Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Managing oauth flow can be a pain and involve a lot of messy code. Flutter helps with that.
var express = require('express');
var Flutter = require('flutter');
var flutter = new Flutter({
consumerKey: 'MY CONSUMER KEY',
consumerSecret: 'MY CONSUMER SECRET',
loginCallback: 'http://my-host/twitter/callback',
authCallback: function(req, res, next) {
if (req.error) {
// Authentication failed, req.error contains details
return;
}
var accessToken = req.session.oauthAccessToken;
var secret = req.session.oauthAccessTokenSecret;
// Store away oauth credentials here
// Redirect user back to your app
res.redirect('/back/to/app');
}
});
var app = express();
app.get('/twitter/connect', flutter.connect);
// URL used in loginCallback above
app.get('/twitter/callback', flutter.auth);
// Direct users to /twitter/connect to initiate oauth flow.
Currently only GET
functions are supported
// var {accessToken, secret} = retrieve credentials for request
flutter.API.get('search/tweets.json', { q: 'bacon' }, accessToken, secret, function(err, results) {
console.log(results); // { statuses: [ { ...etc } ] }
});
var flutter = new Flutter({
// Pass this to log messages inside Flutter
debug: function(msg){ ... },
// Twitter API app credentials
consumerKey: 'foo',
consumerSecret: 'bar',
// Twitter API login callback
loginCallback: 'http://foo.com/authCallback',
// the URL to redirect to after authorisation is complete and we have tokens
// will not be used if authCallback is overridden
completeCallback: 'http://foo.com/completeCallback',
// called immediately before the user is redirected to Twitter's authorize
// screen, used this to stash parameters etc on the request session
connectCallback: function(req, res, next){},
// Called on successful auth.
// req.session contains auth parameters (see above)
// if not defined, Flutter will redirect to completeCallback specified above
authCallback: function(req, res, next){},
// Cache lifetime to use for API requests. Set to something falsy to disable cache
cache: 60000,
// Redis config. Used for caching api responses.
// `options` is passed to redis.createClient (https://github.com/NodeRedis/node_redis#rediscreateclient)
redis: { host: 'localhost', port: 6379, database: 0, options: {} },
// set this to a redis client to use instead of creating a new one
cacheClient: redisClient,
// Key prefix used on all cache keys in redis
prefix: 'flutter:'
});
FAQs
Twitter oAuth Module for the 1.1 API
We found that flutter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.