snapchat
Advanced tools
Comparing version 2.0.0 to 2.0.1
22
index.js
@@ -739,2 +739,4 @@ module.exports = Snapchat | ||
Snapchat.prototype._getGoogleAuthToken = function (gmailEmail, gmailPassword, cb) { | ||
var encryptedGmailPassword = StringUtils.encryptGmailPassword(gmailEmail, gmailPassword) | ||
Request.postRaw({ | ||
@@ -750,4 +752,4 @@ url: 'https://android.clients.google.com/auth', | ||
'Email': gmailEmail, | ||
'Passwd': gmailPassword, | ||
// 'EncryptedPasswd': encryptedGmailPassword, // TODO | ||
'EncryptedPasswd': encryptedGmailPassword, | ||
//'Passwd': gmailPassword, // unencrypted version | ||
'service': 'audience:server:client_id:694893979329-l59f3phl42et9clpoo296d8raqoljl6p.apps.googleusercontent.com', | ||
@@ -907,4 +909,4 @@ 'source': 'android', | ||
return cb(err) | ||
} else if (result && +result.code === 200) { | ||
return cb(null, result.signedAttestation) | ||
} else if (result && +result.code === 200 && result.attestation) { | ||
return cb(null, result.attestation) | ||
} | ||
@@ -925,11 +927,13 @@ | ||
Snapchat.prototype._getClientAuthToken = function (username, password, ts, cb) { | ||
var url = constants.attestation.URLCasperAuth + '/?username=' + username + '&password=' + password + '×tamp=' + ts | ||
Request.postRaw({ | ||
url: url, | ||
form: { } | ||
url: constants.attestation.URLCasperAuth, | ||
form: { | ||
username: username, | ||
password: password, | ||
timestamp: ts | ||
} | ||
}, function (err, response, result) { | ||
if (err) { | ||
return cb(err) | ||
} else if (result && +result.status === 200 && result.signature) { | ||
} else if (result && +result.code === 200 && result.signature) { | ||
return cb(null, result.signature) | ||
@@ -936,0 +940,0 @@ } |
@@ -91,6 +91,6 @@ var Enum = require('enum') | ||
// Casper™ attestation request URL. Special thanks to Liam! | ||
URLCasper: 'http://attest.casper.io/attestation', | ||
URLCasper: 'https://api.casper.io/security/login/attestation', | ||
// Casper™ auth URL | ||
URLCasperAuth: 'http://client-auth.casper.io', | ||
URLCasperAuth: 'https://api.casper.io/security/login/signrequest', | ||
@@ -151,3 +151,5 @@ // digest values for different versions of snapchat | ||
deviceToken1i: 'dtoken1i', | ||
deviceToken1v: 'dtoken1v' | ||
deviceToken1v: 'dtoken1v', | ||
googleDefaultPublicKey: 'AAAAgMom/1a/v0lblO2Ubrt60J2gcuXSljGFQXgcyZWveWLEwo6prwgi3iJIZdodyhKZQrNWp5nKJ3srRXcUW+F1BD3baEVGcmEgqaLZUNBjm057pKRI16kB0YppeGx5qIQ5QjKzsR8ETQbKLNWgRY0QRNVz34kMJR3P/LgHax/6rmf5AAAAAwEAAQ==' | ||
}, | ||
@@ -154,0 +156,0 @@ |
@@ -5,2 +5,6 @@ module.exports = StringUtils | ||
var uuid = require('node-uuid') | ||
var constants = require('./constants') | ||
var bignum = require('bignum') | ||
var ursa = require('ursa') | ||
var NodeRSA = require('node-rsa') | ||
var BufferUtils = require('./buffer-utils') | ||
@@ -141,1 +145,41 @@ | ||
} | ||
/** | ||
* Encrypts the given password for use with Google's Android authentication. | ||
* | ||
* @param {string} gmailEmail | ||
* @param {string} gmailPassword | ||
* @return {string} | ||
*/ | ||
StringUtils.encryptGmailPassword = function (gmailEmail, gmailPassword) { | ||
var keyBuffer = new Buffer(constants.core.googleDefaultPublicKey, 'base64') | ||
var halfString1 = keyBuffer.toString('hex').substr(8, 256) | ||
var modulus = bignum(halfString1, 16) | ||
var halfString2 = keyBuffer.toString('hex').substr(272, 6) | ||
var exponent = bignum(halfString2, 16) | ||
var shasum = crypto.createHash('sha1') | ||
shasum.update(keyBuffer.toString('binary')) | ||
var signature = '00' + shasum.digest('hex').substr(0, 8) | ||
var pem = ursa | ||
.createPublicKeyFromComponents(modulus.toBuffer(), exponent.toBuffer()) | ||
.toPublicPem() | ||
.toString() | ||
var plain = gmailEmail + '\x00' + gmailPassword | ||
var key = new NodeRSA(pem) | ||
var encrypted = key.encrypt(plain, 'hex') | ||
var output = new Buffer(signature + encrypted.toString('hex'), 'hex') | ||
var base64Output = output.toString('base64') | ||
base64Output = base64Output.replace(/\+/g, '-') | ||
base64Output = base64Output.replace(/\//g, '_') | ||
return base64Output | ||
} |
{ | ||
"name": "snapchat", | ||
"description": "Nodejs client for the unofficial Snapchat API", | ||
"version": "2.0.0", | ||
"version": "2.0.1", | ||
"author": { | ||
@@ -15,5 +15,7 @@ "name": "Travis Fischer", | ||
"async": "^1.4.2", | ||
"bignum": "^0.11.0", | ||
"debug": "^2.1.0", | ||
"enum": "^2.1.0", | ||
"inherits": "^2.0.1", | ||
"node-rsa": "^0.2.25", | ||
"node-uuid": "^1.4.3", | ||
@@ -23,2 +25,3 @@ "phone": "^1.0.4", | ||
"url-join": "0.0.1", | ||
"ursa": "^0.8.5", | ||
"xtend": "^4.0.0" | ||
@@ -25,0 +28,0 @@ }, |
@@ -9,7 +9,5 @@ # Snapchat | ||
**NOTE** This project is a pre-release alpha, and I would not recommend using it for production projects until it is more stable. PRs welcome :) | ||
### Status | ||
Login and request authentication are working and up-to-date with the latest version of Snapchat. Most of the REST API routes are untested. | ||
Most API methods are working and up-to-date with the current version of Snapchat, though there are some non-core methods which are untested. For example usage, please refer to the tests. | ||
@@ -16,0 +14,0 @@ ### Install |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
1588658
8525
3
12
116
25
+ Addedbignum@^0.11.0
+ Addednode-rsa@^0.2.25
+ Addedursa@^0.8.5
+ Addedasn1@0.2.3(transitive)
+ Addedbignum@0.11.0(transitive)
+ Addedbindings@1.5.0(transitive)
+ Addedfile-uri-to-path@1.0.0(transitive)
+ Addedlodash@3.3.0(transitive)
+ Addednan@1.9.02.19.0(transitive)
+ Addednode-rsa@0.2.30(transitive)
+ Addedursa@0.8.5(transitive)
- Removedasn1@0.2.6(transitive)