npm - stfca - Versions diffs - 1.0.27 → 1.1.27 - Mend

stfca 1.0.27 → 1.1.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/src/uploadAttachment.js CHANGED Viewed

@@ -1,93 +1,115 @@
-const utils = require("../utils");
+"use strict";
-module.exports = function (defaultFuncs, api, ctx) {
-  function upload(attachments, callback) {
-    callback = callback || function () {};
-    const uploads = [];
+const log = require("npmlog");
+const path = require("path");
+const mime = require("mime");
+const { parseAndCheckLogin, isReadableStream, getType } = require("../utils");
-    // create an array of promises
-    for (let i = 0; i < attachments.length; i++) {
-      if (!utils.isReadableStream(attachments[i])) {
-        throw {
-          error:
-            "Attachment should be a readable stream and not " +
-            utils.getType(attachments[i]) +
-            ".",
-        };
-      }
+const UPLOAD_URL = "https://www.facebook.com/ajax/mercury/upload.php";
+function _filenameFromStream(stream, fallback) {
+    try {
+        if (stream && typeof stream.path === "string" && stream.path.length) {
+            return path.basename(stream.path);
+        }
+        if (stream && stream.path && typeof stream.path.toString === "function") {
+            return path.basename(stream.path.toString());
+        }
+    } catch (_) { }
+    return fallback || "upload.bin";
+}
-      const form = {
-        upload_1024: attachments[i],
-        voice_clip: "true",
-      };
+function _contentTypeFor(filename, stream) {
+    try {
+        if (stream && typeof stream._contentType === "string" && stream._contentType.length) {
+            return stream._contentType;
+        }
+        if (stream && stream.headers && typeof stream.headers["content-type"] === "string") {
+            return stream.headers["content-type"];
+        }
+    } catch (_) { }
+    const t = mime.getType(filename);
+    return t || "application/octet-stream";
+}
-      uploads.push(
-        defaultFuncs
-          .postFormData(
-            "https://upload.facebook.com/ajax/mercury/upload.php",
-            ctx.jar,
-            form,
-            {},
-          )
-          .then(utils.parseAndCheckLogin(ctx, defaultFuncs))
-          .then(function (resData) {
-            if (resData.error) {
-              throw resData;
+module.exports = function (defaultFuncs, api, ctx) {
+    function uploadOne(stream) {
+        if (!isReadableStream(stream)) {
+            return Promise.reject({
+                error: "Attachment should be a readable stream and not " + getType(stream) + "."
+            });
+        }
+        const filename = _filenameFromStream(stream);
+        const contentType = _contentTypeFor(filename, stream);
+        const form = {
+            farr: {
+                value: stream,
+                options: {
+                    filename: filename,
+                    contentType: contentType
+                }
             }
+        };
-            // We have to return the data unformatted unless we want to change it
-            // back in sendMessage.
-            return resData.payload.metadata[0];
-          }),
-      );
+        return defaultFuncs
+            .postFormData(UPLOAD_URL, ctx.jar, form, {})
+            .then(parseAndCheckLogin(ctx, defaultFuncs))
+            .then(function (resData) {
+                if (resData.error) throw resData;
+                if (!resData.payload || !resData.payload.metadata) {
+                    throw { error: "Mercury upload returned no metadata", res: resData };
+                }
+                const md = resData.payload.metadata[0] || resData.payload.metadata["0"];
+                if (!md) {
+                    throw { error: "Mercury upload metadata[0] missing", res: resData };
+                }
+                return md;
+            });
     }
-    // resolve all promises
-    Promise.all(uploads)
-      .then(function (resData) {
-        callback(null, resData);
-      })
-      .catch(function (err) {
-        console.error("uploadAttachment", err);
-        return callback(err);
-      });
-  }
+    function upload(attachments, callback) {
+        callback = callback || function () { };
+        Promise.all(attachments.map(uploadOne))
+            .then(function (resData) { callback(null, resData); })
+            .catch(function (err) {
+                log.error("uploadAttachment", err);
+                return callback(err);
+            });
+    }
-  return function uploadAttachment(attachments, callback) {
-    if (
-      !attachments &&
-      !utils.isReadableStream(attachments) &&
-      !utils.getType(attachments) === "Array" &&
-      utils.getType(attachments) === "Array" &&
-      !attachments.length
-    )
-      throw { error: "Please pass an attachment or an array of attachments." };
+    return function uploadAttachment(attachments, callback) {
+        if (
+            !attachments &&
+            !isReadableStream(attachments) &&
+            !getType(attachments) === "Array" &&
+            getType(attachments) === "Array" && !attachments.length
+        ) {
+            throw { error: "Please pass an attachment or an array of attachments." };
+        }
-    let resolveFunc = function () {};
-    let rejectFunc = function () {};
-    const returnPromise = new Promise(function (resolve, reject) {
-      resolveFunc = resolve;
-      rejectFunc = reject;
-    });
+        let resolveFunc = function () { };
+        let rejectFunc = function () { };
+        const returnPromise = new Promise(function (resolve, reject) {
+            resolveFunc = resolve;
+            rejectFunc = reject;
+        });
-    if (!callback) {
-      callback = function (err, info) {
-        if (err) {
-          return rejectFunc(err);
+        if (!callback) {
+            callback = function (err, info) {
+                if (err) return rejectFunc(err);
+                resolveFunc(info);
+            };
         }
-        resolveFunc(info);
-      };
-    }
-    if (utils.getType(attachments) !== "Array") attachments = [attachments];
+        if (getType(attachments) !== "Array") attachments = [attachments];
-    upload(attachments, (err, info) => {
-      if (err) {
-        return callback(err);
-      }
-      callback(null, info);
-    });
+        upload(attachments, (err, info) => {
+            if (err) return callback(err);
+            callback(null, info);
+        });
-    return returnPromise;
-  };
+        return returnPromise;
+    };
 };

package/utils.js CHANGED Viewed

@@ -27,21 +27,83 @@ function setProxy(url) {
  * @param {undefined} [customHeader]
  */
+function sanitizeHeaderValue(value) {
+    if (value === null || value === undefined) return "";
+    var str = String(value);
+    if (str.trim().startsWith("[") && str.trim().endsWith("]")) {
+        try {
+            var parsed = JSON.parse(str);
+            if (Array.isArray(parsed)) return "";
+        } catch (_) { }
+    }
+    str = str.replace(/[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F\r\n\[\]]/g, "").trim();
+    return str;
+}
+function sanitizeHeaderName(name) {
+    if (!name || typeof name !== "string") return "";
+    return name.replace(/[^\x21-\x7E]/g, "").trim();
+}
 function getHeaders(url, options, ctx, customHeader) {
+    options = options || {};
+    var host;
+    try { host = new URL(url).host; } catch (_) { host = url.replace("https://", "").split("/")[0]; }
+    var ua = options.userAgent ||
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15";
+    var referer = options.referer || "https://www.facebook.com/";
+    var origin = referer.replace(/\/+$/, "");
+    var contentType = options.contentType || "application/x-www-form-urlencoded";
+    var acceptLang = options.acceptLanguage || "en-US,en;q=0.9";
     var headers = {
-        "Content-Type": "application/x-www-form-urlencoded",
-        Referer: "https://www.facebook.com/",
-        Host: url.replace("https://", "").split("/")[0],
-        Origin: "https://www.facebook.com",
-        "user-agent": (options.userAgent || "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36"),
+        Host: sanitizeHeaderValue(host),
+        Origin: sanitizeHeaderValue(origin),
+        Referer: sanitizeHeaderValue(referer),
+        "User-Agent": sanitizeHeaderValue(ua),
+        Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,application/json;q=0.8,*/*;q=0.7",
+        "Accept-Language": sanitizeHeaderValue(acceptLang),
+        "Accept-Encoding": "gzip, deflate",
+        "Content-Type": sanitizeHeaderValue(contentType),
         Connection: "keep-alive",
-        "sec-fetch-site": 'same-origin',
-        "sec-fetch-mode": 'cors'
+        DNT: "1",
+        "Upgrade-Insecure-Requests": "1",
+        "sec-ch-ua": "\"Safari\";v=\"18\", \"Not;A=Brand\";v=\"24\"",
+        "sec-ch-ua-mobile": "?0",
+        "sec-ch-ua-platform": "\"macOS\"",
+        "Sec-Fetch-Site": "same-origin",
+        "Sec-Fetch-Mode": "cors",
+        "Sec-Fetch-Dest": "empty",
+        "X-Requested-With": "XMLHttpRequest",
+        Pragma: "no-cache",
+        "Cache-Control": "no-cache"
     };
-    if (customHeader) Object.assign(headers, customHeader);
-    if (ctx && ctx.region) headers["X-MSGR-Region"] = ctx.region;
-    return headers;
+    if (ctx && ctx.region) {
+        var regionVal = sanitizeHeaderValue(ctx.region);
+        if (regionVal) headers["X-MSGR-Region"] = regionVal;
+    }
+    if (customHeader && typeof customHeader === "object") {
+        for (var key in customHeader) {
+            if (!Object.prototype.hasOwnProperty.call(customHeader, key)) continue;
+            var val = customHeader[key];
+            if (val === null || val === undefined || typeof val === "function") continue;
+            if (typeof val === "object") continue;
+            var sk = sanitizeHeaderName(key);
+            var sv = sanitizeHeaderValue(val);
+            if (sk && sv !== "") headers[sk] = sv;
+        }
+    }
+    var sanitized = {};
+    for (var k in headers) {
+        if (!Object.prototype.hasOwnProperty.call(headers, k)) continue;
+        var sk2 = sanitizeHeaderName(k);
+        var sv2 = sanitizeHeaderValue(headers[k]);
+        if (sk2 && sv2 !== "") sanitized[sk2] = sv2;
+    }
+    return sanitized;
 }
 /**
@@ -2603,9 +2665,9 @@ function saveCookies(jar) {
     return function (/** @type {{ headers: { [x: string]: any[]; }; }} */res) {
         var cookies = res.headers["set-cookie"] || [];
         cookies.forEach(function (/** @type {string} */c) {
-            if (c.indexOf(".facebook.com") > -1) { // yo wtf is this?
-                jar.setCookie(c, "https://www.facebook.com");
-                jar.setCookie(c.replace(/domain=\.facebook\.com/, "domain=.messenger.com"), "https://www.messenger.com");
+            if (c.indexOf(".facebook.com") > -1) {
+                try { jar.setCookie(c, "https://www.facebook.com"); } catch (_) { }
+                try { jar.setCookie(c.replace(/domain=\.facebook\.com/, "domain=.messenger.com"), "https://www.messenger.com"); } catch (_) { }
             }
         });
         return res;