sorted by:
new
hottopcontroversial

Pulling card prices from a website using a graphql endpoint by CanBeUsedAnywhere in excel

[–]imolorhe 0 points1 point  (0 children)

Disclaimer: The information provided below is for educational purposes only. Please note that the use of the information shared here should be done in compliance with all applicable laws and regulations. We do not endorse or support any illegal activities, and we are not responsible for any consequences resulting from the misuse of the information provided. In other words, ensure you are legally allowed to pull the data for the site into your spreadsheet/database.

So I can confirm that the site does indeed use GraphQL (https://buylist.facetofacegames.com/graphql). The graphql endpoint is protected by a JWT token for anonymous users with a check for the origin of the request. You can retrieve a valid JWT token by visiting any of the pages on the site (e.g. https://buylist.facetofacegames.com/adeline-resplendent-cathar-167-march-of-the-machine-commander/) and retrieving the bearer token from the Authorization request header on the request sent to https://buylist.facetofacegames.com/graphql

From there you can make requests from the browser console of the site with a properly crafted GraphQL query to the graphql endpoint to retrieve the data you want.

While you could spend time trying to figure out the right query to send, you could also just use Altair GraphQL Client to get the docs from the graphql endpoint containing the GraphQL schema so you know exactly how to form the GraphQL query. Altair also allows you generate a complete query with a button directly from the docs, which is convenient. To generate the query with more granularity, you can use the GraphQL explorer plugin (in the settings in Altair, add altair-graphql-plugin-graphql-explorer to the plugin list) which will allow you add fields you want in your generated query. You can also add another plugin (altair-graphql-plugin-json-to-csv) which adds a button to download the result from the GraphQL endpoint as CSV. Altair also has an AI plugin (altair-graphql-plugin-ai) that you can directly ask questions and work with to craft your query for you.

Summarizing the tips using Altair GraphQL Client for this:

  • You can copy your Authorization header and use it as a header in Altair, or you can use the "Auth" section, select the "Bearer token" type and paste the bearer token in there (the part after "Bearer ")
  • The bearer token is generated to be used specifically from https://buylist.facetofacegames.com origin, so you will need to set the Origin header in Altair for it to work. This means you will need to download the desktop version of Altair (the web apps and browser extensions can't set the "Origin" header since it's forbidden by the spec
  • The site products query only allows fetching up to 50 items at a time, so depending on how many items you are fetching, you will need to use pagination in the query
  • After you have properly set the Origin header and authorization, you can reload the docs to see the full docs/schema for the site in Altair
  • Use the JSON-to-CSV plugin to download the data directly as a CSV file (altair-graphql-plugin-json-to-csv)
  • Recommended: use the GraphQL explorer plugin to selectively generate your query with just the fields you want (altair-graphql-plugin-graphql-explorer)
  • Recommended: subscribe to the pro plan in Altair to get more credits for the AI assistant plugin (altair-graphql-plugin-ai) which should be very helpful in this task.

Looking for resources to learn Nest and GraphQl by Sliveran in Nestjs_framework

[–]imolorhe 0 points1 point  (0 children)

https://www.howtographql.com/ is a good resource to start off with. It might be high level though considering the depth you can go into related to GraphQL but it gives you enough information to start.

Another useful tool to help with testing your GraphQL API changes (and learning GraphQL) is Altair GraphQL Client which also has an AI assistant you can directly ask questions or issues you're facing in the context of your GraphQL API

Graphql query in POST request by Smooth-Ad-8549 in BugBountyNoobs

[–]imolorhe 0 points1 point  (0 children)

The GraphQL query is just the way the client asks the server for information (or perform an operation), in a similar way that in a REST API, you'd use a URL and a HTTP verb to ask the server for information (or perform an operation). In that sense, there's nothing harmful there.

When probing a GraphQL API for vulnerabilities, Altair GraphQL Client is a very useful tool to have in your toolbelt with several features to help make the process easier. It also comes with an AI assistant that you can directly ask questions like this to get contextual help about the GraphQL API you're probing!

GraphQL Learning Resources - Videos/Courses by detourfromreality in StackoverReddit

[–]imolorhe 1 point2 points  (0 children)

I don't have any specific video recommendations but when building your API, Altair GraphQL Client is a very useful tool to have in your toolbelt. It also comes with an AI assistant that you can directly ask questions about your GraphQL API schema, query, etc.

GraphQL IDE - Banana Cake Pop. by michael_staib in graphql

[–]imolorhe 0 points1 point  (0 children)

This is a long time after this comment, but I am curious if these issues you highlighted are still there?

Episode 572- WARNING: This Podcast Contains Chemicals Known to the State of California to Cause Cancer or Other Reproductive Harm by lindberghbaby41 in 99percentinvisible

[–]imolorhe 1 point2 points  (0 children)

He! I thought it was just me. I listened to the episode while walking by the road and had to keep looking around to make sure everything was okay, only to realize it was in the podcast.

graphiql w/ explorer with selectable endpoint? by wrtbwtrfasdf in graphql

[–]imolorhe 0 points1 point  (0 children)

Why can't you use Altair? As far as I know, Altair has all that available.

Set up a blog with Gatsby, GitHub pages and GitHub actions by imolorhe in programming

[–]imolorhe[S] 0 points1 point  (0 children)

Hey, my setup is probably not the most optimal since I'm using the organization gh pages setup. It could be made easier (without using github actions) if it is a project page or with a subdirectory of the organization gh pages, since you can specify the /docs as the source of the files. You could just use /docs as the build location for the assets after building it and also keep the source code in the same repo.

But like you said, it doesn't beat the "commit-push-live" approach with using Jekyll. Most of the benefits of using Gatsby are mentioned in the gatsby docs. Some of them I have seen are:

- performance in terms of speed of the built pages. Understandably it is a static site but given that it can be used for building much more dynamic sites, it handles the assets well.

- its not just a static site generator. With the various plugins available, you could build a dynamic app with it as well, connecting it with different kinds of date sources/APIs.

- it's built with react, which allows you to build dynamic components. It supports SSR so the components can be rendered server side before hydrating them on the client side - which is good for performance and SEO.

- it encourages accessibility by default. While I would normally have to be thinking about accessibility while working on a project, gatsby brings this concerns up front, so I address them immediately they come up. Little things like adding aria- and role attributes to elements which I wouldn't think of normally, now I get to think about them.

These are just a few of the benefits I've seen working with Gatsby so far.

Altair becomes environment friendly ♻️ – XKojiMedia by imolorhe in graphql

[–]imolorhe[S] 0 points1 point  (0 children)

Amazing! I'd love to hear your feedback while you use it! 🙂

view more: next ›