-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinject.js
More file actions
138 lines (131 loc) · 3.73 KB
/
Copy pathinject.js
File metadata and controls
138 lines (131 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
// Runs in the PAGE world (injected by content.js). Patches window.fetch and
// XMLHttpRequest so we can capture the URL + headers X uses to load the
// signed-in user's Likes timeline. Also exposes a fetch-on-demand bridge so
// the content script can replay paginated requests with the same auth context.
(() => {
if (window.__xlsInjected) return;
window.__xlsInjected = true;
const LIKES_URL_RE = /\/graphql\/[^/]+\/Likes(\?|$)/;
function postCaptured(template) {
window.postMessage(
{ source: "xls", type: "TEMPLATE_CAPTURED", template },
"*"
);
}
function headersToObj(h) {
const out = {};
if (!h) return out;
if (h instanceof Headers) {
h.forEach((v, k) => (out[k] = v));
} else if (Array.isArray(h)) {
for (const [k, v] of h) out[k] = v;
} else if (typeof h === "object") {
Object.assign(out, h);
}
return out;
}
// Patch fetch
const origFetch = window.fetch;
window.fetch = function (input, init) {
try {
const url =
typeof input === "string"
? input
: input && input.url
? input.url
: "";
if (LIKES_URL_RE.test(url)) {
let headers = headersToObj(init && init.headers);
if (input && input.headers && Object.keys(headers).length === 0) {
headers = headersToObj(input.headers);
}
postCaptured({
url,
headers,
method: (init && init.method) || (input && input.method) || "GET",
});
}
} catch (_) {}
return origFetch.apply(this, arguments);
};
// Patch XHR (X currently uses fetch, but be safe).
const OrigXHR = window.XMLHttpRequest;
function PatchedXHR() {
const xhr = new OrigXHR();
const headers = {};
const origOpen = xhr.open;
const origSetHeader = xhr.setRequestHeader;
const origSend = xhr.send;
let capturedUrl = "";
let capturedMethod = "GET";
xhr.open = function (method, url) {
capturedMethod = method;
capturedUrl = url;
return origOpen.apply(this, arguments);
};
xhr.setRequestHeader = function (k, v) {
headers[k] = v;
return origSetHeader.apply(this, arguments);
};
xhr.send = function () {
try {
if (LIKES_URL_RE.test(capturedUrl)) {
postCaptured({
url: capturedUrl,
headers: { ...headers },
method: capturedMethod,
});
}
} catch (_) {}
return origSend.apply(this, arguments);
};
return xhr;
}
PatchedXHR.prototype = OrigXHR.prototype;
window.XMLHttpRequest = PatchedXHR;
// Bridge: content script asks us to fetch a URL with given headers from the
// page world (so cookies/auth context match what X expects).
window.addEventListener("message", async (ev) => {
if (ev.source !== window) return;
const d = ev.data;
if (!d || d.source !== "xls-cmd") return;
if (d.type === "FETCH_PAGE") {
try {
const res = await origFetch.call(window, d.url, {
method: d.method || "GET",
headers: d.headers || {},
credentials: "include",
});
const text = await res.text();
let body;
try {
body = JSON.parse(text);
} catch {
body = { _raw: text };
}
window.postMessage(
{
source: "xls",
type: "PAGE_RESULT",
id: d.id,
ok: res.ok,
status: res.status,
body,
},
"*"
);
} catch (e) {
window.postMessage(
{
source: "xls",
type: "PAGE_RESULT",
id: d.id,
ok: false,
error: String(e),
},
"*"
);
}
}
});
})();