Comparing version 2.2.3 to 2.2.4
// Dependencies | ||
var parser = require('cheerio'); | ||
var dns = require('dns'); | ||
@@ -8,2 +9,4 @@ // Includes | ||
var getGeneralToken = require('./util/getGeneralToken.js').func; | ||
var getSession = require('./util/getSession.js').func; | ||
var options = require('./options.js'); | ||
@@ -17,15 +20,34 @@ // Args | ||
var $ = parser.load(body); | ||
return $('#JoinRequestsList').find('td:contains(\'' + username + '\')').parent().find('[data-rbx-join-request]').attr('data-rbx-join-request'); // Yes this is technically vulnerable to injection, but the module will assume that whoever is entering information is correctly sanitizing it. | ||
var found = $('#JoinRequestsList').find('td'); | ||
var len = found.length; | ||
if (len === 0) { | ||
return false; | ||
} | ||
for (var i = 0; i < len; i++) { | ||
var element = found.eq(i); | ||
if (element.text() === username) { | ||
return element.parent().find('[data-rbx-join-request]').attr('data-rbx-join-request'); | ||
} | ||
} | ||
} | ||
function search (jar, searchUrl, group, username, resolve, reject) { | ||
function getIp (resolve, reject) { | ||
dns.lookup('www.roblox.com', function (err, address) { | ||
if (err) { | ||
reject(new Error('DNS lookup error: ' + err)); | ||
return; | ||
} | ||
resolve(address); | ||
}); | ||
} | ||
function search (jar, ip, searchUrl, group, username, resolve, reject) { | ||
var httpOpt = { | ||
url: '//www.roblox.com' + searchUrl + '?groupId=' + group + '&username=' + username, | ||
url: '//' + ip + searchUrl + '?groupId=' + group + '&username=' + username, | ||
options: { | ||
jar: jar, | ||
headers: { | ||
'Cache-Control': 'max-age=0' | ||
'Cookie': '.ROBLOSECURITY=' + getSession({jar: jar}) + ';' | ||
}, | ||
followRedirect: false, | ||
resolveWithFullResponse: true | ||
resolveWithFullResponse: true, | ||
rejectUnauthorized: false | ||
} | ||
@@ -49,13 +71,13 @@ }; | ||
function joinRequestId (jar, group, username) { | ||
function joinRequestId (jar, ip, group, username) { | ||
return function (resolve, reject) { | ||
var httpOpt = { | ||
url: '//www.roblox.com/my/groupadmin.aspx?gid=' + group, | ||
url: '//' + ip + '/My/GroupAdmin.aspx?gid=' + group, | ||
options: { | ||
jar: jar, | ||
headers: { | ||
'Cache-Control': 'max-age=0' | ||
'Cookie': '.ROBLOSECURITY=' + getSession({jar: jar}) + ';' | ||
}, | ||
followRedirect: false, | ||
resolveWithFullResponse: true | ||
resolveWithFullResponse: true, | ||
rejectUnauthorized: false | ||
} | ||
@@ -70,4 +92,6 @@ }; | ||
resolve(id); | ||
} else if (id === false) { | ||
reject(new Error('No join request was found with that username')); | ||
} else { | ||
setTimeout(search, 2000, jar, body.match(/Roblox\.GroupAdmin\.InitializeGlobalVars\(.*".*", "(.*)", .*\)/)[1], group, username, resolve, reject); | ||
search(jar, ip, body.match(/Roblox\.GroupAdmin\.InitializeGlobalVars\(.*".*", "(.*)", .*\)/)[1], group, username, resolve, reject); | ||
} | ||
@@ -109,10 +133,14 @@ } else { | ||
exports.func = function (args) { | ||
var jar = args.jar; | ||
return promise(joinRequestId(jar, args.group, args.username)) | ||
.then(function (requestId) { | ||
return getGeneralToken({jar: jar}) | ||
.then(function (xcsrf) { | ||
return promise(handleJoinRequest(jar, xcsrf, args.accept, requestId)); | ||
// Because this has to access IPs directly and the IP is treated differently than the hostname to jar files the session is extracted manually. | ||
var jar = args.jar || options.jar; | ||
return promise(getIp) | ||
.then(function (ip) { | ||
return promise(joinRequestId(jar, ip, args.group, args.username)) | ||
.then(function (requestId) { | ||
return getGeneralToken({jar: jar}) | ||
.then(function (xcsrf) { | ||
return promise(handleJoinRequest(jar, xcsrf, args.accept, requestId)); | ||
}); | ||
}); | ||
}); | ||
}; |
{ | ||
"name": "roblox-js", | ||
"version": "2.2.3", | ||
"version": "2.2.4", | ||
"description": "A node module that provides an interface for performing actions on ROBLOX, mostly for use with their HttpService feature.", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
@@ -286,3 +286,3 @@ # roblox-js | ||
##### group, username, accept[, jar] | ||
`Accept`s user with `username` into `group`. | ||
`Accept`s user with `username` into `group`. Note that `username` is case-sensitive. | ||
@@ -289,0 +289,0 @@ **Arguments** |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
73965
1689
1