docker: chromium now needs libxfixes3, despite no version changes..., fixes #551

https://sonarcloud.io/project/security_hotspots?id=vogler_free-games-claimer&branch=dev&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true

.cspell.json

@@ -0,0 +1,20 @@
+{
+  "ignorePaths": [
+    "**/data/**",
+    "docker.yml",
+    "Dockerfile",
+    ".jscpd.json",
+    "**/node_modules/**",
+    "**/vscode-extension/**",
+    "**/.git/**",
+    "**/.pnpm-lock.json",
+    ".vscode",
+    "megalinter",
+    "package-lock.json",
+    "report"
+  ],
+  "language": "en",
+  "noConfigSearch": true,
+  "words": ["megalinter", "oxsecurity", "ralf", "vogler", "DOCKERHUB"],
+  "version": "0.2"
+}

.dockerignore

@@ -1,6 +1,12 @@
 node_modules/
 data/
 *.env
+megalinter-reports/
+
+# the above is just copied from .gitignore - violating DRY...
+# however, generally, we want .dockerignore to be a *strict* superset of .gitignore, so we can't just `ln -s .gitignore .dockerignore`
+# could generate this in CI and append the extra entries from below, but then it wouldn't work for local builds without running some script...
+# also, the rules are slightly different: https://zzz.buzz/2018/05/23/differences-of-rules-between-gitignore-and-dockerignore/
 
 .gitignore
 .github/

.forgejo/workflows/build.yml

@@ -1,87 +0,0 @@
-name: build-and-push
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  lint:
-    runs-on: self-hosted
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - name: Install dependencies
-        run: npm ci
-      - name: Run ESLint
-        run: npm run lint
-
-  sonar:
-    needs: lint
-    runs-on: self-hosted
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - name: Install Sonar Scanner (npm)
-        run: npm install -g sonarqube-scanner
-      - name: SonarQube Scan
-        env:
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
-        run: |
-          WORKDIR=${GITHUB_WORKSPACE:-$PWD}
-          HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set}
-          PROJECT_KEY=${SONAR_PROJECT_KEY:-}
-          if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then
-            PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r')
-          fi
-          if [ -z "$PROJECT_KEY" ]; then
-            echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2
-            exit 1
-          fi
-          echo "Sonar project key: $PROJECT_KEY"
-          echo "Listing workspace:"
-          ls -la
-          echo "Sample files:"
-          find . -maxdepth 2 -type f | head -n 20
-          echo "Running local sonar-scanner..."
-          sonar-scanner \
-            -Dsonar.host.url="$HOST_URL" \
-            -Dsonar.token="$SONAR_TOKEN" \
-            -Dsonar.projectKey="$PROJECT_KEY" \
-            -Dsonar.sources=. \
-            -Dsonar.scm.disabled=true \
-            -Dsonar.projectBaseDir="$WORKDIR"
-
-  docker:
-    needs: [lint, sonar]
-    runs-on: self-hosted
-    steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Login to registry
-        run: echo "${{ secrets.REG_TOKEN }}" | docker login "${{ secrets.REGISTRY }}" -u "${{ secrets.REG_USER }}" --password-stdin
-
-      - name: Build image
-        run: |
-          docker buildx build --load \
-            -t "${{ secrets.REGISTRY_IMAGE }}:latest" .
-
-      - name: Push image
-        run: |
-          docker push "${{ secrets.REGISTRY_IMAGE }}:latest"

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: vogler # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: fgc # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: vogler # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: vogler # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ["https://www.buymeacoffee.com/vogler", "https://paypal.me/voglerr"] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/dependabot.yml

@@ -0,0 +1,34 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "*eslint*"
+    #   - dependency-name: "@stylistic/eslint-plugin-js"
+    groups:
+      dev-dependencies:
+        dependency-type: "development"
+    # commit-message:
+    #   prefix: "npm"
+    #   include: "scope"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    # commit-message:
+    #   prefix: "docker"
+    #   include: "scope"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    # commit-message:
+    #   prefix: "github-actions"
+    #   include: "scope"

.github/renovate.json

@@ -0,0 +1,5 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "enabled": false,
+  "extends": ["config:recommended"]
+}

.github/workflows/docker.yml

@@ -0,0 +1,119 @@
+name: Build and push Docker image (amd64, arm64 to hub.docker.com and ghcr.io)
+
+on:
+  workflow_dispatch: # allows manual trigger
+  push: # push on branch
+    branches: [main, dev]
+    paths: # ignore changes to .md files
+      - "**"
+      - "!*.md"
+      # - '!.github/**'
+  pull_request: # runs when opened/reopened or when the head branch is updated
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  BRANCH: ${{ github.head_ref || github.ref_name }} # head_ref/base_ref are only set for PRs, for branches ref_name will be used
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set environment variables
+        run: |
+          echo "NOW=$(date -R)" >> "$GITHUB_ENV" # date -Iseconds; date +'%Y-%m-%dT%H:%M:%S'
+          if [[ "$BRANCH" == "main" ]]; then
+            echo "IMAGE_TAG=latest" >> "$GITHUB_ENV"
+          else
+            echo "IMAGE_TAG=$BRANCH" >> "$GITHUB_ENV"
+          fi
+      - name: Extract metadata for Docker (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/free-games-claimer
+            ghcr.io/${{ github.actor }}/free-games-claimer
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            # use docker tag 'latest' for the default branch (default is to only use it for the latest git tag)
+            type=raw,value=latest,enable={{is_default_branch}}
+          labels: |
+            org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
+        env:
+          # otherwise labels are not shown on GitHub due to multi-arch image: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#adding-a-description-to-multi-arch-images
+          # https://github.com/docker/metadata-action#annotations
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        # if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} # does not work: Unrecognized named-value: 'secrets' - https://www.cloudtruth.com/blog/skipping-jobs-in-github-actions-when-secrets-are-unavailable-securely-inject-configuration-secrets-into-github
+        if: github.event_name != 'pull_request' # don't try to login since PRs don't have access to secrets and need to set them in their fork
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }} # actor is user that opened PR, was repository_owner before
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        if: ${{ env.IMAGE_TAG != '' }}
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          # push: ${{ secrets.DOCKERHUB_USERNAME != '' }} # here we can access secrets
+          # TODO speed up by building in parallel? https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            COMMIT=${{ github.sha }}
+            BRANCH=${{ env.BRANCH }}
+            NOW=${{ env.NOW }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+          # tags: |
+          #   ${{ secrets.DOCKERHUB_USERNAME }}/free-games-claimer:${{env.IMAGE_TAG}}
+          #   ghcr.io/${{ github.actor }}/free-games-claimer:${{env.IMAGE_TAG}}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # https://gist.github.com/MichaelSimons/fb588539dcefd9b5fdf45ba04c302db6
+      - name: Docker (un)compressed sizes
+        run: |
+          REP=ghcr.io/${{ github.actor }}/free-games-claimer
+          IMG=$REP:${{env.IMAGE_TAG}}
+          log() { echo -e "\n\$ $*"; "$@"; }
+          emd() { echo "$*" | tee -a "$GITHUB_STEP_SUMMARY"; }
+          cmd() { echo "\$ $*" | tee -a "$GITHUB_STEP_SUMMARY"; "$@" | tee -a "$GITHUB_STEP_SUMMARY"; }
+          emd '```console'
+          download-size() { docker manifest inspect -v "$1" | jq -c 'if type == "array" then .[] else . end' |  jq -r '[ ( .Descriptor.platform | [ .os, .architecture, .variant, ."os.version" ] | del(..|nulls) | join("/") ), ( [ ( .OCIManifest // .SchemaV2Manifest ).layers[].size ] | add ) ] | join(" ")' | numfmt --to iec --format '%.2f' --field 2 | sort | column -t ; }
+          cmd download-size "$IMG"
+          ## don't need the following in job summary, but nice to have in full log
+          log docker buildx history inspect
+          # log docker buildx du
+          ## not needed locally, but in CI with buildx `docker image ls` just lists moby/buildkit and tonistiigi/binfmt since the multi-arch build is pushed to registry instead of loaded locally, so we need to pull it first (cached anyway)
+          log docker pull "$IMG"
+          # log docker image rm moby/buildkit # failed
+          # log docker image rm tonistiigi/binfmt
+          # emd '# Uncompressed size (max, not size on disk due to sharing):'
+          # cmd docker image ls # below has more details
+          emd '# uncompressed size = unique + shared:'
+          local-size() { docker system df -v | grep "$1" -B1; }
+          cmd local-size "$REP"
+          emd '```'
+        continue-on-error: true

.github/workflows/js.yml

@@ -0,0 +1,61 @@
+name: "JS: deps, lint, tests"
+
+# Run on push in any branch and changes in PRs.
+on:
+  push:
+    paths:
+      - "**.js"
+      - "**.ts"
+      - "package.json"
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write # required for sarif upload
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: oven-sh/setup-bun@v2
+      - name: bun install
+        run: bun install
+
+      # check size of dependencies
+      # all tools gave different results locally
+      - name: dep-size node_modules
+        run: du -sh node_modules | tee -a "$GITHUB_STEP_SUMMARY"
+      - name: dep-size howfat -d (inc. dev) - ignores size of transitive deps
+        run: bunx howfat -d --reporter table --sort size-
+      - name: dep-size howfat -d -p (inc. dev, peer) - includes size of transitive deps per dep
+        run: bunx howfat -d -p --reporter table --sort size-
+      - name: dep-size qnm (flat list as in node_modules)
+        run: |
+          emd() { echo "$*" | tee -a "$GITHUB_STEP_SUMMARY"; }
+          cmd() { echo "\$ $*" | tee -a "$GITHUB_STEP_SUMMARY"; "$@" | tee -a "$GITHUB_STEP_SUMMARY"; }
+          emd '```console'
+          cmd bunx qnm doctor
+          emd '```'
+      # - name: dep-size cost-of-modules # this says total 8.37MB while du says 75MB...
+      #   run: bunx cost-of-modules --include-dev --no-install
+
+      # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-that-runs-the-eslint-analysis-tool
+      - name: eslint (sarif output)
+        # https://github.com/microsoft/sarif-js-sdk/issues/91
+        # @microsoft/eslint-formatter-sarif uses eslint@8.57.1 instead of my local eslint@9.27.0 despite it not needing it? -> just download the sarif.js file instead of having dep in package.json (only needed here anyway)
+        run: |
+          wget https://raw.githubusercontent.com/microsoft/sarif-js-sdk/refs/heads/main/packages/eslint-formatter-sarif/sarif.js -O node_modules/sarif.cjs
+          bun i utf8 lodash jschardet
+          bun eslint . --format node_modules/sarif.cjs -o results.sarif
+        continue-on-error: true
+
+      - name: upload eslint sarif output for Security tab and inline results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif
+          category: eslint
+
+      - name: bun lint
+        # eslint exits 1 if it finds anything to report
+        run: bun lint

.github/workflows/mega-linter.yml

@@ -0,0 +1,209 @@
+# MegaLinter GitHub Action configuration file
+# More info at https://megalinter.io
+
+# See .mega-linter.yml for actual config and examples how to run this locally.
+---
+name: MegaLinter
+
+# Run on push in any branch and changes in PRs.
+on:
+  push:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+# Comment env block if you do not want to apply fixes
+env:
+  # Apply linter fixes configuration
+  #
+  # When active, APPLY_FIXES must also be defined as environment variable
+  # (in github/workflows/mega-linter.yml or other CI tool)
+  APPLY_FIXES: all
+
+  # Decide which event triggers application of fixes in a commit or a PR
+  # (pull_request, push, all)
+  APPLY_FIXES_EVENT: pull_request
+
+  # If APPLY_FIXES is used, defines if the fixes are directly committed (commit)
+  # or posted in a PR (pull_request)
+  APPLY_FIXES_MODE: commit
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  megalinter:
+    name: MegaLinter
+    runs-on: ubuntu-latest
+
+    # Give the default GITHUB_TOKEN write permission to commit and push, comment
+    # issues, and post new Pull Requests; remove the ones you do not need
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      security-events: write # needed for SARIF upload
+
+    steps:
+      # Git Checkout
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+
+          # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
+          # improve performance
+          fetch-depth: 0
+
+      # MegaLinter
+      - name: MegaLinter
+
+        # You can override MegaLinter flavor used to have faster performances
+        # More info at https://megalinter.io/latest/flavors/
+        # uses: oxsecurity/megalinter@v8 # default (127 linters)
+        uses: oxsecurity/megalinter/flavors/cupcake@beta # most common, was recommended in output (88 linters); switched from v8.7.0 to beta for new features
+
+        id: ml
+
+        # All available variables are described in documentation
+        # https://megalinter.io/latest/config-file/
+        env:
+          # Validates all source when push on main, else just the git diff with
+          # main. Override with true if you always want to lint all sources
+          #
+          # To validate the entire codebase, set to:
+          # VALIDATE_ALL_CODEBASE: true
+          #
+          # To validate only diff with main, set to:
+          # VALIDATE_ALL_CODEBASE: >-
+          #   ${{
+          #     github.event_name == 'push' &&
+          #     github.ref == 'refs/heads/main'
+          #   }}
+          VALIDATE_ALL_CODEBASE: true
+
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # Uncomment to use ApiReporter (Grafana)
+          # API_REPORTER: true
+          # API_REPORTER_URL: ${{ secrets.API_REPORTER_URL }}
+          # API_REPORTER_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_BASIC_AUTH_USERNAME }}
+          # API_REPORTER_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_BASIC_AUTH_PASSWORD }}
+          # API_REPORTER_METRICS_URL: ${{ secrets.API_REPORTER_METRICS_URL }}
+          # API_REPORTER_METRICS_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_USERNAME }}
+          # API_REPORTER_METRICS_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_PASSWORD }}
+          # API_REPORTER_DEBUG: false
+
+          # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF
+          # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: MegaLinter reports
+          include-hidden-files: "true"
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      # Create pull request if applicable
+      # (for now works only on PR from same repository, not from forks)
+      - name: Create Pull Request with applied fixes
+        uses: peter-evans/create-pull-request@v6
+        id: cpr
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'pull_request' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          commit-message: "[MegaLinter] Apply linters automatic fixes"
+          title: "[MegaLinter] Apply linters automatic fixes"
+          labels: bot
+
+      - name: Create PR output
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'pull_request' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        run: |
+          echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
+
+      # Push new commit if applicable
+      # (for now works only on PR from same repository, not from forks)
+      - name: Prepare commit
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'commit' &&
+          github.ref != 'refs/heads/main' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        run: sudo chown -Rc $UID .git/
+
+      - name: Commit and push applied linter fixes
+        uses: stefanzweifel/git-auto-commit-action@v5
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'commit' &&
+          github.ref != 'refs/heads/main' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        with:
+          branch: >-
+            ${{
+              github.event.pull_request.head.ref ||
+              github.head_ref ||
+              github.ref
+            }}
+          commit_message: "[MegaLinter] Apply linters fixes"
+          commit_user_name: megalinter-bot
+          commit_user_email: 129584137+megalinter-bot@users.noreply.github.com
+
+      # https://megalinter.io/latest/reporters/SarifReporter/
+      - name: Upload MegaLinter scan results to GitHub Security tab
+        if: success() || failure()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "megalinter-reports/megalinter-report.sarif"
+          category: mega-linter
+
+      # https://github.blog/news-insights/product-news/supercharging-github-actions-with-job-summaries/
+      # - name: Add job summary
+      #   if: success() || failure()
+      #   run: cat "megalinter-reports/megalinter-report.md" >> "$GITHUB_STEP_SUMMARY"
+      # the above is now handled by the MARKDOWN_SUMMARY_REPORTER itself after https://github.com/oxsecurity/megalinter/issues/1489 (available in beta)
+
+      # logs and artifacts are retained for 90 days, workflow run history is retained for 400 days... https://docs.github.com/en/actions/administering-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy

.github/workflows/sonarqube.yml

@@ -0,0 +1,38 @@
+name: SonarQube Scan
+
+# Run on push in any branch and changes in PRs.
+on:
+  push:
+    paths:
+      - "**.js"
+      - "**.ts"
+      - "package.json"
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+
+jobs:
+  sonarqube:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting. Otherwise sonarcloud will show a warning.
+          fetch-depth: 0
+
+      - uses: oven-sh/setup-bun@v2
+      - name: bun install
+        run: bun install
+
+      - name: eslint (json output)
+        continue-on-error: true
+        run: bun eslint . -f json -o eslint_report.json
+      - name: fix paths for SonarCloud
+        run: sed -i 's+/home/runner/work/free-games-claimer/free-games-claimer+/github/workspace+g' eslint_report.json
+
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.gitignore

@@ -1,3 +1,4 @@
 node_modules/
 data/
 *.env
+megalinter-reports/

.jscpd.json

@@ -0,0 +1,15 @@
+{
+  "threshold": 0,
+  "reporters": ["html", "markdown"],
+  "ignore": [
+    "**/node_modules/**",
+    "**/.git/**",
+    "**/.rbenv/**",
+    "**/.venv/**",
+    "**/*cache*/**",
+    "**/.github/**",
+    "**/.idea/**",
+    "**/report/**",
+    "**/*.svg"
+  ]
+}

.mega-linter.yml

@@ -0,0 +1,84 @@
+# Configuration file for MegaLinter
+#
+# See all available variables at https://megalinter.io/latest/config-file/ and in
+# linters documentation
+
+# See .github/workflows/mega-linter.yml for GitHub config.
+
+# Run this locally via Docker:
+# npx mega-linter-runner -r v8 -f cupcake # run as configured here
+# npx mega-linter-runner -r v8 -f cupcake -e "'ENABLE=MARKDOWN,YAML'" -e "APPLY_FIXES=none" # only enable certain groups and disable automatic fixes (note that the '' are required for multiple values)
+# npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter
+# https://github.com/oxsecurity/megalinter#cli-lint-mode most linters will respect .gitignore, but the ones running in 'project' mode will not and may take forever if not configured right
+
+# all, none, or list of linter keys
+APPLY_FIXES: all
+
+# If you use ENABLE variable, all other languages/formats/tooling-formats will
+# be disabled by default
+# ENABLE:
+
+# If you use ENABLE_LINTERS variable, all other linters will be disabled by
+# default
+# ENABLE_LINTERS:
+
+# DISABLE:
+#   - COPYPASTE # Uncomment to disable checks of excessive copy-pastes
+#   - SPELL # Uncomment to disable checks of spelling mistakes
+
+SHOW_ELAPSED_TIME: true
+
+# Uncomment if you want MegaLinter to detect errors but not block CI to pass
+# DISABLE_ERRORS: true
+
+# ---
+# Custom config:
+
+PRINT_ALPACA: false
+
+JAVASCRIPT_DEFAULT_STYLE: prettier # disables JAVASCRIPT_STANDARD in favor of JAVASCRIPT_PRETTIER - disabled below since I prefer my local eslint
+
+# DISABLE: # groups of linters/formatters
+#   - REPOSITORY # ignore this for now (at least locally) since all project-based and need extra config like .gitignore
+
+# npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter locally
+DISABLE_LINTERS: # times are for running locally with 30GB swap, 65% pressure and several GB in data/ (relevant for project-mode linters that don't respect .gitignore)
+  - MARKDOWN_MARKDOWN_LINK_CHECK # 30s, only reported 0 (e.g. for localhost) or 403 (forbidden) for working links to settings or due to DDoS/bot protections
+  - JAVASCRIPT_STANDARD # don't like standard format
+  - JAVASCRIPT_PRETTIER # prefer my local eslint config
+  - REPOSITORY_TRIVY_SBOM # 11s, don't need SBOM
+
+DISABLE_ERRORS_LINTERS: # error -> warning
+  - DOCKERFILE_HADOLINT # mostly wants to pin versions for apt and pip installs and merge consecutive RUN instructions
+  - COPYPASTE_JSCPD # default threshold is 0% duplicates -> can make this error once sep. scripts are refactored
+  - SPELL_CSPELL # needs config in .cspell.json, but looks annoying since it also flags apt packages
+  - SPELL_LYCHEE # dead link checking, 9/332 errors all false positives (Forbidden etc.)
+  - JAVASCRIPT_ES # this uses old eslint 8.57.1 instead of local 9.26.0 and complains about stuff that newer version has no problem with
+  - REPOSITORY_CHECKOV # docker healthcheck not needed for CLI
+  - REPOSITORY_KICS # wants to pin GitHub Actions to commit sha etc.
+  - REPOSITORY_TRIVY # docker healthcheck not needed for CLI
+
+# Customizations via CLI arguments:
+
+# https://github.com/prantlf/jsonlint#command-line-interface
+JSON_JSONLINT_ARGUMENTS: --comments --trailing-commas --no-duplicate-keys
+
+# https://prettier.io/docs/options#trailing-commas
+# JSON_PRETTIER_ARGUMENTS: --trailing-comma all --parser jsonc # need to change parser too since the default json parser still strips trailing commas
+# -> let prettier remove trailing commas since e.g. npm will fail to JSON.parse package.json otherwise...
+
+# megalinter still expects the old .eslintrc file... https://github.com/oxsecurity/megalinter/issues/3570#issuecomment-2138193684
+JAVASCRIPT_ES_CONFIG_FILE: eslint.config.js
+JAVASCRIPT_ES_COMMAND_REMOVE_ARGUMENTS: ["--no-eslintrc"] # not a valid option for eslint with flat config
+# worked, but behaved differently than local `npm run lint` and complained about while(true) with break - probably due old version 8.57.1 (same with -r beta) instead of my local 9.26.0
+
+# https://github.com/oxsecurity/megalinter#cli-lint-mode
+REPOSITORY_SECRETLINT_ARGUMENTS: --secretlintignore .gitignore
+
+# https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html
+REPOSITORY_CHECKOV_ARGUMENTS: --skip-path node_modules --skip-path data
+
+# CI will comment on PRs etc., but for running locally (or downloading the results), we want more than the default megalinter-reports/megalinter.log as an overview:
+JSON_REPORTER: true # mega-linter-report.json
+MARKDOWN_SUMMARY_REPORTER: true # megalinter-report.md
+SARIF_REPORTER: true # mega-linter-report.sarif - results for supported lintes should be shown in GitHub Security tab - https://megalinter.io/latest/reporters/SarifReporter/

.vscode/settings.json

@@ -6,5 +6,5 @@
     "source.fixAll.eslint": "explicit"
   },
   "eslint.experimental.useFlatConfig": true,
-  "eslint.codeActionsOnSave.rules": null,
+  "eslint.codeActionsOnSave.rules": null
 }

CONTRIBUTING.md

@@ -1,6 +1,17 @@
 # Contribute
 
-## Building and publishing docker images
-Setup the secrets for DOCKERHUB_USERNAME and [DOCKERHUB_TOKEN](https://hub.docker.com/settings/security) in https://github.com/YOUR_USERNAME/free-games-claimer/settings/secrets/actions to be able to run the docker.yml workflows.
+## Code: how to create a pull request
 
-Check if under Workflow Permissions in https://github.com/YOUR_USERNAME/free-games-claimer/settings/actions the radio button is set to "Read and write permissions". In case that's not set the push to ghcr.io will fail.
+1. Fork it ( <https://github.com/vogler/free-games-claimer/fork> ).
+1. Create your feature branch (`git checkout -b my-new-feature`).
+1. Stage your files (`git add .`).
+1. Commit your changes (`git commit -am 'Add some feature'`).
+1. Push to the branch (`git push origin my-new-feature`).
+1. Create a new pull request ( <https://github.com/vogler/free-games-claimer/compare> ).
+
+
+## Building and publishing docker images
+
+Setup the secrets for DOCKERHUB_USERNAME and [DOCKERHUB_TOKEN](https://hub.docker.com/settings/security) in `https://github.com/YOUR_USERNAME/free-games-claimer/settings/secrets/actions` to be able to run the docker.yml workflows.
+
+Check if under Workflow Permissions in `https://github.com/YOUR_USERNAME/free-games-claimer/settings/actions` the radio button is set to "Read and write permissions", otherwise the push to ghcr.io will fail.

Dockerfile

@@ -1,6 +1,6 @@
-# FROM mcr.microsoft.com/playwright:v1.20.0
-# Partially from https://github.com/microsoft/playwright/blob/main/utils/docker/Dockerfile.focal
-FROM ubuntu:jammy
+# Partially from https://github.com/microsoft/playwright/blob/main/utils/docker/Dockerfile.noble
+# Ubuntu 24.04 LTS (Noble Numbat)
+FROM ubuntu:noble
 
 # Configuration variables are at the end!
 
@@ -8,101 +8,100 @@ FROM ubuntu:jammy
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 ARG DEBIAN_FRONTEND=noninteractive
 
-# Install up-to-date node & npm, deps for virtual screen & noVNC, firefox, pip for apprise.
+# Install nodejs and deps for virtual display, noVNC, chromium, and pipx for installing apprise.
 RUN apt-get update \
-    && apt-get install --no-install-recommends -y curl ca-certificates gnupg \
+    && apt-get install -y --no-install-recommends curl ca-certificates gnupg \
     && mkdir -p /etc/apt/keyrings \
+    # Node.js
     && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
-    && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \
+    && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" > /etc/apt/sources.list.d/nodesource.list \
+    # TurboVNC & VirtualGL instead of Xvfb+X11vnc
+    && curl --proto "=https" --tlsv1.2 -fsSL https://packagecloud.io/dcommander/virtualgl/gpgkey | gpg --dearmor -o /etc/apt/trusted.gpg.d/VirtualGL.gpg \
+    && curl --proto "=https" --tlsv1.2 -fsSL  https://packagecloud.io/dcommander/turbovnc/gpgkey | gpg --dearmor -o /etc/apt/trusted.gpg.d/TurboVNC.gpg \
+    && curl --proto "=https" --tlsv1.2 -fsSL https://raw.githubusercontent.com/VirtualGL/repo/main/VirtualGL.list > /etc/apt/sources.list.d/VirtualGL.list \
+    && curl --proto "=https" --tlsv1.2 -fsSL https://raw.githubusercontent.com/TurboVNC/repo/main/TurboVNC.list > /etc/apt/sources.list.d/TurboVNC.list \
+    # update lists and install
     && apt-get update \
     && apt-get install --no-install-recommends -y \
-      nodejs \
-      xvfb \
-      x11vnc \
-      tini \
+      virtualgl turbovnc ratpoison \
       novnc websockify \
+      tini \
+      nodejs \
       dos2unix \
-      python3-pip \
-      libgtk-3-0 \
-      libasound2 \
-      libxcomposite1 \
-      libpangocairo-1.0-0 \
-      libpango-1.0-0 \
-      libatk1.0-0 \
-      libcairo-gobject2 \
-      libcairo2 \
-      libgdk-pixbuf-2.0-0 \
-      libdbus-glib-1-2 \
-      libxcursor1 \
+      # use `pip install apprise --break-system-packages` instead of pipx (should be used locally, but we only need one pkg and pipx needs adjustment to $PATH) instead of apt-get's apprise (1.7.2 instead of 1.9.3)
+      pip \
+    # RUN npx patchright install-deps chromium
+    # ^ installing deps manually instead saved ~130MB:
+    && apt-get install -y --no-install-recommends \
       libnss3 \
       libnspr4 \
+      libatk1.0-0 \
+      libatk-bridge2.0-0 \
+      libcups2 \
+      libxkbcommon0 \
+      libatspi2.0-0 \
+      libxcomposite1 \
       libgbm1 \
+      libpango-1.0-0 \
+      libcairo2 \
+      libasound2t64 \
+      libxfixes3 \
+      # needed for TurboVNC if not installing xfce4:
+      libxdamage1 \ 
     && apt-get autoremove -y \
+    # https://www.perplexity.ai/search/what-files-do-i-need-to-remove-imjwdphNSUWK98WzsmQswA
     && apt-get clean \
     && rm -rf \
+      /var/lib/apt/lists/* \
+      /var/cache/* \
+      /var/tmp/* \
       /tmp/* \
       /usr/share/doc/* \
-      /var/cache/* \
-      /var/lib/apt/lists/* \
-      /var/tmp/* \
-    && useradd -ms /bin/bash fgc \
     && ln -s /usr/share/novnc/vnc_auto.html /usr/share/novnc/index.html \
-    && pip install apprise
+    && pip install apprise --break-system-packages --no-cache-dir
 
 WORKDIR /fgc
 COPY package*.json ./
 
-# Playwright installs patched firefox to ~/.cache/ms-playwright/firefox-*
-# Requires some system deps to run (see inlined install-deps above).
-RUN npm install
-# Old: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD + install firefox (had to be done after `npm install` to get the correct version). Now: playwright-firefox as npm dep and `npm install` will only install that.
-# From 1.38 Playwright will no longer install browser automatically for playwright, but apparently still for playwright-firefox: https://github.com/microsoft/playwright/releases/tag/v1.38.0
-# RUN npx playwright install firefox
+# --no-shell to avoid installing chromium_headless_shell (307MB) since headless mode could be detected without patching the browser itself
+RUN npm install --ignore-scripts && npx patchright install chromium --no-shell && du -h -d1 ~/.cache/ms-playwright
 
-# Only copy the files we actually need in the image to avoid accidentally adding secrets.
-COPY *.js ./
-COPY eslint.config.js jsconfig.json sonar-project.properties ./
-COPY src ./src
-COPY test ./test
-COPY docker-entrypoint.sh ./
+COPY . .
 
 # Shell scripts need Linux line endings. On Windows, git might be configured to check out dos/CRLF line endings, so we convert them for those people in case they want to build the image. They could also use --config core.autocrlf=input
-RUN dos2unix ./*.sh && chmod +x ./*.sh && chown -R fgc:fgc /fgc
+RUN dos2unix ./*.sh && chmod +x ./*.sh
 COPY docker-entrypoint.sh /usr/local/bin/
 
+# set by .github/workflows/docker.yml
 ARG COMMIT=""
 ARG BRANCH=""
 ARG NOW=""
+# need as env vars to log in docker-entrypoint.sh
 ENV COMMIT=${COMMIT}
 ENV BRANCH=${BRANCH}
 ENV NOW=${NOW}
 
-LABEL org.opencontainers.image.title="free-games-claimer" \
-      org.opencontainers.image.name="free-games-claimer" \
-      org.opencontainers.image.description="Automatically claims free games on the Epic Games Store, Amazon Prime Gaming and GOG" \
-      org.opencontainers.image.url="https://github.com/vogler/free-games-claimer" \
-      org.opencontainers.image.source="https://github.com/vogler/free-games-claimer" \
-      org.opencontainers.image.revision=${COMMIT} \
-      org.opencontainers.image.ref.name=${BRANCH} \
-      org.opencontainers.image.base.name="ubuntu:jammy" \
-      org.opencontainers.image.version="latest"
+# added by docker/metadata-action using data from GitHub
+# LABEL org.opencontainers.image.title="free-games-claimer" \
+#       org.opencontainers.image.url="https://github.com/vogler/free-games-claimer" \
+#       org.opencontainers.image.source="https://github.com/vogler/free-games-claimer"
 
 # Configure VNC via environment variables:
-ENV VNC_PORT 5900
-ENV NOVNC_PORT 6080
-# Ports are not exposed by default; publish explicitly with -p when you really need GUI access.
-# EXPOSE 5900
-# EXPOSE 6080
+ENV VNC_PORT=5900
+ENV NOVNC_PORT=6080
+EXPOSE 5900
+EXPOSE 6080
 
 # Configure Xvfb via environment variables:
-ENV WIDTH 1920
-ENV HEIGHT 1080
-ENV DEPTH 24
+ENV WIDTH=1920
+ENV HEIGHT=1080
+ENV DEPTH=24
 
 # Show browser instead of running headless
-ENV SHOW 1
+ENV SHOW=1
 
-USER fgc
+# mega-linter (KICS, Trivy) complained about it missing - usually this checks some API endpoint, for a container that runs ~1min a healthcheck doesn't make that much sense since playwright has timeouts for everything. Could react to SIGUSR1 and check something in JS - for now we just check that node is running and noVNC is reachable...
+HEALTHCHECK --interval=5s --timeout=5s CMD pgrep node && curl --fail http://localhost:6080 || exit 1
 
 # Script to setup display server & VNC is always executed.
 ENTRYPOINT ["docker-entrypoint.sh"]

README.md

@@ -1,88 +1,253 @@
-Free Games Claimer (Fork)
-==========================
+# free-games-claimer
+[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=vogler_free-games-claimer&metric=code_smells)](https://sonarcloud.io/project/overview?id=vogler_free-games-claimer)
 
-[![Quality Gate Status](https://sonata.cyber77.de/api/project_badges/measure?project=free-games-claimer&metric=alert_status&token=sqb_99c83edf82a1331f0c649f8a5b698b4ec8f9a965)](https://sonata.cyber77.de/dashboard?id=free-games-claimer)
+<p align="center">
+<img alt="logo-free-games-claimer" src="https://user-images.githubusercontent.com/493741/214588518-a4c89998-127e-4a8c-9b1e-ee4a9d075715.png" />
+</p>
 
-Automates claiming of free games for:
-- Amazon Luna Gaming / Luna claims (including external stores like GOG, Epic Games, Legacy Games )
-- GOG giveaways
-- Optional extras: Steam stats, AliExpress dailies (not implemated yet)
+Claims free games periodically on
+- <img alt="logo epic-games" src="https://github.com/user-attachments/assets/82e9e9bf-b6ac-4f20-91db-36d2c8429cb6" width="32" align="middle" /> [Epic Games Store](https://www.epicgames.com/store/free-games) - currently only without Docker
+- <img alt="logo prime-gaming" src="https://github.com/user-attachments/assets/7627a108-20c6-4525-a1d8-5d221ee89d6e" width="32" align="middle" /> [Amazon Prime Gaming](https://gaming.amazon.com)
+- <img alt="logo gog" src="https://github.com/user-attachments/assets/49040b50-ee14-4439-8e3c-e93cafd7c3a5" width="32" align="middle" /> [GOG](https://www.gog.com)
+<!-- - <img src="https://www.freepnglogos.com/uploads/xbox-logo-picture-png-14.png" width="32"/> [Xbox Live Games with Gold](https://www.xbox.com/en-US/live/gold#gameswithgold) ([experimental](https://github.com/vogler/free-games-claimer/issues/19)) -->
+and some other free stuff (WIP):
+- AliExpress coins (reduce prices)
+- Google Play points - WIP
+- Assets on fab.com (previously unrealengine.com, same login as Epic Games) - WIP
+- Microsoft Rewards: points can be spent on e.g. Xbox Game Pass - WIP
+<!-- - <img alt="logo unrealengine" src="https://github.com/user-attachments/assets/3582444b-f23b-448d-bf31-01668cd0313a" width="32" align="middle" /> [Unreal Engine (Assets)](https://www.unrealengine.com/marketplace/en-US/assets?count=20&sortBy=effectiveDate&sortDir=DESC&start=0&tag=4910) ([experimental](https://github.com/vogler/free-games-claimer/issues/44), same login as Epic Games) -->
 
-Requirements
-------------
-- Docker or Podman (recommended), or Node.js ≥ 20 for local runs
-- Optional notifications: `pip install apprise`
-- Playwright dependencies are baked into the container; locally, `npm install` downloads Firefox.
+Pull requests welcome :)
 
-Quickstart (Docker Run)
------------------------
-```
-docker run --rm -it \
-  -p 6080:6080 \
-  -v fgc:/fgc/data \
-  -e SHOW=1 \
-  git.sky-net.it/nocci/free-games-claimer:latest \
-  node prime-gaming.js
-```
-- Ports 6080/5900: noVNC/VNC (only needed with `SHOW=1`)
-- Data/configs are stored in volume `fgc` under `/fgc/data`
+![Telegram Screenshot](https://user-images.githubusercontent.com/493741/214667078-eb5c1877-2bdd-40c1-b94e-4a50d6852c06.png)
 
-Docker Compose Example
-----------------------
-```yaml
-services:
-  fgc:
-    image: git.sky-net.it/nocci/free-games-claimer:latest
-    container_name: fgc
-    environment:
-      - SHOW=1            # show browser via VNC/noVNC
-      # - PG_EMAIL=...
-      # - PG_PASSWORD=...
-      # - PG_OTPKEY=...
-    volumes:
-      - fgc:/fgc/data
-    ports:
-      - "6080:6080"       # noVNC
-      # - "5900:5900"     # VNC optional
-    command: bash -c "node epic-games; node prime-gaming; node gog"
-volumes:
-  fgc:
+_Works on Windows/macOS/Linux._
+
+Raspberry Pi (and other SBC): [requires 64-bit OS](https://github.com/vogler/free-games-claimer/issues/3) like Raspberry Pi OS or Ubuntu (Raspbian won't work), but not recommended since it's too slow and may be unreliable.
+
+## How to run this?
+
+### Container
+
+You can [install Docker](https://docs.docker.com/get-docker/) and run this command in a terminal:
+```sh
+docker run --rm -it -p 6080:6080 -v fgc:/fgc/data --pull=always ghcr.io/vogler/free-games-claimer
 ```
 
-Configuration (Environment Variables)
--------------------------------------
-Common options:
-- `SHOW=0/1` (0 = headless, 1 = UI)
-- `WIDTH`, `HEIGHT` (browser size)
-- `TIMEOUT`, `LOGIN_TIMEOUT` (seconds)
-- Login: `EMAIL`, `PASSWORD` global; per store `EG_EMAIL`, `EG_PASSWORD`, `EG_OTPKEY`, `PG_EMAIL`, `PG_PASSWORD`, `PG_OTPKEY`, `GOG_EMAIL`, `GOG_PASSWORD`
-- Prime Gaming: `PG_REDEEM=1` (auto-redeem keys, experimental), `PG_CLAIMDLC=1`, `PG_TIMELEFT=<days>` to skip long-remaining offers
-- Screenshots: `SCREENSHOTS_DIR` (default `data/screenshots`)
-- Notifications: `NOTIFY='...'` (Apprise URL), optional `NOTIFY_TITLE`
-- Browser profile: `BROWSER_DIR` (default `data/browser`)
-- Recording: `RECORD=1` to save videos/HAR to `data/record/`
-- Debugging: `DEBUG=1` (opens Playwright inspector), `DEBUG_NETWORK=1` (logs requests), `TIME=1` (prints timings)
-- Dry run / Interaction: `DRYRUN=1` (do not claim), `INTERACTIVE=1` (ask before claiming), `HEADLESS` is derived from `SHOW`/`DEBUG`
-- Directories: `SCREENSHOTS_DIR`, `BROWSER_DIR`, `DATA_DIR` (prefix for data; default under `data/`)
-- VNC/noVNC: `VNC_PASSWORD` (for Docker entrypoint), `NOVNC_PORT`/`VNC_PORT` (Docker)
-- General timeouts: `TIMEOUT` (per action), `LOGIN_TIMEOUT` (extra time for login)
+_This currently gives you a captcha challenge for epic-games. Until [issue #183](https://github.com/vogler/free-games-claimer/issues/183) is fixed, it is recommended to just run `node epic-games` without Docker on a desktop machine (not headless, see below)._
 
-You can place a `data/config.env`; it is loaded via dotenv and is overridden by explicitly set environment variables.
+This will run `node epic-games; node prime-gaming; node gog` - if you only want to claim games for one of the stores, you can override the default command by appending e.g. `node epic-games` at the end of the `docker run` command, or if you want several, `bash -c "node epic-games.js; node gog.js"`.
+Data (including json files with claimed games, codes to redeem, screenshots) is stored in the Docker volume `fgc`.
 
-Local Run Without Docker
-------------------------
-```
-npm install
-SHOW=0 PG_EMAIL=... PG_PASSWORD=... PG_OTPKEY=... node prime-gaming.js
-```
-- Playwright downloads Firefox to `~/.cache/ms-playwright`.
-- Use `SHOW=1` for a visible browser (requires GUI/Xvfb).
+There's also a `docker-compose.yml` which you can use as an alternative with `docker compose up` (or if you need it for Portainer, your NAS, Unraid, ...).
 
-Persistence & Outputs
----------------------
-- Data/status: `data/*.json` (per store)
-- Browser profile: `data/browser`
-- Screenshots: `data/screenshots/<store>/`
-- Optional videos/HAR: `RECORD=1` → `data/record/`
+<!-- <details>
+  <summary>I want to run without Docker or develop locally.</summary> -->
 
-Tip: For captchas or first-time login, run with `SHOW=1` and log in once; cookies stay in the profile. Notifications via `NOTIFY` help surface errors (e.g., captcha, login).
+### Without Docker
+
+1. [Install Node.js](https://nodejs.org/en/download)
+2. Clone/download this repository and `cd` into it in a terminal
+3. Run `npm install && npx patchright install chromium` to install dependencies
+4. Optional: notifications are handled by [apprise](https://github.com/caronc/apprise). See its docs for setup instructions (e.g. `pipx install apprise` ([uv](https://github.com/astral-sh/uv) and [pipx](https://github.com/pypa/pipx) are recommended over [pip](https://stackoverflow.com/questions/75608323/how-do-i-solve-error-externally-managed-environment-every-time-i-use-pip-3))
+5. To get updates: `git pull; npm install`
+6. Run `node epic-games`, `node prime-gaming`, `node gog`...
+
+Patchright/Playwright will download its Chromium to a cache in home ([doc](https://playwright.dev/docs/browsers#managing-browser-binaries)).
+If you are missing some dependencies for the browser on your system, you can use `npx patchright install chromium --with-deps`.
+
+If you don't want to use Docker for quasi-headless mode, you could run inside a virtual machine, on a server (as long as it has a (virtual) display), or you wake your PC at night to avoid being interrupted.
+<!-- </details> -->
+
+## Usage
+
+All scripts start an automated Chromium instance, either with the browser GUI shown or hidden (_headless mode_). By default, you won't see any browser open on your host system.
+Epic Games is an exception which will always show the browser since otherwise you would get a captcha challenge.
+
+- When running inside Docker, the browser will be shown only inside the container. You can open <http://localhost:6080> to interact with the browser running inside the container via noVNC (or use other VNC clients on port 5900).
+- When running the scripts outside of Docker, the browser will be hidden by default; you can use `SHOW=1 ...` to show the UI (see options below).
+
+When running the first time, you have to login for each store you want to claim games on.
+You can login indirectly via the terminal or directly in the browser. The scripts will wait until you are successfully logged in.
+
+There will be prompts in the terminal asking you to enter email, password, and afterwards some OTP (one time password / security code) if you have 2FA/MFA (two-/multi-factor authentication) enabled. If you want to login yourself via the browser, you can press escape in the terminal to skip the prompts.
+
+After login, the script will continue claiming the current games. If it still waits after you are already logged in, you can restart it (and open an issue). If you run the scripts regularly, you should not have to login again.
+
+### Configuration / Options
+
+Options are set via [environment variables](https://kinsta.com/knowledgebase/what-is-an-environment-variable/) which allow for flexible configuration.
+
+TODO: ~~On the first run, the script will guide you through configuration and save all settings to `data/config.env`. You can edit this file directly or run `node fgc config` to run the configuration assistant again.~~
+
+Available options/variables and their default values:
+
+| Option         | Default      | Description                                                                                                                  |
+|----------------|--------------|------------------------------------------------------------------------------------------------------------------------------|
+| SHOW           | 1            | Show browser if 1. Default for Docker, not shown when running outside.                                                       |
+| WIDTH          | 1280         | Width of the opened browser (and of screen for VNC in Docker).                                                               |
+| HEIGHT         | 1280         | Height of the opened browser (and of screen for VNC in Docker).                                                              |
+| VNC_PASSWORD   |              | VNC password for Docker. No password used by default!                                                                        |
+| NOTIFY         |              | Notification services to use (Pushover, Slack, Telegram...), see below.                                                      |
+| NOTIFY_TITLE   |              | Optional title for notifications, e.g. for Pushover.                                                                         |
+| BROWSER_DIR    | data/browser | Directory for browser profile, e.g. for multiple accounts.                                                                   |
+| TIMEOUT        | 60           | Timeout for any page action. Should be fine even on slow machines.                                                           |
+| LOGIN_TIMEOUT  | 180          | Timeout for login in seconds. Will wait twice (prompt + manual login).                                                       |
+| EMAIL          |              | Default email for any login.                                                                                                 |
+| PASSWORD       |              | Default password for any login.                                                                                              |
+| EG_EMAIL       |              | Epic Games email for login. Overrides EMAIL.                                                                                 |
+| EG_PASSWORD    |              | Epic Games password for login. Overrides PASSWORD.                                                                           |
+| EG_OTPKEY      |              | Epic Games MFA OTP key.                                                                                                      |
+| EG_PARENTALPIN |              | Epic Games Parental Controls PIN.                                                                                            |
+| PG_EMAIL       |              | Prime Gaming email for login. Overrides EMAIL.                                                                               |
+| PG_PASSWORD    |              | Prime Gaming password for login. Overrides PASSWORD.                                                                         |
+| PG_OTPKEY      |              | Prime Gaming MFA OTP key.                                                                                                    |
+| PG_REDEEM      | 0            | Prime Gaming: try to redeem keys on external stores ([experimental](https://github.com/vogler/free-games-claimer/issues/5)). |
+| PG_CLAIMDLC    | 0            | Prime Gaming: try to claim DLCs ([experimental](https://github.com/vogler/free-games-claimer/issues/55)).                    |
+| GOG_EMAIL      |              | GOG email for login. Overrides EMAIL.                                                                                        |
+| GOG_PASSWORD   |              | GOG password for login. Overrides PASSWORD.                                                                                  |
+| GOG_NEWSLETTER | 0            | Do not unsubscribe from newsletter after claiming a game if 1.                                                               |
+| LG_EMAIL       |              | Legacy Games: email to use for redeeming (if not set, defaults to PG_EMAIL).                                                 |
+
+See `src/config.js` for all options.
+
+#### How to set options
+
+You can add options directly in the command or put them in a file to load.
+
+##### Docker
+
+You can pass variables using `-e VAR=VAL`.
+For example, `docker run -e EMAIL=foo@bar.baz -e NOTIFY='tgram://bottoken/ChatID' ...`.
+Alternatively, you can pass a file with `--env-file fgc.env` where `fgc.env` is a file on your host system (see [docs](https://docs.docker.com/engine/reference/commandline/run/#env)).
+You can also `docker cp` your configuration file to `/fgc/data/config.env` in the `fgc` volume to store it with the rest of the data instead of on the host ([example](https://github.com/moby/moby/issues/25245#issuecomment-365980572)).
+If you are using [docker compose](https://docs.docker.com/compose/environment-variables/) (or Portainer etc.), you can put options in the `environment:` section.
+
+##### Without Docker
+
+On Linux/macOS you can prefix the variables you want to set, for example `EMAIL=foo@bar.baz SHOW=1 node epic-games` will show the browser and skip asking you for your login email. On Windows you have to use `set`, [example](https://github.com/vogler/free-games-claimer/issues/314).
+You can also put options in `data/config.env` which will be loaded by [dotenv](https://github.com/motdotla/dotenv).
+
+### Notifications
+
+The scripts will try to send notifications for successfully claimed games and any errors like needing to log in or encountered captchas (should not happen).
+
+[apprise](https://github.com/caronc/apprise) is used for notifications and offers many services including Pushover, Slack, Telegram, SMS, Email, desktop and custom notifications.
+You just need to set `NOTIFY` to the notification services you want to use, e.g. `NOTIFY='mailto://myemail@gmail.com' 'pbul://o.gn5kj6nfhv736I7jC3cj3QLRiyhgl98b'` - refer to their list of services and [examples](https://github.com/caronc/apprise#command-line-usage).
+
+### Automatic login, two-factor authentication
+
+If you set the options for email, password and OTP key, there will be no prompts and logins should happen automatically. This is optional since all stores should stay logged in since cookies are refreshed.
+To get the OTP key, it is easiest to follow the store's guide for adding an authenticator app. You should also scan the shown QR code with your favorite app to have an alternative method for 2FA.
+
+- **Epic Games**: visit [password & security](https://www.epicgames.com/account/password), enable 'third-party authenticator app', copy the 'Manual Entry Key' and use it to set `EG_OTPKEY`.
+- **Prime Gaming**: visit Amazon 'Your Account › Login & security', 2-step verification › Manage › Add new app › Can't scan the barcode, copy the bold key and use it to set `PG_OTPKEY`
+- **GOG**: only offers OTP via email
+<!-- - **Xbox**: visit [additional security](https://account.live.com/proofs/manage/additional) > Add a new way to sign in or verify > Use an app > Set up a different Authenticator app > I can't scan the bar code > copy the bold key and use it to set `XBOX_OTPKEY` -->
+
+Beware that storing passwords and OTP keys as clear text may be a security risk. Use a unique/generated password! TODO: maybe at least offer to base64 encode for storage.
+
+### Epic Games Store
+
+Run `node epic-games` (locally or in Docker).
+
+### Amazon Prime Gaming
+
+Run `node prime-gaming` (locally or in Docker).
+
+Claiming the Amazon Games works out-of-the-box, however, for games on external stores you need to either link your account or redeem a key.
+
+- Stores that require account linking: Epic Games, Battle.net, Origin.
+- Stores that require redeeming a key: GOG.com, Microsoft Games, Legacy Games.
+  
+  Keys and URLs are printed to the console, included in notifications and saved in `data/prime-gaming.json`. A screenshot of the page with the key is also saved to `data/screenshots`.
+  [TODO](https://github.com/vogler/free-games-claimer/issues/5): ~~redeem keys on external stores.~~
+
+<!-- ### Xbox Games With Gold -->
+<!-- Run `node xbox` (locally or in docker). -->
+
+### Run periodically
+
+#### How often?
+
+Epic Games usually has two free games _every week_, before Christmas every day.
+Prime Gaming has new games _every month_ or more often during Prime days.
+GOG usually has one new game every couples of weeks.
+Unreal Engine has new assets to claim _every first Tuesday of a month_.
+<!-- Xbox usually has two games *every month*. -->
+
+It is safe to run the scripts every day.
+
+#### How to schedule?
+The container/scripts will claim currently available games and then exit.
+If you want it to run regularly, you have to schedule the runs yourself:
+
+- Linux/macOS: `crontab -e` ([example](https://github.com/vogler/free-games-claimer/discussions/56))
+- macOS: [launchd](https://stackoverflow.com/questions/132955/how-do-i-set-a-task-to-run-every-so-often)
+<!-- markdownlint-disable-next-line line-length -->
+- Windows: [task scheduler](https://active-directory-wp.com/docs/Usage/How_to_add_a_cron_job_on_Windows/Scheduled_tasks_and_cron_jobs_on_Windows/index.html) ([example](https://github.com/vogler/free-games-claimer/wiki/%5BHowTo%5D-Schedule-runs-on-Windows)), [other options](https://stackoverflow.com/questions/132971/what-is-the-windows-version-of-cron), or just put the command in a `.bat` file in Autostart if you restart often...
+- any OS: use a process manager like [pm2](https://pm2.keymetrics.io/docs/usage/restart-strategies/)
+- Docker Compose `command: bash -c "node epic-games; node prime-gaming; node gog; echo sleeping; sleep 1d"` additionally add `restart: unless-stopped` to it.
+
+TODO: ~~add some server-mode where the script just keeps running and claims games e.g. every day.~~
+
+### Problems?
+
+Check the open [issues](https://github.com/vogler/free-games-claimer/issues) and comment there or open a new issue (if it is something new).
+
+If you're a developer, you can use `PWDEBUG=1 ...` to [inspect](https://playwright.dev/docs/inspector) which opens a debugger where you can step through the script.
+
+
+## History/DevLog
+<details>
+  <summary>Click to expand</summary>
+
+Tried [epicgames-freebies-claimer](https://github.com/Revadike/epicgames-freebies-claimer), but had problems since epicgames introduced hcaptcha (see [issue](https://github.com/Revadike/epicgames-freebies-claimer/issues/172)).
+
+Played around with Puppeteer before, now trying newer [Playwright](https://playwright.dev) which is pretty similar.
+Playwright Inspector and `codegen` to generate scripts are nice, but failed to generate the right code for clicking a button in an iframe.
+
+<!-- markdownlint-disable-next-line line-length -->
+Added [main.spec.ts](https://github.com/vogler/epicgames-claimer/commit/e5ce7916ab6329cfc7134677c4d89c2b3fa3ba97#diff-d18d03e9c407a20e05fbf03cbd6f9299857740544fb6b50d6a70b9c6fbc35831) which was the test script generated by `npx playwright codegen` with manual fix for clicking buttons in the created iframe. Can be executed by `npx playwright test`. The test runner has options `--debug` and `--timeout` and can execute TypeScript which is nice. However, this only worked up to the button 'I Agree', and then showed an hcaptcha.
+
+Added [main.captcha.js](https://github.com/vogler/epicgames-claimer/commit/e5ce7916ab6329cfc7134677c4d89c2b3fa3ba97#diff-d18d03e9c407a20e05fbf03cbd6f9299857740544fb6b50d6a70b9c6fbc35831) which uses beta of `playwright-extra@next` and `@extra/recaptcha@next` (from [comment on puppeteer-extra](https://github.com/berstend/puppeteer-extra/pull/303#issuecomment-775277480)).
+However, `playwright-extra` seems to be old and missing `:has-text` selector (fixed [here](https://github.com/vogler/epicgames-claimer/commit/ba97a0e840b65f4476cca18e28d8461b0c703420)) and `page.frameLocator`, so the script did not run without adjustments.
+Also, solving via [2captcha](https://2captcha.com?from=13225256) is a paid service which takes time and may be unreliable.
+<!-- Alternative: https://anti-captcha.com -->
+
+Added [main.stealth.js](https://github.com/vogler/epicgames-claimer/commit/64d0ba8ce71baec3947d1b64acd567befcb39340#diff-f70d3bd29df4a343f11062a97063953173491ce30fe34f69a0fc52517adbf342) which uses the stealth plugin without `playwright-extra` wrapper but up-to-date `playwright` (from [comment](https://github.com/berstend/puppeteer-extra/issues/454#issuecomment-917437212)).
+The listed evasions are enough to not show an hcaptcha. Script claimed game successfully in non-headless mode.
+
+Removed `main.captcha.js`.
+Using Playwright Test (`main.spec.ts`) instead of Library (`main.stealth.js`) has the advantage of free CLI like `--debug` and `--timeout`.
+<!-- TODO: check if stealth plugin can be setup with `contextOptions` ([doc](https://playwright.dev/docs/test-configuration#more-browser-and-context-options)). -->
+
+Button selectors should preferably use text in order to be more stable against changes in the DOM.
+
+Renamed repository from epicgames-claimer to free-games-claimer since a script for Amazon Prime Gaming was also added. Removed all old scripts in favor of just `epic-games.js` and `prime-gaming.js`.
+
+epic games: `headless` mode gets hcaptcha challenge. More details/references in [issue](https://github.com/vogler/free-games-claimer/issues/2).
+
+[PR](https://github.com/vogler/free-games-claimer/pull/11) introduced a Dockerfile for running non-headless inside the container via xvfb which makes it headless for the host running the container.
+
+v1.0 Standalone scripts node epic-games and node prime-gaming using Chromium.
+
+Changed to Firefox for all scripts since Chromium led to captchas. Claiming then also worked in headless mode without Docker.
+
+Added options via env vars, configurable in `data/config.env`.
+
+Added OTP generation via otplib for automatic login, even with 2FA.
+
+Added notifications via [apprise](https://github.com/caronc/apprise).
+</details>
+
+[![Star History Chart](https://api.star-history.com/svg?repos=vogler/free-games-claimer&type=Date)](https://star-history.com/#vogler/free-games-claimer&Date)
+<!-- [![Stargazers over time](https://starchart.cc/vogler/free-games-claimer.svg?variant=adaptive)](https://starchart.cc/vogler/free-games-claimer) -->
+
+![Alt](https://repobeats.axiom.co/api/embed/a1c5e6e420d90e0d6b34c1285e92a69a44138faa.svg "Repobeats analytics image")
+
+---
+
+Logo with smaller aspect ratio (for Telegram bot etc.): 👾 - [emojipedia](https://emojipedia.org/alien-monster/)
+
+![logo-fgc](https://user-images.githubusercontent.com/493741/214589922-093d6557-6393-421c-b577-da58ff3671bc.png)

aliexpress.js

@@ -1,9 +1,9 @@
-import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
+// import { firefox } from 'playwright-firefox';
+import { chromium } from 'patchright';
 import { datetime, filenamify, prompt, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
 
-// using https://github.com/apify/fingerprint-suite worked, but has no launchPersistentContext...
-// from https://github.com/apify/fingerprint-suite/issues/162
+// can probably be removed and hard-code headers for mobile view
 import { FingerprintInjector } from 'fingerprint-injector';
 import { FingerprintGenerator } from 'fingerprint-generator';
 
@@ -12,12 +12,14 @@ const { fingerprint, headers } = new FingerprintGenerator().getFingerprint({
   operatingSystems: ['android'],
 });
 
-const context = await firefox.launchPersistentContext(cfg.dir.browser, {
+const context = await chromium.launchPersistentContext(cfg.dir.browser, {
   headless: cfg.headless,
+  // viewport: { width: cfg.width, height: cfg.height },
   locale: 'en-US', // ignore OS locale to be sure to have english text for locators -> done via /en in URL
   recordVideo: cfg.record ? { dir: 'data/record/', size: { width: cfg.width, height: cfg.height } } : undefined, // will record a .webm video for each page navigated; without size, video would be scaled down to fit 800x800
   recordHar: cfg.record ? { path: `data/record/aliexpress-${filenamify(datetime())}.har` } : undefined, // will record a HAR file with network requests and responses; can be imported in Chrome devtools
   handleSIGINT: false, // have to handle ourselves and call context.close(), otherwise recordings from above won't be saved
+  // e.g. for coins, mobile view is needed, otherwise it just says to install the app
   userAgent: fingerprint.navigator.userAgent,
   viewport: {
     width: fingerprint.screen.width,
@@ -26,8 +28,13 @@ const context = await firefox.launchPersistentContext(cfg.dir.browser, {
   extraHTTPHeaders: {
     'accept-language': headers['accept-language'],
   },
+  // https://peter.sh/experiments/chromium-command-line-switches/
+  args: [
+    '--hide-crash-restore-bubble',
+  ],
 });
 handleSIGINT(context);
+// await stealth(context);
 await new FingerprintInjector().attachFingerprintToPlaywright(context, { fingerprint, headers });
 
 context.setDefaultTimeout(cfg.debug ? 0 : cfg.timeout);
@@ -37,33 +44,40 @@ const page = context.pages().length ? context.pages()[0] : await context.newPage
 const auth = async url => {
   console.log('auth', url);
   await page.goto(url, { waitUntil: 'domcontentloaded' });
-  // redirects to https://login.aliexpress.com/?return_url=https%3A%2F%2Fwww.aliexpress.com%2Fp%2Fcoin-pc-index%2Findex.html
-  await Promise.any([page.waitForURL(url => url.includes('login.aliexpress.com')).then(async () => {
-    console.error('Not logged in! Will wait for 120s for you to login...');
-    page.locator('span:has-text("Switch account")').click().catch(() => {}); // sometimes no longer logged in, but previous user/email is pre-selected -> in this case we want to go back to the classic login
-    const login = page.locator('.login-container');
+  // no longer redirects if not authed, but replaces content -> click button "Log in" which then redirects
+  const loginBtn = page.locator('button:has-text("Log in")');
+  const loggedIn = page.locator('h3:text-is("day streak")');
+  await Promise.race([loginBtn.waitFor().then(async () => {
+    // offer manual login
+    console.error('Not logged in! Will wait for 120s for you to login in the browser or terminal...');
+    context.setDefaultTimeout(120 * 1000);
+    // and try automated
+    await loginBtn.click();
+    page.getByRole('button', { name: 'Accept cookies' }).click().then(_ => console.log('Accepted cookies')).catch(_ => { });
+    page.locator('span:has-text("Switch account")').click().catch(_ => {}); // sometimes no longer logged in, but previous user/email is pre-selected -> in this case we want to go back to the classic login
+    const login = page.locator('#root'); // not universal: .content, .nfm-login
     const email = cfg.ae_email || await prompt({ message: 'Enter email' });
     const emailInput = login.locator('input[label="Email or phone number"]');
     await emailInput.fill(email);
     await emailInput.blur(); // otherwise Continue button stays disabled
     const continueButton = login.locator('button:has-text("Continue")');
     await continueButton.click({ force: true }); // normal click waits for button to no longer be covered by their suggestion menu, so we have to force click somewhere for the menu to close and then click
-    await continueButton.click();
     const password = email && (cfg.ae_password || await prompt({ type: 'password', message: 'Enter password' }));
     await login.locator('input[label="Password"]').fill(password);
     await login.locator('button:has-text("Sign in")').click();
-    const error = login.locator('.error-text');
-    error.waitFor().then(async () => console.error('Login error:', await error.innerText()));
-    await page.waitForURL(url);
-    page.getByRole('button', { name: 'Accept cookies' }).click().then(() => console.log('Accepted cookies')).catch(() => { });
-  }), page.locator('#nav-user-account').waitFor()]).catch(() => {});
+    // TODO handle failed login
+    const error = login.locator('.nfm-login-input-error-text');
+    error.waitFor().then(async _ => console.error('Login error (please restart):', await error.innerText())).catch(_ => console.log('No login error.'));
+    await page.waitForURL(u => u.toString().startsWith('https://www.aliexpress.com/'));
+    context.setDefaultTimeout(cfg.debug ? 0 : cfg.timeout);
+    console.log('Logged in!'); // this should still be printed, but isn't...
+  }), loggedIn.waitFor()]); // some alternative element which is only there once logged in
 };
 
 // copied URLs from AliExpress app on tablet which has menu for the used webview
 const urls = {
-  // works with desktop view, but stuck at 100% loading in mobile view:
-  coins: 'https://www.aliexpress.com/p/coin-pc-index/index.html',
   // only work with mobile view:
+  coins: 'https://m.aliexpress.com/p/coin-index/index.html',
   grow: 'https://m.aliexpress.com/p/ae_fruit/index.html', // firefox: stuck at 60% loading, chrome: loads, but canvas
   gogo: 'https://m.aliexpress.com/p/gogo-match-cc/index.html', // closes firefox?!
   // only show notification to install the app
@@ -71,39 +85,77 @@ const urls = {
   merge: 'https://m.aliexpress.com/p/merge-market/index.html',
 };
 
-/* eslint-disable no-unused-vars */
+// need to start to wait for responses from API already before auth()
+const pre_auth = {
+  coins: async _ => {
+    console.log('Checking coins...');
+    let userCoinsNum; // can make this global or pass as arg if needed; for now we just log the value
+    let d; // response data (log in case of exception)
+    // coins are only present as rotating digits in DOM -> no easy way to get value
+    // number of coins are retrieved via POST to https://acs.aliexpress.com/h5/mtop.aliexpress.coin.execute/1.0/?jsv=2.6.1&appKey=...&t=1753253986320&sign=...&api=mtop.aliexpress.coin.execute&v=1.0&post=1&type=originaljson&dataType=jsonp -> .data.data.find(d => d.name == 'userCoinsNum').value
+    // however, there are two requests with same method/URL (usually the first is what we need, but sometimes it comes second) which only differ in the opaque value of the sign URL param
+    await page.waitForResponse(r => r.request().method() == 'POST' && r.url().startsWith('https://acs.aliexpress.com/h5/mtop.aliexpress.coin.execute/')).then(async r => {
+      d = await r.json();
+      d = d.data.data;
+      if (Array.isArray(d)) userCoinsNum = d.find(e => e.name == 'userCoinsNum')?.value;
+      console.log('Total (coins):', userCoinsNum);
+    }).catch(e => console.error('Total (coins): error:', e, 'data:', d));
+  },
+};
+
 const coins = async () => {
-  await Promise.any([page.locator('.checkin-button').click(), page.locator('.addcoin').waitFor()]);
-  console.log('Coins:', await page.locator('.mycoin-content-right-money').innerText());
-  console.log('Streak:', await page.locator('.title-box').innerText());
-  console.log('Tomorrow:', await page.locator('.addcoin').innerText());
+  console.log('Collecting coins...');
+  page.locator('.hideDoubleButton').click().catch(_ => {});
+  const collectBtn = page.locator('button:has-text("Collect")');
+  const moreBtn = page.locator('button:has-text("Earn more coins")');
+  await Promise.race([
+    // need force because button is visable and enabled but not stable (changes size)
+    collectBtn.click({ force: true }).then(_ => console.log('Collected coins for today!')),
+    moreBtn.waitFor().then(_ => console.log('No more coins to collect today!')),
+  ]);
+  // print more info
+  const streak = Number(await page.locator('h3:text-is("day streak")').locator('xpath=..').locator('div span').innerText());
+  console.log('Streak (days):', streak);
+  const tomorrow = Number((await page.locator(':text("coins tomorrow")').innerText()).replace(/Get (\d+) check-in coins tomorrow!/, '$1'));
+  console.log('Tomorrow (coins):', tomorrow);
+  // console.log(await page.locator('.marquee-content:has-text(" coins")').first().innerText());
+  const euro = await page.locator(':text("€")').first().innerText(); // TODO get coins value from somewhere (composed of rotating digits in divs...)
+  console.log('Total (€):', euro);
 };
 
-const grow = async () => {
-  await page.pause();
-};
-
-const gogo = async () => {
-  await page.pause();
-};
-
-const euro = async () => {
-  await page.pause();
-};
-
-const merge = async () => {
-  await page.pause();
-};
-/* eslint-enable no-unused-vars */
+// const grow = async () => {
+//   await page.pause();
+// };
+//
+// const gogo = async () => {
+//   await page.pause();
+// };
+//
+// const euro = async () => {
+//   await page.pause();
+// };
+//
+// const merge = async () => {
+//   await page.pause();
+// };
 
 try {
+  // await coins();
   await [
-    merge,
-  ].reduce((a, f) => a.then(async () => {
-    await auth(urls[f.name]);
+    coins,
+    // grow,
+    // gogo,
+    // euro,
+    // merge,
+  ].reduce((a, f) => a.then(async _ => {
+    const prep = (pre_auth[f.name] ?? (_ => undefined))(); // start to wait for API responses (if needed for f) before anything else
+    await auth(urls[f.name]); // authenticate
+    await prep; // after auth (which goes to right url), need to await, otherwise f may finish before prep is done
     await f();
     console.log();
   }), Promise.resolve());
+
+  // await page.pause();
 } catch (error) {
   process.exitCode ||= 1;
   console.error('--- Exception:');

docker-compose.yml

@@ -4,6 +4,10 @@ services:
     container_name: fgc # is printed in front of every output line
     image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer
     build: .
+    healthcheck: # see Dockerfile, check that node is running and noVNC is reachable
+      test: pgrep node && curl --fail http://localhost:6080 || exit 1
+      interval: 5s
+      timeout: 5s
     ports:
       # - "5900:5900" # VNC server
       - "6080:6080" # noVNC (browser-based VNC client)

docker-entrypoint.sh

@@ -3,77 +3,38 @@
 set -eo pipefail # exit on error, error on any fail in pipe (not just last cmd); add -x to print each cmd; see gist bash_strict_mode.md
 
 echo "Version: https://github.com/vogler/free-games-claimer/tree/${COMMIT}"
-[ ! -z $BRANCH ] && [ $BRANCH != "main" ] && echo "Branch: ${BRANCH}"
+[ -n "$BRANCH" ] && [ "$BRANCH" != "main" ] && echo "Branch: ${BRANCH}"
 echo "Build: $NOW"
 
-# Ensure writable data dir for fgc when host bind-mount is owned by root.
-if [ "$(id -u)" -eq 0 ]; then
-  chown -R 1000:1000 /fgc/data 2>/dev/null || true
-fi
+BROWSER="${BROWSER_DIR:-data/browser}"
 
 # Remove chromium profile lock.
 # When running in docker and then killing it, on the next run chromium displayed a dialog to unlock the profile which made the script time out.
 # Maybe due to changed hostname of container or due to how the docker container kills playwright - didn't check.
 # https://bugs.chromium.org/p/chromium/issues/detail?id=367048
-rm -f /fgc/data/browser/SingletonLock 2>/dev/null || true
-
-# Firefox preferences are stored in $BROWSER_DIR/pref.js and can be overridden by a file user.js
-# Since this file has to be in the volume (data/browser), we can't do this in Dockerfile.
-mkdir -p /fgc/data/browser
-# clean up stale firefox locks that can trigger "already running"
-rm -f /fgc/data/browser/parent.lock /fgc/data/browser/lock /fgc/data/browser/.parentlock 2>/dev/null || true
-# fix for 'Incorrect response' after solving a captcha correctly - https://github.com/vogler/free-games-claimer/issues/261#issuecomment-1868385830
-# Only write the prefs file when the volume is writable (container runs as non-root).
-if [ -w /fgc/data/browser ] && { [ ! -e /fgc/data/browser/user.js ] || [ -w /fgc/data/browser/user.js ] || rm -f /fgc/data/browser/user.js 2>/dev/null; }; then
-  cat << 'EOT' > /fgc/data/browser/user.js
-user_pref("privacy.resistFingerprinting", true);
-// user_pref("privacy.resistFingerprinting.letterboxing", true);
-// user_pref("browser.contentblocking.category", "strict");
-// user_pref("webgl.disabled", true);
-EOT
-else
-  echo "Warning: /fgc/data/browser not writable; skipping user.js creation."
-fi
-# TODO disable session restore message?
+rm -f "/fgc/$BROWSER/SingletonLock"
 
 # Remove X server display lock, fix for `docker compose up` which reuses container which made it fail after initial run, https://github.com/vogler/free-games-claimer/issues/31
-# echo $DISPLAY
-# ls -l /tmp/.X11-unix/
+# Maybe no longer needed after adding #478's -nolisten unix below
 rm -f /tmp/.X1-lock
 
-# Ensure X11 socket dir exists with sane ownership/permissions.
-mkdir -p /tmp/.X11-unix
-if [ "$(stat -c %U /tmp/.X11-unix 2>/dev/null)" != "root" ]; then
-  chown root:root /tmp/.X11-unix 2>/dev/null || chmod 1777 /tmp/.X11-unix
-fi
-
-# 6000+SERVERNUM is the TCP port Xvfb is listening on:
-# SERVERNUM=$(echo "$DISPLAY" | sed 's/:\([0-9][0-9]*\).*/\1/')
-
-# Options passed directly to the Xvfb server:
-# -ac disables host-based access control mechanisms
-# −screen NUM WxHxD creates the screen and sets its width, height, and depth
-
 export DISPLAY=:1 # need to export this, otherwise playwright complains with 'Looks like you launched a headed browser without having a XServer running.'
-Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" &
-echo "Xvfb display server created screen with resolution ${WIDTH}x${HEIGHT}"
 if [ -z "$VNC_PASSWORD" ]; then
-  pw="-nopw"
-  pwt="no password!"
+	pw="-SecurityTypes None"
+	pwt="no password!"
 else
-  pw="-passwd $VNC_PASSWORD"
-  pwt="with password"
+	# pw="-passwd $VNC_PASSWORD" # not supported anymore
+	pw="-rfbauth ~/.vnc/passwd"
+	mkdir ~/.vnc/
+	echo "$VNC_PASSWORD" | /opt/TurboVNC/bin/vncpasswd -f >~/.vnc/passwd
+	pwt="with password"
 fi
-x11vnc -display $DISPLAY -forever -shared -rfbport $VNC_PORT -bg $pw 2>/dev/null 1>&2
-echo "VNC is running on port $VNC_PORT ($pwt)"
-websockify -D --web "/usr/share/novnc/" $NOVNC_PORT "localhost:$VNC_PORT" 2>/dev/null 1>&2 &
-echo "noVNC (VNC via browser) is running on http://localhost:$NOVNC_PORT"
+# TurboVNC server replaces Xvfb+x11vnc
+# shellcheck disable=SC2086
+/opt/TurboVNC/bin/vncserver $DISPLAY -geometry "${WIDTH}x${HEIGHT}" -depth "${DEPTH}" -rfbport "${VNC_PORT}" $pw -vgl -log /fgc/data/TurboVNC.log -xstartup /usr/bin/ratpoison 2>/dev/null # -noxstartup -novnc /usr/share/novnc/
+echo "TurboVNC is running on port $VNC_PORT ($pwt) with resolution ${WIDTH}x${HEIGHT}"
+# TODO keep websockify just for custom NOVNC_PORT? https://www.perplexity.ai/search/how-to-specify-the-novnc-port-rfv96C9tTZufnyFPRye5xA#0
+websockify -D --web "/usr/share/novnc/" "$NOVNC_PORT" "localhost:$VNC_PORT" 2>/dev/null 1>&2 &
+echo "noVNC (VNC via browser) is running on http://localhost:$NOVNC_PORT/?autoconnect=true"
 echo
-
-# Ensure Playwright browsers are available (chromium + firefox).
-if [ ! -x /home/fgc/.cache/ms-playwright/firefox-1482/firefox/firefox ] || ! ls /home/fgc/.cache/ms-playwright/chromium-*/*/chrome >/dev/null 2>&1; then
-  echo "Playwright browsers missing; installing..."
-  npx playwright install chromium firefox || echo "Warning: failed to install Playwright browsers" >&2
-fi
-
 exec tini -g -- "$@" # https://github.com/krallin/tini/issues/8 node/playwright respond to signals like ctrl-c, but unsure about zombie processes

epic-games.js

@@ -1,10 +1,12 @@
-import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
+// import { chromium } from 'playwright-chromium';
+import { chromium } from 'patchright';
 import { authenticator } from 'otplib';
 import chalk from 'chalk';
-import path from 'node:path';
-import { existsSync, writeFileSync, appendFileSync } from 'node:fs';
-import { resolve, jsonDb, datetime, stealth, filenamify, prompt, notify, html_game_list, handleSIGINT } from './src/util.js';
+import path from 'path';
+import { existsSync, writeFileSync } from 'fs';
+import { resolve, jsonDb, datetime, filenamify, prompt, confirm, notify, html_game_list, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
+import { getGames } from './src/epic-games-mobile.js';
 
 const screenshot = (...a) => resolve(cfg.dir.screenshots, 'epic-games', ...a);
 
@@ -17,49 +19,37 @@ const db = await jsonDb('epic-games.json', {});
 
 if (cfg.time) console.time('startup');
 
-const browserPrefs = path.join(cfg.dir.browser, 'prefs.js');
-if (existsSync(browserPrefs)) {
-  console.log('Adding webgl.disabled to', browserPrefs);
-  appendFileSync(browserPrefs, 'user_pref("webgl.disabled", true);'); // apparently Firefox removes duplicates (and sorts), so no problem appending every time
-} else {
-  console.log(browserPrefs, 'does not exist yet, will patch it on next run. Restart the script if you get a captcha.');
-}
-
 // https://playwright.dev/docs/auth#multi-factor-authentication
-const context = await firefox.launchPersistentContext(cfg.dir.browser, {
-  headless: cfg.headless,
+const context = await chromium.launchPersistentContext(cfg.dir.browser, {
+  // channel: 'chrome', // recommended, but `npx patchright install chrome` clashes with system Chrome - https://github.com/Kaliiiiiiiiii-Vinyzu/patchright-nodejs#best-practice----use-chrome-without-fingerprint-injection
+  headless: false, // don't use cfg.headless headless here since SHOW=0 will lead to captcha
   viewport: { width: cfg.width, height: cfg.height },
-  userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0', // Windows UA avoids "device not supported"; update when browser version changes
   locale: 'en-US', // ignore OS locale to be sure to have english text for locators
   recordVideo: cfg.record ? { dir: 'data/record/', size: { width: cfg.width, height: cfg.height } } : undefined, // will record a .webm video for each page navigated; without size, video would be scaled down to fit 800x800
   recordHar: cfg.record ? { path: `data/record/eg-${filenamify(datetime())}.har` } : undefined, // will record a HAR file with network requests and responses; can be imported in Chrome devtools
   handleSIGINT: false, // have to handle ourselves and call context.close(), otherwise recordings from above won't be saved
-  // user settings for firefox have to be put in $BROWSER_DIR/user.js
-  args: [], // https://wiki.mozilla.org/Firefox/CommandLineOptions
+  // https://peter.sh/experiments/chromium-command-line-switches/
+  args: [
+    '--hide-crash-restore-bubble',
+    '--ignore-gpu-blocklist', // required for OpenGL: Disabled -> Enabled & WebGL: Software only -> Hardware accelerated
+    '--enable-unsafe-webgpu', // required for WebGPU: Disabled -> Hardware accelerated
+  ],
+  // The following makes the browser crash in docker with 'Chromium sandboxing failed!':
+  // chromiumSandbox: true, // https://github.com/Kaliiiiiiiiii-Vinyzu/patchright/issues/52
 });
 
-handleSIGINT(context);
+// console.log(context.browser().browserType()); // browser is null...
+if (cfg.debug) console.log(chromium.executablePath());
 
-// Without stealth plugin, the website shows an hcaptcha on login with username/password and in the last step of claiming a game. It may have other heuristics like unsuccessful logins as well. After <6h (TBD) it resets to no captcha again. Getting a new IP also resets.
-await stealth(context);
+handleSIGINT(context);
 
 if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
 
 const page = context.pages().length ? context.pages()[0] : await context.newPage(); // should always exist
-await page.setViewportSize({ width: cfg.width, height: cfg.height }); // workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
+// await page.setViewportSize({ width: cfg.width, height: cfg.height }); // TODO workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
 
-// some debug info about the page (screen dimensions, user agent)
-if (cfg.debug) {
-  /* global window, navigator */
-  const debugInfo = await page.evaluate(() => {
-    const { width, height, availWidth, availHeight } = window.screen;
-    return {
-      screen: { width, height, availWidth, availHeight },
-      userAgent: navigator.userAgent,
-    };
-  });
-  console.debug(debugInfo);
-}
+// some debug info about the page (screen dimensions, user agent, platform)
+if (cfg.debug) console.debug(await page.evaluate(() => [(({ width, height, availWidth, availHeight }) => ({ width, height, availWidth, availHeight }))(window.screen), navigator.userAgent, navigator.platform, navigator.vendor])); // deconstruct screen needed since `window.screen` prints {}, `window.screen.toString()` '[object Screen]', and can't use some pick function without defining it on `page`
 if (cfg.debug_network) {
   // const filter = _ => true;
   const filter = r => r.url().includes('store.epicgames.com');
@@ -81,8 +71,11 @@ try {
   if (cfg.time) console.timeEnd('startup');
   if (cfg.time) console.time('login');
 
+  // page.click('button:has-text("Accept All Cookies")').catch(_ => { }); // Not needed anymore since we set the cookie above. Clicking this did not always work since the message was animated in too slowly.
+
   while (await page.locator('egs-navigation').getAttribute('isloggedin') != 'true') {
     console.error('Not signed in anymore. Please login in the browser or here in the terminal.');
+    if (cfg.nowait) process.exit(1);
     if (cfg.novnc_port) console.info(`Open http://localhost:${cfg.novnc_port} to login inside the docker container.`);
     if (!cfg.debug) context.setDefaultTimeout(cfg.login_timeout); // give user some extra time to log in
     console.info(`Login timeout is ${cfg.login_timeout / 1000} seconds!`);
@@ -99,56 +92,38 @@ try {
       }
     };
     const email = cfg.eg_email || await prompt({ message: 'Enter email' });
-    if (email) {
-      const watchCaptchaChallenge = async () => {
-        try {
-          await page.waitForSelector('.h_captcha_challenge iframe', { timeout: 15000 });
-          console.error('Got a captcha during login (likely due to too many attempts)! You may solve it in the browser, get a new IP or try again in a few hours.');
-          await notify('epic-games: got captcha during login. Please check.');
-        } catch {
-          return;
-        }
-      };
-      const watchCaptchaIncorrect = async () => {
-        try {
-          await page.waitForSelector('p:has-text("Incorrect response.")', { timeout: 15000 });
-          console.error('Incorrect response for captcha!');
-        } catch {
-          return;
-        }
-      };
-      watchCaptchaChallenge();
-      watchCaptchaIncorrect();
+    if (!email) await notifyBrowserLogin();
+    else {
+      // await page.click('text=Sign in with Epic Games');
+      page.waitForSelector('.h_captcha_challenge iframe').then(async () => {
+        console.error('Got a captcha during login (likely due to too many attempts)! You may solve it in the browser, get a new IP or try again in a few hours.');
+        await notify('epic-games: got captcha during login. Please check.');
+      }).catch(_ => { });
+      page.waitForSelector('p:has-text("Incorrect response.")').then(async () => {
+        console.error('Incorrect response for captcha!');
+      }).catch(_ => { });
       await page.fill('#email', email);
-      const password = cfg.eg_password || await prompt({ type: 'password', message: 'Enter password' });
-      if (password) {
+      await page.click('button#continue'); // login was split in two steps for some time, then email and password on the same form, now two steps again...
+      const password = email && (cfg.eg_password || await prompt({ type: 'password', message: 'Enter password' }));
+      if (!password) await notifyBrowserLogin();
+      else {
         await page.fill('#password', password);
-        await page.click('button[type="submit"]');
-      } else await notifyBrowserLogin();
+        await page.click('button#sign-in');
+      }
       const error = page.locator('#form-error-message');
-      const watchLoginError = async () => {
-        try {
-          await error.waitFor({ timeout: 15000 });
-          console.error('Login error:', await error.innerText());
-          console.log('Please login in the browser!');
-        } catch {
-          return;
-        }
-      };
-      const watchMfaStep = async () => {
-        try {
-          await page.waitForURL('**/id/login/mfa**', { timeout: cfg.login_timeout });
-          console.log('Enter the security code to continue - This appears to be a new device, browser or location. A security code has been sent to your email address at ...');
-          const otp = cfg.eg_otpkey && authenticator.generate(cfg.eg_otpkey) || await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 6 || 'The code must be 6 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
-          await page.locator('input[name="code-input-0"]').pressSequentially(otp.toString());
-          await page.click('button[type="submit"]');
-        } catch {
-          return;
-        }
-      };
-      watchLoginError();
-      watchMfaStep();
-    } else await notifyBrowserLogin();
+      error.waitFor().then(async () => {
+        console.error('Login error:', await error.innerText());
+        console.log('Please login in the browser!');
+      }).catch(_ => { });
+      // handle MFA, but don't await it
+      page.waitForURL('**/id/login/mfa**').then(async () => {
+        console.log('Enter the security code to continue - This appears to be a new device, browser or location. A security code has been sent to your email address at ...');
+        // TODO locator for text (email or app?)
+        const otp = cfg.eg_otpkey && authenticator.generate(cfg.eg_otpkey) || await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 6 || 'The code must be 6 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
+        await page.locator('input[name="code-input-0"]').pressSequentially(otp.toString());
+        await page.click('button[type="submit"]');
+      }).catch(_ => { });
+    }
     await page.waitForURL(URL_CLAIM);
     if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
   }
@@ -162,7 +137,7 @@ try {
   const game_loc = page.locator('a:has(span:text-is("Free Now"))');
   await game_loc.last().waitFor().catch(_ => {
     // rarely there are no free games available -> catch Timeout
-    // waiting for timeout; alternative would be waiting for "coming soon"
+    // TODO would be better to wait for alternative like 'coming soon' instead of waiting for timeout
     // see https://github.com/vogler/free-games-claimer/issues/210#issuecomment-1727420943
     console.error('Seems like currently there are no free games available in your region...');
     // urls below should then be an empty list
@@ -171,8 +146,17 @@ try {
   // debug showed that in those cases the href was still correct, so we `goto` the urls instead of clicking.
   // Alternative: parse the json loaded to build the page https://store-site-backend-static-ipv4.ak.epicgames.com/freeGamesPromotions
   // i.e. filter data.Catalog.searchStore.elements for .promotions.promotionalOffers being set and build URL with .catalogNs.mappings[0].pageSlug or .urlSlug if not set to some wrong id like it was the case for spirit-of-the-north-f58a66 - this is also what's done here: https://github.com/claabs/epicgames-freegames-node/blob/938a9653ffd08b8284ea32cf01ac8727d25c5d4c/src/puppet/free-games.ts#L138-L213
-  const urlSlugs = await Promise.all((await game_loc.elementHandles()).map(a => a.getAttribute('href')));
+  const urlSlugs = await Promise.all((await game_loc.all()).map(a => a.getAttribute('href')));
   const urls = urlSlugs.map(s => 'https://store.epicgames.com' + s);
+
+  // Free mobile games - https://github.com/vogler/free-games-claimer/issues/474
+  // https://egs-platform-service.store.epicgames.com/api/v2/public/discover/home?count=10&country=DE&locale=en&platform=android&start=0&store=EGS
+  if (cfg.eg_mobile) {
+    console.log('Including mobile games...');
+    const mobileGames = await getGames();
+    urls.push(...mobileGames.map(x => x.url));
+  }
+
   console.log('Free games:', urls);
 
   for (const url of urls) {
@@ -229,33 +213,36 @@ try {
       console.log('  Requires base game! Nothing to claim.');
       notify_game.status = 'requires base game';
       db.data[user][game_id].status ||= 'failed:requires-base-game';
-      // if base game is free, add to queue as well
+      // TODO claim base game if it is free
       const baseUrl = 'https://store.epicgames.com' + await page.locator('a:has-text("Overview")').getAttribute('href');
       console.log('  Base game:', baseUrl);
       // await page.click('a:has-text("Overview")');
-      // re-add original add-on to queue after base game
-      urls.push(baseUrl, url); // add base game to the list of games to claim and re-add add-on itself
+      // TODO handle this via function call for base game above since this will never terminate if DRYRUN=1
+      urls.push(baseUrl); // add base game to the list of games to claim
+      urls.push(url); // add add-on itself again
     } else { // GET
       console.log('  Not in library yet! Click', btnText);
       await purchaseBtn.click({ delay: 11 }); // got stuck here without delay (or mouse move), see #75, 1ms was also enough
 
+      // click Continue if 'Device not supported. This product is not compatible with your current device.' - avoided by Windows userAgent?
+      page.click('button:has-text("Continue")').catch(_ => { }); // needed since change from Chromium to Firefox?
+
+      // click 'Yes, buy now' if 'This edition contains something you already have. Still interested?'
+      page.click('button:has-text("Yes, buy now")').catch(_ => { });
+
       // Accept End User License Agreement (only needed once)
-      const acceptEulaIfShown = async () => {
-        try {
-          await page.locator(':has-text("end user license agreement")').waitFor({ timeout: 10000 });
-          console.log('  Accept End User License Agreement (only needed once)');
-          await page.locator('input#agree').check();
-          await page.locator('button:has-text("Accept")').click();
-        } catch {
-          return;
-        }
-      };
-      acceptEulaIfShown();
+      page.locator(':has-text("end user license agreement")').waitFor().then(async () => {
+        console.log('  Accept End User License Agreement (only needed once)');
+        console.log(page.innerHTML);
+        console.log('Please report the HTML above here: https://github.com/vogler/free-games-claimer/issues/371');
+        await page.locator('input#agree').check(); // TODO Bundle: got stuck here; likely unrelated to bundle and locator just changed: https://github.com/vogler/free-games-claimer/issues/371
+        await page.locator('button:has-text("Accept")').click();
+      }).catch(_ => { });
 
       // it then creates an iframe for the purchase
-      await page.waitForSelector('#webPurchaseContainer iframe');
+      await page.waitForSelector('#webPurchaseContainer iframe'); // TODO needed?
       const iframe = page.frameLocator('#webPurchaseContainer iframe');
-      // skip game if unavailable in region, https://github.com/vogler/free-games-claimer/issues/46
+      // skip game if unavailable in region, https://github.com/vogler/free-games-claimer/issues/46 TODO check games for account's region
       if (await iframe.locator(':has-text("unavailable in your region")').count() > 0) {
         console.error('  This product is unavailable in your region!');
         db.data[user][game_id].status = notify_game.status = 'unavailable-in-region';
@@ -263,20 +250,14 @@ try {
         continue;
       }
 
-      const enterParentalPinIfNeeded = async () => {
-        try {
-          await iframe.locator('.payment-pin-code').waitFor({ timeout: 10000 });
-          if (!cfg.eg_parentalpin) {
-            console.error('  EG_PARENTALPIN not set. Need to enter Parental Control PIN manually.');
-            notify('epic-games: EG_PARENTALPIN not set. Need to enter Parental Control PIN manually.');
-          }
-          await iframe.locator('input.payment-pin-code__input').first().pressSequentially(cfg.eg_parentalpin);
-          await iframe.locator('button:has-text("Continue")').click({ delay: 11 });
-        } catch {
-          return;
+      iframe.locator('.payment-pin-code').waitFor().then(async () => {
+        if (!cfg.eg_parentalpin) {
+          console.error('  EG_PARENTALPIN not set. Need to enter Parental Control PIN manually.');
+          notify('epic-games: EG_PARENTALPIN not set. Need to enter Parental Control PIN manually.');
         }
-      };
-      enterParentalPinIfNeeded();
+        await iframe.locator('input.payment-pin-code__input').first().pressSequentially(cfg.eg_parentalpin);
+        await iframe.locator('button:has-text("Continue")').click({ delay: 11 });
+      }).catch(_ => { });
 
       if (cfg.debug) await page.pause();
       if (cfg.dryrun) {
@@ -285,45 +266,37 @@ try {
         if (cfg.time) console.timeEnd('claim game');
         continue;
       }
+      if (cfg.interactive && !await confirm()) {
+        if (cfg.time) console.timeEnd('claim game');
+        continue;
+      }
 
       // Playwright clicked before button was ready to handle event, https://github.com/vogler/free-games-claimer/issues/84#issuecomment-1474346591
       await iframe.locator('button:has-text("Place Order"):not(:has(.payment-loading--loading))').click({ delay: 11 });
 
       // I Agree button is only shown for EU accounts! https://github.com/vogler/free-games-claimer/pull/7#issuecomment-1038964872
       const btnAgree = iframe.locator('button:has-text("I Accept")');
-      const acceptIfRequired = async () => {
-        try {
-          await btnAgree.waitFor({ timeout: 10000 });
-          await btnAgree.click();
-        } catch {
-          return;
-        }
-      }; // EU: wait for and click 'I Agree'
-      acceptIfRequired();
+      btnAgree.waitFor().then(() => btnAgree.click()).catch(_ => { }); // EU: wait for and click 'I Agree'
       try {
         // context.setDefaultTimeout(100 * 1000); // give time to solve captcha, iframe goes blank after 60s?
         const captcha = iframe.locator('#h_captcha_challenge_checkout_free_prod iframe');
-        const watchCaptchaChallenge = async () => {
-          try {
-            await captcha.waitFor({ timeout: 10000 });
-            console.error('  Got hcaptcha challenge! Lost trust due to too many login attempts? You can solve the captcha in the browser or get a new IP address.');
-            await notify(`epic-games: got captcha challenge for.\nGame link: ${url}`);
-          } catch {
-            return;
-          }
-        }; // may time out if not shown
-        const watchCaptchaFailure = async () => {
-          try {
-            await iframe.locator('.payment__errors:has-text("Failed to challenge captcha, please try again later.")').waitFor({ timeout: 10000 });
-            console.error('  Failed to challenge captcha, please try again later.');
-            await notify('epic-games: failed to challenge captcha. Please check.');
-          } catch {
-            return;
-          }
-        };
-        watchCaptchaChallenge();
-        watchCaptchaFailure();
-        await page.locator('text=Thanks for your order!').waitFor({ state: 'attached' });
+        captcha.waitFor().then(async () => { // don't await, since element may not be shown
+          // console.info('  Got hcaptcha challenge! NopeCHA extension will likely solve it.')
+          console.error('  Got hcaptcha challenge! Lost trust due to too many login attempts? You can solve the captcha in the browser or get a new IP address.');
+          // await notify(`epic-games: got captcha challenge right before claim of <a href="${url}">${title}</a>. Use VNC to solve it manually.`); // TODO not all apprise services understand HTML: https://github.com/vogler/free-games-claimer/pull/417
+          await notify(`epic-games: got captcha challenge for.\nGame link: ${url}`);
+          // TODO could even create purchase URL, see https://github.com/vogler/free-games-claimer/pull/130
+          // await page.waitForTimeout(2000);
+          // const p = path.resolve(cfg.dir.screenshots, 'epic-games', 'captcha', `${filenamify(datetime())}.png`);
+          // await captcha.screenshot({ path: p });
+          // console.info('  Saved a screenshot of hcaptcha challenge to', p);
+          // console.error('  Got hcaptcha challenge. To avoid it, get a link from https://www.hcaptcha.com/accessibility'); // TODO save this link in config and visit it daily to set accessibility cookie to avoid captcha challenge?
+        }).catch(_ => { }); // may time out if not shown
+        iframe.locator('.payment__errors:has-text("Failed to challenge captcha, please try again later.")').waitFor().then(async () => {
+          console.error('  Failed to challenge captcha, please try again later.');
+          await notify('epic-games: failed to challenge captcha. Please check.');
+        }).catch(_ => { });
+        await page.locator('text=Thanks for your order!').waitFor({ state: 'attached' }); // TODO Bundle: got stuck here, but normal game now as well
         db.data[user][game_id].status = 'claimed';
         db.data[user][game_id].time = datetime(); // claimed time overwrites failed/dryrun time
         console.log('  Claimed successfully!');

eslint.config.js

@@ -2,75 +2,78 @@
 // https://eslint.org/docs/latest/use/configure/migration-guide
 import js from '@eslint/js';
 import globals from 'globals';
-import stylistic from '@stylistic/eslint-plugin-js';
+import stylistic from '@stylistic/eslint-plugin';
 
 export default [
   // https://eslint.org/docs/latest/use/configure/configuration-files-new#globally-ignoring-files-with-ignores
   // object with just `ignores` applies to all configuration objects
   // had `ln -s .gitignore .eslintignore` before, but .eslintignore no longer supported
   {
-    ignores: ['data/**'],
+    ignores: ['data/**', 'megalinter-reports/**'],
   },
-  js.configs.recommended,
+  js.configs.recommended, // TODO still needed?
   {
     // files: ['*.js'],
     languageOptions: {
-      globals: globals.node,
+      globals: {
+        ...globals.node,
+        ...globals.browser,
+      },
     },
     plugins: {
-      '@stylistic/js': stylistic,
+      '@stylistic': stylistic,
     },
     // https://eslint.org/docs/latest/rules/
     // https://eslint.style/packages/js
     rules: {
       'no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
       'prefer-const': 'error',
-      '@stylistic/js/array-bracket-newline': ['error', 'consistent'],
-      '@stylistic/js/array-bracket-spacing': 'error',
-      '@stylistic/js/array-element-newline': ['error', 'consistent'],
-      '@stylistic/js/arrow-parens': ['error', 'as-needed'],
-      '@stylistic/js/arrow-spacing': 'error',
-      '@stylistic/js/block-spacing': 'error',
-      '@stylistic/js/brace-style': 'error',
-      '@stylistic/js/comma-dangle': ['error', 'always-multiline'],
-      '@stylistic/js/comma-spacing': 'error',
-      '@stylistic/js/comma-style': 'error',
-      '@stylistic/js/eol-last': 'error',
-      '@stylistic/js/func-call-spacing': 'error',
-      '@stylistic/js/function-paren-newline': ['error', 'consistent'],
-      '@stylistic/js/implicit-arrow-linebreak': 'error',
-      '@stylistic/js/indent': ['error', 2],
-      '@stylistic/js/key-spacing': 'error',
-      '@stylistic/js/keyword-spacing': 'error',
-      '@stylistic/js/linebreak-style': 'error',
-      '@stylistic/js/no-extra-parens': 'error',
-      '@stylistic/js/no-extra-semi': 'error',
-      '@stylistic/js/no-mixed-spaces-and-tabs': 'error',
-      '@stylistic/js/no-multi-spaces': 'error',
-      '@stylistic/js/no-multiple-empty-lines': 'error',
-      '@stylistic/js/no-tabs': 'error',
-      '@stylistic/js/no-trailing-spaces': 'error',
-      '@stylistic/js/no-whitespace-before-property': 'error',
-      '@stylistic/js/nonblock-statement-body-position': 'error',
-      '@stylistic/js/object-curly-newline': 'error',
-      '@stylistic/js/object-curly-spacing': ['error', 'always'],
-      '@stylistic/js/object-property-newline': ['error', { allowAllPropertiesOnSameLine: true }],
-      '@stylistic/js/quote-props': ['error', 'as-needed'],
-      '@stylistic/js/quotes': ['error', 'single'],
-      '@stylistic/js/rest-spread-spacing': 'error',
-      '@stylistic/js/semi': 'error',
-      '@stylistic/js/semi-spacing': 'error',
-      '@stylistic/js/semi-style': 'error',
-      '@stylistic/js/space-before-blocks': 'error',
-      '@stylistic/js/space-before-function-paren': ['error', { anonymous: 'never', named: 'never', asyncArrow: 'always' }],
-      '@stylistic/js/space-in-parens': 'error',
-      '@stylistic/js/space-infix-ops': 'error',
-      '@stylistic/js/space-unary-ops': 'error',
-      '@stylistic/js/spaced-comment': 'error',
-      '@stylistic/js/switch-colon-spacing': 'error',
-      '@stylistic/js/template-curly-spacing': 'error',
-      '@stylistic/js/template-tag-spacing': 'error',
-      '@stylistic/js/wrap-regex': 'error',
+      '@stylistic/array-bracket-newline': ['error', 'consistent'],
+      '@stylistic/array-bracket-spacing': 'error',
+      '@stylistic/array-element-newline': ['error', 'consistent'],
+      '@stylistic/arrow-parens': ['error', 'as-needed'],
+      '@stylistic/arrow-spacing': 'error',
+      '@stylistic/block-spacing': 'error',
+      '@stylistic/brace-style': 'error',
+      '@stylistic/comma-dangle': ['error', 'always-multiline'],
+      '@stylistic/comma-spacing': 'error',
+      '@stylistic/comma-style': 'error',
+      '@stylistic/eol-last': 'error',
+      '@stylistic/function-call-spacing': 'error',
+      '@stylistic/function-paren-newline': ['error', 'consistent'],
+      '@stylistic/implicit-arrow-linebreak': 'error',
+      '@stylistic/indent': ['error', 2],
+      '@stylistic/key-spacing': 'error',
+      '@stylistic/keyword-spacing': 'error',
+      '@stylistic/linebreak-style': 'error',
+      '@stylistic/no-extra-parens': 'error',
+      '@stylistic/no-extra-semi': 'error',
+      '@stylistic/no-mixed-spaces-and-tabs': 'error',
+      '@stylistic/no-multi-spaces': 'error',
+      '@stylistic/no-multiple-empty-lines': 'error',
+      '@stylistic/no-tabs': 'error',
+      '@stylistic/no-trailing-spaces': 'error',
+      '@stylistic/no-whitespace-before-property': 'error',
+      '@stylistic/nonblock-statement-body-position': 'error',
+      '@stylistic/object-curly-newline': 'error',
+      '@stylistic/object-curly-spacing': ['error', 'always'],
+      '@stylistic/object-property-newline': ['error', { allowAllPropertiesOnSameLine: true }],
+      '@stylistic/quote-props': ['error', 'as-needed'],
+      '@stylistic/quotes': ['error', 'single'],
+      '@stylistic/rest-spread-spacing': 'error',
+      '@stylistic/semi': 'error',
+      '@stylistic/semi-spacing': 'error',
+      '@stylistic/semi-style': 'error',
+      '@stylistic/space-before-blocks': 'error',
+      '@stylistic/space-before-function-paren': ['error', { anonymous: 'never', named: 'never', asyncArrow: 'always' }],
+      '@stylistic/space-in-parens': 'error',
+      '@stylistic/space-infix-ops': 'error',
+      '@stylistic/space-unary-ops': 'error',
+      '@stylistic/spaced-comment': 'error',
+      '@stylistic/switch-colon-spacing': 'error',
+      '@stylistic/template-curly-spacing': 'error',
+      '@stylistic/template-tag-spacing': 'error',
+      '@stylistic/wrap-regex': 'error',
     },
   },
 ];

gog.js

@@ -1,6 +1,7 @@
-import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
+// import { firefox } from 'playwright-firefox';
+import { chromium } from 'patchright';
 import chalk from 'chalk';
-import { resolve, jsonDb, datetime, filenamify, prompt, notify, html_game_list, handleSIGINT } from './src/util.js';
+import { resolve, jsonDb, datetime, filenamify, prompt, confirm, notify, html_game_list, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
 
 const screenshot = (...a) => resolve(cfg.dir.screenshots, 'gog', ...a);
@@ -17,13 +18,17 @@ if (cfg.width < 1280) { // otherwise 'Sign in' and #menuUsername are hidden (but
 }
 
 // https://playwright.dev/docs/auth#multi-factor-authentication
-const context = await firefox.launchPersistentContext(cfg.dir.browser, {
+const context = await chromium.launchPersistentContext(cfg.dir.browser, {
   headless: cfg.headless,
   viewport: { width: cfg.width, height: cfg.height },
   locale: 'en-US', // ignore OS locale to be sure to have english text for locators -> done via /en in URL
   recordVideo: cfg.record ? { dir: 'data/record/', size: { width: cfg.width, height: cfg.height } } : undefined, // will record a .webm video for each page navigated; without size, video would be scaled down to fit 800x800
   recordHar: cfg.record ? { path: `data/record/gog-${filenamify(datetime())}.har` } : undefined, // will record a HAR file with network requests and responses; can be imported in Chrome devtools
   handleSIGINT: false, // have to handle ourselves and call context.close(), otherwise recordings from above won't be saved
+  // https://peter.sh/experiments/chromium-command-line-switches/
+  args: [
+    '--hide-crash-restore-bubble',
+  ],
 });
 
 handleSIGINT(context);
@@ -31,7 +36,8 @@ handleSIGINT(context);
 if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
 
 const page = context.pages().length ? context.pages()[0] : await context.newPage(); // should always exist
-await page.setViewportSize({ width: cfg.width, height: cfg.height }); // workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
+await page.setViewportSize({ width: cfg.width, height: cfg.height }); // TODO workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
+// console.debug('userAgent:', await page.evaluate(() => navigator.userAgent));
 
 const notify_games = [];
 let user;
@@ -41,13 +47,17 @@ try {
 
   await page.goto(URL_CLAIM, { waitUntil: 'domcontentloaded' }); // default 'load' takes forever
 
+  // page.click('#CybotCookiebotDialogBodyLevelButtonLevelOptinAllowAll').catch(_ => { }); // does not work reliably, solved by setting CookieConsent above
   const signIn = page.locator('a:has-text("Sign in")').first();
-  await Promise.any([signIn.waitFor(), page.waitForSelector('#menuUsername')]);
-  while (await signIn.isVisible()) {
-    console.error('Not signed in anymore.');
+  // TODO for the below signIn.waitFor(), patchright failed most of the time with: locator.waitFor: JSHandles can be evaluated only in the context they were created!
+  // await Promise.any([signIn.waitFor(), page.waitForSelector('#menuUsername')]);
+  const username = page.locator('#menuUsername').first();
+  while (await signIn.isVisible() && !await username.isVisible()) {
+    console.error('Not signed!');
+    if (cfg.nowait) process.exit(1);
     await signIn.click();
     // it then creates an iframe for the login
-    await page.waitForSelector('#GalaxyAccountsFrameContainer iframe');
+    await page.waitForSelector('#GalaxyAccountsFrameContainer iframe'); // TODO needed?
     const iframe = page.frameLocator('#GalaxyAccountsFrameContainer iframe');
     if (!cfg.debug) context.setDefaultTimeout(cfg.login_timeout); // give user some extra time to log in
     console.info(`Login timeout is ${cfg.login_timeout / 1000} seconds!`);
@@ -56,34 +66,30 @@ try {
     const email = cfg.gog_email || await prompt({ message: 'Enter email' });
     const password = email && (cfg.gog_password || await prompt({ type: 'password', message: 'Enter password' }));
     if (email && password) {
-      iframe.locator('a[href="/logout"]').click().catch(_ => { }); // Click 'Change account' (email from previous login is set in some cookie)
-      await iframe.locator('#login_username').fill(email);
+      // iframe.locator('a[href="/logout"]').click().catch(_ => { }); // Click 'Change account' (email from previous login is set in some cookie)
+      // TODO above didn't work with patchright
+      if (!await iframe.locator('#login_username').isDisabled()) {
+        await iframe.locator('#login_username').fill(email);
+      }
       await iframe.locator('#login_password').fill(password);
       await iframe.locator('#login_login').click();
-      const handleTwoFactor = async () => {
-        try {
-          await iframe.locator('form[name=second_step_authentication]').waitFor({ timeout: 15000 });
-          console.log('Two-Step Verification - Enter security code');
-          console.log(await iframe.locator('.form__description').innerText());
-          const otp = await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 4 || 'The code must be 4 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
-          await iframe.locator('#second_step_authentication_token_letter_1').pressSequentially(otp.toString(), { delay: 10 });
-          await iframe.locator('#second_step_authentication_send').click();
-          await page.waitForTimeout(1000);
-        } catch {
-          return;
-        }
-      };
-      const watchInvalidCaptcha = async () => {
-        try {
-          await iframe.locator('text=Invalid captcha').waitFor({ timeout: 15000 });
-          console.error('Got a captcha during login (likely due to too many attempts)! You may solve it in the browser, get a new IP or try again in a few hours.');
-          notify('gog: got captcha during login. Please check.');
-        } catch {
-          return;
-        }
-      };
-      handleTwoFactor();
-      watchInvalidCaptcha();
+      await page.waitForTimeout(2000); // TODO patchright waits forever for MFA locator otherwise
+      // handle MFA, but don't await it
+      iframe.locator('form[name=second_step_authentication]').waitFor().then(async () => {
+        console.log('Two-Step Verification - Enter security code');
+        console.log(await iframe.locator('.form__description').innerText());
+        const otp = await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 4 || 'The code must be 4 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
+        await iframe.locator('#second_step_authentication_token_letter_1').pressSequentially(otp.toString(), { delay: 10 });
+        await iframe.locator('#second_step_authentication_send').click();
+        await page.waitForTimeout(1000); // TODO still needed with wait for username below?
+      }).catch(_ => { });
+      // iframe.locator('iframe[title=reCAPTCHA]').waitFor().then(() => {
+      // iframe.locator('.g-recaptcha').waitFor().then(() => {
+      iframe.locator('text=Invalid captcha').waitFor().then(() => {
+        console.error('Got a captcha during login (likely due to too many attempts)! You may solve it in the browser, get a new IP or try again in a few hours.');
+        notify('gog: got captcha during login. Please check.');
+        // TODO solve reCAPTCHA?
+      }).catch(_ => { });
       await page.waitForSelector('#menuUsername');
     } else {
       console.log('Waiting for you to login in the browser.');
@@ -102,8 +108,8 @@ try {
   db.data[user] ||= {};
 
   const banner = page.locator('#giveaway');
-  const hasGiveaway = await banner.count();
-  if (!hasGiveaway) {
+  await page.waitForTimeout(2000); // TODO patchright sometimes missed banner otherwise
+  if (!await banner.count()) {
     console.log('Currently no free giveaway!');
   } else {
     const text = await page.locator('.giveaway__content-header').innerText();
@@ -113,9 +119,12 @@ try {
     console.log(`Current free game: ${chalk.blue(title)} - ${url}`);
     db.data[user][title] ||= { title, time: datetime(), url };
     if (cfg.dryrun) process.exit(1);
+    if (cfg.interactive && !await confirm()) process.exit(0);
+    // await page.locator('#giveaway:not(.is-loading)').waitFor(); // otherwise screenshot is sometimes with loading indicator instead of game title; #TODO fix, skipped due to timeout, see #240
     await banner.screenshot({ path: screenshot(`${filenamify(title)}.png`) }); // overwrites every time - only keep first?
 
-    // instead of clicking the button, visit the auto-claim URL which gives a JSON response
+    // await banner.getByRole('button', { name: 'Add to library' }).click();
+    // instead of clicking the button, we visit the auto-claim URL which gives as a JSON response which is easier than checking the state of a button
     await page.goto('https://www.gog.com/giveaway/claim');
     const response = await page.innerText('body');
     // console.log(response);

jsconfig.json

@@ -3,7 +3,7 @@
     "checkJs": true,
     "target": "es2021",
     "module": "NodeNext",
-    "moduleResolution": "NodeNext", // https://github.com/typicode/lowdb/issues/554
+    "moduleResolution": "NodeNext" // https://github.com/typicode/lowdb/issues/554
   },
   "exclude": ["node_modules", "**/node_modules"]
 }

package.json

@@ -11,9 +11,11 @@
   "license": "AGPL-3.0-only",
   "main": "index.js",
   "scripts": {
+    "lint": "npx eslint .",
     "docker:build": "docker build . -t ghcr.io/vogler/free-games-claimer",
-    "docker": "cross-env-shell docker run --rm -it -p 5900:5900 -p 6080:6080 -v \\\"$INIT_CWD/data\\\":/fgc/data --name fgc ghcr.io/vogler/free-games-claimer",
-    "lint": "npx eslint ."
+    "docker:build-log": "(docker buildx build --progress=plain . -t ghcr.io/vogler/free-games-claimer; docker image ls) 2>&1 | tee data/docker-build.log",
+    "docker": "docker run --rm -it -p 6080:6080 -v fgc:/fgc/data --pull=always ghcr.io/vogler/free-games-claimer",
+    "deps:update": "npx taze major -w && npm i"
   },
   "type": "module",
   "engines": {
@@ -21,17 +23,15 @@
   },
   "dependencies": {
     "chalk": "^5.4.1",
-    "cross-env": "^7.0.3",
-    "dotenv": "^16.5.0",
+    "dotenv": "^17.2.0",
     "enquirer": "^2.4.1",
-    "fingerprint-injector": "^2.1.66",
+    "fingerprint-injector": "^2.1.69",
     "lowdb": "^7.0.1",
     "otplib": "^12.0.1",
-    "playwright-firefox": "^1.52.0",
-    "puppeteer-extra-plugin-stealth": "^2.11.2"
+    "patchright": "^1.52.5"
   },
   "devDependencies": {
-    "@stylistic/eslint-plugin-js": "^4.2.0",
-    "eslint": "^9.26.0"
+    "@stylistic/eslint-plugin": "^5.2.2",
+    "eslint": "^9.31.0"
   }
 }

prime-gaming.js

@@ -1,104 +1,52 @@
-import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
+// import { chromium } from 'playwright-chromium';
+import { chromium } from 'patchright';
 import { authenticator } from 'otplib';
 import chalk from 'chalk';
-import { resolve, jsonDb, datetime, stealth, filenamify, prompt, confirm, notify, html_game_list, handleSIGINT } from './src/util.js';
+import { resolve, jsonDb, datetime, filenamify, prompt, confirm, notify, html_game_list, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
 
 const screenshot = (...a) => resolve(cfg.dir.screenshots, 'prime-gaming', ...a);
 
-const URL_CLAIM = 'https://luna.amazon.com/claims/home';
+// const URL_LOGIN = 'https://www.amazon.de/ap/signin'; // wrong. needs some session args to be valid?
+const BASE_URL = 'https://luna.amazon.com';
+const URL_CLAIM = `${BASE_URL}/claims/home`;
 
 console.log(datetime(), 'started checking prime-gaming');
 
 const db = await jsonDb('prime-gaming.json', {});
 
 // https://playwright.dev/docs/auth#multi-factor-authentication
-const context = await firefox.launchPersistentContext(cfg.dir.browser, {
+const context = await chromium.launchPersistentContext(cfg.dir.browser, {
   headless: cfg.headless,
   viewport: { width: cfg.width, height: cfg.height },
   locale: 'en-US', // ignore OS locale to be sure to have english text for locators
   recordVideo: cfg.record ? { dir: 'data/record/', size: { width: cfg.width, height: cfg.height } } : undefined, // will record a .webm video for each page navigated; without size, video would be scaled down to fit 800x800
   recordHar: cfg.record ? { path: `data/record/pg-${filenamify(datetime())}.har` } : undefined, // will record a HAR file with network requests and responses; can be imported in Chrome devtools
   handleSIGINT: false, // have to handle ourselves and call context.close(), otherwise recordings from above won't be saved
+  args: [
+    '--hide-crash-restore-bubble',
+  ],
 });
 
 handleSIGINT(context);
 
-await stealth(context);
-
 if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
 
 const page = context.pages().length ? context.pages()[0] : await context.newPage(); // should always exist
-await page.setViewportSize({ width: cfg.width, height: cfg.height }); // workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
+await page.setViewportSize({ width: cfg.width, height: cfg.height }); // TODO workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
+// console.debug('userAgent:', await page.evaluate(() => navigator.userAgent));
 
 const notify_games = [];
 let user;
 
-const handleMFA = async p => {
-  const otpField = p.locator('#auth-mfa-otpcode, input[name=otpCode]');
-  if (!await otpField.count()) return false;
-  console.log('Two-Step Verification - enter the One Time Password (OTP), e.g. generated by your Authenticator App');
-  await p.locator('#auth-mfa-remember-device, [name=rememberDevice]').check().catch(() => {});
-  const otp = cfg.pg_otpkey && authenticator.generate(cfg.pg_otpkey) || await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 6 || 'The code must be 6 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
-  await otpField.first().pressSequentially(otp.toString());
-  await p.locator('input[type="submit"], button[type="submit"]').first().click();
-  return true;
-};
-
 try {
   await page.goto(URL_CLAIM, { waitUntil: 'domcontentloaded' }); // default 'load' takes forever
-  const handleDirectLoginPage = async () => {
-    if (!page.url().includes('/ap/signin')) return false;
-    console.log('On Amazon login page (redirect). Trying to sign in automatically.');
-    if (!cfg.debug) context.setDefaultTimeout(cfg.login_timeout);
-    const email = cfg.pg_email || await prompt({ message: 'Enter email' });
-    const password = email && (cfg.pg_password || await prompt({ type: 'password', message: 'Enter password' }));
-    if (email && password) {
-      await page.fill('[name=email]', email);
-      await page.click('input[type="submit"]');
-      await page.fill('[name=password]', password);
-      await page.click('input[type="submit"]');
-      await handleMFA(page).catch(() => {});
-      try {
-        await page.waitForURL('**/ap/signin**');
-        const error = await page.locator('.a-alert-content').first().innerText();
-        if (error.trim().length) {
-          console.error('Login error:', error);
-          await notify(`prime-gaming: login: ${error}`);
-          await context.close(); // finishes potential recording
-          process.exit(1);
-        }
-      } catch {
-        // if navigation succeeded, continue
-      }
-      await page.waitForURL(/luna\.amazon\.com\/claims\/.*signedIn=true/);
-      if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
-      return true;
-    } else {
-      console.log('Waiting for manual login on redirect page.');
-      if (cfg.headless) {
-        console.log('Run `SHOW=1 node prime-gaming` to login in the opened browser.');
-        await context.close(); // finishes potential recording
-        process.exit(1);
-      }
-      return true;
-    }
-  };
-  await handleDirectLoginPage();
   // need to wait for some elements to exist before checking if signed in or accepting cookies:
-  await Promise.any([
-    'button:has-text("Sign in")',
-    'button:has-text("Anmelden")',
-    '[data-a-target="user-dropdown-first-name-text"]',
-    '[data-testid="user-dropdown-first-name-text"]',
-  ].map(s => page.waitForSelector(s)));
-  try {
-    await page.click('[aria-label="Cookies usage disclaimer banner"] button:has-text("Accept Cookies")'); // to not waste screen space when non-headless; could be flaky
-  } catch {
-    // ignore if banner not present
-  }
-  while (await page.locator('button:has-text("Sign in"), button:has-text("Anmelden")').count() > 0) {
+  await Promise.any(['button:has-text("Sign in")', '[data-a-target="user-dropdown-first-name-text"]'].map(s => page.waitForSelector(s)));
+  page.click('[aria-label="Cookies usage disclaimer banner"] button:has-text("Accept Cookies")').catch(_ => { }); // to not waste screen space when non-headless, TODO does not work reliably, need to wait for something else first?
+  while (await page.locator('button:has-text("Sign in")').count() > 0) {
     console.error('Not signed in anymore.');
+    if (cfg.nowait) process.exit(1);
     await page.click('button:has-text("Sign in")');
     if (!cfg.debug) context.setDefaultTimeout(cfg.login_timeout); // give user some extra time to log in
     console.info(`Login timeout is ${cfg.login_timeout / 1000} seconds!`);
@@ -110,24 +58,24 @@ try {
       await page.fill('[name=email]', email);
       await page.click('input[type="submit"]');
       await page.fill('[name=password]', password);
+      // await page.check('[name=rememberMe]'); // no longer exists
       await page.click('input[type="submit"]');
-      try {
-        await page.waitForURL('**/ap/signin**');
+      page.waitForURL('**/ap/signin**').then(async () => { // check for wrong credentials
         const error = await page.locator('.a-alert-content').first().innerText();
-        if (error.trim().length) {
-          console.error('Login error:', error);
-          await notify(`prime-gaming: login: ${error}`);
-          await context.close(); // finishes potential recording
-          process.exit(1);
-        }
-      } catch {
-        // navigation ok
-      }
-      try {
-        await handleMFA(page);
-      } catch {
-        // ignore MFA watcher errors
-      }
+        if (!error.trim.length) return;
+        console.error('Login error:', error);
+        await notify(`prime-gaming: login: ${error}`);
+        await context.close(); // finishes potential recording
+        process.exit(1);
+      });
+      // handle MFA, but don't await it
+      page.waitForURL('**/ap/mfa**').then(async () => {
+        console.log('Two-Step Verification - enter the One Time Password (OTP), e.g. generated by your Authenticator App');
+        await page.check('[name=rememberDevice]');
+        const otp = cfg.pg_otpkey && authenticator.generate(cfg.pg_otpkey) || await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 6 || 'The code must be 6 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
+        await page.locator('input[name=otpCode]').pressSequentially(otp.toString());
+        await page.click('input[type="submit"]');
+      }).catch(_ => { });
     } else {
       console.log('Waiting for you to login in the browser.');
       await notify('prime-gaming: no longer signed in and not enough options set for automatic login.');
@@ -137,11 +85,14 @@ try {
         process.exit(1);
       }
     }
-    await page.waitForURL('https://gaming.amazon.com/home?signedIn=true');
+    await page.waitForURL(`${BASE_URL}/claims/home?signedIn=true`);
     if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
   }
-  user = await page.locator('[data-a-target="user-dropdown-first-name-text"], [data-testid="user-dropdown-first-name-text"]').first().innerText();
+  user = await page.locator('[data-a-target="user-dropdown-first-name-text"]').first().innerText();
   console.log(`Signed in as ${user}`);
+  // await page.click('button[aria-label="User dropdown and more options"]');
+  // const twitch = await page.locator('[data-a-target="TwitchDisplayName"]').first().innerText();
+  // console.log(`Twitch user name is ${twitch}`);
   db.data[user] ||= {};
 
   if (await page.getByRole('button', { name: 'Try Prime' }).count()) {
@@ -165,133 +116,21 @@ try {
   // loading all games became flaky; see https://github.com/vogler/free-games-claimer/issues/357
     await page.keyboard.press('PageDown'); // scrolling to straight to the bottom started to skip loading some games
     await page.waitForLoadState('networkidle'); // wait for all games to be loaded
-    await page.waitForTimeout(3000); // extra wait to load all already collected games
+    await page.waitForTimeout(3000); // TODO networkidle wasn't enough to load all already collected games
     // do it again since once wasn't enough...
     await page.keyboard.press('PageDown');
     await page.waitForTimeout(3000);
   });
 
-  const openGamesTab = async () => {
-    const selectors = [
-      'button[data-type="Game"]', // old layout
-      'button:has-text("Games")',
-      'button:has-text("Games einlösen")',
-      '[data-test-selector="category-picker"] button:has-text("Games")',
-      '[data-testid="category-picker"] button:has-text("Games")',
-    ];
-    for (const sel of selectors) {
-      const btn = page.locator(sel).first();
-      if (await btn.count()) {
-        await btn.click();
-        return;
-      }
-    }
-    // New Luna claims home: try the filter/CTA button with embedded <p title="Games einlösen">
-    const gamesTitle = page.locator('p.offer-filters__button__title:has-text("Games"), p.offer-filters__button__title:has-text("einlösen")');
-    if (await gamesTitle.count()) {
-      const btn = gamesTitle.first().locator('xpath=ancestor::button[1]');
-      if (await btn.count()) {
-        await btn.click();
-        return;
-      }
-    }
-    // New Luna claims home already shows games list
-  };
-
-  await openGamesTab();
-
-  const locateGamesList = async () => {
-    const selectors = [
-      'div[data-a-target="offer-list-FGWP_FULL"]', // old layout
-      '[data-testid="offer-list"]',
-      '[data-test-selector="offer-list"]',
-      'section:has(h2:has-text("Games with Prime"))',
-      'section:has(h2:has-text("Games"))',
-    ];
-    for (const sel of selectors) {
-      const loc = page.locator(sel).first();
-      if (await loc.count()) return loc;
-    }
-    return null;
-  };
-
-  const games = await locateGamesList();
-  // Load all cards (old and new layout) by scrolling the container or the page
-  if (games) await scrollUntilStable(() => games.evaluate(el => el.scrollHeight).catch(() => 0));
-  await scrollUntilStable(() => page.evaluate(() => globalThis.document?.scrollingElement?.scrollHeight ?? 0));
-
-  const normalizeClaimUrl = url => {
-    if (!url) return { url, key: null };
-    const m = url.match(/(https?:\/\/[^/]+)?(\/claims\/[^?#]+)/);
-    if (!m) return { url, key: url };
-    const path = m[2];
-    const slug = path.split('/')[2];
-    return { url: 'https://luna.amazon.com' + path, key: slug || path };
-  };
-
-  const cards = [];
-  // New layout: direct claim buttons on cards (FGWPOffer) with "Spiel aktivieren"/"Claim"
-  const fgwps = page.locator('[data-a-target="FGWPOffer"]');
-  if (await fgwps.count()) {
-    for (const handle of await fgwps.elementHandles()) {
-      const href = await handle.getAttribute('href');
-      const { url, key } = normalizeClaimUrl(href?.startsWith('/') ? href : href || '');
-      const title =
-        await handle.$eval('p[title], span[title]', el => el.getAttribute('title')).catch(() => null) ||
-        await handle.$eval('p, span', el => el.textContent).catch(() => null) ||
-        key ||
-        'Unknown title';
-      cards.push({ kind: 'external', title, url, key });
-    }
-  }
-
-  const anchorClaims = page.locator('a[href*="/claims/"][href*="amzn1.pg.item"]');
-  if (await anchorClaims.count()) {
-    const hrefs = [...new Set(await anchorClaims.evaluateAll(anchors => anchors.map(a => a.getAttribute('href')).filter(Boolean)))];
-    for (const href of hrefs) {
-      const { url, key } = normalizeClaimUrl(href);
-      const title = key || await anchorClaims.first().innerText() || 'Unknown title';
-      cards.push({ kind: 'external', title, url, key });
-    }
-  }
-
-  if (!cards.length && games) {
-    const cardLocator = games.locator([
-      '[data-testid="offer-card"]',
-      '[data-test-selector="offer-card"]',
-      '.item-card__action',
-    ].join(','));
-    if (await cardLocator.count() === 0) {
-      console.log('No games found in list.');
-    } else {
-      for (const handle of await cardLocator.elementHandles()) {
-        const text = (await handle.textContent() || '').toLowerCase();
-        if (text.includes('collected')) continue; // skip already claimed
-        const title = await (await handle.$('h3, h4, [data-testid="item-card-title"], [data-test-selector="item-card-title"], .item-card-details__body__primary'))?.innerText() || 'Unknown title';
-        const linkEl = await handle.$('a[href]');
-        let url = linkEl && await linkEl.getAttribute('href');
-        if (url?.startsWith('/')) url = 'https://luna.amazon.com' + url;
-        const { url: normUrl, key } = normalizeClaimUrl(url);
-        const hasLinkClaim = await handle.$('a:has-text("Claim"), a:has-text("Get"), a:has-text("Details")');
-        const hasButtonClaim = await handle.$('button:has-text("Claim"), button:has-text("Get"), button:has-text("Get game"), button:has-text("Play")');
-        const hasGermanCTA = await handle.$(':is(button,p,a):has-text("Spiel aktivieren"), :is(button,p,a):has-text("Spiel holen")');
-        if (hasLinkClaim || hasGermanCTA) cards.push({ kind: 'external', title, url: normUrl, key });
-        else if (hasButtonClaim) cards.push({ kind: 'internal', title, url: normUrl, key, handle });
-      }
-    }
-  }
-
-  // dedup by URL to avoid duplicates from multiple selectors
-  const seenUrl = new Set();
-  const uniq = cards.filter(c => {
-    const key = c.key || c.url || c.title;
-    if (seenUrl.has(key)) return false;
-    seenUrl.add(key);
-    return true;
-  });
-
-  const internal = uniq.filter(c => c.kind == 'internal');
-  const external = uniq.filter(c => c.kind == 'external');
+  await page.click('button[data-type="Game"]');
+  const games = page.locator('div[data-a-target="offer-list-FGWP_FULL"]');
+  await games.waitFor();
+  // await scrollUntilStable(() => games.locator('.item-card__action').count()); // number of games
+  await scrollUntilStable(() => page.evaluate(() => document.querySelector('.tw-full-width').scrollHeight)); // height may change during loading while number of games is still the same?
+  console.log('Number of already claimed games (total):', await games.locator('p:has-text("Collected")').count());
+  // can't use .all() since the list of elements via locator will change after click while we iterate over it
+  const internal = await games.locator('.item-card__action:has(button[data-a-target="FGWPOffer"])').all();
+  const external = await games.locator('.item-card__action:has(a[data-a-target="FGWPOffer"])').all();
   // bottom to top: oldest to newest games
   internal.reverse();
   external.reverse();
@@ -302,203 +141,86 @@ try {
       p = await context.newPage();
       await p.goto(url, { waitUntil: 'domcontentloaded' });
     }
-    return [p, isNew];
+    return { p, isNew };
   };
   const skipBasedOnTime = async url => {
-    const [p, isNew] = await sameOrNewPage(url);
-    const dueDateLoc = p.locator('.availability-date .tw-bold, [data-testid="availability-end-date"], [data-test-selector="availability-end-date"]');
-    if (!await dueDateLoc.count()) {
-      if (isNew) await p.close();
-      return false;
-    }
-    const dueDateOrg = await dueDateLoc.first().innerText();
+    // console.log('  Checking time left for game:', url);
+    const { p, isNew } = await sameOrNewPage(url);
+    const dueDateOrg = await p.locator('.availability-date .tw-bold').innerText();
     const dueDate = new Date(Date.parse(dueDateOrg + ' 17:00'));
     const daysLeft = (dueDate.getTime() - Date.now()) / 1000 / 60 / 60 / 24;
-    const availabilityText = await p.locator('.availability-date, [data-testid="availability-end-date"], [data-test-selector="availability-end-date"]').first().innerText().catch(() => dueDateOrg);
-    console.log(' ', availabilityText, '->', daysLeft.toFixed(2));
+    console.log(' ', await p.locator('.availability-date').innerText(), '->', daysLeft.toFixed(2));
     if (isNew) await p.close();
     return daysLeft > cfg.pg_timeLeft;
   };
   console.log('\nNumber of free unclaimed games (Prime Gaming):', internal.length);
   // claim games in internal store
   for (const card of internal) {
-    await card.handle.scrollIntoViewIfNeeded();
-    const title = card.title;
-    const url = card.url;
+    await card.scrollIntoViewIfNeeded();
+    const title = await (await card.locator('.item-card-details__body__primary')).innerText();
+    const slug = await (await card.locator('a')).getAttribute('href');
+    const url = BASE_URL + slug.split('?')[0];
     console.log('Current free game:', chalk.blue(title));
-    if (cfg.pg_timeLeft && url && await skipBasedOnTime(url)) continue;
+    if (cfg.pg_timeLeft && await skipBasedOnTime(url)) continue;
     if (cfg.dryrun) continue;
-    if (cfg.interactive) {
-      const confirmed = await confirm();
-      if (!confirmed) continue;
-    }
-    await card.handle.locator('.tw-button:has-text("Claim"), .tw-button:has-text("Get"), button:has-text("Claim"), button:has-text("Get")').first().click();
+    if (cfg.interactive && !await confirm()) continue;
+    await card.locator('.tw-button:has-text("Claim")').click();
     db.data[user][title] ||= { title, time: datetime(), url, store: 'internal' };
     notify_games.push({ title, status: 'claimed', url });
-    await card.handle.screenshot({ path: screenshot('internal', `${filenamify(title)}.png`) });
+    // const img = await card.locator('img.tw-image').getAttribute('src');
+    // console.log('Image:', img);
+    await card.screenshot({ path: screenshot('internal', `${filenamify(title)}.png`) });
   }
   console.log('\nNumber of free unclaimed games (external stores):', external.length);
   // claim games in external/linked stores. Linked: origin.com, epicgames.com; Redeem-key: gog.com, legacygames.com, microsoft
   const external_info = [];
   for (const card of external) { // need to get data incl. URLs in this loop and then navigate in another, otherwise .all() would update after coming back and .elementHandles() like above would lead to error due to page navigation: elementHandle.$: Protocol error (Page.adoptNode)
-    const title = card.title;
-    const url = card.url ? card.url.split('?')[0] : undefined;
-    if (!url) continue;
+    const title = await card.locator('.item-card-details__body__primary').innerText();
+    const slug = await card.locator('a:has-text("Claim")').first().getAttribute('href');
+    const url = BASE_URL + slug.split('?')[0];
+    // await (await card.$('text=Claim')).click(); // goes to URL of game, no need to wait
     external_info.push({ title, url });
   }
-  const clickCTA = async p => {
-    const candidates = [
-      p.locator('button[data-a-target="buy-box_call-to-action"]').first(),
-      p.locator('[data-a-target="buy-box_call-to-action"]').first(),
-      p.locator('[data-a-target="buy-box"] .tw-button:has-text("Get game")').first(),
-      p.locator('[data-a-target="buy-box"] .tw-button:has-text("Claim")').first(),
-      p.locator('.tw-button:has-text("Complete Claim")').first(),
-      p.locator('[data-a-target="buy-box_call-to-action-text"]').first().locator('xpath=ancestor::button[1]'),
-      p.locator('.tw-button:has-text("Spiel holen"), .tw-button:has-text("Spiel aktivieren")').first(),
-      p.locator('p:has-text("Spiel holen"), p:has-text("Spiel aktivieren")').first().locator('xpath=ancestor::button[1]'),
-    ];
-    for (const c of candidates) {
-      if (await c.count()) {
-        try {
-          await c.waitFor({ state: 'visible', timeout: 5000 });
-          const enabled = await c.isEnabled();
-          if (enabled) await c.click();
-          else {
-            await c.evaluate(el => {
-              el.disabled = false;
-              el.removeAttribute('disabled');
-              el.click();
-            });
-          }
-          return true;
-        } catch {
-          // try next candidate
-        }
-      }
-    }
-    return false;
-  };
-
+  // external_info = [ { title: 'Fallout 76 (XBOX)', url: 'https://gaming.amazon.com/fallout-76-xbox-fgwp/dp/amzn1.pg.item.9fe17d7b-b6c2-4f58-b494-cc4e79528d0b?ingress=amzn&ref_=SM_Fallout76XBOX_S01_FGWP_CRWN' } ];
   for (const { title, url } of external_info) {
     console.log('Current free game:', chalk.blue(title)); // , url);
-    const existingStatus = db.data[user]?.[title]?.status;
-    if (existingStatus && !existingStatus.startsWith('failed')) {
-      console.log(`  Already recorded as ${existingStatus}, skipping.`);
-      notify_games.push({ title, url, status: 'existed' });
-      continue;
-    }
     await page.goto(url, { waitUntil: 'domcontentloaded' });
-    await page.waitForSelector('[data-a-target="buy-box"]', { timeout: 10000 }).catch(() => {});
     if (cfg.debug) await page.pause();
-    let store = 'unknown';
-    const detailLoc = page.locator('[data-a-target="DescriptionItemDetails"], [data-testid="DescriptionItemDetails"]');
-    if (await detailLoc.count()) {
-      const item_text = await detailLoc.first().innerText();
-      const lower = item_text.toLowerCase();
-      const onPos = lower.lastIndexOf(' on ');
-      if (onPos >= 0) store = lower.slice(onPos + 4).replace(/[.!]$/, '');
-    } else if (url.includes('/claims/')) {
-      const slug = url.split('/claims/')[1]?.split('/')[0] || '';
-      if (slug.includes('gog')) store = 'gog.com';
-      else if (slug.includes('epic')) store = 'epic-games';
-      else if (slug.includes('origin')) store = 'origin';
-      else if (slug.includes('xbox') || slug.includes('microsoft')) store = 'microsoft store';
-      else if (slug.includes('legacy')) store = 'legacy games';
-      const lunaPlay = await page.locator('[data-a-target="LunaOffer"], button[data-a-target="LunaOffer"], button:has-text("Spielen")').count();
-      if (store == 'unknown' && lunaPlay) store = 'luna';
-    }
+    const item_text = await page.innerText('[data-a-target="DescriptionItemDetails"]');
+    const store = item_text.toLowerCase().replace(/.* on /, '').slice(0, -1);
     console.log('  External store:', store);
-    const notify_game = { title, url };
-    notify_games.push(notify_game); // status is updated below
-    // Already collected? skip
-    const collectedLoc = page.locator('[data-a-target="ClaimStateQuantityAndDateContent"], [data-a-target="ClaimStateClaimCodeContent"]:has-text("Collected"), [data-a-target="ClaimStateVendorContent"], [data-a-target="ClaimStateViewDetailsAndInstructions"]');
-    const collectedText = page.getByText(/You collected this on/i);
-    const collectedEpic = page.getByText(/Sent to your Epic Games Store library/i);
-    const collectedBanner = page.locator('p.tw-c-text-alert-success:has-text("Collected"), p.tw-c-text-alert-success:has-text("Collected this")');
-    const collectedSuccessIcon = page.locator('[data-a-target="ItemCardDetailSuccessStatus"], .claim-state__success-icon');
-    const disabledCTA = page.locator('[data-a-target="buy-box_call-to-action"][disabled], button[disabled]:has-text("Get game")');
-    const collectedAny = await Promise.all([
-      collectedLoc.count(),
-      collectedBanner.count(),
-      collectedText.count(),
-      collectedEpic.count(),
-      collectedSuccessIcon.count(),
-      disabledCTA.count(),
-    ]).then(([a, b, c, d, e, f]) => a + b + c + d + e + f > 0);
-    if (collectedAny) {
-      console.log('  Already collected, skipping.');
-      notify_game.status = 'existed';
-      db.data[user][title] ||= { title, time: datetime(), url, store, status: 'existed' };
-      continue;
-    }
-    // Disabled CTA (e.g., needs linking or not available)
-    if (await disabledCTA.count()) {
-      if (store !== 'epic-games') {
-        console.log('  CTA is disabled, skipping (likely needs linking/not available).');
-        notify_game.status = 'disabled';
-        db.data[user][title] ||= { title, time: datetime(), url, store, status: 'disabled' };
-        continue;
-      } else {
-        console.log('  CTA disabled for epic-games, will still try to link/claim.');
-      }
-    }
-    if (store == 'luna') {
-      console.log('  Luna cloud title detected, skipping code redemption.');
-      notify_game.status = 'luna (play)';
-      db.data[user][title] ||= { title, time: datetime(), url, store: 'luna', status: 'luna (play)' };
-      continue;
-    }
     if (cfg.pg_timeLeft && await skipBasedOnTime(url)) continue;
     if (cfg.dryrun) continue;
-    if (cfg.interactive) {
-      const confirmed = await confirm();
-      if (!confirmed) continue;
-    }
-    await clickCTA(page);
-    await Promise.any([
-      page.waitForSelector('.thank-you-title:has-text("Success")', { timeout: cfg.timeout }).catch(() => {}),
-      page.waitForSelector('div:has-text("Link game account")', { timeout: cfg.timeout }).catch(() => {}),
-    ]).catch(() => {});
+    if (cfg.interactive && !await confirm()) continue;
+    await Promise.any([page.click('[data-a-target="buy-box"] .tw-button:has-text("Get game")'), page.click('[data-a-target="buy-box"] .tw-button:has-text("Claim")'), page.click('.tw-button:has-text("Complete Claim")'), page.waitForSelector('div:has-text("Link game account")'), page.waitForSelector('.thank-you-title:has-text("Success")')]); // waits for navigation
     db.data[user][title] ||= { title, time: datetime(), url, store };
-    if (await page.locator('div:has-text("Link game account")').count() // epic games store also shows "Link account"
+    const notify_game = { title, url };
+    notify_games.push(notify_game); // status is updated below
+    if (await page.locator('div:has-text("Link game account")').count() // TODO still needed? epic games store just has 'Link account' as the button text now.
        || await page.locator('div:has-text("Link account")').count()) {
       console.error('  Account linking is required to claim this offer!');
       notify_game.status = `failed: need account linking for ${store}`;
       db.data[user][title].status = 'failed: need account linking';
       // await page.pause();
       // await page.click('[data-a-target="LinkAccountModal"] [data-a-target="LinkAccountButton"]');
-      // login for epic games also needed if already logged in
+      // TODO login for epic games also needed if already logged in
       // wait for https://www.epicgames.com/id/authorize?redirect_uri=https%3A%2F%2Fservice.link.amazon.gg...
       // await page.click('button[aria-label="Allow"]');
     } else {
       db.data[user][title].status = 'claimed';
       // print code if there is one
       const redeem = {
-        // 'origin': 'https://www.origin.com/redeem', // kept for legacy flows; current path uses account linking
+        // 'origin': 'https://www.origin.com/redeem', // TODO still needed or now only via account linking?
         'gog.com': 'https://www.gog.com/redeem',
         'microsoft store': 'https://account.microsoft.com/billing/redeem',
         xbox: 'https://account.microsoft.com/billing/redeem',
         'legacy games': 'https://www.legacygames.com/primedeal',
       };
       if (store in redeem) { // did not work for linked origin: && !await page.locator('div:has-text("Successfully Claimed")').count()
-        let code;
-        try {
-          // ensure CTA was clicked in case code is behind it
-          await clickCTA(page).catch(() => {});
-          code = await Promise.any([
-            page.inputValue('input[type="text"]'),
-            page.textContent('[data-a-target="ClaimStateClaimCodeContent"]').then(s => s.replace('Your code: ', '')),
-          ]);
-        } catch {
-          console.error('  Could not find claim code on page (timeout). Please check manually.');
-          db.data[user][title].status = 'claimed (code not found)';
-          notify_game.status = 'claimed (code not found)';
-          await page.screenshot({ path: screenshot('external', `${filenamify(title)}_nocode.png`), fullPage: true }).catch(() => {});
-          continue;
-        }
+        const code = await Promise.any([page.inputValue('input[type="text"]'), page.textContent('[data-a-target="ClaimStateClaimCodeContent"]').then(s => s.replace('Your code: ', ''))]); // input: Legacy Games; text: gog.com
         console.log('  Code to redeem game:', chalk.blue(code));
         if (store == 'legacy games') { // may be different URL like https://legacygames.com/primeday/puzzleoftheyear/
-          redeem[store] = await (await page.$('li:has-text("Click here") a')).getAttribute('href'); // full text: Click here to enter your redemption code.
+          redeem[store] = await page.locator('li:has-text("Click here") a').getAttribute('href'); // full text: Click here to enter your redemption code.
         }
         let redeem_url = redeem[store];
         if (store == 'gog.com') redeem_url += '/' + code; // to log and notify, but can't use for goto below (captcha)
@@ -510,11 +232,16 @@ try {
           const page2 = await context.newPage();
           await page2.goto(redeem[store], { waitUntil: 'domcontentloaded' });
           if (store == 'gog.com') {
+            // await page.goto(`https://redeem.gog.com/v1/bonusCodes/${code}`); // {"reason":"Invalid or no captcha"}
             await page2.fill('#codeInput', code);
+            // wait for responses before clicking on Continue and then Redeem
+            // first there are requests with OPTIONS and GET to https://redeem.gog.com/v1/bonusCodes/XYZ?language=de-DE
             const r1 = page2.waitForResponse(r => r.request().method() == 'GET' && r.url().startsWith('https://redeem.gog.com/'));
             await page2.click('[type="submit"]'); // click Continue
+            // console.log(await page2.locator('.warning-message').innerText()); // does not exist if there is no warning
             const r1t = await (await r1).text();
-            const reason = JSON.parse(r1t).reason;
+            const r1j = JSON.parse(r1t);
+            const reason = r1j.reason;
             // {"reason":"Invalid or no captcha"}
             // {"reason":"code_used"}
             // {"reason":"code_not_found"}
@@ -527,27 +254,33 @@ try {
             } else if (reason == 'code_not_found') {
               redeem_action = 'redeem (not found)';
               console.error('  Code was not found!');
-            } else { // unknown state; keep info log for later analysis
+            } else { // TODO not logged in? need valid unused code to test.
+              console.log('  Redeeming', r1j.products[0].title);
               redeem_action = 'redeemed?';
-              console.debug(`  Response 1: ${r1t}`);
+              // then after the click on Redeem there is a POST request which returns json
+              // POST https://redeem.gog.com/v1/bonusCodes/XYZ {productIds: ["1408290682"]}
               const r2 = page2.waitForResponse(r => r.request().method() == 'POST' && r.url().startsWith('https://redeem.gog.com/'));
               await page2.click('[type="submit"]'); // click Redeem
               const r2t = await (await r2).text();
-              const reason2 = JSON.parse(r2t).reason;
-              if (r2t == '{}') {
+              const r2j = JSON.parse(r2t);
+              // {"type":"async_processing","checkoutUrl":null}
+              if (r2j?.type == 'async_processing') {
+                await page2.locator('h1:has-text("Code redeemed successfully!")').waitFor();
                 redeem_action = 'redeemed';
                 console.log('  Redeemed successfully.');
                 db.data[user][title].status = 'claimed and redeemed';
-              } else if (reason2?.includes('captcha')) {
+              } else if (r2j?.reason2?.includes('captcha')) {
                 redeem_action = 'redeem (got captcha)';
                 console.error('  Got captcha; could not redeem!');
               } else {
+                console.debug(`  Response 1: ${r1t}`);
                 console.debug(`  Response 2: ${r2t}`);
                 console.log('  Unknown Response 2 - please report in https://github.com/vogler/free-games-claimer/issues/5');
               }
             }
           } else if (store == 'microsoft store' || store == 'xbox') {
             console.error(`  Redeem on ${store} is experimental!`);
+            // await page2.pause();
             if (page2.url().startsWith('https://login.')) {
               console.error('  Not logged in! Please redeem the code above manually. You can now login in the browser for next time. Waiting for 60s.');
               await page2.waitForTimeout(60 * 1000);
@@ -558,7 +291,9 @@ try {
               await input.waitFor();
               await input.fill(code);
               const r = page2.waitForResponse(r => r.url().startsWith('https://cart.production.store-web.dynamics.com/v1.0/Redeem/PrepareRedeem'));
+              // console.log(await page2.locator('.redeem_code_error').innerText());
               const rt = await (await r).text();
+              // {"code":"NotFound","data":[],"details":[],"innererror":{"code":"TokenNotFound",...
               const j = JSON.parse(rt);
               const reason = j?.events?.cart.length && j.events.cart[0]?.data?.reason;
               if (reason == 'TokenNotFound') {
@@ -572,24 +307,26 @@ try {
                 if (j?.events?.cart.length && j.events.cart[0]?.data?.reason == 'UserAlreadyOwnsContent') {
                   redeem_action = 'already redeemed';
                   console.error('  error: UserAlreadyOwnsContent');
-                } else { // success path not seen yet; log below if needed
+                } else { // TODO what's returned on success?
                   redeem_action = 'redeemed';
                   db.data[user][title].status = 'claimed and redeemed?';
                   console.log('  Redeemed successfully? Please report if not in https://github.com/vogler/free-games-claimer/issues/5');
                 }
-              } else { // other responses; keep info log for analysis
+              } else { // TODO find out other responses
                 redeem_action = 'unknown';
                 console.debug(`  Response: ${rt}`);
                 console.log('  Redeemed successfully? Please report your Response from above (if it is new) in https://github.com/vogler/free-games-claimer/issues/5');
               }
             }
           } else if (store == 'legacy games') {
+            // await page2.pause();
             await page2.fill('[name=coupon_code]', code);
             await page2.fill('[name=email]', cfg.lg_email);
             await page2.fill('[name=email_validate]', cfg.lg_email);
             await page2.uncheck('[name=newsletter_sub]');
             await page2.click('[type="submit"]');
             try {
+              // await page2.waitForResponse(r => r.url().startsWith('https://promo.legacygames.com/promotion-processing/order-management.php')); // status code 302
               await page2.waitForSelector('h2:has-text("Thanks for redeeming")');
               redeem_action = 'redeemed';
               db.data[user][title].status = 'claimed and redeemed';
@@ -610,18 +347,18 @@ try {
         notify_game.status = `claimed on ${store}`;
         db.data[user][title].status = 'claimed';
       }
+      // save screenshot of potential code just in case
       await page.screenshot({ path: screenshot('external', `${filenamify(title)}.png`), fullPage: true });
+      // console.info('  Saved a screenshot of page to', p);
     }
+    // await page.pause();
   }
   await page.goto(URL_CLAIM, { waitUntil: 'domcontentloaded' });
-  try {
-    await page.click('button[data-type="Game"]');
-  } catch {
-    // ignore if filter already selected
-  }
+  await page.click('button[data-type="Game"]');
 
-  if (notify_games.length && games) { // make screenshot of all games if something was claimed and list exists
+  if (notify_games.length) { // make screenshot of all games if something was claimed
     const p = screenshot(`${filenamify(datetime())}.png`);
+    // await page.screenshot({ path: p, fullPage: true }); // fullPage does not make a difference since scroll not on body but on some element
     await scrollUntilStable(() => games.locator('.item-card__action').count());
     const viewportSize = page.viewportSize(); // current viewport size
     await page.setViewportSize({ ...viewportSize, height: 3000 }); // increase height, otherwise element screenshot is cut off at the top and bottom
@@ -645,7 +382,7 @@ try {
     const dlcs = await Promise.all(cards.map(async card => ({
       game: await card.locator('.item-card-details__body p').innerText(),
       title: await card.locator('.item-card-details__body__primary').innerText(),
-      url: 'https://gaming.amazon.com' + await card.locator('a').first().getAttribute('href'),
+      url: BASE_URL + await card.locator('a').first().getAttribute('href'),
     })));
     // console.log(dlcs);
 
@@ -664,30 +401,17 @@ try {
         await page.goto(url, { waitUntil: 'domcontentloaded' });
         // most games have a button 'Get in-game content'
         // epic-games: Fall Guys: Claim -> Continue -> Go to Epic Games (despite account linked and logged into epic-games) -> not tied to account but via some cookie?
-        const claimOptions = [
-          page.click('.tw-button:has-text("Get in-game content")'),
-          page.click('.tw-button:has-text("Claim your gift")'),
-          (async () => {
-            await page.click('.tw-button:has-text("Claim")');
-            await page.click('button:has-text("Continue")').catch(() => {});
-          })(),
-        ];
-        await Promise.any(claimOptions);
-        try {
-          await page.click('button:has-text("Continue")');
-        } catch {
-          // continue button not always present
-        }
+        await Promise.any([page.click('.tw-button:has-text("Get in-game content")'), page.click('.tw-button:has-text("Claim your gift")'), page.click('.tw-button:has-text("Claim")').then(() => page.click('button:has-text("Continue")'))]);
+        page.click('button:has-text("Continue")').catch(_ => { });
         const linkAccountButton = page.locator('[data-a-target="LinkAccountButton"]');
         let unlinked_store;
         if (await linkAccountButton.count()) {
           unlinked_store = await linkAccountButton.first().getAttribute('aria-label');
           console.debug('  LinkAccountButton label:', unlinked_store);
-          const match = unlinked_store?.match(/Link (.*) account/);
-          const extracted = match?.[1];
-          if (extracted) unlinked_store = extracted;
+          const match = unlinked_store.match(/Link (.*) account/);
+          if (match && match.length == 2) unlinked_store = match[1];
         } else if (await page.locator('text=Link game account').count()) { // epic-games only?
-          console.error('  Missing account linking (epic-games specific button?):', await page.locator('button[data-a-target="gms-cta"]').innerText()); // track account-linking UI drift
+          console.error('  Missing account linking (epic-games specific button?):', await page.locator('button[data-a-target="gms-cta"]').innerText()); // TODO needed?
           unlinked_store = 'epic-games';
         }
         if (unlinked_store) {
@@ -695,11 +419,13 @@ try {
           dlc_unlinked[unlinked_store] ??= [];
           dlc_unlinked[unlinked_store].push(title);
         } else {
-          const code = await page.inputValue('input[type="text"]').catch(() => undefined);
+          const code = await page.inputValue('input[type="text"]').catch(_ => undefined);
           console.log('  Code to redeem game:', chalk.blue(code));
           db.data[user][title].code = code;
           db.data[user][title].status = 'claimed';
+          // notify_game.status = `<a href="${redeem[store]}">${redeem_action}</a> ${code} on ${store}`;
         }
+        // await page.pause();
       } catch (error) {
         console.error(error);
       } finally {

src/config.js

@@ -1,7 +1,7 @@
 import * as dotenv from 'dotenv';
 import { dataDir } from './util.js';
 
-dotenv.config({ path: 'data/config.env' }); // loads env vars from file - will not set vars that are already set, i.e., can overwrite values from file by prefixing, e.g., VAR=VAL node ...
+dotenv.config({ path: 'data/config.env', quiet: true }); // loads env vars from file - will not set vars that are already set, i.e., can overwrite values from file by prefixing, e.g., VAR=VAL node ...
 
 // Options - also see table in README.md
 export const cfg = {
@@ -9,8 +9,9 @@ export const cfg = {
   debug_network: process.env.DEBUG_NETWORK == '1', // log network requests and responses
   record: process.env.RECORD == '1', // `recordHar` (network) + `recordVideo`
   time: process.env.TIME == '1', // log duration of each step
+  interactive: process.env.INTERACTIVE == '1', // confirm to claim, enter to skip
   dryrun: process.env.DRYRUN == '1', // don't claim anything
-  interactive: process.env.INTERACTIVE == '1', // confirm to claim, default skip
+  nowait: process.env.NOWAIT == '1', // fail fast instead of waiting for user input
   show: process.env.SHOW == '1', // run non-headless
   get headless() {
     return !this.debug && !this.show;
@@ -33,6 +34,7 @@ export const cfg = {
   eg_password: process.env.EG_PASSWORD || process.env.PASSWORD,
   eg_otpkey: process.env.EG_OTPKEY,
   eg_parentalpin: process.env.EG_PARENTALPIN,
+  eg_mobile: process.env.EG_MOBILE != '0', // claim mobile games
   // auth prime-gaming
   pg_email: process.env.PG_EMAIL || process.env.EMAIL,
   pg_password: process.env.PG_PASSWORD || process.env.PASSWORD,

src/epic-games-mobile.js

@@ -0,0 +1,51 @@
+// following https://github.com/vogler/free-games-claimer/issues/474
+
+const get = async (platform = 'android') => { // or ios
+  const r = await fetch(`https://egs-platform-service.store.epicgames.com/api/v2/public/discover/home?count=10&country=DE&locale=en&platform=${platform}&start=0&store=EGS`);
+  return await r.json();
+};
+
+// $ jq '.data[].topicId' -r
+// $ jq '.data[] | {topicId,type} | flatten | @tsv' -r
+// mobile-android-carousel          featured
+// mobile-android-featured-breaker  featured
+// mobile-android-genre-must-play   interactiveIconList
+// mobile-android-1pp               featured
+// mobile-android-fn-exp            imageOnly
+// android-mega-sale                interactiveIconList
+// mobile-android-free-game         freeGame
+// mobile-android-genre-action      featured
+// mobile-android-genre-free        interactiveIconList
+// mobile-android-genre-paid        interactiveIconList
+// $ jq '.data[].offers[].content | {slug: .mapping.slug, price: (.purchase[] | {decimal: .price.decimalPrice, type: .purchaseType})}'
+// {
+//   "slug": "dc-heroes-united-android-de4bc2",
+//   "price": {
+//     "decimal": 0,
+//     "type": "Claim"
+//   }
+// }
+// {
+//   "slug": "ashworld-android-abd8de",
+//   "price": {
+//     "decimal": 4.79,
+//     "type": "Purchase"
+//   }
+// }
+
+const url = s => `https://store.epicgames.com/en-US/p/${s}`;
+
+export const getPlatformGames = async platform => {
+  const json = await get(platform);
+  const free_game = json.data.filter(x => x.type == 'freeGame')[0];
+  // console.log(free_game);
+  return free_game.offers.map(offer => {
+    const c = offer.content;
+    // console.log(c.purchase)
+    return { title: c.title, url: url(c.mapping.slug) };
+  });
+};
+
+export const getGames = async () => [...await getPlatformGames('android'), ...await getPlatformGames('ios')];
+
+// console.log(await getGames());

src/migrate.js

@@ -1,4 +1,4 @@
-import { existsSync } from 'node:fs';
+import { existsSync } from 'fs';
 import { Low } from 'lowdb';
 import { JSONFile } from 'lowdb/node';
 import { datetime } from './util.js';
@@ -18,6 +18,7 @@ const datetime_UTCtoLocalTimezone = async file => {
       db.data[user][game].time = time2;
     }
   }
+  // console.log(db.data);
   await db.write(); // write out json db
 };
 

src/util.js

@@ -19,9 +19,7 @@ export const delay = ms => new Promise(resolve => setTimeout(resolve, ms));
 export const datetimeUTC = (d = new Date()) => d.toISOString().replace('T', ' ').replace('Z', '');
 // same as datetimeUTC() but for local timezone, e.g., UTC + 2h for the above in DE
 export const datetime = (d = new Date()) => datetimeUTC(new Date(d.getTime() - d.getTimezoneOffset() * 60000));
-export const filenamify = s => s
-  .replaceAll(':', '.')
-  .replaceAll(/[^a-z0-9 _\-.]/gi, '_'); // alternative: https://www.npmjs.com/package/filenamify - On Unix-like systems, / is reserved. On Windows, <>:"/\|?* along with trailing periods are reserved.
+export const filenamify = s => s.replaceAll(':', '.').replace(/[^a-z0-9 _\-.]/gi, '_'); // alternative: https://www.npmjs.com/package/filenamify - On Unix-like systems, / is reserved. On Windows, <>:"/\|?* along with trailing periods are reserved.
 
 export const handleSIGINT = (context = null) => process.on('SIGINT', async () => { // e.g. when killed by Ctrl-C
   console.error('\nInterrupted by SIGINT. Exit!'); // Exception shows where the script was:\n'); // killed before catch in docker...
@@ -92,50 +90,42 @@ export const stealth = async context => {
 // alternative inquirer is big (node_modules 29MB, enquirer 9.7MB, prompts 9.8MB, none 9.4MB) and slower
 // open issue: prevents handleSIGINT() to work if prompt is cancelled with Ctrl-C instead of Escape: https://github.com/enquirer/enquirer/issues/372
 import Enquirer from 'enquirer'; const enquirer = new Enquirer();
-const timeoutHint = () => 'timeout';
-const cancelPromptWithHint = prompt => {
-  prompt.hint = timeoutHint;
-  prompt.cancel();
+const timeoutPlugin = timeout => enquirer => { // cancel prompt after timeout ms
+  enquirer.on('prompt', prompt => {
+    const t = setTimeout(() => {
+      prompt.hint = () => 'timeout';
+      prompt.cancel();
+    }, timeout);
+    prompt.on('submit', _ => clearTimeout(t));
+    prompt.on('cancel', _ => clearTimeout(t));
+  });
 };
-const applyPromptTimeout = (prompt, timeout) => {
-  if (!timeout) return;
-  const timer = setTimeout(cancelPromptWithHint, timeout, prompt);
-  const clearTimer = () => clearTimeout(timer);
-  prompt.on('submit', clearTimer);
-  prompt.on('cancel', clearTimer);
-};
-// cancel prompt after timeout ms; can be disabled per prompt via options.timeout = 0
-const timeoutPlugin = defaultTimeout => enquirerInstance => {
-  const onPrompt = prompt => applyPromptTimeout(prompt, prompt.options?.timeout ?? defaultTimeout);
-  enquirerInstance.on('prompt', onPrompt);
-};
-enquirer.use(timeoutPlugin(cfg.login_timeout));
+enquirer.use(timeoutPlugin(cfg.login_timeout)); // TODO may not want to have this timeout for all prompts; better extend Prompt and add a timeout prompt option
 // single prompt that just returns the non-empty value instead of an object
 // @ts-ignore
-export const prompt = o => enquirer.prompt({ name: 'name', type: 'input', message: 'Enter value', ...o }).then(r => r.name).catch(() => {});
+export const prompt = o => enquirer.prompt({ name: 'name', type: 'input', message: 'Enter value', ...o }).then(r => r.name).catch(_ => {});
 export const confirm = o => prompt({ type: 'confirm', message: 'Continue?', ...o });
 
 // notifications via apprise CLI
-import { execFile } from 'node:child_process';
+import { execFile } from 'child_process';
 import { cfg } from './config.js';
 
-export const notify = html => new Promise(resolve => {
+export const notify = html => new Promise((resolve, reject) => {
   if (!cfg.notify) {
     if (cfg.debug) console.debug('notify: NOTIFY is not set!');
     return resolve();
   }
-  const appriseBin = process.env.APPRISE_BIN || '/usr/local/bin/apprise';
+  // const cmd = `apprise '${cfg.notify}' ${title} -i html -b '${html}'`; // this had problems if e.g. ' was used in arg; could have `npm i shell-escape`, but instead using safer execFile which takes args as array instead of exec which spawned a shell to execute the command
   const args = [cfg.notify, '-i', 'html', '-b', `'${html}'`];
-  if (cfg.notify_title) args.push('-t', cfg.notify_title);
-  if (cfg.debug) console.debug(`${appriseBin} ${args.join(' ')}`); // this also doesn't escape, but it's just for info
-  execFile(appriseBin, args, (error, stdout, stderr) => {
+  if (cfg.notify_title) args.push(...['-t', cfg.notify_title]);
+  if (cfg.debug) console.debug(`apprise ${args.map(a => `'${a}'`).join(' ')}`); // this also doesn't escape, but it's just for info
+  execFile('apprise', args, (error, stdout, stderr) => {
     if (error) {
       console.log(`error: ${error.message}`);
       if (error.message.includes('command not found')) {
         console.info('Run `pip install apprise`. See https://github.com/vogler/free-games-claimer#notifications');
       }
-      // don't fail the whole run on notification errors
-      return resolve();
+      return reject(error);
     }
     if (stderr) console.error(`stderr: ${stderr}`);
     if (stdout) console.log(`stdout: ${stdout}`);

src/version.js

@@ -1,14 +1,15 @@
-import { log } from 'node:console';
-import { execFile } from 'node:child_process';
+// check if running the latest version
 
-const gitBin = process.env.GIT_BIN || '/usr/bin/git';
+import { log } from 'console';
+import { exec } from 'child_process';
 
-const runGit = (...args) => new Promise((resolve, reject) => {
-  execFile(gitBin, args, { cwd: process.cwd() }, (error, stdout, stderr) => {
+const execp = cmd => new Promise((resolve, reject) => {
+  exec(cmd, (error, stdout, stderr) => {
     if (stderr) console.error(`stderr: ${stderr}`);
+    // if (stdout) console.log(`stdout: ${stdout}`);
     if (error) {
       console.log(`error: ${error.message}`);
-      if (error.code === 'ENOENT' || error.message.includes('command not found')) {
+      if (error.message.includes('command not found')) {
         console.info('Install git to check for updates!');
       }
       return reject(error);
@@ -17,7 +18,10 @@ const runGit = (...args) => new Promise((resolve, reject) => {
   });
 });
 
+// const git_main = () => readFileSync('.git/refs/heads/main').toString().trim();
+
 let sha, date;
+// if (existsSync('/.dockerenv')) { // did not work
 if (process.env.NOVNC_PORT) {
   log('Running inside Docker.');
   ['COMMIT', 'BRANCH', 'NOW'].forEach(v => log(`  ${v}:`, process.env[v]));
@@ -25,15 +29,24 @@ if (process.env.NOVNC_PORT) {
   date = process.env.NOW;
 } else {
   log('Not running inside Docker.');
-  sha = await runGit('rev-parse', 'HEAD');
-  date = await runGit('show', '-s', '--format=%cD'); // same as format as `date -R` (RFC2822)
+  sha = await execp('git rev-parse HEAD');
+  date = await execp('git show -s --format=%cD'); // same as format as `date -R` (RFC2822)
+  // date = await execp('git show -s --format=%ch'); // %ch is same as --date=human (short/relative)
 }
 
-const gh = await (await fetch('https://api.github.com/repos/vogler/free-games-claimer/commits/main')).json();
+const gh = await (await fetch('https://api.github.com/repos/vogler/free-games-claimer/commits/main', {
+  // headers: { accept: 'application/vnd.github.VERSION.sha' }
+})).json();
+// log(gh);
 
 log('Local commit:', sha, new Date(date));
 log('Online commit:', gh.sha, new Date(gh.commit.committer.date));
 
+// git describe --all --long --dirty
+// --> heads/main-0-gdee47d2-dirty
+// git describe --tags --long --dirty
+// --> v1.7-35-gdee47d2-dirty
+
 if (sha == gh.sha) {
   log('Running the latest version!');
 } else {

steam-games.js

@@ -1,34 +1,24 @@
-import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
-import { jsonDb, prompt } from './src/util.js';
+// import { firefox } from 'playwright-firefox';
+import { chromium } from 'patchright';
+import { datetime, filenamify, jsonDb, prompt } from './src/util.js';
 import { cfg } from './src/config.js';
 
 const db = await jsonDb('steam-games.json', {});
 
 const user = cfg.steam_id || await prompt({ message: 'Enter Steam community id ("View my profile", then copy from URL)' });
 
-// using https://github.com/apify/fingerprint-suite worked, but has no launchPersistentContext...
-// from https://github.com/apify/fingerprint-suite/issues/162
-import { FingerprintInjector } from 'fingerprint-injector';
-import { FingerprintGenerator } from 'fingerprint-generator';
-
-const { fingerprint, headers } = new FingerprintGenerator().getFingerprint({
-  devices: ['desktop'],
-  operatingSystems: ['windows'],
-});
-
-const context = await firefox.launchPersistentContext(cfg.dir.browser, {
+const context = await chromium.launchPersistentContext(cfg.dir.browser, {
   headless: cfg.headless,
+  // viewport: { width: cfg.width, height: cfg.height },
   locale: 'en-US', // ignore OS locale to be sure to have english text for locators -> done via /en in URL
-  userAgent: fingerprint.navigator.userAgent,
-  viewport: {
-    width: fingerprint.screen.width,
-    height: fingerprint.screen.height,
-  },
-  extraHTTPHeaders: {
-    'accept-language': headers['accept-language'],
-  },
+  recordVideo: cfg.record ? { dir: 'data/record/', size: { width: cfg.width, height: cfg.height } } : undefined, // will record a .webm video for each page navigated; without size, video would be scaled down to fit 800x800
+  recordHar: cfg.record ? { path: `data/record/steam-${filenamify(datetime())}.har` } : undefined, // will record a HAR file with network requests and responses; can be imported in Chrome devtools
+  handleSIGINT: false, // have to handle ourselves and call context.close(), otherwise recordings from above won't be saved
+  // https://peter.sh/experiments/chromium-command-line-switches/
+  args: [
+    '--hide-crash-restore-bubble',
+  ],
 });
-await new FingerprintInjector().attachFingerprintToPlaywright(context, { fingerprint, headers });
 
 context.setDefaultTimeout(cfg.debug ? 0 : cfg.timeout);
 
@@ -59,6 +49,7 @@ try {
     db.data[title] = stat;
   }
 
+  // await page.pause();
 } catch (error) {
   process.exitCode ||= 1;
   console.error('--- Exception:');

test/notify.js

@@ -1,3 +1,4 @@
+/* eslint-disable no-constant-condition */
 import { delay, html_game_list, notify } from '../src/util.js';
 import { cfg } from '../src/config.js';
 
@@ -5,38 +6,33 @@ const URL_CLAIM = 'https://gaming.amazon.com/home'; // dummy URL
 
 console.debug('NOTIFY:', cfg.notify);
 
-const scenarios = [
-  {
-    enabled: process.env.TEST_NOTIFY_EPIC === '1',
-    title: 'epic-games',
-    games: [
-      { title: 'Epistory - Typing Chronicles', status: 'claimed', url: URL_CLAIM },
-    ],
-  },
-  {
-    enabled: process.env.TEST_NOTIFY_PG === '1',
-    delayMs: 1000,
-    title: 'prime-gaming',
-    games: [
-      { title: 'Faraway 2: Jungle Escape', status: 'claimed', url: URL_CLAIM },
-      { title: 'Chicken Police - Paint it RED!', status: 'claimed', url: URL_CLAIM },
-      { title: 'Lawn Mowing Simulator', status: 'claimed', url: URL_CLAIM },
-      { title: 'Breathedge', status: 'claimed', url: URL_CLAIM },
-      { title: 'The Evil Within 2', status: `<a href="${URL_CLAIM}">redeem</a> H97S6FB38FA6D09DEA on gog.com`, url: URL_CLAIM },
-      { title: 'Beat Cop', status: `<a href="${URL_CLAIM}">redeem</a> BMKM8558EC55F7B38F on gog.com`, url: URL_CLAIM },
-      { title: 'Dishonored 2', status: `<a href="${URL_CLAIM}">redeem</a> NNEK0987AB20DFBF8F on gog.com`, url: URL_CLAIM },
-    ],
-  },
-  {
-    enabled: process.env.TEST_NOTIFY_GOG === '1',
-    delayMs: 1000,
-    title: 'gog',
-    games: [{ title: 'Haven Park', status: 'claimed', url: URL_CLAIM }],
-  },
-];
-
-for (const scenario of scenarios) {
-  if (!scenario.enabled) continue;
-  if (scenario.delayMs) await delay(scenario.delayMs);
-  await notify(`${scenario.title}:<br>${html_game_list(scenario.games)}`);
+if (true) {
+  const notify_games = [
+    // { title: 'Kerbal Space Program', status: 'claimed', url: URL_CLAIM },
+    // { title: "Shadow Tactics - Aiko's Choice", status: 'claimed', url: URL_CLAIM },
+    { title: 'Epistory - Typing Chronicles', status: 'claimed', url: URL_CLAIM },
+  ];
+  await notify(`epic-games:<br>${html_game_list(notify_games)}`);
+}
+
+if (false) {
+  await delay(1000);
+  const notify_games = [
+    { title: 'Faraway 2: Jungle Escape', status: 'claimed', url: URL_CLAIM },
+    { title: 'Chicken Police - Paint it RED!', status: 'claimed', url: URL_CLAIM },
+    { title: 'Lawn Mowing Simulator', status: 'claimed', url: URL_CLAIM },
+    { title: 'Breathedge', status: 'claimed', url: URL_CLAIM },
+    { title: 'The Evil Within 2', status: `<a href="${URL_CLAIM}">redeem</a> H97S6FB38FA6D09DEA on gog.com`, url: URL_CLAIM },
+    { title: 'Beat Cop', status: `<a href="${URL_CLAIM}">redeem</a> BMKM8558EC55F7B38F on gog.com`, url: URL_CLAIM },
+    { title: 'Dishonored 2', status: `<a href="${URL_CLAIM}">redeem</a> NNEK0987AB20DFBF8F on gog.com`, url: URL_CLAIM },
+  ];
+  notify(`prime-gaming:<br>${html_game_list(notify_games)}`);
+}
+
+if (false) {
+  await delay(1000);
+  const notify_games = [
+    { title: 'Haven Park', status: 'claimed', url: URL_CLAIM },
+  ];
+  notify(`gog:<br>${html_game_list(notify_games)}`);
 }

test/sigint-enquirer-raw.js

@@ -1,14 +1,37 @@
 // https://github.com/enquirer/enquirer/issues/372
 import { prompt, handleSIGINT } from '../src/util.js';
 
+// const handleSIGINT = () => process.on('SIGINT', () => { // e.g. when killed by Ctrl-C
+//   console.log('\nInterrupted by SIGINT. Exit!');
+//   process.exitCode = 130;
+// });
 handleSIGINT();
 
+// function onRawSIGINT(fn) {
+//   const { stdin, stdout } = process;
+//   stdin.setRawMode(true);
+//   stdin.resume();
+//   stdin.on('data', data => {
+//     const key = data.toString('utf-8');
+//     if (key === '\u0003') { // ctrl + c
+//       fn();
+//     } else {
+//       stdout.write(key);
+//     }
+//   });
+// }
+// onRawSIGINT(() => {
+//   console.log('raw'); process.exit(1);
+// });
+
 console.log('hello');
 console.error('hello error');
 try {
-  const first = await prompt(); // SIGINT no longer handled if this is executed
-  const second = await prompt(); // SIGINT no longer handled if this is executed
-  console.log('values:', first, second);
+  let i = 'foo';
+  i = await prompt(); // SIGINT no longer handled if this is executed
+  i = await prompt(); // SIGINT no longer handled if this is executed
+  // handleSIGINT();
+  console.log('value:', i);
   setTimeout(() => console.log('timeout 3s'), 3000);
 } catch (e) {
   process.exitCode ||= 1;

test/webgl.js

@@ -0,0 +1,30 @@
+import { chromium } from 'patchright';
+import { handleSIGINT } from '../src/util.js';
+import { cfg } from '../src/config.js';
+
+const context = await chromium.launchPersistentContext(cfg.dir.browser, {
+  headless: false, // don't use cfg.headless headless here since SHOW=0 will lead to captcha
+  viewport: { width: cfg.width, height: cfg.height },
+  locale: 'en-US', // ignore OS locale to be sure to have english text for locators
+  recordVideo: cfg.record ? { dir: 'data/record/', size: { width: cfg.width, height: cfg.height } } : undefined, // will record a .webm video for each page navigated; without size, video would be scaled down to fit 800x800
+  handleSIGINT: false, // have to handle ourselves and call context.close(), otherwise recordings from above won't be saved
+  // https://peter.sh/experiments/chromium-command-line-switches/
+  args: [
+    '--hide-crash-restore-bubble',
+    '--ignore-gpu-blocklist', // required for OpenGL: Disabled -> Enabled & WebGL: Software only -> Hardware accelerated
+    '--enable-unsafe-webgpu', // required for WebGPU: Disabled -> Hardware accelerated
+  ],
+});
+
+handleSIGINT(context);
+
+const page = context.pages().length ? context.pages()[0] : await context.newPage(); // should always exist
+await page.goto('https://get.webgl.org/');
+console.log(await page.locator('h1').innerText());
+await page.goto('https://webglreport.com/?v=2');
+console.log(await page.locator('tr:has-text("Unmasked Renderer")').innerText());
+console.log('Waiting. You can check chrome://gpu as well via noVNC. Press ctrl-c to quit...');
+// without --ignore-gpu-blocklist: OpenGL Disabled, WebGL: Software only, hardware acceleration unavailable.
+// Unmasked Renderer: ANGLE (Mesa, llvmpipe (LLVM 15.0.7 128 bits), OpenGL 4.5)
+// with --ignore-gpu-blocklist: OpenGL Enabled, WebGL: Hardware accelerated
+// Unmasked Renderer: ANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (LLVM 10.0.0) (0x0000C0DE)), SwiftShader driver)

unrealengine.js

@@ -1,8 +1,12 @@
-import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
+// TODO This is mostly a copy of epic-games.js
+// New assets to claim every first Tuesday of a month.
+
+// import { firefox } from 'playwright-firefox';
+import { chromium } from 'patchright';
 import { authenticator } from 'otplib';
-import path from 'node:path';
-import { writeFileSync } from 'node:fs';
-import { resolve, jsonDb, datetime, stealth, filenamify, prompt, notify, html_game_list, handleSIGINT } from './src/util.js';
+import path from 'path';
+import { writeFileSync } from 'fs';
+import { resolve, jsonDb, datetime, filenamify, prompt, notify, html_game_list, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
 
 const screenshot = (...a) => resolve(cfg.dir.screenshots, 'unrealengine', ...a);
@@ -15,24 +19,26 @@ console.log(datetime(), 'started checking unrealengine');
 const db = await jsonDb('unrealengine.json', {});
 
 // https://playwright.dev/docs/auth#multi-factor-authentication
-const context = await firefox.launchPersistentContext(cfg.dir.browser, {
+const context = await chromium.launchPersistentContext(cfg.dir.browser, {
   headless: cfg.headless,
   viewport: { width: cfg.width, height: cfg.height },
-  userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.83 Safari/537.36', // Windows UA avoids "device not supported"; update when browser version changes
-  locale: 'en-US', // ignore OS locale to be sure to have english text for locators
+  locale: 'en-US', // ignore OS locale to be sure to have english text for locators -> done via /en in URL
   recordVideo: cfg.record ? { dir: 'data/record/', size: { width: cfg.width, height: cfg.height } } : undefined, // will record a .webm video for each page navigated; without size, video would be scaled down to fit 800x800
-  recordHar: cfg.record ? { path: `data/record/ue-${filenamify(datetime())}.har` } : undefined, // will record a HAR file with network requests and responses; can be imported in Chrome devtools
+  recordHar: cfg.record ? { path: `data/record/gog-${filenamify(datetime())}.har` } : undefined, // will record a HAR file with network requests and responses; can be imported in Chrome devtools
   handleSIGINT: false, // have to handle ourselves and call context.close(), otherwise recordings from above won't be saved
+  // https://peter.sh/experiments/chromium-command-line-switches/
+  args: [
+    '--hide-crash-restore-bubble',
+  ],
 });
 
 handleSIGINT(context);
 
-await stealth(context);
-
 if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
 
 const page = context.pages().length ? context.pages()[0] : await context.newPage(); // should always exist
-await page.setViewportSize({ width: cfg.width, height: cfg.height }); // workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
+await page.setViewportSize({ width: cfg.width, height: cfg.height }); // TODO workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
+// console.debug('userAgent:', await page.evaluate(() => navigator.userAgent));
 
 const notify_games = [];
 let user;
@@ -55,32 +61,23 @@ try {
     const email = cfg.eg_email || await prompt({ message: 'Enter email' });
     const password = email && (cfg.eg_password || await prompt({ type: 'password', message: 'Enter password' }));
     if (email && password) {
+      // await page.click('text=Sign in with Epic Games');
       await page.fill('#email', email);
       await page.click('button[type="submit"]');
       await page.fill('#password', password);
       await page.click('button[type="submit"]');
-      const watchCaptchaDuringLogin = async () => {
-        try {
-          await page.waitForSelector('#h_captcha_challenge_login_prod iframe', { timeout: 15000 });
-          console.error('Got a captcha during login (likely due to too many attempts)! You may solve it in the browser, get a new IP or try again in a few hours.');
-          notify('unrealengine: got captcha during login. Please check.');
-        } catch {
-          return;
-        }
-      };
-      const watchMfa = async () => {
-        try {
-          await page.waitForURL('**/id/login/mfa**', { timeout: cfg.login_timeout });
-          console.log('Enter the security code to continue - This appears to be a new device, browser or location. A security code has been sent to your email address at ...');
-          const otp = cfg.eg_otpkey && authenticator.generate(cfg.eg_otpkey) || await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 6 || 'The code must be 6 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
-          await page.locator('input[name="code-input-0"]').pressSequentially(otp.toString());
-          await page.click('button[type="submit"]');
-        } catch {
-          return;
-        }
-      };
-      watchCaptchaDuringLogin();
-      watchMfa();
+      page.waitForSelector('#h_captcha_challenge_login_prod iframe').then(() => {
+        console.error('Got a captcha during login (likely due to too many attempts)! You may solve it in the browser, get a new IP or try again in a few hours.');
+        notify('unrealengine: got captcha during login. Please check.');
+      }).catch(_ => { });
+      // handle MFA, but don't await it
+      page.waitForURL('**/id/login/mfa**').then(async () => {
+        console.log('Enter the security code to continue - This appears to be a new device, browser or location. A security code has been sent to your email address at ...');
+        // TODO locator for text (email or app?)
+        const otp = cfg.eg_otpkey && authenticator.generate(cfg.eg_otpkey) || await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 6 || 'The code must be 6 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
+        await page.locator('input[name="code-input-0"]').pressSequentially(otp.toString());
+        await page.click('button[type="submit"]');
+      }).catch(_ => { });
     } else {
       console.log('Waiting for you to login in the browser.');
       await notify('unrealengine: no longer signed in and not enough options set for automatic login.');
@@ -127,7 +124,7 @@ try {
     }
     ids.push(id);
   }
-  if (ids.length === 0) {
+  if (!ids.length) {
     console.log('Nothing to claim');
   } else {
     await page.waitForTimeout(2000);
@@ -139,22 +136,18 @@ try {
       notify('unrealengine: ' + err);
       process.exit(1);
     }
+    // await page.pause();
     console.log('Click shopping cart');
     await page.locator('.shopping-cart').click();
+    // await page.waitForTimeout(2000);
     await page.locator('button.checkout').click();
     console.log('Click checkout');
     // maybe: Accept End User License Agreement
-    const acceptEulaIfPresent = async () => {
-      try {
-        await page.locator('[name=accept-label]').check({ timeout: 10000 });
-        console.log('Accept End User License Agreement');
-        await page.locator('span:text-is("Accept")').click(); // otherwise matches 'Accept All Cookies'
-      } catch {
-        return;
-      }
-    };
-    acceptEulaIfPresent();
-    await page.waitForSelector('#webPurchaseContainer iframe');
+    page.locator('[name=accept-label]').check().then(() => {
+      console.log('Accept End User License Agreement');
+      page.locator('span:text-is("Accept")').click(); // otherwise matches 'Accept All Cookies'
+    }).catch(_ => { });
+    await page.waitForSelector('#webPurchaseContainer iframe'); // TODO needed?
     const iframe = page.frameLocator('#webPurchaseContainer iframe');
 
     if (cfg.debug) await page.pause();
@@ -169,27 +162,14 @@ try {
 
     // I Agree button is only shown for EU accounts! https://github.com/vogler/free-games-claimer/pull/7#issuecomment-1038964872
     const btnAgree = iframe.locator('button:has-text("I Agree")');
-    const acceptIfRequired = async () => {
-      try {
-        await btnAgree.waitFor({ timeout: 10000 });
-        await btnAgree.click();
-      } catch {
-        return;
-      }
-    }; // EU: wait for and click 'I Agree'
-    acceptIfRequired();
+    btnAgree.waitFor().then(() => btnAgree.click()).catch(_ => { }); // EU: wait for and click 'I Agree'
     try {
       // context.setDefaultTimeout(100 * 1000); // give time to solve captcha, iframe goes blank after 60s?
       const captcha = iframe.locator('#h_captcha_challenge_checkout_free_prod iframe');
-      const watchCaptchaChallenge = async () => {
-        try {
-          await captcha.waitFor({ timeout: 10000 });
-          console.error('  Got hcaptcha challenge! Lost trust due to too many login attempts? You can solve the captcha in the browser or get a new IP address.');
-        } catch {
-          return;
-        }
-      }; // may time out if not shown
-      watchCaptchaChallenge();
+      captcha.waitFor().then(async () => { // don't await, since element may not be shown
+        // console.info('  Got hcaptcha challenge! NopeCHA extension will likely solve it.')
+        console.error('  Got hcaptcha challenge! Lost trust due to too many login attempts? You can solve the captcha in the browser or get a new IP address.');
+      }).catch(_ => { }); // may time out if not shown
       await page.waitForSelector('text=Thank you');
       for (const id of ids) {
         db.data[user][id].status = 'claimed';
@@ -197,12 +177,16 @@ try {
       }
       notify_games.forEach(g => g.status == 'failed' && (g.status = 'claimed'));
       console.log('Claimed successfully!');
+      // context.setDefaultTimeout(cfg.timeout);
     } catch (e) {
       console.log(e);
+      // console.error('  Failed to claim! Try again if NopeCHA timed out. Click the extension to see if you ran out of credits (refill after 24h). To avoid captchas try to get a new IP or set a cookie from https://www.hcaptcha.com/accessibility');
       console.error('  Failed to claim! To avoid captchas try to get a new IP address.');
       await page.screenshot({ path: screenshot('failed', `${filenamify(datetime())}.png`), fullPage: true });
+      // db.data[user][id].status = 'failed';
       notify_games.forEach(g => g.status = 'failed');
     }
+    // notify_game.status = db.data[user][game_id].status; // claimed or failed
 
     if (notify_games.length) await page.screenshot({ path: screenshot(`${filenamify(datetime())}.png`), fullPage: false }); // fullPage is quite long...
     console.log('Done');