feat: add TWITTER_AUTHENTICATION_SECRET

DIYgod · Jan 29, 2024 · 5c8e542 · 5c8e542
1 parent 3ae25dd
commit 5c8e542
Show file tree

Hide file tree

Showing 6 changed files with 85 additions and 2 deletions.
diff --git a/lib/config.js b/lib/config.js
@@ -299,6 +299,7 @@ const calculateValue = () => {
             oauthTokenSecrets: envs.TWITTER_OAUTH_TOKEN_SECRET?.split(','),
             username: envs.TWITTER_USERNAME,
             password: envs.TWITTER_PASSWORD,
+            authenticationSecret: envs.TWITTER_AUTHENTICATION_SECRET,
         },
         weibo: {
             app_key: envs.WEIBO_APP_KEY,

diff --git a/lib/v2/twitter/web-api/login.js b/lib/v2/twitter/web-api/login.js
@@ -5,10 +5,12 @@ const got = require('@/utils/got');
 const crypto = require('crypto');
 const config = require('@/config').value;
 const { v5: uuidv5 } = require('uuid');
+const { authenticator } = require('otplib');
 
 const NAMESPACE = 'd41d092b-b007-48f7-9129-e9538d2d8fe9';
 const username = config.twitter.username;
 const password = config.twitter.password;
+const authenticationSecret = config.twitter.authenticationSecret;
 
 let authentication = null;
 
@@ -124,6 +126,34 @@ async function login() {
         if (subtask.open_account) {
             authentication = subtask.open_account;
             break;
+        } else if (subtask.subtask_id === 'LoginTwoFactorAuthChallenge') {
+            const token = authenticator.generate(authenticationSecret);
+
+            // eslint-disable-next-line no-await-in-loop
+            const task5 = await got.post('https://api.twitter.com/1.1/onboarding/task.json', {
+                headers,
+                json: {
+                    flow_token: task4.data.flow_token,
+                    subtask_inputs: [
+                        {
+                            enter_text: {
+                                suggestion_id: null,
+                                text: token,
+                                link: 'next_link',
+                            },
+                            subtask_id: 'LoginTwoFactorAuthChallenge',
+                        },
+                    ],
+                },
+            });
+
+            for (const subtask of task5.data?.subtasks || []) {
+                if (subtask.open_account) {
+                    authentication = subtask.open_account;
+                    break;
+                }
+            }
+            break;
         }
     }
 

diff --git a/package.json b/package.json
@@ -128,6 +128,7 @@
     "module-alias": "2.2.3",
     "notion-to-md": "3.1.1",
     "oauth-1.0a": "2.2.6",
+    "otplib": "12.0.1",
     "pac-proxy-agent": "7.0.1",
     "plist": "3.1.0",
     "proxy-chain": "2.4.0",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/website/docs/install/config.md b/website/docs/install/config.md
@@ -488,10 +488,11 @@ For user data related routes
 
 ### Twitter
 
-Please use an account without two-step verification enabled, and it is recommended to use a non-important account.
+It is recommended to use a non-important account.
 
 -   `TWITTER_USERNAME`: Twitter username
 -   `TWITTER_PASSWORD`: Twitter password
+-   `TWITTER_AUTHENTICATION_SECRET`: Twitter Two-factor authentication -> Authentication app -> Secret part in `otpauth://totp/Twitter:@_RSSHub?secret=xxxxxxxxxxxxxxxx&issuer=Twitter`
 
 ### Wordpress
 

diff --git a/website/i18n/zh/docusaurus-plugin-content-docs/current/install/config.md b/website/i18n/zh/docusaurus-plugin-content-docs/current/install/config.md
@@ -467,10 +467,11 @@ RSSHub 支持使用访问密钥 / 码，允许清单和拒绝清单三种方式
 
 ### Twitter
 
-请使用未开启两步验证的账号，并建议使用非重要账号
+建议使用非重要账号
 
 -   `TWITTER_USERNAME`: Twitter 用户名
 -   `TWITTER_PASSWORD`: Twitter 密码
+-   `TWITTER_AUTHENTICATION_SECRET`: Twitter 两步验证 -> 认证应用 -> `otpauth://totp/Twitter:@_RSSHub?secret=xxxxxxxxxxxxxxxx&issuer=Twitter` 中的 secret 部分
 
 ### Wordpress