Merge pull request #31 from JoshHeng/fix-lookmovie-source

fix: Fix lookmovie security bug by passing PHPSESSID cookie & user agent
This commit is contained in:
James Hawkins 2021-09-27 10:01:50 +01:00 committed by GitHub
commit 93f5daa2ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 6 deletions

View File

@ -2,6 +2,7 @@ import Fuse from 'fuse.js'
import JSON5 from 'json5' import JSON5 from 'json5'
const BASE_URL = `${process.env.REACT_APP_CORS_PROXY_URL}https://lookmovie.io`; const BASE_URL = `${process.env.REACT_APP_CORS_PROXY_URL}https://lookmovie.io`;
let phpsessid;
async function findContent(searchTerm, type) { async function findContent(searchTerm, type) {
const searchUrl = `${BASE_URL}/${type}s/search/?q=${encodeURIComponent(searchTerm)}`; const searchUrl = `${BASE_URL}/${type}s/search/?q=${encodeURIComponent(searchTerm)}`;
@ -88,7 +89,9 @@ async function getVideoUrl(config) {
} }
async function getEpisodeSubs (config) { async function getEpisodeSubs (config) {
return await fetch(`${BASE_URL}/api/v1/shows/episode-subtitles/?id_episode=${config.id}`).then(res => res.json()); return await fetch(`${BASE_URL}/api/v1/shows/episode-subtitles/?id_episode=${config.id}`, {
headers: { phpsessid },
}).then(res => res.json());
} }
async function getAccessInfo(config) { async function getAccessInfo(config) {
@ -100,7 +103,9 @@ async function getAccessInfo(config) {
url = `${BASE_URL}/api/v1/security/show-access?slug=${config.slug}&token=&step=2`; url = `${BASE_URL}/api/v1/security/show-access?slug=${config.slug}&token=&step=2`;
} }
const data = await fetch(url).then((d) => d.json()); const data = await fetch(url, {
headers: { phpsessid },
}).then((d) => d.json());
const token = data?.data?.accessToken; const token = data?.data?.accessToken;
const subtitles = data?.data?.subtitles; const subtitles = data?.data?.subtitles;
@ -112,7 +117,9 @@ async function getAccessInfo(config) {
async function getEpisodes(slug) { async function getEpisodes(slug) {
const url = `${BASE_URL}/shows/view/${slug}`; const url = `${BASE_URL}/shows/view/${slug}`;
const pageReq = await fetch(url).then((d) => d.text()); const pageReq = await fetch(url, {
headers: { phpsessid },
}).then((d) => d.text());
const data = JSON5.parse("{" + const data = JSON5.parse("{" +
pageReq pageReq
@ -139,11 +146,13 @@ async function getEpisodes(slug) {
async function getStreamUrl(slug, type, season, episode) { async function getStreamUrl(slug, type, season, episode) {
const url = `${BASE_URL}/${type}s/view/${slug}`; const url = `${BASE_URL}/${type}s/view/${slug}`;
const pageReq = await fetch(url).then((d) => d.text()); const pageRes = await fetch(url);
phpsessid = pageRes.headers.get('phpsessid');
const pageResText = await pageRes.text();
const data = JSON5.parse("{" + const data = JSON5.parse("{" +
pageReq pageResText
.slice(pageReq.indexOf(`${type}_storage`)) .slice(pageResText.indexOf(`${type}_storage`))
.split("};")[0] .split("};")[0]
.split("= {")[1] .split("= {")[1]
.trim() + .trim() +

View File

@ -20,6 +20,14 @@ async function handleRequest(request, destinationUrl, iteration = 0) {
request = new Request(destinationUrl, request); request = new Request(destinationUrl, request);
request.headers.set("Origin", new URL(destinationUrl).origin); request.headers.set("Origin", new URL(destinationUrl).origin);
// Set PHPSESSID cookie
if (request.headers.get('PHPSESSID')) {
request.headers.set('Cookie', `PHPSESSID=${request.headers.get('PHPSESSID')};`);
}
// Set User Agent
request.headers.set('User-Agent', ' Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0');
let response = await fetch(request); let response = await fetch(request);
if ((response.status === 302 || response.status === 301) && response.headers.get('location')) { if ((response.status === 302 || response.status === 301) && response.headers.get('location')) {
@ -40,6 +48,14 @@ async function handleRequest(request, destinationUrl, iteration = 0) {
// Set CORS headers // Set CORS headers
response.headers.set("Access-Control-Allow-Origin", '*'); response.headers.set("Access-Control-Allow-Origin", '*');
// Get and set PHPSESSID cookie
const cookies = response.headers.get('Set-Cookie');
if (cookies && cookies.includes('PHPSESSID') && cookies.includes(';')) {
let phpsessid = cookies.slice(cookies.search('PHPSESSID') + 10);
phpsessid = phpsessid.slice(0, phpsessid.search(';'));
response.headers.set('PHPSESSID', phpsessid);
}
// Append to/Add Vary header so browser will cache response correctly // Append to/Add Vary header so browser will cache response correctly
response.headers.append("Vary", "Origin"); response.headers.append("Vary", "Origin");