this post was submitted on 15 Aug 2023
76 points (100.0% liked)

Reddthat Announcements

641 readers
1 users here now

Main Announcements related to Reddthat.

founded 1 year ago
MODERATORS
 

New UI Alternatives

After looking at our UI for a while I thought, someone will have created something special for Lemmy already. So I opened our development server, told it to get the bag rolling and investigated all the apps people have created.

Have a play around, all should be up and working. If there are other apps, ideas, or ways you think reddthat could be better please let me know!

Enjoy ๐Ÿ˜ƒ

P.S. External UIs are a security issue

I would like to let everyone know that if you are using an external non-reddthat hosted UI (such as wefwef.app for example) you have given them access to full use of your account.

This happens because Lemmy checks for new notifications by performing GET requests via the api with the cookie in the URL field. https://instance/api/v3/user/unread_count?auth=your-authentication-cookie-here. This URL shows up in the logs of the third-party user interface. So if the third party was nefarious, they could look at their logs and get your cookie. Then they can login to your account or perform any requests.

So please only use the Reddthat user-interfaces as listed here & the main sidebar.
(If you are worried, you can log out of the thirdparty website, which will invalidate your cookie).

Tiff

https://old.reddthat.com

https://alexandrite.reddthat.com

https://photon.reddthat.com

https://voyager.reddthat.com

PS. I really like alexandrite.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 4 points 1 year ago* (last edited 1 year ago)

!?!?!?!? That is hilarious.
I have no idea why that's happening (yet). For whatever reason they are being directed to the wrong container... I did some magic which allows me to abstract some logic:

Web -> nginx container > check which web address it is > forward to container with same name.

This allowed me to scale out containers and add new services (more UI apps) without having to update a huge amount of webserver logic. Seems it's bitten in right on the side.

Enjoy the phorite and the alexton for the time being!

I need copious amounts of coffee ~~and to not be caught in meetings all day :( . I'll probably get to look at it around 9-10 UTC~~

Edit: I said fuckit and restarted the front-end services, and it's back working. I'll investigate what went wrong later on. Now to find coffee!