nonjerry / verabot Goto Github PK
View Code? Open in Web Editor NEWBot to verify and manage Memberships.
License: GNU General Public License v3.0
Bot to verify and manage Memberships.
License: GNU General Public License v3.0
I cannot seem to find a self hosting guide in the repository, Is it alright if I ask how to run the app with my own setup?
I'm aware I need a mongodb and python, I'm confused on what I need to fully get it working on my local setup
Hi, this is a neat bot, though its method of verification is weak. It's trivial to edit the date text to be whatever is desired, so someone could stop their membership but continue verifying for the Discord group with forged screenshots.
Additionally, the page this tool wants to use for verification can include the user's last 4 digits of their credit card and that can wind up in a screenshot. That is data that shouldn't be collected even by accident.
This isn't really a problem in practice because of the honor system and the low value of what is being protected, so I understand if you ignore/close this issue. I'm just annoyed that it seems to be a common workflow to require periodic re-verification from everyone, and that's just pure security theater. If the honor system is trustworthy, why bother with re-verification?
I propose the verification flow should instead require the user to perform some publicly visible action that allows VeraBot to associate the youtube account (and see its membership status) with the Discord account requesting verification. This uses youtube as the source of truth and is therefore much less forgeable, which would make re-verification actually meaningful instead of theater.
One idea for a general protocol: VeraBot generates a random list of emojis (say 5 of them, possibly limited to membership emotes), or words, or picks from a phrase pool, whatever, and asks the user requesting verification to copy them and post them within the next minute.
Where they post them can depend. For youtubers that have a "free chat" or some other upcoming live stream, the message could be put into the livechat itself, and seen by VeraBot. Alternatively, an archived video could be selected and the user posts a comment to it. The comment can be asked to be deleted after verification to minimize disruption / any semblance of spam to the youtuber.
I don't know much about the youtube API but I suspect it could be used to implement detecting this. Alternatively, something like Selenium Webdriver could be used, since the bot just needs to detect the shared random message and see it comes from a green name/name with a membership badge,and that can be done incognito.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.