Option to import JSON decks from a URL #250
Comments
KangarooWasp
added
the
enhancement
|
This is possible. This was actually implemented when CardCast went down as a stopgap until Many Decks went up. I have a small hesitancy towards just letting the user put in any URL, as it opens a potential attack surface where someone could use it to attack others or whatever through the MD instance. My first instinct was to implement it so the user can upload a file instead, and give it a client-side feature to download it on the user's side and then upload it so they can still enter a URL if they want. It'll be a tiny bit slower, but given the size of decks I don't see it being an issue. Would this still be suitable for your use case? Of course, the other answer is potentially better APIs for Many Decks, was there something you'd find useful for it to offer to support this use case? |
|
I understand your hesitancy about adding URLs. Your idea to upload files could work, although I'm not sure how that would make the application any less vulnerable to malicious JSON files? For my use case, I think it would actually be better to use an API on Many Decks, since this would allow the user to just copy in a deck code rather than a whole URL, and it would save my bot from having to operate a web server alongside the actual discord bot. |
|
The issue is less malicious JSON files—we parse them in a pretty strict way where an attack is unlikely, but rather people attacking other services by forcing us to make the Massive Decks server to make requests against them. We could do some mitigation where if we get a bad response we refuse to try again or whatever, but in general allowing people to make us make requests against a remote host could be a problem, and end up with us contributing to a DDOS attack or something. Please do open an issue on Many Decks if there are specific APIs you'd like exposed that would be useful for your use case, although there is a good chance you would be able to reuse the APIs the web client uses, hopefully. |
|
Oh, I see now, that makes more sense. |
Add a deck source "Custom URL", that allows a user to paste a URL e.g. https://customdeckwebsite.com/customdeck.json which leads to a deck in the same JSON format as the files in the /decks/ folder. This would make it easier to use custom decks that for whatever reason aren't on manydecks.
(my motivation for this is I'd like to make a discord bot for collaborating on a deck, this way I won't have to try to interface with manydecks every time a card is added or removed)
(thanks btw, massivedecks and manydecks absolutely saved a small community i'm in from extinction when cardcast went down)
The text was updated successfully, but these errors were encountered: