https://reader.readmoo.com/api/book/${id}/nav returns not found

NomadThanatos / readmoo-dl

112 stars 25 forks source link

https://reader.readmoo.com/api/book/${id}/nav returns not found #3

Closed NomadThanatos closed 3 years ago

NomadThanatos commented 3 years ago

Request:

https://reader.readmoo.com/api/book/210080417000101/nav

Expected:

{message: "success", base: "/ebook/417/80417/73905/1_0/full/",…}
base: "/ebook/417/80417/73905/1_0/full/"
locations: [{location: 1, percent: 0.15}, {location: 2, percent: 0.3}, {location: 3, percent: 0.45},…]
message: "success"
nav_dir: "/ebook/417/80417/73905/1_0/full/item/"
opf: "contents.opf"
weights: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28,…]

Actual:

{"message":"not found","nav_dir":""}

Comments:

I use Chrome debug tool to get the expected value, then I paste the link in Chrome again, it actually returns the unexpected value. My first investigation/assumption is this is controlled by AWS Cloudfront policy.

NomadThanatos commented 3 years ago

Anyway still can use Selenium to mimic the behavior and try to parse the result, wonder whether there is a better solution.

NomadThanatos commented 3 years ago

There is a authorization: bearer ***** in request not in directly accessing this URL.

NomadThanatos commented 3 years ago

After adding this key to the header, everything works fine, only issue here is what is this key.

This key does not change between logins and books, not sure it is per user or what level.

NomadThanatos commented 3 years ago

Need further investigate about how to get this token. https://github.com/NomadThanatos/readmoo-dl/blob/master/lib/readmoo_dl/downloader.rb#L42

For now this token can be obtained by below method.

Open any of your book like this, https://new-read.readmoo.com/mooreader/210089930000101
Open developer tools(i.e. Chrome), check network, you will see a nav request, check request header to get the token authorization: bearer ********

starrify commented 3 years ago

During a local check on my machine, it is observed that:

Upon visiting the https://new-read.readmoo.com/mooreader/<book_id> page there is a readmoo_access_token cookie returned. Full example: set-cookie: readmoo_access_token=<token>; expires=<timestamp>; Max-Age=30; path=/oauth; domain=.readmoo.com; secure; SameSite=None.
Said token is observed to be used later in the authorization header. E.g. authorization: Bearer <token> when accessing https://api.readmoo.com/store/v3/me and several other links.

By the way, the origin of such token as shared above may be located with the help of a browser's developer tools window:

In Chrome when browsing the "Network" tab, press Ctrl + F and search for the value.
In Firefox when browsing the "Network" tab, press Ctrl + Shift + F and search for the value.

NomadThanatos commented 3 years ago

@starrify Thanks for your help. After trying to search this token TWBLXfuP-NbtCrjD2PAiFA I think this is some public key from here, I verify this from incognito mode.

Not sure about the rotation period, so I will hard code this for now.