-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.js
289 lines (248 loc) · 9.48 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
const { Agent } = require('https');
const { createInterface } = require("readline");
const axios = require('axios').default;
// login credentials
const USERNAME = "USERNAME";
const PASSWORD = "PASSWORD";
let tokens = new Object();
// built headers
let headers = new Object();
let ssidCookie = new String();
let clientVersion = new String();
let region = new String();
// standard input
let _stdin;
// initializes it if it's undefined
const stdin = () => {
if(typeof _stdin === 'undefined')
_stdin = createInterface({
input: process.stdin,
output: process.stdout
});
return _stdin;
};
// custom cipher suites for bypassing cloudflare
// custom signature algorithms is a better alternative but axios
// does not expose https options, it can still be achieved with
// custom adapter but it's overkill for this script
const ciphers = [
'TLS_CHACHA20_POLY1305_SHA256',
'TLS_AES_128_GCM_SHA256',
'TLS_AES_256_GCM_SHA384',
'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256'
];
// agent with custom cipher suites
const agent = new Agent({
ciphers: ciphers.join(':'),
honorCipherOrder: true,
minVersion: 'TLSv1.2'
});
// 2fa logic -> fetch from standard input aka console
const input2faCode = (login) => new Promise(resolve => stdin().question(
`You have 2fa enabled, please input the 2fa code (sent to ${login.multifactor.email}):`,
code => resolve(code)
));
// parses the response url and returns the values we want
const parseUrl = (uri) => {
const loginResponseURI = new URL(uri);
const accessToken = loginResponseURI.searchParams.get('access_token');
const idToken = loginResponseURI.searchParams.get('id_token')
const expiresIn = parseInt(
loginResponseURI.searchParams.get('expires_in'));
return { accessToken, idToken, expiresIn };
}
// this object -> to json -> to base64 is the
// X-Riot-ClientPlatform header
const clientPlatform = {
platformType: "PC",
platformOS: "Windows",
platformOSVersion: "10.0.19043.1.256.64bit",
platformChipset: "Unknown"
};
// builds headers used by pvp endpoints
const makeHeaders = () => {
headers = {
Authorization: `Bearer ${tokens.accessToken}`,
'X-Riot-Entitlements-JWT': tokens.entitlementsToken,
'X-Riot-ClientVersion': clientVersion,
'X-Riot-ClientPlatform': Buffer.from(
JSON.stringify(clientPlatform)).toString('base64'),
}
}
// this is the first request in authflow and the endpoint
// which can be used for reauth
const createSession = (ssidCookie) => axios({
url: 'https://auth.riotgames.com/api/v1/authorization',
method: 'POST',
headers: {
...typeof ssidCookie === 'undefined' ? '' : { Cookie: ssidCookie },
'User-Agent': 'RiotClient/43.0.1.4195386.4190634 rso-auth (Windows; 10;;Professional, x64)'
},
data: {
client_id: "play-valorant-web-prod",
nonce: 1,
redirect_uri: "https://playvalorant.com/opt_in",
response_type: "token id_token",
// response params are returned as a query instead of hash
// URL class can properly parse params this way
response_mode: "query",
// this gives us a bigger response on /userinfo + required
// for auto detecting region
scope: "account openid"
},
httpsAgent: agent
});
// either returns access token or sends out a 2fa email
const login = (cookie, username, password) => axios({
url: 'https://auth.riotgames.com/api/v1/authorization',
method: 'PUT',
headers: {
Cookie: cookie,
'User-Agent': 'RiotClient/43.0.1.4195386.4190634 rso-auth (Windows; 10;;Professional, x64)'
},
data: {
type: 'auth',
username,
password
},
httpsAgent: agent
});
// if 2fa is enabled, we can send the code this way
const send2faCode = (cookie, code, rememberDevice = true) => axios({
url: 'https://auth.riotgames.com/api/v1/authorization',
method: 'PUT',
headers: {
Cookie: cookie,
'User-Agent': 'RiotClient/43.0.1.4195386.4190634 rso-auth (Windows; 10;;Professional, x64)'
},
data: {
type: 'multifactor',
code,
rememberDevice
},
httpsAgent: agent
});
const fetchEntitlements = (accessToken) => axios({
url: 'https://entitlements.auth.riotgames.com/api/token/v1',
method: 'POST',
headers: {
Authorization: `Bearer ${accessToken}`
},
data: {}
});
// pas token can be used for getting the account
// region automatically
const fetchPas = (accessToken, idToken) => axios({
url: 'https://riot-geo.pas.si.riotgames.com/pas/v1/product/valorant',
method: 'PUT',
headers: {
Authorization: `Bearer ${accessToken}`
},
data: {
id_token: idToken
}
});
// the easiest way of getting the current client version
// apparently higher uptime than official api
const fetchValorantVersion = () => axios({
url: 'https://valorant-api.com/v1/version',
method: 'GET'
});
// actual reauth part
const setupReauth = async () => {
// access token -> every 1h | id token -> every 24h
setInterval(async () => {
try {
const response = await createSession(ssidCookie);
ssidCookie = response.headers['set-cookie'].find(elem => /^ssid/.test(elem));
tokens = { ...tokens, ...parseUrl(response.data.response.parameters.uri) };
makeHeaders();
} catch (err) {
console.trace(err)
}
// reauth 5 min early as then there is no downtime
}, (tokens.expiresIn - 300) * 1000)
}
class ValReauthScriptError extends Error {
data;
constructor(message, data) {
super(message);
this.data = data;
}
}
(async function () {
try {
const session = await createSession();
let asidCookie = session.headers['set-cookie'].find(cookie => /^asid/.test(cookie));
// attempt to exchange username and password for an access token
const loginResponse = await login(asidCookie, USERNAME, PASSWORD)
.catch(err => {
if(typeof err.response.data === 'undefined')
throw new ValReauthScriptError('unknown error', err.response);
if(err.response.data.error === 'rate_limited')
throw new ValReauthScriptError('too many login attempts');
throw new ValReauthScriptError('unknown error', err.response.data);
});
// auth failed - most likely incorrect login info
if(typeof loginResponse.data.error !== 'undefined') {
console.dir(loginResponse.data)
if(loginResponse.data.error === 'auth_failure')
throw new ValReauthScriptError('invalid login credentials');
throw new ValReauthScriptError('unknown error', loginResponse.data);
}
asidCookie = loginResponse.headers['set-cookie'].find(cookie => /^asid/.test(cookie));
let response;
// check if 2fa is enabled
if(loginResponse.data.type === 'response')
response = loginResponse;
// if it is ask for code
while(typeof response === 'undefined') {
const inputCode = await input2faCode(loginResponse.data);
const response2fa = await send2faCode(asidCookie, inputCode)
.catch(err => {
if(typeof err.response.data === 'undefined')
throw new ValReauthScriptError('unknown error', err.response);
if(err.response.data.error === 'rate_limited')
throw new ValReauthScriptError('too many 2fa requests');
throw new ValReauthScriptError('unknown error', err.response.data);
});
asidCookie = response2fa.headers['set-cookie'].find(cookie => /^asid/.test(cookie));
if(response2fa.data.type === 'response') {
response = response2fa;
break;
}
// check response
if(typeof response2fa.data.error !== 'undefined') {
if(response2fa.data.error === 'multifactor_attempt_failed')
continue;
if(response2fa.data.error === 'rate_limited')
throw new ValReauthScriptError('too many 2fa requests');
throw new ValReauthScriptError('unknown error', response2fa.data);
}
}
// close handle
stdin().close();
// extract ssid cookie
ssidCookie = response.headers['set-cookie'].find(cookie => /^ssid/.test(cookie));
// extract tokens from the url
tokens = parseUrl(response.data.response.parameters.uri);
tokens.entitlementsToken =
(await fetchEntitlements(tokens.accessToken)).data.entitlements_token;
// parse access token and extract puuid
const puuid = JSON.parse(Buffer.from(
tokens.accessToken.split('.')[1], 'base64').toString()).sub;
// fetch pas token - not required, instead we only want the region
// since we already fetched it let's save it, because why not
const pasTokenResponse = await fetchPas(tokens.accessToken, tokens.idToken);
tokens.pasToken = pasTokenResponse.data.token;
region = pasTokenResponse.data.affinities.live;
clientVersion = (await fetchValorantVersion()).data.data.riotClientVersion;
makeHeaders();
setupReauth();
console.log({ ...headers, puuid, region });
} catch(err) {
// close handle
stdin().close();
throw err;
}
})()