davidjameshowell / epicgames-freegames-heroku

claabs / epicgames-freegames-node on Heroku!
29 stars 45 forks source link

TOTP_MFA? #4

Closed chaoscreater closed 3 years ago

chaoscreater commented 3 years ago

Does this work if you have 2FA enabled on your Heroku account? According to Github Actions, it seems to be stuck asking for "TOTP_MFA". My Heroku has 2FA enabled, but I'm not sure how to add this as a variable into Github secrets...

image

Update:

I disabled 2FA on my Heroku account and I'm still getting the same error as above...any ideas?

davidjameshowell commented 3 years ago

I need to update the README to accurately reflect that new TOTP_MFA.

TOTP_MFA refers to your EpicGames 2FA MFA, which is not a requirement (only if you do have it enabled).

For Heroku, you only need your Heroku Email and your Heroku API key (located in your account settings). The API key should bypass the need for 2FA, as it is a direct link to your account.

Can you double check your secrets for Heroku Email and Heroku API key?

chaoscreater commented 3 years ago

Thanks for your reply. The issue was indeed related to the API key. I had set it correctly and the initial run was fine. But after I added 2FA to my Heroku account, I started getting that error message as mentioned before. At that point, none of my secrets were changed. However, it looks like the API key on Heroku will be updated, if you enable 2FA on the account. So I grabbed the new API key and updated my secrets and it is working now.

davidjameshowell commented 3 years ago

@chaoscreater Just to confirm (so I can make sure I make a note in the README too), you previously did not have 2FA on your Heroku account using an API key pre-2FA. Then applied 2FA and was receiving the 401 error in the logs, regenerated (or did it regenerate a new API key) and then it was working?

chaoscreater commented 3 years ago

So, initially I did not have 2FA enabled on my Heroku account. I used the API key and deployed the workflow via Github Actions and it worked.

I then enabled 2FA on my Heroku, then I tried to re-deploy the workflow and it failed. I went back to my Heroku account to check the API key, it was still the same key. I then manually generated a new API key and updated my Github secrets and that fixed it.

davidjameshowell commented 3 years ago

Awesome. Thanks for that! I just wanted to confirm with workflow and ensure that you had to regenerate the API key. Appreciate the follow up!

chaoscreater commented 3 years ago

No worries! Thank you for making this project!

Unrelated question, just wondering what's the reason that Heroku is used? I'm not a developer, nor am I a DevOps expert, but I think Heroku is used because of the Mailgun addon (to send emails about captchas) and also to store the Epic Game session cookies using the Redis addon? I'm just trying to learn how all of these work you see. I can understand the Github Workflows and how it uses a Docker Ubuntu image, but not sure how Heroku ties into it...

Also, what does the email captcha feature do? Does it email you with a link to solve the captcha?

davidjameshowell commented 3 years ago

So Heroku is used since it is first and foremost a free service. That's the main ideology. Heroku also has a platform where we can build and deploy a container based image with a web process (for the CAPTCHAs). Heroku also has built in addons like Mailgun and Redis that allow easy bootstrapping without needing additional outside resources for users; an easy to use way to get it going.

The emails are used for CATPCHA on login to the Epic Games Store. As the upstream project can login into your Epic Games account, Epic Games also has CAPTCHAs associated to it. The email is a link to your projects Heroku link with a reference to solve a proxy CAPTCHA to then login to your account.

davidjameshowell commented 3 years ago

Documentation added now, so we should be good to go otherwise!