diff --git a/index.js b/index.js
new file mode 100644
index 0000000..11f4dbf
--- /dev/null
+++ b/index.js
@@ -0,0 +1,16 @@
+const path = require("path");
+const express = require('express')
+const bodyParser = require('body-parser');
+const app = express()
+
+app.use(bodyParser.json());
+app.use(express.static('static'));
+
+//app.get('/', (req, res) => {
+// res.sendFile(path.join(__dirname + '/index.html'));
+//})
+
+app.listen(3000, () => {
+ console.log('Example app listening on port 3000!')
+})
+
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..438e6a9
--- /dev/null
+++ b/package.json
@@ -0,0 +1,24 @@
+{
+ "name": "oauthpractice",
+ "version": "1.0.0",
+ "description": "",
+ "main": "index.js",
+ "scripts": {
+ "test": "echo \"Error: no test specified\" && exit 1",
+ "start": "node index.js"
+ },
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/bobjohnbob/oauthPractice.git"
+ },
+ "author": "john@jshaver.net",
+ "license": "UNLICENSED",
+ "bugs": {
+ "url": "https://github.com/bobjohnbob/oauthPractice/issues"
+ },
+ "homepage": "https://github.com/bobjohnbob/oauthPractice#readme",
+ "dependencies": {
+ "body-parser": "^1.18.2",
+ "express": "^4.15.5"
+ }
+}
diff --git a/static/index.html b/static/index.html
new file mode 100644
index 0000000..57a0c75
--- /dev/null
+++ b/static/index.html
@@ -0,0 +1,13 @@
+
+
+
+
+ Redundant Feed!
+
+
+
+
+ ...loading...
+
+
+
diff --git a/static/loadfeed.js b/static/loadfeed.js
new file mode 100644
index 0000000..c2a5468
--- /dev/null
+++ b/static/loadfeed.js
@@ -0,0 +1,87 @@
+(function(){
+ 'use strict';
+ var CLIENT_ID = "1944365805820399";
+ var REDIRECT_URI = "http://localhost:3000/";
+ var AUTH_ENDPOINT = "https://www.facebook.com/v2.10/dialog/oauth";
+ var PERMS = "user_posts";
+ var token = window.localStorage.getItem("token");
+ var state = window.localStorage.getItem("state");
+ if (!state) {
+ state = get15RandomSafeChars();
+ window.localStorage.setItem("state", state);
+ }
+ console.log("state: ", state);
+
+ if(window.location.hash !== "") {
+ var hashParams = window.location.hash.slice(1).split("&");
+ hashParams = hashParams.reduce(function(obj, param) {
+ var parsed = param.split("=");
+ obj[parsed[0]] = decodeURIComponent(parsed[1]);
+ return obj;
+ }, {});
+
+ if(hashParams.access_token) {
+ if(hashParams.state === state) {
+ token = hashParams.access_token;
+ window.localStorage.setItem("token", token);
+ } else {
+ console.log("Invalid state! Something fishy here. Ignoring token...");
+ console.log("Our state: ", state, " Received state: ", hashParams.state);
+ }
+ }
+ }
+ if(!token) {
+ console.log("NOT AUTHED!");
+ } else {
+ console.log("Probably authed!");
+ }
+
+ document.addEventListener('DOMContentLoaded', function() {
+ var feed = document.getElementById("feed");
+ if(!token) {
+ feed.textContent = "First you need to authorize Facebook to allow me to spy you.";
+ var button = document.createElement("Button");
+ button.onclick = function(){redirectToAuthEndpoint(PERMS);};
+ button.value = "authorize";
+ button.type = "button";
+ button.textContent = "AUTHORIZE";
+ feed.appendChild(button);
+ } else {
+ feed.textContent = "Hello person.";
+ }
+
+ });
+
+ function redirectToAuthEndpoint(perms) {
+ var payload = {
+ client_id: CLIENT_ID,
+ redirect_uri: REDIRECT_URI,
+ state: state,
+ response_type: "token",
+ scope: perms
+ };
+
+ var params = Object.keys(payload).map(function(key) {
+ return key + "=" + encodeURIComponent(payload[key]);
+ }).join("&");
+
+ window.location = AUTH_ENDPOINT + "?" + params;
+ }
+
+ function get15RandomSafeChars() {
+ var characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_";
+ var string = "";
+ var numbers = [0,1,2].map(function() {
+ return Math.floor(Math.random() * Math.pow(2,32));
+ });
+ numbers.forEach(function(num) {
+ var bits = num;
+ for(var i = 0; i < 5; ++i) {
+ string += characters[bits & 0x3f];
+ bits = bits >> 6;
+ }
+ });
+ return string;
+ }
+
+})();