pixivfe/README.md

# PixivFE

A privacy-respecting alternative front-end for Pixiv that doesn't suck

<p>
<a href="https://codeberg.org/vnpower/pixivfe">
<img alt="Get it on Codeberg" src="https://get-it-on.codeberg.org/get-it-on-blue-on-white.png" height="60">
</a>
</p>

Questions? Feedbacks? You can [PM me](https://matrix.to/#/@vnpower:exozy.me) on
Matrix!

You can keep track of this project's development
[here](https://codeberg.org/VnPower/pixivfe/projects/3481).

## Features

- Lightweight - both the interface and the code
- Privacy-first - the server will do the work for you
- No bloat - we only serve HTML and CSS
- Open source - you can trust me!

## Hosting

Check out [this page.](https://codeberg.org/VnPower/pixivfe/wiki/Hosting). We
currently have guides for Docker and Caddy.

Many thanks to [dragongoose](https://codeberg.org/dragongoose) for writing the
Docker guide!

## Instances

| Name               | Cloudflare? | URL                             |
| ------------------ | ----------- | ------------------------------- |
| exozyme (Official) | No          | https://pixivfe.exozy.me        |
| dragongoose        | No          | https://pixivfe.dragongoose.us  |
| WhateverItWorks    | Yes         | https://art.whateveritworks.org |

Hosted one yourself? Create a pull request to add it here!

## License

[AGPL3](https://www.gnu.org/licenses/agpl-3.0.txt)

## Note

Features like following an user, bookmarking and/or liking an artwork won't be
added anytime soon.

API routes:

- Following an user: `https://www.pixiv.net/bookmark_add.php`
- Bookmarking an artwork: `https://www.pixiv.net/ajax/illusts/bookmarks/add`

This is because for these endpoints to work, we must pass in a header called
`x-csrf-token`. The token was stored directly inside any Pixiv's pages (ex:
https://www.pixiv.net) in a variable called `pixiv.context.token`. We could
easily get this token using `curl`:

![curl https://www.pixiv.net --silent | grep pixiv.context.token](https://files.catbox.moe/pbjqtu.png)

The problem is, we cannot use this token, because when we were using `curl` to
fetch the page, we weren't authenticated. Each user has their own token,
generated every time they logout (i think). If we try to authenticate with
`PHPSESSID`, Cloudflare will stop us and we get a challenge page.

![Challenge page](https://files.catbox.moe/c1e0kp.png)

Unless we find out a way to fetch a `x-csrf-token` that works, these features
will probably never be added.

If you found out a way to fetch it, please tell me. You can test the token using
this command:
`curl -H "x-csrf-token: your_csrf_token" -X POST -d "mode=add&type=user&user_id=36055573&tag=&restrict=0&format=json" "https://www.pixiv.net/bookmark_add.php" --cookie "PHPSESSID=your_token" -A "Mozilla/5.0"`

It will return an empty JSON array if success, like this:
![Successfully followed](https://files.catbox.moe/oiwx4u.png)
unnecessary files 2023-05-13 03:48:35 +00:00			`# PixivFE`

			`A privacy-respecting alternative front-end for Pixiv that doesn't suck`
README: update 2023-06-01 13:05:02 +00:00
			`<p>`
			`<a href="https://codeberg.org/vnpower/pixivfe">`
README: get it on codeberg because why not 2023-06-01 04:54:36 +00:00			`<img alt="Get it on Codeberg" src="https://get-it-on.codeberg.org/get-it-on-blue-on-white.png" height="60">`
			`</a>`
README: update 2023-06-01 13:05:02 +00:00			`</p>`
unnecessary files 2023-05-13 03:48:35 +00:00
Some notes 2023-08-21 14:34:45 +00:00			`Questions? Feedbacks? You can [PM me](https://matrix.to/#/@vnpower:exozy.me) on`
			`Matrix!`

			`You can keep track of this project's development`
			`[here](https://codeberg.org/VnPower/pixivfe/projects/3481).`
Update README 2023-08-15 13:29:51 +00:00
README: rewrite a lot of stuff 2023-06-05 13:33:14 +00:00			`## Features`
unnecessary files 2023-05-13 03:48:35 +00:00
README: rewrite a lot of stuff 2023-06-05 13:33:14 +00:00			`- Lightweight - both the interface and the code`
			`- Privacy-first - the server will do the work for you`
Feature: remove JavaScript code for lazy load images #1 2023-06-06 02:56:54 +00:00			`- No bloat - we only serve HTML and CSS`
README: rewrite a lot of stuff 2023-06-05 13:33:14 +00:00			`- Open source - you can trust me!`
Feature: added navigation for user page 2023-05-17 13:31:23 +00:00
README: wiki page and instances table 2023-06-08 11:54:17 +00:00			`## Hosting`
update README 2023-05-13 12:25:12 +00:00
Some notes 2023-08-21 14:34:45 +00:00			`Check out [this page.](https://codeberg.org/VnPower/pixivfe/wiki/Hosting). We`
			`currently have guides for Docker and Caddy.`
README: new instance and hosting guide #12 2023-07-12 02:54:10 +00:00
Some notes 2023-08-21 14:34:45 +00:00			`Many thanks to [dragongoose](https://codeberg.org/dragongoose) for writing the`
			`Docker guide!`
README: rewrite a lot of stuff 2023-06-05 13:33:14 +00:00
README: update 2023-06-04 15:03:03 +00:00			`## Instances`

Some notes 2023-08-21 14:34:45 +00:00			`\| Name \| Cloudflare? \| URL \|`
			`\| ------------------ \| ----------- \| ------------------------------- \|`
			`\| exozyme (Official) \| No \| https://pixivfe.exozy.me \|`
			`\| dragongoose \| No \| https://pixivfe.dragongoose.us \|`
new instance: art.whateveritworks.org 2023-07-15 02:38:17 +00:00			`\| WhateverItWorks \| Yes \| https://art.whateveritworks.org \|`
README: wiki page and instances table 2023-06-08 11:54:17 +00:00
			`Hosted one yourself? Create a pull request to add it here!`
README: update 2023-06-04 15:03:03 +00:00
unnecessary files 2023-05-13 03:48:35 +00:00			`## License`

README: rewrite a lot of stuff 2023-06-05 13:33:14 +00:00			`[AGPL3](https://www.gnu.org/licenses/agpl-3.0.txt)`
README: added a note 2023-07-25 03:57:56 +00:00
			`## Note`
Some notes 2023-08-21 14:34:45 +00:00
			`Features like following an user, bookmarking and/or liking an artwork won't be`
			`added anytime soon.`
README: added a note 2023-07-25 03:57:56 +00:00
			`API routes:`
Some notes 2023-08-21 14:34:45 +00:00
README: added a note 2023-07-25 03:57:56 +00:00			- Following an user: `https://www.pixiv.net/bookmark_add.php`
			- Bookmarking an artwork: `https://www.pixiv.net/ajax/illusts/bookmarks/add`

Some notes 2023-08-21 14:34:45 +00:00			`This is because for these endpoints to work, we must pass in a header called`
			`x-csrf-token`. The token was stored directly inside any Pixiv's pages (ex:
			https://www.pixiv.net) in a variable called `pixiv.context.token`. We could
			easily get this token using `curl`:
README: added a note 2023-07-25 03:57:56 +00:00
			`![curl https://www.pixiv.net --silent \| grep pixiv.context.token](https://files.catbox.moe/pbjqtu.png)`

Some notes 2023-08-21 14:34:45 +00:00			The problem is, we cannot use this token, because when we were using `curl` to
			`fetch the page, we weren't authenticated. Each user has their own token,`
			`generated every time they logout (i think). If we try to authenticate with`
			`PHPSESSID`, Cloudflare will stop us and we get a challenge page.
README: added a note 2023-07-25 03:57:56 +00:00
			`![Challenge page](https://files.catbox.moe/c1e0kp.png)`

Some notes 2023-08-21 14:34:45 +00:00			Unless we find out a way to fetch a `x-csrf-token` that works, these features
			`will probably never be added.`
README: added a note 2023-07-25 03:57:56 +00:00
Some notes 2023-08-21 14:34:45 +00:00			`If you found out a way to fetch it, please tell me. You can test the token using`
			`this command:`
README: added a note 2023-07-25 03:57:56 +00:00			`curl -H "x-csrf-token: your_csrf_token" -X POST -d "mode=add&type=user&user_id=36055573&tag=&restrict=0&format=json" "https://www.pixiv.net/bookmark_add.php" --cookie "PHPSESSID=your_token" -A "Mozilla/5.0"`

			`It will return an empty JSON array if success, like this:`
			`![Successfully followed](https://files.catbox.moe/oiwx4u.png)`