Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add boost like messaging system for members #522

Open
FlakM opened this issue Mar 4, 2023 · 5 comments
Open

Add boost like messaging system for members #522

FlakM opened this issue Mar 4, 2023 · 5 comments
Labels
enhancement New feature, enhancement, or request

Comments

@FlakM
Copy link

FlakM commented Mar 4, 2023

Feature Description

It would have been awesome to be able to send boost messages as a
member. It would have enabled members to be more involved in shows.

The conversation around this topic has come multiple times in matrix:

Acceptance criteria:

  1. Members should be able to post a message
  2. Members should be authenticated
  3. The backend if required should be low maintenance and up to date
    with memberful API
  4. NTH: the message should be delivered to show hosts live
  5. NTH: add information about the particular show that the message is
    related to
  6. NTH: the authentication might be used to enhance some additional
    content on the website

Reference to Feature

No response

@FlakM FlakM added the enhancement New feature, enhancement, or request label Mar 4, 2023
@FlakM
Copy link
Author

FlakM commented Mar 4, 2023

Memberful has oauth 2.0 api that makes it possible to authenticate members without storing their credentials.

For this particular use case I think it would be reasonable to have a backend server that will handle the authorization code flow and provide users with up to date list of episodes based on podping or rss.

This server would be able to send the notifications about the messages to some convenient channel ie. matrix jb private matrix channel.

A 5$ linode should eat this kind of traffic for breakfast. If the JB finds it useful I'd be happy to implement it or support someone 👍

@elreydetoda
Copy link
Collaborator

Just to add a few more things to help guide/comment for whoever takes this on:

  • typically if we're doing development for anything outside the website (using a programming language) we prefer (not necessarily required, but it needs to have an extremely good reason not to) using python
    • FastAPI would be a great example that could probably handle this in Python
  • while a $5 linode would probably eat that traffic for breakfast (love this analogy @FlakM 😂), another option is to consider Cloudflare workers (good example of where we couldn't use python).
    • that would use what's called a "serverless" function instead of JB having to maintain another server
    • Based on the Linode Greenlight page (Chris had mentioned during an ad read for Linode), it looks like they might be beta testing serverless functions, so that might also be an option 🤔

@elreydetoda
Copy link
Collaborator

BTW, while I love that we're planning on self-hosting as much as we can. I also (as a security person 🙃) want to make sure we're going to implement it correctly 😅

For example, this is a video that demonstrates how to self-host Oauth for a NetlifyCMS + GitHub authorization. So where possible I'd urge the person who works on this to ensure they use a 3rd party library for handling Oauth. I typically never recommend people rolling their own authentication, as that's a non-trivial task 😅

So, again I'm not discouraging us from doing this, but let's not try to reinvent the wheel, make sure it's thoroughly reviewed, and try to prevent introducing a vulnerability 🙂

@FlakM
Copy link
Author

FlakM commented Mar 4, 2023

I avoid writing anything more complex than a script without a strong static type system. I feel the most productive in rust but I'd be happy to assist/review someone who wants to tackle this problem in python (if you decide to stick to python for obvious reasons).

Regarding security I also don't suggest writing anything new and off the shelf. Additionally in this case, there wouldn't be anything critical guarded by those tokens anyway apart from HTTP endpoint that sends a message.

It might be a personal opinion but it seems that having a single server would be far easier to manage and understand than on-edge workers. Especially if you decide to add some state like rate limiting or caching the list of possible episodes to link the boost message against. You can stick it in a local sqllite file and call it a day 👍

@reclaimingmytime
Copy link
Contributor

Just to list all possible options, Memberful has native Discord integration, so a members-only Discord server could be an option. I know JB and the community prefers Matrix as their chat platform, so this is probably not an ideal solution in terms of community adoption.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature, enhancement, or request
Projects
None yet
Development

No branches or pull requests

3 participants