Fix broken cookie auth and allow app-based TOTP

[macintoshhelper]

Fixes issues #2 #3 and an issue around rate limiting when Cookie and Tsid headers are missing.

The issue in cookie parsing in #2 appears to be because of global fetch changes in Node.js, or a change in the HTTP response

Requires documentation on how to retrieve and set the new environment variables:

• FIGMA_COOKIE
• FIGMA_TSID

[NiklasBuchfink]

@macintoshhelper Thank you for your contribution. We are happy to merge your changes.

Can you please add the documentation for the two environment variables?

[NiklasBuchfink]

@macintoshhelper Main was out of date with the released npm version because I didn't have write access to the repo, but I created an npm version with my local version (however that was possible).
You can see the changes here: #6

It contains the recent_user_data that I referred to in our Discord chat (https://discord.com/channels/897438559458430986/1261213783360274472/1261338567901319178)
You can extract it from the cookie in the same way as you did with the authn token.

[NiklasBuchfink]

@macintoshhelper I checked out your branch and tried to run the commands like the following:

1. node bin/cli.js get-cookies -> get the FIGMA_COOKIE='***'; FIGMA_TSID=***
2. node bin/cli.js auth --cookie '***' --tsid '***' -> I always get the TypeError: Cannot read properties of undefined (reading 'phone_number').

What do I have to change so that it is working?

[NiklasBuchfink]

@macintoshhelper Ok, I think it worked. I didn't have 2-factor authentication until now. Now an authentication token has been returned.

[macintoshhelper]

Performing node bin/cli.js get-cookies doesn't appear to be necessary, the auth command will fetch it automatically if it isn't passed as an argument, but I can add documentation to the README incase the cookie/TSID need to be saved for the future.

[NiklasBuchfink]

@macintoshhelper Here are the three possible responsive for a valid account.

1. Results without 2FA:

  error: false,
  status: 200,
  meta: {
    id: '1234567890',
    img_url: 'https://s3.figma.com/ba43e35d3f321b31a12ced90',
    handle: 'therealjohndoe',
    email: '[email protected]',
    name: 'John Doe'
  },
  i18n: null
}

2. With SMS 2FA:

  error: true,
  status: 400,
  message: 'Please enter your authenticator code',
  i18n: {
    id: 'auth.error.enter-two-factor-code',
    fallback_text: 'Please enter your authenticator code',
    params: {}
  },
  reason: { missing: 'two_factor', sms: true, phone_number: '7957' }
}

3. With Auth App 2FA:

  error: true,
  status: 400,
  message: 'Please enter your authenticator code',
  i18n: {
    id: 'auth.error.enter-two-factor-code',
    fallback_text: 'Please enter your authenticator code',
    params: {}
  },
  reason: { missing: 'two_factor', sms: false }
}

Can you please update this PR one last time to:

1. just request and return authn-token, if status 200 is returned (same request with empty totp_key)
2. prompt for the SMS code if status === 400 && reason?.sms === true -> this check will remove the Type error
3. prompt for the TOTP code if status === 400 && reason?.sms === false

Then we have all cases covered 👍

[NiklasBuchfink]

These are my last remarks before merging and releasing