fix: MakerWorld Stealth-Plugin gegen Cloudflare-Erkennung, Debug-Screenshot CSP-konform

This commit is contained in:
2026-07-11 07:24:46 +02:00
parent 98f21a4b05
commit 1557959eb0
3 changed files with 23 additions and 12 deletions

View File

@@ -10,6 +10,8 @@
"multer": "^1.4.5-lts.1", "multer": "^1.4.5-lts.1",
"ws": "^8.17.1", "ws": "^8.17.1",
"puppeteer-core": "^22.0.0", "puppeteer-core": "^22.0.0",
"puppeteer-extra": "^3.3.6",
"puppeteer-extra-plugin-stealth": "^2.11.2",
"mqtt": "^5.10.1" "mqtt": "^5.10.1"
} }
} }

View File

@@ -123,8 +123,19 @@ function cleanupStaleLocks(profileDir) {
async function launchBrowser(userId) { async function launchBrowser(userId) {
let puppeteer; let puppeteer;
try { puppeteer = require('puppeteer-core'); } try {
catch { throw new Error('puppeteer-core nicht installiert'); } // puppeteer-extra + Stealth-Plugin patcht die üblichen Merkmale, an denen
// Cloudflare & Co. headless Chromium erkennen (navigator.webdriver, fehlende
// Plugins/MimeTypes, iframe-contentWindow-Check, ...). Ohne das blieb die
// Seite bei "Just a moment..." hängen, auch nach langem Warten.
const { addExtra } = require('puppeteer-extra');
const StealthPlugin = require('puppeteer-extra-plugin-stealth');
const puppeteerCore = require('puppeteer-core');
puppeteer = addExtra(puppeteerCore);
puppeteer.use(StealthPlugin());
} catch {
throw new Error('puppeteer-core / puppeteer-extra nicht installiert');
}
const profileDir = `${PROFILE_BASE_DIR}/${userId}`; const profileDir = `${PROFILE_BASE_DIR}/${userId}`;
fs.mkdirSync(profileDir, { recursive: true }); fs.mkdirSync(profileDir, { recursive: true });
cleanupStaleLocks(profileDir); cleanupStaleLocks(profileDir);
@@ -411,11 +422,13 @@ router.get('/login-status', authenticate, (req, res) => {
}); });
}); });
// Letzter Fehl-Screenshot (Diagnose) — nur der eigene // Letzter Fehl-Screenshot (Diagnose) — nur der eigene, als data:-URI (CSP erlaubt
// kein blob:/externes Laden, data: URIs sind bereits über img-src freigegeben)
router.get('/debug-screenshot', authenticate, (req, res) => { router.get('/debug-screenshot', authenticate, (req, res) => {
const path = `${PROFILE_BASE_DIR}/${req.user.id}/last-failure.png`; const path = `${PROFILE_BASE_DIR}/${req.user.id}/last-failure.png`;
if (!fs.existsSync(path)) return res.status(404).json({ error: 'Kein Debug-Screenshot vorhanden' }); if (!fs.existsSync(path)) return res.status(404).json({ error: 'Kein Debug-Screenshot vorhanden' });
res.sendFile(path); const base64 = fs.readFileSync(path).toString('base64');
res.json({ image: `data:image/png;base64,${base64}` });
}); });
router.post('/credentials', authenticate, async (req, res) => { router.post('/credentials', authenticate, async (req, res) => {

View File

@@ -274,13 +274,9 @@ function MakerworldTab({ toast }) {
const viewDebugScreenshot = async () => { const viewDebugScreenshot = async () => {
setLoadingScreenshot(true); setLoadingScreenshot(true);
try { try {
const token = localStorage.getItem('sk_token'); const r = await api('/tools/makerworld/debug-screenshot');
const res = await fetch('/api/tools/makerworld/debug-screenshot', { if (!r.image) { toast?.('Kein Debug-Screenshot vorhanden','error'); return; }
headers: token ? { 'Authorization': 'Bearer '+token } : {}, setDebugImgUrl(r.image); // bereits eine data:-URI, CSP-konform (kein blob:)
});
if (!res.ok) { toast?.('Kein Debug-Screenshot vorhanden','error'); return; }
const blob = await res.blob();
setDebugImgUrl(URL.createObjectURL(blob));
} catch(e) { toast?.(e.message,'error'); } } catch(e) { toast?.(e.message,'error'); }
finally { setLoadingScreenshot(false); } finally { setLoadingScreenshot(false); }
}; };