feat(ext): verify cookies in-browser before uploading (1.0.7)
CI / lint (push) Successful in 4s
CI / backend-lint-and-test (push) Successful in 37s
CI / frontend-build (push) Successful in 40s
extension / lint (push) Successful in 36s
CI / intimp (push) Successful in 4m4s
CI / intapi (push) Successful in 8m2s
CI / intcore (push) Successful in 8m45s
extension / lint (pull_request) Successful in 14s
CI / lint (push) Successful in 4s
CI / backend-lint-and-test (push) Successful in 37s
CI / frontend-build (push) Successful in 40s
extension / lint (push) Successful in 36s
CI / intimp (push) Successful in 4m4s
CI / intapi (push) Successful in 8m2s
CI / intcore (push) Successful in 8m45s
extension / lint (pull_request) Successful in 14s
Pre-upload verify request: after capturing the live browser cookies,
hit a known authenticated endpoint with credentials:'include' from the
extension's background context. If the platform reports we're not
logged in, abort the upload so we don't overwrite FC-side credentials
with stale data.
- platforms.js: add `verify` config per cookie-auth platform
- hentaifoundry: HEAD /?enterAgree=1 (mirrors gallery-dl's HF
_init_site_filters; same 401 path the operator hit 2026-06-03)
- patreon: GET /api/current_user (clean 401 when logged out)
- subscribestar, deviantart: no stable auth endpoint, skip verify
- cookies.js: verifyCookiesForPlatform() returns {ok, status, reason}.
ok=true/false/null tri-state — null = verify not configured, caller
treats as "proceed".
- background.js EXPORT_COOKIES + EXPORT_ALL_COOKIES: verify gates the
upload; failures bubble up with the platform's name + reason.
- popup.js: success message now appends "(verified ✓)" when applicable.
- manifest + package.json: 1.0.6 → 1.0.7.
This commit is contained in:
@@ -76,3 +76,38 @@ async function getCookieCount(platformKey) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify cookies are live by hitting an authenticated endpoint with the
|
||||
* browser's current cookie jar. Returns:
|
||||
* { ok: true, status } — verified
|
||||
* { ok: false, status, reason } — endpoint said we're not logged in
|
||||
* { ok: null, reason } — no verify config for this platform; caller
|
||||
* should treat as "verify not available,
|
||||
* proceed with upload"
|
||||
*
|
||||
* Implementation note: extensions with `host_permissions` for the target
|
||||
* domain get the user's cookies auto-attached to fetch() — same set
|
||||
* gallery-dl will later use on the backend.
|
||||
*/
|
||||
async function verifyCookiesForPlatform(platformKey) {
|
||||
const platform = PLATFORMS[platformKey];
|
||||
if (!platform) return { ok: false, reason: `Unknown platform: ${platformKey}` };
|
||||
if (!platform.verify) return { ok: null, reason: 'verify-not-configured' };
|
||||
|
||||
const { url, method, okStatuses } = platform.verify;
|
||||
let resp;
|
||||
try {
|
||||
resp = await fetch(url, { method, credentials: 'include', cache: 'no-store' });
|
||||
} catch (e) {
|
||||
return { ok: false, reason: `Verify request failed: ${e.message}` };
|
||||
}
|
||||
if (okStatuses.includes(resp.status)) {
|
||||
return { ok: true, status: resp.status };
|
||||
}
|
||||
return {
|
||||
ok: false,
|
||||
status: resp.status,
|
||||
reason: `${url} returned HTTP ${resp.status} — session looks stale or logged out`,
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user