CoCalc -- mobilesdk.py

GitHub Repository: mxrch/GHunt
Path: blob/master/ghunt/apis/mobilesdk.py
²⁵² views
1
from ghunt.objects.base import GHuntCreds
2
from ghunt.errors import *
3
import ghunt.globals as gb
4
from ghunt.objects.apis import GAPI, EndpointConfig
5
from ghunt.parsers.mobilesdk import MobileSDKDynamicConfig
6

7
import httpx
8

9
from typing import *
10
import inspect
11
import json
12

13

14
class MobileSDKPaHttp(GAPI):
15
    def __init__(self, creds: GHuntCreds, headers: Dict[str, str] = {}):
16
        super().__init__()
17
        
18
        if not headers:
19
            headers = gb.config.headers
20

21
        base_headers = {}
22

23
        headers = {**headers, **base_headers}
24

25
        self.hostname = "mobilesdk-pa.clients6.google.com"
26
        self.scheme = "https"
27

28
        self._load_api(creds, headers)
29

30
    async def test_iam_permissions(self, as_client: httpx.AsyncClient, project_identifier: str, permissions: List[str]) -> Tuple[bool, List[str]]:
31
        """
32
            Returns the permissions you have against a project.
33
            The project identifier can be a project ID or a project number.
34
        """
35

36
        endpoint = EndpointConfig(
37
            name = inspect.currentframe().f_code.co_name,
38
            verb = "POST",
39
            data_type = "json", # json, data or None
40
            authentication_mode = "sapisidhash", # sapisidhash, cookies_only, oauth or None
41
            require_key = "firebase_console", # key name, or None
42
        )
43
        self._load_endpoint(endpoint)
44

45
        base_url = f"/v1/projects/{project_identifier}:testIamPermissions"
46

47
        post_data = {
48
            "permissions": permissions
49
        }
50

51
        req = await self._query(endpoint.name, as_client, base_url, data=post_data)
52

53
        # Parsing
54
        data = json.loads(req.text)
55

56
        if "error" in data:
57
            return False, []
58

59
        return True, data.get("permissions", [])
60

61
    async def get_webapp_dynamic_config(self, as_client: httpx.AsyncClient, app_id: str) -> Tuple[bool, MobileSDKDynamicConfig]:
62
        """
63
            Returns the dynamic config of a web app.
64
            
65
            :param app_id: The app id
66
        """
67
        endpoint = EndpointConfig(
68
            name = inspect.currentframe().f_code.co_name,
69
            verb = "GET",
70
            data_type = None, # json, data or None
71
            authentication_mode = "sapisidhash", # sapisidhash, cookies_only, oauth or None,
72
            key_origin="firebase_console", # key name, or None
73
            # require_key = "firebase_console", # key name, or None
74
        )
75
        self._load_endpoint(endpoint)
76

77
        # Android OAuth fields
78
        self.api_name = "mobilesdk"
79
        self.package_name = "com.android.chrome"
80
        self.scopes = [
81
                        "https://www.googleapis.com/auth/cloud-platform",
82
                        "https://www.googleapis.com/auth/cloud-platform.read-only",
83
                        "https://www.googleapis.com/auth/firebase",
84
                        "https://www.googleapis.com/auth/firebase.readonly"
85
                    ]
86

87
        base_url = f"/v1/config/webApps/{app_id}/dynamicConfig"
88

89
        req = await self._query(endpoint.name, as_client, base_url)
90

91
        # Parsing
92
        data = json.loads(req.text)
93

94
        dynamic_config = MobileSDKDynamicConfig()
95
        if "error" in data:
96
            return False, dynamic_config
97
        
98
        dynamic_config._scrape(data)
99

100
        return True, dynamic_config
101
Product

Resources

Company
