msgraph-sdk-javascript VS recaptcha

# Import the required modules Import-Module -Name AzureAD, Microsoft.Graph.Authentication, Microsoft.Graph.MailMessages -Force # Authenticate with MFA using the admin account $adminUsername = "XXXX.xxx" Connect-AzureAD -AccountUpn $adminUsername try { # Prompt for user's email address $userEmailAddress = Read-Host -Prompt "Enter the user's email address" # Get the user's emails with attachments $accessToken = Get-AzureADAccessToken -ResourceUrl "https://graph.microsoft.com" $graphClient = New-Object Microsoft.Graph.GraphServiceClient -ArgumentList ($accessToken.AccessToken) $emails = $graphClient.Users[$userEmailAddress].Messages.Request().Top(100).Filter("hasAttachments eq true").GetAsync().Result # Filter emails with attachments having names longer than 50 characters $longAttachments = $emails.Attachments | Where-Object { $_.Name.Length -gt 50 } # Output the attachments, subject, and date of the email if ($longAttachments.Count -gt 0) { Write-Host "Attachments with names longer than 50 characters for $userEmailAddress" foreach ($attachment in $longAttachments) { $email = $emails | Where-Object { $_.Attachments -contains $attachment } Write-Host "Subject: $($email.Subject)" Write-Host "Date: $($email.ReceivedDateTime.DateTime)" Write-Host "Attachment Name: $($attachment.Name)" Write-Host "" } } else { Write-Host "No attachments found with names longer than 50 characters for $userEmailAddress." } } catch { Write-Host "Failed to retrieve email attachments: $($_.Exception.Message)" } finally { # Disconnect from Azure AD Disconnect-AzureAD -Confirm:$false }

labels: - "traefik.http.middlewares.traefik-azure-auth-group1.azure.authProvider=traefik-forward-auth" - "traefik.http.middlewares.traefik-azure-auth-group1.azure.resource=https://graph.microsoft.com/" - "traefik.http.middlewares.traefik-azure-auth-group1.azure.requiredGroup=group1"

$AccessToken = (Get-AzAccessToken -ResourceUrl "https://graph.microsoft.com").Token $AccessToken = ConvertTo-SecureString -AsPlainText $AccessToken -Force If($connect -eq $null){$connect = Connect-MgGraph -AccessToken $AccessToken} $Apps = Get-MgServicePrincipal -All $today = Get-Date $credentials = foreach ($App in $Apps) { foreach ($Credential in $App.PasswordCredentials) { [pscustomobject]@{ DisplayName = $App.DisplayName.where({ $_ -notlike "sp-*" }) Id = $App.Id AppId = $App.AppId EndDateTime = $Credential.EndDateTime PwdDisplayName = $Credential.DisplayName KeyId = $Credential.KeyId } } }

The results from that host are almost all MS (graph.microsoft.com, c1-shared-15.cdn.office.net, teams.microsoft.com, webshell.suite.office.com) This happens to be my linux laptop, but I use several MS products in chrome and do a lot of api testing with MS products. So this makes sense.

$ApplicationID = 'applicationid from my app registration with relevant permissions' $ApplicationKey = 'application secret' $tenantid = 'obviously the tenant id' $URI = 'teams webhook url' $Minutes = '2' $ExchangeOnline = 'yes' $MicrosoftForms = '' $MicrosoftIntune = '' $MicrosoftKaizala = '' $SkypeforBusiness = '' $MicrosoftDefenderATP = '' $MicrosoftFlow = '' $FlowinMicrosoft365 = '' $MicrosoftTeams = 'yes' $MobileDeviceManagementforOffice365 = '' $OfficeClientApplications = '' $Officefortheweb = '' $OneDriveforBusiness = 'yes' $IdentityService = '' $Office365Portal = 'yes' $OfficeSubscription = '' $Planner = '' $PowerApps = '' $PowerAppsinMicrosoft365 = '' $PowerBI = '' $AzureInformationProtection = '' $SharePointOnline = 'yes' $MicrosoftStaffHub = '' $YammerEnterprise = '' $Microsoft365Suite = '' $Incident = 'yes' $Advisory = '' $ServicesArray = @() if($ExchangeOnline){$ServicesArray += '$_.service -eq "Exchange Online"'} if($MicrosoftForms){$ServicesArray += '$_.service -eq "Microsoft Forms"'} if($MicrosoftIntune){$ServicesArray += '$_.service -eq "Microsoft Intune"'} if($MicrosoftKaizala){$ServicesArray += '$_.service -eq "Microsoft Kaizala"'} if($SkypeforBusiness){$ServicesArray += '$_.service -eq "Skype for Business"'} if($MicrosoftDefenderATP){$ServicesArray += '$_.service -eq "Microsoft Defender ATP"'} if($MicrosoftFlow){$ServicesArray += '$_.service -eq "Microsoft Flow"'} if($FlowinMicrosoft365){$ServicesArray += '$_.service -eq "Flow in Microsoft 365"'} if($MicrosoftTeams){$ServicesArray += '$_.service -eq "Microsoft Teams"'} if($MobileDeviceManagementforOffice365){$ServicesArray += '$_.service -eq "Mobile Device Management for Office 365"'} if($OfficeClientApplications){$ServicesArray += '$_.service -eq "Office Client Applications"'} if($Officefortheweb){$ServicesArray += '$_.service -eq "Office for the web"'} if($OneDriveforBusiness){$ServicesArray += '$_.service -eq "OneDrive for Business"'} if($IdentityService){$ServicesArray += '$_.service -eq "Identity Service"'} if($Office365Portal){$ServicesArray += '$_.service -eq "Office 365 Portal"'} if($OfficeSubscription){$ServicesArray += '$_.service -eq "Office Subscription"'} if($Planner){$ServicesArray += '$_.service -eq "Planner"'} if($PowerApps){$ServicesArray += '$_.service -eq "PowerApps"'} if($PowerAppsinMicrosoft365){$ServicesArray += '$_.service -eq "PowerApps in Microsoft 365"'} if($PowerBI){$ServicesArray += '$_.service -eq "Power BI"'} if($AzureInformationProtection){$ServicesArray += '$_.service -eq "Azure Information Protection"'} if($SharepointOnline){$ServicesArray += '$_.service -eq "Sharepoint Online"'} if($MicrosoftStaffHub){$ServicesArray += '$_.service -eq "Microsoft StaffHub"'} if($YammerEnterprise){$ServicesArray += '$_.service -eq "Yammer Enterprise"'} if($Microsoft365Suite){$ServicesArray += '$_.service -eq "Microsoft 365 Suite"'} $ServicesString = $ServicesArray -Join " -or " $ClassificationArray = @() if($Incident){$ClassificationArray += '$_.Classification -eq "incident"'} if($Advisory){$ClassificationArray += '$_.Classification -eq "advisory"'} $ClassificationString = $ClassificationArray -Join " -or " $body = @{ grant_type="client_credentials"; resource="https://graph.microsoft.com"; client_id=$ApplicationID; client_secret=$ApplicationKey; earliest_time="-$($Minutes)m@s"} $oauth = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$tenantid/oauth2/token?api-version=1.0" -Body $body $headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"} $messages = (Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/admin/serviceAnnouncement/issues" -Headers $headerParams -Method Get) $incidents = $messages.Value | Where-Object ([scriptblock]::Create($ClassificationString)) | Where-Object ([scriptblock]::Create($ServicesString)) $Now = Get-Date ForEach ($inc in $incidents){ # Add updates posted last $Minutes If (($Now - [datetime]$inc.lastModifiedDateTime).TotalMinutes -le $Minutes) { # Set the color line of the card according to the Classification of the event, or if it has ended if ($inc.Classification -eq "incident" -and $inc.EndTime -eq $null) { $color = "ff0000" # Red } else { if ($inc.EndTime -ne $null) { $color = "00cc00" # Green } else { $color = "ffff00" # Yellow } } $Message = $inc.posts.description.content[$inc.Messages.Count-1] | ConvertTo-Json $Payload = @" { "@context": "https://schema.org/extensions", "@type": "MessageCard", "potentialAction": [ { "@type": "OpenUri", "name": "Post INC document", "targets": [ { "os": "default", "uri": "$($inc.PostIncidentDocumentUrl)" } ] }, ], "sections": [ { "facts": [ { "name": "Service:", "value": "$($inc.service)" }, { "name": "Status:", "value": "$($inc.Status)" }, { "name": "Classification:", "value": "$($inc.classification)" } ], "text": $($Message) } ], "summary": "$($Inc.Title)", "themeColor": "$($color)", "title": "$($Inc.Id) - $($Inc.Title)" } "@ Invoke-RestMethod -uri $uri -Method Post -body $Payload -ContentType 'application/json; charset=utf-8' } }

$token = (Get-AzAccessToken -ResourceUrl https://graph.microsoft.com).token

# Get the certificate from the certificate store $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("MY", "LocalMachine") $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly) $cert = $store.Certificates | Where-Object { $_.Subject -eq "CN=your_certificate_name" } # Build the JWT assertion $header = @{alg="RS256";typ="JWT"} $payload = @{iss="your_client_id";sub="your_client_id";aud="https://graph.microsoft.com";exp=(Get-Date).AddMinutes(10).ToUnixTime()} $headerEncoded = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($header | ConvertTo-Json))) $payloadEncoded = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($payload | ConvertTo-Json))) $data = "{0}.{1}" -f $headerEncoded, $payloadEncoded $signature = [System.Convert]::ToBase64String($cert.GetRSAPrivateKey().SignData(([Text.Encoding]::UTF8.GetBytes($data)), "SHA256")) $jwt = "{0}.{1}.{2}" -f $headerEncoded, $payloadEncoded, $signature # Make the request to the Microsoft Graph API $response = Invoke-WebRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users?$select

I know Google has a ReCAPTCHA service, and I think it’s free up to scales I would probably never use up. Still, I’d prefer something than can be self hosted so is totally free. And where you don't have to register your domain with a 3rd party, you can just use it on any domain.

The traditional way of using "I am not a robot" Recpatcha seems to be with a

## Step 1: Obtaining reCAPTCHA Keys Go to the Google reCAPTCHA website (https://www.google.com/recaptcha) and sign in with your Google account. Click the + sign and fill in the details as follows:

* https://www.google.com/recaptcha/ * allow * https://www.gstatic.com/recaptcha/ * allow * https://www.google.com/js/ * allow * captcha.com * allow * recaptcha.net * allow

https://www.google.com/recaptcha/ * allow

Depends on what you mean by "proxying". Everything you do (serving a Single-Page Application or requesting HN by backend, processing it's HTML and sending the content to your own frontend) will take traffic away from news.ycombinator.com and to another domain - which comes with it's own set of dreadful scenarios.

There used to be (and still are) things like https://mreidsma.github.io/bookmarklets/jquerify.html which allow to inject JS on click (and thus would make it possible to transform that site), but I gave it a shot and HN is set up to disallow this:

  Refused to load the script 'https://code.jquery.com/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.