this post was submitted on 10 Aug 2023
78 points (89.0% liked)

Fediverse

28520 readers
422 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
78
App to schedule posts on Lemmy (schedule.lemmings.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

I've made an app that makes it possible to schedule a post in Lemmy at an arbitrary time. It's available at https://schedule.lemmings.world and can be used by people from any instance.

Let me know what you think!

P.S. This post is made using the app!

Edit: And it's open source!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 1 year ago (2 children)

I don't store your password if that's what you're asking! I'm planning to make it open source once I make sure I didn't accidentally leave any production secrets in the code.

Anyway, here's how it works:

  • You log in using your account, the site checks whether it's a valid account using api and if it is, it creates a JWT token that's used to authenticate you against Lemmy. At this point your password is already forgotten and the site has no way of getting it.
    • The JWT token is effectively the same as having your password - it allows you to do the same things you could if you have logged in normally.
  • The JWT token is not stored on the server, it's only in a cookie in your browser.
  • When you schedule a post, the post details, your instance, your username and your JWT token are stored in a job that gets scheduled to run later. This is the only part where any sensitive information (JWT) about you are stored somewhere else than your computer.
  • After the scheduled job is triggered, it authenticates as you and creates the post as if it were you, immediately afterwards the job config is deleted, meaning the JWT is no longer stored.
  • The JWT is stored in every scheduled post you make, meaning as long as you have any scheduled post, the JWT is stored somewhere. When all scheduled posts are posted, your JWT is no longer present anywhere on the backend.
  • Note that due to current technical limitations, even if you cancel a scheduled job, its config (including the JWT) is stored until the original scheduled time. This will be (probably) fixed in future versions when I have some time to work on it.

Hope it clarifies it, let me know if you don't understand any part of it!

[–] [email protected] 2 points 1 year ago (1 children)

JWT token is not stored on the server

JWT token are stored in a job that gets scheduled to run later

Where's the job stored?

[–] [email protected] 1 points 1 year ago

In a scheduling system. Probably bad wording on my part, sorry. I meant that it's not stored anywhere for just logging in, though it's stored as part of every scheduling job in the scheduling system.