Possibly insecure. @TheDrone7 has put efforts into securing the backend code but it's still wise to take this with a grain of salt.
dolya.me! Share your ideas with others!
Ever wanted to share your ideas with the other developers and find new teammates to work alongside you but weren't able to do it? Well, now you can!
dolya.me is a special website for the repl.it users where they can post their ideas and look for new teammates! Although this is nowhere close to what we originally intended to make, we are planning to work on this project after the end of the hackathon to improve the app and make it one of a kind soon enough.
To get started, simply head over to the home page and login with your repl.it credentials! Yes! We used repl.it API to authenticate our users. Don't worry, we neither log nor store your password anywhere so your credentials are safe. All we fetch is your username, email ID and avatar. Once you've logged in, you'll be led to the feed where all the posts made stay.
We did plan on making a way to contact the other person as well but due to the time limit, couldn't, so for now, you could find them on repl.it discord or any other media they've provided.
- @Zavexeon - Handled most of the frontend.
- @TheDrone7 - Handled most of the backend.
- @Kognise - Handled moral support for the above 2 and QA stuff for the first few hours.
- Backend : Node.js
- Templating engine: EJS
- Raw CSS
- Website: https://dolya.me
- Source: https://repl.it/@Zavexeon/dolyame
- Support: https://repl.it/discord (Contact any of the teammates)
@sanjaykdragon @SPQR the key is public but I hid the key ID, since firebase requires a unique pair of the key and key ID to work properly, the database is perfectly secure. Also, impersonating others is a possibility which I couldn't resolve within the given time limit and personal issues, but it will be resolved soon.
Why not use the new auth system instead. To be honest, I wouldn't enter my repl.it information in there even if it was the most secure website ever.
@PDanielY I looked into it and I have made the decision that we're currently going to ask the user's repl.it password. I made this decision because we also require the user's email ID and avatar. The "new" auth just provides the username, ID and roles. The later 2 being entirely useless to us.
If you can still work on your project after the deadline, then what's the point of the deadline?
For anyone thinking the db key is public and insecure, firebase requires you to have a pair of key ID and the key to match before you can access the database. So even if the key is public, I kept the key ID a secret, thus, the database is inaccessible to everyone, only I and @Zavexeon can access it.