I want to get the user server banner but i dont know if thats possible with discord.js is there any way i get get the banner the user sets for a server?
Im using discord.js v13, and found that the url for getting the user server banner is
https://cdn.discordapp.com/guilds/{GuildId}/users/{MemberId}/banners/{Banner}
I just dont know how to get the banner name.
I do not believe this is possible yet. Looking at the Discord API itself, it does not appear to support server profiles yet. It isn't possible to retrieve a member's server profile banner via the API (or at least, it isn't officially possible and any way to do so isn't documented). And since the API itself doesn't support it, it's probably not possible to do this at all yet.
You can retrieve the user's global banner via API or djs, but not their server-specific banners. Unless you know the name of the banner already, the URL you provided in your question won't do you much good either.
See for yourself in the API docs for guild members. No server profile or banner properties to be found. Same goes for djs' GuildMember object as well, of course, since there is no API support. You will just have to wait for the Discord API to be updated to support this, if they plan to do so; it's been at least 4-5 months now since the feature released, though, so support may not be coming anytime soon.
Related
So currently in the project we have a collection of documents that don't require authentication to be read. They are write/update protected, but everyone can read.
What we are trying to prevent is that someone looks at the firebase endpoints and somehow manages to scrape the entire collection in json format (if this is even possible). The data is public, but I want it only to be accessible from our website.
One of the solutions we could think of was SSR (we are already using Next.js), but implementing SSR just for this reason doesn't seem very enticing.
Any suggestions would be appreciated.
EDIT:
Let me rephrase a little bit.
From what you see in the network tab, is it possible to forge/create a request to Firestore and get the entire collection instead of just the 1 document that was intended?
The best solution in your case is SSR. I know, it could sound as not enticing, but well, let's reason on when we should use SSR, then. In your use case, there is an important requirement: security. I think this is already a strong enough reason to justify the usage of SSR.
Also, creating an ad hoc service account for the next.js app, and securing the data with custom rules that allow the read of your data only to that service account, would only improve the overall security level.
Last: reading the data server side should make your site work a little faster, even if it would be difficult to notice, because we are talking about milliseconds. Notice that your page, as it is now, will need to be loaded, before the request to Firebase could be sent. This is adding a small delay. If the data is loaded server side, the delay is not added.
is it possible to forge/create a request to Firestore and get the entire collection instead of just the 1 document that was intended?
If you want to limit what people can request from a collection, you're looking for security rules. The most common model there is some form of ownership-based access control or role-based access control, but both of those require some way of identifying the user. This could be anonymously (so without them entering credentials), but it'd still be a form of auth.
If you don't want to do that, you can still control how much data can be gotten through the API in one go. For example, if you in the security rules allow get but not list, the user can only request a document once they know its ID. Even if you allow list, you can control in rules what queries are allowed.
I think one approach could be writing a Cloud Function that retrieves this public data using the admin SDK. Then, you could set a rule that nobody can read those documents. This means that only your Cloud Function with the admin SDK will have access to those documents.
Finally, you could set up AppCheck for that specific Cloud Function, this way, you ensure that the request is coming from your client app only.
https://firebase.google.com/docs/app-check
Excuse me if I missed something and this is a duplicate, other QA's still left me with some questions.
I wanted to see if it was possible for my bot to access user connections (Steam acc, Reddit, etc.) so that the user can use a command to enable notifications in a specific channel, so that it would promote when they publish a video.
I've found similar bots, but they all required manual entering and they were admin-only.
I've found that it is NOT possible to directly access them (and rightfully so):
Unfortunately this is not possible when using a "real" bot account, however it is possible if you're using a user bot account.
I'd suggest a workaround of using OAuth2. You could have users authenticate your bot with OAuth2, and then fetch their connections this way. Some more information at https://discordapp.com/developers/docs/topics/oauth2
(Link: https://stackoverflow.com/a/44265167/16255372)
But that last statement about OAuth really got me wondering.
If it is required for each user to authenticate via a link, that is an acceptable compromise for me.
On the discord developers website, I've found a connections scope which would allow the bot to access the connections of the user that authenticated via the link.
I also found a url for getting the user's connections here
Get User Connections
GET /users/#me/connections
Returns a list of connection objects. Requires the connections OAuth2 scope.
But on other sources, I've seen that the scope is inaccessible to bots.
Furthermore, I don't see connections accessible in discord.py, which is what I use.
So my question is + TL;DR:
Is it possible to access the user's connections, even if they each have to click on an oauth link
(connections scope)
Would this be possible using discord.py?
(potentially using discord.ClientUser?)
Thank you for reading, I am also a new contributor. If you feel that I missed something or could elaborate or explain things better, please let me know how I could improve my question.
Is it possible to access the user's connections, even if they each have to click on an oauth link (connections scope)
YES (only possible using OAuth).
Would this be possible using discord.py? (potentially using discord.ClientUser?)
Unfortunately, no. Discord.PY does not support OAuth. You would have to do it yourself by creating a Web Application etc.
I'm currently working on a project that detects when someone is listening to a song on Spotify and sends a message to that person based upon that song being in a playlist.
I couldn't see a spotipy function to get this data, even though I can see it on the spotify application itself, any pointers?
Accessing friends' activity feed is something that many people have been requesting for a long time, however Spotify does not seem to have any plan to open it up unfortunately.
Currently, the only existing workaround I am aware of is to scrape the internal API used by the client, as is done here: https://github.com/valeriangalliat/spotify-buddylist
Another option for your project would be to use last.fm APIs if the user is on it and you know the handle -- which is less than ideal of course.
I'm designing a custom team tab using React that calls third party API, I need after executing the API successfully, user gets notified . What is the best way to achieve this? I used Bot in my project, but not sure how can I call it from my custom tab class. I'm aware of the existence of proactive messaging, is it the only way to do it? If it is, a pointer on how to implement it to a custom tab would be appreciated.
If you're wanting to message the user 1-1 (like in the personal app), then proactive messaging is definitely what you need (inside a Team, there are other options), and considering you have the bot already in place that's perfect. The only thing you might be missing are the details required to send the actual proactive message (the best time to get them is when the bot is first installed by the user). In particular, you need ConversationId and ServiceUrl.
With regards the concept of Proactive Messaging, basically once the bot is installed, and you have the required values, you can -send- the message from any backend code at all. That can include, for example, custom tab's backend api. You need to identify the user, which you can do using the Teams Context (it's not the safest way but it's the easiest), and then look up the values in your own backend store (e.g. database or whatever) to get the ConversationId and ServiceUrl, then just message the user in your backend.
I have a React app which has specific fields visible depending on the user's subscription.
On page load the subscription is checked via an API request, however I wanted to check is it a valid concern that someone could modify that response to show elements of the UI that they shouldn't see?
How is this generally handled?
Of course, I could do some additional server side checks, but wondering if I can do something on the the front end that can help?
Any help appreciated.
Thanks.
Nope, you will need to have server checks. The front end checks can easily be modified by the user using his browser developer tools.
Yes, he can view things he is not supposed to. You are to also make sure that you send only necessary details on the API request, because he can view the API response body using the developer tools too.
All the best.
You can send a token from back-end and check the validity in the front-end with a client secret. so if anyone modified your response they can't edit it without the correct secret key.