pull down to refresh
336 sats \ 16 replies \ @carter 23h \ on: Stacker Saloon
Ok i finished the extension and submitted it. The approval process is a lot longer now so we will see if its approved in a few weeks
Sweet logo!
reply
TY! I did have a quick question:
In the manifest file I had to get permission to call the graphql api
"host_permissions": [
"https://stacker.news/api/graphql"
],
but because of the way graphql works I can't restrict it to only read-only access. I could make the tool open source and you can always check the code but at any time I could update it and start calling mutations on your behalf. Do you have any good ideas for locking it down better so it can only read data and not also call mutations?
reply
If they give you permission, I’m not sure how we’d gate it on our end.
reply
I was thinking of adding a "read-only" version of the endpoint or even just an optional "read-only" query-string parameter. That way you could use a url like
"https://stacker.news/api/read-only-graphql" or "https://stacker.news/api/graphql?readOnly=true" so then you could be sure it couldn't run a mutationreply
I do think we can actually just allow queries and block mutations, by making the endpoint aware that we don't want to use mutations.
This requires more thinking and testing than just my sentence above. I know that we can do stuff to the GraphQL middleware.
If you don't mind the wait, I'll explore more about it in the coming days ^^
reply
reply
yeah with the host permissions my background can break CORS and send whatever it wants. I need to check but I think it's making the requests with the logged in users credentials. This says https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions#host-permissions
Access cookies with the chrome.cookies API.reply
I want to make one with a page action that is for submitting any url you may be on but this one is to help arbitrage links between HN and Stacker. You don't want to submit a duplicate so it needs to call the dup check for all the HN post urls. Right now its doing it in batches of 5. Heres my current graphql query
query UrlBatch($url0: String!, $url1: String!, $url2: String!, $url3: String!, $url4: String!) {
url0: dupes(url: $url0) { ...DupeInfo }
url1: dupes(url: $url1) { ...DupeInfo }
url2: dupes(url: $url2) { ...DupeInfo }
url3: dupes(url: $url3) { ...DupeInfo }
url4: dupes(url: $url4) { ...DupeInfo }
}
fragment DupeInfo on Item {
createdAt
commentSats
commentCredits
credits
id
ncomments
sub { name }
sats
title
updatedAt
upvotes
url
user { name id }
}
It shows a loading icon while its waiting for the batches of graphql queries to finish
Then if it has results is shows you info about the territory it was submitted to and how many sats its gotten
This is cool! Is this a browser extension? Is the code available so we can test before it goes live?
I was using this script bookmarked and is working greet too
javascript:window.location="https://stacker.new/post?type=link&url="+encodeURIComponent(document.location)+"&title="+encodeURIComponent(document.title)