3 Commits

Author SHA1 Message Date
herel e77c034082 chore: update .gitignore 2026-06-29 23:11:51 +02:00
herel 0615dc6421 fix: remove Cross-Account Data Leakage 2026-06-29 23:04:48 +02:00
herel 71bbb67cef chore: remove debugging prints 2026-06-29 23:03:48 +02:00
3 changed files with 33 additions and 29 deletions
+1
View File
@@ -169,3 +169,4 @@ cython_debug/
# and can be added to the global gitignore or merged into this file. For a more nuclear # and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder. # option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/ #.idea/
strix_runs/*
+24 -21
View File
@@ -594,16 +594,16 @@ mobile_headers = {
} }
def curl_for_mobile_login(username: str, password: str) -> str: # def curl_for_mobile_login(username: str, password: str) -> str:
"""Generate curl command to replicate mobile_login request.""" # """Generate curl command to replicate mobile_login request."""
import base64 # import base64
headers_str = " ".join([f"-H '{k}: {v}'" for k, v in mobile_headers.items()]) # headers_str = " ".join([f"-H '{k}: {v}'" for k, v in mobile_headers.items()])
encoded_username = base64.b64encode(username.encode()).decode() # encoded_username = base64.b64encode(username.encode()).decode()
encoded_password = base64.b64encode(password.encode()).decode() # encoded_password = base64.b64encode(password.encode()).decode()
return f"""curl -X POST "https://app.myice.hockey/api/mobilerest/login" \ # return f"""curl -X POST "https://app.myice.hockey/api/mobilerest/login" \
{headers_str} \ # {headers_str} \
-d 'login_email={encoded_username}&login_password={encoded_password}&language=FR&v=2'""" # -d 'login_email={encoded_username}&login_password={encoded_password}&language=FR&v=2'"""
def mobile_login(config_section: str | None = None): def mobile_login(config_section: str | None = None):
@@ -619,7 +619,7 @@ def mobile_login(config_section: str | None = None):
print("Requesting token", file=sys.stderr) print("Requesting token", file=sys.stderr)
# Print curl equivalent for debugging # Print curl equivalent for debugging
print(curl_for_mobile_login(username, password), file=sys.stderr) # print(curl_for_mobile_login(username, password), file=sys.stderr)
with requests.post( with requests.post(
"https://app.myice.hockey/api/mobilerest/login", "https://app.myice.hockey/api/mobilerest/login",
headers=mobile_headers, headers=mobile_headers,
@@ -643,23 +643,26 @@ userdata = {
} }
def curl_for_refresh_data(token: str, club_id: int) -> str: # def curl_for_refresh_data(token: str, club_id: int) -> str:
"""Generate curl command to replicate refresh_data request.""" # """Generate curl command to replicate refresh_data request."""
headers_str = " ".join([f"-H '{k}: {v}'" for k, v in mobile_headers.items()]) # headers_str = " ".join([f"-H '{k}: {v}'" for k, v in mobile_headers.items()])
return f"""curl -X POST "https://app.myice.hockey/api/mobilerest/refreshdata" \ # return f"""curl -X POST "https://app.myice.hockey/api/mobilerest/refreshdata" \
{headers_str} \ # {headers_str} \
-d 'token={token}&id_club={club_id}&language=FR'""" # -d 'token={token}&id_club={club_id}&language=FR'"""
def refresh_data(): def refresh_data(user_data=None):
# Use provided user_data or fall back to global userdata for backward compatibility
if user_data is None:
user_data = userdata
# Print curl equivalent for debugging # Print curl equivalent for debugging
print( # print(
curl_for_refresh_data(userdata["token"], userdata["id_club"]), file=sys.stderr # curl_for_refresh_data(user_data["token"], user_data["id_club"]), file=sys.stderr
) # )
with requests.post( with requests.post(
"https://app.myice.hockey/api/mobilerest/refreshdata", "https://app.myice.hockey/api/mobilerest/refreshdata",
headers=mobile_headers, headers=mobile_headers,
data=f"token={userdata['token']}&id_club={userdata['id_club']}&language=FR", data=f"token={user_data['token']}&id_club={user_data['id_club']}&language=FR",
# verify=False, # verify=False,
) as r: ) as r:
r.raise_for_status() r.raise_for_status()
+8 -8
View File
@@ -352,15 +352,15 @@ async def schedule(
try: try:
if existing_token: if existing_token:
myice.userdata = { user_data = {
"id": userid, "id": userid,
"id_club": club_id or 186, "id_club": club_id or 186,
"token": existing_token, "token": existing_token,
} }
else: else:
myice.userdata = myice.mobile_login(config_section=account) user_data = myice.mobile_login(config_section=account)
data = myice.refresh_data() data = myice.refresh_data(user_data=user_data)
if "club_games" in data: if "club_games" in data:
return data["club_games"] return data["club_games"]
else: else:
@@ -433,13 +433,13 @@ async def game(
config_section=account config_section=account
) )
if existing_token: if existing_token:
myice.userdata = { user_data = {
"id": userid, "id": userid,
"id_club": club_id or 186, "id_club": club_id or 186,
"token": existing_token, "token": existing_token,
} }
else: else:
myice.userdata = myice.mobile_login(config_section=account) user_data = myice.mobile_login(config_section=account)
# data = refresh_data() # data = refresh_data()
with requests.post( with requests.post(
@@ -447,11 +447,11 @@ async def game(
headers=myice.mobile_headers, headers=myice.mobile_headers,
data="&".join( data="&".join(
[ [
f"token={myice.userdata['token']}", f"token={user_data['token']}",
f"id_event={game_id}", f"id_event={game_id}",
"type=games", "type=games",
f"id_player={myice.userdata['id']}", f"id_player={user_data['id']}",
f"id_club={myice.userdata['id_club']}", f"id_club={user_data['id_club']}",
"language=FR", "language=FR",
] ]
), ),