forked from StrafesNET/asset-tool
CSRF challenge
This commit is contained in:
parent
5b68f23755
commit
c080634a53
22
src/main.rs
22
src/main.rs
@ -117,8 +117,9 @@ async fn upload_list(cookie:String,owner:Owner,asset_id_file_map:AssetIDFileMap)
|
||||
let owner=&owner;
|
||||
async move{
|
||||
let mut url=reqwest::Url::parse("https://data.roblox.com/Data/Upload.ashx?json=1&type=Model&genreTypeId=1")?;
|
||||
//url borrow scope
|
||||
{
|
||||
let mut query=url.query_pairs_mut();
|
||||
let mut query=url.query_pairs_mut();//borrow here
|
||||
query.append_pair("assetid",asset_id.to_string().as_str());
|
||||
match owner{
|
||||
Owner::Group(group_id)=>{query.append_pair("groupId",group_id.to_string().as_str());},
|
||||
@ -126,10 +127,25 @@ async fn upload_list(cookie:String,owner:Owner,asset_id_file_map:AssetIDFileMap)
|
||||
}
|
||||
}
|
||||
|
||||
let resp=client.post(url)
|
||||
let body=tokio::fs::read_to_string(file).await?;
|
||||
let mut resp=client.post(url.clone())
|
||||
.header("Cookie",cookie)
|
||||
.body(tokio::fs::read_to_string(file).await?)
|
||||
.body(body.clone())
|
||||
.send().await?;
|
||||
|
||||
//This is called a CSRF challenge apparently
|
||||
if resp.status()==reqwest::StatusCode::FORBIDDEN{
|
||||
if let Some(csrf_token)=resp.headers().get("X-CSRF-Token"){
|
||||
resp=client.post(url)
|
||||
.header("X-CSRF-Token",csrf_token)
|
||||
.header("Cookie",cookie)
|
||||
.body(body)
|
||||
.send().await?;
|
||||
}else{
|
||||
return Err(anyhow::Error::msg("Roblox returned 403 with no CSRF"));
|
||||
}
|
||||
}
|
||||
|
||||
Ok((asset_id,resp.bytes().await?))
|
||||
}
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user