[英]Using javascript with the twitter API
I'm interested in making a twitter client using Adobe Air, but I'm kinda stuck right now, as I can't figure out a better way to connect to the twitter REST API since it needs authentication. I'm interested in making a twitter client using Adobe Air, but I'm kinda stuck right now, as I can't figure out a better way to connect to the twitter REST API since it needs authentication.
Currently, the client sends a request to my server (a php script using curl) with the twitter username/password (unencrypted) in GET variables.目前,客户端使用 GET 变量中的 twitter 用户名/密码(未加密)向我的服务器发送请求(使用 curl 的 php 脚本)。 The server then makes a request to twitter using those credentials and outputs the buffer, which gets sent back to the client, which then processes/displays it.
然后,服务器使用这些凭据向 twitter 发出请求并输出缓冲区,该缓冲区被发送回客户端,然后客户端处理/显示它。
This obviously is a horrendous security hole, so does anyone know of a better (more secure) way of doing it?这显然是一个可怕的安全漏洞,所以有人知道更好(更安全)的方法吗?
FYI: I'm using jQuery.仅供参考:我正在使用 jQuery。
There are a few Base64 Encoding tools out there.那里有一些 Base64 编码工具。 You can use one of them.
您可以使用其中之一。 You can add a header with the encoded username and password based on the Basic Auth specs
您可以使用基于基本身份验证规范的编码用户名和密码添加 header
Here is a post that does exactly what you want.这是一个完全符合您要求的帖子。 http://www.aswinanand.com/blog/2009/01/http-basic-authentication-using-ajax/ .
http://www.aswinanand.com/blog/2009/01/http-basic-authentication-using-ajax/ 。 The base64 is encoded using this library from ostermiller.org
base64 使用来自ostermiller.org的这个库进行编码
$.ajax({
'url': 'http://twitter.com/action/',
'otherSettings': 'othervalues',
'beforeSend': function(xhr) {
xhr.setRequestHeader("Authorization", "Basic " +
encodeBase64(username + ":" + password));
},
sucess: function(result) {
alert('done');
}
});
Ada is an Adobe Air Twitter client written in Javascript. Ada 是一个 Adobe Air Twitter 客户端,用 Javascript 编写。 You can download it to get an idea of what it does:
您可以下载它以了解它的作用:
http://madan.org/ada http://madan.org/ada
The code for Ada is on GitHub: Ada 的代码在 GitHub 上:
http://github.com/sfsam/ada/tree/master http://github.com/sfsam/ada/tree/master
Ada uses Base64.艾达使用 Base64。 The nice thing about Ada is that the code base is really small so you should be able to figure it all out.
关于 Ada 的好处是代码库非常小,所以你应该能够全部弄清楚。
I've been thinking about doing something similar with a PHP proxy server (the app requires more requests than are allowed without whitelisting so I'll need to route requests through a single IP).我一直在考虑用 PHP 代理服务器做类似的事情(应用程序需要的请求比没有白名单允许的要多,所以我需要通过单个 IP 路由请求)。
My idea is that you only send the username/password combination once and then assign the user a temporary session id that is used for future requests.我的想法是您只发送一次用户名/密码组合,然后为用户分配一个临时的 session id,用于将来的请求。 Sending the initial username/password securely is a little tricky, you could encrypt it with a salt but I don't know how easy AIR apps are to decompile.
安全地发送初始用户名/密码有点棘手,您可以使用盐对其进行加密,但我不知道 AIR 应用程序的反编译有多容易。 Another option could be SSL (but I'm still not entirely sure how that works).
另一种选择可能是 SSL (但我仍然不完全确定它是如何工作的)。
Here's a step-by-step guide for the session id concept though:这是 session id 概念的分步指南:
request.php?action=get&data=friends_timeline&sessid=a3ajh83bah35nf
request.php?action=get&data=friends_timeline&sessid=a3ajh83bah35nf
you should take a look at Spaz.你应该看看Spaz。 http://funkatron.com/spaz - it is an open source Twitter Client written in javascript for Air.
http://funkatron.com/spaz - 它是一个开源 Twitter 客户端,用 javascript 编写,用于 Air。 The source is available at Google Code.
源代码可在 Google Code 上找到。 http://code.google.com/p/spaz/
http://code.google.com/p/spaz/
I have not looked that much at the source, but I can see some elements have been written in Flash/Flex.我没有看太多源代码,但我可以看到一些元素是用 Flash/Flex 编写的。 I am using the app however, and it just works.
但是,我正在使用该应用程序,并且它可以正常工作。
Hope this is useful to you.希望这对你有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.