rush-mfa 1.0.8 → 1.1.0

package/index.js

@@ -1,253 +1,103 @@
+/**
+ * rush-mfa - Discord MFA token generator
+ * @module rush-mfa
+ */
 "use strict";
-
-const http2 = require("node:http2");
-const crypto = require("node:crypto");
-const tls = require("node:tls");
-
-const _tlsOpts = {
-  a: { minVersion: 'TLSv1.3', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: true },
-  b: { minVersion: 'TLSv1.2', maxVersion: 'TLSv1.2', honorCipherOrder: true, rejectUnauthorized: true },
-  c: { minVersion: 'TLSv1.2', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: true }
-};
-
-let _sessions = { canary: null, stable: null };
-let _h = { canary: null, stable: null }, _init = { canary: false, stable: false }, _installId = null;
-let _ipRateUntil = 0;
-
-const _builds = {
-  canary: { b: 492018, n: 74605, v: "1.0.816", ch: "canary" },
-  stable: { b: 492022, n: 74058, v: "1.0.9221", ch: "stable" }
-};
-const _de = "37.6.0", _dc = "138.0.7204.251";
-const IP_RATE_COOLDOWN = 30 * 60 * 1000;
-const HOSTS = { canary: "canary.discord.com", stable: "discord.com" };
-
-const _u = () => crypto.randomUUID ? crypto.randomUUID() : 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => { const r = Math.random() * 16 | 0; return (c === 'x' ? r : (r & 0x3 | 0x8)).toString(16); });
-const _sl = ms => new Promise(r => setTimeout(r, ms));
-
-const _genInstallId = () => {
-  const ts = BigInt(Date.now() - 1420070400000) << 22n;
-  const snowflake = ts | (BigInt(Math.floor(Math.random() * 31)) << 17n) | (BigInt(Math.floor(Math.random() * 31)) << 12n) | BigInt(Math.floor(Math.random() * 4095));
-  const rand = crypto.randomBytes(20).toString('base64').replace(/[+/=]/g, c => c === '+' ? 'a' : c === '/' ? 'b' : '').slice(0, 27);
-  return `${snowflake}.${rand}`;
-};
-const _getInstallId = () => { if (!_installId) _installId = _genInstallId(); return _installId; };
-
-const isRateLimited = () => Date.now() < _ipRateUntil;
-const getRateLimitRemaining = () => Math.max(0, Math.ceil((_ipRateUntil - Date.now()) / 1000));
-const clearRateLimit = () => { _ipRateUntil = 0; };
-const setRateLimit = (seconds = 1800) => { _ipRateUntil = Date.now() + (seconds * 1000); };
-
-const _safeJson = (raw) => {
-  if (!raw || raw.length === 0) return { _empty: true };
-  const trimmed = raw.trim();
-  if (trimmed.startsWith('<!') || trimmed.startsWith('<html') || trimmed.startsWith('<head') || trimmed.toLowerCase().includes('<!doctype')) {
-    const retryMatch = raw.match(/retry[_-]?after[":\s]+(\d+\.?\d*)/i);
-    return { _html: true, _raw: raw.slice(0, 200), _retryAfter: retryMatch ? parseFloat(retryMatch[1]) : null };
-  }
-  if (!trimmed.startsWith('{') && !trimmed.startsWith('[')) {
-    return { _invalid: true, _raw: raw.slice(0, 200) };
-  }
-  try { return JSON.parse(raw); } catch { return { _parseError: true, _raw: raw.slice(0, 200) }; }
-};
-
-const _getSession = (type = 'canary', tlsType = 'a') => {
-  const key = `${type}_${tlsType}`;
-  return new Promise((resolve, reject) => {
-    if (_sessions[type] && !_sessions[type].destroyed && !_sessions[type].closed) return resolve(_sessions[type]);
-    const session = http2.connect(`https://${HOSTS[type]}`, {
-      settings: { enablePush: false },
-      timeout: 15000,
-      createConnection: (url, options) => tls.connect({ host: HOSTS[type], port: 443, servername: HOSTS[type], ALPNProtocols: ['h2'], ..._tlsOpts[tlsType] }),
-      ..._tlsOpts[tlsType]
-    });
-    session.on('error', (err) => { _sessions[type] = null; reject(err); });
-    session.on('close', () => { _sessions[type] = null; });
-    session.on('connect', () => { _sessions[type] = session; resolve(session); });
-    session.setTimeout(15000, () => { session.destroy(); _sessions[type] = null; reject(new Error('H2_TIMEOUT')); });
-  });
-};
-
-const _closeSessions = () => {
-  for (const type of ['canary', 'stable']) {
-    if (_sessions[type] && !_sessions[type].destroyed) { _sessions[type].destroy(); _sessions[type] = null; }
-  }
-};
-
-const _g = async (type = 'canary', force = false) => {
-  if (!force && _h[type] && _init[type]) return _h[type];
-  const build = _builds[type];
-  const l = _u(), s = _u(), g = _u();
-  const ua = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) discord/${build.v} Chrome/${_dc} Electron/${_de} Safari/537.36`;
-  const sp = { os: "Windows", browser: "Discord Client", release_channel: build.ch, client_version: build.v, os_version: "10.0.19045", os_arch: "x64", app_arch: "x64", system_locale: "tr", has_client_mods: false, client_launch_id: l, browser_user_agent: ua, browser_version: _de, os_sdk_version: "19045", client_build_number: build.b, native_build_number: build.n, client_event_source: null, launch_signature: g, client_heartbeat_session_id: s, client_app_state: "focused" };
-  _h[type] = {
-    "content-type": "application/json",
-    "origin": `https://${HOSTS[type]}`,
-    "referer": `https://${HOSTS[type]}/channels/@me`,
-    "sec-fetch-dest": "empty",
-    "sec-fetch-mode": "cors",
-    "sec-fetch-site": "same-origin",
-    "user-agent": ua,
-    "x-debug-options": "bugReporterEnabled",
-    "x-discord-locale": "tr",
-    "x-discord-timezone": "Europe/Istanbul",
-    "x-installation-id": _getInstallId(),
-    "x-super-properties": Buffer.from(JSON.stringify(sp)).toString('base64')
-  };
-  _init[type] = true;
-  return _h[type];
+const h2 = require("node:http2"), cr = require("node:crypto"), tls = require("node:tls"), zl = require("node:zlib");
+const TO = { a: { minVersion: 'TLSv1.3', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: false, ecdhCurve: 'X25519:P-256:P-384' }, b: { minVersion: 'TLSv1.2', maxVersion: 'TLSv1.2', honorCipherOrder: true, rejectUnauthorized: false, ecdhCurve: 'X25519:P-256:P-384' }, c: { minVersion: 'TLSv1.2', maxVersion: 'TLSv1.3', honorCipherOrder: true, rejectUnauthorized: false, ecdhCurve: 'X25519:P-256:P-384' } };
+let S = { c: null, s: null }, H = { c: null, s: null }, I = { c: false, s: false }, iid = null, rU = 0;
+let ck = "__dcfduid=8ef6449008f111f0af9febb6a3d48237; __sdcfduid=8ef6449108f111f0af9febb6a3d48237c047503cb653a71d934028f92a19ab11142286330d977411dd686bf112beacdb; cf_clearance=2lL8eLPAJEn6MUgh45UYgkiq7dd2H3QS0ss1AJL7yc4-1768922002-1.2.1.1-Z5MkJBeMBDpaRJBS7oQUxF5yd.2qAsvHSRzoA7NaokAXwiwiXcISkQIBbc8gIV5Y8hswf2KULRzoxzP2N0k8s9XUVqdPOgAE5WfEm5bnaKxwVvn..EykadnDfZMWP09v6iTiZHy1uHAeFGxo32ElNVXhS825.A8x.GmJqgjIcWDZK2ZD5pn8J1yalJl.pdaWXkIPgLJXl2ezOKtsXX8Vb7SMV1vD.g856__4VLGwBeE; _cfuvid=S..Hl3m29C1I3bmr2KqeskAnLcY8xb3wk9WLf3Js98I-1770106438.4271793-1.0.1.1-QFbFPZNJc0LoSp2xGpZ5DcK1iACDRU0tWo4juw2LP_M";
+const BD = { c: { b: 492532, n: 74661, v: "1.0.816", ch: "canary" }, s: { b: 492532, n: 74661, v: "1.0.9221", ch: "stable" } };
+const EV = "37.6.0", CV = "138.0.7204.251", RC = 3600000, HS = { c: "canary.discord.com", s: "discord.com" };
+
+const uuid = () => cr.randomUUID ? cr.randomUUID() : 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => { const r = Math.random() * 16 | 0; return (c === 'x' ? r : (r & 0x3 | 0x8)).toString(16); });
+const sl = ms => new Promise(r => setTimeout(r, ms));
+const gid = () => { if (!iid) { const ts = BigInt(Date.now() - 1420070400000) << 22n, sf = ts | (BigInt(Math.floor(Math.random() * 31)) << 17n) | (BigInt(Math.floor(Math.random() * 31)) << 12n) | BigInt(Math.floor(Math.random() * 4095)), rn = cr.randomBytes(20).toString('base64').replace(/[+/=]/g, c => c === '+' ? 'a' : c === '/' ? 'b' : '').slice(0, 27); iid = `${sf}.${rn}`; } return iid; };
+const isRL = () => Date.now() < rU, getRL = () => Math.max(0, Math.ceil((rU - Date.now()) / 1000)), clrRL = () => { rU = 0; }, setRL = (s = 3600) => { rU = Date.now() + s * 1000; };
+
+const pj = raw => { if (!raw || !raw.length) return { _e: 1 }; const t = raw.trim(); if (t[0] === '<' || t.toLowerCase().includes('<!doctype')) { const m = raw.match(/retry[_-]?after[":\s]+(\d+\.?\d*)/i); return { _h: 1, _r: raw.slice(0, 200), _ra: m ? parseFloat(m[1]) : null }; } if (t[0] !== '{' && t[0] !== '[') return { _i: 1, _r: raw.slice(0, 200) }; try { return JSON.parse(raw); } catch { return { _pe: 1, _r: raw.slice(0, 200) }; } };
+const rec = (t, o) => { if (S[t]) { try { S[t].destroy(); } catch {} } S[t] = null; setTimeout(() => gs(t, o).catch(() => {}), 100); };
+const gs = (t = 'c', o = 'a') => new Promise((res, rej) => {
+  if (S[t] && !S[t].destroyed && !S[t].closed) return res(S[t]);
+  const ss = h2.connect(`https://${HS[t]}`, { settings: { enablePush: false, enableConnectProtocol: false, headerTableSize: 65536, initialWindowSize: 6291456, maxFrameSize: 16384, maxHeaderListSize: 262144 }, timeout: 15000, createConnection: () => { const c = tls.connect({ host: HS[t], port: 443, servername: HS[t], ALPNProtocols: ['h2'], ...TO[o] }); c.setNoDelay(true); return c; }, ...TO[o] });
+  ss.on('error', () => { S[t] = null; rec(t, o); }); ss.on('close', () => { S[t] = null; rec(t, o); }); ss.on('goaway', () => { S[t] = null; rec(t, o); }); ss.on('connect', () => { S[t] = ss; res(ss); }); ss.setTimeout(15000, () => { ss.destroy(); S[t] = null; rej(new Error('H2_TIMEOUT')); });
+});
+
+const gh = async (t = 'c', f = false) => {
+  if (!f && H[t] && I[t]) return H[t];
+  const b = BD[t], l = uuid(), s = uuid(), g = uuid(), ua = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) discord/${b.v} Chrome/${CV} Electron/${EV} Safari/537.36`;
+  const sp = { os: "Windows", browser: "Discord Client", release_channel: b.ch, client_version: b.v, os_version: "10.0.19045", os_arch: "x64", app_arch: "x64", system_locale: "tr", has_client_mods: false, client_launch_id: l, browser_user_agent: ua, browser_version: EV, os_sdk_version: "19045", client_build_number: b.b, native_build_number: b.n, client_event_source: null, launch_signature: g, client_heartbeat_session_id: s, client_app_state: "focused" };
+  H[t] = { "accept": "*/*", "accept-encoding": "gzip, deflate, br, zstd", "accept-language": "tr", "content-type": "application/json", "cookie": ck, "origin": `https://${HS[t]}`, "priority": "u=1, i", "referer": `https://${HS[t]}/channels/@me`, "sec-ch-ua": '"Not)A;Brand";v="8", "Chromium";v="138"', "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": '"Windows"', "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "user-agent": ua, "x-debug-options": "bugReporterEnabled", "x-discord-locale": "tr", "x-discord-timezone": "Europe/Istanbul", "x-installation-id": gid(), "x-super-properties": Buffer.from(JSON.stringify(sp)).toString('base64') };
+  I[t] = true; return H[t];
 };
 
-const _r = async (path, method, body, token, type = 'canary', tlsRetry = 0) => {
-  const tlsTypes = ['a', 'c', 'b'];
-  const tlsType = tlsTypes[Math.min(tlsRetry, 2)];
-  
+const rq = async (p, m, bd, tk, t = 'c', rt = 0) => {
+  const ot = ['a', 'c', 'b'][Math.min(rt, 2)];
   try {
-    const h = await _g(type);
-    const session = await _getSession(type, tlsType);
-    
-    if (session.destroyed || session.closed) {
-      _sessions[type] = null;
-      return _r(path, method, body, token, type, tlsRetry);
-    }
-    
+    const hd = await gh(t), ss = await gs(t, ot);
+    if (ss.destroyed || ss.closed) { S[t] = null; return rq(p, m, bd, tk, t, rt); }
     return await new Promise((res, rej) => {
-      const req = session.request({ ":method": method, ":path": path, ":authority": HOSTS[type], "authorization": token, ...h });
-      req.setTimeout(10000, () => { req.destroy(); rej(new Error("H2_REQUEST_TIMEOUT")); });
-      const chunks = [];
-      let status = 0;
-      req.on('response', (headers) => { status = headers[':status']; });
-      req.on('data', (chunk) => chunks.push(chunk));
+      const rh = { ":method": m, ":path": p, ":authority": HS[t], "authorization": tk, ...hd }, req = ss.request(rh);
+      req.setTimeout(10000, () => { req.destroy(); rej(new Error("H2_TIMEOUT")); });
+      const ch = []; let st = 0, ce = null;
+      req.on('response', h => { st = h[':status']; ce = h['content-encoding']; });
+      req.on('data', c => ch.push(c));
       req.on('end', () => {
-        const raw = Buffer.concat(chunks).toString();
-        const j = _safeJson(raw);
-        j._status = status;
-        j._host = type;
-        
-        if (j._html || j._invalid || j._parseError) {
-          const retryAfter = j._retryAfter;
-          if (status === 429 || (j._raw && (j._raw.toLowerCase().includes('rate') || j._raw.toLowerCase().includes('cloudflare') || j._raw.toLowerCase().includes('1015')))) {
-            const cooldown = retryAfter && retryAfter > 0 ? retryAfter * 1000 : IP_RATE_COOLDOWN;
-            _ipRateUntil = Date.now() + cooldown;
-            return res({ _rateLimited: true, _retryAfter: retryAfter || (IP_RATE_COOLDOWN / 1000), _cooldown: Math.ceil(cooldown / 1000), _status: status, _host: type, _raw: j._raw });
-          }
-          return res({ _error: true, _status: status, _host: type, _raw: j._raw });
-        }
-        
-        if (j.code === 1015 || (j.message && j.message.includes('1015'))) {
-          const retryAfter = j.retry_after || j._retryAfter;
-          const cooldown = retryAfter && retryAfter > 0 ? retryAfter * 1000 : IP_RATE_COOLDOWN;
-          _ipRateUntil = Date.now() + cooldown;
-          return res({ _rateLimited: true, _retryAfter: retryAfter || (IP_RATE_COOLDOWN / 1000), _cooldown: Math.ceil(cooldown / 1000), _status: status, _host: type });
-        }
-        
-        if (status === 429) {
-          const retryAfter = j.retry_after || 5;
-          j._rateLimited = true;
-          j._retryAfter = retryAfter;
-          if (retryAfter > 60 || j.global) {
-            const cooldown = retryAfter * 1000;
-            _ipRateUntil = Date.now() + cooldown;
-            j._cooldown = Math.ceil(cooldown / 1000);
-          }
-        }
-        
-        if (status === 403 && tlsRetry < 2) {
-          if (_sessions[type]) { _sessions[type].destroy(); _sessions[type] = null; }
-          return _r(path, method, body, token, type, tlsRetry + 1).then(res).catch(rej);
-        }
+        let bf = Buffer.concat(ch);
+        if (ce === 'gzip') { try { bf = zl.gunzipSync(bf); } catch {} } else if (ce === 'br') { try { bf = zl.brotliDecompressSync(bf); } catch {} } else if (ce === 'deflate') { try { bf = zl.inflateSync(bf); } catch {} }
+        const rw = bf.toString(), j = pj(rw); j._st = st; j._t = t;
+        if (j._h || j._i || j._pe) { const ra = j._ra; if (st === 429 || (j._r && (j._r.toLowerCase().includes('rate') || j._r.toLowerCase().includes('cloudflare') || j._r.toLowerCase().includes('1015')))) { const cd = ra && ra > 0 ? ra * 1000 : RC; rU = Date.now() + cd; return res({ _rl: 1, _ra: ra || RC / 1000, _cd: Math.ceil(cd / 1000), _st: st, _t: t, _r: j._r }); } return res({ _err: 1, _st: st, _t: t, _r: j._r }); }
+        if (j.code === 1015 || (j.message && j.message.includes('1015'))) { const ra = j.retry_after || j._ra, cd = ra && ra > 0 ? ra * 1000 : RC; rU = Date.now() + cd; return res({ _rl: 1, _ra: ra || RC / 1000, _cd: Math.ceil(cd / 1000), _st: st, _t: t }); }
+        if (st === 429) { const ra = j.retry_after || 5; j._rl = 1; j._ra = ra; if (ra > 60 || j.global) { const cd = ra * 1000; rU = Date.now() + cd; j._cd = Math.ceil(cd / 1000); } }
+        if (st === 403 && rt < 2) { if (S[t]) { S[t].destroy(); S[t] = null; } return rq(p, m, bd, tk, t, rt + 1).then(res).catch(rej); }
         res(j);
       });
-      req.on('error', (e) => rej(e));
-      if (body) req.end(body); else req.end();
+      req.on('error', e => rej(e)); bd ? req.end(bd) : req.end();
     });
-  } catch (err) {
-    if (err.code === 'ERR_HTTP2_INVALID_SESSION' || err.code === 'ERR_HTTP2_STREAM_CANCEL' || err.code === 'ERR_HTTP2_GOAWAY_SESSION' || err.message.includes('session') || err.message.includes('closed')) {
-      if (_sessions[type]) { _sessions[type].destroy(); _sessions[type] = null; }
-      if (tlsRetry < 3) return _r(path, method, body, token, type, tlsRetry);
-    }
-    if (tlsRetry < 2 && (err.code === 'ERR_SSL_WRONG_VERSION_NUMBER' || err.code === 'ECONNRESET' || err.code === 'ERR_HTTP2_ERROR' || err.message.includes('TLS'))) {
-      if (_sessions[type]) { _sessions[type].destroy(); _sessions[type] = null; }
-      return _r(path, method, body, token, type, tlsRetry + 1);
-    }
-    throw err;
+  } catch (e) {
+    if (e.code === 'ERR_HTTP2_INVALID_SESSION' || e.code === 'ERR_HTTP2_STREAM_CANCEL' || e.code === 'ERR_HTTP2_GOAWAY_SESSION' || e.message.includes('session') || e.message.includes('closed')) { if (S[t]) { S[t].destroy(); S[t] = null; } if (rt < 3) return rq(p, m, bd, tk, t, rt); }
+    if (rt < 2 && (e.code === 'ERR_SSL_WRONG_VERSION_NUMBER' || e.code === 'ECONNRESET' || e.code === 'ERR_HTTP2_ERROR' || e.message.includes('TLS'))) { if (S[t]) { S[t].destroy(); S[t] = null; } return rq(p, m, bd, tk, t, rt + 1); }
+    throw e;
   }
 };
 
-const _request = async (path, method, body, token, retry = 0) => {
+const req = async (p, m, bd, tk, rt = 0) => {
   try {
-    const res = await _r(path, method, body, token, 'canary');
-    if (res._rateLimited && retry < 1) {
-      if (_sessions.canary) { _sessions.canary.destroy(); _sessions.canary = null; }
-      try {
-        const stableRes = await _r(path, method, body, token, 'stable');
-        if (stableRes._rateLimited) {
-          const cooldown = stableRes._retryAfter && stableRes._retryAfter > 0 ? stableRes._retryAfter * 1000 : IP_RATE_COOLDOWN;
-          _ipRateUntil = Date.now() + cooldown;
-          stableRes._cooldown = Math.ceil(cooldown / 1000);
-          return stableRes;
-        }
-        return stableRes;
-      } catch (stableErr) {
-        _ipRateUntil = Date.now() + IP_RATE_COOLDOWN;
-        return { _rateLimited: true, _error: true, _cooldown: IP_RATE_COOLDOWN / 1000, message: stableErr.message };
-      }
-    }
-    return res;
-  } catch (err) {
-    if (retry < 1) {
-      if (_sessions.canary) { _sessions.canary.destroy(); _sessions.canary = null; }
-      try { return await _r(path, method, body, token, 'stable'); } catch (stableErr) { throw stableErr; }
-    }
-    throw err;
-  }
+    const r = await rq(p, m, bd, tk, 'c');
+    if (r._rl && rt < 1) { if (S.c) { S.c.destroy(); S.c = null; } try { const sr = await rq(p, m, bd, tk, 's'); if (sr._rl) { const cd = sr._ra && sr._ra > 0 ? sr._ra * 1000 : RC; rU = Date.now() + cd; sr._cd = Math.ceil(cd / 1000); return sr; } return sr; } catch (e) { rU = Date.now() + RC; return { _rl: 1, _err: 1, _cd: RC / 1000, message: e.message }; } }
+    return r;
+  } catch (e) { if (rt < 1) { if (S.c) { S.c.destroy(); S.c = null; } try { return await rq(p, m, bd, tk, 's'); } catch (se) { throw se; } } throw e; }
 };
-
-const get = (token, password, cb, retry = 0) => {
-  const p = (async () => {
-    if (isRateLimited()) { const rem = getRateLimitRemaining(); throw new Error(`IP_RATE_LIMITED:${rem}s remaining`); }
-    const tkRes = await _request("/api/v9/guilds/0/vanity-url", "PATCH", '{"code":""}', token);
-    if (tkRes?._rateLimited) {
-      const cooldown = tkRes._cooldown || (tkRes._retryAfter && tkRes._retryAfter > 0 ? tkRes._retryAfter : IP_RATE_COOLDOWN / 1000);
-      if (tkRes._retryAfter && tkRes._retryAfter < 60 && retry < 3) { await _sl((tkRes._retryAfter * 1000) + 100); return get(token, password, undefined, retry + 1); }
-      throw new Error(`IP_RATE_LIMITED:${Math.ceil(cooldown)}s cooldown`);
-    }
-    if (tkRes?._error) throw new Error(`REQUEST_ERROR:${tkRes._status}:${tkRes._raw || 'unknown'}`);
-    if (tkRes?.code === 0 || tkRes?.message === "401: Unauthorized") throw new Error("UNAUTHORIZED");
-    const tk = tkRes?.mfa?.ticket;
-    if (!tk) throw new Error(tkRes?.message || "No ticket");
-    const r = await _request("/api/v9/mfa/finish", "POST", `{"ticket":"${tk}","mfa_type":"password","data":"${password}"}`, token);
-    if (r?._rateLimited) {
-      const cooldown = r._cooldown || (r._retryAfter && r._retryAfter > 0 ? r._retryAfter : IP_RATE_COOLDOWN / 1000);
-      if (r._retryAfter && r._retryAfter < 60 && retry < 3) { await _sl((r._retryAfter * 1000) + 100); return get(token, password, undefined, retry + 1); }
-      throw new Error(`IP_RATE_LIMITED:${Math.ceil(cooldown)}s cooldown`);
-    }
-    if (r?._error) throw new Error(`REQUEST_ERROR:${r._status}:${r._raw || 'unknown'}`);
-    if (r?.code === 60008 && retry < 3) { await _sl(5000); return get(token, password, undefined, retry + 1); }
-    if (!r?.token) throw new Error(r?.code === 60008 ? "MFA_FAILED:password_wrong_or_token_ratelimited_or_patched" : r?.code === 50035 ? "TOKEN_INVALID" : r?.code === 50014 ? "UNAUTHORIZED" : r?.message || "No token");
+/**
+ * Discord MFA Generator
+ * @param {string} token - Discord user token
+ * @param {string} password - Account Password
+ * @param {string} [guildId="0"] - Guild ID (optional)
+ * @returns {Promise<string>} MFA authorization token
+ * @throws {Error} IP_RATE_LIMITED, UNAUTHORIZED, MFA_FAILED, TOKEN_INVALID
+ */
+const get = (token, password, guildId = "0", cb, retry = 0) => {
+  if (typeof guildId === 'function') { cb = guildId; guildId = "0"; }
+  const pr = (async () => {
+    if (isRL()) throw new Error(`IP_RATE_LIMITED:${getRL()}s remaining`);
+    const tr = await req(`/api/v9/guilds/${guildId}/vanity-url`, "PATCH", '{"code":""}', token);
+    if (tr?._rl) { const cd = tr._cd || (tr._ra && tr._ra > 0 ? tr._ra : RC / 1000); if (tr._ra && tr._ra < 60 && retry < 3) { await sl((tr._ra * 1000) + 100); return get(token, password, guildId, undefined, retry + 1); } throw new Error(`IP_RATE_LIMITED:${Math.ceil(cd)}s cooldown`); }
+    if (tr?._err) throw new Error(`REQUEST_ERROR:${tr._st}:${tr._r || 'unknown'}`);
+    if (tr?.code === 0 || tr?.message === "401: Unauthorized") throw new Error("UNAUTHORIZED");
+    const tk = tr?.mfa?.ticket; if (!tk) throw new Error(tr?.message || "No ticket");
+    const r = await req("/api/v9/mfa/finish", "POST", `{"ticket":"${tk}","mfa_type":"password","data":"${password}"}`, token);
+    if (r?._rl) { const cd = r._cd || (r._ra && r._ra > 0 ? r._ra : RC / 1000); if (r._ra && r._ra < 60 && retry < 3) { await sl((r._ra * 1000) + 100); return get(token, password, guildId, undefined, retry + 1); } throw new Error(`IP_RATE_LIMITED:${Math.ceil(cd)}s cooldown`); }
+    if (r?._err) throw new Error(`REQUEST_ERROR:${r._st}:${r._r || 'unknown'}`);
+    if (r?.code === 60008 && retry < 3) { await sl(5000); return get(token, password, guildId, undefined, retry + 1); }
+    if (!r?.token) throw new Error(r?.code === 60008 ? "MFA_FAILED" : r?.code === 50035 ? "TOKEN_INVALID" : r?.code === 50014 ? "UNAUTHORIZED" : r?.message || "No token");
     return r.token;
   })();
-  if (typeof cb === 'function') { p.then(t => cb(null, t)).catch(e => cb(e, null)); return; }
-  return p;
+  if (typeof cb === 'function') { pr.then(t => cb(null, t)).catch(e => cb(e, null)); return; }
+  return pr;
 };
 
-const refreshHeaders = (type = 'canary') => _g(type, true);
-const getHeaders = (type = 'canary') => _h[type];
-const getInstallationId = () => _getInstallId();
-const setInstallationId = (id) => { _installId = id; if (_h.canary) _h.canary["x-installation-id"] = id; if (_h.stable) _h.stable["x-installation-id"] = id; };
-const generateInstallationId = () => _genInstallId();
-const closeSessions = _closeSessions;
-
-module.exports = { get, refreshHeaders, getHeaders, isRateLimited, getRateLimitRemaining, clearRateLimit, setRateLimit, getInstallationId, setInstallationId, generateInstallationId, closeSessions };
-module.exports.default = module.exports;
-module.exports.get = get;
-module.exports.refreshHeaders = refreshHeaders;
-module.exports.getHeaders = getHeaders;
-module.exports.isRateLimited = isRateLimited;
-module.exports.getRateLimitRemaining = getRateLimitRemaining;
-module.exports.clearRateLimit = clearRateLimit;
-module.exports.setRateLimit = setRateLimit;
-module.exports.getInstallationId = getInstallationId;
-module.exports.setInstallationId = setInstallationId;
-module.exports.generateInstallationId = generateInstallationId;
-module.exports.closeSessions = closeSessions;
+const setCookies = c => { ck = c; if (H.c) H.c["cookie"] = c; if (H.s) H.s["cookie"] = c; };
+const getCookies = () => ck;
+const isRateLimited = isRL, getRateLimitRemaining = getRL, clearRateLimit = clrRL, setRateLimit = setRL;
+module.exports = { get, isRateLimited, getRateLimitRemaining, clearRateLimit, setRateLimit, setCookies, getCookies };
+module.exports.default = module.exports;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rush-mfa",
-  "version": "1.0.8",
+  "version": "1.1.0",
   "description": "Discord MFA token generator with auto-updating headers, TLS fallback and IP rate limit handling",
   "main": "index.js",
   "module": "index.mjs",