Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
bt1415161337yCool idea!
My first question stack wise is where are we wanting to do the image processing? Client side in a web app, server side in a web app or in a Windows (or cross platform if we went with .net core) application? -
-
JS96184547yI can help with the API requests. It requires just 2 in this case (one to get the ID by username and one to get the Profile by ID).
-
github95487yLet's make it simple for phase 1
Why not just take 2 inputs from the user:
1. Devrant URL for the avatar which will return an image object in either .jpg or .PNG based on request URL.
2. Username
This way, everyone can focus on building the banner.
Later, feature to just provide the username as input can be handled. This part will be simple. -
JS96184547y@CozyPlanes, I added a brief documentation of the necessary API requests, accept the Pull Request. ;)
-
Kimmax109877yI'm somehow done with the base logic? :D
Sorry about that
There's still a lot that can be done
I'm going to put it on my server right now -
@github I think all you need is username, cant you determine the url based on the users username?
-
github95487y@calmyourtities I know. The main part is the banner creation.
It will just take less than a day to use the rest APIs and extract the avatar URL. I just wanted to suggest that better invest in discussing the banner part.
There are tons of API wrapper which can be referred for that part.
Once, backend is ready, he can just expose a rest API too for us to get back the banner.
Or imagine integrating with the devrant endpoints like www.devrant.com/banner/users/userid -
Kimmax109877y@bt141516 have a look at the pull request https://github.com/cozyplanes/...
@calmyourtities banner part is also done, see pull request above
@github correct, used the api to get the userId and the userId to get the rendered avatar url and also the avatar meta "receipt" (how it's being rendered"
you can extract the bg color there.
Created a new canavas, rendered the rendered avatar on it, draw the username and the subtext and voila
About 3hrs total -
github95487y@Kimmax dude. You just completed the Collab. Well, that's impressive.
When will it be hosted and where. Can you run down and create a banner for me just to see how the end output looks like?
I am aware of the devrant APIs, but wasn't aware on how the banner part be done. So, was interested towards that. Since, I am also working with DevRant APIs wrapper in python, got to learn a lot through it. -
Kimmax109877yUp and running!
https://devrant.nuernberger.kim/api...
subtext defaults to the profile about text, which is often too large. Also there is no error checking at the moment.
Too long subtext's won't word wrap and invalid usernames will throw a HTTP 500. Pretty sure there are more ways to break it :D -
Kimmax109877ythere're tons of things we can add to the banner
Date joined,
++'s
comment counts
rant counts etc.
Given my base code, everyone should be able to add modifications. We could create some kind of option object which could be used to set various settings in the generator, all by http parameters. If we enable the Http POST handler we could build a Frontend around it -
github95487y@Kimmax that's really awesome. Will explore your implementation later to learn how you did it.
And yes the extended featured can be made on top of your base code. Not to forget to word wrap if the subtext extends the canvas size.
@CozyPlanes the base is already established. That's the fun part of being in Dev community.
Btw, here's my customized banner.. -
Kimmax109877y@github c'mon. I did pull a super b joke on your behalf and you dont even mention it? 😂
-
Kimmax109877yBtw: It's dot net core 2.0,so everyone can it. I'm running it on Debian 9 and and nginx as reverse proxy for https and co. keeps the project free of extra hosting configuration
-
github95487y@Kimmax 😂😂😂 sorry. Missed it. an awesome subtext for me.
"Be committed to code"
Haha.. I wasted my 5 mins and couldn't come up with any proper subtext. -
Kimmax109877y@github it's fine :D
I just secured us devbanner.de and devbanner.center
I think we should go with the later one. Sounds awesome?
> Where did you get this?
> In the devBanner center, of course!
or something like that xD -
github95487y@Kimmax the domain seems good.
I was wondering if we can log the background colour counts. Just to provide stat for the most popular background colour. Low priority but commenting just in case, someone picks it up. -
I had to sleep cuz i couldnt sleep for 21 hours
I will review the PRs and make some of you as maintainers later -
Kimmax109877y@teganburns there's no way I'm valuable to XSS, since nothing is being outputted like you input it. The only thing you can break is your own _rendered_ image (no html, mime type image/png). Since C# is being compiled into CIL instructions you would have to find a bug in the .Net runtime to break out of manged code (All image manipulation code is 100% managed) to do anything on the system itself.
Even if you break out, you still have to exploit the linux kernel to break out of your user account and even then the generator runs in a own VM :)
If you break out there too, hats off -
tahnik387587yGreat project!
Do you really need a server to do it? Can't you just do it on the client side? -
Dacexi119967y@Dacexi I removed my old comment since I didn't read all the comments and I got my answer :p
-
Kimmax109877y@tahnik we don't _need_ one, but why make it native when it runs just fine on a server
-
Kimmax109877y@Dacexi my server runs anyway
Still have more than enough resources available
Even if not, this project alone would be like 10€/month -
Dacexi119967y@Kimmax alright I see. I have my own machines as well but I have no clue how to handle scaling and delivery efficiently around the globe, so I'm thinking of going ovn/digitalocean.
-
skynet45437yHad to add newline character manually into the URL as the text doesn't wrap. Overall cool 👌😎
https://devbanner.center/generate/... -
@Kimmax Well it actually is vulnerable to XSS, because a list of comments gets displayed.
http://bashlord.com/devrant-banners -
Kimmax109877y@MatiasConTilde I, or anything hosted on devbanner.center, is _not_ vulnerable to XSS. As I said, the API does not return any parse-able content (despite the PNG parser logic running in your browse). The API returns a picture and that's it.
The thing that _is_ vulnerable here, is a third party frontend by @bashlord
@cozyplanes thought it was a good idea to include it in the repo, so he can deal with it.
Not my fault. I don't care as long as it stays of my server. -
bashlord4387y@MatiasConThilde I see, hadn’t thought of that... Guess I should have, but this is my first website so not really experienced with handeling user input. I removed all of the nasty script tags from the displayed texts and in an attempt to fix it added some code that removes < and > from the text when it is saved. I’ll look into making it more secure later today. What an adventure this web development stuff is!🤓 I’m of course sorry for any bad associations with the devBanner project that I might have caused. @Kimmax
-
@bashlord Okay! If you want, I can test it for you, and the best way to prevent this kind of attacks is simply escaping the string, search how to do that with whatever language you're using
-
Generator endpoints has changed
https://generator.devbanner.center/...
Current front-end got a new url
https://devbanner.center
devBanner - Create your own devRant Banner
devBanner - Create your own devRant Banner