guidojw / arora-api Goto Github PK
View Code? Open in Web Editor NEWBackend used to access the Roblox Web API with extra features on top.
License: MIT License
Backend used to access the Roblox Web API with extra features on top.
License: MIT License
The Trello webhook requests are currently not verified so anyone could send an action to the endpoint and it would show up in the Discord, fix this by verifying the requests using the provided code on the Trello API documentation.
Because none of the requests in Bloxy has disallowedStatusCodes: [403, ...], my PR at Bloxy doesn't change any functionality of the library. Bloxy thinks the status code for Token Validation Errors (403) is allowed and therefore that the request has been executed successfully.
Two possible solution to this problem:
Test these things on my Bloxy fork and PR once it works.
This allows for fetching by group and will make implementing support for handling multiple groups easier.
Get the certificates worked out and then expose the API on port 443.
Currently I have to do this manually. The Bloxy library has a wrapper for the Roblox Economy API that will allow a system like this.
This is important to do right the first time so possible check the code several times before merging the PR that implements this system.
Probably because of the big influx of sales since release 0.2.0.
Currently the training shouts aren't really versatile.
Make them include more information and automatically announce them at a specific time every day.
Use the cookie pool system by grilme99 to refresh the cookies and have backup for when a cookie invalidates.
Add a new training type table to the database and change the training.type's type from enum to a foreign key referencing this new table.
Days and seconds are getting mixed up in the code, it throws a HTTP 403.
It also interpreted it as a reason change, this is because a lack of proper conditionals.
Requires #272 to be merged first (so the npm explore ...
stuff isn't used in package.json anymore).
Over a span of time several roles can have the same rank. Due to this, change all the rank columns in the database to roleIds.
Ever since enabling the automatic payouts in the train developer payouts job, the reports don't work and the payouts don't actually happen.
Sentry is a handy tool that can be used to monitor the application by for example having the errors in one place. It can also be connected to a Discord webhook so that people will be notified of errors immediately.
Add a duration column to the bans table and merge the suspensions system into the ban system. Rename the suspension_extensions table and make it point at bans instead.
Roblox will be migrating to 64 bit integer userIds soon. The database columns currently are of type Sequelize.INTEGER which is 32 bits, so problems may occur on actions of users with an id past this limit. Sequelize.BIGINT is a 64 bit integer which will fix these problems.
Roblox will start migrating at 7 December 10 PM CET.
https://devforum.roblox.com/t/userids-are-going-over-32-bit-on-december-7th/903982
Implement tests for the code and make Buildkite CI run these.
Already done this partially for the UserController before because of the bug where if you return a number in a controller method, it thinks that's the HTTP status code it should return.
According to the inversify-express-utils
docs, doing this should make the controllers more easily testable.
Add websocket support and have the Discord bot connect to that so that when a person's rank changes, the API can tell the Discord bot.
This allows for specifying the order in which the trainings are shown in the trainings embed on arora-discord and the trainings list in the automatic shout.
The new endpoints of Roblox changed the way some of the methods functioned. The endpoint for getting join requests is one of these, this now uses pages so it only fetches the first page the way I utilise this now. Change so that it goes through all available pages.
For a maybe future UI, implement the following system:
For logging in with an authorization code retrieved from Discord OAuth2, returns HTTP 200 + HttpOnly cookie including sessionId.
Invalidates cookie.
Check if header contains a bearer JWT of which the id is coupled to an application with scope "bot". If it does, authenticate successfully.
Otherwise, check if the request contains a cookie with a JWT token that is valid, then authenticate successfully.
The server currently uses a couple of Trello boards for storing the trainings, suspensions and bans. This is of course not what Trello should be used for. Moving to storing the data in the database removes the node-trello dependency and makes the application independent to Trello's rate limits.
Currently the authentication middleware checks the id and key sent in a request's body. This can however be improved to use the headers of the request so that the GET routes that currently have their required authentication body fields commented out can also be protected.
There are currently some unnecessary routes,. An example is the get join date route, the join date can also be fetched by using the get user route. Also change the promote endpoint to an update role endpoint that takes any rank.
Like suspensions and bans, exiles should have dates & reasons.
arora-discord already supports this since guidojw/arora-discord#244, but it doesn't have a command to edit exiles yet.
Currently the changeRank function in GroupService will resolve successfully even if the rank argument is the same as the user's current rank and thus something like "ADMIN promoted USER from RANK to RANK" where the ranks are the same.
This log message is obviously not useful so check if the new and old rank are the same and don't log if they are.
Implement a system that automatically deletes backups from longer than X days ago to save some disk space.
Add a .editorconfig file to indicate editor configurations like what eol and indent-style is used.
Also make decisions about other style changes that can be indicated in the .eslintrc file.
Rules that I've been considering lately:
This issue provides visibility into Renovate updates and their statuses. Learn more
This repository currently has no open or pending branches.
Bloxy got updated recently (with docs :D), so update it to the newest version and change the dependency version from linking directly to the dev repository to the actual version number.
I've found a bug with the new version already: the memberCount value is not included in the Group structure. Will submit a PR for that on the Bloxy repository soon.
Fix the validation chains so that null is allowed for optional parameters (where applicable).
A feature I've been wanting to do for a long time.
This feature would prevent issues like the recent issues with updating Bloxy to v5 from happening.
Options: TravisCI, CircleCI, Buildkite, ...
I think I wanna go for Buildkite as I'm most experienced with that and it seems like they have a free plan that provides my needs.
Steps:
This can greatly be used coexistently with Docker.
Use the Bloxy npm in order to have access to more Roblox endpoints and to enable multiple clients to be logged in on the API.
The following problems need to be fixed:
Support query arguments for some of the endpoints that are used for getting resources. A query argument that would be nice is for example ?scope=name, which would only fetch resources from the database with given scope.
The time is shown but not the timezone, make it so that the timezone is given as well so people can actually know when a training will start.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.