this post was submitted on 10 Aug 2023
78 points (89.0% liked)

Fediverse

28388 readers
793 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
78
App to schedule posts on Lemmy (schedule.lemmings.world)
submitted 1 year ago* (last edited 1 year ago) by rikudou@lemmings.world to c/fediverse@lemmy.world
 

I've made an app that makes it possible to schedule a post in Lemmy at an arbitrary time. It's available at https://schedule.lemmings.world and can be used by people from any instance.

Let me know what you think!

P.S. This post is made using the app!

Edit: And it's open source!

all 50 comments
sorted by: hot top controversial new old
[–] A10@kerala.party 11 points 1 year ago (2 children)

How does it work? Can I trust this website?

[–] Durotar@lemmy.ml 16 points 1 year ago (2 children)

I wouldn't trust a website that wants your username and password.

[–] w2qw@aussie.zone 2 points 1 year ago (1 children)

Use a bot account to post if you are worried

[–] Durotar@lemmy.ml 2 points 1 year ago

I would if it was a bot instead of an obscure service that collects my credentials.

[–] Guster@lemmy.world 1 points 1 year ago (1 children)

How is that different from any other Lemmy client though?

[–] Durotar@lemmy.ml 6 points 1 year ago* (last edited 1 year ago)

With a mobile client, for example, you can check if it sends your password somewhere else, there are tools. If you use an open-source client then it's even easier. Major clients have something that you could call reputation, though I wouldn't put too much trust into it.

Here I know for a fact that my password goes to a third-party:

[–] rikudou@lemmings.world 14 points 1 year ago (2 children)

I don't store your password if that's what you're asking! I'm planning to make it open source once I make sure I didn't accidentally leave any production secrets in the code.

Anyway, here's how it works:

  • You log in using your account, the site checks whether it's a valid account using api and if it is, it creates a JWT token that's used to authenticate you against Lemmy. At this point your password is already forgotten and the site has no way of getting it.
    • The JWT token is effectively the same as having your password - it allows you to do the same things you could if you have logged in normally.
  • The JWT token is not stored on the server, it's only in a cookie in your browser.
  • When you schedule a post, the post details, your instance, your username and your JWT token are stored in a job that gets scheduled to run later. This is the only part where any sensitive information (JWT) about you are stored somewhere else than your computer.
  • After the scheduled job is triggered, it authenticates as you and creates the post as if it were you, immediately afterwards the job config is deleted, meaning the JWT is no longer stored.
  • The JWT is stored in every scheduled post you make, meaning as long as you have any scheduled post, the JWT is stored somewhere. When all scheduled posts are posted, your JWT is no longer present anywhere on the backend.
  • Note that due to current technical limitations, even if you cancel a scheduled job, its config (including the JWT) is stored until the original scheduled time. This will be (probably) fixed in future versions when I have some time to work on it.

Hope it clarifies it, let me know if you don't understand any part of it!

[–] Durotar@lemmy.ml 2 points 1 year ago (1 children)

JWT token is not stored on the server

JWT token are stored in a job that gets scheduled to run later

Where's the job stored?

[–] rikudou@lemmings.world 1 points 1 year ago

In a scheduling system. Probably bad wording on my part, sorry. I meant that it's not stored anywhere for just logging in, though it's stored as part of every scheduling job in the scheduling system.

[–] Blaze@discuss.tchncs.de 5 points 1 year ago (1 children)

That's great, thank you for this!

[–] rikudou@lemmings.world 4 points 1 year ago

No problem, glad I could be of service!

[–] Blizzard@lemmy.zip 5 points 1 year ago (2 children)
[–] freamon@endlesstalk.org 9 points 1 year ago

I think it would be useful to automate the posts for discussions following from the broadcast of a TV show, or a sports game.

[–] rikudou@lemmings.world 6 points 1 year ago

I used it for example to post this very post at a time when people from US are most likely to engage (though I'm not sure if the Lemmy demographics is predominantly US, but my gut feeling is it is).

[–] Blaze@discuss.tchncs.de 4 points 1 year ago

As a side comment, I see that the very aggressive comments from earlier have been removed, thank you mods for your work!

[–] freamon@endlesstalk.org 3 points 1 year ago (1 children)

Interesting.

I suppose the only thing is that you wouldn't be able to upload an image to the instance as part of a post - you'd have to upload it somewhere else first, to then be able to refer to it.


For the detractors, register a throwaway account at some random instance, and use that if you want to test it out.
If you're able to properly pore through the source to check it's not stealing anything, then you're capable of scheduling your own posts. The Lemmy API is very simple, it's not rocket science.

[–] rikudou@lemmings.world 3 points 1 year ago

I suppose the only thing is that you wouldn’t be able to upload an image to the instance as part of a post

It would be possible but it would add more complexity, more costs etc. I'll probably tackle the problem when I have time, but now I'm glad that I have a version that I can use working.

If you’re able to properly pore through the source to check

I even pointed out some interesting parts regarding this in the README.

[–] dandroid@dandroid.app 3 points 1 year ago (1 children)

I think this is a cool idea. Like others, I would love a self-hosted and open source version to make sure there isn't any funny business.

[–] rikudou@lemmings.world 8 points 1 year ago (1 children)

It is open source! https://github.com/RikudouSage/LemmySchedule

Self-hosting is possible, though I don't have a direct support for that right now, you would have to figure it out yourself (it's not hard if you know how to work with the Symfony framework).

[–] dandroid@dandroid.app 3 points 1 year ago (1 children)

Awesome! I'm just starting my workday now, but I could take a look to see if I could put it in a docker container if you would like. I would have to do it after work, which means I probably won't make significant progress until the weekend.

[–] rikudou@lemmings.world 2 points 1 year ago

That would actually be great! Feel free to contact me if you need some pointers.

[–] density@kbin.social 3 points 1 year ago (1 children)

kind of a pet peeve of mine: you should make the `` of the page something that can be found in bookmarks and history. Right now it is "Log in".

It's minor but in 3 months when I vaguely recall having seen this somewhere and want to use it, I will never find it.

[–] rikudou@lemmings.world 2 points 1 year ago

Good idea, done!

[–] meldrik@lemmy.wtf 1 points 1 year ago (1 children)

What about posting images?

[–] rikudou@lemmings.world 2 points 1 year ago (1 children)

On the todo list, not very urgent, though. Currently you can upload the image somewhere that allows direct link grabbing and put the direct link into the URL field. I use imgur for that.

[–] meldrik@lemmy.wtf 1 points 1 year ago

Nice. Thanks :)

[–] GlobalMagenta@lemm.ee 1 points 1 year ago (1 children)

Nice idea!

I get an error when logging in (lemm.ee):

The server returned a "500 Internal Server Error".

[–] rikudou@lemmings.world 1 points 1 year ago

I'll make an account there tomorrow and try it out.