modrinth / labrinth Goto Github PK

When a database transaction fails (in this case, only for mod uploads), we currently try to delete all of the files that were uploaded to the CDN, to prevent having dangling / untracked files uploaded to the CDN. In the case of a CDN outage, we could theoretically upload some files before failing the transaction, but then be unable to delete them. We should track the files that couldn't be deleted, and write their names and ids somewhere — either to disk or to a table in the database.

Is your feature request related to a problem? Please describe.
I would like to be able to filter by client side only (or server-side only)

Describe the solution you'd like
Adding client only/ server only catagories.

Describe the bug

I'm calling

https://api.modrinth.com/api/v1/version/${MOD_VERSION_ID}

but I get error 404, it used to work but Idk why it's not working anymore.

On the site, we want correct, working URLs, and ones that are non malicious and do not direct to malware. URLs can also have XSS in it, using javascript.

It would be useful to be able to "follow" mods (possibly connected to favoriting from #128).
The purpose of following would be so you could see a list of updates to mods you follow that you haven't already marked as seen.

For users like me who maintain large, personal mod sets, this sort of feature is essential, as manually checking each of about a hundred mods for updates each day is prohibitively cumbersome. Curseforge's version of this feature is the feature I use most on their site.
^ my 2¢ to try and get this feature on the roadmap

Heya, I'm unsure if this is appropriate so please go ahead and close this issue if not; but it'd be super handy if we could 'favourite' or 'star' mods in Modrinth, preferably with the ability to sort them into categories for later review!

Things to do in this project:

• List of mods in a "Need for Approval" state
• Approve mod route
• Deny mod route

Currently the client requests the entire list of versions from Mojang on every page load, which adds about 100KiB to every page load. It may be more efficient to request the versions list once on the server side, and then send a more minimal list of versions to each client. Then, if the client opens the snapshots or archaic versions lists, the client could request the full list from Mojang's servers. This should reduce the loading time of the page, as well as prevent Chrome complaining about having >400 children of a single element in the snapshots tab.

The other large requests that are currently being sent are mainly from the icons for mods, which are much higher resolution than will be displayed. I don't know if there are smaller versions of the icons on the curseforge cdn, but that may be worth looking into.

I am currently minifying the svg icons, which are another thing we could improve - if we could reduce the number of requests for the icons, that could reduce loading times. Since most of the icons are svg, it is theoretically possible to put them all on a sprite sheet and then reference them individually, but that requires more work.

Since we now have 51 mods on Modrinth, we need to start keeping backups of the database so that if something goes wrong, we don't lose everything. How we should go about this depends on how you have the hosting set up @Geometrically, but we need to have some redundancy in case we somehow delete the database, or if we lose access to the hosting provider.

Introduction

The objective of this Request For Comments is to present a possible solution to the authentication problem.
Authentication is still today an important part of every application, and if the implementation is not done right, we expose the data of users.

Proposed solution:

The proposed solution is to use oauth2/OpenID. This is currently the specification the majority of websites follows, like Facebook, Google or Microsoft.

Technical details

There is three ways for implementation of oauth2 in the project:

• Use a social 3rd party like one mentioned above. This is the simplest solution to implement, but forcing developers and users to use a 3rd party account to login on our platform can and will turn away users.
• Use a AaaS (Authentication as a service) 3rd party like authy. While this solution has loads of advantages in a hosted context, where we're the only one hosting the solution, but for a more broad use of the solution, this will make it harder.
• Create our own system for authentication, basing our work on frameworks like oxyde-auth. This is the solution that needs the most technical explanation, and I'll be explaining that if that's the chosen solution in another RFC.

Client side of things

I think the part that needs the most description is the client / frontend part, as this seemed unclear.
Each client / frontend will have it's own "public key" and "private secret". While I'll call the second one private, it can be included as an environment variable at compilation time or even added in the code source (even if it's not recommended at all!) as these keys are just used to indicate to the server & client who's trying to connect with your account.
The keys are just used to make that appear on the screen (this is taken from discord for the example):

The part that secures the "oauth2 flow" (The dialog between the server & the client) is the Proof Key for Code Exchange system (I'll be calling it PKCE for simplicity). It allows the system to prevent MITM of the authorization token, returned by the browser, so a weak point of the transfer.

After all the "oauth2 flow", the client will have a JWT (Json Web Token) and is the only way to access the server as an authenticated client and user. The "public key" and "private secret" are only here to make sure that the application is authorized.

Then you only have to add a "Authorization: Bearer XXX", where XXX is the token you got at the last step for each call to the API.

Currently, the project uses the async lib futures over tokio. While futures does the job, tokio has a lot more features and would make stuff a lot easier, such as:

• Easy scheduled tasks that do not block the code
• Better integration and support from current libraries
• A lot more features included by default

While futures is more used by a slight margin, I think the team could benefit from this transition.

Is your feature request related to a problem? Please describe.
Currently, malicious content uploaded to Modrinth cannot be flagged or reported to moderators to investigate. This poses a huge problem, for example, if the user uploads malware.

Describe the solution you'd like
A reports system with report types. descriptions, and an API route for moderators to view all reports.

We need to set up more tests to make sure each part of the system functions properly. We currently only have a few tests, so we should work on improving that.

Does actix-web have a good way of making a mock http request to a specific route? Or should we just run the full server and then have a separate runner that sends requests to the specific routes?

In the api response I can see just the main page and the github page url, is there a way to get the url to download the jar file?

This is quite a problem.

Quote from @falseresync on Discord:

Seems like default permission set does not include managing of invites
Can’t find where owner permissions are set
Found it
Should have set it to all
Oh, I think I know that it is
It checks for manage invites permission, but not for all permission
Permissions system is not hierarchical

Should have license/source availability metadata that allows people to search for mods by what they are allowed to do with them:

• May be included in modpacks?
• Source available?
• Right to distribute?
• Right to modify?
• Is mod covered by multiple licenses (for example, the source code is unencumbered but the assets might be ARR?)
• License name

Following the decision to move to separate repos for frontend and backend, I'll clean everything up

• Permission list
• Invite member
• Accept invitation
• Remove user from team

Faceted Search is a new feature added in MeiliSearch v0.11. It improves how filters work and increases performance for them with huge margins.

It should be a simple addition, as the current tags system basically drops right into facets.

When sending a PATCH request to /api/v1/mod/<id>, the mod description (body) will not be updated. All other fields such as license, issues, source and title update correctly.

Another note is that the response status is 200.

Is your feature request related to a problem? Please describe.
Downloading 50+ individual mods and updating them all every so often is quite time-consuming.

Describe the solution you'd like
The ability to create "lists" of mods, to bulk-download the latest version of each all at once. When downloading, you could filter by version/loader/etc. to ensure some level of compatibility.

Describe alternatives you've considered
Modpacks; my explanation for why this is different from modpacks is below

Additional context
This could tie in easily with #128, with things like a "bulk-download recently updated favourites", "bulk-download all favourites", etc.
While very similar to, this is different from modpacks themselves in that these lists would not be permanent; it would be more like an "add to cart" and then download the contents of the cart type thing. It could, however, facilitate the construction of modpacks; you create a cart/list, and then send that to a modpack when ready.

Thank you :)

I would like all information on Modrinth associated with my GitHub account removed, including user preferences and project pages.

Hey there 👋. Is there any Discord server/group for the development of Fabricate?

Feel free to contact me on Discord as enkiel#8897

Thanks :)

I have tried calling https://api.modrinth.com/api/v1/mod/{mod_id}/version/{version_id} with one of the version id taken from the response https://api.modrinth.com/api/v1/mod/{mod_id}/version but I get as the response:

{
    "error": "not_found",
    "description": "the requested route does not exist"
}

I don't understant if it doesn't work or I'm using a wrong version id.

A dark theme for the website!

Specifically to avoid slurs and such appearing in links (and potentially triggering zealous url filters), but removing words entirely is probably your best bet

I think mods in user's profile should be sorted by download count, while the dashboard should be sorted by date created

Edit:
I think there should be a sort-by feature on the profile (defaults to date-created if it's your own, downloads otherwise)

This is an easy fix.

MeiliSearch currently parses integers as strings, so we could add a prefix to the id like "curse-2939291"

After I forgot to provide an icon when I created a mod, I'm not able to set an icon now.

• Setting an icon through the frontent doesn't seem to change anything

• after calling the API for the first time, the uploaded file is broken, even though the API returns HTTP 200:

$ curl -i -s -X PATCH -H "Authorization:$MODRINTH_TOKEN" --data-binary @src/main/resources/icon.png 'https://api.modrinth.com/api/v1/mod/Bta0Pt47/icon?ext=png' 
HTTP/2 200 
date: Fri, 11 Dec 2020 23:34:14 GMT
server: Caddy
x-ratelimit-limit: 100
x-ratelimit-remaining: 99
x-ratelimit-reset: 60
content-length: 0

(wait a bit)

$ curl https://cdn.modrinth.com/data/Bta0Pt47/icon.png  > /tmp/icon.png

$ ls -l /tmp/icon.png  src/main/resources/icon.png
-rw-rw-r-- 1 gbl gbl 19674 Jul  1 07:48 src/main/resources/icon.png
-rw-rw-r-- 1 gbl gbl 10451 Dec 12 12:10 /tmp/icon.png

Calling the API again doesn't seem to replace the file; I tried uploading a different file, waited for a while, then downloading the file gave me exactly the same bad one (10451 bytes) again and again.

All dropdown arrows on fabricate have an old, tacky, and ugly look to them, and are not compatible with dark theme.

I tried fixing this, it seems quite complicated to do. If anyone knows an easy way to fix this please make a pull :).

As the title says, when the index_curseforge function is passed with indices greater than about 200,000, the web server will panic and crash. I'm not sure how to increase the payload size with reqwest, but that seems like a viable solution unless we split up the payloads which is more complicated with no benifit (unless reqwest doesn't allow you to increase payload size)

Is your feature request related to a problem? Please describe.
Currently, dependencies are not able to specified within the API. This poses a problem for users who need to know the dependencies of a mod in a consistent way.

Describe the solution you'd like
A way to specify dependencies, incompatibilities, etc within the API.

Describe the bug
This mod: https://modrinth.com/mod/kekdupe will not open and instead shows a 404 error.

To Reproduce
Steps to reproduce the behavior:

1. Open Modrinth homepage
2. Click on Mods
3. Set category to Cursed
4. Go to last page
5. Attempt to click "Fabric Book Dupe"

Expected behavior
Expected the mod page to open and show details instead of the error. If the mod has been removed, it should not be shown on search.

Additional context

When editing a project description, the updated description is never saved. Navigating to the page again results in the old description being shown.

OS: Ubuntu 20.04
Browser: Firefox 84.0.2 64-bit

Is your feature request related to a problem? Please describe.
I suggest having a per-file required setting that specifies whether the file is usable on the client, server or both. This would be used in at least mods and modpacks, but in the future could be used in other content too (maybe resource packs and datapacks indicating whether public servers are allowed to bundle them?).

Describe the solution you'd like
For the most granularity, I suggest two dropdowns:

Client-side

• Required
• Optional
• Incompatible

Server-side

• Required
• Optional
• Incompatible

That would represent all of the mods, including minimap mods that also have server-side functionalities can be added to the server, mods that are only usable on server terminal, mods that have an effect on either server or client (e.g. Lithium) and so on.

Describe alternatives you've considered
Tags for mod listings perhaps, similar to how Mod Menu shows "Client" and "Server" badges.

Additional context
Relevant request for CF: https://curseforge-ideas.overwolf.com/ideas/CF-I-165

API should be able to search for alternatives for a given mod

Deletes a file from the list, or hide it.

Is your feature request related to a problem? Please describe.
When looking at the downloads of my mod, I always want to know if someone downloaded my mod multiple times, or if it's actually popular.

Describe the solution you'd like
Along the regular downloads count, there will be a "unique downloads" count, which will only display one download per account, ignoring how much times that account has downloaded the mod.

Describe alternatives you've considered
Perhaps this could be enabled in the settings of the mod, so the new count will be displayed only if the mod developer wants to.

There should be an option to sort mods/search results alphabetically. Example: https://modrinth.com/mods?q=Giselb lists all my mods, but as there are so many of them, it's still hard to find the one you're interested in. Sorting by name would make this easier.

When updating a version using PATCH https://api.modrinth.com/api/v1/version/<version>, the game_versions field won't be updated on the database.

In this example, I am updating version laHyWob8.
Command:

$ curl -i -s -X PATCH -H "Content-type: application/json" -H "Authorization:$MODRINTH_API_TOKEN" --data-raw '{"featured": true, "game_versions": ["1.16.2", "1.16.3", "1.16.4", "20w45a", "20w46a", "20w48a", "20w49a"], "name": "[1.16.2+] Manhunt: Fabric v1.0.2"}' https://api.modrinth.com/api/v1/version/laHyWob8

(Note: $MODRINTH_API_TOKEN is an environment variable that I set)
The response:

HTTP/1.1 200 OK
Content-Length: 0
Date: Sun, 13 Dec 2020 18:47:15 GMT
Server: Caddy
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 99
X-Ratelimit-Reset: 60

All of the fields, including name and featured updated correctly, but game_versions did not.

Is there an existing solution? Is something wrong on my end?

An upgrade tracker that shows which mods have yet to upgrade to the latest release and reported status of those mods, so that people hopefully don't bug mod authors as much

so, for each mod that's available for a previous version it would show either:

• a developer update message for that mod (ie "I'm working on it")
• potentially abandoned
• confirmed abandoned
• replaced by
• older version confirmed compatible up to ...

This would be a tremendous help to anyone using mods, but especially to modpack authors, as it would simplify planning around new releases

Unable to save mod as draft.
Upon pressing save draft button the following error is displayed:
"Database Error: Error while interacting with the database"

Attempting to upload files as the owner of my mod results in the following error:

Authentication Error: You don't have permission to upload files to this version!

I'm pretty confident that the issue has to do with the following snippet of code:

This if statement's condition should be negated because it currently prevents authorized users from uploading files and probably allows unauthorized ones to do so.

... and accordingly not in the "Members" display on the modrinth web site.

Changed my username from gbl to Giselbaer via the api, then verified:

$ curl -s 'https://api.modrinth.com/api/v1/user/@Giselbaer' | json_pp
{
   "name" : null,
   "created" : "2020-12-10T07:06:18.077639Z",
   "role" : "developer",
   "id" : "m44EmA3V",
   "avatar_url" : "https://avatars3.githubusercontent.com/u/243563?v=4",
   "username" : "Giselbaer",
   "bio" : null,
   "email" : null,
   "github_id" : 243563
}

but the team members list still has me as gbl:

$ curl -s 'https://api.modrinth.com/api/v1/team/oVxXu7Et/members' | json_pp
[
   {
      "name" : "gbl",
      "user_id" : "m44EmA3V",
      "permissions" : null,
      "role" : "Owner"
   }
]

This image:

I am testing labelsync, gimme a second