TinyTinyRSS Authentication

Raider configuration for TinyTinyRSS with two sample functions, one to get the user’s feeds, another to get the labels. Multi-factor authentication support is included.

(setv _base_url "http://localhost:8280")


(setv csrf_token
      (Regex
        :name "csrf_token"
        :regex "const __csrf_token = \"([^\"]+)\""))

(setv username (Variable "username"))
(setv password (Variable "password"))
(setv ttrss_sid (Cookie "ttrss_sid"))
(setv mfa_code (Prompt "MFA"))

(setv login
      (Flow
        :name "login"
        :request
        (Request
          :method "POST"
          :path "/tt-rss/public.php"
          :data
          {"op" "login"
           "login" username
           "password" password
           "profile" 0}
          )
        :outputs
        [ttrss_sid]
        :operations
        [(Http
           :status 200 ;; ttrss responds with 200 when MFA is enabled
           :action
           [(Print "Multi-factor authentication is enabled.")
            (NextStage "multi_factor")]
           :otherwise
           [(Print "Multi-factor authentication is disabled.")
            (NextStage "main_page")])]))
        
        
(setv multi_factor
      (Flow
        :name "multi_factor"
        :request
        (Request
          :method "POST"
          :path "/tt-rss/public.php"
          :data
          {"op" "login"
           "login" username
           "password" password
           "bw_limit" ""
           "safe_mode" ""
           "remember_me" ""
           "profile" 0
           "otp" mfa_code})
        :outputs [ttrss_sid]
        :operations [(NextStage "main_page")]))
               
(setv main_page
      (Flow
        :name "main_page"
        :request
        (Request
          :path "/tt-rss/"
          :method "GET"
          :cookies [ttrss_sid])
        :outputs [csrf_token]
        :operations [(Grep
                       :regex "Incorrect username or password"
                       :action (Print "Login failed")
                       :otherwise (Print "Login succeeded"))]))


(setv get_feeds
      (Flow
        :name "get_feeds"
        :request
        (Request
          :path "/tt-rss/backend.php"
          :method "POST"
          :cookies [ttrss_sid]
          :data
          {"op" "feeds"
           "method" "view"
           "feed" -4  ;; -4 ~ All articles
           "view_mode" "adaptive"
           "order_by" "default"
           "cat" "false"
           "csrf_token" csrf_token})
        :operations
        [(Print.body)])) ;; Print the JSON body with the list of feeds

(setv get_labels
      (Flow
        :name "get_labels"
        :request
        (Request
          :path "/tt-rss/backend.php"
          :method "GET"
          :cookies [ttrss_sid]
          :data
          {"op" "pref-labels"
           "method" "getlabeltree"})
        :operations
        [(Print.body)])) ;; Print the JSON body with the list of labels

(setv _authentication [login
                       multi_factor
                       main_page])
          
(setv _functions [get_feeds
                  get_labels])