CatAClock/Fedi.CrowdedGames.Group
CatAClock/Fedi.CrowdedGames.Group
0
0
Fork 0
Code Issues Pull requests Activity

my understanding hardens

Browse source
This commit is contained in:
CatAClock 2025-04-28 16:51:00 -07:00
parent dc1bcf5f6a
commit e6a9c04944
2 changed files with 35 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
JS/BlueskyAPI.js
View file

@ -38,22 +38,25 @@ export async function CreatePKCECodeChallenge(CodeVerifier) {
// Component 3/4 // Component 3/4
export async function PARrequest(PAREndpoint, State, ChallengeCode) { export async function PARrequest(PAREndpoint, State, ChallengeCode) {
return await fetch(PAREndpoint, {method: "POST", body: new URLSearchParams({ response_type: "code", code_challenge_method: "S256", scope: "atproto transition:generic", client_id: "https://fedi.crowdedgames.group/oauth/client-metadata.json", redirect_uri: "https://fedi.crowdedgames.group/HTML/mail.html", code_challenge: ChallengeCode, state: State, login_hint: "crowdedgames.group" }), "Content-Type": "application/x-www-form-urlencoded"}) return await fetch(PAREndpoint, {method: "POST", body: new URLSearchParams({ response_type: "code", code_challenge_method: "S256", scope: "atproto transition:generic", client_id: "https://fedi.crowdedgames.group/oauth/client-metadata.json", redirect_uri: "https://fedi.crowdedgames.group/HTML/mail.html", code_challenge: ChallengeCode, state: State, login_hint: "crowdedgames.group" }), "Content-Type": "application/x-www-form-urlencoded"})
.then((response) => response.json()); .then(function(response) {
console.log(response.headers.get("dpop-nonce"));
return response.json();
});
} }
// Component 4/4 // Component 4/4
export async function ClientDPoP() { export async function ClientDPoP(POSTorGET, RequestURL, DPoPNonce) {
let KeyPair = await crypto.subtle.generateKey({name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]); let KeyPair = await crypto.subtle.generateKey({name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]);
// Header // Header
var Header = {alg: "HS256", typ: "dpop+jwt", jwk: await crypto.subtle.exportKey("jwk", KeyPair.publicKey).then(function(response) {return response})}; var Header = {alg: "HS256", typ: "dpop+jwt", jwk: await crypto.subtle.exportKey("jwk", KeyPair.publicKey).then(function(response) {return response})};
// Payload // Payload
var Payload = {}; var Payload = {};
// Payload.jti Payload.jti = GenerateToken(64);
// Payload.htm Payload.htm = POSTorGET;
// Payload.htu Payload.htu = RequestURL;
Payload.iat = Math.floor(new Date(Date.now()).getTime() / 1000); Payload.iat = Math.floor(new Date(Date.now()).getTime() / 1000);
// Payload.nonce Payload.nonce = DPoPNonce;
var sHeader = JSON.stringify(Header); var sHeader = JSON.stringify(Header);
var sPayload = JSON.stringify(Payload); var sPayload = JSON.stringify(Payload);
@ -62,11 +65,8 @@ export async function ClientDPoP() {
return JWT; return JWT;
} }
export async function ServerDPoP() { // So far does nothing? Don't touch :3
export async function AssertionJWT() {
}
export async function AssertionJWT(BlueskyClientID) {
let KeyPair = await crypto.subtle.generateKey({name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]); let KeyPair = await crypto.subtle.generateKey({name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]);
// Header // Header
@ -74,16 +74,18 @@ export async function AssertionJWT(BlueskyClientID) {
// Payload // Payload
var Payload = {}; var Payload = {};
Payload.iss = BlueskyClientID; Payload.iss = "https://fedi.crowdedgames.group/oauth/client-metadata.json";
Payload.sub = BlueskyClientID; Payload.sub = "https://fedi.crowdedgames.group/oauth/client-metadata.json";
// Payload.aud // Payload.aud
// Payload.jti Payload.jti = GenerateToken(64);
Payload.iat = Math.floor(new Date(Date.now()).getTime() / 1000); Payload.iat = Math.floor(new Date(Date.now()).getTime() / 1000);
var sHeader = JSON.stringify(Header); var sHeader = JSON.stringify(Header);
var sPayload = JSON.stringify(Payload); var sPayload = JSON.stringify(Payload);
var JWT = KJUR.jws.JWS.sign("HS256", sHeader, sPayload, "838383"); var JWT = KJUR.jws.JWS.sign("HS256", sHeader, sPayload, "838383");
console.log(JWT); console.log(JWT);
console.log(KeyPair.publicKey);
console.log(KeyPair.privateKey);
} }
// Stolen from elsewhere. // Stolen from elsewhere.
@ -106,3 +108,14 @@ async function sha256(message) {
return string; return string;
} }
// Stolen from Search
// TODO: implement my own function.
export function GenerateToken(length) {
var chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
var token = '';
for(var i = 0; i < length; i++) {
token += chars[Math.floor(Math.random() * chars.length)];
}
return token;
}

21
JS/mail.js
View file

@ -19,6 +19,11 @@ let MastodonTokenType = "mastodon_token_type";
// Bluesky (TODO: use these variables). // Bluesky (TODO: use these variables).
let BlueskyApp = "https://bsky.app"; let BlueskyApp = "https://bsky.app";
let BlueskyPDS = "https://bsky.social"; let BlueskyPDS = "https://bsky.social";
let BlueskyPKCEverifer = "bluesky_pkce_verifier";
let BlueskyPKCEchallenge = "bluesky_pkce_challenge";
let BlueskyPrivateKey = "bluesky_private_key";
let BlueskyPublicKey = "bluesky_public_key";
let BlueskyNonce = "bluesky_nonce";
// Tumblr // Tumblr
let TumblrWebsite = "https://www.tumblr.com"; let TumblrWebsite = "https://www.tumblr.com";
@ -112,13 +117,14 @@ function getRandomArbitrary(min, max) {
// The next section is dedicated to testing. // The next section is dedicated to testing.
// WARNING: I don't know what I am doing. // WARNING: I don't know what I am doing.
await BlueskyAPI.AssertionJWT();
async function BlueskyTestingAuthorization() { async function BlueskyTestingAuthorization() {
// Declare Variables // Declare Variables
let WellKnown = await BlueskyAPI.GetPDSWellKnown(); let WellKnown = await BlueskyAPI.GetPDSWellKnown();
let PAREndpoint = WellKnown.pushed_authorization_request_endpoint; let PAREndpoint = WellKnown.pushed_authorization_request_endpoint;
let State = generateToken(64); let State = BlueskyAPI.GenerateToken(64);
let PKCEverifier = await BlueskyAPI.CreatePKCECodeVerifier(); let PKCEverifier = await BlueskyAPI.CreatePKCECodeVerifier();
let PKCEchallenge = await BlueskyAPI.CreatePKCECodeChallenge(PKCEverifier); let PKCEchallenge = await BlueskyAPI.CreatePKCECodeChallenge(PKCEverifier);
@ -126,16 +132,5 @@ async function BlueskyTestingAuthorization() {
let PAR = await BlueskyAPI.PARrequest(WellKnown.pushed_authorization_request_endpoint, State, PKCEchallenge); let PAR = await BlueskyAPI.PARrequest(WellKnown.pushed_authorization_request_endpoint, State, PKCEchallenge);
console.log(PAR); console.log(PAR);
// Now we need to authenticate. Make sure the State stays the same throughout this whole process :] // Now we need to authenticate. Make sure the State stays the same throughout this whole process :]
document.location.href = "https://bsky.social/oauth/authorize?client_id=https://fedi.crowdedgames.group/oauth/client-metadata.json&request_uri=" + PAR.request_uri; // document.location.href = "https://bsky.social/oauth/authorize?client_id=https://fedi.crowdedgames.group/oauth/client-metadata.json&request_uri=" + PAR.request_uri;
}
// Stolen from Search
// TODO: implement my own function.
function generateToken(length) {
var chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
var token = '';
for(var i = 0; i < length; i++) {
token += chars[Math.floor(Math.random() * chars.length)];
}
return token;
} }