ONIMAI-SMP/ShatteredPrism
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 1 Wiki Activity

Fetch CurseForge API key from Linux app, not macOS

Browse Source
This commit is contained in:
Evan Goode 2024-06-25 13:05:35 -04:00
parent c3bdc0f79b
commit d1b018e8d8
1 changed files with 16 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
launcher/net/FetchFlameAPIKey.cpp
View File

@ -26,33 +26,31 @@
FetchFlameAPIKey::FetchFlameAPIKey(QObject* parent) : Task{ parent } {}
// Here, we fetch the API key from the files of the official CurseForge app. We
// use the macOS disk image (as opposed to the zipped Linux AppImage) since
// there is only one layer of DEFLATE decompression to get through. We
// range-request the specific ~500KiB zlib block from the archive.org mirror
// that contains the API key.
// Here, we fetch the official CurseForge API key from the files of the
// CurseForge app. We range-request the specific ~84KiB zlib block inside the
// AppImage's SquashFS that contains the API key and extract only that.
// Note: We need a direct link to the AppImage for this to work. The download
// link for the Linux app on CurseForge's website is to a zipped AppImage,
// which will not work here since (I think?) ZIP files typically have one
// non-chunked DEFLATE stream for each file, and there's no way to fetch a
// single, independent chunk to extract.
// See also https://git.sakamoto.pl/domi/curseme/src/commit/388ac991eb57dedd5d1aca45f418deb221d757d1/getToken.sh
const QUrl CURSEFORGE_APP_URL{
"https://web.archive.org/web/20240520233008if_/https://curseforge.overwolf.com/downloads/curseforge-latest.dmg"
"https://web.archive.org/web/20240625154807if_/https://curseforge.overwolf.com/electron/linux/CurseForge-0.198.1-21.AppImage"
};
// To find these offsets:
// 1. Download the disk image from CURSEFORGE_APP_URL and run
// dmg2img -V ./curseforge-latest.dmg
// 2. Use a hex editor to find the address of the string "cfCoreApiKey" inside
// curseforge-latest.img.
// 3. In the output of `dmg2img -V`, find the `in_addr`, the `in_size`, and the
// ` out_size` of the block that contains this address.
const uint32_t IN_ADDR{ 4640617 };
const uint32_t IN_SIZE{ 511977 };
const uint32_t OUT_SIZE{ 1048576 };
// Use https://github.com/unmojang/appimage-token-finder to find these offsets
const uint32_t IN_ADDR{ 82926761 };
const uint32_t IN_SIZE{ 84196 };
const uint32_t OUT_SIZE{ 131072 };
void FetchFlameAPIKey::executeTask()
{
QNetworkRequest req{ CURSEFORGE_APP_URL };
// Request only a single block of the disk image file
// Request only a single zlib block from inside the AppImage file
const auto& rangeHeader = QString("bytes=%1-%2").arg(IN_ADDR).arg(IN_ADDR + IN_SIZE);
req.setRawHeader("Range", rangeHeader.toUtf8());