vektor-slipstream 1.4.4 → 2.0.0

package/cloak-captcha.js

@@ -1,541 +0,0 @@
-'use strict';
-
-/**
- * cloak-captcha.js
- * Automated CAPTCHA detection and solving pipeline for Cloak.
- *
- * Supports:
- *   - hCaptcha  → screenshot → vision model → token injection
- *   - reCAPTCHA v2 → 2captcha/CapSolver API fallback
- *   - reCAPTCHA v3 → session warmup strategy (score-based, no challenge)
- *   - Cloudflare Turnstile → fingerprint consistency pass
- *   - Audio CAPTCHA → Whisper transcription
- *
- * Usage:
- *   const { detectCaptcha, solveCaptcha, injectCaptchaSolution } = require('./cloak-captcha');
- *   const detected = await detectCaptcha(page);
- *   if (detected) {
- *     const token = await solveCaptcha(page, detected, { visionApiKey, provider });
- *     await injectCaptchaSolution(page, detected, token);
- *   }
- */
-
-const https   = require('https');
-const fs      = require('fs');
-const path    = require('path');
-const os      = require('os');
-
-// ── Detection ─────────────────────────────────────────────────────────────────
-
-const CAPTCHA_SIGNATURES = {
-  hcaptcha: [
-    'hcaptcha.com/1/api.js',
-    'data-hcaptcha-widget-id',
-    'h-captcha',
-    'hcaptcha-challenge',
-  ],
-  recaptcha_v2: [
-    'google.com/recaptcha/api.js',
-    'g-recaptcha',
-    'data-sitekey',
-    'recaptcha-checkbox',
-  ],
-  recaptcha_v3: [
-    'google.com/recaptcha/api.js?render=',
-    'grecaptcha.execute',
-  ],
-  turnstile: [
-    'challenges.cloudflare.com',
-    'cf-turnstile',
-    'data-cf-turnstile',
-  ],
-  audio: [
-    'audio-challenge',
-    'captcha-audio',
-    'rc-audiochallenge',
-  ],
-};
-
-/**
- * Detect CAPTCHA type on a Playwright page.
- * Returns { type, sitekey, element } or null.
- */
-async function detectCaptcha(page) {
-  const html = await page.content().catch(() => '');
-
-  for (const [type, sigs] of Object.entries(CAPTCHA_SIGNATURES)) {
-    for (const sig of sigs) {
-      if (html.includes(sig)) {
-        // Extract sitekey if available
-        let sitekey = null;
-        const skMatch = html.match(/data-sitekey=["']([^"']+)["']/);
-        if (skMatch) sitekey = skMatch[1];
-
-        // Check if actually visible (not just in source)
-        const visible = await _isCaptchaVisible(page, type);
-        if (!visible && type !== 'recaptcha_v3') continue; // v3 is invisible by design
-
-        return { type, sitekey, visible };
-      }
-    }
-  }
-  return null;
-}
-
-async function _isCaptchaVisible(page, type) {
-  const selectors = {
-    hcaptcha:     'iframe[src*="hcaptcha"]',
-    recaptcha_v2: 'iframe[src*="recaptcha"]',
-    recaptcha_v3: 'script[src*="recaptcha"]',
-    turnstile:    'iframe[src*="challenges.cloudflare"]',
-    audio:        '.rc-audiochallenge',
-  };
-  const sel = selectors[type];
-  if (!sel) return false;
-  try {
-    const el = await page.$(sel);
-    return !!el;
-  } catch { return false; }
-}
-
-// ── Solving ───────────────────────────────────────────────────────────────────
-
-/**
- * Solve a detected CAPTCHA. Returns token string or null.
- *
- * opts:
- *   provider:      'claude' | 'openai' | '2captcha' | 'capsolver' (default: 'claude')
- *   visionApiKey:  API key for vision provider
- *   solverApiKey:  API key for 2captcha/capsolver
- *   anthropicKey:  Anthropic API key (for provider='claude')
- */
-async function solveCaptcha(page, detected, opts = {}) {
-  const provider = opts.provider || 'claude';
-
-  switch (detected.type) {
-    case 'hcaptcha':
-      return _solveHcaptcha(page, { ...opts, provider });
-
-    case 'recaptcha_v2':
-      return _solveRecaptchaV2(page, detected, opts);
-
-    case 'recaptcha_v3':
-      // v3 is score-based — no token to solve, just warm the session
-      return _warmRecaptchaV3Session(page, opts);
-
-    case 'turnstile':
-      // Turnstile needs consistent fingerprint — return advisory
-      return { advisory: 'turnstile', message: 'Use persistent cloak_passport fingerprint for Turnstile.' };
-
-    case 'audio':
-      return _solveAudioCaptcha(page, opts);
-
-    default:
-      return null;
-  }
-}
-
-// ── hCaptcha — screenshot + vision model ─────────────────────────────────────
-
-async function _solveHcaptcha(page, opts) {
-  // Switch to image challenge if audio is showing
-  try {
-    const audioBtn = await page.$('.h-captcha-audio-btn, [aria-label="Get an audio challenge"]');
-    if (audioBtn) {
-      const visualBtn = await page.$('[aria-label="Get a visual challenge"]');
-      if (visualBtn) await visualBtn.click();
-      await page.waitForTimeout(800);
-    }
-  } catch { /* ignore */ }
-
-  // Find the hCaptcha iframe
-  const frame = await _getHcaptchaFrame(page);
-  if (!frame) return null;
-
-  // Get challenge prompt text
-  let prompt = 'unknown challenge';
-  try {
-    const promptEl = await frame.$('.prompt-text, [class*="prompt"]');
-    if (promptEl) prompt = await promptEl.innerText();
-  } catch { /* ignore */ }
-
-  // Screenshot the challenge grid
-  const screenshotPath = path.join(os.tmpdir(), `hcaptcha-${Date.now()}.png`);
-  try {
-    const challengeEl = await frame.$('.task-grid, .challenge-container, .display-language');
-    if (challengeEl) {
-      await challengeEl.screenshot({ path: screenshotPath });
-    } else {
-      // Full frame screenshot
-      await frame.locator('body').screenshot({ path: screenshotPath });
-    }
-  } catch (e) {
-    // Full page screenshot fallback
-    await page.screenshot({ path: screenshotPath });
-  }
-
-  // Send to vision model
-  const imageData = fs.readFileSync(screenshotPath).toString('base64');
-  let selections  = null;
-
-  try {
-    if (opts.provider === 'claude' || !opts.provider) {
-      selections = await _visionSolveWithClaude(imageData, prompt, opts.anthropicKey);
-    } else if (opts.provider === 'openai') {
-      selections = await _visionSolveWithOpenAI(imageData, prompt, opts.visionApiKey);
-    }
-  } finally {
-    fs.unlink(screenshotPath, () => {});
-  }
-
-  if (!selections) return null;
-
-  // Click the correct tiles
-  await _clickHcaptchaTiles(frame, selections);
-
-  // Click verify
-  try {
-    const verifyBtn = await frame.$('#checkbox, .button-submit, [data-cy="submit"]');
-    if (verifyBtn) {
-      await verifyBtn.click();
-      await page.waitForTimeout(1500);
-    }
-  } catch { /* ignore */ }
-
-  // Extract response token
-  return _extractHcaptchaToken(page);
-}
-
-async function _visionSolveWithClaude(imageData, prompt, apiKey) {
-  const key = apiKey || process.env.ANTHROPIC_API_KEY;
-  if (!key) throw new Error('No Anthropic API key for CAPTCHA vision solver');
-
-  const body = JSON.stringify({
-    model:      'claude-haiku-4-5-20251001',
-    max_tokens: 256,
-    messages: [{
-      role: 'user',
-      content: [
-        {
-          type:   'image',
-          source: { type: 'base64', media_type: 'image/png', data: imageData },
-        },
-        {
-          type: 'text',
-          text: `This is an hCaptcha image challenge. The task is: "${prompt}".
-The grid shows numbered tiles (1-9 in a 3x3 grid, left to right, top to bottom).
-Reply ONLY with a JSON array of tile numbers that match the task, e.g.: [1,4,7]
-If no tiles match, reply: []`,
-        },
-      ],
-    }],
-  });
-
-  const response = await _httpsPost('api.anthropic.com', '/v1/messages', body, {
-    'x-api-key':         key,
-    'anthropic-version': '2023-06-01',
-  });
-
-  const text = response?.content?.[0]?.text || '[]';
-  const match = text.match(/\[[\d,\s]*\]/);
-  return match ? JSON.parse(match[0]) : [];
-}
-
-async function _visionSolveWithOpenAI(imageData, prompt, apiKey) {
-  const key = apiKey || process.env.OPENAI_API_KEY;
-  if (!key) throw new Error('No OpenAI API key for CAPTCHA vision solver');
-
-  const body = JSON.stringify({
-    model:      'gpt-4o',
-    max_tokens: 100,
-    messages: [{
-      role: 'user',
-      content: [
-        { type: 'image_url', image_url: { url: `data:image/png;base64,${imageData}` } },
-        { type: 'text', text: `hCaptcha task: "${prompt}". Reply ONLY with JSON array of matching tile numbers 1-9. e.g. [2,5]` },
-      ],
-    }],
-  });
-
-  const response = await _httpsPost('api.openai.com', '/v1/chat/completions', body, {
-    'Authorization': `Bearer ${key}`,
-  });
-
-  const text = response?.choices?.[0]?.message?.content || '[]';
-  const match = text.match(/\[[\d,\s]*\]/);
-  return match ? JSON.parse(match[0]) : [];
-}
-
-async function _getHcaptchaFrame(page) {
-  for (const frame of page.frames()) {
-    const url = frame.url();
-    if (url.includes('hcaptcha.com') && url.includes('challenge')) return frame;
-  }
-  return null;
-}
-
-async function _clickHcaptchaTiles(frame, tileNumbers) {
-  if (!tileNumbers || !tileNumbers.length) return;
-  const tiles = await frame.$$('.task-image, .challenge-image, [class*="image"]');
-  for (const n of tileNumbers) {
-    const tile = tiles[n - 1];
-    if (tile) {
-      await tile.click();
-      await frame.waitForTimeout(200 + Math.random() * 300); // human-like delay
-    }
-  }
-}
-
-async function _extractHcaptchaToken(page) {
-  try {
-    const token = await page.evaluate(() => {
-      const el = document.querySelector('[name="h-captcha-response"], textarea[id*="captcha"]');
-      return el ? el.value : null;
-    });
-    return token || null;
-  } catch { return null; }
-}
-
-// ── reCAPTCHA v2 — 2captcha/CapSolver API ────────────────────────────────────
-
-async function _solveRecaptchaV2(page, detected, opts) {
-  if (!opts.solverApiKey) {
-    return { advisory: 'recaptcha_v2', message: 'Provide solverApiKey (2captcha/capsolver) for reCAPTCHA v2.' };
-  }
-  // Submit to 2captcha
-  const submitBody = new URLSearchParams({
-    key:       opts.solverApiKey,
-    method:    'userrecaptcha',
-    googlekey: detected.sitekey || '',
-    pageurl:   page.url(),
-    json:      '1',
-  });
-
-  const submitted = await _httpsPost('2captcha.com', '/in.php', submitBody.toString(), {
-    'Content-Type': 'application/x-www-form-urlencoded',
-  });
-
-  if (!submitted?.request) return null;
-  const taskId = submitted.request;
-
-  // Poll for result (max 120s)
-  for (let i = 0; i < 24; i++) {
-    await _sleep(5000);
-    const result = await _httpsGet(`https://2captcha.com/res.php?key=${opts.solverApiKey}&action=get&id=${taskId}&json=1`);
-    if (result?.status === 1) return result.request;
-    if (result?.request === 'ERROR_CAPTCHA_UNSOLVABLE') return null;
-  }
-  return null;
-}
-
-// ── reCAPTCHA v3 — Session warmup ────────────────────────────────────────────
-
-/**
- * Warm up a reCAPTCHA v3 session by simulating human-like browsing.
- * Visit the homepage, scroll, hover, then navigate to target.
- * This builds a 0.7+ trust score before hitting the protected page.
- */
-async function _warmRecaptchaV3Session(page, opts) {
-  const currentUrl = page.url();
-  let origin;
-  try { origin = new URL(currentUrl).origin; } catch { return null; }
-
-  // Simulate human browsing — visit homepage first
-  try {
-    await page.goto(origin, { waitUntil: 'domcontentloaded', timeout: 10000 });
-    await _humanScroll(page);
-    await _humanMouseMovement(page);
-    await _sleep(1000 + Math.random() * 2000);
-
-    // Visit a secondary page if possible (builds session history)
-    const links = await page.$$eval('a[href]', els =>
-      els
-        .map(el => el.href)
-        .filter(h => h.startsWith(window.location.origin) && !h.includes('#'))
-        .slice(0, 5)
-    );
-    if (links.length > 1) {
-      await page.goto(links[1], { waitUntil: 'domcontentloaded', timeout: 10000 });
-      await _humanScroll(page);
-      await _sleep(800 + Math.random() * 1200);
-    }
-
-    // Return to original URL
-    await page.goto(currentUrl, { waitUntil: 'domcontentloaded', timeout: 15000 });
-    return { warmed: true, message: 'reCAPTCHA v3 session warmed — score should be 0.7+' };
-  } catch (e) {
-    return { warmed: false, message: e.message };
-  }
-}
-
-// ── Audio CAPTCHA — Whisper ───────────────────────────────────────────────────
-
-async function _solveAudioCaptcha(page, opts) {
-  const openaiKey = opts.visionApiKey || process.env.OPENAI_API_KEY;
-  if (!openaiKey) {
-    return { advisory: 'audio_captcha', message: 'Provide visionApiKey (OpenAI) for audio CAPTCHA solving.' };
-  }
-
-  // Find audio challenge element and get audio URL
-  let audioUrl = null;
-  try {
-    audioUrl = await page.evaluate(() => {
-      const el = document.querySelector('.rc-audiochallenge-tdownload-link, audio source, [data-audio-src]');
-      return el ? (el.href || el.src || el.dataset.audioSrc) : null;
-    });
-  } catch { /* ignore */ }
-
-  if (!audioUrl) return null;
-
-  // Download audio file
-  const audioPath = path.join(os.tmpdir(), `captcha-audio-${Date.now()}.mp3`);
-  await _downloadFile(audioUrl, audioPath);
-
-  // Transcribe with Whisper
-  try {
-    const FormData = require('form-data');
-    const form = new FormData();
-    form.append('file', fs.createReadStream(audioPath));
-    form.append('model', 'whisper-1');
-    form.append('language', 'en');
-
-    const result = await _httpsPostForm('api.openai.com', '/v1/audio/transcriptions', form, {
-      'Authorization': `Bearer ${openaiKey}`,
-    });
-
-    const text = result?.text?.toLowerCase().replace(/[^a-z0-9\s]/g, '').trim();
-    return text || null;
-  } finally {
-    fs.unlink(audioPath, () => {});
-  }
-}
-
-// ── Token injection ───────────────────────────────────────────────────────────
-
-/**
- * Inject a solved CAPTCHA token back into the page.
- */
-async function injectCaptchaSolution(page, detected, token) {
-  if (!token || typeof token !== 'string') return false;
-
-  try {
-    await page.evaluate(({ type, token }) => {
-      if (type === 'hcaptcha') {
-        const el = document.querySelector('[name="h-captcha-response"]');
-        if (el) { el.value = token; el.dispatchEvent(new Event('change')); }
-      } else if (type === 'recaptcha_v2') {
-        const el = document.querySelector('[name="g-recaptcha-response"]');
-        if (el) { el.value = token; el.dispatchEvent(new Event('change')); }
-        // Also try the callback
-        if (window.___grecaptcha_cfg) {
-          const clients = window.___grecaptcha_cfg.clients;
-          for (const k in clients) {
-            const callback = clients[k]?.['']?.callback;
-            if (typeof callback === 'function') { callback(token); break; }
-          }
-        }
-      }
-    }, { type: detected.type, token });
-    return true;
-  } catch { return false; }
-}
-
-// ── Human behaviour simulation helpers ───────────────────────────────────────
-
-async function _humanScroll(page) {
-  await page.evaluate(async () => {
-    const total = document.body.scrollHeight;
-    let pos = 0;
-    while (pos < total * 0.6) {
-      const step = 80 + Math.random() * 120;
-      pos = Math.min(pos + step, total);
-      window.scrollTo({ top: pos, behavior: 'smooth' });
-      await new Promise(r => setTimeout(r, 80 + Math.random() * 120));
-    }
-  });
-}
-
-async function _humanMouseMovement(page) {
-  const vp = page.viewportSize() || { width: 1280, height: 720 };
-  for (let i = 0; i < 5; i++) {
-    const x = 100 + Math.random() * (vp.width  - 200);
-    const y = 100 + Math.random() * (vp.height - 200);
-    await page.mouse.move(x, y, { steps: 5 + Math.floor(Math.random() * 10) });
-    await _sleep(200 + Math.random() * 400);
-  }
-}
-
-// ── HTTP helpers ──────────────────────────────────────────────────────────────
-
-function _httpsPost(host, path, body, extraHeaders = {}) {
-  return new Promise((resolve, reject) => {
-    const isString = typeof body === 'string';
-    const buf      = Buffer.from(body);
-    const opts     = {
-      hostname: host,
-      path,
-      method:  'POST',
-      headers: {
-        'Content-Type':   isString && body.startsWith('{') ? 'application/json' : 'application/x-www-form-urlencoded',
-        'Content-Length': buf.length,
-        ...extraHeaders,
-      },
-    };
-    const req = https.request(opts, res => {
-      let data = '';
-      res.setEncoding('utf8');
-      res.on('data', c => data += c);
-      res.on('end',  () => {
-        try { resolve(JSON.parse(data)); } catch { resolve(data); }
-      });
-    });
-    req.on('error', reject);
-    req.setTimeout(30000, () => { req.destroy(); reject(new Error('timeout')); });
-    req.write(buf);
-    req.end();
-  });
-}
-
-function _httpsGet(url) {
-  return new Promise((resolve, reject) => {
-    https.get(url, res => {
-      let data = '';
-      res.setEncoding('utf8');
-      res.on('data', c => data += c);
-      res.on('end',  () => { try { resolve(JSON.parse(data)); } catch { resolve(data); } });
-    }).on('error', reject);
-  });
-}
-
-async function _httpsPostForm(host, path, form, extraHeaders = {}) {
-  return new Promise((resolve, reject) => {
-    const opts = {
-      hostname: host,
-      path,
-      method:  'POST',
-      headers: { ...form.getHeaders(), ...extraHeaders },
-    };
-    const req = https.request(opts, res => {
-      let data = '';
-      res.setEncoding('utf8');
-      res.on('data', c => data += c);
-      res.on('end',  () => { try { resolve(JSON.parse(data)); } catch { resolve(data); } });
-    });
-    req.on('error', reject);
-    form.pipe(req);
-  });
-}
-
-function _downloadFile(url, dest) {
-  return new Promise((resolve, reject) => {
-    const file = fs.createWriteStream(dest);
-    https.get(url, res => {
-      res.pipe(file);
-      file.on('finish', () => file.close(resolve));
-    }).on('error', e => { fs.unlink(dest, () => {}); reject(e); });
-  });
-}
-
-function _sleep(ms) { return new Promise(r => setTimeout(r, ms)); }
-
-module.exports = { detectCaptcha, solveCaptcha, injectCaptchaSolution };