[Seaside] assistance developing plugin for developing Facebook applications in Seaside

Chris Dawson xrdawson at gmail.com
Tue May 6 20:04:10 UTC 2008

Hi there,

I'm interested in building Facebook applications with Seaside.  I'm new to
Seaside and would like some advice on how to implement the logic.  There are
basically two needs within a Facebook application:  first, receive the
Facebook specific variables from the request and provide access to the
underlying application, and second, provide a REST-client interface so that
you can query Facebook for information about the user and their friends.
The second item is not so challenging as it is not much more than a web
client connecting.   The first item is a little challenging to me as Seaside
offers to do much of the heavy work for you in processing variables during a
request which I could do special processing under different frameworks.

A Facebook application is very simple:  you configure your application to
work through the Facebook "proxy".  So, a Facebook app might look like
http://apps.facebook.com/myapplication.  When the Facebook appserver sees a
request for "myapplication" it makes a request to
http://myapplicationserver.com/foobar which is my server.  Facebook makes a
POST to this URL with a few extra variables than would normally be expected
in the request, variables which are all prefaced with "fb_sig_", like
"fb_sig_user".  One of the variables ("fb_sig") is a signed digest of the
variables concatenated together.  To validate the request (ensure it comes
from Facebook) you need to grab all "fb_sig_*" variables, sort them, and
then use a secret key to generate the digest, a secret key which only your
application and Facebook are aware of.  If the signature sent in the request
and the one you generate match, then you know the data is trusted.  Then
your application can trust that among other things the user_id sent is valid
and the request did come from a user accessing your application through

I'd like to write logic to enable this for my Seaside applications.  Can
someone tell me how I go about overriding the proper classes in the request
chain to
process these variables and then provide accessors within my base classes to
the Facebook data?

Here is the logic for processing the request in Ruby:

def self.verify_fb_signature( params, sig )
    signature = ""
    keys = params.keys.sort
    keys.each do |key|
      next if key == 'fb_sig'
      next unless key.include?('fb_sig')
      key_name = key.gsub('fb_sig_', '')
      signature += key_name
      signature += '='
      signature += params[key]
    signature += ENV[ 'FACEBOOK_SECRET_KEY' ] # example:
    calculated_sig = Digest::MD5.hexdigest(signature)
    calculated_sig.eql? sig

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20080506/a6d71f48/attachment.htm

More information about the seaside mailing list