Midnight Pub

Anyway to post here without using a web browser?

~257m

I usually read through midnight.pub through gemini and its inconvenient to have to open another separate browser just to post or reply here and so I usually don't. I know gemini user input is limited which is nice but I wonder if there is way to still participate?


dsilverz

It's a HTTP POST to /posts/save endpoint, containing a FormData with `title=the+title&content=the+content+%0D%0Awhich+can+be+split+into+multiple+lines+with+%0D%0Aescape+codes`. Such request could be replicated using curl or other command-line scripts.

The tricky part would be the authentication. The HTTP POST goes with a Cookie named `midn` which identifies your session. The authentication is done through /check-login endpoint, with FormData `name=the+username&password=the+password` and it theoretically returns a Set-Cookie header containing the `midn` session which could be used with /post/save.

However, as @samo pointed, there's already an official shellscript implementing it, so doing it manually without the official script would be overengineering.

reply

rez

Should probably be switched to allow Gemini authentication/certs. Is the source on GitHub or somewhere?

reply

dsilverz

Those endpoints are only available through the HTTPS due to two reasons: 1. it involves sending a string of password, which wouldn't be encrypted* over Gemini and 2. it involves two fields of text, and Gemini can't do forms (and by extension, multi-field input) as HTML does. Searching/Composing works in Geminispace because it's a queryString being sent with the request, but a complete form (such as that from a login page) would need multiple queryStrings.

One possible solution (and an idea/suggestion for Midnight Pub's bartender/developer) would be an authentication flow through Gemini client certificate tied to/interchangeable with the HTTPS passwordful login. Currently, Midnight Pub only allows for passwordful authentication, which limits the authentication flow to the HTTPS protocol only.

Client certificates for Gemini is something I only got to discover yesterday by using a fediverse platform here in Geminispace, it's very interesting to use. Gemini browsers (such as Lagrange) allow the user to quickly create a certificate ("identity") with commonName and additional, optional fields (such as emailAddress, userID, organization, etc), which can be tied to an authentication flow within a Gemini capsule.

Every certificate is a pair of a public and a private key: the user signs a request with their private key and the remote peer is able to check the signature against the public key, thus proving the identity. Every Gemini communication happens through SSL/TLS tunnel, so nothing is needed to be activated except for a manually-built client certificate for a domain, which is simple as e.g. "Identity" menu -> "New Identity for Domain..." menu item in Lagrange.

As for the availability of Midnight Pub's source, I don't know.

Editing to add observation regarding the excerpt "involves sending a string of password, which wouldn't be encrypted over Gemini": while the Gemini client-server comms are encrypted (tunneled with SSL/TLS), the string would be part of the URL instead of something like a "POST body". That's why I stated that "password wouldn't be encrypted over Gemini".

reply

robotickyuu

I have no idea, but I'd like to know too!! Gonna keep an eye on this post to see if anyone has answers

reply

samo
https://midnight.pub/manual

in the manual is a section that describes how to post from terminal

reply