this post was submitted on 02 Feb 2025
10 points (100.0% liked)

Programming

18142 readers
474 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
10
Mastodon Bot? (sh.itjust.works)
submitted 1 week ago by [email protected] to c/[email protected]
5 comments fedilink hide all child comments
 

I'm currently making a Mastodon Bot, and I'm not entirely sure how to host it, like where do i ensure the API Access Token's and such aren't at risk of public view.

I've made sure, and I haven't pushed yet, but I've ensured that .env is inside .gitignore. I'm just unsure, and would love some help. This is just a little project I found on GitHub, and thought I'd might as well learn a few things of how things like this are developed.

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 4 days ago (1 children)

Store the access token in an environment variable instead of a file. Not sure which language are you using but for my bot I have this Python code to retrieve the token which is stored in the MASTODON_TOKEN environment var.

TOKEN_ENVIRON_VAR = 'MASTODON_TOKEN'


def get_auth_token():
    '''Fetches the auth token from the env var.'''
    try:
        token = os.environ[TOKEN_ENVIRON_VAR].strip()
        if not token:
            raise ValueError()
        return token
    except Exception as e:
        logging.error('Unable to get the auth token for Mastodon')
        logging.error(e, exc_info=True)
        sys.exit(-1)
[–] [email protected] 1 points 2 days ago

I think I am storing it in Railway as well as a .env file. I gitignored .env file so it would be hidden Just in case for some reason railwat didn't get what I meant by storing the Mastodon credentials.

The main thing that I'm having trouble with now, is Mastodon GUI. Doesn't let me save what I do, for example, When I go and add the specific scopes of my bot, I hit Save, Mastodon, doesn't save it.

My dad did tell me something about maybe it's a database that's not working correctly When, I guess, a click event or something?

This is all on the mastodon.social instance.

[–] nnullzz 2 points 1 week ago* (last edited 1 week ago) (1 children)

I’ve been using Netlify for smaller apps, but lately Railway has been my go to. Pretty cheap too and it covers mostly everything you’ll need to deploy app regardless of language or framework. Their UI makes it all very easy to manage with the “nodes”.

Both of those services (as do most) give you the option to load environment variables onto the app itself.

So the process is normally this: You have env vars you’re using locally like API tokens that you’re putting in your .env during development. Now you’re ready to deploy. Because you’ve gitignored that file locally, you don’t have to worry about secrets being in your code base, but also, because they’re environment variables, you’re framework will see those variables available in the “box”.

Ultimately, there’s no difference between having stuff in your local .env and injected by a service during deployment. Just make sure the env var keys are the same in each case.

Hope that’s not too confusing. If so, I’m happy to clarify anything.

EDIT: also wanna add that Supabase isn’t that bad. It helps you know exactly what you need it to provide for you and then start searching away to see how to slowly put together each of those pieces. With them, I usually start with the Auth stuff, then move on to my database and storage. Functions last if the project calls for them. There’s quite a bit of info out there if you know specifically what you’re wanting to solve at the moment.

[–] [email protected] 1 points 1 week ago

Thanks!

[–] [email protected] 1 points 1 week ago

I was going to use Vercel, but that is more for Web Hosting (Web apps), and NetLify. SupaBase was my next big option, but im lost in that lol