Skip to content

Instantly share code, notes, and snippets.

@getify

getify/api.php

Created July 4, 2010 01:54
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save getify/463013 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save getify/463013 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
api.php
<?php
// located at: http://another.tld/auth.php
$api_callback = $_REQUEST["callback"];
if ($_COOKIE["token_1"] == "abcd1234" && $_GET["token_2"] == "efgh5678") {
$msg = "Yes, your API call was successful!";
}
else {
$msg = "API call not authorized.";
}
?>
// this is a JSON-P style response from the API
<?=$api_callback?>({"msg": "<?=$msg?>"});
Raw
auth.php
<?php
// located at: http://another.tld/auth.php
$token_1 = "abcd1234";
$token_2 = "efgh5678";
$auth_callback = $_REQUEST["callback"];
setcookie("token_1",$token_1);
?>
// in JS, document.domain is not settable or spoofable so it's
// reliable to protect a cross-domain JSON-P call
if (document.domain == "something.tld") {
<?=$auth_callback?>({"token_2": "<?=$token_2?>"});
}
Raw
use_api.js
// this file is loaded and run on http://something.tld/index.html
function make_jsonp_call(url) {
var script = document.createElement("script");
script.src = url;
script.type = "text/javascript";
document.getElementsByTagName("head")[0].appendChild(script);
}
function api_done(resp) {
alert(resp.msg);
}
function get_auth(auth) {
var token_2 = auth.token_2;
// not only do we have token_2 by way of the auth parameter,
// but token_1 is stored in a browser cookie now. together,
// these two tokens will authorize our API call.
make_jsonp_call("http://another.tld/api.php?token_2="+token_2+"&callback=api_done");
}
make_jsonp_call("http://another.tld/auth.php?key=987654321&callback=get_auth");
@Pointy
Copy link
Copy Markdown

Pointy commented Jul 7, 2010

Things that Rhino needs some help with in order to decode a "noalnum" string:

  1. global object needs to be referenced by a variable named "window" (duhh)
  2. need "atob" and "btoa" functions
  3. the "toString" function on the global/window object needs to return "[object Window]" instead of "[object Global]"
  4. The Array prototype needs a "filter" that doesn't have to do anything in particular other than be a function, and also have (on the function object itself) a toString method that returns the sort of string Firefox returns ("function filter () {\n [native code]\n}")
  5. The String prototype needs a working "fontcolor" function (trivial)
  6. The global/window "Date" function has to be replaced by a function that just returns a random Javascript-style date string (this is due to a NullPointerException bug in the Rhine Date() function)

I think that's pretty much it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment