KAIST 로그인 구현 변경

Author: hyeongukryu

.eslintrc.js

@@ -1,7 +1,7 @@
 module.exports = {
     env: {
         browser: true,
-        es2020: true,
+        es2022: true,
     },
     extends: [
         'airbnb-base',
@@ -12,13 +12,20 @@ module.exports = {
     ],
     parser: '@typescript-eslint/parser',
     parserOptions: {
-        ecmaVersion: 11,
+        ecmaVersion: 2022,
         sourceType: 'module',
     },
     plugins: [
         '@typescript-eslint',
     ],
     rules: {
         indent: ['error', 4],
+        'import/extensions': [
+            'error',
+            'ignorePackages',
+            {
+                ts: 'never',
+            },
+        ],
     },
 };

auth.ts

@@ -0,0 +1,193 @@
+import axios, { AxiosError } from 'axios';
+import {
+    pki, util, random, pkcs5, md, cipher,
+} from 'node-forge';
+import { CookieJar, MemoryCookieStore } from 'tough-cookie';
+import { wrapper } from 'axios-cookiejar-support';
+import { JSDOM } from 'jsdom';
+
+const cookieStore = new MemoryCookieStore();
+const cookieJar = new CookieJar(cookieStore);
+
+const http = axios.create();
+http.defaults.baseURL = 'https://iam2.kaist.ac.kr';
+http.defaults.withCredentials = true;
+http.defaults.jar = cookieJar;
+wrapper(http);
+http.interceptors.request.use((config) => {
+    const token = cookieJar
+        .getCookiesSync('https://iam2.kaist.ac.kr')
+        .find((cookie) => cookie.key === 'XSRF-TOKEN')?.value;
+    if (token) {
+        // eslint-disable-next-line no-param-reassign
+        config.headers['X-XSRF-TOKEN'] = token;
+    }
+    return config;
+});
+
+async function getPublicKey(): Promise<string> {
+    await http.get('/'); // XSRF-TOKEN
+    const result = await http.post<string>('getPublicKey');
+    return result.data;
+}
+
+interface SymmetricKey {
+    length: number;
+    key: string;
+    iv: string;
+    keyStr: string;
+}
+
+function generateSymmetricKey(): SymmetricKey {
+    const length = 32;
+    const entropy = util.encode64(random.getBytesSync(0x40));
+    const password = `${entropy.substring(0x0, 0x4)
+    }b${entropy.substring(0x5, 0x9)
+    }a${entropy.substring(0xa, 0xe)
+    }n${entropy.substring(0xf, 0x13)
+    }d${entropy.substring(0x14, 0x18)
+    }i${entropy.substring(0x19)}`;
+    const salt = password.substring(password.length - 16);
+    const pbkdf2 = pkcs5.pbkdf2(password, salt, 1024, length);
+    const iv = pbkdf2.slice(pbkdf2.length - 16);
+    return {
+        length,
+        key: pbkdf2,
+        iv,
+        keyStr: password,
+    };
+}
+
+function encryptPKIWithPublicKey(payload: string, publicKey: pki.rsa.PublicKey): string {
+    const encoded = util.encodeUtf8(payload);
+    const encrypted = publicKey.encrypt(encoded, 'RSAES-PKCS1-V1_5', { md: md.sha256.create() });
+    return util.encode64(encrypted);
+}
+
+function encryptAES(paylod: string, keyInfo: SymmetricKey): string {
+    const encoded = encodeURIComponent(paylod);
+    const aes = cipher.createCipher('AES-CBC', keyInfo.key);
+    aes.start({ iv: keyInfo.iv });
+    aes.update(util.createBuffer(encoded));
+    aes.finish();
+    return util.encode64(aes.output.bytes());
+}
+
+function encryptPayloadComponent(
+    payload: string | null | undefined,
+    keyInfo: SymmetricKey,
+): string | null {
+    if (payload === null || payload === undefined) {
+        return null;
+    }
+    if (payload === '') {
+        return '';
+    }
+    return encryptAES(payload, keyInfo);
+}
+
+interface CryptoConfiguration {
+    keyInfo: SymmetricKey;
+    encKey: string;
+}
+
+async function loginIdPassword(
+    userId: string,
+    password: string,
+    cryptoConfig: CryptoConfiguration,
+) {
+    const encryptedUserId = encryptPayloadComponent(userId, cryptoConfig.keyInfo);
+    const encryptedPassword = encryptPayloadComponent(password, cryptoConfig.keyInfo);
+    if (encryptedUserId === null || encryptedPassword === null) {
+        throw new Error('Invalid input');
+    }
+    const formData = {
+        user_id: encryptedUserId,
+        login_page: 'L_P_IAMPS',
+        pw: encryptedPassword,
+    };
+    const body = new URLSearchParams(formData);
+    try {
+        await http.post('/api/sso/login', body, { headers: { encsymka: cryptoConfig.encKey } });
+    } catch (e) {
+        if (!axios.isAxiosError(e)) {
+            throw e;
+        }
+        const error = e as AxiosError<any>;
+        const { response } = error;
+        if (!response || response.status !== 500 || !response.data) {
+            throw e;
+        }
+        if (typeof response.data.errorCode !== 'string') {
+            throw e;
+        }
+        if (response.data.errorCode !== 'SSO_OTP_NEED_OTP_CHECK') {
+            throw Error(response.data.errorCode);
+        }
+    }
+}
+
+async function loginOtp(userId: string, otp: string, cryptoConfig: CryptoConfiguration) {
+    const encryptedUserId = encryptPayloadComponent(userId, cryptoConfig.keyInfo);
+    if (encryptedUserId === null) {
+        throw new Error('Invalid input');
+    }
+    const formData = {
+        user_id: encryptedUserId,
+        login_page: 'L_P_IAMPS',
+        otp,
+        param_id: '',
+        auth_type_2nd: 'motp',
+        alrdln: 'T',
+    };
+    const body = new URLSearchParams(formData);
+    await http.post('/api/sso/login', body, { headers: { encsymka: cryptoConfig.encKey } });
+}
+
+function generateCryptoConfig(publicKey: pki.rsa.PublicKey): CryptoConfiguration {
+    const symmetricKey = generateSymmetricKey();
+    const encsymka = encryptPKIWithPublicKey(symmetricKey.keyStr, publicKey);
+    return {
+        keyInfo: symmetricKey,
+        encKey: encsymka,
+    };
+}
+
+export interface GetKaistCookieRunOptions {
+    userId: string;
+    password: string;
+    generateOtp: () => Promise<string>;
+}
+
+export async function loginToPortal() {
+    const redirectPage = await http.get('https://portal.kaist.ac.kr/user/ssoLoginProcess.face');
+    const html = redirectPage.data;
+    const dom = new JSDOM(html);
+    const { document } = dom.window;
+    const action = document.querySelector('form')?.action;
+    if (!action || !action.startsWith('https://portal.kaist.ac.kr/')) {
+        throw new Error('Invalid action');
+    }
+    const inputElements = document.querySelectorAll('input[type="hidden"]');
+    const formData = new URLSearchParams();
+    inputElements.forEach((input) => {
+        const name = input.getAttribute('name');
+        const value = input.getAttribute('value');
+        if (name && value) {
+            formData.append(name, value);
+        }
+    });
+    await http.post(action, formData);
+    await http.get('https://portal.kaist.ac.kr/index.html');
+}
+
+export async function getKaistCookie(options: GetKaistCookieRunOptions): Promise<CookieJar> {
+    const { userId, password, generateOtp } = options;
+    const serverPublicKey = await getPublicKey();
+    const publicKey = pki.publicKeyFromPem(`-----BEGIN PUBLIC KEY-----\n${serverPublicKey}\n-----END PUBLIC KEY-----`);
+    await loginIdPassword(userId, password, generateCryptoConfig(publicKey));
+    const otp = await generateOtp();
+    await loginOtp(userId, otp, generateCryptoConfig(publicKey));
+    await loginToPortal();
+    return cookieJar;
+}

index.ts

@@ -1,19 +1,13 @@
-import puppeteer, {
-    BrowserConnectOptions, BrowserLaunchArgumentOptions, LaunchOptions, Product,
-} from 'puppeteer';
-
-export type PuppeteerLaunchOptions =
-    LaunchOptions & BrowserLaunchArgumentOptions & BrowserConnectOptions & {
-        product?: Product;
-        extraPrefsFirefox?: Record<string, unknown>;
-    };
+import axios from 'axios';
+import { wrapper } from 'axios-cookiejar-support';
+import { JSDOM } from 'jsdom';
+import { getKaistCookie } from './auth';
 
 export interface KaistTodayNoticeRunOptions {
     id: string;
     password: string;
     generateOtp: () => Promise<string>;
     size?: number;
-    puppeteerLaunchOptions?: PuppeteerLaunchOptions;
     lang?: 'ko' | 'en';
 }
 
@@ -31,82 +25,65 @@ function normalizeDate(date: string): string {
     return `${digits.substring(0, 4)}-${digits.substring(4, 6)}-${digits.substring(6, 8)}`;
 }
 
+function extractNotices(html: string): KaistTodayNotice[] | null {
+    const dom = new JSDOM(html);
+    const { document } = dom.window;
+
+    const table = document.querySelector<HTMLTableElement>('.req_tbl_01');
+    if (table === null) {
+        return null;
+    }
+    const rows = table.querySelectorAll<HTMLTableRowElement>('tr');
+
+    const notices: KaistTodayNotice[] = [];
+    rows.forEach((row) => {
+        const a = row.querySelector<HTMLAnchorElement>('.req_tit>a');
+        const meta = row.querySelectorAll<HTMLLabelElement>('.ellipsis');
+        if (a === null) {
+            return;
+        }
+        if (meta.length !== 4) {
+            return;
+        }
+        notices.push({
+            title: a.text.trim(),
+            link: new URL(a.href, 'https://portal.kaist.ac.kr/').href,
+            organization: (meta[0].textContent ?? '').trim(),
+            author: (meta[1].textContent ?? '').trim(),
+            views: Number((meta[2].textContent ?? '').trim()),
+            date: normalizeDate((meta[3].textContent ?? '').trim()),
+        });
+    });
+
+    return notices;
+}
+
 export default async function run(
     options: KaistTodayNoticeRunOptions,
 ): Promise<KaistTodayNotice[] | null> {
     const {
-        id, password, puppeteerLaunchOptions, lang, generateOtp,
+        id, password, lang, generateOtp,
     } = options;
     const size = options.size ?? 10;
 
-    let browser = null;
-    try {
-        browser = await puppeteer.launch(puppeteerLaunchOptions);
-        const page = await browser.newPage();
-        await page.goto('https://iam2.kaist.ac.kr/#/userLogin');
-        await page.waitForSelector('input[type=text]');
-        await page.waitForSelector('input[type=password]');
-        await page.type('input[type=text]', id);
-        await page.waitForSelector('input[type=submit]');
-        const loginMethods = await page.$$('input[type=submit]');
-        await loginMethods[1].click();
-        await page.type('input[type=password]', password);
-        await page.waitForSelector('.loginbtn');
-        await page.click('.loginbtn');
+    const cookie = await getKaistCookie({
+        userId: id,
+        password,
+        generateOtp,
+    });
 
-        await page.waitForSelector('input[id=motp]');
-        await page.click('input[id=motp]');
-        await page.waitForSelector('.pass > input[type=password]');
-        await page.type('.pass > input[type=password]', await generateOtp());
-        await page.waitForSelector('.log > input[type=submit]');
-        await page.click('.log > input[type=submit]');
+    const http = axios.create();
+    http.defaults.jar = cookie;
+    http.defaults.withCredentials = true;
+    wrapper(http);
 
-        await page.waitForSelector('.navbar-nav');
-        await page.goto('https://portal.kaist.ac.kr/index.html');
-        await page.waitForSelector('.ptl_search');
-        if (lang) {
-            await page.goto(`https://portal.kaist.ac.kr/lang/changeLang.face?langKnd=${lang}`);
-            await page.waitForSelector('.ptl_search');
-        }
-        await page.goto('https://portal.kaist.ac.kr/index.html');
-        await page.waitForSelector('.ptl_search');
-        await page.goto(`https://portal.kaist.ac.kr/board/list.brd?boardId=today_notice&pageSize=${size}`);
-        await page.waitForSelector('.req_btn_wrap');
-        await page.waitForSelector('.req_tbl_01');
-        const result = await page.evaluate(() => {
-            const table = document.querySelector<HTMLTableElement>('.req_tbl_01');
-            if (table === null) {
-                return null;
-            }
-            const rows = table.querySelectorAll<HTMLTableRowElement>('tr');
-            const notices: KaistTodayNotice[] = [];
-            rows.forEach((row) => {
-                const a = row.querySelector<HTMLAnchorElement>('.req_tit>a');
-                const meta = row.querySelectorAll<HTMLLabelElement>('.ellipsis');
-                if (a === null) {
-                    return;
-                }
-                if (meta.length !== 4) {
-                    return;
-                }
-                notices.push({
-                    title: a.text.trim(),
-                    link: a.href,
-                    organization: meta[0].innerText.trim(),
-                    author: meta[1].innerText.trim(),
-                    views: Number(meta[2].innerText.trim()),
-                    date: meta[3].innerText.trim(),
-                });
-            });
-            return notices;
-        });
-        return result?.map((notice) => ({
-            ...notice,
-            date: normalizeDate(notice.date),
-        })) ?? null;
-    } finally {
-        if (browser) {
-            await browser.close();
-        }
+    await http.get('https://portal.kaist.ac.kr/index.html');
+    if (lang) {
+        await http.get(`https://portal.kaist.ac.kr/lang/changeLang.face?langKnd=${lang}`);
     }
+
+    const boardPage = await http.get<string>(`https://portal.kaist.ac.kr/board/list.brd?boardId=today_notice&pageSize=${size}`);
+    const html = boardPage.data;
+    const notices = extractNotices(html);
+    return notices;
 }