mirror of
https://github.com/wukko/cobalt.git
synced 2024-11-15 12:50:01 +00:00
facebook: do not request the source url & clean up
fixed a vulnerability, removed useless variables, and cleaned up thankfully we haven't built the image yesterday
This commit is contained in:
wukko
parent
faeb96848b
commit
83af16bb12
4 changed files with 24 additions and 30 deletions
|
|
@ -203,8 +203,7 @@ export default async function(host, patternMatch, lang, obj) {
|
||||||
break;
|
break;
|
||||||
case "facebook":
|
case "facebook":
|
||||||
r = await facebook({
|
r = await facebook({
|
||||||
...patternMatch,
|
...patternMatch
|
||||||
sourceUrl: url.href
|
|
||||||
});
|
});
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
|
||||||
|
|
@ -4,59 +4,53 @@ const headers = {
|
||||||
'User-Agent': genericUserAgent,
|
'User-Agent': genericUserAgent,
|
||||||
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
|
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
|
||||||
'Accept-Language': 'en-US,en;q=0.5',
|
'Accept-Language': 'en-US,en;q=0.5',
|
||||||
'Accept-Encoding': 'gzip, deflate, br',
|
|
||||||
'Sec-Fetch-Mode': 'navigate',
|
'Sec-Fetch-Mode': 'navigate',
|
||||||
'Sec-Fetch-Site': 'none',
|
'Sec-Fetch-Site': 'none',
|
||||||
}
|
}
|
||||||
|
|
||||||
function resolveUrl(url) {
|
const resolveUrl = (url) => {
|
||||||
return fetch(url, { headers })
|
return fetch(url, { headers })
|
||||||
.then(r => {
|
.then(r => {
|
||||||
if (r.headers.get('location')) {
|
if (r.headers.get('location')) {
|
||||||
return decodeURIComponent(r.headers.get('location'))
|
return decodeURIComponent(r.headers.get('location'));
|
||||||
}
|
}
|
||||||
if (r.headers.get('link')) {
|
if (r.headers.get('link')) {
|
||||||
const linkMatch = r.headers.get('link').match(/<(.*?)\/>/)
|
const linkMatch = r.headers.get('link').match(/<(.*?)\/>/);
|
||||||
return decodeURIComponent(linkMatch[1])
|
return decodeURIComponent(linkMatch[1]);
|
||||||
}
|
}
|
||||||
return false
|
return false;
|
||||||
})
|
})
|
||||||
.catch(() => false)
|
.catch(() => false);
|
||||||
}
|
}
|
||||||
|
|
||||||
export default async function({ sourceUrl, shortLink, username, id }) {
|
export default async function({ id, shareType, shortLink }) {
|
||||||
const isShortLink = !!shortLink?.length
|
let url = `https://web.facebook.com/i/videos/${id}`;
|
||||||
const isSharedLink = !!sourceUrl.match(/\/share\/\w\//)?.length
|
|
||||||
|
|
||||||
let url = isShortLink
|
if (shareType) url = `https://web.facebook.com/share/${shareType}/${id}`;
|
||||||
? `https://fb.watch/${shortLink}`
|
if (shortLink) url = await resolveUrl(`https://fb.watch/${shortLink}`);
|
||||||
: `https://web.facebook.com/${username}/videos/${id}`
|
|
||||||
|
|
||||||
if (isShortLink) url = await resolveUrl(url)
|
|
||||||
if (isSharedLink) url = sourceUrl
|
|
||||||
|
|
||||||
const html = await fetch(url, { headers })
|
const html = await fetch(url, { headers })
|
||||||
.then(r => r.text())
|
.then(r => r.text())
|
||||||
.catch(() => false)
|
.catch(() => false);
|
||||||
|
|
||||||
if (!html) return { error: 'ErrorCouldntFetch' };
|
if (!html) return { error: 'ErrorCouldntFetch' };
|
||||||
|
|
||||||
const urls = []
|
const urls = [];
|
||||||
const hd = html.match('"browser_native_hd_url":(".*?")')
|
const hd = html.match('"browser_native_hd_url":(".*?")');
|
||||||
const sd = html.match('"browser_native_sd_url":(".*?")')
|
const sd = html.match('"browser_native_sd_url":(".*?")');
|
||||||
|
|
||||||
if (hd?.[1]) urls.push(JSON.parse(hd[1]))
|
if (hd?.[1]) urls.push(JSON.parse(hd[1]));
|
||||||
if (sd?.[1]) urls.push(JSON.parse(sd[1]))
|
if (sd?.[1]) urls.push(JSON.parse(sd[1]));
|
||||||
|
|
||||||
if (!urls.length) {
|
if (!urls.length) {
|
||||||
return { error: 'ErrorEmptyDownload' };
|
return { error: 'ErrorEmptyDownload' };
|
||||||
}
|
}
|
||||||
|
|
||||||
let filename = `facebook_${id || shortLink}.mp4`
|
const baseFilename = `facebook_${id || shortLink}`;
|
||||||
|
|
||||||
return {
|
return {
|
||||||
urls: urls[0],
|
urls: urls[0],
|
||||||
filename,
|
filename: `${baseFilename}.mp4`,
|
||||||
audioFilename: `${filename.slice(0, -4)}_audio`,
|
audioFilename: `${baseFilename}_audio`,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
@ -134,7 +134,7 @@
|
||||||
":username/videos/:caption/:id",
|
":username/videos/:caption/:id",
|
||||||
":username/videos/:id",
|
":username/videos/:id",
|
||||||
"reel/:id",
|
"reel/:id",
|
||||||
"share/:shortLink/:id"
|
"share/:shareType/:id"
|
||||||
],
|
],
|
||||||
"enabled": true
|
"enabled": true
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -68,5 +68,6 @@ export const testers = {
|
||||||
patternMatch.shortLink?.length <= 11
|
patternMatch.shortLink?.length <= 11
|
||||||
|| patternMatch.username?.length <= 30
|
|| patternMatch.username?.length <= 30
|
||||||
|| patternMatch.caption?.length <= 255
|
|| patternMatch.caption?.length <= 255
|
||||||
|| patternMatch.id?.length <= 20,
|
|| patternMatch.id?.length <= 20 && !patternMatch.shareType
|
||||||
|
|| patternMatch.id?.length <= 20 && patternMatch.shareType?.length === 1,
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue