Friday, May 13, 2011

Sunday, April 24, 2011

Google HTML5 Hackathon

I'm very proud to announce that my team ranked 3rd in HTML5 hackathon organised by Google. You can see our effort here.

"[...] It was not only working and submitted to the store by the time demos took place, but also presented with a polished homepage and surrounding content. A polished effort from Jakub Kucharski, Paweł Szymański, Łukasz Pełszyński, and Bartek Sejwa."

Tuesday, March 8, 2011

I still miss my gray PC

There was one girl at IgniteWarsaw talking about gadgets. She was using pink laptop as an example - you know, that pink matches her personality, that we have to personalize our devices etc.

Her conclusion might be true if you're a teenager who only consumes content. But for content producers (programmers, designers) the appearance of their tool is least important.

I am gray person. It is difficult for me to handle multitasking. Multitasking makes coding slower. Phone calls and all that content flooding me in realtime distract me.

Some smart people measured that it takes you 11 minutes to regain your previous performance after distraction occurred.

And that's why I miss 90's. No cell phones, dial-up Internet - the only distraction was mother calling me for lunch.

Tuesday, September 15, 2009

Facebook REST API: The hacker's way

You will encounter serious problem if you'd like to create desktop app having full access to Facebook API. Reason? Just try to authenticate...
There is no way to do this for security reasons. Either you can wait for Facebook Connect for Mobile/Iphone, or you can use browser based authentication as it currently exists.
You are in much worse situation if you do cross platform development, because Facebook Connect does not work with Linux. But there's solution:

We are going to authenticate without browser or Facebook Connect. Just plain terminal version :)

The following code fragments are Ruby, it's very simple to create similar in C++.
Facebook REST requests have special parameters, they are described in detail in FB API documentation.

Code for request:

def request(params, secret_key = API_SECRET, secure = TRUE)
  api_url = URI.parse("#{(secure ? 'https' : 'http')}://#{API_PATH}")
  unless params.has_key?('method')
    raise "'method' is required for making a request."
  end
  params['api_key'] = APP_KEY
  params['call_id'] = Time.new.to_f.to_s
  params['v'] = '1.0'
  params['format'] = 'xml'
  params_str = params.sort.map! { |p| "#{p[0]}=#{p[1]}" }.join
  params['sig'] = Digest::MD5.hexdigest(params_str + secret_key)
  req = Net::HTTP::Post.new(api_url.path)
  req.set_form_data(params)
  connection = Net::HTTP.new(api_url.host, api_url.port)
  if api_url.scheme == 'https'
    connection.use_ssl = true
    connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
  end
  connection.request(req).body
end

Get first token just like this:
token_xml = XmlSimple.xml_in request( 'method' => 'facebook.auth.createToken')
auth_token = token_xml['content']


Then open a web browser. Our browser is called CURL and it supports cookies. Great.

You must pass special 'lsd' parameter to POST, look for it in your cookie file when you visit facebook.com/login.php.

def web_login(auth_token)
  get_session(auth_token) #visit login.php :)
  lsd = get_cookie_data("lsd")
  exec("curl -L -b #{COOKIE_FILE} -c #{COOKIE_FILE} -A \"#{BROWSER}\" \
    -d \"?auth_token=#{auth_token}&api_key=#{APP_KEY}&lsd=#{lsd}& \
    email=#{URI.encode(@email)}&pass=#{URI.encode(@password)}\" \
    https://login.facebook.com/login.php > #{TOKEN_FILE}" ) if fork == nil
  Process.wait
  get_token
end
"get_token" parses TOKEN_FILE. This is html file redirecting  us to homepage. It contains... the second token! 

def get_token
  xml = XmlSimple.xml_in(TOKEN_FILE)
  content = xml["head"][0]["meta"][0]["content"]
  File.delete(TOKEN_FILE) if File.exists?(TOKEN_FILE)
  content.match(/auth_token=(\w+)/)[1]
end
It's time to get session parameters.
session_xml = XmlSimple.xml_in request({ 'method' => 'facebook.auth.getSession', 'auth_token' => session_auth_token})
@uid = session_xml['uid'][0]
@secret = session_xml['secret'][0]
@session_key = session_xml['session_key'][0]
Then you're ready to make authorized requests. Overwrite you old secret with @secret and use your session_key.
def authorized_request(params)
  params['session_key'] = @session_key
  request(params, @secret)
end
Now gates to Facebook are wide open.