API tools faq
paste
Hygcgggnngff

backend

Hygcgggnngff
Jun 27th, 2025
14
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.31 KB | None | 0 0
raw download clone embed print report
  1. import requests
  2. import random
  3. from flask import Flask, jsonify, request
  4. import json
  5. import os
  6. import base64
  7.  
  8. class GameInfo:
  9. def __init__(self):
  10. self.TitleId: str = "" # Playfab Title Id
  11. self.SecretKey: str = "" # Playfab Secret Key
  12. self.ApiKey: str = "" # App Api Key
  13.  
  14. def get_auth_headers(self):
  15. return {"content-type": "application/json", "X-SecretKey": self.SecretKey}
  16.  
  17.  
  18. settings = GameInfo()
  19. app = Flask(__name__)
  20.  
  21. def ReturnFunctionJson(data, funcname, funcparam={}):
  22. rjson = data["FunctionParameter"]
  23. userId: str = rjson.get("CallerEntityProfile").get("Lineage").get(
  24. "TitlePlayerAccountId")
  25.  
  26. req = requests.post(
  27. url=f"https://{settings.TitleId}.playfabapi.com/Server/ExecuteCloudScript",
  28. json={
  29. "PlayFabId": userId,
  30. "FunctionName": funcname,
  31. "FunctionParameter": funcparam
  32. },
  33. headers=settings.GetAuthHeaders())
  34.  
  35. if req.status_code == 200:
  36. return jsonify(
  37. req.json().get("data").get("FunctionResult")), req.status_code
  38. else:
  39. return jsonify({}), req.status_code
  40.  
  41.  
  42. def GetIsNonceValid(nonce: str, oculusId: str):
  43. req = requests.post(
  44. url=f'https://graph.oculus.com/user_nonce_validate?nonce=' + nonce +
  45. '&user_id=' + oculusId + '&access_token=' + settings.ApiKey,
  46. headers={"content-type": "application/json"})
  47. return req.json().get("is_valid")
  48.  
  49.  
  50. @app.route("/", methods=["POST", "GET"])
  51. def main():
  52. return """
  53. <html>
  54. <head>
  55. <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap" rel="stylesheet">
  56. </head>
  57. <body style="font-family: 'Inter', sans-serif;">
  58. <h1 style="color: red; font-size: 30px;">
  59. ts won't work for you blawg in the big 25
  60. </h1>
  61. </body>
  62. </html>
  63. """
  64.  
  65. @app.route("/api/PlayFabAuthentication", methods=["POST"])
  66. def playfab_authentication():
  67. rjson = request.get_json()
  68. required_fields = ["Nonce", "AppId", "Platform", "OculusId"]
  69. missing_fields = [field for field in required_fields if not rjson.get(field)]
  70.  
  71. if missing_fields:
  72. return (
  73. jsonify(
  74. {
  75. "Message": f"Missing parameter(s): {', '.join(missing_fields)}",
  76. "Error": f"BadRequest-No{missing_fields[0]}",
  77. }
  78. ),
  79. 401,
  80. )
  81.  
  82. if rjson.get("AppId") != settings.TitleId:
  83. return (
  84. jsonify(
  85. {
  86. "Message": "Request sent for the wrong App ID",
  87. "Error": "BadRequest-AppIdMismatch",
  88. }
  89. ),
  90. 400,
  91. )
  92.  
  93. url = f"https://{settings.TitleId}.playfabapi.com/Server/LoginWithServerCustomId"
  94. login_request = requests.post(
  95. url=url,
  96. json={
  97. "ServerCustomId": "OCULUS" + rjson.get("OculusId"),
  98. "CreateAccount": True,
  99. },
  100. headers=settings.get_auth_headers(),
  101. )
  102.  
  103. if login_request.status_code == 200:
  104. data = login_request.json().get("data")
  105. session_ticket = data.get("SessionTicket")
  106. entity_token = data.get("EntityToken").get("EntityToken")
  107. playfab_id = data.get("PlayFabId")
  108. entity_type = data.get("EntityToken").get("Entity").get("Type")
  109. entity_id = data.get("EntityToken").get("Entity").get("Id")
  110.  
  111. link_response = requests.post(
  112. url=f"https://{settings.TitleId}.playfabapi.com/Server/LinkServerCustomId",
  113. json={
  114. "ForceLink": True,
  115. "PlayFabId": playfab_id,
  116. "ServerCustomId": rjson.get("CustomId"),
  117. },
  118. headers=settings.get_auth_headers(),
  119. ).json()
  120.  
  121. return (
  122. jsonify(
  123. {
  124. "PlayFabId": playfab_id,
  125. "SessionTicket": session_ticket,
  126. "EntityToken": entity_token,
  127. "EntityId": entity_id,
  128. "EntityType": entity_type,
  129. }
  130. ),
  131. 200,
  132. )
  133. else:
  134. if login_request.status_code == 403:
  135. ban_info = login_request.json()
  136. if ban_info.get("errorCode") == 1002:
  137. ban_message = ban_info.get("errorMessage", "No ban message provided.")
  138. ban_details = ban_info.get("errorDetails", {})
  139. ban_expiration_key = next(iter(ban_details.keys()), None)
  140. ban_expiration_list = ban_details.get(ban_expiration_key, [])
  141. ban_expiration = (
  142. ban_expiration_list[0]
  143. if len(ban_expiration_list) > 0
  144. else "No expiration date provided."
  145. )
  146. print(ban_info)
  147. return (
  148. jsonify(
  149. {
  150. "BanMessage": ban_expiration_key,
  151. "BanExpirationTime": ban_expiration,
  152. }
  153. ),
  154. 403,
  155. )
  156. else:
  157. error_message = ban_info.get(
  158. "errorMessage", "Forbidden without ban information."
  159. )
  160. return (
  161. jsonify({"Error": "PlayFab Error", "Message": error_message}),
  162. 403,
  163. )
  164. else:
  165. error_info = login_request.json()
  166. error_message = error_info.get("errorMessage", "An error occurred.")
  167. return (
  168. jsonify({"Error": "PlayFab Error", "Message": error_message}),
  169. login_request.status_code,
  170. )
  171.  
  172.  
  173. @app.route("/api/CachePlayFabId", methods=["POST"])
  174. def cache_playfab_id():
  175. return jsonify({"Message": "Success"}), 200
  176.  
  177.  
  178. @app.route("/api/TitleData", methods=["POST", "GET"])
  179. def title_data():
  180. response = requests.post(
  181. url=f"https://{settings.TitleId}.playfabapi.com/Server/GetTitleData",
  182. headers=settings.get_auth_headers()
  183. )
  184.  
  185. if response.status_code == 200:
  186. return jsonify(response.json().get("data").get("Data"))
  187. else:
  188. return jsonify({}), response.status_code
  189.  
  190.  
  191. @app.route("/api/ConsumeOculusIAP", methods=["POST"])
  192. def consume_oculus_iap():
  193. rjson = request.get_json()
  194.  
  195. access_token = rjson.get("userToken")
  196. user_id = rjson.get("userID")
  197. nonce = rjson.get("nonce")
  198. sku = rjson.get("sku")
  199.  
  200. response = requests.post(
  201. url=f"https://graph.oculus.com/consume_entitlement?nonce={nonce}&user_id={user_id}&sku={sku}&access_token={settings.ApiKey}",
  202. headers={"content-type": "application/json"},
  203. )
  204.  
  205. if response.json().get("success"):
  206. return jsonify({"result": True})
  207. else:
  208. return jsonify({"error": True})
  209.  
  210. @app.route("/api/GetAcceptedAgreements", methods=['POST', 'GET'])
  211. def GetAcceptedAgreements():
  212. data = request.json
  213.  
  214. return jsonify({"PrivacyPolicy":"1.1.28","TOS":"11.05.22.2"}), 200
  215.  
  216. @app.route("/api/SubmitAcceptedAgreements", methods=['POST', 'GET'])
  217. def SubmitAcceptedAgreements():
  218. data = request.json
  219.  
  220. return jsonify({}), 200
  221.  
  222. @app.route("/api/ConsumeCodeItem", methods=["POST"])
  223. def consume_code_item():
  224. rjson = request.get_json()
  225. code = rjson.get("itemGUID")
  226. playfab_id = rjson.get("playFabID")
  227. session_ticket = rjson.get("playFabSessionTicket")
  228.  
  229. if not all([code, playfab_id, session_ticket]):
  230. return jsonify({"error": "Missing parameters"}), 400
  231.  
  232. raw_url = f"https://github.com/redapplegtag/backendsfrr" # make a github and put the raw here (Redeemed = not redeemed, u have to add discord webhookss and if your smart you can make it so it auto updates the github url (redeemed is not redeemed, AlreadyRedeemed is already redeemed, then dats it
  233. # code:Redeemed
  234. response = requests.get(raw_url)
  235.  
  236. if response.status_code != 200:
  237. return jsonify({"error": "GitHub fetch failed"}), 500
  238.  
  239. lines = response.text.splitlines()
  240. codes = {split[0].strip(): split[1].strip() for line in lines if (split := line.split(":")) and len(split) == 2}
  241.  
  242. if code not in codes:
  243. return jsonify({"result": "CodeInvalid"}), 404
  244.  
  245. if codes[code] == "AlreadyRedeemed":
  246. return jsonify({"result": codes[code]}), 200
  247.  
  248. grant_response = requests.post(
  249. f"https://{settings.TitleId}.playfabapi.com/Admin/GrantItemsToUsers",
  250. json={
  251. "ItemGrants": [
  252. {
  253. "PlayFabId": playfab_id,
  254. "ItemId": item_id,
  255. "CatalogVersion": "DLC"
  256. } for item_id in ["dis da cosmetics", "anotehr cposmetic", "anotehr"]
  257. ]
  258. },
  259. headers=settings.get_auth_headers()
  260. )
  261.  
  262.  
  263. if grant_response.status_code != 200:
  264. return jsonify({"result": "PlayFabError", "errorMessage": grant_response.json().get("errorMessage", "Grant failed")}), 500
  265.  
  266. new_lines = [f"{split[0].strip()}:AlreadyRedeemed" if split[0].strip() == code else line.strip()
  267. for line in lines if (split := line.split(":")) and len(split) >= 2]
  268.  
  269. updated_content = "\n".join(new_lines).strip()
  270.  
  271. return jsonify({"result": "Success", "itemID": code, "playFabItemName": codes[code]}), 200
  272.  
  273. @app.route('/api/v2/GetName', methods=['POST', 'GET'])
  274. def GetNameIg():
  275. return jsonify({"result": f"GORILLA{random.randint(1000,9999)}"})
  276.  
  277. @app.route("/api/photon", methods=["POST"])
  278. def photonauth():
  279. print(f"Received {request.method} request at /api/photon")
  280. getjson = request.get_json()
  281. Ticket = getjson.get("Ticket")
  282. Nonce = getjson.get("Nonce")
  283. Platform = getjson.get("Platform")
  284. UserId = getjson.get("UserId")
  285. nickName = getjson.get("username")
  286. if request.method.upper() == "GET":
  287. rjson = request.get_json()
  288. print(f"{request.method} : {rjson}")
  289.  
  290. userId = Ticket.split('-')[0] if Ticket else None
  291. print(f"Extracted userId: {UserId}")
  292.  
  293. if userId is None or len(userId) != 16:
  294. print("Invalid userId")
  295. return jsonify({
  296. 'resultCode': 2,
  297. 'message': 'Invalid token',
  298. 'userId': None,
  299. 'nickname': None
  300. })
  301.  
  302. if Platform != 'Quest':
  303. return jsonify({'Error': 'Bad request', 'Message': 'Invalid platform!'}),403
  304.  
  305. if Nonce is None:
  306. return jsonify({'Error': 'Bad request', 'Message': 'Not Authenticated!'}),304
  307.  
  308. req = requests.post(
  309. url=f"https://{settings.TitleId}.playfabapi.com/Server/GetUserAccountInfo",
  310. json={"PlayFabId": userId},
  311. headers={
  312. "content-type": "application/json",
  313. "X-SecretKey": secretkey
  314. })
  315.  
  316. print(f"Request to PlayFab returned status code: {req.status_code}")
  317.  
  318. if req.status_code == 200:
  319. nickName = req.json().get("UserInfo",
  320. {}).get("UserAccountInfo",
  321. {}).get("Username")
  322. if not nickName:
  323. nickName = None
  324.  
  325. print(
  326. f"Authenticated user {userId.lower()} with nickname: {nickName}"
  327. )
  328.  
  329. return jsonify({
  330. 'resultCode': 1,
  331. 'message':
  332. f'Authenticated user {userId.lower()} title {settings.TitleId.lower()}',
  333. 'userId': f'{userId.upper()}',
  334. 'nickname': nickName
  335. })
  336. else:
  337. print("Failed to get user account info from PlayFab")
  338. return jsonify({
  339. 'resultCode': 0,
  340. 'message': "Something went wrong",
  341. 'userId': None,
  342. 'nickname': None
  343. })
  344.  
  345. elif request.method.upper() == "POST":
  346. rjson = request.get_json()
  347. print(f"{request.method} : {rjson}")
  348.  
  349. ticket = rjson.get("Ticket")
  350. userId = ticket.split('-')[0] if ticket else None
  351. print(f"Extracted userId: {userId}")
  352.  
  353. if userId is None or len(userId) != 16:
  354. print("Invalid userId")
  355. return jsonify({
  356. 'resultCode': 2,
  357. 'message': 'Invalid token',
  358. 'userId': None,
  359. 'nickname': None
  360. })
  361.  
  362. req = requests.post(
  363. url=f"https://{settings.TitleId}.playfabapi.com/Server/GetUserAccountInfo",
  364. json={"PlayFabId": userId},
  365. headers={
  366. "content-type": "application/json",
  367. "X-SecretKey": settings.SecretKey
  368. })
  369.  
  370. print(f"Authenticated user {userId.lower()}")
  371. print(f"Request to PlayFab returned status code: {req.status_code}")
  372.  
  373. if req.status_code == 200:
  374. nickName = req.json().get("UserInfo",
  375. {}).get("UserAccountInfo",
  376. {}).get("Username")
  377. if not nickName:
  378. nickName = None
  379. return jsonify({
  380. 'resultCode': 1,
  381. 'message':
  382. f'Authenticated user {userId.lower()} title {settings.TitleId.lower()}',
  383. 'userId': f'{userId.upper()}',
  384. 'nickname': nickName
  385. })
  386. else:
  387. print("Failed to get user account info from PlayFab")
  388. successJson = {
  389. 'resultCode': 0,
  390. 'message': "Something went wrong",
  391. 'userId': None,
  392. 'nickname': None
  393. }
  394. authPostData = {}
  395. for key, value in authPostData.items():
  396. successJson[key] = value
  397. print(f"Returning successJson: {successJson}")
  398. return jsonify(successJson)
  399. else:
  400. print(f"Invalid method: {request.method.upper()}")
  401. return jsonify({
  402. "Message":
  403. "Use a POST or GET Method instead of " + request.method.upper()
  404. })
  405.  
  406.  
  407. def ReturnFunctionJson(data, funcname, funcparam={}):
  408. print(f"Calling function: {funcname} with parameters: {funcparam}")
  409. rjson = data.get("FunctionParameter", {})
  410. userId = rjson.get("CallerEntityProfile",
  411. {}).get("Lineage", {}).get("TitlePlayerAccountId")
  412.  
  413. print(f"UserId: {userId}")
  414.  
  415. req = requests.post(
  416. url=f"https://{settings.TitleId}.playfabapi.com/Server/ExecuteCloudScript",
  417. json={
  418. "PlayFabId": userId,
  419. "FunctionName": funcname,
  420. "FunctionParameter": funcparam
  421. },
  422. headers={
  423. "content-type": "application/json",
  424. "X-SecretKey": secretkey
  425. })
  426.  
  427. if req.status_code == 200:
  428. result = req.json().get("data", {}).get("FunctionResult", {})
  429. print(f"Function result: {result}")
  430. return jsonify(result), req.status_code
  431. else:
  432. print(f"Function execution failed, status code: {req.status_code}")
  433. return jsonify({}), req.status_code
  434.  
  435.  
  436. if __name__ == "__main__":
  437. app.run(host="0.0.0.0", port=9080)
Tags: bckend
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!