snapchat
Advanced tools
Comparing version 2.0.0 to 2.0.1
22
index.js
@@ -739,2 +739,4 @@ module.exports = Snapchat | ||
| Snapchat.prototype._getGoogleAuthToken = function (gmailEmail, gmailPassword, cb) { | ||
| var encryptedGmailPassword = StringUtils.encryptGmailPassword(gmailEmail, gmailPassword) | ||
| Request.postRaw({ | ||
@@ -750,4 +752,4 @@ url: 'https://android.clients.google.com/auth', | ||
| 'Email': gmailEmail, | ||
| 'Passwd': gmailPassword, | ||
| // 'EncryptedPasswd': encryptedGmailPassword, // TODO | ||
| 'EncryptedPasswd': encryptedGmailPassword, | ||
| //'Passwd': gmailPassword, // unencrypted version | ||
| 'service': 'audience:server:client_id:694893979329-l59f3phl42et9clpoo296d8raqoljl6p.apps.googleusercontent.com', | ||
@@ -907,4 +909,4 @@ 'source': 'android', | ||
| return cb(err) | ||
| } else if (result && +result.code === 200) { | ||
| return cb(null, result.signedAttestation) | ||
| } else if (result && +result.code === 200 && result.attestation) { | ||
| return cb(null, result.attestation) | ||
| } | ||
@@ -925,11 +927,13 @@ | ||
| Snapchat.prototype._getClientAuthToken = function (username, password, ts, cb) { | ||
| var url = constants.attestation.URLCasperAuth + '/?username=' + username + '&password=' + password + '×tamp=' + ts | ||
| Request.postRaw({ | ||
| url: url, | ||
| form: { } | ||
| url: constants.attestation.URLCasperAuth, | ||
| form: { | ||
| username: username, | ||
| password: password, | ||
| timestamp: ts | ||
| } | ||
| }, function (err, response, result) { | ||
| if (err) { | ||
| return cb(err) | ||
| } else if (result && +result.status === 200 && result.signature) { | ||
| } else if (result && +result.code === 200 && result.signature) { | ||
| return cb(null, result.signature) | ||
@@ -936,0 +940,0 @@ } |
@@ -91,6 +91,6 @@ var Enum = require('enum') | ||
| // Casper™ attestation request URL. Special thanks to Liam! | ||
| URLCasper: 'http://attest.casper.io/attestation', | ||
| URLCasper: 'https://api.casper.io/security/login/attestation', | ||
| // Casper™ auth URL | ||
| URLCasperAuth: 'http://client-auth.casper.io', | ||
| URLCasperAuth: 'https://api.casper.io/security/login/signrequest', | ||
@@ -151,3 +151,5 @@ // digest values for different versions of snapchat | ||
| deviceToken1i: 'dtoken1i', | ||
| deviceToken1v: 'dtoken1v' | ||
| deviceToken1v: 'dtoken1v', | ||
| googleDefaultPublicKey: 'AAAAgMom/1a/v0lblO2Ubrt60J2gcuXSljGFQXgcyZWveWLEwo6prwgi3iJIZdodyhKZQrNWp5nKJ3srRXcUW+F1BD3baEVGcmEgqaLZUNBjm057pKRI16kB0YppeGx5qIQ5QjKzsR8ETQbKLNWgRY0QRNVz34kMJR3P/LgHax/6rmf5AAAAAwEAAQ==' | ||
| }, | ||
@@ -154,0 +156,0 @@ |
@@ -5,2 +5,6 @@ module.exports = StringUtils | ||
| var uuid = require('node-uuid') | ||
| var constants = require('./constants') | ||
| var bignum = require('bignum') | ||
| var ursa = require('ursa') | ||
| var NodeRSA = require('node-rsa') | ||
| var BufferUtils = require('./buffer-utils') | ||
@@ -141,1 +145,41 @@ | ||
| } | ||
| /** | ||
| * Encrypts the given password for use with Google's Android authentication. | ||
| * | ||
| * @param {string} gmailEmail | ||
| * @param {string} gmailPassword | ||
| * @return {string} | ||
| */ | ||
| StringUtils.encryptGmailPassword = function (gmailEmail, gmailPassword) { | ||
| var keyBuffer = new Buffer(constants.core.googleDefaultPublicKey, 'base64') | ||
| var halfString1 = keyBuffer.toString('hex').substr(8, 256) | ||
| var modulus = bignum(halfString1, 16) | ||
| var halfString2 = keyBuffer.toString('hex').substr(272, 6) | ||
| var exponent = bignum(halfString2, 16) | ||
| var shasum = crypto.createHash('sha1') | ||
| shasum.update(keyBuffer.toString('binary')) | ||
| var signature = '00' + shasum.digest('hex').substr(0, 8) | ||
| var pem = ursa | ||
| .createPublicKeyFromComponents(modulus.toBuffer(), exponent.toBuffer()) | ||
| .toPublicPem() | ||
| .toString() | ||
| var plain = gmailEmail + '\x00' + gmailPassword | ||
| var key = new NodeRSA(pem) | ||
| var encrypted = key.encrypt(plain, 'hex') | ||
| var output = new Buffer(signature + encrypted.toString('hex'), 'hex') | ||
| var base64Output = output.toString('base64') | ||
| base64Output = base64Output.replace(/\+/g, '-') | ||
| base64Output = base64Output.replace(/\//g, '_') | ||
| return base64Output | ||
| } |
| { | ||
| "name": "snapchat", | ||
| "description": "Nodejs client for the unofficial Snapchat API", | ||
| "version": "2.0.0", | ||
| "version": "2.0.1", | ||
| "author": { | ||
@@ -15,5 +15,7 @@ "name": "Travis Fischer", | ||
| "async": "^1.4.2", | ||
| "bignum": "^0.11.0", | ||
| "debug": "^2.1.0", | ||
| "enum": "^2.1.0", | ||
| "inherits": "^2.0.1", | ||
| "node-rsa": "^0.2.25", | ||
| "node-uuid": "^1.4.3", | ||
@@ -23,2 +25,3 @@ "phone": "^1.0.4", | ||
| "url-join": "0.0.1", | ||
| "ursa": "^0.8.5", | ||
| "xtend": "^4.0.0" | ||
@@ -25,0 +28,0 @@ }, |
@@ -9,7 +9,5 @@ # Snapchat | ||
| **NOTE** This project is a pre-release alpha, and I would not recommend using it for production projects until it is more stable. PRs welcome :) | ||
| ### Status | ||
| Login and request authentication are working and up-to-date with the latest version of Snapchat. Most of the REST API routes are untested. | ||
| Most API methods are working and up-to-date with the current version of Snapchat, though there are some non-core methods which are untested. For example usage, please refer to the tests. | ||
@@ -16,0 +14,0 @@ ### Install |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.1%
1588658
- Lines of code
- increased by0.45%
8525
- Number of medium supply chain risk alerts
- decreased by-40%
3
Worsened metrics
- Dependency count
- increased by33.33%
12
- Number of lines in readme file
- decreased by-1.69%
116
- Number of low supply chain risk alerts
- increased by47.06%
25
Dependency changes
+ Addedbignum@^0.11.0
+ Addednode-rsa@^0.2.25
+ Addedursa@^0.8.5
+ Addedasn1@0.2.3(transitive)
+ Addedbignum@0.11.0(transitive)
+ Addedbindings@1.5.0(transitive)
+ Addedfile-uri-to-path@1.0.0(transitive)
+ Addedlodash@3.3.0(transitive)
+ Addednan@1.9.02.19.0(transitive)
+ Addednode-rsa@0.2.30(transitive)
+ Addedursa@0.8.5(transitive)
- Removedasn1@0.2.6(transitive)