哔哩哔哩 App 端鉴权
이 스크립트는 직접 설치하는 용도가 아닙니다. 다른 스크립트에서 메타 지시문 // @require https://update.greasyfork.org/scripts/566236/1754598/Bilibili%20App%20Auth.js을(를) 사용하여 포함하는 라이브러리입니다.
// ==UserScript==
// @name Bilibili App Auth
// @name:zh-CN 哔哩哔哩 App 扫码鉴权库
// @namespace https://gab.moe/
// @version 1.0.0
// @author GabrielxD
// @description:zh-CN 为用户脚本提供 B 站 App 端扫码登录和 API 签名能力的依赖库
// @license MIT
// @grant GM_xmlhttpRequest
// ==/UserScript==
"use strict";
function createBilibiliAppAuth(
deps = {
GM_xmlhttpRequest: null,
},
) {
const logger = (() => {
const { name: scriptName, version: scriptVersion } = GM_info.script;
const nameStyle = `padding: 2px 10px; border-radius: 4px 0 0 4px; color: #fff; background: #2394F1; font-weight: bold;`;
const versionStyle = `padding: 2px 10px; border-radius: 0 4px 4px 0; color: #fff; background: #FA7298; font-weight: bold;`;
return new Proxy(console, {
get(target, prop, receiver) {
const value = Reflect.get(target, prop, receiver);
if (typeof value !== "function") {
return value;
}
return value.bind(
target,
`%c${scriptName}%cv${scriptVersion}`,
nameStyle,
versionStyle,
);
},
});
})();
const missingDeps = Object.entries(deps)
.filter(([_, value]) => value === null)
.map(([key]) => key);
if (missingDeps.length > 0) {
logger.warn(
`${missingDeps.join(
", ",
)} are required, please pass them to the function`,
);
return null;
}
const { GM_xmlhttpRequest } = deps;
// Migrated from https://github.com/blueimp/JavaScript-MD5
const md5 = (() => {
function safeAdd(x, y) {
var lsw = (x & 0xffff) + (y & 0xffff);
var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
return (msw << 16) | (lsw & 0xffff);
}
function bitRotateLeft(num, cnt) {
return (num << cnt) | (num >>> (32 - cnt));
}
function md5cmn(q, a, b, x, s, t) {
return safeAdd(
bitRotateLeft(safeAdd(safeAdd(a, q), safeAdd(x, t)), s),
b,
);
}
function md5ff(a, b, c, d, x, s, t) {
return md5cmn((b & c) | (~b & d), a, b, x, s, t);
}
function md5gg(a, b, c, d, x, s, t) {
return md5cmn((b & d) | (c & ~d), a, b, x, s, t);
}
function md5hh(a, b, c, d, x, s, t) {
return md5cmn(b ^ c ^ d, a, b, x, s, t);
}
function md5ii(a, b, c, d, x, s, t) {
return md5cmn(c ^ (b | ~d), a, b, x, s, t);
}
function binlMD5(x, len) {
/* append padding */
x[len >> 5] |= 0x80 << len % 32;
x[(((len + 64) >>> 9) << 4) + 14] = len;
var i;
var olda;
var oldb;
var oldc;
var oldd;
var a = 1732584193;
var b = -271733879;
var c = -1732584194;
var d = 271733878;
for (i = 0; i < x.length; i += 16) {
olda = a;
oldb = b;
oldc = c;
oldd = d;
a = md5ff(a, b, c, d, x[i], 7, -680876936);
d = md5ff(d, a, b, c, x[i + 1], 12, -389564586);
c = md5ff(c, d, a, b, x[i + 2], 17, 606105819);
b = md5ff(b, c, d, a, x[i + 3], 22, -1044525330);
a = md5ff(a, b, c, d, x[i + 4], 7, -176418897);
d = md5ff(d, a, b, c, x[i + 5], 12, 1200080426);
c = md5ff(c, d, a, b, x[i + 6], 17, -1473231341);
b = md5ff(b, c, d, a, x[i + 7], 22, -45705983);
a = md5ff(a, b, c, d, x[i + 8], 7, 1770035416);
d = md5ff(d, a, b, c, x[i + 9], 12, -1958414417);
c = md5ff(c, d, a, b, x[i + 10], 17, -42063);
b = md5ff(b, c, d, a, x[i + 11], 22, -1990404162);
a = md5ff(a, b, c, d, x[i + 12], 7, 1804603682);
d = md5ff(d, a, b, c, x[i + 13], 12, -40341101);
c = md5ff(c, d, a, b, x[i + 14], 17, -1502002290);
b = md5ff(b, c, d, a, x[i + 15], 22, 1236535329);
a = md5gg(a, b, c, d, x[i + 1], 5, -165796510);
d = md5gg(d, a, b, c, x[i + 6], 9, -1069501632);
c = md5gg(c, d, a, b, x[i + 11], 14, 643717713);
b = md5gg(b, c, d, a, x[i], 20, -373897302);
a = md5gg(a, b, c, d, x[i + 5], 5, -701558691);
d = md5gg(d, a, b, c, x[i + 10], 9, 38016083);
c = md5gg(c, d, a, b, x[i + 15], 14, -660478335);
b = md5gg(b, c, d, a, x[i + 4], 20, -405537848);
a = md5gg(a, b, c, d, x[i + 9], 5, 568446438);
d = md5gg(d, a, b, c, x[i + 14], 9, -1019803690);
c = md5gg(c, d, a, b, x[i + 3], 14, -187363961);
b = md5gg(b, c, d, a, x[i + 8], 20, 1163531501);
a = md5gg(a, b, c, d, x[i + 13], 5, -1444681467);
d = md5gg(d, a, b, c, x[i + 2], 9, -51403784);
c = md5gg(c, d, a, b, x[i + 7], 14, 1735328473);
b = md5gg(b, c, d, a, x[i + 12], 20, -1926607734);
a = md5hh(a, b, c, d, x[i + 5], 4, -378558);
d = md5hh(d, a, b, c, x[i + 8], 11, -2022574463);
c = md5hh(c, d, a, b, x[i + 11], 16, 1839030562);
b = md5hh(b, c, d, a, x[i + 14], 23, -35309556);
a = md5hh(a, b, c, d, x[i + 1], 4, -1530992060);
d = md5hh(d, a, b, c, x[i + 4], 11, 1272893353);
c = md5hh(c, d, a, b, x[i + 7], 16, -155497632);
b = md5hh(b, c, d, a, x[i + 10], 23, -1094730640);
a = md5hh(a, b, c, d, x[i + 13], 4, 681279174);
d = md5hh(d, a, b, c, x[i], 11, -358537222);
c = md5hh(c, d, a, b, x[i + 3], 16, -722521979);
b = md5hh(b, c, d, a, x[i + 6], 23, 76029189);
a = md5hh(a, b, c, d, x[i + 9], 4, -640364487);
d = md5hh(d, a, b, c, x[i + 12], 11, -421815835);
c = md5hh(c, d, a, b, x[i + 15], 16, 530742520);
b = md5hh(b, c, d, a, x[i + 2], 23, -995338651);
a = md5ii(a, b, c, d, x[i], 6, -198630844);
d = md5ii(d, a, b, c, x[i + 7], 10, 1126891415);
c = md5ii(c, d, a, b, x[i + 14], 15, -1416354905);
b = md5ii(b, c, d, a, x[i + 5], 21, -57434055);
a = md5ii(a, b, c, d, x[i + 12], 6, 1700485571);
d = md5ii(d, a, b, c, x[i + 3], 10, -1894986606);
c = md5ii(c, d, a, b, x[i + 10], 15, -1051523);
b = md5ii(b, c, d, a, x[i + 1], 21, -2054922799);
a = md5ii(a, b, c, d, x[i + 8], 6, 1873313359);
d = md5ii(d, a, b, c, x[i + 15], 10, -30611744);
c = md5ii(c, d, a, b, x[i + 6], 15, -1560198380);
b = md5ii(b, c, d, a, x[i + 13], 21, 1309151649);
a = md5ii(a, b, c, d, x[i + 4], 6, -145523070);
d = md5ii(d, a, b, c, x[i + 11], 10, -1120210379);
c = md5ii(c, d, a, b, x[i + 2], 15, 718787259);
b = md5ii(b, c, d, a, x[i + 9], 21, -343485551);
a = safeAdd(a, olda);
b = safeAdd(b, oldb);
c = safeAdd(c, oldc);
d = safeAdd(d, oldd);
}
return [a, b, c, d];
}
function binl2rstr(input) {
var i;
var output = "";
var length32 = input.length * 32;
for (i = 0; i < length32; i += 8) {
output += String.fromCharCode((input[i >> 5] >>> i % 32) & 0xff);
}
return output;
}
function rstr2binl(input) {
var i;
var output = [];
output[(input.length >> 2) - 1] = undefined;
for (i = 0; i < output.length; i += 1) {
output[i] = 0;
}
var length8 = input.length * 8;
for (i = 0; i < length8; i += 8) {
output[i >> 5] |= (input.charCodeAt(i / 8) & 0xff) << i % 32;
}
return output;
}
function rstrMD5(s) {
return binl2rstr(binlMD5(rstr2binl(s), s.length * 8));
}
function rstrHMACMD5(key, data) {
var i;
var bkey = rstr2binl(key);
var ipad = [];
var opad = [];
var hash;
ipad[15] = opad[15] = undefined;
if (bkey.length > 16) {
bkey = binlMD5(bkey, key.length * 8);
}
for (i = 0; i < 16; i += 1) {
ipad[i] = bkey[i] ^ 0x36363636;
opad[i] = bkey[i] ^ 0x5c5c5c5c;
}
hash = binlMD5(ipad.concat(rstr2binl(data)), 512 + data.length * 8);
return binl2rstr(binlMD5(opad.concat(hash), 512 + 128));
}
function rstr2hex(input) {
var hexTab = "0123456789abcdef";
var output = "";
var x;
var i;
for (i = 0; i < input.length; i += 1) {
x = input.charCodeAt(i);
output += hexTab.charAt((x >>> 4) & 0x0f) + hexTab.charAt(x & 0x0f);
}
return output;
}
function str2rstrUTF8(input) {
return unescape(encodeURIComponent(input));
}
function rawMD5(s) {
return rstrMD5(str2rstrUTF8(s));
}
function hexMD5(s) {
return rstr2hex(rawMD5(s));
}
function rawHMACMD5(k, d) {
return rstrHMACMD5(str2rstrUTF8(k), str2rstrUTF8(d));
}
function hexHMACMD5(k, d) {
return rstr2hex(rawHMACMD5(k, d));
}
return function md5(string, key, raw) {
if (!key) {
if (!raw) {
return hexMD5(string);
}
return rawMD5(string);
}
if (!raw) {
return hexHMACMD5(key, string);
}
return rawHMACMD5(key, string);
};
})();
const isObject = value => value !== null && typeof value === "object";
const getCurrentUnixTS = () => Math.floor(Date.now() / 1000);
/** 部分可用的 APP 预设 (appkey / appsec) */
const APP_PRESETS = {
/** 粉版 (Android, 7.X 及更新版本获取用户信息) */
android: {
appkey: "783bbb7264451d82",
appsec: "2653583c8873dea268ab9386918b1d65",
},
/** AndroidBiliThings */
android_things: {
appkey: "8d23902c1688a798",
appsec: "710f0212e62bd499b8d3ac6e1db9302a",
},
/** 第三方授权 */
third_party: {
appkey: "27eb53fc9058f8c3",
appsec: "c2ed53a74eeefe3cf99fbd01d8c9c375",
},
/** 云视听小电视(TV版) */
tv: {
appkey: "4409e2ce8ffd12b8",
appsec: "59b43e04ad6965f34319062b478f83dd",
},
/** HD 版 */
hd: {
appkey: "dfca71928277209b",
appsec: "b5475a8825547a4fc26c7d518eaaa02e",
},
};
/**
* 哔哩哔哩 App 端扫码登录
*
* 事件:
* - `start` — 登录流程开始(获取到二维码后触发)
* - `scan` — 二维码状态轮询中(等待扫码 / 已扫码未确认), `event.detail` 为轮询响应
* - `completed` — 登录成功, `event.detail` 为登录响应数据
* - `error` — 登录失败 / 二维码过期, `event.detail` 为错误响应
* - `end` — 登录流程结束(无论成功或失败), `event.detail` 为最终响应
*/
class BilibiliAppAuth extends EventTarget {
USER_AGENT =
"Mozilla/5.0 BiliDroid/8.43.0 ([email protected]) os/android model/android mobi_app/android build/8430300 channel/master innerVer/8430300 osVer/15 network/2";
#appkey;
#appsec;
#timer = null;
/** 轮询间隔(ms) */
interval = 2000;
/**
* @param {string | { appkey: string; appsec: string }} app
* 预设名称(如 "tv", "android", "hd" 等)或自定义 { appkey, appsec }
*/
constructor(app) {
super();
if (typeof app === "string") {
const preset = APP_PRESETS[app];
if (!preset) {
logger.error(
`未知的 APP 预设: "${app}",可用预设: ${Object.keys(
APP_PRESETS,
).join(", ")}`,
);
return;
}
this.#appkey = preset.appkey;
this.#appsec = preset.appsec;
} else {
if (!app?.appkey || !app?.appsec) {
logger.error("自定义配置必须提供 appkey 和 appsec");
return;
}
this.#appkey = app.appkey;
this.#appsec = app.appsec;
}
}
static request = (() => {
const _request = (url, options = {}) => {
const {
method = "GET",
headers,
data = null,
params = null,
timeout = 30_000,
responseType,
cookie,
anonymous,
} = options;
let query = params;
if (isObject(params) && !(params instanceof URLSearchParams)) {
query = new URLSearchParams(params);
}
const fullURL = query
? `${url}${url.includes("?") ? "&" : "?"}${query}`
: url;
let ctrl;
const promise = new Promise((resolve, reject) => {
GM_xmlhttpRequest({
method,
url: fullURL,
headers,
data,
timeout,
responseType,
cookie,
anonymous,
onload(res) {
if (res.status >= 200 && res.status < 300) {
let result = res.response ?? res.responseText;
if (!responseType && typeof result === "string") {
try {
result = JSON.parse(result);
} catch {}
}
resolve({
body: result,
status: res.status,
headers: res.responseHeaders,
raw: res,
});
} else {
reject({
body: res.responseText,
status: res.status,
statusText: res.statusText,
raw: res,
});
}
},
onerror: res =>
reject({ status: 0, msg: "Network Error", raw: res }),
ontimeout: res => reject({ status: 0, msg: "Timeout", raw: res }),
});
});
promise.abort = () => ctrl?.abort();
return promise;
};
_request.get = (url, params, opts) =>
_request(url, { ...opts, method: "GET", params });
_request.post = (url, data, opts) =>
_request(url, { ...opts, method: "POST", data });
return _request;
})();
/**
* 为请求参数进行 APP 签名
* @param {Record<string, any> | URLSearchParams} params
* @returns {URLSearchParams} 签名后的 params
*/
signParams(params) {
if (!(params instanceof URLSearchParams)) {
params = new URLSearchParams(params);
}
params.set("appkey", this.#appkey);
params.sort();
params.set("sign", md5(`${params.toString()}${this.#appsec}`));
return params;
}
/**
* 获取登录二维码 URL 及密钥
*/
async getAuthCode() {
const signedParams = this.signParams({
local_id: 0,
ts: getCurrentUnixTS(),
mobi_app: "android",
});
const resp = await BilibiliAppAuth.request.post(
"https://passport.bilibili.com/x/passport-tv-login/qrcode/auth_code",
signedParams,
{
responseType: "json",
anonymous: true,
headers: {
"User-Agent": this.USER_AGENT,
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
},
},
);
if (resp.body.code !== 0) {
logger.error("getAuthCode error:", resp.body);
return null;
}
return resp.body.data;
}
/**
* 查询登录二维码状态
* @param {string} authCode
*/
async poll(authCode) {
const signedParams = this.signParams({
auth_code: authCode,
local_id: 0,
ts: getCurrentUnixTS(),
});
const resp = await BilibiliAppAuth.request.post(
"https://passport.bilibili.com/x/passport-tv-login/qrcode/poll",
signedParams,
{
responseType: "json",
anonymous: true,
headers: {
"User-Agent": this.USER_AGENT,
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
},
},
);
return resp.body;
}
/**
* 开始扫码登录流程
* @returns {Promise<string | null>} 二维码 URL,失败返回 null
*/
async login() {
const data = await this.getAuthCode();
if (!data) {
this.dispatchEvent(
new CustomEvent("error", {
detail: { code: -1, message: "获取二维码失败", data: null },
}),
);
return null;
}
const authCode = data.auth_code;
this.dispatchEvent(new Event("start"));
let count = 0;
this.#timer = setInterval(async () => {
try {
const resp = await this.poll(authCode);
if (resp.code === 0) {
this.dispatchEvent(new CustomEvent("completed", { detail: resp }));
this.#finish(resp);
} else if (resp.code === 86039 || resp.code === 86090) {
// 86039: 尚未扫码, 86090: 已扫码未确认
this.dispatchEvent(new CustomEvent("scan", { detail: resp }));
} else {
// 86038: 二维码已失效 / 其他错误
this.dispatchEvent(new CustomEvent("error", { detail: resp }));
this.#finish(resp);
}
count++;
if (count > 180_000 / this.interval) {
const timeout = {
code: 86038,
message: "二维码已失效",
ttl: 1,
data: null,
};
this.dispatchEvent(new CustomEvent("error", { detail: timeout }));
this.#finish(timeout);
}
} catch (err) {
logger.error("poll error:", err);
this.dispatchEvent(
new CustomEvent("error", {
detail: { code: -1, message: "轮询请求异常", data: err },
}),
);
this.#finish({
code: -1,
message: "轮询请求异常",
data: err,
});
}
}, this.interval);
return data.url;
}
/**
* 结束轮询并触发 end 事件
* @param {any} detail
*/
#finish(detail) {
clearInterval(this.#timer);
this.#timer = null;
this.dispatchEvent(new CustomEvent("end", { detail }));
}
/**
* 中断登录流程
*/
interrupt() {
if (this.#timer !== null) {
clearInterval(this.#timer);
this.#timer = null;
this.dispatchEvent(
new CustomEvent("end", {
detail: { code: -1, message: "用户中断", data: null },
}),
);
}
}
}
return BilibiliAppAuth;
}