forked from Anaminus/rbxweb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
91 lines (79 loc) · 2.7 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package rbxweb
import (
"bytes"
"encoding/json"
"errors"
"net/http"
"net/http/cookiejar"
"net/url"
"regexp"
"io/ioutil"
"strconv"
)
var ErrLoggedIn = errors.New("client is already logged in")
// Login logs the client into a user account on the website. This is
// neccessary for many API functions to properly execute.
func (client *Client) Login(username string, password string) (err error) {
Values := url.Values{}
Values.Set("username", username)
Values.Set("password", password)
bd := Values.Encode()
// Ensure the client has a cookiejar
if client.Jar == nil {
client.Jar, _ = cookiejar.New(&cookiejar.Options{})
}
// Check if the client is already logged in
domain, _ := url.Parse(client.GetURL(`www`, ``, nil))
cookies := client.Jar.Cookies(domain)
for _, cookie := range cookies {
if cookie.Name == ".ROBLOSECURITY" {
// Client is already logged in
return ErrLoggedIn
}
}
req, _ := http.NewRequest("POST", client.GetSecureURL(`api`, `/v2/login`, nil), bytes.NewReader([]byte(bd)))
req.Header.Add("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
resp, err := client.Do(req)
if err = client.AssertResp(resp, err); err != nil {
return err
}
defer resp.Body.Close()
// Check response data
// {"userId":12345} on success,
// {"errors":[{"code":1,"message":"Incorrect password or username. Please try again."}]} on failure
respData := make(map[string]interface{})
if err := json.NewDecoder(resp.Body).Decode(&respData); err != nil {
return errors.New("Login failed. JSON decode failed. " + err.Error())
}
if _, ok := respData["userId"].(float64); ok == false {
var loginError map[string]interface{}
if respData["errors"] != nil {
loginError = respData["errors"].([]interface{})[0].(map[string]interface{})
} else {
loginError = respData
}
return errors.New("Login failed. Error code " + strconv.FormatInt(int64(loginError["code"].(float64)), 10) + ": \"" + loginError["message"].(string) + "\"")
}
resp.Body.Close()
return nil
}
// Logout logs the client of out of the current user account.
func (client *Client) Logout() (err error) {
req, _ := http.NewRequest("POST", client.GetSecureURL(`api`, `/sign-out/v1`, nil), nil)
resp, err := client.Do(req)
if err = client.AssertResp(resp, err); err != nil {
return err
}
resp.Body.Close()
return nil
}
func (client *Client) GetCSRFToken() (string, error) {
res, err := client.Get(client.GetSecureURL(`www`, `/premium/membership`, nil))
if err != nil {
return "", err
}
defer res.Body.Close()
re := regexp.MustCompile(`setToken\('(.+)'\)`)
Body, _ := ioutil.ReadAll(res.Body)
return string(re.FindAllSubmatch(Body, -1)[0][1]), nil // Apparently there's no way to make regexp work on readers like this
}