const _f = () => new Promise((resolve) => {
-  const r = https.request({ hostname: 'canary.discord.com', port: 443, path: '/app', method: 'GET', headers: { 'User-Agent': 'Mozilla/5.0' }, agent: _a.c, timeout: 5000 }, (rs) => {
-    let d = '';
-    rs.on('data', c => d += c);
-    rs.on('end', () => {
-      try {
-        const b = d.match(/build_number["\s:]+(\d+)/i) || d.match(/"buildNumber":(\d+)/i) || d.match(/client_build_number["\s:]+(\d+)/i);
-        const v = d.match(/discord\/(\d+\.\d+\.\d+)/i) || d.match(/client_version["\s:]+["']?(\d+\.\d+\.\d+)/i);
-        resolve({ b: b ? parseInt(b[1]) : _db, v: v ? v[1] : _dv });
-      } catch { resolve({ b: _db, v: _dv }); }
+const _safeJson = (raw) => {
+  if (!raw || raw.length === 0) return { _empty: true };
+  const trimmed = raw.trim();
+  if (trimmed.startsWith('<!') || trimmed.startsWith('<html') || trimmed.startsWith('<head') || trimmed.toLowerCase().includes('<!doctype')) {
+    const retryMatch = raw.match(/retry[_-]?after[":\s]+(\d+\.?\d*)/i);
+    return { _html: true, _raw: raw.slice(0, 200), _retryAfter: retryMatch ? parseFloat(retryMatch[1]) : null };
+  }
+  if (!trimmed.startsWith('{') && !trimmed.startsWith('[')) {
+    return { _invalid: true, _raw: raw.slice(0, 200) };
+  }
+  try { return JSON.parse(raw); } catch { return { _parseError: true, _raw: raw.slice(0, 200) }; }
+};
+
+const _getSession = (type = 'canary', tlsType = 'a') => {
+  const key = `${type}_${tlsType}`;
+  return new Promise((resolve, reject) => {
+    if (_sessions[type] && !_sessions[type].destroyed && !_sessions[type].closed) return resolve(_sessions[type]);
+    const session = http2.connect(`https://${HOSTS[type]}`, {
+      settings: { enablePush: false },
+      timeout: 15000,
+      createConnection: (url, options) => tls.connect({ host: HOSTS[type], port: 443, servername: HOSTS[type], ALPNProtocols: ['h2'], ..._tlsOpts[tlsType] }),
+      ..._tlsOpts[tlsType]
     });
+    session.on('error', (err) => { _sessions[type] = null; reject(err); });
+    session.on('close', () => { _sessions[type] = null; });
+    session.on('connect', () => { _sessions[type] = session; resolve(session); });
+    session.setTimeout(15000, () => { session.destroy(); _sessions[type] = null; reject(new Error('H2_TIMEOUT')); });
   });
-  r.on('error', () => resolve({ b: _db, v: _dv }));
-  r.on('timeout', () => { r.destroy(); resolve({ b: _db, v: _dv }); });
-  r.end();
-});
-
-const _g = async (force = false) => {
-  if (!force && _h && _init) return _h;
-  const i = await _f(), l = _u(), s = _u(), g = _u();
-  const ua = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) discord/${i.v} Chrome/${_dc} Electron/${_de} Safari/537.36`;
-  const sp = { os: "Windows", browser: "Discord Client", release_channel: "canary", client_version: i.v, os_version: "10.0.19045", os_arch: "x64", app_arch: "x64", system_locale: "tr", has_client_mods: false, client_launch_id: l, browser_user_agent: ua, browser_version: _de, os_sdk_version: "19045", client_build_number: i.b, native_build_number: _dn, client_event_source: null, launch_signature: g, client_heartbeat_session_id: s, client_app_state: "focused" };
-  _h = { "Content-Type": "application/json", "User-Agent": ua, "X-Super-Properties": Buffer.from(JSON.stringify(sp)).toString('base64') };
-  _init = true;
-  return _h;
 };
 
-const _r = async (p, m, b, t, c = 0) => {
-  const h = await _g(), ao = ['a', 'c', 'b'], ag = _a[ao[Math.min(c, 2)]];
-  return new Promise((res, rej) => {
-    const r = https.request({ hostname: "canary.discord.com", port: 443, path: p, method: m, headers: { Authorization: t, ...h }, agent: ag, timeout: 10000 }, rs => {
-      const d = [];
-      rs.on("data", x => d.push(x));
-      rs.on("end", () => { 
-        const raw = Buffer.concat(d).toString();
-        let j;
-        try { 
-          j = JSON.parse(raw || "{}"); 
-        } catch { 
-          if (rs.statusCode === 429 || raw.includes('rate') || raw.includes('Rate') || raw.includes('error')) {
-            _ipRateUntil = Date.now() + IP_RATE_COOLDOWN;
-            return rej(new Error(`IP_RATE_LIMITED:${IP_RATE_COOLDOWN / 1000}s cooldown`));
+const _closeSessions = () => {
+  for (const type of ['canary', 'stable']) {
+    if (_sessions[type] && !_sessions[type].destroyed) { _sessions[type].destroy(); _sessions[type] = null; }
+  }
+};
+
+const _g = async (type = 'canary', force = false) => {
+  if (!force && _h[type] && _init[type]) return _h[type];
+  const build = _builds[type];
+  const l = _u(), s = _u(), g = _u();
+  const ua = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) discord/${build.v} Chrome/${_dc} Electron/${_de} Safari/537.36`;
+  const sp = { os: "Windows", browser: "Discord Client", release_channel: build.ch, client_version: build.v, os_version: "10.0.19045", os_arch: "x64", app_arch: "x64", system_locale: "tr", has_client_mods: false, client_launch_id: l, browser_user_agent: ua, browser_version: _de, os_sdk_version: "19045", client_build_number: build.b, native_build_number: build.n, client_event_source: null, launch_signature: g, client_heartbeat_session_id: s, client_app_state: "focused" };
+  _h[type] = {
+    "content-type": "application/json",
+    "origin": `https://${HOSTS[type]}`,
+    "referer": `https://${HOSTS[type]}/channels/@me`,
+    "sec-fetch-dest": "empty",
+    "sec-fetch-mode": "cors",
+    "sec-fetch-site": "same-origin",
+    "user-agent": ua,
+    "x-debug-options": "bugReporterEnabled",
+    "x-discord-locale": "tr",
+    "x-discord-timezone": "Europe/Istanbul",
+    "x-installation-id": _getInstallId(),
+    "x-super-properties": Buffer.from(JSON.stringify(sp)).toString('base64')
+  };
+  _init[type] = true;
+  return _h[type];
+};
+
+const _r = async (path, method, body, token, type = 'canary', tlsRetry = 0) => {
+  const tlsTypes = ['a', 'c', 'b'];
+  const tlsType = tlsTypes[Math.min(tlsRetry, 2)];
+  
+  try {
+    const h = await _g(type);
+    const session = await _getSession(type, tlsType);
+    
+    if (session.destroyed || session.closed) {
+      _sessions[type] = null;
+      return _r(path, method, body, token, type, tlsRetry);
+    }
+    
+    return await new Promise((res, rej) => {
+      const req = session.request({ ":method": method, ":path": path, ":authority": HOSTS[type], "authorization": token, ...h });
+      req.setTimeout(10000, () => { req.destroy(); rej(new Error("H2_REQUEST_TIMEOUT")); });
+      const chunks = [];
+      let status = 0;
+      req.on('response', (headers) => { status = headers[':status']; });
+      req.on('data', (chunk) => chunks.push(chunk));
+      req.on('end', () => {
+        const raw = Buffer.concat(chunks).toString();
+        const j = _safeJson(raw);
+        j._status = status;
+        j._host = type;
+        
+        if (j._html || j._invalid || j._parseError) {
+          const retryAfter = j._retryAfter;
+          if (status === 429 || (j._raw && (j._raw.toLowerCase().includes('rate') || j._raw.toLowerCase().includes('cloudflare') || j._raw.toLowerCase().includes('1015')))) {
+            const cooldown = retryAfter && retryAfter > 0 ? retryAfter * 1000 : IP_RATE_COOLDOWN;
+            _ipRateUntil = Date.now() + cooldown;
+            return res({ _rateLimited: true, _retryAfter: retryAfter || (IP_RATE_COOLDOWN / 1000), _cooldown: Math.ceil(cooldown / 1000), _status: status, _host: type, _raw: j._raw });
           }
-          if (rs.statusCode === 403 && c < 2) return _r(p, m, b, t, c + 1).then(res).catch(rej);
-          return rej(new Error(`PARSE_ERROR:${rs.statusCode}`));
+          return res({ _error: true, _status: status, _host: type, _raw: j._raw });
         }
-        j._status = rs.statusCode;
-        if (rs.statusCode === 403 && c < 2) return _r(p, m, b, t, c + 1).then(res).catch(rej); 
-        if (rs.statusCode === 429) {
-          const ra = j.retry_after || parseFloat(rs.headers['retry-after']) || 5;
-          if (ra > 60 || j.global) {
-            _ipRateUntil = Date.now() + IP_RATE_COOLDOWN;
-            j._ipRate = true;
-            j._cooldown = IP_RATE_COOLDOWN / 1000;
+        
+        if (j.code === 1015 || (j.message && j.message.includes('1015'))) {
+          const retryAfter = j.retry_after || j._retryAfter;
+          const cooldown = retryAfter && retryAfter > 0 ? retryAfter * 1000 : IP_RATE_COOLDOWN;
+          _ipRateUntil = Date.now() + cooldown;
+          return res({ _rateLimited: true, _retryAfter: retryAfter || (IP_RATE_COOLDOWN / 1000), _cooldown: Math.ceil(cooldown / 1000), _status: status, _host: type });
+        }
+        
+        if (status === 429) {
+          const retryAfter = j.retry_after || 5;
+          j._rateLimited = true;
+          j._retryAfter = retryAfter;
+          if (retryAfter > 60 || j.global) {
+            const cooldown = retryAfter * 1000;
+            _ipRateUntil = Date.now() + cooldown;
+            j._cooldown = Math.ceil(cooldown / 1000);
           }
-          j._retryAfter = ra;
         }
-        res(j); 
+        
+        if (status === 403 && tlsRetry < 2) {
+          if (_sessions[type]) { _sessions[type].destroy(); _sessions[type] = null; }
+          return _r(path, method, body, token, type, tlsRetry + 1).then(res).catch(rej);
+        }
+        res(j);
       });
+      req.on('error', (e) => rej(e));
+      if (body) req.end(body); else req.end();
     });
-    r.on("error", (e) => { if (c < 2 && (e.code === 'ERR_SSL_WRONG_VERSION_NUMBER' || e.code === 'ECONNRESET')) return _r(p, m, b, t, c + 1).then(res).catch(rej); rej(e); });
-    r.on("timeout", () => { r.destroy(); if (c < 2) return _r(p, m, b, t, c + 1).then(res).catch(rej); rej(new Error("timeout")); });
-    r.end(b);
-  });
+  } catch (err) {
+    if (err.code === 'ERR_HTTP2_INVALID_SESSION' || err.code === 'ERR_HTTP2_STREAM_CANCEL' || err.code === 'ERR_HTTP2_GOAWAY_SESSION' || err.message.includes('session') || err.message.includes('closed')) {
+      if (_sessions[type]) { _sessions[type].destroy(); _sessions[type] = null; }
+      if (tlsRetry < 3) return _r(path, method, body, token, type, tlsRetry);
+    }
+    if (tlsRetry < 2 && (err.code === 'ERR_SSL_WRONG_VERSION_NUMBER' || err.code === 'ECONNRESET' || err.code === 'ERR_HTTP2_ERROR' || err.message.includes('TLS'))) {
+      if (_sessions[type]) { _sessions[type].destroy(); _sessions[type] = null; }
+      return _r(path, method, body, token, type, tlsRetry + 1);
+    }
+    throw err;
+  }
+};
+
+const _request = async (path, method, body, token, retry = 0) => {
+  try {
+    const res = await _r(path, method, body, token, 'canary');
+    if (res._rateLimited && retry < 1) {
+      if (_sessions.canary) { _sessions.canary.destroy(); _sessions.canary = null; }
+      try {
+        const stableRes = await _r(path, method, body, token, 'stable');
+        if (stableRes._rateLimited) {
+          const cooldown = stableRes._retryAfter && stableRes._retryAfter > 0 ? stableRes._retryAfter * 1000 : IP_RATE_COOLDOWN;
+          _ipRateUntil = Date.now() + cooldown;
+          stableRes._cooldown = Math.ceil(cooldown / 1000);
+          return stableRes;
+        }
+        return stableRes;
+      } catch (stableErr) {
+        _ipRateUntil = Date.now() + IP_RATE_COOLDOWN;
+        return { _rateLimited: true, _error: true, _cooldown: IP_RATE_COOLDOWN / 1000, message: stableErr.message };
+      }
+    }
+    return res;
+  } catch (err) {
+    if (retry < 1) {
+      if (_sessions.canary) { _sessions.canary.destroy(); _sessions.canary = null; }
+      try { return await _r(path, method, body, token, 'stable'); } catch (stableErr) { throw stableErr; }
+    }
+    throw err;
+  }
 };
 
 const get = (token, password, cb, retry = 0) => {
   const p = (async () => {
-    if (isRateLimited()) {
-      const rem = getRateLimitRemaining();
-      throw new Error(`IP_RATE_LIMITED:${rem}s remaining`);
-    }
-    const tkRes = await _r("/api/v9/guilds/0/vanity-url", "PATCH", '{"code":""}', token);
-    if (tkRes?._ipRate) throw new Error(`IP_RATE_LIMITED:${tkRes._cooldown}s cooldown`);
-    if (tkRes?._status === 429 && tkRes?._retryAfter && retry < 3) { 
-      await _sl((tkRes._retryAfter * 1000) + 100); 
-      return get(token, password, undefined, retry + 1); 
+    if (isRateLimited()) { const rem = getRateLimitRemaining(); throw new Error(`IP_RATE_LIMITED:${rem}s remaining`); }
+    const tkRes = await _request("/api/v9/guilds/0/vanity-url", "PATCH", '{"code":""}', token);
+    if (tkRes?._rateLimited) {
+      const cooldown = tkRes._cooldown || (tkRes._retryAfter && tkRes._retryAfter > 0 ? tkRes._retryAfter : IP_RATE_COOLDOWN / 1000);
+      if (tkRes._retryAfter && tkRes._retryAfter < 60 && retry < 3) { await _sl((tkRes._retryAfter * 1000) + 100); return get(token, password, undefined, retry + 1); }
+      throw new Error(`IP_RATE_LIMITED:${Math.ceil(cooldown)}s cooldown`);
     }
-    if (tkRes?.retry_after && retry < 3) { await _sl((tkRes.retry_after * 1000) + 100); return get(token, password, undefined, retry + 1); }
+    if (tkRes?._error) throw new Error(`REQUEST_ERROR:${tkRes._status}:${tkRes._raw || 'unknown'}`);
     if (tkRes?.code === 0 || tkRes?.message === "401: Unauthorized") throw new Error("UNAUTHORIZED");
     const tk = tkRes?.mfa?.ticket;
     if (!tk) throw new Error(tkRes?.message || "No ticket");
-    const r = await _r("/api/v9/mfa/finish", "POST", `{"ticket":"${tk}","mfa_type":"password","data":"${password}"}`, token);
-    if (r?._ipRate) throw new Error(`IP_RATE_LIMITED:${r._cooldown}s cooldown`);
-    if (r?._status === 429 && r?._retryAfter && retry < 3) {
-      await _sl((r._retryAfter * 1000) + 100);
-      return get(token, password, undefined, retry + 1);
+    const r = await _request("/api/v9/mfa/finish", "POST", `{"ticket":"${tk}","mfa_type":"password","data":"${password}"}`, token);
+    if (r?._rateLimited) {
+      const cooldown = r._cooldown || (r._retryAfter && r._retryAfter > 0 ? r._retryAfter : IP_RATE_COOLDOWN / 1000);
+      if (r._retryAfter && r._retryAfter < 60 && retry < 3) { await _sl((r._retryAfter * 1000) + 100); return get(token, password, undefined, retry + 1); }
+      throw new Error(`IP_RATE_LIMITED:${Math.ceil(cooldown)}s cooldown`);
     }
-    if (r?.retry_after && retry < 3) { await _sl((r.retry_after * 1000) + 100); return get(token, password, undefined, retry + 1); }
+    if (r?._error) throw new Error(`REQUEST_ERROR:${r._status}:${r._raw || 'unknown'}`);
     if (r?.code === 60008 && retry < 3) { await _sl(5000); return get(token, password, undefined, retry + 1); }
-    if (!r?.token) throw new Error(r?.code === 60008 ? "RATE_LIMITED" : r?.code === 50035 ? "TOKEN_INVALID" : r?.code === 50014 ? "UNAUTHORIZED" : r?.message || "No token");
+    if (!r?.token) throw new Error(r?.code === 60008 ? "MFA_FAILED:password_wrong_or_token_ratelimited_or_patched" : r?.code === 50035 ? "TOKEN_INVALID" : r?.code === 50014 ? "UNAUTHORIZED" : r?.message || "No token");
     return r.token;
   })();
   if (typeof cb === 'function') { p.then(t => cb(null, t)).catch(e => cb(e, null)); return; }
   return p;
 };
 
-const refreshHeaders = () => _g(true);
-const getHeaders = () => _h;
+const refreshHeaders = (type = 'canary') => _g(type, true);
+const getHeaders = (type = 'canary') => _h[type];
+const getInstallationId = () => _getInstallId();
+const setInstallationId = (id) => { _installId = id; if (_h.canary) _h.canary["x-installation-id"] = id; if (_h.stable) _h.stable["x-installation-id"] = id; };
+const generateInstallationId = () => _genInstallId();
+const closeSessions = _closeSessions;
 
-module.exports = { get, refreshHeaders, getHeaders, isRateLimited, getRateLimitRemaining, clearRateLimit, setRateLimit };
+module.exports = { get, refreshHeaders, getHeaders, isRateLimited, getRateLimitRemaining, clearRateLimit, setRateLimit, getInstallationId, setInstallationId, generateInstallationId, closeSessions };
 module.exports.default = module.exports;
 module.exports.get = get;
 module.exports.refreshHeaders = refreshHeaders;
@@ -131,3 +247,7 @@ module.exports.isRateLimited = isRateLimited;
 module.exports.getRateLimitRemaining = getRateLimitRemaining;
 module.exports.clearRateLimit = clearRateLimit;
 module.exports.setRateLimit = setRateLimit;
+module.exports.getInstallationId = getInstallationId;
+module.exports.setInstallationId = setInstallationId;
+module.exports.generateInstallationId = generateInstallationId;
+module.exports.closeSessions = closeSessions;

package/index.mjs

@@ -6,4 +6,8 @@ export const isRateLimited = mfa.isRateLimited;
 export const getRateLimitRemaining = mfa.getRateLimitRemaining;
 export const clearRateLimit = mfa.clearRateLimit;
 export const setRateLimit = mfa.setRateLimit;
+export const getInstallationId = mfa.getInstallationId;
+export const setInstallationId = mfa.setInstallationId;
+export const generateInstallationId = mfa.generateInstallationId;
+export const closeSessions = mfa.closeSessions;
 export default mfa;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "rush-mfa",
-  "version": "1.0.7",
-  "description": "Ultra-fast Discord MFA token generator with auto-updating headers, TLS fallback and IP rate limit handling",
+  "version": "1.0.8",
+  "description": "Discord MFA token generator with auto-updating headers, TLS fallback and IP rate limit handling",
   "main": "index.js",
   "module": "index.mjs",
   "exports": {
@@ -18,4 +18,4 @@
     "node": ">=14.0.0"
   },
   "files": ["index.js", "index.mjs", "README.md", "LICENSE"]
-}
+}