Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
image text dont fit let me fix rq |
Steve0Greatness
left a comment
Steve0Greatness
left a comment
There was a problem hiding this comment.
Sorry for the somewhat long review, but I had a couple thoughts.
| this.maxDataSize = 262144; | ||
|
|
||
| this.editMode = 'live'; // 'live' or 'local' | ||
| this.localCache = {}; // { key: value } |
There was a problem hiding this comment.
Cache is usually supposed to be updated quite a lot, so a regular object is probably the least efficient way to handle this. I'd personally recommend using a Map for caching, instead.
| this.apiKey = null; | ||
| this.maxDataSize = 262144; | ||
|
|
||
| this.editMode = 'live'; // 'live' or 'local' |
There was a problem hiding this comment.
This should be documented in JSDoc so that IDEs know what values it should be. In this case the specific comment you'd want here is /** @type {'live' | 'local'} */. Note that this doesn't have a runtime impact, it's only for development convenience and code documentation.
|
|
||
| class ServerStorage { | ||
| constructor() { | ||
| this.serverUrl = 'https://ikelene.dev/storage/'; |
There was a problem hiding this comment.
serverUrl, editMode and apiKey might be wanted to be saved in extension data using the serialization/deserialization APIs, as they're global state.
| method: 'POST', | ||
| headers: { | ||
| 'Content-Type': 'application/json', | ||
| 'Accept': 'application/json' | ||
| }, | ||
| body: JSON.stringify({ apiKey: this.apiKey }) |
There was a problem hiding this comment.
This would require changes to the server, but in general API key sending should be done through headers, such as Authorization using the basic method. If this is done, then the request could instead be sent as using the GET method, which better explains what the actual request is doing.
There was a problem hiding this comment.
This also applies to other POST requests that simply send the API key and are used to simply query data.
There was a problem hiding this comment.
API key should also be sent in headers of other data posting queries.
There was a problem hiding this comment.
I will probably implement this in a future update
| const result = await res.json(); | ||
| if (!result.success || !Array.isArray(result.keys)) return '[]'; | ||
| return JSON.stringify(result.keys); | ||
| } catch (e) { |
There was a problem hiding this comment.
In general, if you're going to ignore values like this, you should set it's name to _. It makes it easier to tell that it's being ignored.
| console.warn('need api key to download cache'); | ||
| return; | ||
| } | ||
| try { |
There was a problem hiding this comment.
In general, if the function need to be able to perform networking and is unable to, it should be able to error out. Here it makes sense to dump the responsibility to handle it onto the user of the extension.
| if (response.status === 401) { | ||
| return false; | ||
| } |
There was a problem hiding this comment.
I'm aware that I've said this a lot, but really don't be afraid to throw errors, especially when there is genuinely something wrong.
| constructor() { | ||
| this.serverUrl = 'https://ikelene.dev/storage/'; | ||
| this.apiKey = null; | ||
| this.maxDataSize = 262144; |
There was a problem hiding this comment.
Why specifically 2^18 bytes?
There was a problem hiding this comment.
So people don't go uploading full image / video data URIs, although it probably should be server-side
|
|
||
| const result = await response.json(); | ||
| if (result.success && result.data) { | ||
| return result.data.value || ''; |
There was a problem hiding this comment.
This API is weirdly complicated. You may want to trim back what it sends in the main body a little bit.
|
|
||
| try { | ||
| const response = await fetch(this.serverUrl + 'delete.php', { | ||
| method: 'POST', |
There was a problem hiding this comment.
There's actually a specific DELETE method made for the exact purpose. It's even allowed to have a request body.
|
Btw, just here to say that If you didn't add protection on the php script for setting data, ADD IT, people can just go there and prob find a way to create a php file and run it, and as you know, it gives access to the server, just sayin btw, gn |
All data is stored in a database, not where it uploads a file to the server so that's not possible, unless I'm misunderstanding here on what you mean |
|
Its bcs I saw it was using php, my fault
Em seg., 5 de jan. de 2026, 12:42, [Ikelene] ***@***.***>
escreveu:
… *Ikelene* left a comment (PenguinMod/PenguinMod-ExtensionsGallery#451)
<#451 (comment)>
Btw, just here to say that If you didn't add protection on the php script
for setting data, ADD IT, people can just go there and prob find a way to
create a php file and run it, and as you know, it gives access to the
server, just sayin btw, gn
All data is stored in a database, not where it uploads a file to the
server so that's not possible, unless I'm misunderstanding here on what you
mean
—
Reply to this email directly, view it on GitHub
<#451 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BD67XLLH5T2ROIFBAAT2U4D4FKA6RAVCNFSM6AAAAACQD67XQ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTOMJQHE2TGMZZGU>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
oki i've made most of Steve's change requests in the code, with exceptions to the ones requiring API changes as i cant be bothered to change that right now, it will probably be updated in a later version. hopefully thats all we need to change and it can be published now 🤞 |
JeremyGamer13
added
the
new extension
|
Hey can we do something about people placing their extensions at the top of the list? My extension pretty much just got replaced by another one, and that one was out at the very top of the list, making mine obsolete because theirs gets all the exposure and mine will never get seen because who wants to scroll down when an extension that fits their needs is right there. Maybe have it so there's tags for extensions like #auth or #storage etc to sort them and give all extensions equal exposure. Also it's kind of unfair because my extension PR has been open for 3 weeks now and theirs got approved within a day of opening :/ |
we reorder the list every now and then but PRs to reorder should be fine too
will be solved by #482 |
hey jerm. i honestly did NOT see her PR when i made mine. i placed mine there just bc i was lazy when editing the file |
|
im just going to sync my branch and readd my extension and stuff to fix the conflict give me a sec |
|
all fixed |
5 participants
idk why it still wants to merge update url and comments (it was already merged)
and i did sync
anyways my new super cool extension is here
server is open source at https://github.com/Ikelene/scratchStorageExtension
thanks