i11th/opera-proxy
1
0
Fork 0
mirror of https://github.com/Alexey71/opera-proxy.git synced 2026-05-13 14:11:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
opera-proxy/seclient/seclient.go
T
xteamlyer 63b9203be4 Some change
2026-04-30 19:04:28 +03:00

321 lines
8.0 KiB
Go
Raw Permalink Blame History

package seclient
import (
"context"
"encoding/json"
"fmt"
"io"
"math/rand"
"net/http"
"net/url"
"strings"
"sync"
dac "github.com/Alexey71/go-http-digest-auth-client"
)
const (
ANON_EMAIL_LOCALPART_BYTES = 32
ANON_PASSWORD_BYTES = 20
DEVICE_ID_BYTES = 20
READ_LIMIT int64 = 128 * 1024
)
type SEEndpoints struct {
RegisterSubscriber string
SubscriberLogin string
RegisterDevice string
DeviceGeneratePassword string
GeoList string
Discover string
}
var DefaultSEEndpoints = SEEndpoints{
RegisterSubscriber: "https://api2.sec-tunnel.com/v4/register_subscriber",
SubscriberLogin: "https://api2.sec-tunnel.com/v4/subscriber_login",
RegisterDevice: "https://api2.sec-tunnel.com/v4/register_device",
DeviceGeneratePassword: "https://api2.sec-tunnel.com/v4/device_generate_password",
GeoList: "https://api2.sec-tunnel.com/v4/geo_list",
Discover: "https://api2.sec-tunnel.com/v4/discover",
}
type SESettings struct {
ClientVersion string
ClientType string
DeviceName string
OperatingSystem string
UserAgent string
Endpoints SEEndpoints
}
var DefaultSESettings = SESettings{
ClientVersion: "Stable 114.0.5282.21",
ClientType: "se0316",
UserAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0",
DeviceName: "Opera-Browser-Client",
OperatingSystem: "Windows",
Endpoints: DefaultSEEndpoints,
}
type SEClient struct {
httpClient *http.Client
Settings SESettings
SubscriberEmail string
SubscriberPassword string
DeviceID string
AssignedDeviceID string
AssignedDeviceIDHash string
DevicePassword string
Mux sync.Mutex
rng *rand.Rand
}
type StrKV map[string]string
// NewSEClient instantiates a SurfEasy client.
// apiUsername/apiSecret are the application-level Digest Auth credentials
// embedded in every Opera client — they are NOT per-user and must not be randomised.
// transport may be nil (uses http.DefaultTransport).
func NewSEClient(apiUsername, apiSecret string, transport http.RoundTripper) (*SEClient, error) {
if transport == nil {
transport = http.DefaultTransport
}
rng := rand.New(RandomSource)
deviceID, err := randomCapitalHexString(rng, DEVICE_ID_BYTES)
if err != nil {
return nil, err
}
jar, err := NewStdJar()
if err != nil {
return nil, err
}
return &SEClient{
httpClient: &http.Client{
Jar: jar,
Transport: dac.NewDigestTransport(apiUsername, apiSecret, transport),
},
Settings: DefaultSESettings,
rng: rng,
DeviceID: deviceID,
}, nil
}
func (c *SEClient) ResetCookies() error {
c.Mux.Lock()
defer c.Mux.Unlock()
return c.resetCookies()
}
func (c *SEClient) resetCookies() error {
return (c.httpClient.Jar.(*StdJar)).Reset()
}
func (c *SEClient) AnonRegister(ctx context.Context) error {
c.Mux.Lock()
defer c.Mux.Unlock()
localPart, err := randomEmailLocalPart(c.rng)
if err != nil {
return err
}
// Each run generates a fresh random subscriber identity — this is the
// actual anonymisation layer. The API-level credentials above are fixed.
c.SubscriberEmail = fmt.Sprintf("%s@%s.best.vpn", localPart, c.Settings.ClientType)
c.SubscriberPassword = capitalHexSHA1(c.SubscriberEmail)
return c.register(ctx)
}
func (c *SEClient) Register(ctx context.Context) error {
c.Mux.Lock()
defer c.Mux.Unlock()
return c.register(ctx)
}
func (c *SEClient) register(ctx context.Context) error {
if err := c.resetCookies(); err != nil {
return err
}
var regRes SERegisterSubscriberResponse
err := c.rpcCall(ctx, c.Settings.Endpoints.RegisterSubscriber, StrKV{
"email": c.SubscriberEmail,
"password": c.SubscriberPassword,
}, &regRes)
if err != nil {
return err
}
if regRes.Status.Code != SE_STATUS_OK {
return newAPIError(regRes.Status)
}
return nil
}
func (c *SEClient) RegisterDevice(ctx context.Context) error {
c.Mux.Lock()
defer c.Mux.Unlock()
var regRes SERegisterDeviceResponse
err := c.rpcCall(ctx, c.Settings.Endpoints.RegisterDevice, StrKV{
"client_type": c.Settings.ClientType,
"device_hash": c.DeviceID,
"device_name": c.Settings.DeviceName,
}, &regRes)
if err != nil {
return err
}
if regRes.Status.Code != SE_STATUS_OK {
return newAPIError(regRes.Status)
}
c.AssignedDeviceID = regRes.Data.DeviceID
c.DevicePassword = regRes.Data.DevicePassword
c.AssignedDeviceIDHash = capitalHexSHA1(regRes.Data.DeviceID)
return nil
}
func (c *SEClient) GeoList(ctx context.Context) ([]SEGeoEntry, error) {
c.Mux.Lock()
defer c.Mux.Unlock()
var geoListRes SEGeoListResponse
err := c.rpcCall(ctx, c.Settings.Endpoints.GeoList, StrKV{
"device_id": c.AssignedDeviceIDHash,
}, &geoListRes)
if err != nil {
return nil, err
}
if geoListRes.Status.Code != SE_STATUS_OK {
return nil, newAPIError(geoListRes.Status)
}
return geoListRes.Data.Geos, nil
}
func (c *SEClient) Discover(ctx context.Context, requestedGeo string) ([]SEIPEntry, error) {
c.Mux.Lock()
defer c.Mux.Unlock()
var discoverRes SEDiscoverResponse
err := c.rpcCall(ctx, c.Settings.Endpoints.Discover, StrKV{
"serial_no": c.AssignedDeviceIDHash,
"requested_geo": requestedGeo,
}, &discoverRes)
if err != nil {
return nil, err
}
if discoverRes.Status.Code != SE_STATUS_OK {
return nil, newAPIError(discoverRes.Status)
}
return discoverRes.Data.IPs, nil
}
func (c *SEClient) Login(ctx context.Context) error {
c.Mux.Lock()
defer c.Mux.Unlock()
if err := c.resetCookies(); err != nil {
return err
}
var loginRes SESubscriberLoginResponse
err := c.rpcCall(ctx, c.Settings.Endpoints.SubscriberLogin, StrKV{
"login": c.SubscriberEmail,
"password": c.SubscriberPassword,
"client_type": c.Settings.ClientType,
}, &loginRes)
if err != nil {
return err
}
if loginRes.Status.Code != SE_STATUS_OK {
return newAPIError(loginRes.Status)
}
return nil
}
func (c *SEClient) DeviceGeneratePassword(ctx context.Context) error {
c.Mux.Lock()
defer c.Mux.Unlock()
var genRes SEDeviceGeneratePasswordResponse
err := c.rpcCall(ctx, c.Settings.Endpoints.DeviceGeneratePassword, StrKV{
"device_id": c.AssignedDeviceID,
}, &genRes)
if err != nil {
return err
}
if genRes.Status.Code != SE_STATUS_OK {
return newAPIError(genRes.Status)
}
c.DevicePassword = genRes.Data.DevicePassword
return nil
}
func (c *SEClient) GetProxyCredentials() (string, string) {
c.Mux.Lock()
defer c.Mux.Unlock()
return c.AssignedDeviceIDHash, c.DevicePassword
}
func (c *SEClient) populateRequest(req *http.Request) {
req.Header["SE-Client-Version"] = []string{c.Settings.ClientVersion}
req.Header["SE-Operating-System"] = []string{c.Settings.OperatingSystem}
req.Header["User-Agent"] = []string{c.Settings.UserAgent}
}
func (c *SEClient) RpcCall(ctx context.Context, endpoint string, params map[string]string, res interface{}) error {
c.Mux.Lock()
defer c.Mux.Unlock()
return c.rpcCall(ctx, endpoint, params, res)
}
func (c *SEClient) rpcCall(ctx context.Context, endpoint string, params map[string]string, res interface{}) error {
input := make(url.Values, len(params))
for k, v := range params {
input[k] = []string{v}
}
req, err := http.NewRequestWithContext(ctx, "POST", endpoint,
strings.NewReader(input.Encode()))
if err != nil {
return err
}
c.populateRequest(req)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Accept", "application/json")
resp, err := c.httpClient.Do(req)
if err != nil {
return err
}
if resp.StatusCode != http.StatusOK {
cleanupBody(resp.Body)
return fmt.Errorf("bad http status: %s, headers: %#v", resp.Status, resp.Header)
}
err = json.NewDecoder(resp.Body).Decode(res)
cleanupBody(resp.Body)
return err
}
// cleanupBody drains and closes an HTTP response body to allow connection reuse.
func cleanupBody(body io.ReadCloser) {
io.Copy(io.Discard, &io.LimitedReader{R: body, N: READ_LIMIT})
body.Close()
}
Reference in New Issue View Git Blame Copy Permalink