Nothing Special   »   [go: up one dir, main page]

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL shortening / anonymising #4161

Open
Dinth opened this issue Jul 26, 2024 · 7 comments
Open

URL shortening / anonymising #4161

Dinth opened this issue Jul 26, 2024 · 7 comments
Labels
Feature-Request Issue is a feature request

Comments

@Dinth
Copy link
Dinth commented Jul 26, 2024

Is your feature request related to a problem? Please describe.

I would like to setup RSS bridge generating some feeds (for example from OpenCVE) for use at work. Unfortunately, currently the feeds generated by rss-bridge contain all the details (like access credentials to the third party) within the url, so adding the link to rss-bridge feed into some scripts at work would also require me to share my OpenCVE credentials with my workmates.
Additionally, it opens rss-bridge to abuse in such scenario, when someone can freely modify the feed url to use it for personal reasons or even potentially inject some code through GET method.
Currently OpenCVE is a problem, but also i had some more advanced uses of rss-bridge in mind which unfortunately i wont be able to do in the current form (as they wont be share'able).

Describe the solution you'd like
I think that the easiest solution would be adding an pseudo-"url shortening" functionality to rss-bridge. Each generated feed within rss-bridge could have an ID assigned (lets say five-six random characters) and going to <rss-bridge.domain>/ would allow accessing it. Such access could not require credentials, while accessing the main (admin) url, would.

Describe alternatives you've considered
I was not able to think about any other alternatives.

@Dinth Dinth added the Feature-Request Issue is a feature request label Jul 26, 2024
@dvikan
Copy link
Contributor
dvikan commented Jul 28, 2024

a solution: bridges can have private config

see https://rss-bridge.github.io/rss-bridge/Bridge_Specific

@NotsoanoNimus
Copy link
Contributor

@Dinth The branch from the PR above (#4171) will most likely get you what you're looking for out-of-the-box. Give it a read and see if that's what you'd like to use.

@Dinth
Copy link
Author
Dinth commented Aug 1, 2024

@NotsoanoNimus Legend!

@Dinth
Copy link
Author
Dinth commented Aug 10, 2024

@NotsoanoNimus what happened with the PR? I was just about to clone your repository :(

@NotsoanoNimus
Copy link
Contributor

@NotsoanoNimus what happened with the PR? I was just about to clone your repository :(

Howdy, sorry about the confusion. If you're looking for this feature, you can pull from my divergent fork of this project. It has URL encryption/masking built in, but still left as an optional feature to enable.

@Mynacol
Copy link
Contributor
Mynacol commented Aug 12, 2024

I was just looking at the PR before I noticed it was closed by its author.
Protecting credentials is of course important and the existing private config method is only available to self-hosters. So there is a hole to be filled.

However, a part of me thinks generally encrypting the URL is against the spirit of this project, as it prevents users modifying the parameters. In the meantime, supporting the protection of credentials in all bridges with the private config method is a good idea and I hope self-hosting is easy enough.

@Dinth
Copy link
Author
Dinth commented Aug 12, 2024

@NotsoanoNimus: would it be possible for you to create a docker repo on docker hub?

@Mynacol i think that its not only this project's spirit, but generally an OSS spirit to give users freedom of using software as they're pleased. But i believe that currently (and sorry i dont mean to attack anyone - rss-bridge is amazing piece of software and i appreciate every line of code in it!), the freedom of using rss-bridge is severly limited: I can either do an instance only for myself, or fully open the instance for everyone around the world - not only to access it, but to use it in any way they want. And that's only if i have unlimited bandwidth on my internet connection, because with fully public instance people may and probably will abuse it. There's not much in between. Not to mention using rss-bridge in a more professional environment" let's say i would like to host something on a corporate server, but someone will modify the url, generating a feed for some illegal content and share the link (to a company owned subdoimain) online.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature-Request Issue is a feature request
Projects
None yet
Development

No branches or pull requests

4 participants