From c27e3394512fa920748e9bd6feb41157097bf5f9 Mon Sep 17 00:00:00 2001 From: Wingy Date: Mon, 7 Aug 2023 13:23:27 -0400 Subject: [PATCH] Fix Remodel shim uploads --- modules/remodel.luau | 44 +++++++++++++------------- pages/roblox/3-remodel-migration.mdx | 46 +++++++++++++++------------- 2 files changed, 47 insertions(+), 43 deletions(-) diff --git a/modules/remodel.luau b/modules/remodel.luau index 81830d9..0f9c510 100644 --- a/modules/remodel.luau +++ b/modules/remodel.luau @@ -125,38 +125,40 @@ local function uploadAssetId(assetId: number, contents: string) -- 1. Try to find the auth cookie for the current user local cookie = getAuthCookieWithFallbacks() - -- 2. Create request headers in advance, we might re-use them for CSRF challenges - local headers = { + -- 2. Use a different endpoint to fetch a valid CSRF token + local csrfHeaders = { ["User-Agent"] = "Roblox/WinInet", - ["Content-Type"] = "application/octet-stream", Accept = "application/json", Cookie = cookie, } - -- 3. Create and send a request to the upload url + local csrfResponse = net.request({ + url = `https://auth.roblox.com/`, + body = contents, + method = "POST", + headers = csrfHeaders, + }) + + local csrfToken = csrfResponse.headers["x-csrf-token"] + if csrfToken == nil then error('Failed to fetch CSRF token.') end + + -- 3. Upload the asset to Roblox + local uploadHeaders = { + ["User-Agent"] = "Roblox/WinInet", + ["Content-Type"] = "application/octet-stream", + ['X-CSRF-Token'] = csrfToken, + Accept = "application/json", + Cookie = cookie, + } + local uploadResponse = net.request({ url = `https://data.roblox.com/Data/Upload.ashx?assetid={assetId}`, body = contents, method = "POST", - headers = headers, + headers = uploadHeaders, }) - -- 4. Check if we got a valid response, we might have gotten a CSRF - -- challenge and need to send the request with a token included - if - not uploadResponse.ok - and uploadResponse.statusCode == 403 - and uploadResponse.headers["x-csrf-token"] ~= nil - then - headers["X-CSRF-Token"] = uploadResponse.headers["x-csrf-token"] - uploadResponse = net.request({ - url = `https://data.roblox.com/Data/Upload.ashx?assetid={assetId}`, - body = contents, - method = "POST", - headers = headers, - }) - end - + -- 4. Make sure it uploaded properly if not uploadResponse.ok then error( string.format( diff --git a/pages/roblox/3-remodel-migration.mdx b/pages/roblox/3-remodel-migration.mdx index 189f150..6d24e6a 100644 --- a/pages/roblox/3-remodel-migration.mdx +++ b/pages/roblox/3-remodel-migration.mdx @@ -26,9 +26,9 @@ Copy the source below and place it in a file named `remodel.luau`: local fs = require("@lune/fs") local net = require("@lune/net") +local serde = require("@lune/serde") local process = require("@lune/process") local roblox = require("@lune/roblox") -local serde = require("@lune/serde") export type LuneDataModel = roblox.DataModel export type LuneInstance = roblox.Instance @@ -149,38 +149,40 @@ local function uploadAssetId(assetId: number, contents: string) -- 1. Try to find the auth cookie for the current user local cookie = getAuthCookieWithFallbacks() - -- 2. Create request headers in advance, we might re-use them for CSRF challenges - local headers = { + -- 2. Use a different endpoint to fetch a valid CSRF token + local csrfHeaders = { ["User-Agent"] = "Roblox/WinInet", - ["Content-Type"] = "application/octet-stream", Accept = "application/json", Cookie = cookie, } - -- 3. Create and send a request to the upload url + local csrfResponse = net.request({ + url = `https://auth.roblox.com/`, + body = contents, + method = "POST", + headers = csrfHeaders, + }) + + local csrfToken = csrfResponse.headers["x-csrf-token"] + if csrfToken == nil then error('Failed to fetch CSRF token.') end + + -- 3. Upload the asset to Roblox + local uploadHeaders = { + ["User-Agent"] = "Roblox/WinInet", + ["Content-Type"] = "application/octet-stream", + ['X-CSRF-Token'] = csrfToken, + Accept = "application/json", + Cookie = cookie, + } + local uploadResponse = net.request({ url = `https://data.roblox.com/Data/Upload.ashx?assetid={assetId}`, body = contents, method = "POST", - headers = headers, + headers = uploadHeaders, }) - -- 4. Check if we got a valid response, we might have gotten a CSRF - -- challenge and need to send the request with a token included - if - not uploadResponse.ok - and uploadResponse.statusCode == 403 - and uploadResponse.headers["x-csrf-token"] ~= nil - then - headers["X-CSRF-Token"] = uploadResponse.headers["x-csrf-token"] - uploadResponse = net.request({ - url = `https://data.roblox.com/Data/Upload.ashx?assetid={assetId}`, - body = contents, - method = "POST", - headers = headers, - }) - end - + -- 4. Make sure it uploaded properly if not uploadResponse.ok then error( string.format(