Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
fbgraphapi
Advanced tools
A simple module for querying Facebook graph api and fql
// run first: npm install express fbgraphapi body-parser cookie-parser express-session
const express = require('express');
const fbgraph = require('fbgraphapi');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const session = require('express-session');
const app = express();
// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser())
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: { secure: false }
}))
app.use(fbgraph.auth( {
appId : "...",
appSecret : "...",
redirectUri : "http://0.0.0.0:3000/",
apiVersion: "v2.9",
skipUrlPatterns: ["/favicon.ico"]
}));
app.get('/login', function(req, res) {
console.log('Start login');
fbgraph.redirectLoginForm(req, res);
});
app.get('/', function(req, res) {
if (!req.hasOwnProperty('facebook')) {
console.log('You are not logged in');
return res.redirect('/login');
}
/* See http://developers.facebook.com/docs/reference/api/ for more */
req.facebook.graph('/me', function(err, me) {
console.log(me);
});
req.facebook.graph('/me?fields=id,name', function(err, me) {
console.log(me);
});
req.facebook.me(function(err, me) {
console.log(me);
});
// /me/likes
req.facebook.my.likes(function(err, likes) {
console.log(likes);
});
res.end("Check console output");
});
app.listen(3000);
Or if have a valid access token for instance from javascript fb connect
var fb = new fbgraph.Facebook(accessToken, 'v2.2');
fb.me(function(err, me) {
console.log(me);
});
Or do stuff on behalf of the app or user with granted permissions
var fb = new fbgraph.Facebook(fbgraph.getAppId() + '|' + fbgraph.getAppSecret());
fb.post('/{user-id}/feed', {message: 'Hello world'},function(err, res) {
console.log(err, res);
});
Visit the links bellow for API documentation of Facebook API https://developers.facebook.com/docs/graph-api/using-graph-api
config is an object with those properties
appId
Facebook application IdappSecret
Secret hash key generated by FacebookredirectUri
The url to redirect to when user logged in.apiVersion
Which api version to use, example v2.2scope
Permissions/scope that your application asks for, optional and default empty.skipUrlPatterns
Array of patterns which to not apply authentication on. They can be regexp or string. If string a regexp will be created with wildcard appending at the end. If you want an exact url make sure specify regexp.This method is returned when calling auth() above. When loggin is successfull it will assign a Facebook instance to req (see example above).
This method will redirect user to Facebook login form.
This method is for logging out user or for any reason want to clear user's logged-in info
return app id, set via auth()
return app secret, set via auth()
accessToken
Valid access token from Facebook (oauth_token).apiVersion
Which api version to use.graph(path, callback)
Main method for making call to Facebook API. Path can contain only /me/likes or with params like /me/likes?limit=3.post(path, params, callback) or post(path, callback)
Publishing to Facebook, see https://developers.facebook.com/docs/graph-api/using-graph-api/v2.0#publishing for detail. Path can contain post data such as /123/feed?message=hello.update(path, params, callback) or update(path, callback)
Updating a post on Facebook, see https://developers.facebook.com/docs/graph-api/using-graph-api/v2.0#updating for defail. Path can contain post data such as /123_123456789?message=edited.delete(path, callback)
Deleting a post on Facebook, see https://developers.facebook.com/docs/graph-api/using-graph-api/v2.0#deleting for defail.fql(query, callback)
Specific method for making fql query to Facebook API.search(params, callback)
params is an object which properties are any param based on this https://developers.facebook.com/docs/graph-api/using-graph-api#search.me(callback, fields)
Specific method to get info of the logged user, same as /me when using graph-method. Fields is comma-separated for instance fields=id,name.my
Instance of My classUsage: if have a valid accessToken for instance from js login
var fb = new Facebook(accessToken, 'v2.2');
fb.me(function(err, me) {
console.log(me);
});
This class uses internally to create object my (property in Facebook). This object wrap the me-object. Each connection type is a method. This means that you can make a call like
req.facebook.my.friends(function(err, friends) {
console.log(friends)
});
// OR for checkins
req.facebook.my.checkins(function(err, checkins) {
console.log(checkins)
});
Supported connection types are:
friends
feed
likes
movies
music
books
albums
notes
permissions
photos
videos
events
groups
checkins
locations
If you can not find a connection that Facebook has but not here you can use connection-method
req.facebook.my.connection('{connection type}', function(err, result) {
console.log(result)
});
FAQs
Simple facebook api client
The npm package fbgraphapi receives a total of 65 weekly downloads. As such, fbgraphapi popularity was classified as not popular.
We found that fbgraphapi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.