Page login and actions

[Krzysztof Maruszczak]

Hi, I'd like to write an app that can login on page (not offering api) using login and password provided by user, then catch session id and use it to do things like adding new pictures etc. The page interface use ajax.

I'd like to know how to approach this problem, steps I must take. For example how to log in and substain session. How to make ajax requests to another domain and catch responses so I can take action (I must be logged in to do that, so here comes session). 

I'm not expecting full solution, only a little help, because I don't know how to begin, what steps to take, which npm packages would be the best (I found one called node-facebook-page-tab).

Thanks for all the help in advance.

[Jimb Esser]

You'll have the user send their login and password to your server (there are all sorts of security and privacy and probably violations of the other site's terms of service that I'm assuming  you've already considered ;), and then have your server pretend to be a client talking to the other site.

Your two main options are either simulate at a low level (the http request layer) or a very high level (the entire browser).

I've only done this at the low level, and I use the request module for this, specifically using a cookie jar so it automatically handles things like session id cookies between requests, something like (from memory, might be slightly off):

  var this_users_request = require('request').defaults({ jar: true });

  this_users_request.post(... to the site's login ...);

Upside of this method is that if the site changes their front end a bunch, but keeps a fairly stable backend API, your code will keep working.  Downside is that a bunch of finicky details may thwart you (a number of times have I had to compare all of the headers being sent by my code to the headers Chrome reports is being sent to track down some subtle difference causing issues - usually things like passing the appropriate referer header or faking the right user-agent).

If simulating the entire browser, there are a few libraries for this (I've heard reasonably good things about phantomjs).  Upside of this method is that it's more likely to "just work", but downside is that a lot of websites change their UI/front end significantly fairly often, and it may break much more frequently.  It also involves much, much more load on your server, as it's essentially simulating the entire browser, not just the handful of hand-picked API calls you actually care about.  There are probably ways to filter this to be more reasonable though.

Hope that helps!

  Jimb Esser