Jump to content
Naraku

Hidden Scroll/Growing Creatures Require Sign in using API

Recommended Posts

The scroll securing is my favorite feature of DragHatch. I would love to see other sites use this as well. 

 

It doesn't hurt anyone to add except the trolls. It's clearly doable as exhibited by DragHatch and would be a nice quality of life for anyone who wants to opt into it. 

 

So uh, yeah. Yay for having nice things and security. It's OK to want nice things for ourselves and the community without it being a life or death thing.

Share this post


Link to post

I use evina's too, but it would indeed be a pain having to log in to all of them. I say again - hide growing things. Please.

Edited by Fuzzbucket

Share this post


Link to post

I'm in favor of hiding growing things too, although the process is similar to hiding scroll altogether, but let's keep this on topic.

Edited by Naraku

Share this post


Link to post

I think a decent solution would be to have API login allow accessing hidden scrolls' contents. That way existing hatcheries would still continue working for people who aren't too concerned about viewbombing, but people who are could keep their scrolls hidden constantly and still safely use hatcheries, or at least those which get updated to support that.

 

On 8/30/2019 at 5:08 PM, Ruby Eyes said:

It's not really "jumping through hoops", it's simply using a feature that the API has offered for years already.

Call the API, read the response, store in database, set a cookie. 

Except setting a cookie, this is what any fansite does already anyway. Setting a cookie is what the majority of websites do - why should it be such a hassle for a DC fansite owner?!

This sort of thing is not as easy as you seem to imply. If you want everyone to support API login, then each site will need to do significant additional work. It is definitely not something like four simple operations. For my old (no longer running, probably never will again) hatchery, it would probably take me several hours or more of development time to add it, though admittedly it should be easier on ones which already have some sort of UI for managing a user's dragons.

Share this post


Link to post
2 hours ago, osmarks said:

I think a decent solution would be to have API login allow accessing hidden scrolls' contents. That way existing hatcheries would still continue working for people who aren't too concerned about viewbombing, but people who are could keep their scrolls hidden constantly and still safely use hatcheries, or at least those which get updated to support that.

 

I like that solution. That gave me an idea.

How about this: Able to hide growing creatures AND require API login if growing creatures/scroll is hidden, but still ignore fogged eggs/hatchlings. Not required if nothing is hidden.

Edited by Naraku
eggs exist too, oops

Share this post


Link to post
12 minutes ago, Naraku said:

How about this: Able to hide growing hatchies AND require API login if growing hatchies/scroll is hidden. Not required if nothing is hidden.

Makes sense; hiding growing stuff would probably be a sensible default for most people as long as hatcheries could access them if you logged in.

Share this post


Link to post

Bump. tl;dr below.

 

If the API detects the scroll is hidden in some way (growing creatures or scroll, or perhaps even both), it prompts the user to log in through DC API, instead of giving the error 404 scroll not found. Fogged creatures still do not bypass this. Fan site owners don't have to adjust their sites to accommodate this change (TJ can correct me if I'm wrong).

Share this post


Link to post

I think fansite developers would still need to update their sites accordingly to support that; the site itself would have to detect that the scroll is hidden/has hidden parts but could be accessed via API login, prompt you to log in, and then deal with the resulting auth token or whatever it is, roughly.

Share this post


Link to post

1. Hidden scrolls very intentionally behave exactly the same as a non-existent scroll. Out of respect for peoples' privacy, it shouldn't be possible to differentiate the two (except possibly via external caches), and anything that allows doing so is a bug. There's nothing stopping a site that uses the API from showing a message along the lines of "could not find an account named 'TJ09'. If your scorll is hidden, try logging in," which removes the need to know which is which.

 

2. The API doesn't currently allow a valid API login to view hidden scrolls. I have almost everything ready to be able to launch such a feature; the main missing piece is some sort of "login history" so that you can see what sites can view your hidden stuff and revoke that permission.

Share this post


Link to post
5 hours ago, TJ09 said:

2. The API doesn't currently allow a valid API login to view hidden scrolls. I have almost everything ready to be able to launch such a feature; the main missing piece is some sort of "login history" so that you can see what sites can view your hidden stuff and revoke that permission.

Would it work if the external site could only "see" a hidden scroll for a maximum of 5 minutes before permission is revoked and a new log-in "permission" needed?

Share this post


Link to post
23 hours ago, olympe said:

Would it work if the external site could only "see" a hidden scroll for a maximum of 5 minutes before permission is revoked and a new log-in "permission" needed?

Wouldn't that be very annoying and require logins every time?

Share this post


Link to post
9 minutes ago, osmarks said:

Wouldn't that be very annoying and require logins every time?

Only if you want to add or delete some items to/from the fansite. For giving views, the site will have the view links and just use them to display your critters once you gave the go-ahead by adding them and confirming your identity via log-in.

Share this post


Link to post


  • Recently Browsing   0 members

    • No registered users viewing this page.