Submit your sharing themed repl created by your group

← Back to all posts
dolya.me: Share your ideas!
Zavexeon (631)

Disclaimer:

Possibly insecure. @TheDrone7 has put efforts into securing the backend code but it's still wise to take this with a grain of salt.


dolya.me! Share your ideas with others!

Ever wanted to share your ideas with the other developers and find new teammates to work alongside you but weren't able to do it? Well, now you can!

dolya.me is a special website for the repl.it users where they can post their ideas and look for new teammates! Although this is nowhere close to what we originally intended to make, we are planning to work on this project after the end of the hackathon to improve the app and make it one of a kind soon enough.


Getting started

To get started, simply head over to the home page and login with your repl.it credentials! Yes! We used repl.it API to authenticate our users. Don't worry, we neither log nor store your password anywhere so your credentials are safe. All we fetch is your username, email ID and avatar. Once you've logged in, you'll be led to the feed where all the posts made stay.

We did plan on making a way to contact the other person as well but due to the time limit, couldn't, so for now, you could find them on repl.it discord or any other media they've provided.


Team

  1. @Zavexeon - Handled most of the frontend.
  2. @TheDrone7 - Handled most of the backend.
  3. @Kognise - Handled moral support for the above 2 and QA stuff for the first few hours.

Technologies used

  1. Backend : Node.js
  2. Frontend:
    • Templating engine: EJS
    • Raw CSS

Important links


Commentshotnewtop
sanjaykdragon (171)

Hello, just wanted to point out this project is insecure, and anyone can impersonate another user (very easily) https://i.imgur.com/PbklgHK.png

edit: you also put your firebase private key publicly...

Zavexeon (631)

@sanjaykdragon Frick. I'll probably just rewrite the whole thing with the other repl.it auth once I figure it out. Thanks for pointing that out.

(I didn't do the backend though for this........... just the front end....)

sanjaykdragon (171)

@Zavexeon yeah repl.it auth should clear up everything

Zavexeon (631)

@sanjaykdragon I thought we had something like that but I didn't design the auth system. I'll see what I can do.

Sorta triggered and at the same time glad that you pointed that out.

sanjaykdragon (171)

@Zavexeon better me than someone who will actually destroy the project. also hit me up privately if you want to know the actual vulnerability

Zavexeon (631)

@sanjaykdragon Started rewriting it. Our server was kinda sloppy and rushed anyways so it might be good just to start from scratch. The old website will stay up until I'm done.

SPQR (451)

@Zavexeon Yea, I just noticed the whole private key thing. Might want to change the key since it was at one point public.
Also, I was able to get onto the site from my laptop by forking the repl and unlinking the domain.

Zavexeon (631)

@SPQR To be honest I know nothing about the firebase database, H set that up.

sanjaykdragon (171)

@Zavexeon you could just put the privatekey stuff into a .env file instead

TheDrone7 (650)

@sanjaykdragon @SPQR the key is public but I hid the key ID, since firebase requires a unique pair of the key and key ID to work properly, the database is perfectly secure. Also, impersonating others is a possibility which I couldn't resolve within the given time limit and personal issues, but it will be resolved soon.

PDanielY (280)

Why not use the new auth system instead. To be honest, I wouldn't enter my repl.it information in there even if it was the most secure website ever.

TheDrone7 (650)

What do you mean by the new auth system? @PDanielY

PDanielY (280)

@TheDrone7 haven't you heard? There is a new repl.it auth system.

TheDrone7 (650)

Haven't heard of it @PDanielY could you link me to it? Or someplace where they declared about it.

sanjaykdragon (171)

@PDanielY yeah i agree, I was about to comment this.

PDanielY (280)

@TheDrone7 I don't really know how its works but here's the website: https://repl.it/auth_with_repl_site?domain=

TheDrone7 (650)

@PDanielY I looked into it and I have made the decision that we're currently going to ask the user's repl.it password. I made this decision because we also require the user's email ID and avatar. The "new" auth just provides the username, ID and roles. The later 2 being entirely useless to us.

Zavexeon (631)

@TheDrone7 I think you can get a whole lot more from repl.it's auth, mat's tutorial just didn't include it all. If you look at the source from the url after providing a website and confirming you want to login with replit, there's a massive object full of user info in the source.

TheDrone7 (650)

@Zavexeon I confirmed by logging all the headers returned and it simply included those 3

PYer (2540)

AMAZING styling! thats all I can say...

Zavexeon (631)

@PYer Thank you! It's been overhauled quite a bit by TheDrone7 since the competition ended.

PYer (2540)

cool. I'm waiting to use it until I hear that it is more secure though. It sounds like an awesome project. How long did it take you to build it? @Zavexeon

Zavexeon (631)

@PYer It probably took us less than 10 hours to get it where it is.

Zavexeon (631)

@TaylorLiang Hey, the website uses your repl.it credentials.

TaylorLiang (99)

@Zavexeon so.. do I just put in my username?

Zavexeon (631)

@TaylorLiang Yep, same username and password as repl.it. Don't worry, we don't save your password.

TaylorLiang (99)

@Zavexeon but I signed in with google

Zavexeon (631)

@TaylorLiang Hmm... maybe try your google password?

Zavexeon (631)

@TaylorLiang Oh? Well... hmm.... go into your account settings and change your password.

TaylorLiang (99)

@Zavexeon I cant change it, because I used a school account

TheDrone7 (650)

UPDATE

We've made changes to our backend and database. You can view these changes here.

Back

The website is back up and available at the same URL as before i.e. https://dolya.me

MatthewDoan1 (207)

Hol' up

If you can still work on your project after the deadline, then what's the point of the deadline?

:thonking:

TheDrone7 (650)

@MatthewDoan1 We have confirmed that our submission has already been checked and scored. So now we're just improving for future use as a regular webapp.

MatthewDoan1 (207)

@TheDrone7 Alright, seems good to me.

TheDrone7 (650)

There is also repl history that the judges can view to make sure no changes were made after submission and if any were made, they can either disqualify or judge the entry based on how it was before making those changes. @MatthewDoan1

TheDrone7 (650)

For anyone thinking the db key is public and insecure, firebase requires you to have a pair of key ID and the key to match before you can access the database. So even if the key is public, I kept the key ID a secret, thus, the database is inaccessible to everyone, only I and @Zavexeon can access it.

Grify (21)

This idea is amazing. When you fix the auth and sec, plz repost so this can become a big thing, like a nephew of replit. The concept is epic and I really want to be able to use it :D.
great work!

Zavexeon (631)

@Grify Thanks for the support! TheDrone7 is currently working on our API issues.

AA6Ninja (9)

@Zavexeon Can you tell me how to make a repl.it authentication system? Someone is going around defacing my website and i want to try to stop that

Zavexeon (631)

@AA6Ninja Oh hey, I'm trying to figure out how to use repl.it's official auth still. https://repl.it/auth_with_repl_site?domain=

If I figure it out, I'll get back to you. It seems like there is a rogue hacker going around messing with peoples sites right now, as they have gotten ours too.

PDanielY (280)

@Zavexeon it's not me, I promise. (read my bio)

Zavexeon (631)

@PDanielY What are you talking about?

SPQR (451)

@Zavexeon @TheDrone7 I added you guys to a multiplayer repl, u might want to check it out, even tho it's probably something you knew already :P

SPQR (451)

It seems to be blocked on my school's wifi for some reason, and I'm on a laptop issued by my school :(
Does this work on mobile at all?

Zavexeon (631)

@SPQR Yes, it scales pretty nicely from my experience.

SPQR (451)

@Zavexeon Ok i'll give it a try on my phone

BoiKane (0)

someone reset my account

BoiKane (0)

OMG IVE BEEN HACKED

Zavexeon (631)

@BoiKane Seriously, you're making false accusations?

BoiKane (0)

@Zavexeon
no im serious
someone was on my account
I lost all my stuff

Zavexeon (631)

@BoiKane We don't save passwords.

BoiKane (0)

@Zavexeon
my stuff is gone!
what happened?

sanjaykdragon (171)

@BoiKane you have never made a post on the site that OP has created

SPQR (451)

@sanjaykdragon Nor has he logged into it

Zavexeon (631)

Guys keep in mind I like never do front end.