revisitors / revisit.link.hub Goto Github PK

View Code? Open in Web Editor NEW

18.0 18.0 19.0 2.41 MB

revisit.link central service hub

License: BSD 3-Clause "New" or "Revised" License

JavaScript 50.13% CSS 49.87%

revisit.link.hub's People

Contributors

Stargazers

Watchers

Forkers

meandavejustice rozap grampajoe mferrier thethp gf3 imakewebthings brenna kirbysayshi jasonrhodes lauradegroot byronhulcher swartzcr flet kid-icarus andrewdamelio imclab pombredanne beaugunderson

revisit.link.hub's Issues

Make playing with the same gif easier

I wonder if since when you go back from the creation screen it still has the file name in the input box, it's possible to load the image so you don't have to click through again or refresh?

I'd like to tackle this.

"Random" does not appear to work

Might only happen with PNG files? Anyway, I just receive the same as my input file back as a result.

add imgur uploader on script.jade page

Potential security concern when creating art

In lib.services.js there is no validation of the data sent from the client when the "create" button is clicked.

This means that someone could inject any URL they want on the client (via dev tools or just POSTing directly) and the server would send a request to it. This could be used for nefarious purposes.

Possible fix: add a few lines to the addService(sv) function to check if sv is actually listed in serviceList before adding it to the tether.

Sorry I was going to send a PR but have not had a chance to write it up... I figure someone else might get to it before me. :)

remix from image links

be able to remix an image from a direct link like this one: http://i.imgur.com/0bFIoxX.gif

Icons

idk on a scale of 1- relevant, unsure how relevant this is:

The icons on the main site aren't appearing :(

http://imgur.com/zQ2BZ6M

Refine specification and validation of file upload sizes.

At this point the spec states:

'Any content passed through http://hub.revisit.link cannot exceed 1 MB per data URI. But data coming from distributed services may increase to a greater size, so ensure your service endpoint can handle a size averaging between 1-3 MB.'

#36 (comment) states some confusion in the spec regarding a maximum transmission size of the overall payload, and various components of the payload.

What do you think about mocking up different payloads and checking for a 413 status code and the original object as posted to the service returned (noop)? That could be added to validate.revisit.link.

I think the approach of asking all services to simply 413 and noop on a the post of a payload over 2MB is reasonable. It simplifies service development in that a payload will simply be passed through the chain in the event that it at some point it exceeds the maximum allowed sized.

Any thoughts?

RMill Repo?

Bro, y u no repo for Megaman?

'Choose file' button awkwardly floats above uploaded image

404s on filter icons.

At http://hub.revisit.link I'm currently seeing 404 for @waferbaby's http://revisit.waferbaby.com/images/compy.jpg and getting a net::ERR_CONNECTION_RESET on @jasonrhodes http://memeify.jrhodes.me:8000/memeify-sample.jpg.

Not sure how we should address externally hosted images long term. Thoughts?

"Random" service?

Provide a service that selects a random service. Everyone loves suprises! This could be done as a separate service, but may be easier to accomplish at the hub.

It could be done at the hub via some "slug" as the URL (in service.json) that is picked up at submission and switched to a random service.

Thoughts?

back button breaks functionality

browser's back button be borked

to reproduce:

upload an image
add services, wevs
submit
enjoy your gif
press the browser's back button
observe that the image filename is still present in the upload area, and you can press submit again
observe that this is now effed up and you need to reload to fix it

This GIF produces an error. You'll never believe what happens next.

This specific gif, saved from meatspace:

Results in a generic "Oops! Error!" with no reason in the reason h2. As far as I can tell, this is the only code path that would result in reasonlessness. No request is sent to the service selected. The error occurs before then.

Sort options I cannot choose to the bottom

Depending on file format (PNG, for instance) a lot of options cannot be chosen. If you don't want to hide them altogether, maybe just push them to the bottom of the list?

signal when a service works with certain formats

change hub list item background colors to show compatibility with a file's filetype on upload

An arbitrary number of services can be added on any given token

The number of services that can be added per POST /service is limited to 5, but there's nothing in place to stop a malicious user from sending requests containing the same token with up to 5 new services to add to the chain. revisit-tether similarly performs no range checking when playing tethers, so one tether can cause the hub to perform a very large number of requests for a single tether.

To reproduce in a browser:

Open http://hub.revisit.link
Setup a tether
Click Create
Copy the tether ID
Open http://hub.revisit.link and wait for the services to load
Open the dev tools and do: $('#token').val('<tether ID>')
Choose a new image and add more services
Click Create

This could be more easily/speedily exploited with an external script, and also allows malicious users to modify other users' tethers once they are created (if, for instance, someone links a nice sequence for others to replay).

My recommendation would be for tethers to be stored in a single DB key and created in a single call, failing if they already exist, but another option would be to range-check/limit on playback, or range-check/limit on insert (adds a DB query to insert).