forked from StrafesNET/asset-tool
CSRF challenge
This commit is contained in:
parent
5b68f23755
commit
c080634a53
22
src/main.rs
22
src/main.rs
@ -117,8 +117,9 @@ async fn upload_list(cookie:String,owner:Owner,asset_id_file_map:AssetIDFileMap)
|
|||||||
let owner=&owner;
|
let owner=&owner;
|
||||||
async move{
|
async move{
|
||||||
let mut url=reqwest::Url::parse("https://data.roblox.com/Data/Upload.ashx?json=1&type=Model&genreTypeId=1")?;
|
let mut url=reqwest::Url::parse("https://data.roblox.com/Data/Upload.ashx?json=1&type=Model&genreTypeId=1")?;
|
||||||
|
//url borrow scope
|
||||||
{
|
{
|
||||||
let mut query=url.query_pairs_mut();
|
let mut query=url.query_pairs_mut();//borrow here
|
||||||
query.append_pair("assetid",asset_id.to_string().as_str());
|
query.append_pair("assetid",asset_id.to_string().as_str());
|
||||||
match owner{
|
match owner{
|
||||||
Owner::Group(group_id)=>{query.append_pair("groupId",group_id.to_string().as_str());},
|
Owner::Group(group_id)=>{query.append_pair("groupId",group_id.to_string().as_str());},
|
||||||
@ -126,10 +127,25 @@ async fn upload_list(cookie:String,owner:Owner,asset_id_file_map:AssetIDFileMap)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let resp=client.post(url)
|
let body=tokio::fs::read_to_string(file).await?;
|
||||||
|
let mut resp=client.post(url.clone())
|
||||||
.header("Cookie",cookie)
|
.header("Cookie",cookie)
|
||||||
.body(tokio::fs::read_to_string(file).await?)
|
.body(body.clone())
|
||||||
.send().await?;
|
.send().await?;
|
||||||
|
|
||||||
|
//This is called a CSRF challenge apparently
|
||||||
|
if resp.status()==reqwest::StatusCode::FORBIDDEN{
|
||||||
|
if let Some(csrf_token)=resp.headers().get("X-CSRF-Token"){
|
||||||
|
resp=client.post(url)
|
||||||
|
.header("X-CSRF-Token",csrf_token)
|
||||||
|
.header("Cookie",cookie)
|
||||||
|
.body(body)
|
||||||
|
.send().await?;
|
||||||
|
}else{
|
||||||
|
return Err(anyhow::Error::msg("Roblox returned 403 with no CSRF"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Ok((asset_id,resp.bytes().await?))
|
Ok((asset_id,resp.bytes().await?))
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
Loading…
Reference in New Issue
Block a user