From f5cc2783636edcbaba94be6238c1963748b74e13 Mon Sep 17 00:00:00 2001 From: Supernova Date: Sat, 15 Aug 2020 11:51:16 +0000 Subject: [PATCH] Verify Twitter without an API key --- routes/server.js | 2 ++ server/proofVerification.js | 6 +++++- static/scripts.js | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/routes/server.js b/routes/server.js index c360820..b6563de 100644 --- a/routes/server.js +++ b/routes/server.js @@ -64,6 +64,7 @@ router.get('/verify/proxy', [ router.get('/verify/twitter', [ query('tweetId').isInt().exists(), + query('account').exists(), query('fingerprint').isHexadecimal().exists() ], async function(req, res) { const errors = validationResult(req); @@ -73,6 +74,7 @@ router.get('/verify/twitter', [ let params = { tweetId: req.query.tweetId, + account: req.query.account, fingerprint: req.query.fingerprint } diff --git a/server/proofVerification.js b/server/proofVerification.js index cf035fb..bd4f306 100644 --- a/server/proofVerification.js +++ b/server/proofVerification.js @@ -70,7 +70,11 @@ const Twitter = async (params) => { let twitter_api_auth = process.env.TWITTER_API_AUTH; if (!twitter_api_auth) { - res.errors.push("No Twitter API auth token provided"); + let proofUrl = `https://mobile.twitter.com/${res.params.account}/status/${res.params.tweetId}`; + let re = new RegExp(`[Verifying my OpenPGP key: openpgp4fpr:${res.params.fingerprint}]`, "gi"); + const get = bent('GET'); + const obj = await get(proofUrl); + res.isVerified = re.test(obj.data); return res; } diff --git a/static/scripts.js b/static/scripts.js index 95f2a12..f32ee6e 100644 --- a/static/scripts.js +++ b/static/scripts.js @@ -484,6 +484,7 @@ async function verifyProof(url, fingerprint) { output.url = `https://twitter.com/${match[1]}`; output.proofUrlFetch = `/server/verify/twitter ?tweetId=${encodeURIComponent(match[2])} +&account=${encodeURIComponent(match[1])} &fingerprint=${fingerprint}`; try { response = await fetch(output.proofUrlFetch);