mirror of
https://github.com/sussy-code/smov.git
synced 2025-01-01 16:37:39 +01:00
fix: Fix lookmovie security bug by passing PHPSESSID cookie & user agent
This commit is contained in:
Josh Heng
parent
8489a8af2b
commit
5b829065ad
2 changed files with 31 additions and 6 deletions
|
|
@ -2,6 +2,7 @@ import Fuse from 'fuse.js'
|
||||||
import JSON5 from 'json5'
|
import JSON5 from 'json5'
|
||||||
|
|
||||||
const BASE_URL = `${process.env.REACT_APP_CORS_PROXY_URL}https://lookmovie.io`;
|
const BASE_URL = `${process.env.REACT_APP_CORS_PROXY_URL}https://lookmovie.io`;
|
||||||
|
let phpsessid;
|
||||||
|
|
||||||
async function findContent(searchTerm, type) {
|
async function findContent(searchTerm, type) {
|
||||||
const searchUrl = `${BASE_URL}/${type}s/search/?q=${encodeURIComponent(searchTerm)}`;
|
const searchUrl = `${BASE_URL}/${type}s/search/?q=${encodeURIComponent(searchTerm)}`;
|
||||||
|
|
@ -88,7 +89,9 @@ async function getVideoUrl(config) {
|
||||||
}
|
}
|
||||||
|
|
||||||
async function getEpisodeSubs (config) {
|
async function getEpisodeSubs (config) {
|
||||||
return await fetch(`${BASE_URL}/api/v1/shows/episode-subtitles/?id_episode=${config.id}`).then(res => res.json());
|
return await fetch(`${BASE_URL}/api/v1/shows/episode-subtitles/?id_episode=${config.id}`, {
|
||||||
|
headers: { phpsessid },
|
||||||
|
}).then(res => res.json());
|
||||||
}
|
}
|
||||||
|
|
||||||
async function getAccessInfo(config) {
|
async function getAccessInfo(config) {
|
||||||
|
|
@ -100,7 +103,9 @@ async function getAccessInfo(config) {
|
||||||
url = `${BASE_URL}/api/v1/security/show-access?slug=${config.slug}&token=&step=2`;
|
url = `${BASE_URL}/api/v1/security/show-access?slug=${config.slug}&token=&step=2`;
|
||||||
}
|
}
|
||||||
|
|
||||||
const data = await fetch(url).then((d) => d.json());
|
const data = await fetch(url, {
|
||||||
|
headers: { phpsessid },
|
||||||
|
}).then((d) => d.json());
|
||||||
|
|
||||||
const token = data?.data?.accessToken;
|
const token = data?.data?.accessToken;
|
||||||
const subtitles = data?.data?.subtitles;
|
const subtitles = data?.data?.subtitles;
|
||||||
|
|
@ -112,7 +117,9 @@ async function getAccessInfo(config) {
|
||||||
|
|
||||||
async function getEpisodes(slug) {
|
async function getEpisodes(slug) {
|
||||||
const url = `${BASE_URL}/shows/view/${slug}`;
|
const url = `${BASE_URL}/shows/view/${slug}`;
|
||||||
const pageReq = await fetch(url).then((d) => d.text());
|
const pageReq = await fetch(url, {
|
||||||
|
headers: { phpsessid },
|
||||||
|
}).then((d) => d.text());
|
||||||
|
|
||||||
const data = JSON5.parse("{" +
|
const data = JSON5.parse("{" +
|
||||||
pageReq
|
pageReq
|
||||||
|
|
@ -139,11 +146,13 @@ async function getEpisodes(slug) {
|
||||||
|
|
||||||
async function getStreamUrl(slug, type, season, episode) {
|
async function getStreamUrl(slug, type, season, episode) {
|
||||||
const url = `${BASE_URL}/${type}s/view/${slug}`;
|
const url = `${BASE_URL}/${type}s/view/${slug}`;
|
||||||
const pageReq = await fetch(url).then((d) => d.text());
|
const pageRes = await fetch(url);
|
||||||
|
phpsessid = pageRes.headers.get('phpsessid');
|
||||||
|
const pageResText = await pageRes.text();
|
||||||
|
|
||||||
const data = JSON5.parse("{" +
|
const data = JSON5.parse("{" +
|
||||||
pageReq
|
pageResText
|
||||||
.slice(pageReq.indexOf(`${type}_storage`))
|
.slice(pageResText.indexOf(`${type}_storage`))
|
||||||
.split("};")[0]
|
.split("};")[0]
|
||||||
.split("= {")[1]
|
.split("= {")[1]
|
||||||
.trim() +
|
.trim() +
|
||||||
|
|
|
||||||
16
worker.js
16
worker.js
|
|
@ -20,6 +20,14 @@ async function handleRequest(request, destinationUrl, iteration = 0) {
|
||||||
request = new Request(destinationUrl, request);
|
request = new Request(destinationUrl, request);
|
||||||
request.headers.set("Origin", new URL(destinationUrl).origin);
|
request.headers.set("Origin", new URL(destinationUrl).origin);
|
||||||
|
|
||||||
|
// Set PHPSESSID cookie
|
||||||
|
if (request.headers.get('PHPSESSID')) {
|
||||||
|
request.headers.set('Cookie', `PHPSESSID=${request.headers.get('PHPSESSID')};`);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set User Agent
|
||||||
|
request.headers.set('User-Agent', ' Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0');
|
||||||
|
|
||||||
let response = await fetch(request);
|
let response = await fetch(request);
|
||||||
|
|
||||||
if ((response.status === 302 || response.status === 301) && response.headers.get('location')) {
|
if ((response.status === 302 || response.status === 301) && response.headers.get('location')) {
|
||||||
|
|
@ -40,6 +48,14 @@ async function handleRequest(request, destinationUrl, iteration = 0) {
|
||||||
// Set CORS headers
|
// Set CORS headers
|
||||||
response.headers.set("Access-Control-Allow-Origin", '*');
|
response.headers.set("Access-Control-Allow-Origin", '*');
|
||||||
|
|
||||||
|
// Get and set PHPSESSID cookie
|
||||||
|
const cookies = response.headers.get('Set-Cookie');
|
||||||
|
if (cookies && cookies.includes('PHPSESSID') && cookies.includes(';')) {
|
||||||
|
let phpsessid = cookies.slice(cookies.search('PHPSESSID') + 10);
|
||||||
|
phpsessid = phpsessid.slice(0, phpsessid.search(';'));
|
||||||
|
response.headers.set('PHPSESSID', phpsessid);
|
||||||
|
}
|
||||||
|
|
||||||
// Append to/Add Vary header so browser will cache response correctly
|
// Append to/Add Vary header so browser will cache response correctly
|
||||||
response.headers.append("Vary", "Origin");
|
response.headers.append("Vary", "Origin");
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue