jlobos / instagram-web-api

🤳 Instagram Private Web API client for Node
https://npmjs.com/instagram-web-api
MIT License
1.12k stars 186 forks source link

x-instagram-gis 💥 #30

Open jlobos opened 6 years ago

jlobos commented 6 years ago

New header of authentication

bodinsamuel commented 6 years ago

From what I found in their JS

Currently x-instragram-gis is an md5, but it has changed multiple time in the last weeks. Also it's only sent for some endpoints and not for every request. I feel like it's not mandatory but when passed in header it's checked and must be valid

window._sharedData.rhx_gis + ':' + window._sharedData.config.csrf_token + ':' + path

window._sharedData.rhx_gis is an md5 window._sharedData.config.csrf_token is an md5

Problem rhx_gis token and csrf_token change on every request. So it will be quiet hard for you to generate it

Example for an hashtag

GET /explore/tags/hello/

MD5("5641c11aeb7f211ec1ac05193a687b84:8d509c28896865f8640f328f30f15721:/explore/tags/hello/")
aleks63 commented 6 years ago

Some endpoints, like this important https://www.instagram.com/zuck/?__a=1 Are not available now, maybe because this header, maybe no. What do you think?

bodinsamuel commented 6 years ago

You are right, for the moment I'v listed few endpoints that need that header. I'm not using all endpoints so there is probably more and I'm also not using this library (I use my custom one)

# profil endpoint
- /<username>/

# hashtag endpoint
- /explore/tags/<hashtag>/

# picture endpoint
- /p/<shortcode>

The main issue with this change, is the need of the original gis token, which is present in the initial html payload but not generated. If you delete this value, the web version of instagram actually 403 and then force reload the page :/

Saiirex commented 6 years ago

any new infos?

ivkos commented 6 years ago

Has Instagram changed something again? getUserByUsername worked yesterday but started failing with 403 today.

WINBIGFOX commented 6 years ago

getUserByUsername

calculate the x-instagram-gis window._sharedData.rhx_gis + ':' + path

Example MD5("5641c11aeb7f211ec1ac05193a687b84:/username/")

jlobos commented 6 years ago

https://github.com/jlobos/instagram-web-api/blob/master/lib/index.js#L95-L103

  async _getGis(path) {
    const { rhx_gis, config: { csrf_token } } =
      this._sharedData || (await this._getSharedData(path))

    return crypto
      .createHash('md5')
      .update(`${rhx_gis}:${csrf_token}:${path}`)
      .digest('hex')
  }
ivkos commented 6 years ago

Apparently, they've stopped using the CSRF token for the "gis" hash. I've just tried @WINBIGFOX 's suggestion, and it works.

Saiirex commented 6 years ago

now i have this error:

Missing token 'user-agent' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel

my code: `var variables = '{"id":"' + userId + '","first":12,"after":"' + nextId + '"}'; var nextUrl ='https://www.instagram.com/graphql/query/?query_hash=42323d64886122307be10013ad2dcc44&variables=';

            nextUrl = nextUrl + variables;

            var instagramGis = md5(gis + ":" + variables);

            $.ajax({
                url: nextUrl,
                url: nextUrl,
                beforeSend: function(request) {
                    request.setRequestHeader("user-agent", window.navigator.userAgent);
                    request.setRequestHeader("x-instagram-gis", instagramGis);
                    request.setRequestHeader("X-CSRFToken", csrfToken);

                },
                type: 'GET',
                success: function(data){
                    media = data.data.user.edge_owner_to_timeline_media;
                    nodes = media.edges;
                    nextId = media.page_info.end_cursor;

                    var newMediaFromNode = getMediaFromNodes(nodes, false);

                    $.each(newMediaFromNode, function(index, element){
                        finalMedia.push(element);
                    });
                },
                error: function (xhr, status, error) {
                    alert(error);
                },
                async : false
            });`

any idea how to fix it?

tresdosdos commented 6 years ago

there are so much new info about new headers. When the lib will be fixed? Because I use this API in my final project and this makes me mad, because I can't develop it more =(

ivkos commented 6 years ago

@tresdosdos Does your project use the version from npm or the latest master branch? The master branch works fine currently but I don't think the changes have been published to npm yet. In order to use it you need to install it like this:

npm install jlobos/instagram-web-api

tresdosdos commented 6 years ago

Thanks so much

сб, 21 апр. 2018 г., 8:30 Ivaylo Stoyanov notifications@github.com:

@tresdosdos https://github.com/tresdosdos Does your project use the version from npm or the latest master branch? The master branch works fine currently but I don't think the changes have been published to npm yet. In order to use it you need to install it like this:

npm install jlobos/instagram-web-api

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jlobos/instagram-web-api/issues/30#issuecomment-383269179, or mute the thread https://github.com/notifications/unsubscribe-auth/AinH5ZQ0oNi5wO8H169mVYZxUEjp1hhKks5tqsP6gaJpZM4TRDvg .

ghost commented 5 years ago

[edit: delete]

icelts commented 5 years ago

seem its not work anymore