Administrator/Multi-Hoster-Upload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 208 Wiki Activity

fix(vidmoly): login via new POST /api/auth/login with JSON

Browse Source 
The SPA redesign killed the old XFS form POST at / with op=login.
The new flow is a JSON POST to /api/auth/login that returns a
vidmoly_session HttpOnly cookie, which is what /api/upload/config
actually authenticates against.

After login we also probe /api/upload/config once to fail fast if
the session was issued but not actually valid for uploads.
This commit is contained in:
Administrator 2026-04-19 22:31:32 +02:00
parent 961d59f8b8
commit da4ac95c3c
1 changed files with 22 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
lib/vidmoly-upload.js
View File

@ -81,43 +81,40 @@ class VidmolyUploader {
} }
/** /**
* Login to Vidmoly * Login to Vidmoly via the new JSON API (replaces the old XFS form POST
* at `/` with `op=login`, which the SPA redesign deprecated). The response
* sets a `vidmoly_session` HttpOnly cookie that the upload API checks.
*/ */
async login(username, password) { async login(username, password) {
// First GET the main page to get initial cookies // Warm up — get baseline cookies (cf_clearance etc.)
const initRes = await this._fetch(BASE_URL); try {
await initRes.text(); const initRes = await this._fetch(BASE_URL);
await initRes.text();
} catch {}
// POST login const res = await this._fetch(`${BASE_URL}/api/auth/login`, {
const loginData = new URLSearchParams({
op: 'login',
login: username,
password: password,
redirect: ''
});
const res = await this._fetch(BASE_URL, {
method: 'POST', method: 'POST',
body: loginData.toString(), body: JSON.stringify({ login: username, password }),
headers: { headers: {
'Content-Type': 'application/x-www-form-urlencoded', 'Content-Type': 'application/json',
'Referer': BASE_URL 'Accept': 'application/json',
'Origin': BASE_URL,
'Referer': `${BASE_URL}/login`
} }
}); });
const body = await res.text(); const body = await res.text();
if (res.status === 401 || res.status === 403 || /incorrect|invalid|wrong/i.test(body)) {
if (body.includes('Incorrect Login or Password')) {
throw new Error('Vidmoly Login fehlgeschlagen: Falscher Username oder Passwort'); throw new Error('Vidmoly Login fehlgeschlagen: Falscher Username oder Passwort');
} }
if (res.status < 200 || res.status >= 300) {
// Verify by directly probing the upload-config API. If we get a valid throw new Error(`Vidmoly Login fehlgeschlagen: HTTP ${res.status}`);
// JSON with sess_id/upload_url back, we're in. This is the only thing
// we actually need to work, so check it up front instead of guessing
// from SPA HTML markers.
if (this.cookies.size === 0) {
throw new Error('Vidmoly Login fehlgeschlagen: Keine Session erhalten');
} }
if (!this.cookies.has('vidmoly_session')) {
throw new Error('Vidmoly Login fehlgeschlagen: Keine Session erhalten (vidmoly_session fehlt)');
}
// Probe the upload API so downstream getUploadParams() has a warm path.
const probe = await this._fetch(`${BASE_URL}/api/upload/config`); const probe = await this._fetch(`${BASE_URL}/api/upload/config`);
const probeBody = await probe.text(); const probeBody = await probe.text();
let probeJson = null; let probeJson = null;