Skip to content

Instantly share code, notes, and snippets.

@Xetera
Last active July 25, 2021 19:25
Show Gist options
  • Save Xetera/aa59e84f3959a37c16a3309b5d9ab5a0 to your computer and use it in GitHub Desktop.
Save Xetera/aa59e84f3959a37c16a3309b5d9ab5a0 to your computer and use it in GitHub Desktop.
Weverse.io automatic password login flow for scraping posts/images
const forge = require('node-forge')
const fetch = require('node-fetch')
const publicKey = `-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/OhimOynajYomJmBsNvQxSDwekunsp986l7s/zMN/8jHXFlTqT79ZOsOwzVdZcKnkWYXwJg4nhIFpaIsPzklQCImp2kfKUJQV3jzw7/Qtq6NrOOh9YBADr+b99SHYcc7E7cDHjGXgWlC5jEI9h80R822wBU0HcbODkAQ3uosvFhSq3gLpxwdimesZofkJ5ZbAmGIMj1GEWAfMGA49mxkv/cDFWry+6FM4mUW6A0301QUg4wK/8n6RrzRj1NUkevZj1smizHeqmBE+0BU5H/fR9HclErx3LMHlVlxSgEEEjNUx3B0bLO0OHppmEb4B3Tk1O3ZsquYyqZyb2lBTbrQwIDAQAB
-----END RSA PUBLIC KEY-----`
const key = forge.pki.publicKeyFromPem(publicKey);
const encryptedPassword = key.encrypt("your-password-here", 'RSA-OAEP')
console.log(encryptedPassword);
const data = await fetch("https://accountapi.weverse.io/api/v1/oauth/token", {
method: "POST",
body: JSON.stringify({
grant_type: "password",
client_id: "weverse-test",
username: "your-email@kpop.kr",
password: encryptedPassword
})
}).then(res => res.json())
console.log(data.access_token)
// the auth token expires every 6 months
// the refresh token expires every 1 year so you have to redo this login flow once a year
// NOTE: if you log into the account you're automating you will invalidate your existing token
// when your auth token expires you can refresh it with an existing refresh token
const nextData = await fetch("https://accountapi.weverse.io/api/v1/oauth/token", {
method: "POST",
body: JSON.stringify({
grant_type: "refresh_token",
client_id: "weverse-test",
refresh_token: data.refresh_token
})
}).then(res => res.json())
console.log(nextData.access_token)
/// ------------- IMPORTANT ---------------
/// DO NOT try to login to "weverse". Always login to "weverse-test" otherwise you will get locked out from logging in.
/// At least I got locked out lol so I guess it's not supported
/// ------------- IMPORTANT ---------------
// this public key is hardcoded in the client side bundle but it may change in the future, if you want to be safe
// and fetch it dynamically you need to write code that will:
// 1. go to https://account.weverse.io/login/auth?client_id=weverse-test&hl=en (yes I know weverse-test lol)
// 2. search for the dynamically included script in the root `<script src="/static/js/main.[chunkhash].js"></script>`
// 3. regex search the included chunk for `-----BEGIN RSA PUBLIC KEY-----(.|\n)+----END RSA PUBLIC KEY-----`
// hi weverse team if you're reading this I love you I'm not abusing your service I promise
// I just want to look at pics of kpop girls but you don't provide webhooks for new posts :(
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment