search

erik / strava-heatmap-proxy

Make Strava premium heatmap tiles available for use anywhere
GNU General Public License v3.0
14 stars 12 forks source link

sudden issue with "Refresh Strava Credentials" #8

Open spongebyte opened 3 weeks ago

spongebyte commented 3 weeks ago

Hi, I've been using your tool for a few months flawlessly. I did not modify anything in the code and my credentials have remained the same for a while. The "Refresh Strava Credentials" action just failed with the following:

Fetch credentials

Run eval "$(./scripts/refresh_strava_credentials.ts)"
error: Uncaught (in promise) Error: Could not acquire login form authenticity token.
  throw new Error("Could not acquire login form authenticity token.");
        ^
    at file:///home/runner/work/strava-heatmap-proxy/strava-heatmap-proxy/scripts/refresh_strava_credentials.ts:24:9
    at eventLoopTick (ext:core/01_core.js:175:7)
Warning: Can't add secret mask for empty string in ##[add-mask] command.
Warning: Can't add secret mask for empty string in ##[add-mask] command.

Write Strava creds to Cloudflare

Run cloudflare/wrangler-action@v3
🔍 Checking for existing Wrangler installation
📥 Installing Wrangler
🔑 Uploading secrets...
Error: Failed to upload secrets.
Error: 🚨 Action failed
erik commented 3 weeks ago

I've noticed the same on my own instance. Looks like they introduced AWS WAF on the login page to prevent scraping, which blocks the simple fetch-based implementation that worked before. Might be possible to get around by using Playwright/scrapy/something, but for now you'll have to update the credentials manually (you can log in from your browser and pull them from there)

Some details on the OSM Wiki for how to pull this https://wiki.openstreetmap.org/wiki/Strava#Manually

spongebyte commented 2 weeks ago

Thanks for your response. I understand I need to force-feed my STRAVA_ID (content of the strava_remember_id cookie) and STRAVA_COOKIES to (";"-joined concatenation of name=value with names being _strava4_session, CloudFront-Key-Pair-Id, CloudFront-Policy, and CloudFront-Signature) to the GH "Refresh Strava Credentials". I'm just confused as to how to do that. I would greatly appreciate your guidance here. Thank you 🙏

Tijs-B commented 1 week ago

I'll chime in quickly: just open your devtools while having the strava global heatmap open while logged in. Then, in the network tab, find a network request towards heatmap-external-a.strava.com or heatmap-external-b.strava.com, and copy the complete value of the Cookie header. Put that value in the STRAVA_COOKIES secret in the settings of the worker in Cloudflare. The STRAVA_ID field can stay the same, I think.