GDBrowser/api/postProfileComment.js

const request = require('request')
const XOR = require('../classes/XOR.js');
const xor = new XOR();
const crypto = require('crypto')
function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }

module.exports = async (app, req, res) => {

  if (!req.body.comment) return res.status(400).send("No comment provided!")
  if (!req.body.username) return res.status(400).send("No username provided!")
  if (!req.body.accountID) return res.status(400).send("No account ID provided!")
  if (!req.body.password) return res.status(400).send("No password provided!")

  if (req.body.comment.includes('\n')) return res.status(400).send("Profile posts cannot contain line breaks!")
  
  let params = {
    gameVersion: '21',
    binaryVersion: '35',
    secret: app.secret,
    cType: '1'
  }

  params.comment = new Buffer(req.body.comment.slice(0, 190) + (req.body.color ? "⍟" : "")).toString('base64').replace(/\//g, '_').replace(/\+/g, "-")
  params.gjp = xor.encrypt(req.body.password, 37526)
  params.accountID = req.body.accountID.toString()
  params.userName = req.body.username

  let chk = params.userName + params.comment + "1xPT6iUrtws0J"
  chk = sha1(chk)
  chk = xor.encrypt(chk, 29481)
  params.chk = chk

  request.post(app.endpoint + 'uploadGJAccComment20.php', {
    form: params
  }, function (err, resp, body) {
    if (err) return res.status(400).send("The Geometry Dash servers returned an error! Perhaps they're down for maintenance")
    if (!body || body == "-1") return res.status(400).send("The Geometry Dash servers rejected your profile post! Try again later, or make sure your username and password are entered correctly.")
    res.status(200).send(`Comment posted to ${params.userName} with ID ${body}`)
  })
}
A whole lotta hoopla CHANGELOG: - Profile posts! This one is long overdue but... yeah! You can now leave profile posts, and drop likes on them as well! - Classes folder! It's a folder... for classes! Don't ask me to explain what a class is, because I'm still not sure myself - Le Level Class has arrived! Instead of parsing level data in three different files, the level class has stepped up to do the dirty work. (thanks to memimoe for helping) - Renamed generate.css to iconkit.css, and deleted soon.css because it's ugly - Removed 404 redirect when trying to view an asset that doesn't exist - Updated readme to get with the times - Removed Herobrine 2019-12-15 19:11:35 -05:00			`const request = require('request')`
			`const XOR = require('../classes/XOR.js');`
			`const xor = new XOR();`
			`const crypto = require('crypto')`
			`function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }`

			`module.exports = async (app, req, res) => {`

			`if (!req.body.comment) return res.status(400).send("No comment provided!")`
			`if (!req.body.username) return res.status(400).send("No username provided!")`
			`if (!req.body.accountID) return res.status(400).send("No account ID provided!")`
			`if (!req.body.password) return res.status(400).send("No password provided!")`

			`if (req.body.comment.includes('\n')) return res.status(400).send("Profile posts cannot contain line breaks!")`

			`let params = {`
			`gameVersion: '21',`
			`binaryVersion: '35',`
			`secret: app.secret,`
			`cType: '1'`
			`}`

			`params.comment = new Buffer(req.body.comment.slice(0, 190) + (req.body.color ? "⍟" : "")).toString('base64').replace(/\//g, '_').replace(/\+/g, "-")`
			`params.gjp = xor.encrypt(req.body.password, 37526)`
			`params.accountID = req.body.accountID.toString()`
			`params.userName = req.body.username`

			`let chk = params.userName + params.comment + "1xPT6iUrtws0J"`
			`chk = sha1(chk)`
			`chk = xor.encrypt(chk, 29481)`
			`params.chk = chk`

GDPS Compatibility (kinda) I've started work on making GDBrowser compatible with GD private servers :D Currently a few things (comments, leaderboards, etc) are broken but other than that I'm kind of getting there. This commit mostly just makes life easier for people who want to fork GDBrowser for their private server - The endpoint (e.g. boomlings.com) is now set in index.js - Added gdpsConfig.js, where you can tweak small settings in case your GDPS does stuff weirdly - Small tweaks to the code so the weird GDPS responses can be correctly interpreted - secretStuff.json is no longer mandatory If you're able to help me out with this project, PRs are appreciated :D - Removed Herobrine 2019-12-21 22:16:18 -05:00			`request.post(app.endpoint + 'uploadGJAccComment20.php', {`
A whole lotta hoopla CHANGELOG: - Profile posts! This one is long overdue but... yeah! You can now leave profile posts, and drop likes on them as well! - Classes folder! It's a folder... for classes! Don't ask me to explain what a class is, because I'm still not sure myself - Le Level Class has arrived! Instead of parsing level data in three different files, the level class has stepped up to do the dirty work. (thanks to memimoe for helping) - Renamed generate.css to iconkit.css, and deleted soon.css because it's ugly - Removed 404 redirect when trying to view an asset that doesn't exist - Updated readme to get with the times - Removed Herobrine 2019-12-15 19:11:35 -05:00			`form: params`
			`}, function (err, resp, body) {`
			`if (err) return res.status(400).send("The Geometry Dash servers returned an error! Perhaps they're down for maintenance")`
			`if (!body \|\| body == "-1") return res.status(400).send("The Geometry Dash servers rejected your profile post! Try again later, or make sure your username and password are entered correctly.")`
			res.status(200).send(`Comment posted to ${params.userName} with ID ${body}`)
			`})`
			`}`