mirror of
https://github.com/movie-web/movie-web.git
synced 2024-11-11 01:05:08 +01:00
fix: Fix lookmovie security bug by passing PHPSESSID cookie & user agent
This commit is contained in:
parent
8489a8af2b
commit
5b829065ad
@ -2,6 +2,7 @@ import Fuse from 'fuse.js'
|
||||
import JSON5 from 'json5'
|
||||
|
||||
const BASE_URL = `${process.env.REACT_APP_CORS_PROXY_URL}https://lookmovie.io`;
|
||||
let phpsessid;
|
||||
|
||||
async function findContent(searchTerm, type) {
|
||||
const searchUrl = `${BASE_URL}/${type}s/search/?q=${encodeURIComponent(searchTerm)}`;
|
||||
@ -88,7 +89,9 @@ async function getVideoUrl(config) {
|
||||
}
|
||||
|
||||
async function getEpisodeSubs (config) {
|
||||
return await fetch(`${BASE_URL}/api/v1/shows/episode-subtitles/?id_episode=${config.id}`).then(res => res.json());
|
||||
return await fetch(`${BASE_URL}/api/v1/shows/episode-subtitles/?id_episode=${config.id}`, {
|
||||
headers: { phpsessid },
|
||||
}).then(res => res.json());
|
||||
}
|
||||
|
||||
async function getAccessInfo(config) {
|
||||
@ -100,7 +103,9 @@ async function getAccessInfo(config) {
|
||||
url = `${BASE_URL}/api/v1/security/show-access?slug=${config.slug}&token=&step=2`;
|
||||
}
|
||||
|
||||
const data = await fetch(url).then((d) => d.json());
|
||||
const data = await fetch(url, {
|
||||
headers: { phpsessid },
|
||||
}).then((d) => d.json());
|
||||
|
||||
const token = data?.data?.accessToken;
|
||||
const subtitles = data?.data?.subtitles;
|
||||
@ -112,7 +117,9 @@ async function getAccessInfo(config) {
|
||||
|
||||
async function getEpisodes(slug) {
|
||||
const url = `${BASE_URL}/shows/view/${slug}`;
|
||||
const pageReq = await fetch(url).then((d) => d.text());
|
||||
const pageReq = await fetch(url, {
|
||||
headers: { phpsessid },
|
||||
}).then((d) => d.text());
|
||||
|
||||
const data = JSON5.parse("{" +
|
||||
pageReq
|
||||
@ -139,11 +146,13 @@ async function getEpisodes(slug) {
|
||||
|
||||
async function getStreamUrl(slug, type, season, episode) {
|
||||
const url = `${BASE_URL}/${type}s/view/${slug}`;
|
||||
const pageReq = await fetch(url).then((d) => d.text());
|
||||
const pageRes = await fetch(url);
|
||||
phpsessid = pageRes.headers.get('phpsessid');
|
||||
const pageResText = await pageRes.text();
|
||||
|
||||
const data = JSON5.parse("{" +
|
||||
pageReq
|
||||
.slice(pageReq.indexOf(`${type}_storage`))
|
||||
pageResText
|
||||
.slice(pageResText.indexOf(`${type}_storage`))
|
||||
.split("};")[0]
|
||||
.split("= {")[1]
|
||||
.trim() +
|
||||
|
16
worker.js
16
worker.js
@ -20,6 +20,14 @@ async function handleRequest(request, destinationUrl, iteration = 0) {
|
||||
request = new Request(destinationUrl, request);
|
||||
request.headers.set("Origin", new URL(destinationUrl).origin);
|
||||
|
||||
// Set PHPSESSID cookie
|
||||
if (request.headers.get('PHPSESSID')) {
|
||||
request.headers.set('Cookie', `PHPSESSID=${request.headers.get('PHPSESSID')};`);
|
||||
}
|
||||
|
||||
// Set User Agent
|
||||
request.headers.set('User-Agent', ' Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0');
|
||||
|
||||
let response = await fetch(request);
|
||||
|
||||
if ((response.status === 302 || response.status === 301) && response.headers.get('location')) {
|
||||
@ -40,6 +48,14 @@ async function handleRequest(request, destinationUrl, iteration = 0) {
|
||||
// Set CORS headers
|
||||
response.headers.set("Access-Control-Allow-Origin", '*');
|
||||
|
||||
// Get and set PHPSESSID cookie
|
||||
const cookies = response.headers.get('Set-Cookie');
|
||||
if (cookies && cookies.includes('PHPSESSID') && cookies.includes(';')) {
|
||||
let phpsessid = cookies.slice(cookies.search('PHPSESSID') + 10);
|
||||
phpsessid = phpsessid.slice(0, phpsessid.search(';'));
|
||||
response.headers.set('PHPSESSID', phpsessid);
|
||||
}
|
||||
|
||||
// Append to/Add Vary header so browser will cache response correctly
|
||||
response.headers.append("Vary", "Origin");
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user