Last active
July 25, 2021 19:25
-
-
Save Xetera/aa59e84f3959a37c16a3309b5d9ab5a0 to your computer and use it in GitHub Desktop.
Weverse.io automatic password login flow for scraping posts/images
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const forge = require('node-forge') | |
const fetch = require('node-fetch') | |
const publicKey = `-----BEGIN RSA PUBLIC KEY----- | |
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/OhimOynajYomJmBsNvQxSDwekunsp986l7s/zMN/8jHXFlTqT79ZOsOwzVdZcKnkWYXwJg4nhIFpaIsPzklQCImp2kfKUJQV3jzw7/Qtq6NrOOh9YBADr+b99SHYcc7E7cDHjGXgWlC5jEI9h80R822wBU0HcbODkAQ3uosvFhSq3gLpxwdimesZofkJ5ZbAmGIMj1GEWAfMGA49mxkv/cDFWry+6FM4mUW6A0301QUg4wK/8n6RrzRj1NUkevZj1smizHeqmBE+0BU5H/fR9HclErx3LMHlVlxSgEEEjNUx3B0bLO0OHppmEb4B3Tk1O3ZsquYyqZyb2lBTbrQwIDAQAB | |
-----END RSA PUBLIC KEY-----` | |
const key = forge.pki.publicKeyFromPem(publicKey); | |
const encryptedPassword = key.encrypt("your-password-here", 'RSA-OAEP') | |
console.log(encryptedPassword); | |
const data = await fetch("https://accountapi.weverse.io/api/v1/oauth/token", { | |
method: "POST", | |
body: JSON.stringify({ | |
grant_type: "password", | |
client_id: "weverse-test", | |
username: "your-email@kpop.kr", | |
password: encryptedPassword | |
}) | |
}).then(res => res.json()) | |
console.log(data.access_token) | |
// the auth token expires every 6 months | |
// the refresh token expires every 1 year so you have to redo this login flow once a year | |
// NOTE: if you log into the account you're automating you will invalidate your existing token | |
// when your auth token expires you can refresh it with an existing refresh token | |
const nextData = await fetch("https://accountapi.weverse.io/api/v1/oauth/token", { | |
method: "POST", | |
body: JSON.stringify({ | |
grant_type: "refresh_token", | |
client_id: "weverse-test", | |
refresh_token: data.refresh_token | |
}) | |
}).then(res => res.json()) | |
console.log(nextData.access_token) | |
/// ------------- IMPORTANT --------------- | |
/// DO NOT try to login to "weverse". Always login to "weverse-test" otherwise you will get locked out from logging in. | |
/// At least I got locked out lol so I guess it's not supported | |
/// ------------- IMPORTANT --------------- | |
// this public key is hardcoded in the client side bundle but it may change in the future, if you want to be safe | |
// and fetch it dynamically you need to write code that will: | |
// 1. go to https://account.weverse.io/login/auth?client_id=weverse-test&hl=en (yes I know weverse-test lol) | |
// 2. search for the dynamically included script in the root `<script src="/static/js/main.[chunkhash].js"></script>` | |
// 3. regex search the included chunk for `-----BEGIN RSA PUBLIC KEY-----(.|\n)+----END RSA PUBLIC KEY-----` | |
// hi weverse team if you're reading this I love you I'm not abusing your service I promise | |
// I just want to look at pics of kpop girls but you don't provide webhooks for new posts :( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment