eddie Thanks for your research, I did something similar back in the day on Keyoxide matrix channel and here are my findings:
The latest versions of flarum (still need to check which version introduced it) support script block with JSON payload on user pages.
For example:
curl -s 'https://discuss.flarum.org/u/luceos' \
| pup '#flarum-json-payload[type="application/json"] text{}' \
| jq -r '.apiDocument.data.attributes.bio'
This will fetch the luceos' page, select the script tag with flarum-json-payload
id and correct type for extra safety, grab inner text, and pass through the jq
filter, finally resulting in their bio getting printed:
https://ttm.sh/Bjh.jpeg
And then it is just a matter of extracting fingerprint from bio string. You can see their profile here:
https://discuss.flarum.org/u/luceos
This doesn't work on Keyoxide flarum instance cause it uses an older version. Here is how it can be done on Keyoxide's flarum version. The page has script block with js boot snippet containing flarum.core.app.load(...);
line. What gets passed to the load function is JSON containing user data.
Shell snippet for your convenience:
curl -s 'https://community.keyoxide.org/u/yarmo' \
| fgrep 'flarum.core.app.load(' \
| sed 's/^.*(//; s/).*$//' \
| jq -r '.apiDocument.data.attributes'