upload

Dockerfile

@@ -0,0 +1,25 @@
+FROM node:20-slim
+
+RUN apt update && apt install -y \
+    wget gnupg xvfb \
+    fonts-liberation libnss3 libxss1 libxcomposite1 libxrandr2 libgbm1 \
+    && wget -q https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb \
+    && apt install -y ./google-chrome-stable_current_amd64.deb \
+    && rm google-chrome-stable_current_amd64.deb \
+    && apt clean && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -p /app/cache && chmod 777 -R /app
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm install --production
+
+COPY . .
+
+EXPOSE 7860
+
+CMD rm -f /tmp/.X99-lock && \
+    Xvfb :99 -screen 0 1024x768x24 & \
+    export DISPLAY=:99 && \
+    npm start

README.md

@@ -3,10 +3,8 @@ title: Cf
 emoji: 🏢
 colorFrom: purple
 colorTo: purple
-sdk: gradio
+sdk: docker
 sdk_version: 5.49.1
-app_file: app.py
-pinned: false
 license: apache-2.0
 short_description: bypass cf
 ---

api_test.py

@@ -0,0 +1,26 @@
+import asyncio
+import httpx
+
+async def main():
+    async with httpx.AsyncClient(timeout=30.0) as client:
+        resp1 = await client.post(
+            "http://localhost:8080/cloudflare",
+            json={
+                "domain": "https://olamovies.watch/generate",
+                "mode": "iuam",
+            },
+        )
+        print(resp1.json())
+
+        resp2 = await client.post(
+            "http://localhost:8080/cloudflare",
+            json={
+                "domain": "https://lksfy.com/",
+                "siteKey": "0x4AAAAAAA49NnPZwQijgRoi",
+                "mode": "turnstile",
+            },
+        )
+        print(resp2.json())
+
+if __name__ == "__main__":
+    asyncio.run(main())

cache/cache.json

@@ -0,0 +1,10 @@
+{
+  "{\"domain\":\"https://v2links.org\",\"mode\":\"iuam\"}": {
+    "timestamp": 1758616160392,
+    "value": {
+      "cf_clearance": "qqs5f4MpFMgA0v78Qmh_HYDWoKhbwqlQ57bTW5KeIr8-1758616161-1.2.1.1-D5PdpmheHl.26ssIRKQBsXzPtPPkSXntEZ_H9FUJVt7MMTS_BEE8iH.E48MDzKtFBLwZqRYxE_1GLo1gj3ChXrwatOGEJcmGRUwavy2qvGgUPizn7qufd.sW0ULfhaRO7Gz_H_eO1TU3iEqCzltEUDNk0SviKRFkF8ozbvJ91MW_qmO.qrjQorbu_jxcgJv5BHs6rTNOitWtVDAmYMDukASq0viHXIUAIvTM.LIfQ88",
+      "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36",
+      "elapsed_time": 5.028
+    }
+  }
+}

endpoints/cloudflare.js

@@ -0,0 +1,79 @@
+async function cloudflare(data, page) {
+  return new Promise(async (resolve, reject) => {
+    if (!data.domain) return reject(new Error("Missing domain parameter"))
+
+    const startTime = Date.now()
+    let isResolved = false
+    let userAgent = null
+
+    const cl = setTimeout(() => {
+      if (!isResolved) {
+        isResolved = true
+        const elapsedTime = (Date.now() - startTime) / 1000
+        resolve({
+          cf_clearance: null,
+          user_agent: userAgent,
+          elapsed_time: elapsedTime,
+        })
+      }
+    }, 20000)
+
+    try {
+      if (data.proxy?.username && data.proxy?.password) {
+        await page.authenticate({
+          username: data.proxy.username,
+          password: data.proxy.password,
+        })
+      }
+
+      page.removeAllListeners("request")
+      page.removeAllListeners("response")
+      await page.setRequestInterception(true)
+
+      page.on("request", async (req) => {
+        try {
+          await req.continue()
+        } catch (_) {}
+      })
+
+      page.on("response", async (res) => {
+        try {
+          const url = res.url()
+          if (url.includes("/cdn-cgi/challenge-platform/")) {
+            const headers = res.headers()
+            if (headers["set-cookie"]) {
+              const match = headers["set-cookie"].match(/cf_clearance=([^;]+)/)
+              if (match) {
+                const cf_clearance = match[1]
+                const userAgent = (await res.request().headers())["user-agent"]
+                const elapsedTime = (Date.now() - startTime) / 1000
+
+                if (!isResolved) {
+                  isResolved = true
+                  clearTimeout(cl)
+
+                  resolve({
+                    cf_clearance,
+                    user_agent: userAgent,
+                    elapsed_time: elapsedTime,
+                  })
+                }
+              }
+            }
+          }
+        } catch (_) {}
+      })
+
+      await page.goto(data.domain, { waitUntil: "domcontentloaded" })
+      userAgent = await page.evaluate(() => navigator.userAgent)
+    } catch (err) {
+      if (!isResolved) {
+        isResolved = true
+        clearTimeout(cl)
+        reject(err)
+      }
+    }
+  })
+}
+
+module.exports = cloudflare

endpoints/turnstile.js

@@ -0,0 +1,72 @@
+async function turnstile({ domain, proxy, siteKey }, page) {
+  if (!domain) throw new Error("Missing domain")
+  if (!siteKey) throw new Error("Missing siteKey")
+
+  const timeout = global.timeOut || 60000
+  let resolved = false
+  let timeoutId
+
+  try {
+    if (proxy?.username && proxy?.password) {
+      await page.authenticate({
+        username: proxy.username,
+        password: proxy.password,
+      }).catch(() => {})
+    }
+
+    const htmlContent = `
+      <!DOCTYPE html>
+      <html><body>
+        <div class="turnstile"></div>
+        <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer></script>
+        <script>
+          window.onloadTurnstileCallback = function() {
+            turnstile.render('.turnstile', {
+              sitekey: '${siteKey}',
+              callback: function(token) {
+                window.turnstileToken = token
+              }
+            })
+          }
+        </script>
+      </body></html>
+    `
+
+    await page.setRequestInterception(true)
+    page.removeAllListeners("request")
+    
+    page.on("request", async (request) => {
+      const url = request.url().split('?')[0]
+      if ([domain, domain + "/"].includes(url) && request.resourceType() === "document") {
+        await request.respond({
+          status: 200,
+          contentType: "text/html",
+          body: htmlContent,
+        })
+      } else {
+        await request.continue()
+      }
+    })
+
+    timeoutId = setTimeout(() => {
+      if (!resolved) throw new Error("Timeout")
+    }, timeout)
+
+    await page.goto(domain, { waitUntil: "domcontentloaded", timeout: 30000 })
+
+    await page.waitForFunction(() => window.turnstileToken, { timeout })
+    const token = await page.evaluate(() => window.turnstileToken)
+
+    resolved = true
+    clearTimeout(timeoutId)
+
+    if (!token) throw new Error("No token received")
+    return token
+
+  } catch (e) {
+    clearTimeout(timeoutId)
+    throw e
+  }
+}
+
+module.exports = turnstile

index.js

@@ -0,0 +1,154 @@
+const express = require('express')
+const { connect } = require("puppeteer-real-browser")
+const fs = require("fs")
+const path = require("path")
+
+const app = express()
+const port = process.env.PORT || 7860
+const authToken = process.env.authToken || null
+
+global.browserLimit = Number(process.env.browserLimit) || 20
+global.timeOut = Number(process.env.timeOut) || 60000
+
+const CACHE_DIR = path.join(__dirname, "cache")
+const CACHE_FILE = path.join(CACHE_DIR, "cache.json")
+const CACHE_TTL = 5 * 60 * 1000
+
+function loadCache() {
+  if (!fs.existsSync(CACHE_FILE)) return {}
+  try {
+    return JSON.parse(fs.readFileSync(CACHE_FILE, "utf-8"))
+  } catch {
+    return {}
+  }
+}
+
+function saveCache(cache) {
+  try {
+    if (!fs.existsSync(CACHE_DIR)) fs.mkdirSync(CACHE_DIR, { recursive: true })
+    fs.writeFileSync(CACHE_FILE, JSON.stringify(cache, null, 2))
+  } catch {}
+}
+
+function readCache(key) {
+  const cache = loadCache()
+  const entry = cache[key]
+  if (entry && Date.now() - entry.timestamp < CACHE_TTL) return entry.value
+  return null
+}
+
+function writeCache(key, value) {
+  const cache = loadCache()
+  cache[key] = { timestamp: Date.now(), value }
+  saveCache(cache)
+}
+
+app.use(express.json())
+app.use(express.urlencoded({ extended: true }))
+
+// Root endpoint sederhana
+app.get('/', (req, res) => {
+  res.status(200).json({ 
+    message: 'Cloudflare Solver API',
+    port: port,
+    status: 'active'
+  })
+})
+
+async function createBrowser(proxyServer = null) {
+  const connectOptions = {
+    headless: true,
+    turnstile: true,
+    connectOption: { 
+      defaultViewport: null,
+      args: ['--no-sandbox', '--disable-setuid-sandbox', '--disable-dev-shm-usage']
+    }
+  }
+  
+  if (proxyServer) {
+    connectOptions.args = [...(connectOptions.connectOption.args || []), `--proxy-server=${proxyServer}`]
+  }
+  
+  const { browser } = await connect(connectOptions)
+  const page = (await browser.pages())[0] || await browser.newPage()
+
+  await page.setRequestInterception(true)
+  page.on('request', (req) => {
+    if (["image", "stylesheet", "font", "media"].includes(req.resourceType())) {
+      req.abort()
+    } else {
+      req.continue()
+    }
+  })
+
+  return { browser, page }
+}
+
+const turnstile = require('./endpoints/turnstile')
+const cloudflare = require('./endpoints/cloudflare')
+
+app.post('/cloudflare', async (req, res) => {
+  const data = req.body
+  
+  if (!data?.mode) return res.status(400).json({ message: 'Bad Request' })
+  if (authToken && data.authToken !== authToken) return res.status(401).json({ message: 'Unauthorized' })
+  if (global.browserLimit <= 0) return res.status(429).json({ message: 'Too Many Requests' })
+
+  let cacheKey, cached
+  if (data.mode === "iuam") {
+    cacheKey = JSON.stringify(data)
+    cached = readCache(cacheKey)
+    if (cached) return res.status(200).json({ ...cached, cached: true })
+  }
+
+  global.browserLimit--
+  let browser = null
+
+  try {
+    const proxyServer = data.proxy ? `${data.proxy.hostname}:${data.proxy.port}` : null
+    const { browser: br, page } = await createBrowser(proxyServer)
+    browser = br
+
+    let result
+    switch (data.mode) {
+      case "turnstile":
+        result = await turnstile(data, page)
+          .then(token => ({ token }))
+          .catch(err => ({ code: 500, message: err.message }))
+        break
+
+      case "iuam":
+        result = await cloudflare(data, page)
+          .then(r => ({ ...r }))
+          .catch(err => ({ code: 500, message: err.message }))
+
+        if (!result.code) writeCache(cacheKey, result)
+        break
+
+      default:
+        result = { code: 400, message: 'Invalid mode' }
+    }
+
+    res.status(result.code ?? 200).json(result)
+  } catch (err) {
+    res.status(500).json({ code: 500, message: err.message })
+  } finally {
+    if (browser) await browser.close().catch(() => {})
+    global.browserLimit++
+  }
+})
+
+app.use((req, res) => {
+  res.status(404).json({ message: 'Not Found' })
+})
+
+if (process.env.NODE_ENV !== 'development') {
+  const server = app.listen(port, () => {
+    console.log(`Server running on port ${port}`)
+  })
+  server.timeout = global.timeOut + 10000
+}
+
+if (process.env.NODE_ENV === 'development') {
+  module.exports = app
+}

package.json

@@ -0,0 +1,16 @@
+{
+  "name": "cf-bypass",
+  "version": "1.0",
+  "description": "get the cf_clearance cookie from any website",
+  "scripts": {
+    "start": "node index.js",
+    "dev": "nodemon index.js"
+  },
+  "dependencies": {
+    "express": "^5.1.0",
+    "puppeteer-real-browser": "^1.4.0"
+  },
+  "devDependencies": {
+    "nodemon": "^3.1.10"
+  }
+}