I’ve made an app that makes it possible to schedule a post in Lemmy at an arbitrary time. It’s available at https://schedule.lemmings.world and can be used by people from any instance.

Let me know what you think!

P.S. This post is made using the app!

Edit: And it’s open source!

  • trakata@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    I don’t store your password if that’s what you’re asking! …

    The JWT token is not stored on the server, it’s only in a cookie in your browser.

    When you schedule a post, the post details, your instance, your username and your JWT token are stored in a job…

    You’re simply storing secrets on the server and running it by proxy, nothing prevents you from extracting those JWTs from the job stores and actioning them against an arbitrary Lemmy API with crafted calls.

    • Rikudou_Sage@lemmings.worldOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Yup, that’s right. I don’t do that, though. Which obviously you’ll have to trust me on (or don’t and don’t use it). It has been open sourced now, but that still doesn’t solve it and I’m obviously not gonna go and give people production access to my AWS account.

      I’m not saying you must use it, I’m just giving it here in case anyone wants to.

        • Fluba@lemdro.id
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Do you have a recommendation for how OP can change things so you’re satisfied with your privacy?

          • trakata@lemmy.ca
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            1 year ago

            Simply don’t use it, this is posted in bad faith attempting to deceive for access credentials.

            • Rikudou_Sage@lemmings.worldOP
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              1 year ago

              Dude, I literally develop stuff all the time and have dozens of open source projects. Why the hell do you think I have the need for collecting your credentials? Use a fake account for all I care, the code is open source and you can read it.

              • trakata@lemmy.ca
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                1 year ago

                I’m not concerned with your code, it’s passable, I’m concerned with you hosting other people’s effective access and leading people into thinking you have secure coding practices in mind when you clearly lied and are being unusually defensive when called out for stating fact about your project.

                • Rikudou_Sage@lemmings.worldOP
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  1 year ago

                  clearly lied

                  Where the hell did I lie? I’ve been open since the beginning. Are you a troll?

                  unusually defensive when called out for stating fact

                  You mean when someone told me to “do X or get the fuck out”? Are you fucking surprised I don’t like being told to fuck out? Where else have I been “unusually defensive”?

                  Stop lying and making stuff up, please.