You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Honestly unsure if we should even attempt this. Its technically possible via persistent data but very slow and inconsistent.
The use case here is for cl modes that require the host to store/retrieve larger amounts of data from their own database.
If/When the workshop is complete, users will not be able to upload code using this feature as it is intended for the developer to use on their own with their own service.
Implementation
All requests made must be to localhost only and only masterclient (host) can call it. (The one choosing the script is the only one who can make requests and the requests can only be to a port on their own local machine)
Display a warning in the mode settings that the mode makes use of an external service and not to run it if you don't understand what this is.
Choice of port should be heavily limited to a set of known free ports that can be used.
If Async is not complete by the time this is added:
Return a wrapped WWWRequest object that users can poll for completion in a coroutine.
Reason
Some bot hosted rooms require access to an external database/service in order to store more user data. (think blurs room/optix bot).
This feature would require whoever uses it to write their own rest api service and run it locally. They can then use this local instance as a proxy to do db requests, access the internet, or do processing that would not be feasible via cl.
Risks
Tricking users into running your script without reading/understanding it.
Finding an exploitable pre-existing service running on localhost.
Using Networking to pass direct commands from clients sending Network.SendMessage to Network.Get/Put/Delete/Post.
Remote Code Exec from an exploitable pre-existing service.
Risk Mitigation
Host is the only one able to make requests to their own localhost service.
Host is warned that the script uses this feature.
Script is not sharable via the workshop.
Only expose rest api (data sent must be valid json)
Only release a specific build of cl for bot hosters and inform them of the risks.
The text was updated successfully, but these errors were encountered:
Warning
Honestly unsure if we should even attempt this. Its technically possible via persistent data but very slow and inconsistent.
The use case here is for cl modes that require the host to store/retrieve larger amounts of data from their own database.
If/When the workshop is complete, users will not be able to upload code using this feature as it is intended for the developer to use on their own with their own service.
Implementation
All requests made must be to localhost only and only masterclient (host) can call it. (The one choosing the script is the only one who can make requests and the requests can only be to a port on their own local machine)
Display a warning in the mode settings that the mode makes use of an external service and not to run it if you don't understand what this is.
Choice of port should be heavily limited to a set of known free ports that can be used.
If Async is completed by the time this is added:
make use of callbacks on response.
If Async is not complete by the time this is added:
Return a wrapped WWWRequest object that users can poll for completion in a coroutine.
Reason
Some bot hosted rooms require access to an external database/service in order to store more user data. (think blurs room/optix bot).
This feature would require whoever uses it to write their own rest api service and run it locally. They can then use this local instance as a proxy to do db requests, access the internet, or do processing that would not be feasible via cl.
Risks
Risk Mitigation
The text was updated successfully, but these errors were encountered: