modrinth / labrinth Goto Github PK
View Code? Open in Web Editor NEWOur Rust-based backend utilizing the actix-web framework to serve Modrinth's API.
Home Page: https://modrinth.com
License: GNU Affero General Public License v3.0
Our Rust-based backend utilizing the actix-web framework to serve Modrinth's API.
Home Page: https://modrinth.com
License: GNU Affero General Public License v3.0
I think mods in user's profile should be sorted by download count, while the dashboard should be sorted by date created
Edit:
I think there should be a sort-by feature on the profile (defaults to date-created if it's your own, downloads otherwise)
Describe the bug
I'm calling
https://api.modrinth.com/api/v1/version/${MOD_VERSION_ID}
but I get error 404, it used to work but Idk why it's not working anymore.
The objective of this Request For Comments is to present a possible solution to the authentication problem.
Authentication is still today an important part of every application, and if the implementation is not done right, we expose the data of users.
The proposed solution is to use oauth2/OpenID. This is currently the specification the majority of websites follows, like Facebook, Google or Microsoft.
There is three ways for implementation of oauth2 in the project:
I think the part that needs the most description is the client / frontend part, as this seemed unclear.
Each client / frontend will have it's own "public key" and "private secret". While I'll call the second one private, it can be included as an environment variable at compilation time or even added in the code source (even if it's not recommended at all!) as these keys are just used to indicate to the server & client who's trying to connect with your account.
The keys are just used to make that appear on the screen (this is taken from discord for the example):
The part that secures the "oauth2 flow" (The dialog between the server & the client) is the Proof Key for Code Exchange
system (I'll be calling it PKCE for simplicity). It allows the system to prevent MITM of the authorization token, returned by the browser, so a weak point of the transfer.
After all the "oauth2 flow", the client will have a JWT (Json Web Token) and is the only way to access the server as an authenticated client and user. The "public key" and "private secret" are only here to make sure that the application is authorized.
Then you only have to add a "Authorization: Bearer XXX", where XXX is the token you got at the last step for each call to the API.
When sending a PATCH request to /api/v1/mod/<id>
, the mod description (body
) will not be updated. All other fields such as license, issues, source and title update correctly.
Another note is that the response status is 200
.
When updating a version using PATCH https://api.modrinth.com/api/v1/version/<version>
, the game_versions
field won't be updated on the database.
In this example, I am updating version laHyWob8
.
Command:
$ curl -i -s -X PATCH -H "Content-type: application/json" -H "Authorization:$MODRINTH_API_TOKEN" --data-raw '{"featured": true, "game_versions": ["1.16.2", "1.16.3", "1.16.4", "20w45a", "20w46a", "20w48a", "20w49a"], "name": "[1.16.2+] Manhunt: Fabric v1.0.2"}' https://api.modrinth.com/api/v1/version/laHyWob8
(Note: $MODRINTH_API_TOKEN
is an environment variable that I set)
The response:
HTTP/1.1 200 OK Content-Length: 0 Date: Sun, 13 Dec 2020 18:47:15 GMT Server: Caddy X-Ratelimit-Limit: 100 X-Ratelimit-Remaining: 99 X-Ratelimit-Reset: 60
All of the fields, including name
and featured
updated correctly, but game_versions
did not.
Is there an existing solution? Is something wrong on my end?
Is your feature request related to a problem? Please describe.
Currently, malicious content uploaded to Modrinth cannot be flagged or reported to moderators to investigate. This poses a huge problem, for example, if the user uploads malware.
Describe the solution you'd like
A reports system with report types. descriptions, and an API route for moderators to view all reports.
Following the decision to move to separate repos for frontend and backend, I'll clean everything up
Should have license/source availability metadata that allows people to search for mods by what they are allowed to do with them:
On the site, we want correct, working URLs, and ones that are non malicious and do not direct to malware. URLs can also have XSS in it, using javascript
.
As the title says, when the index_curseforge
function is passed with indices greater than about 200,000, the web server will panic and crash. I'm not sure how to increase the payload size with reqwest, but that seems like a viable solution unless we split up the payloads which is more complicated with no benifit (unless reqwest doesn't allow you to increase payload size)
Is your feature request related to a problem? Please describe.
Currently, dependencies are not able to specified within the API. This poses a problem for users who need to know the dependencies of a mod in a consistent way.
Describe the solution you'd like
A way to specify dependencies, incompatibilities, etc within the API.
We need to set up more tests to make sure each part of the system functions properly. We currently only have a few tests, so we should work on improving that.
Does actix-web
have a good way of making a mock http request to a specific route? Or should we just run the full server and then have a separate runner that sends requests to the specific routes?
Is your feature request related to a problem? Please describe.
Downloading 50+ individual mods and updating them all every so often is quite time-consuming.
Describe the solution you'd like
The ability to create "lists" of mods, to bulk-download the latest version of each all at once. When downloading, you could filter by version/loader/etc. to ensure some level of compatibility.
Describe alternatives you've considered
Modpacks; my explanation for why this is different from modpacks is below
Additional context
This could tie in easily with #128, with things like a "bulk-download recently updated favourites", "bulk-download all favourites", etc.
While very similar to, this is different from modpacks themselves in that these lists would not be permanent; it would be more like an "add to cart" and then download the contents of the cart type thing. It could, however, facilitate the construction of modpacks; you create a cart/list, and then send that to a modpack when ready.
Thank you :)
Is your feature request related to a problem? Please describe.
I suggest having a per-file required setting that specifies whether the file is usable on the client, server or both. This would be used in at least mods and modpacks, but in the future could be used in other content too (maybe resource packs and datapacks indicating whether public servers are allowed to bundle them?).
Describe the solution you'd like
For the most granularity, I suggest two dropdowns:
Client-side
Server-side
That would represent all of the mods, including minimap mods that also have server-side functionalities can be added to the server, mods that are only usable on server terminal, mods that have an effect on either server or client (e.g. Lithium) and so on.
Describe alternatives you've considered
Tags for mod listings perhaps, similar to how Mod Menu shows "Client" and "Server" badges.
Additional context
Relevant request for CF: https://curseforge-ideas.overwolf.com/ideas/CF-I-165
After I forgot to provide an icon when I created a mod, I'm not able to set an icon now.
Setting an icon through the frontent doesn't seem to change anything
after calling the API for the first time, the uploaded file is broken, even though the API returns HTTP 200:
$ curl -i -s -X PATCH -H "Authorization:$MODRINTH_TOKEN" --data-binary @src/main/resources/icon.png 'https://api.modrinth.com/api/v1/mod/Bta0Pt47/icon?ext=png'
HTTP/2 200
date: Fri, 11 Dec 2020 23:34:14 GMT
server: Caddy
x-ratelimit-limit: 100
x-ratelimit-remaining: 99
x-ratelimit-reset: 60
content-length: 0
(wait a bit)
$ curl https://cdn.modrinth.com/data/Bta0Pt47/icon.png > /tmp/icon.png
$ ls -l /tmp/icon.png src/main/resources/icon.png
-rw-rw-r-- 1 gbl gbl 19674 Jul 1 07:48 src/main/resources/icon.png
-rw-rw-r-- 1 gbl gbl 10451 Dec 12 12:10 /tmp/icon.png
Calling the API again doesn't seem to replace the file; I tried uploading a different file, waited for a while, then downloading the file gave me exactly the same bad one (10451 bytes) again and again.
Unable to save mod as draft.
Upon pressing save draft button the following error is displayed:
"Database Error: Error while interacting with the database"
I would like all information on Modrinth associated with my GitHub account removed, including user preferences and project pages.
Is your feature request related to a problem? Please describe.
When looking at the downloads of my mod, I always want to know if someone downloaded my mod multiple times, or if it's actually popular.
Describe the solution you'd like
Along the regular downloads count, there will be a "unique downloads" count, which will only display one download per account, ignoring how much times that account has downloaded the mod.
Describe alternatives you've considered
Perhaps this could be enabled in the settings of the mod, so the new count will be displayed only if the mod developer wants to.
Specifically to avoid slurs and such appearing in links (and potentially triggering zealous url filters), but removing words entirely is probably your best bet
Attempting to upload files as the owner of my mod results in the following error:
Authentication Error: You don't have permission to upload files to this version!
I'm pretty confident that the issue has to do with the following snippet of code:
labrinth/src/routes/version_creation.rs
Lines 408 to 415 in d2094e2
This if statement's condition should be negated because it currently prevents authorized users from uploading files and probably allows unauthorized ones to do so.
This is quite a problem.
Quote from @falseresync on Discord:
Seems like default permission set does not include managing of invites
Canβt find where owner permissions are set
Found it
Should have set it to all
Oh, I think I know that it is
It checks for manage invites permission, but not for all permission
Permissions system is not hierarchical
I am testing labelsync, gimme a second
Faceted Search is a new feature added in MeiliSearch v0.11. It improves how filters work and increases performance for them with huge margins.
It should be a simple addition, as the current tags system basically drops right into facets.
A dark theme for the website!
I have tried calling https://api.modrinth.com/api/v1/mod/{mod_id}/version/{version_id}
with one of the version id taken from the response https://api.modrinth.com/api/v1/mod/{mod_id}/version
but I get as the response:
{
"error": "not_found",
"description": "the requested route does not exist"
}
I don't understant if it doesn't work or I'm using a wrong version id.
... and accordingly not in the "Members" display on the modrinth web site.
Changed my username from gbl
to Giselbaer
via the api, then verified:
$ curl -s 'https://api.modrinth.com/api/v1/user/@Giselbaer' | json_pp
{
"name" : null,
"created" : "2020-12-10T07:06:18.077639Z",
"role" : "developer",
"id" : "m44EmA3V",
"avatar_url" : "https://avatars3.githubusercontent.com/u/243563?v=4",
"username" : "Giselbaer",
"bio" : null,
"email" : null,
"github_id" : 243563
}
but the team members list still has me as gbl
:
$ curl -s 'https://api.modrinth.com/api/v1/team/oVxXu7Et/members' | json_pp
[
{
"name" : "gbl",
"user_id" : "m44EmA3V",
"permissions" : null,
"role" : "Owner"
}
]
Deletes a file from the list, or hide it.
Since we now have 51 mods on Modrinth, we need to start keeping backups of the database so that if something goes wrong, we don't lose everything. How we should go about this depends on how you have the hosting set up @Geometrically, but we need to have some redundancy in case we somehow delete the database, or if we lose access to the hosting provider.
Is your feature request related to a problem? Please describe.
I would like to be able to filter by client side only (or server-side only)
Describe the solution you'd like
Adding client only/ server only catagories.
It would be useful to be able to "follow" mods (possibly connected to favoriting from #128).
The purpose of following would be so you could see a list of updates to mods you follow that you haven't already marked as seen.
For users like me who maintain large, personal mod sets, this sort of feature is essential, as manually checking each of about a hundred mods for updates each day is prohibitively cumbersome. Curseforge's version of this feature is the feature I use most on their site.
^ my 2Β’ to try and get this feature on the roadmap
Describe the bug
This mod: https://modrinth.com/mod/kekdupe will not open and instead shows a 404 error.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Expected the mod page to open and show details instead of the error. If the mod has been removed, it should not be shown on search.
API should be able to search for alternatives for a given mod
An upgrade tracker that shows which mods have yet to upgrade to the latest release and reported status of those mods, so that people hopefully don't bug mod authors as much
so, for each mod that's available for a previous version it would show either:
This would be a tremendous help to anyone using mods, but especially to modpack authors, as it would simplify planning around new releases
There should be an option to sort mods/search results alphabetically. Example: https://modrinth.com/mods?q=Giselb lists all my mods, but as there are so many of them, it's still hard to find the one you're interested in. Sorting by name would make this easier.
Hey there π. Is there any Discord server/group for the development of Fabricate?
Feel free to contact me on Discord as enkiel#8897
Thanks :)
Currently, the project uses the async lib futures over tokio. While futures does the job, tokio has a lot more features and would make stuff a lot easier, such as:
While futures is more used by a slight margin, I think the team could benefit from this transition.
When editing a project description, the updated description is never saved. Navigating to the page again results in the old description being shown.
OS: Ubuntu 20.04
Browser: Firefox 84.0.2 64-bit
Currently the client requests the entire list of versions from Mojang on every page load, which adds about 100KiB to every page load. It may be more efficient to request the versions list once on the server side, and then send a more minimal list of versions to each client. Then, if the client opens the snapshots or archaic versions lists, the client could request the full list from Mojang's servers. This should reduce the loading time of the page, as well as prevent Chrome complaining about having >400 children of a single element in the snapshots tab.
The other large requests that are currently being sent are mainly from the icons for mods, which are much higher resolution than will be displayed. I don't know if there are smaller versions of the icons on the curseforge cdn, but that may be worth looking into.
I am currently minifying the svg icons, which are another thing we could improve - if we could reduce the number of requests for the icons, that could reduce loading times. Since most of the icons are svg, it is theoretically possible to put them all on a sprite sheet and then reference them individually, but that requires more work.
In the api response I can see just the main page and the github page url, is there a way to get the url to download the jar file?
Things to do in this project:
This is an easy fix.
MeiliSearch currently parses integers as strings, so we could add a prefix to the id like "curse-2939291"
Heya, I'm unsure if this is appropriate so please go ahead and close this issue if not; but it'd be super handy if we could 'favourite' or 'star' mods in Modrinth, preferably with the ability to sort them into categories for later review!
When a database transaction fails (in this case, only for mod uploads), we currently try to delete all of the files that were uploaded to the CDN, to prevent having dangling / untracked files uploaded to the CDN. In the case of a CDN outage, we could theoretically upload some files before failing the transaction, but then be unable to delete them. We should track the files that couldn't be deleted, and write their names and ids somewhere β either to disk or to a table in the database.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.