It's a start.

This commit is contained in:
John Shaver 2017-09-28 16:03:15 -07:00
parent e55fc50877
commit 1a7c79fb18
4 changed files with 140 additions and 0 deletions

16
index.js Normal file
View file

@ -0,0 +1,16 @@
const path = require("path");
const express = require('express')
const bodyParser = require('body-parser');
const app = express()
app.use(bodyParser.json());
app.use(express.static('static'));
//app.get('/', (req, res) => {
// res.sendFile(path.join(__dirname + '/index.html'));
//})
app.listen(3000, () => {
console.log('Example app listening on port 3000!')
})

24
package.json Normal file
View file

@ -0,0 +1,24 @@
{
"name": "oauthpractice",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"start": "node index.js"
},
"repository": {
"type": "git",
"url": "git+https://github.com/bobjohnbob/oauthPractice.git"
},
"author": "john@jshaver.net",
"license": "UNLICENSED",
"bugs": {
"url": "https://github.com/bobjohnbob/oauthPractice/issues"
},
"homepage": "https://github.com/bobjohnbob/oauthPractice#readme",
"dependencies": {
"body-parser": "^1.18.2",
"express": "^4.15.5"
}
}

13
static/index.html Normal file
View file

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Redundant Feed!</title>
<script type="text/javascript" src="loadfeed.js"></script>
</head>
<body>
<div id="feed">
...loading...
</div>
</body>
</html>

87
static/loadfeed.js Normal file
View file

@ -0,0 +1,87 @@
(function(){
'use strict';
var CLIENT_ID = "1944365805820399";
var REDIRECT_URI = "http://localhost:3000/";
var AUTH_ENDPOINT = "https://www.facebook.com/v2.10/dialog/oauth";
var PERMS = "user_posts";
var token = window.localStorage.getItem("token");
var state = window.localStorage.getItem("state");
if (!state) {
state = get15RandomSafeChars();
window.localStorage.setItem("state", state);
}
console.log("state: ", state);
if(window.location.hash !== "") {
var hashParams = window.location.hash.slice(1).split("&");
hashParams = hashParams.reduce(function(obj, param) {
var parsed = param.split("=");
obj[parsed[0]] = decodeURIComponent(parsed[1]);
return obj;
}, {});
if(hashParams.access_token) {
if(hashParams.state === state) {
token = hashParams.access_token;
window.localStorage.setItem("token", token);
} else {
console.log("Invalid state! Something fishy here. Ignoring token...");
console.log("Our state: ", state, " Received state: ", hashParams.state);
}
}
}
if(!token) {
console.log("NOT AUTHED!");
} else {
console.log("Probably authed!");
}
document.addEventListener('DOMContentLoaded', function() {
var feed = document.getElementById("feed");
if(!token) {
feed.textContent = "First you need to authorize Facebook to allow me to spy you.";
var button = document.createElement("Button");
button.onclick = function(){redirectToAuthEndpoint(PERMS);};
button.value = "authorize";
button.type = "button";
button.textContent = "AUTHORIZE";
feed.appendChild(button);
} else {
feed.textContent = "Hello person.";
}
});
function redirectToAuthEndpoint(perms) {
var payload = {
client_id: CLIENT_ID,
redirect_uri: REDIRECT_URI,
state: state,
response_type: "token",
scope: perms
};
var params = Object.keys(payload).map(function(key) {
return key + "=" + encodeURIComponent(payload[key]);
}).join("&");
window.location = AUTH_ENDPOINT + "?" + params;
}
function get15RandomSafeChars() {
var characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_";
var string = "";
var numbers = [0,1,2].map(function() {
return Math.floor(Math.random() * Math.pow(2,32));
});
numbers.forEach(function(num) {
var bits = num;
for(var i = 0; i < 5; ++i) {
string += characters[bits & 0x3f];
bits = bits >> 6;
}
});
return string;
}
})();