Voltrex. voltrex does

k

if I have the guild members intent will a members roles always be cached?

U can check which roles can see it

And add individual user overrides

U can retrieve how many members have a certain role

Iterate over roles, check if they have view_channel perm on it

hello

roles are contained inside the member object, so whenever the member is cached, so are its roles

but a member object only contains the role ids

not full role object

that's fine, i only need to check the IDs

so, does that mean it will

most likely yes

wym most likely

in what case what it not be

if whatever library you use decides to do something weird with it

discord.js

I finally finished my new route matcher that works with params like
/@{user}/{file}-{version}/download
(multiple params per segment and also requires stuff like the @ in the first segment and the - in the second)

so you fixed your 220 lines of route matching that barely worked?

yes

🎉

its now 212

https://github.com/0x7d8/NPM_WEB-SERVER/blob/14169acdb8192241fb7ec63d711a236ccdc4f919/src/classes/path.ts

npm web server?

is it like express

thats how the repo is called yes

yes

nice

Good job

code looks very complex

maybe because it is

makes sense

question

is having a express server fast?

to lets say, run an application that is using ejs?

You should generally avoid using Express and use something that more actively maintained, and there are multiple reasons why you shouldn't use Express:

1. Express determines the behavior of your callbacks by their number of arguments
2. Express does not support HTTP/2.0
3. async/await isn't fully supported either: Express will not handle async route errors
4. Express uses some deprecated/abandoned dependencies from a long time ago

A very close alternative is Fastify (https://www.fastify.io/), which is also generally faster too

do you know if fastify is also compatible with ejs?

Is there a reason you're choosing EJS over something like React, Svelte, Solid, or whatnot?

Coming from a Flask environment using django on python, aka generally templating

I have tried using Nextjs before, but to be brutally honest: Its general configuration seems to be somewhat more complicated than what I expected

heard that Svelte is "beginner friendly"

Hmm I don't think Next.js' configuration is actually complicated, you were probably doing something wrong because I've never seen anybody else complain about it

Though you should definitely give React or Svelte a try, they're both really good

just been going by their docs before

but yup will give Svelte and React a try

isnt nextjs just implementing react?

yes

fair enough

with some extra stuff

ofc ofc

There's also Vite that can help you pretty well with setup and whatnot
https://vitejs.dev/

generally want something that allows me to just

npm install thisfunnything or npm create something

and just get started using it

npm create vite@latest I think

https://vitejs.dev/guide/#scaffolding-your-first-vite-project

ohh so vite is also something like nextjs, since it seems to ask me what framework to use

not really

it justs builds it to js / css

nextjs adds stuff like ssr

is it also possible to have a more log-based output on the npm run on vite? might be more docker friendly for my logging stuff

oh damn this is actually a cli

but is it possible to rather have it as just loglines?

Wdym by that?

something like this is likely not really log friendly I think

Would prefer something like lines with logs for it

I'm not sure what you mean by friendly here, can you show an example of one?

instead of that above, something like

starting vite blabla
running on local http://localhost:5173

why exactly do you need that

what you showed is only for the dev server

Lately I've been getting plenty of 520's and 500's from Discord and lots of shards disconnecting. Anyone else having these issues?

is there a formula for doing Elo calculations for uneven matches like 1v2?

this is what i'm currently using for Elo calculations

does something like this make sense? when the other team has more players then the amount of Elo each player takes is dampened

@earnest phoenix but I'm still able to use express for backends right?

Yeah but I'd still recommend using Fastify

oh cool I can use vite to proxy my /api endpoint

const client = new Client({
    intents: [
        GatewayIntentBits.Guilds,
        GatewayIntentBits.GuildMessages,
        GatewayIntentBits.MessageContent,
        GatewayIntentBits.GuildMembers,
        GatewayIntentBits.GuildPresences
    ],
    presence: { 
        status: 'online',
        activities: [{
            name: "fortnite", 
            type: 'PLAYING'
        }]
    }    
});

what's wrong with the presence, it's not being set

nvm fixed

can you fix my problem pls

also status update pls

whats your problem?

this

make your own formula

want to see some examples? give me a sec

so if the team of 2 beats the solo or the solo beats the team, they get the same points

but now there are more points added to the pool when it should be zero sum

or removed

this is how it looks without modifying anything. it's zero sum which is good

but if you lose a 2v1 as a solo you lose more than if you lose as a team

i am not a math professional

One message removed from a suspended account.

because he asked me to help him

he showed me what and i said to do it yourself

then he sent all this

i made two formulas. which one seems more fair?

idek what an elo is

@hushed robin this

bro im not smart

ask @quartz kindle

can confirm, hes not smart

:^)

One message removed from a suspended account.

One message removed from a suspended account.

hi fiath punto

One message removed from a suspended account.

gud n u

One message removed from a suspended account.

ohh

that nerdy chess shit

i see

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

what e;se does

so do multiplayer online games like dota and league of legends

One message removed from a suspended account.

and several sports

One message removed from a suspended account.

One message removed from a suspended account.

video games are poison

One message removed from a suspended account.

you are poison

One message removed from a suspended account.

One message removed from a suspended account.

ok

i don't play games

One message removed from a suspended account.

no

why would i cry about it

im playing games right now lol

One message removed from a suspended account.

nice

final fantasy?

One message removed from a suspended account.

NBA

lmao i figured

thats all u play

xD

One message removed from a suspended account.

One message removed from a suspended account.

cap

One message removed from a suspended account.

ok

not cap

✨

One message removed from a suspended account.

sure

🧌

Hmm I honestly wonder why many C/C++ projects don't compile with LTO which can improve the performance (significantly even), nowadays there's no actual reason to not use it (other than the fact that it increases linking time but that is to be expected)

Not using LTO is like

can someone suggest an edit? it's called normal football, not American football

One message removed from a suspended account.

One message removed from a suspended account.

changing things is scary

LTO doesn't change the behavior of your program, it only optimizes it

no American football is American football

(For those who don't know, LTO stands for Link-Time Optimization)

i bet people write code that cant be optimized because it does naughty things

It doesn't matter what kind of code developers write, the compiler will 99% find a way to optimize it

they should make it the default option then. noob compiler writers. all their fault

The only reason LTO is not enabled by default is because of the fact that it can (depending on your machine) significantly increase compilation time (as well as link time)

Though the performance improvements outweighs the longer compilation and link times if the developers are up to it

maybe there should be a gui written in java swing that asks if the compile is for prod or dev

just add the jvm as a dependency

ezpz

java is fast so it should speed things up

who's ready for dark and darker to release

erm a lot of games use a modified Glicko2 system

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

no

One message removed from a suspended account.

Faith why are you fully capitalizing Elo?

One message removed from a suspended account.

dota also recently moved from Elo to Glicko with the 7.33 update in april

W 💪

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

also good take here 👍

i applaud you for that take

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

the article previously listed "association football" so yes "American football" is the best terminology to reduce ambiguity

actually it's just DotA 2

One message removed from a suspended account.

nope dota legally stands for nothing

because valve doesn't own the rights or at least didn't to "defense of the ancients"

but blizzard let them use dota

dota = damage over time asshat

also, good old wc3 days

One message removed from a suspended account.

ok but legally it does not stand for that

it is just Dota

and officially it is just Dota

One message removed from a suspended account.

One message removed from a suspended account.

someone mute this lala guy quick!!!!

One message removed from a suspended account.

best message to get flagged

One message removed from a suspended account.

One message removed from a suspended account.

there is a flagging system?

:O

I don't know what's wrong, maybe you could help me @hushed robin

a set removes duplicates, you need to count them not remove them basically

ie: [1,1,1,1] = 4 ( [1], [1], [1], [1] )

a set would make it 1 ( [1] )

thankyou its working

so no more Elo?

mmkay

most new games use glicko since it's just basically an improved elo, additionally a lot of games have switched from elo to glicko at some point

even chess.com and lichess use glicko

how did chat gpt do?

idk does it work?

it does something

Glicko2 test

Elo test

help

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

lol

why would there be no rating change when someone beats an evenly matched player?

everyone would just keep their initial rating score

const getLongestAndShortestWord = (sentence) => {
    const array = sentence.split(' ');
    
    let longest = '';
    let shortest = '';
    
    for (const word of array) {
        if (!longest) {
            longest = word;
        } else if (word.length > longest.length) {
            longest = word;
        }
        
        if (!shortest) {
            shortest = word;
        } else if (word.length < shortest.length) {
            shortest = word;
        }
    }
    
    return {
        longest,
        shortest
    }
}

there you go

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

uh

they can improvise

can you do it for them pls

i did

but in javascript

idk python

i don't think chatgpt knows the Glicko 2 algorithm

maybe not

who can help me

github desktop just deleted all my code

lmao what did u do

idk i kinda forget

but all my code reverted to the one on github

and now it's gone

i spent 4 days rewriting my bot

all that hardwork coding is gone

well, u executed a git reset

and wtf do u stay 4 days without comitting changes?

because it wasn't done

if i commit when not done

then my bot will not function

bc code will not be done

u don't need to push

just commit it when u leave the pc ffs

commits are kept locally until u push to remote

can i get back my code

no

I mean, kinda

did u update windows within those 4 days?

no

then no

😐

windows makes restore points before updates, so u could revert to one if there was any

so my code is gone

yes

what the fuck

next time commit regardless of completion state

then once ur done push it

i can't

because it's not done

doesn't matter

commits wont go to remote until you push

can u help me recover my code

you cant recover it, u reverted to head

i didn't

you 100% did

git doesn't do anything by itself

i clicked commit and my code disappeared i dint' revert anything

Then u didn't click commit

U likely missclicked

Did u read the confirmation window?

i'm going to cry

😮‍💨

bro

i typed summary

then i clicked commit

can someone experienced help me recover my code

buddy, there's no going back, it's not like recovering a deleted file, whatever was there was overwritten already

this is the very reason I commit whenever I finish the immediate task I was doing

bro 😭

my code

i spent so much time problem solving

if you did the problem solving, then rewriting it will be easy as u already did all the thinking before

from now on commit after every step you make, uncommited code is borrowed code

but it will take so long still

i completely rewrited my bot

now it's gone

should've commited earlier

🥲

are you sure there's no chance

yep

there's no undoing for git reset

i didn't do git reset

if it reverted to the head, then yes u did reset

i committed

commits don't delete code

mine did

did github desktop glitch?

you likely missclicked on reset

theres no reset on github desktop

there likely is, as it's a core feature

do you use github desktop?

no, intellij has it integrated

so does vscode

can u see if commit can cause code restart?

a commit cannot, by any means or ways cause code modification

it simply saves the current changes to the history

maybe my code is in history ?

it wouldn't cause what u said that happened

the only thing that'd make the code become the same as the one on the origin is git reset

where can i see history

but you can check

where

https://git-scm.com/book/en/v2/Git-Basics-Viewing-the-Commit-History

is there a github link?

you can also see if you didn't shelve the code on mistake

no, find it yourself

https://git-scm.com/docs/git-stash

for shelve

i don't see in history

Ofc it isn't there, because u didn't commit

bro i clicked commit

Last place you can check is the shelf, if it isn't there then it's gone

where

on github desktop

Search it

One message removed from a suspended account.

i don't see it

Search harder

One message removed from a suspended account.

That Garfield joke is terrible

One message removed from a suspended account.

No stash entries found.

One message removed from a suspended account.

One message removed from a suspended account.

yeah

One message removed from a suspended account.

One message removed from a suspended account.

https://tenor.com/view/dancing-coffin-coffin-dance-funeral-funny-farewell-gif-16737844

😐

this is not funny

i spent many days on this project

and now it's all gone

i think i'm just going to delete my bot atp tbh

Just write it again

bro

it was like 1k lines of code

You've already gone through 4 stages of grief, simply accept it and move on

Lmao only 1k?

only???

I thought it was much more

that was my entire bot

1k is a third of my game logic

And that's only 1 file

1k is my bot

thats now deleted

Simply rewrite it, 1k is very little

If u write 100 lines per hour that's only 10 hours

maybe to u it is

to me it's not

Then u must code very slowly

Anyway, just get back to it, the time u spent here would be better spent coding

i code with two fingers

https://tenor.com/view/twin-peaks-old-people-typing-one-finger-typing-technology-out-of-touch-gif-9186182

like that pretty much

that is how i learned to type

Take some typing courses then, can even imagine picking keys like that while coding

F and J have that crease on them for a reason

wym

Sorry about you losing your code but if you view the situation optimistically:

• you've learned a lesson about doing frequent commits
• you get to rewrite your rewrite from scratch with the valuable lessons you learnt from the first rewrite

Pass your finger over F or J

Feel there's a little bump on them?

yes theres a little line at the bottom of them

That's where your pointer fingers should be at

i can't

i'm too used to two fingers

Lose that habit then

With only 2 fingers your wpm is insanely low

how?

Go to monkeytype and see for yourself

It'll ask you to write a long sentence within a certain time

Then show u how accurate and fast you were.

this is what i got

Once I get to my pc I'll show u mine

ok

What was the new method for getting a user's default avatar index from the ID

nah, I'm shitty at typing random words

cant go above 80

somehow I lag if I need to retype something I read

how much money do u guys think it would cost to rewrite my discord bot

About the same of getting a bot

huh

Rewrite or not it's a full source code

Just rewrite it yourself

nvm

Number(BigInt(user.id) >> BigInt(22)) % 5

how much would you charge

Idk, I don't freelance

Just go to fivrr and see the averages

bru

how dont u know

I don't freelance

just estimate

Go to fiverr, "discord bot", sort by applications

bruh

i want your estimate

I don't freelance

i know i don't want u to

Thus I don't know the averages

i just wanna wonder

but how

u must know how much u'd charge for something

Just check any freelancing site goddamn

no they don't have real estimates

The jobs with the most applicants will be a damn good price estimate

but they just tell for a general discord bot

i need mine

if you can't estimate maybe someone else can

About the same price as a general discord bot

A bit more if too specific

ok

$10?

Is that what's listed there?

no

One message removed from a suspended account.

One message removed from a suspended account.

🫳
🗑️

that's too little

bargain

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

Idk what to say lul, I'm more of a java guy

One message removed from a suspended account.

One message removed from a suspended account.

But isn't braces on namespace optional?

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

Ah aight

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

is code drunk

https://www.youtube.com/watch?v=3n3LL338aGA

yoo question, i am building a backend api for my frontend

  let data = req.headers.authorization;

  if (data == null || !data.startsWith("Bearer ")) {
    return "Unauthorized";
  }
  return {
    token_type: "Bearer",
    access_token: data.slice("Bearer".length).trim(),
  };
};

async function auth(req, res, next) {
  const Token = getToken(req);
  if (Token == "Unauthorized") {
    return res.status(401).json({ error: "Unauthorized" });
  }
  const accessToken = Token.access_token;
  if (!accessToken) {
    return res.status(401).json({ error: "Unauthorized" });
  }
  const userID = await getUserID(accessToken);
  if (!userID) {
    return res.status(401).json({ error: "Unauthorized" });
  }
  const discordUserID = req.headers["x-discord-id"];
  if (discordUserID != userID) {
    return res.status(401).json({ error: "Unauthorized" });
  }
  next();
}

async function getUserID(accessToken) {
  const API_ENDPOINT = "https://discord.com/api/v10";
  const res = await fetch(`${API_ENDPOINT}/users/@me`, {
    method: "GET",
    headers: {
      Authorization: "Bearer " + accessToken,
    },
  });

  if (!res.ok) {
    return null;
  }

  const user = await res.json();
  return user.id;
}

router.get("/api/protected", auth, (req, res) => {
  res.json({ message: "Authorized access" });
});```

is that efficient to authorize acc for post/get requests or i should do it in another format?

basically i get the auth token from headers & the userid from headers

fetch a request to https://discord.com/api/v10/users/@me, if they match user is authorized

for one u don't need 4 checks, simply make getToken return null instead of Unauthorized

that way u can do if (!token || userID != discordUserID)

second u don't need to require Bearer in your endpoint if you're gonna cut it off moments later

third supposing you'll have more endpoints, const API_ENDPOINT = "https://discord.com/api/v10"; can be put outside of any functions, as it's used for all endpoints

c/c++ #define macros:

actually i wonder if the interpreter would optimise that variable to act more like a macro and not an actual variable

since its const so it cant be changed

but then js dont really have a concept of defining static variables/items

Immutable (constant) variables are optimized further compared to mutable ones, though not much since their values can be changed in JavaScript, but the variable itself cannot be reassigned

v8 does inlining to a certain point yes

but yeah id assume its only up to a certain point since the code thats going to be executed isnt exactly predictable

for example eval code or loading some random module

we will blame discord bot developers for having an eval command for that

lmao

v8 will compile several possible code branches until a certain point

there is an option to force inlining as much as possible

just copying the cpus branch prediction at this point

i've had some weird struggles with inlining in the past lol

i had an issue where at some point the code suddenly became 100x slower in the sythetic benchmark for no reason

just from "code size"

ie: even adding and removing a comment would cause the difference

voltrex get to work

v8 more like v7

i havent tested this in a long time tho, it was with node 14 or 16 i think

also, it had to do with deoptimization and the order of the benchmark

thats weird though

interesting

Possibly a regression, and inlining isn't always a good idea as it can cause much worse performance in some cases, so it's best left to the optimizer for that decision

ye

in my case using --stress-inline would fix the issue

but i couldnt understand what was happening at all

but well, the code had a lot of unpredictable branches

so im pretty sure the actual issue was v8 optimistically compiling a certain branch and then a different function parameter would cause deoptimization

but i still have no idea how adding or removing a comment after certain "code size" would cause the issue as well lol

The best way to see what was happening is to run it while telling V8 to emit bytecode so you can see what was causing the regression or something

Though that issue is most likely fixed now

probably

i emit bytecodes for small snippets, not for larger things since its too big

does a memory write really take only one clock cycle??
for comparison a memory read is estimated to take 100-150 clock cycles assuming data is not present in cache
would make sense for a read to take longer since the cpu is actively waiting for the data to be read into a register but over 100x longer?

and they teach you in cs that ram is fast 🤡

well

an F1 car is also fast

:^)

but a cpu register is a Lockheed SR-71 Blackbird

the registers are fast mfs

cpus are basically bottlenecked by the ram

if it wasnt for cpu pipelining wed be fucked

remember when FSB was a thing

fsb?

front side bus

motherboard clock thingy between cpu and ram

that isnt a thing?

i dont know much about physical connections between ram and cpu should prob read about that

In a traditional architecture, the front-side bus served as the immediate data link between the CPU and all other devices in the system, including main memory. In HyperTransport- and QPI-based systems, system memory is accessed independently by means of a memory controller integrated into the CPU, leaving the bandwidth on the HyperTransport or QPI link for other uses. This increases the complexity of the CPU design but offers greater throughput as well as superior scaling in multiprocessor systems.

the fsb doesnt really exist anymore

the fsb clock speed would basically bottleneck the cpu

way before ram did

the cpu clock speed (pre-multiplier) had to match with the fsb clock speed

yeah in electronics anything involving matching the clock speed of another device for proper transfer is not usually very good

i had a microcontroller and a LED driver which basically had a bunch of LEDs in parallel that could be controlled by a controller and it has no clock pin so you have to match its internal clock speed and transfer timing

its awful you have to write assembly for it so you perform all data transfers on time

c++ is not enough

A memory write can take more than one clock cycle to complete

It depends on the type of memory and the memory controller used by the system, it can take several clock cycles to even access a small amount of data, for example, in modern DDR4 SDRAM a single write operation can take 5 to 7 clock cycles to complete depending on the configuration

However newer DDR5 memory standard can take much less clock cycles to complete, usually 2 to 3 clock cycles

There are 4 main memory timings that affect the amount of clock cycles a memory write operation can take:

1. CAS latency (CL): this is the number of clock cycles required between the arrival of the address and data at the memory controller and the beginning of the data output

2. Row Column Delay (tRCD): this is the minimum number of clock cycles required between opening a row of memory and accessing columns within it

3. Row Precharge Time (tRP): this is the minimum number of clock cycles required between issuing the pre-charge command and opening the next row

4. Row Active Time (tRAS): this is the minimum number of clock cycles required between a row active command and issuing the pre-charge command

i see

essentially largely depends on the ram and its type im guessing

waiting for the day ram can essentially be incorporated into a cpu directly without having an external soc for it

that would probably rely on way smaller transistor sizes though and an increase in cpu dimensions i would guess

from what ive seen the industry is very hesistent on increasing the size/dimensions of the actual cpu to make room for more registers/cores

just make cpus with built in ram lol

probably because its very complicated to make up a new standard and motherboard design

you have the threadrippers but literally nobody uses them bc they require a special motherboard

want to upgrade your ram? time to get a new cpu

SoCs are getting mroe and more popular

only a matter of time before they start being used in desktop pcs

that's true though so they'd have to be very large in memory capacity

or a ploy to make people buy a whole new cpu just to upgrade ram

Intel and amd grinding their teeth

make a layered memory layout, ie cpu with 4 layers of cache, l1 l2 l3 and iram

and then add an option to add external memory

now we're talking

time to create the zeta cpu

the performance difference between the two would be vastly different though and might fuck up performance

these days it shouldnt take much space to design a cpu with 4-8 gb of built in ram

not much different from swapping

I literally forgot swap existed bc I have 32gb ram now lmao

lmao

never run out of ram

i have 8gb lmao

how come u only have 8 tim

bought my laptop 5 years ago and didnt have the extra 100 bucks to make it 16gb

fair enough

I'm more of a desktop guy

I still have a laptop that I take to college

but that's all the use it gets lmao

i disassembled my desktop and sold its parts

like 7 years ago

Having RAM built into the CPU significantly limits the flexibility and upgradeability of the system, as mention as it the RAM can't be changed or increased

Additionally RAM requires significant amount of power to operate compared to a CPU, which would cause the power supply of the CPU to drain significantly

And besides, separating both the components allows for much better heat dissipation which is essential for high-performance computing

I used to have 4 and 8 and it's basically unusable nowadays

ye

and companies still sell laptops with 4-8gb ram today

idk why

just so they can charge u more for the 16 gig 'upgrade'

my cpu on its own adds like an additional 200-400w of overall consumption of my power supply 💀

w-what

Huh?

u running a double threadripper setup or something

brb

LMAO

theres this website that estimates the wattage needed based on components

ill put it in again

One message removed from a suspended account.

I know it sucks, but memory is truly reaching a point that soldering super close to the cpu does improve performance.

When we reach ddr6 for cpus it will be normalized.

just the cpu and motherboard specified

is that every laptop today comes with 8gb soldiered in the mobo?

yeah they do that now

solder the physical dram chips onto the motherboard

its horrible because you cant upgrade to 2x16

you will get stuck with 16+8

I mean like, every laptop will and desktops will start doing it too.

You'll buy a motherboard with ram built in

@earnest phoenix need that HD Skull rn

talk about integrated ram in the cpu limiting upgradability

how is that different from the whole ram built into the cpu thing lmao, want to upgrade your ram? buy a new mobo

Even ddr5 some of the fastest ram you can get is soldered.
Iirc some laptop manufacturers played around with super high clocked soldered ddr5

I hate the idea, but eventually it will just have to happen

there we go

that doesnt make any difference yeah true but its fine

wdym by that

oh u mean outside of that function yeah i could place it outside, but its only used here anyway

ddr6 fastest

aside from that, that type of authorization is good?

& whats the limit on that endpoint as of that moment cause what if i got alot of users posting requests at the same time

I'm working on ddr7 dw

Ddr6 isn't supported by any consumer cpu is it?
Just gpus

it removes an unnecessary processing step

As of right now yea

Though I expect by the end of this year or beginning of next year it will happen

true, aside from that is it fine?

what type of authorization do you personally use? any other suggestions

With the way the tech industry is going I wouldn't be suprised if the 50 series cards come out soon

wdym type of authorization?

nvidia always trying to make the most money they can

there are only 2 afaik, token or oauth(2)

at least 2 commonly used

they'll release series 50 and right after that they'll just skip to series X or sum shit

with the discord api there is only token and oauth2

no i mean whats your method on verifying the requests are coming from a legit user & its legit token

ong

u cant check if it's the legit owner of the token, as for the token u can check if it's a valid discord token

Did you hear of the PCIE NVME card?

the docs has what data the token contains

the what

The one that can support up to 16 NVME drives with dual channels in each slot

holy

btw I'm not very sure, but using users token like that is borderline breaking tos

that's exactly what I need

Its a PCIE expansion card that holds 16 NVME drives

And it is "hot swappable"

it contains its id username & those other stuff , so i guess what i did is fine

now I'll be able to install all of my 0 nvme drives onto it

ah so what do u suggest i should do?

Its not really meant for consumers yet

but linus did a vid on it and put 16 8tb sabrient rocket drives in it

I think its 16 anyway

I could be wrong

using oauth2 for getting a scoped token

cause i wanna limit unauthorized access (basically someone trying to replicate that he is someone else)

will check that out thanks alot!

?

gotta wait

token only contains 3 things

I'll eventually get a hold of one

user id, a secret key and when the token was created

u dont need to make a request to discord if all u want it the userid, but yeah u shouldn't be handling user tokens at all

oauth2 will give u all data u want as long as the user authorizes

i meant that endpoint returns this

    "id": "",
    "username": "",
    "global_name": "",
    "avatar": "",
    "discriminator": "",
    "public_flags": ,
    "flags": ,
    "banner": "",
    "banner_color": "",
    "accent_color": ,
    "locale": "",
    "mfa_enabled": ,
    "premium_type": ,
    "avatar_decoration": 
}```

yes, the issue is that ur handling raw tokens

didnt know that, will read more & check whats best & not against tos! thanks alot for your info sir

this is an interesting image about sql's order of operations

Is it possible to have your bot have extra commands just for one guild?

yup

iirc you can register commands based on guilds

alright

what's the point of x-csrf-token

to control which sites can use you api

cross site request forgery tokens are used for protecting against clients making requests to your website from other sites.

For instance a website can abuse image elements from stuff like markdown to html where an attacker can have a link to an "image" which is actually a protected route that needs authentication and if the route accepts GET requests, the request can be performed which can be destructive. The client of course doesn't know this and tries to load it as an image

oh

oops

it's annoying

You'd check for the presence of csrf headers in requests and for the love of god make sure they expire

how can i not do it

what does this look like for columnar databases? 1 step?

columnar databases?

nosql databases

🤮

I suppose it'd be the same thing, but without the join part

kuuhaku

do u know

what type of db is dynamodb?

does it use tables?

yeah

yeah the general scheme of things is mostly the same, just in a different syntax, for example instead off FROM and JOIN its a document selector, then instead of ON column and WHERE expression, is filtering and matching syntax, then grouping, ordering and limiting syntax

does it allow having foreign keys?

if so, then it's sql

tbh it having tables already falls into sql

Amazon DynamoDB is a proprietary fully managed NoSQL database offered by Amazon.com as part of the Amazon Web Services portfolio

i dont think it's columnar

In DynamoDB, data is stored in Tables as items, and can be queried using indices. Items consist of a number of attributes which can belong to a number of Data Types, and are required to have a Key that is expected to be unique across the Table.

seems more like a big hashmap

nosql as in mongo-like or nosql as in "not only sql" like postgres?

Fast NoSQL Key-Value Database – Amazon DynamoDB

😐

DynamoDB uses JSON for its syntax because of its ubiquity.

would it be considered a columnar database?

battleless when he discovers there are 2 meanings for "nosql"

what meanings

see my previous message

whoever came up with JSON is pretty smart

kuuhaku

do u know how i can bypass x-csrf-token on an api post request

u cant

Lol

csrf rules are defined on the server

i don't get the point

it makes no sense

to prevent cross domain attacks

it just makes my life harder

wym

https://www.securityandit.com/security/understanding-cross-domain-attack/

😐

i don't click links

then go to a library and find a book

depending on how they set it up, you can bypass it

i don't want my discord token leaked

it's not a discord token lmao

csrf will protect you from that

clicking link will get my discord token leaked

i don't want that to happen

Lol

your token wont get leaked just from clicking a website lol

Lmao

token leaks happen when you download and run shit, or try to login in a fake discord

lmfao

😐

lmao

It could of you clicked the wrong one

i've been very safe ever since that

is it true or not?

its impossible for a website to access your discord from within the browser

https://en.wikipedia.org/wiki/Cross-site_scripting wikipedia then?

if not, please be considerate and fuck off

what if my discord is logged into browser

if you use discord in the browser, another tab still cannot access your discord tab

but a browser extension can

bruh

then why did kuuhaku and waffle say yes

so dont install untrusted browser extensions

the only extension i have is

ublock origin

then you're fine

One message removed from a suspended account.

i mean

i don't really understand that

i'm trying to but it's not making sense

One message removed from a suspended account.

well, the first link I sent had it more digested

wikipedia will be 100% technical

One message removed from a suspended account.

One message removed from a suspended account.

ok

wtf am i doing LOL

One message removed from a suspended account.

w desktop

windows sandbox?

yes

...wasn't a yes/no question

too bad ur getting yes

csrf protects you from a malicious website loading an invisible iframe of facebook.com or something. then the tricky website shows a button that says click here for free stuff, but you're actually clicking on facebook link.

i mean

i don't get how that works

example

you open a website

how can someone put invisible website on my website

when the website sends you the html page

iframe

but how

they also sent you a hidden token in the html page

and also a hidden cookie

after that, every single page you load in that same website

secretly sends those tokens to the server

and the server checks if the tokens are the same as the tokens it gave you when you loaded the first page

if they are not the same, or if they are missing, it blocks the page

well

its basically a session checking system

that makes slight sense but i don't get how someone can put an iframe on my website

the first time you open the website, it creates a session for you

without that session, specific pages of that website may refuse to load for you

thats csrf

the iframe story is a different thing

anyone redirecting to your site can add or remove elements at will

sites are just a big html document

how

an XSS works like this

your website has an api, it sends a request to that api, and puts the response inside its html

if that resonse is not validated, a malicious user could for example create a proxy, or through a virus or malicious browser extension override your api with a fake api

so that when your website makes the request, the response will be different

and your website will try to load it into its own html anyway

https://www.youtube.com/watch?v=eWEgUcHPle0

do I need to worry about csrf when I store sessions in localstorage?

ideally you would store sessions in a server-only cookie

to prevent access from client side js

because of xss or why?

because of session theft basically

i mean, if the client is compromised, nothing prevents an attacker from stealing his session

bro I ordered doordash and they dropped it off to the wrong house

this ruined my day

but a server-only cookie can only be accessed by a user

while localStorage can be accessed by a script

and browser extension

so its less safe

How can I add a bot in discord

get invite link

put in browser

or click on in discord

ahhhh

then pick server

and authorize

Ok thanks

does a server-only cookie get created using the set-cookie header(s)?

yes

Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly

use Secure and HttpOnly

HttpOnly Optional
Forbids JavaScript from accessing the cookie, for example, through the Document.cookie property. Note that a cookie that has been created with HttpOnly will still be sent with JavaScript-initiated requests, for example, when calling XMLHttpRequest.send() or fetch(). This mitigates attacks against cross-site scripting (XSS).

Secure Optional
Indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost), and therefore, is more resistant to man-in-the-middle attacks.

thank god I already added a helper to create / modify cookies in my webserver

also use SameSite=Strict

yeah ill switch to server-only cookies then

SameSite=<samesite-value> Optional
Controls whether or not a cookie is sent with cross-site requests, providing some protection against cross-site request forgery attacks (CSRF).

The possible attribute values are:

Strict
Means that the browser sends the cookie only for same-site requests, that is, requests originating from the same site that set the cookie. If a request originates from a different domain or scheme (even with the same domain), no cookies with the SameSite=Strict attribute are sent.

but still allow the authorization header obviously

im getting this error but i don't know why it's undefined and how i can define fetch

require/import it

how

the same way u do with every other module

whats your nodejs version?

btw, if you're in newer node versions it should be included by default

lets go i got a refund + my food

free food 🤩

14.8.0

wait thats discord.js

fetch was added in node 18+

node -v

to check node.js version

this should be fine for sessions, right?

const token = hashStr({ text: `${user.name}:${infos.email}.${infos.password};${user.tag}@${Date.now()}`, algorithm: 'sha256' })

if you use a version lower than 18, you need to install fetch as a third party library, for example npm i node-fetch

and then require it in your code

you wont be able to get any data from that token

i think this says enough

thats not it

oh

is this your own pc or are you coding in glitch/replit?

I know

if ur fine with that, I'd recommend using a digester instead of a long string

Im just fetching it from the db on every request

not any of them i use fluidnodes.com

create a hash instance, update with the first part, then with the second, then the third

its fine since the db is on the same internal net (0.01ms)

then finalize with a salt

but you code inside their platform?

or you code in your computer then upload the files?

ur generating the token on every request?

yup

no

I generate it once on login and add it to the db

i did node -v

ah ok then

yes thats it

you need to require node-fetch if your version isn't 18+

anyway, I'd recommend a digester instead of a single string

so fetch was added in node 18, you have node 16

because you're able to salt it

so you need to install a third party fetch

from npm

or upgrade your node

and if i upgrade node will it have any impact to the rest of my code

so do i need to change much

most likely not

node versions are usually not breaking

most notable change will be that uncaught exceptions will crash the runtime

instead of just logging

idk which version this came in

why

because why not

because exceptions are meant to be handled

why purposely crash the runtime

sounds like a bad addition

if your code is broken, why keep running it?

why not?

what if it's an emergancy

lmao

why do I keep screwing up endpoints like POST /api/user/friends/2/accept, anyone can accept anyones request... time to fix again

i need it running

simply catch your promises

and treat your input

nah, eval() your input :^)

it's not hard to prevent it, js allowed so many bad habits that people became lazy

if your app is screaming for help and you're ignoring it you deserve the despair of it crashing in production

its like driving a broken car

the longer you drive, the worse it gets

no

wdym no, js devs are among the most "who tf cares"-type of programmers

true tho

thats why 99% of the websites out there are bloated pieces of grabage

js culture = throw more hardware at it

nvm im stupid, I already checked that in my query 🤦‍♂️

i'm different

buddy u literally use the worst options available if they're the easiest ones

We made that change in Node.js v15

ah they're safe then

nah, voltrex broke battleless's code

:^)

Good

this should be it, right? Tim

no

i use the most ideal options

should i be scared

where tf do you store your code files

it doesnt seem to be sending the cookie to the server

on a folder on my desktop

did u block git entirely from making changes?

no

do you happen to have this on in windows security?

that might be it

where do i see

oh it is on

that shouldn't be triggered by git anyway

yeah dont know why its triggering for him

bro downloaded the git from softonic 💀

the file it's trying to change is in documents

well, THEN there's a reason it triggered

why

dont put code in documents

it's a protected folder

i didn't

yeah thats why i asked where tf he stores his code

github automatically did it

git (not github) adds files to where u tell it to

i am the administrator???

github desktop did

what did it add/remove?

https://tenor.com/bp2cC.gif

%userprofile%\Documents\GitHub\PixelPieceTrello.git\FETCH_HEAD

@quartz kindle

see, you added your code to documents

no

github did

check in your browser if the cookie was created

it asks you to choose a folder, u chose documents

why is documents protected

because it's used to store documents

it was

because it belongs to a User

true

does that mean documents is unhackable

no

no

I think I have to set the path to /, no?

yeah try that

simply that making changes to it is more controlled than other folders

apparently srtasks.exe was trying to access my memory

should i be worried

works

Srtasks.exe is a legitimate Microsoft process called System Protection Background Tasks. It's often used by the Task Scheduler to automatically create restore points for your system.