"your bad extension, not me"

2021-06-26 20:59:17 +02:00 · 2021-06-26 20:59:17 +02:00 · 427eb51aa5
parent adece2efc9
commit 427eb51aa5
16 changed files with 147 additions and 53 deletions
--- a/main.js
+++ b/main.js
@ -41,7 +41,7 @@ function createWindow() {

  var appIcon = new Tray(iconformat);
  mainWindow.webContents.userAgent =
-    "Mozilla/5.0 (X12; FreeBSD x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"; //fake useragent
+    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) discord/0.0.15 Chrome/83.0.4103.122 Electron/9.3.5 Safari/537.36"; //fake useragent
  mainWindow.loadFile("index.html");
  mainWindow.focus();
  mainWindow.webContents.on("new-window", function (e, url) {
--- a/package-lock.json
+++ b/package-lock.json
@ -1,10 +1,11 @@
 {
-  "name": "armcord",
+  "name": "ArmCord",
  "version": "2.5.0",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
+      "name": "ArmCord",
      "version": "2.5.0",
      "license": "MIT",
      "dependencies": {
--- a/settings.json
+++ b/settings.json
@ -1,3 +1,3 @@
 {
-    "channel": "foss"
+    "channel": "stable"
 }
--- a/utils/plugins/duckmod/.github/FUNDING.yml
+++ b/utils/plugins/duckmod/.github/FUNDING.yml
@ -0,0 +1 @@
+github: CanadaHonk
--- a/utils/plugins/duckmod/.gitignore
+++ b/utils/plugins/duckmod/.gitignore
@ -0,0 +1 @@
+web-ext-artifacts
--- a/utils/plugins/goosemod/LICENSE
+++ b/utils/plugins/goosemod/LICENSE
@ -1,6 +1,6 @@
 The MIT License (MIT)

-Copyright (c) 2020 AAGaming00
+Copyright (c) 2021 GooseMod

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/utils/plugins/duckmod/README.md
+++ b/utils/plugins/duckmod/README.md
@ -0,0 +1,17 @@
+<h1 align="center">
+<sub>
+<img src="https://raw.githubusercontent.com/GooseMod/Extension/main/icons/48.png" height="38" width="38">
+</sub>
+GooseMod for Web
+</h1>
+
+<p align="center">
+<a href="https://addons.mozilla.org/addon/goosemod-for-web/"><img src="https://user-images.githubusercontent.com/585534/107280546-7b9b2a00-6a26-11eb-8f9f-f95932f4bfec.png" alt="Get GooseMod for Web for Firefox"></a> 
+<a href="https://chrome.google.com/webstore/detail/goosemod-for-web/clgkdcccmbjmjdbdgcigpocfkkjeaeld"><img src="https://user-images.githubusercontent.com/585534/107280622-91a8ea80-6a26-11eb-8d07-77c548b28665.png" alt="Get GooseMod for Web for Chromium"></a>
+</p>
+
+***
+
+<p align="center">
+<strong>A light, secure, and easy to use Discord mod; now in your browser.</strong>
+</p>
--- a/utils/plugins/duckmod/background.js
+++ b/utils/plugins/duckmod/background.js
@ -0,0 +1,32 @@
+const cspAllowAll = [
+  'connect-src',
+  'style-src',
+  'img-src',
+  'font-src'
+];
+
+chrome.webRequest.onHeadersReceived.addListener(({ responseHeaders, url }) => {
+  let csp = responseHeaders.find((x) => x.name === 'content-security-policy');
+
+  if (csp) {
+    for (let p of cspAllowAll) {
+      csp.value = csp.value.replace(`${p}`, `${p} * blob: data:`); // * does not include data: URIs
+    }
+
+    // Fix Discord's broken CSP which disallows unsafe-inline due to having a nonce (which they don't even use?)
+    csp.value = csp.value.replace(/'nonce-.*?' /, '');
+  }
+
+	return {
+    responseHeaders
+  };
+},
+
+  {
+    urls: [
+      '*://*.discord.com/*'
+    ]
+  },
+
+  ['blocking', 'responseHeaders']
+);
--- a/utils/plugins/duckmod/content.js
+++ b/utils/plugins/duckmod/content.js
@ -0,0 +1,49 @@
+const inject = async () => {
+  console.log('[GooseMod for Web] Injecting...');
+
+  // Re-define localStorage as Discord removes it
+  function getLocalStoragePropertyDescriptor() {
+    const frame = document.createElement('frame');
+    frame.src = 'about:blank';
+  
+    document.body.appendChild(frame);
+  
+    let r = Object.getOwnPropertyDescriptor(frame.contentWindow, 'localStorage');
+  
+    frame.remove();
+  
+    return r;
+  }
+  
+  Object.defineProperty(window, 'localStorage', getLocalStoragePropertyDescriptor());
+  
+  console.log('[GooseMod for Web] Redefined localStorage');
+
+  const branchURLs = {
+    'release': 'https://api.goosemod.com/inject.js',
+    'dev': 'https://updates.goosemod.com/guapi/goosemod/dev'
+  };
+  
+  const branch = localStorage.getItem('goosemodUntetheredBranch') || 'release';
+
+  console.log('[GooseMod for Web] Branch =', branch);
+  console.log('[GooseMod for Web] JS Url =', branchURLs[branch]);
+  
+  const js = await (await fetch(branchURLs[branch])).text(); // JSON.parse(localStorage.getItem('goosemodCoreJSCache'));
+
+  const el = document.createElement('script');
+  
+  el.appendChild(document.createTextNode(js));
+  
+  document.body.appendChild(el);
+
+  console.log('[GooseMod for Web] Injected fetched JS');
+};
+
+// Delay actual injection to fix FF issues
+
+let el = document.createElement('script');
+
+el.appendChild(document.createTextNode(`(${inject.toString()})()`));
+
+document.body.appendChild(el);
--- a/utils/plugins/duckmod/icons/128.png
+++ b/utils/plugins/duckmod/icons/128.png
--- a/utils/plugins/duckmod/icons/48.png
+++ b/utils/plugins/duckmod/icons/48.png
--- a/utils/plugins/duckmod/icons/96.png
+++ b/utils/plugins/duckmod/icons/96.png
--- a/utils/plugins/duckmod/manifest.json
+++ b/utils/plugins/duckmod/manifest.json
@ -0,0 +1,42 @@
+{
+    "name": "GooseMod for Web",
+    "description": "A light, secure, and easy to use Discord mod; now in your browser.",
+
+    "version": "1.1.0",
+
+    "author": "GooseMod Team",
+    "homepage_url": "https://goosemod.com",
+
+    "icons": {
+        "48": "icons/48.png",
+        "96": "icons/96.png",
+        "128": "icons/128.png"
+    },
+
+    "background": {
+        "scripts": [
+            "background.js"
+        ]
+    },
+
+    "content_scripts": [
+        {
+            "matches": ["*://*.discord.com/*"],
+            "js": ["content.js"]
+        }
+    ],
+
+    "permissions": [
+        "webRequest",
+        "webRequestBlocking",
+        "*://*.discord.com/*"
+    ],
+
+    "manifest_version": 2,
+
+    "browser_specific_settings": {
+        "gecko": {
+            "id": "invalid@goosemod.com"
+        }
+    }
+}
--- a/utils/plugins/goosemod/CSP.js
+++ b/utils/plugins/goosemod/CSP.js
@ -1,21 +0,0 @@
-chrome.webRequest.onHeadersReceived.addListener((h) => {
-	h.responseHeaders.forEach((e, i) => {
-		if (e.name.toLowerCase() === 'content-security-policy') {
-			e.value = ''
-		}
-	})
-	return {responseHeaders: h.responseHeaders}
-}, {urls: ["*://*.discord.com/*"]},
-['blocking', 'responseHeaders']
-)
-
-const corsAllowUrls = [
-      'https://github.com/GooseMod/GooseMod/releases/download/dev/index.js',
-      'https://github-releases.githubusercontent.com/'
-    ];
-
-if (corsAllowUrls.some((x) => url.startsWith(x))) {
-        responseHeaders['access-control-allow-origin'] = ['*'];
-      }
-//psst stolen from https://raw.githubusercontent.com/Goose-Nest/GooseUpdate/main/branches/goosemod/patch.js
-//dont tell anyone :troll:
--- a/utils/plugins/goosemod/gm.js
+++ b/utils/plugins/goosemod/gm.js
@ -1,5 +0,0 @@
-const scr = document.createElement('script');
-
-scr.src = 'https://goosemod-api.netlify.app/untethered/untetheredInject.js';
-
-document.head.appendChild(scr);
--- a/utils/plugins/goosemod/manifest.json
+++ b/utils/plugins/goosemod/manifest.json
@ -1,23 +0,0 @@
-{
-    "name": "GooseMod",
-	"version": "1.0",
-    "author": "AAGaming00",
-    "description": "Loads GooseMod, a discord client modification",
-    "background": {
-        "scripts": [
-            "CSP.js"
-        ]
-    },
-    "content_scripts": [
-        {
-          "matches": ["*://*.discord.com/*"],
-          "js": ["gm.js"]
-        }
-      ],
-    "permissions": [
-        "webRequest",
-        "webRequestBlocking",
-        "*://*.discord.com/*"
-    ],
-    "manifest_version": 2
-}