this post was submitted on 10 Aug 2023
13 points (81.0% liked)

Lemmy Bots and Tools

449 readers
3 users here now

Welcome to the programming.dev lemmy development community! This is a place to discuss and show off bots, tools, front ends, etc. you're making that relate to lemmy

Theres another version of this community over at lemm.ee if you want to subscribe to that one as well

Icon base by DarkZaitzev under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
13
App to schedule posts on Lemmy (schedule.lemmings.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

I've made an app that makes it possible to schedule a post in Lemmy at an arbitrary time. It's available at https://schedule.lemmings.world and can be used by people from any instance.

Let me know what you think!

P.S. This post was made using the app!

Edit: And it's open source!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I agree that this is a feature Lemmy lacks and would be great to have in the core. And thank you for taking the time to create it. However, asking for username and password is a security problem. I'm not attributing any ill intent to your work, but something like this can very well be used to harvest account credentials. So I would advise people to not use solutions like this.

Unfortunately Lemmy doesn't provide a better way to implement this kind of add-ons. Hopefully one day it will have a better Auth system. Until then, I think I will stick to the official UI and hope that this will come to core :)

[–] [email protected] 3 points 1 year ago (2 children)

I mean, if you use an app, or alternative Lemmy UI, you give it the same access. The minute Lemmy supports OAuth, I'm switching to it. Until then there's no other way.

It's open source if it's any help.

[–] [email protected] 1 points 1 year ago (1 children)

That's the main reason I don't use any apps. I don't think there is a real need to suspect the official UI. If one doesn't trust the instance admins, then they should rather migrate.

In case of an application running on a server, there is no reliable way to make sure that the source being shared is the source that is deployed. As I said, I don't think you have any ulterior motives. I'm only trying to raise awareness around a specific problem with Lemmy. Perhaps I should create a separate post about this in relevant communities, if it hasn't been done already.

[–] [email protected] 2 points 1 year ago

Perhaps. Hopefully OAuth is supported soon. Don't get me wrong, I'm not particularly fond of having access to people's credentials as well because if I make a mistake and accidentally leak anything, a shitstorm awaits me.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

It’s open source if it’s any help.

Hmm.

You've made a good tool, but perhaps are conducting in the wrong marketing? If this tool were say, an easy-to-use Rasp. Pi and/or docker image that will post at the appropriate times, then it might avoid that issue?

Then again, I see the advantage of your web-centered approach. Eventually OAuth will be a thing for Lemmy, I'm sure, and then the workflow for a web tool like this would be perfect. Username/password is strictly a temporary measure until Lemmy matures and gets OAuth features.

[–] [email protected] 1 points 1 year ago (1 children)

Well, it's possible to self-host. Someone offered they will create a docker image for it.

Note that with OAuth nothing much will change - the app will still have access to the JWT token which is used to impersonate you. And that I don't do anything with the password you can see already in the source code:

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Note that with OAuth nothing much will change - the app will still have access to the JWT token which is used to impersonate you.

The user will have the option to revoke access for your application.

[–] [email protected] 1 points 1 year ago

True, forgot about that.