From 2a896c4fe27f4fe50f3fb9d0f625611e915d1c80 Mon Sep 17 00:00:00 2001
From: CatAClock <CatAClock@proton.me>
Date: Mon, 5 May 2025 16:20:46 -0700
Subject: [PATCH] more changes, open that up

---
 HTML/setting.html |  4 ++--
 JS/BlueskyAPI.js  | 39 ++++++++++++++++-----------------------
 JS/Variables.js   |  3 ++-
 JS/post.js        | 14 +++++++++++---
 JS/setting.js     |  5 ++++-
 5 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/HTML/setting.html b/HTML/setting.html
index 89adb00..4e71edd 100644
--- a/HTML/setting.html
+++ b/HTML/setting.html
@@ -17,10 +17,10 @@
 		<p class="Local">Toggle Local</p>
 		<p class="Remote">Toggle Remote</p>
 		<p class="Login Mastodon"><em>Login to Mastodon</em></p>
-		<input type="text" class="WebInput Mastodon" placeholder="Instance Website"/>
+		<input type="text" class="WebInput Mastodon" placeholder="Website (mastodon.social)"/>
 		<p class="Logout Mastodon" style="visibility: hidden;"><em>Logout of Mastodon</em></p>
 		<p class="Login Bluesky"><em>Login to Bluesky</em></p>
-		<input type="text" class="WebInput Bluesky" placeholder="Instance Website" />
+		<input type="text" class="WebInput Bluesky" placeholder="Website (bsky.social)" />
 		<p class="Logout Bluesky" style="visibility: hidden;"><em>Logout of Bluesky</em></p>
 		<p onclick="window.location.href = window.location.origin"><b>Back</b></p>
 	</body>
diff --git a/JS/BlueskyAPI.js b/JS/BlueskyAPI.js
index d47835a..4e659c7 100644
--- a/JS/BlueskyAPI.js
+++ b/JS/BlueskyAPI.js
@@ -1,24 +1,7 @@
 import * as Variables from "./Variables.js";
 
-export async function GetBlueskyDID(PDS, Handle) {
-	let DPoP = await ClientDPoPPDS("GET", PDS + "/xrpc/com.atproto.identity.resolveHandle?handle=" + Handle);
-	let request = fetch(PDS + "/xrpc/com.atproto.identity.resolveHandle?handle=" + Handle, { method: "GET", headers: {"Authorization": "DPoP " + localStorage.getItem(Variables.BlueskyAccessToken), "DPoP": DPoP}});
-	let body = await request.then((response) => response.json());
-	let status = await request.then((response) => response.status);
-	let header = await request.then((response) => response.headers.get("dpop-nonce"));
-	if (status == 401) {
-		if (body.message.includes("DPoP nonce mismatch")) {
-			await localStorage.setItem(Variables.BlueskyNonce, header);
-		}
-		if (body.message.includes("claim timestamp check failed")) {
-			await RefreshTokens();
-		}
-		body = await GetBlueskyDID(PDS, Handle);
-	}
-	return body;
-}
-
-export async function CreatePost(PDS, DID, Text) {
+export async function CreatePost(DID, Text) {
+	let PDS = localStorage.getItem(Variables.BlueskyPDS);
 	let Json = {
 		"$type": "app.bsky.feed.post",
 		"text": Text,
@@ -46,8 +29,8 @@ export async function CreatePost(PDS, DID, Text) {
 	return body;
 }
 
-export async function SetThreadGate(PDS, DID, Post, VisibilitySettings) {
-	
+export async function SetThreadGate(DID, Post, VisibilitySettings) {
+	let PDS = localStorage.getItem(Variables.BlueskyPDS);
 	let Json = {
 		"$type": "app.bsky.feed.threadgate",
 		"post": Post,
@@ -192,7 +175,13 @@ export async function ClientDPoPPDS(POSTorGET, RequestURL) {
 	return JWT;
 }
 
-export async function HandleAuthorization() {
+export async function HandleAuthorization(Website) {
+	// Quickly check to see if it has something before :// so it doesn't screw the link.
+	if (Website.toLowerCase().split("://").length > 1) {
+		Website = "https://" + Website.split("://")[1];
+	} else {
+		Website = "https://" + Website;
+	}
 	// Declare Variables
 	let KeyPair = await crypto.subtle.generateKey({name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]);
 	
@@ -218,7 +207,7 @@ export async function HandleAuthorization() {
 	localStorage.setItem(Variables.BlueskyPublicKey, JSON.stringify(ExportedKey1));
 	localStorage.setItem(Variables.BlueskyPrivateKey, JSON.stringify(ExportedKey2));
 	// Now we need to authenticate. Make sure the State stays the same throughout this whole process :]
-	document.location.href = "https://bsky.social/oauth/authorize?client_id=https://fedi.crowdedgames.group/oauth/client-metadata.json&request_uri=" + body.request_uri;
+	document.location.href = Website + "/oauth/authorize?client_id=https://fedi.crowdedgames.group/oauth/client-metadata.json&request_uri=" + body.request_uri;
 }
 
 export async function GainTokens() {
@@ -235,6 +224,10 @@ export async function GainTokens() {
 		// Save the tokens and be done
 		localStorage.setItem(Variables.BlueskyAccessToken, Auth.access_token);
 		localStorage.setItem(Variables.BlueskyRefreshToken, Auth.refresh_token);
+		// That long string just gets the payload
+		// aud = PDS server we are communicating with; sub = user DID
+		localStorage.setItem(Variables.BlueskyPDS, KJUR.jws.JWS.readSafeJSONString(b64utoutf8(localStorage.getItem(Variables.BlueskyAccessToken).split(".")[1])).aud);
+		localStorage.setItem(Variables.BlueskyDID, KJUR.jws.JWS.readSafeJSONString(b64utoutf8(localStorage.getItem(Variables.BlueskyAccessToken).split(".")[1])).sub);
 	}
 }
 
diff --git a/JS/Variables.js b/JS/Variables.js
index 7068e2b..8fa8ad0 100644
--- a/JS/Variables.js
+++ b/JS/Variables.js
@@ -7,7 +7,8 @@ export const MastodonAccessToken = "mastodon_access_token";
 export const MastodonTokenType = "mastodon_token_type";
 
 // Bluesky
-export const BlueskyPDS = "https://bsky.social";
+export const BlueskyPDS = "bluesky_pds";
+export const BlueskyDID = "bluesky_did";
 export const BlueskyPKCEVerifier = "bluesky_pkce_verifier";
 export const BlueskyPKCEChallenge = "bluesky_pkce_challenge";
 export const BlueskyPublicKey = "bluesky_public_key";
diff --git a/JS/post.js b/JS/post.js
index d8e0c8f..ac0de1d 100644
--- a/JS/post.js
+++ b/JS/post.js
@@ -16,6 +16,10 @@ PostButton.onclick = (event) => {
 async function Post() {
 	let Text = InputArea.value;
 	let Visible = VisibilityDropdown.value;
+	// don't do anything if there is no value
+	if (Text == "") {
+		return;
+	}
 	// Mastodon posting.
 	if (localStorage.getItem(Variables.MastodonAccessToken) != null) {
 		let TempVisible;
@@ -52,11 +56,15 @@ async function Post() {
 				TempVisible = [];
 				break;
 		}
-		let DID = await BlueskyAPI.GetBlueskyDID("https://woodear.us-west.host.bsky.network", "crowdedgames.group");
-		let Post = await BlueskyAPI.CreatePost("https://woodear.us-west.host.bsky.network", DID.did, Text);
+		let Post = await BlueskyAPI.CreatePost(localStorage.getItem(Variables.BlueskyDID), Text);
 		console.log(Post);
-		let ThreadGate = await BlueskyAPI.SetThreadGate("https://woodear.us-west.host.bsky.network", DID.did, Post.uri, TempVisible);
+		let ThreadGate = await BlueskyAPI.SetThreadGate(localStorage.getItem(Variables.BlueskyDID), Post.uri, TempVisible);
 		console.log(ThreadGate);
 	}
 	InputArea.value = "";
 }
+
+// Check if you can interact with the textbox
+if (localStorage.getItem(Variables.MastodonAccessToken) == null && localStorage.getItem(Variables.BlueskyAccessToken) == null) {
+	InputArea.disabled = true;
+}
diff --git a/JS/setting.js b/JS/setting.js
index b24ebde..779975d 100644
--- a/JS/setting.js
+++ b/JS/setting.js
@@ -59,12 +59,15 @@ MastodonLogoutButton.onclick = (event) => {
 // Login
 BlueskyLoginButton.onclick = (event) => {
 	if (BlueskyWebInput.value != "") {
-		BlueskyAPI.HandleAuthorization();
+		let text = BlueskyWebInput.value
+		BlueskyAPI.HandleAuthorization(text);
 	}
 }
 
 // Logout
 BlueskyLogoutButton.onclick = (event) => {
+	localStorage.removeItem(Variables.BlueskyPDS);
+	localStorage.removeItem(Variables.BlueskyDID);
 	localStorage.removeItem(Variables.BlueskyPKCEVerifier);
 	localStorage.removeItem(Variables.BlueskyPKCEChallenge);
 	localStorage.removeItem(Variables.BlueskyNonce);