Get Kobo wishlist script working

Author: brookback

script/fetch-kobo-wishlist.ts

@@ -1,109 +1,146 @@
 import { encodeBase64 } from 'jsr:@std/encoding/base64';
-import { DOMParser } from 'jsr:@b-fuze/deno-dom';
 
 // Rewritten from Python (https://github.com/subdavis/kobo-book-downloader/blob/main/kobodl/kobo.py) by Johan.
 // Huge props to the great reverse engineering by them.
 
+const TOKEN_PATH = './.kobo';
+
+// deno run --allow-net --allow-read --allow-write ./script/fetch-kobo-wishlist.ts
+const main = async () => {
+    try {
+        const existingToken = await safeRead(TOKEN_PATH);
+
+        if (existingToken) console.log('> Found existing access token');
+
+        const accessToken = existingToken || await acquireAccessToken();
+
+        if (!existingToken) await Deno.writeTextFile(TOKEN_PATH, accessToken);
+
+        const settings = await loadInitSettings(accessToken);
+        const wishlist = await fetchWishlist(accessToken, settings.user_wishlist);
+
+        console.log(JSON.stringify(wishlist, null, 2));
+    } catch (error) {
+        console.error(error);
+    }
+};
+
 const Kobo = {
     Affiliate: 'Kobo',
-    ApplicationVersion: '10.1.2.39807',
+    ApplicationVersion: '4.38.23171',
     CarrierName: '310270',
-    DefaultPlatformId: '00000000-0000-0000-0000-000000004000',
-    DeviceModel: 'Pixel',
-    DeviceOsVersion: '33',
+    DefaultPlatformId: '00000000-0000-0000-0000-000000000373',
+    DeviceModel: 'Kobo Aura ONE',
+    DeviceOs: '3.0.35+',
+    DeviceOsVersion: 'NA',
     DisplayProfile: 'Android',
     UserAgent:
-        'Mozilla/5.0 (Linux; Android 13; Pixel Build/TQ2B.230505.005.A1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/101.0.4951.61 Safari/537.36 KoboApp/10.1.2.39807 KoboPlatform Id/00000000-0000-0000-0000-000000004000 KoboAffiliate/Kobo KoboBuildFlavor/global',
+        'Mozilla/5.0 (Linux; U; Android 2.0; en-us;) AppleWebKit/538.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/538.1 (Kobo Touch 0373/4.38.23171)',
 };
 
-const authHeaders = (accessToken: string) => ({
-    Authorization: `Bearer ${accessToken}`,
-});
+// 1. authenticateDevice() with null creds
+// 2. login() does "activation"
+// 3. authenticateDevice() again with user from 1) and key from 2)
+const acquireAccessToken = async () => {
+    console.log('> Acquiring new access token');
+    const { user } = await authenticateDevice(null, null);
+    const userKey = await login();
 
-const defaultHeaders = (json: boolean) => {
-    return {
-        'User-Agent': Kobo.UserAgent,
-        'X-Requested-With': 'com.kobobooks.android',
-        'x-kobo-affiliatename': Kobo.Affiliate,
-        'x-kobo-appversion': Kobo.ApplicationVersion,
-        'x-kobo-carriername': Kobo.CarrierName,
-        'x-kobo-devicemodel': Kobo.DeviceModel,
-        'x-kobo-deviceos': Kobo.DisplayProfile,
-        'x-kobo-deviceosversion': Kobo.DeviceOsVersion,
-        'x-kobo-platformid': Kobo.DefaultPlatformId,
-        ...(json ? { 'Content-Type': 'application/json' } : { 'Content-Type': 'application/x-www-form-urlencoded' }),
-    };
+    const { accessToken } = await authenticateDevice(user, userKey);
+
+    return accessToken;
 };
 
-const loadInitSettings = async (accessToken: string): Promise<Settings> => {
-    const res = await fetch('https://storeapi.kobo.com/v1/initialization', {
-        headers: {
-            ...defaultHeaders(true),
-            ...authHeaders(accessToken),
-        },
-    });
+const waitForActivation = async (activationUrl: string) => {
+    while (true) {
+        printOverwrite('Waiting for activation…');
 
-    if (!res.ok) throw new Error(`loadInitSettings: Bad status ${res.status}`);
+        const res = await fetch(activationUrl, {
+            headers: {
+                ...defaultHeaders(true),
+            },
+        });
 
-    const json = await res.json();
+        if (!res.ok) throw new Error(`waitForActivation: Bad status ${res.status}`);
 
-    return json.Resources;
+        const json = await res.json();
+
+        if (json['Status'] == 'Complete') {
+            return {
+                userEmail: json['UserEmail'] as string,
+                userId: json['UserId'] as string,
+                userKey: json['UserKey'] as string,
+            };
+        }
+
+        await sleep(1_000);
+    }
 };
 
-const loginParams = async (signInUrl: string, deviceId: string) => {
+const activateOnWeb = async () => {
+    console.log('Initiating web-based activation');
+
     const params = {
+        'pwsdid': crypto.randomUUID(),
+        'pwspid': Kobo.DefaultPlatformId,
         'wsa': Kobo.Affiliate,
         'pwsav': Kobo.ApplicationVersion,
-        'pwspid': Kobo.DefaultPlatformId,
-        'pwsdid': deviceId,
-        'wscfv': '1.5',
-        'wscf': 'kepub',
-        'wsmc': Kobo.CarrierName,
+        'pwsdm': Kobo.DefaultPlatformId,
+        'pwspos': Kobo.DeviceOs,
         'pwspov': Kobo.DeviceOsVersion,
-        'pwspt': 'Mobile',
-        'pwsdm': Kobo.DeviceModel,
     };
 
-    const requestUrl = new URL(signInUrl);
+    const requestUrl = new URL('https://auth.kobobooks.com/ActivateOnWeb');
     for (const [k, v] of Object.entries(params)) {
         requestUrl.searchParams.append(k, v);
     }
 
     const res = await fetch(requestUrl, {
         headers: {
-            ...defaultHeaders(true),
+            ...defaultHeaders(false),
         },
     });
 
-    if (!res.ok) throw new Error(`loginParams: Bad status ${res.status}`);
+    if (!res.ok) throw new Error(`activateOnWeb: Bad status ${res.status}`);
 
     const html = await res.text();
-    const koboSigninUrl = URL.parse(signInUrl);
-    if (!koboSigninUrl) throw new Error(`Couldn't parse signin URL: ${signInUrl}`);
-    koboSigninUrl.search = '';
-    koboSigninUrl.pathname = '/za/en/signin/signin';
 
-    let match = html.match(/\?workflowId=([^"]{36})/);
+    let match = html.match(/data-poll-endpoint="([^"]+)"/);
 
-    if (!match) throw new Error(`Can't find the workflow ID in the login form`);
+    if (!match) throw new Error(`Can't find poll endpoint in HTML`);
 
-    const workflowId = match[1];
+    const activationUrl = 'https://auth.kobobooks.com' + match[1];
 
-    match = html.match(/<input name="__RequestVerificationToken" type="hidden" value="([^"]+)" \/>/);
+    match = html.match(/qrcodegenerator\/generate.+?%26code%3D(\d+)/);
 
-    if (!match) throw new Error(`Can't find the request verification token in the login form`);
+    if (!match) throw new Error(`Can't find activation code in response`);
 
-    const requestVerificationToken = match[1];
+    const activationCode = match[1];
 
-    return { koboSigninUrl, workflowId, requestVerificationToken };
+    return { activationUrl, activationCode };
 };
 
-const authenticateDevice = async (deviceId: string, userKey: string = '') => {
+interface User {
+    deviceId: string;
+    serialNumber: string;
+    key: string | null;
+}
+
+const authenticateDevice = async (user: User | null, userKey: string | null) => {
+    if (!user) {
+        user = {
+            deviceId: randomHexString(64),
+            serialNumber: randomHexString(32),
+            key: null,
+        };
+    }
+
     const postData: any = {
         'AffiliateName': Kobo.Affiliate,
         'AppVersion': Kobo.ApplicationVersion,
         'ClientKey': encodeBase64(Kobo.DefaultPlatformId),
-        'DeviceId': deviceId,
+        'DeviceId': user!.deviceId,
+        'SerialNumber': user!.serialNumber,
         'PlatformId': Kobo.DefaultPlatformId,
     };
 
@@ -127,76 +164,43 @@ const authenticateDevice = async (deviceId: string, userKey: string = '') => {
         throw new Error(`Device authentication returned with an unsupported token type: ${json.TokenType}`);
     }
 
-    return {
-        accessToken: json.AccessToken,
-        refreshToken: json.RefreshToken,
-        ...(userKey ? { userKey: json.UserKey } : {}),
-    };
-};
+    const accessToken: string = json.AccessToken;
 
-interface Creds {
-    email: string;
-    password: string;
-    captcha: string;
-}
+    if (userKey) {
+        user.key = userKey;
+    }
+
+    return { user, accessToken };
+};
 
 type Settings = {
-    sign_in_page: string;
     user_wishlist: string;
     [k: string]: unknown;
 };
 
-const login = async (creds: Creds, settings: Settings, deviceId: string) => {
-    const {
-        koboSigninUrl,
-        workflowId,
-        requestVerificationToken,
-    } = await loginParams(settings.sign_in_page, deviceId);
-
-    const postData = {
-        'LogInModel.WorkflowId': workflowId,
-        'LogInModel.Provider': Kobo.Affiliate,
-        'ReturnUrl': '',
-        '__RequestVerificationToken': requestVerificationToken,
-        'LogInModel.UserName': creds.email,
-        'LogInModel.Password': creds.password,
-        'g-recaptcha-response': creds.captcha,
-        'h-captcha-response': creds.captcha,
-    };
-
-    const res = await fetch(koboSigninUrl, {
-        method: 'POST',
+const loadInitSettings = async (accessToken: string): Promise<Settings> => {
+    const res = await fetch('https://storeapi.kobo.com/v1/initialization', {
         headers: {
-            ...defaultHeaders(false),
+            ...defaultHeaders(true),
+            ...authHeaders(accessToken),
         },
-        body: new URLSearchParams(postData),
     });
 
-    if (!res.ok) throw new Error(`login: Bad status ${res.status}`);
-
-    const html = await res.text();
+    if (!res.ok) throw new Error(`loadInitSettings: Bad status ${res.status}`);
 
-    const match = html.match(/'(kobo:\/\/UserAuthenticated\?[^']+)';/);
+    const json = await res.json();
 
-    if (!match) {
-        const doc = new DOMParser().parseFromString(
-            html,
-            'text/html',
-        );
+    return json.Resources;
+};
 
-        const field = doc.querySelector('.validation-summary-errors') || doc.querySelector('.field-validation-error');
-        throw new Error(`Error message from login page: ${field?.textContent}`);
-    }
+const login = async () => {
+    const { activationUrl, activationCode } = await activateOnWeb();
 
-    const url = new URL(match[1]);
-    const userId = url.searchParams.get('userId');
-    const userKey = url.searchParams.get('userKey');
+    console.log(`Open https://www.kobo.com/activate and enter: ${activationCode}`);
 
-    if (!userId || !userKey) {
-        throw new Error(`login: No userId or userKey in search params: ${url.searchParams.toString()}`);
-    }
+    const { userKey } = await waitForActivation(activationUrl);
 
-    return { userId, userKey };
+    return userKey;
 };
 
 const fetchWishlist = async (accessToken: string, wishlistUrl: string) => {
@@ -229,33 +233,54 @@ const fetchWishlist = async (accessToken: string, wishlistUrl: string) => {
     return items;
 };
 
-// 1. authenticateDevice()
-// 2. loadInitSettings()
-// 3. login()
-// deno run --allow-net ./script/fetch-kobo-wishlist.ts $KOBO_LOGIN $KOBO_PASS $KOBO_CAPTCHA
-const main = async () => {
-    if (Deno.args.length < 3) {
-        console.error('Usage: deno run --allow-net script.ts <email> <password> <captcha>');
-        return;
-    }
+// UTILS
+// ==================================================
 
-    const [email, password, captcha] = Deno.args;
-    try {
-        const deviceId = crypto.randomUUID();
+const authHeaders = (accessToken: string) => ({
+    Authorization: `Bearer ${accessToken}`,
+});
 
-        let { accessToken } = await authenticateDevice(deviceId);
-        const settings = await loadInitSettings(accessToken);
-        const { userKey } = await login({ email, password, captcha }, settings, deviceId);
+const defaultHeaders = (json: boolean) => {
+    return {
+        'User-Agent': Kobo.UserAgent,
+        'X-Requested-With': 'com.kobobooks.android',
+        'x-kobo-affiliatename': Kobo.Affiliate,
+        'x-kobo-appversion': Kobo.ApplicationVersion,
+        'x-kobo-carriername': Kobo.CarrierName,
+        'x-kobo-devicemodel': Kobo.DeviceModel,
+        'x-kobo-deviceos': Kobo.DisplayProfile,
+        'x-kobo-deviceosversion': Kobo.DeviceOsVersion,
+        'x-kobo-platformid': Kobo.DefaultPlatformId,
+        ...(json ? { 'Content-Type': 'application/json' } : { 'Content-Type': 'application/x-www-form-urlencoded' }),
+    };
+};
 
-        accessToken = (await authenticateDevice(deviceId, userKey)).accessToken;
+const sleep = (ms: number) => new Promise((rs) => setTimeout(rs, ms));
 
-        const wishlist = await fetchWishlist(accessToken, settings.user_wishlist);
-        console.log(JSON.stringify(wishlist, null, 2));
-    } catch (error) {
-        console.error(error);
+const printOverwrite = async (str: string) => {
+    const enc = new TextEncoder().encode(str + '\r');
+    await Deno.stdout.write(enc);
+};
+
+const safeRead = async (path: string) => {
+    try {
+        return await Deno.readTextFile(path);
+    } catch (ex) {
+        if (!(ex instanceof Deno.errors.NotFound)) {
+            throw ex;
+        }
+
+        return null;
     }
 };
 
+const randomHexString = (len: number) => {
+    const bytes = new Uint8Array(len);
+    crypto.getRandomValues(bytes);
+    return Array.from(bytes, (byte) => byte.toString(16).padStart(2, '0')).join('').slice(0, len);
+};
+
+// Run!
 if (import.meta.main) {
     main();
 }