Show permissions and v1.0.0

You can now see what permissions an app has on it’s section on the account page.
And with that, AuthBridge is (mostly) production ready! This marks my last devlog on ft, thank you Flavortown!

Scopes

I am so happy this works now, this was planned from the start but was just now implemented. Every authorization now includes what permissions it was requested with, and if an app requests more then it previously did, the user is asked for permission again. This is a huge jump in security. The account page can also now show when an app was allowed access.

Other

• The UI was refined
• Some text is now more user friendly

Docs

The docs page styling was improved a lot, it is so much easier to follow now (the margins sucked before, way too dense). The code blocks also have padding and a border now. The old code block formatting really sucked because it basically collapsed over the text and made the border radius look weird, anyway, it is a lot better now

Other

It’s probably obvious by now, there were more lint and type checking fixes

I hate typechecking

I just spent i dont even remember how long debugging type errors in my sqlalchemy db file because of the weird way sqlalchemy handles types, anyway, there are still a lot of errors, but not as many i guess. The app still runs, but now the errors tab is cleaner

New editor new me

I just switched to zed (vscode now forces copilot everywhere and I can’t seem to turn it off), so with a new typechecker comes new bugs. Most of the type errors were not actually bugs, but there is a new types.py file that should stop most of them from showing up again.

Screenshot

For reference, this was 100 errors and 600 warnings

Docs

The docs now include the groups scope

Other

• The github action works now, I had the wrong image name.
• i forgor the rest

OIDC Groups

Two OIDC groups can now be assigned based on the user’s relation to the app. This is intended for app developers to get some extra data. The two right now are:

• owner - Owns the current app
• userwhitelisted - The user is restricted to certain apps, this app is on their whitelist

Other

• Build caching for UV
• /codelogin is now /login/code
• Better logs in some places

Action!

I made a github action to automatically build the docker image. I spent forever debugging then realized my branch is not called main, whoops

Demo video

Please watch this voters

I made a feature demo video, please watch this instead of writing lazy votes. You should still run it if you can, but if you can’t, this video covers most of the features including:

• Velocity (and backend server) autoconfig and autoreload
• RCON commands
• User accounts
• Backup/restore
• Server creation (and automated setup)
• Start/stop/restart server
  There are still a lot of features not covered here to save time, so you should still run it via the demo if you can.

Make sure to still visit the demo page so your vote counts

Working backups

All the other backup buttons work now. Restoring a backup automatically creates another backup, just incase restoring fails.

Backups

You can now backup servers, they are stored in /backups so you can mount them to another drive. Only creating and downloading work right now, but most of the code for the other functions is here.

Expiry

Login tokens now expire. They have a duration of one week from grant.

Other

• Log messages were improved

Users pt 2

You can now change passwords of users and delete users.

Other

• Setting the SERVER_OWNER variable now gives you /op permission
• docker-compose example in readme was improved

Multiple users

Multi-user support is (mostly) here. I’m really tired and had to debug a lot, but we’re here. Only creating users works right now, but they can still login and manage the server.

Users

A basic user management page has been created. I have no idea what took me this long.

Other

The readme was improved again

Readme

I really want a good storytelling score so I spent time adding links and more detail to the readme.

Logging

The logger now uses app.logger instead of just raw print, the server setup script do not (because they are written in bash, not python), so they will still print to console, but that is needed for debugging anyway.

Bugfixes

Some minor bugs have been fixed:

• The token input now strips certain characters (they shouldn’t have been there anyway)
• The automatic datetime formatter now works on windows, but unfortunately I had to force it to use en-us because I could not autoset the locale for some reason, i promise i tried, look at the time of this log!

Getting back up

My first devlog in two months!

UV

The project now uses UV to manage dependencies, builds are a lot faster, and developing on new machines is way better now.

Readme

The readme now has run instructions. I couldn’t fit the whole thing in the screenshot.

Refining

I spent some time making the demo smoother. The hack.af regex was removed to allow voters to use temporary emails, because a some people did not want to do that (only 2/12 people used my demo instance). The demo app link is also more obvious now! I spent some time refining some of the other details too, but mostly in the config.

UX

The auth page now shows where you will be redirected after authentication.

Lock app creation by default

You can now lock app creation for new users. It is an environment variable, so it does not affect existing users. You may also manually whitelist individual users via the admin page. These people will have their apps page restored. This has also now become the default, but you can always change it in your docker-compose.override.yml by setting LOCK_NEW_APP_CREATE to false.

Other

• The login flow works again, the cleanup function broke it, oops.
• The demo app on the dashboard was fixed back to the right link

Icon

A banner and favicon have been made (took about ~1hr). It’s basic, but it gets the job done! It is not on the site yet (I don’t have access to the computer with the file rn), but should be soon. Check out lapse if you want to see the timelapse.

2nd log again

I once forgot to log before working on another feature, sorry!
Login/register codes are now automatically deleted from memory after expiry. I couldn’t get scheduling to work, so the dictionary is checked every time an authentication related action is preformed. In theory, this should reduce the ram tax when running for long periods of time (you should still restart your server every once in a while, it’s good practice!)

Delete users

This was long overdue, admins can now delete users. This should only be used in extreme cases, because it may lose them a lot of data.

Keep callback pt 2

Another long devlog, but this is a pretty important feature! When you try and access an app while not logged in, you are now redirected to the login page with a special gota parameter. This is a JWT (I realized keeping just the clientid was not enough because of scopes and a few other things), that contains where you should be redirected after logging in (in this case, the app authorization link). This is kept through every login/signup stage. Once registration is completed, you are either automatically redirected back to the app, or in the case of logging in with another device, a new Continue button appears that will redirect you. Now is also a good time to mention that the login with a device page does not auto-redirect because some legacy devices do not allow setting cookies in a 3xx status code.

Note

This greatly improves the UX for people who do not already have an account. Many sites redirect me to the home page when I log in, which for me, it sucks to go back to the page I want. Also, the backend makes sure the redirect is valid. The JWT is validated against a secret key that is made on app start, and even if the key somehow gets compromised, redirects are still not able to be abused, as the backend makes sure the redirect is to a local path, not to another domain.

Other changes

• More features added to readme featureset
• The homepage now has a link to the developer OIDC docs

Keep callback

Right now, when you try and visit an app but are not logged in, you are redirected to the login page, but the login flow does not automatically redirect you back to the app once logged in. Part of switching to codes for login was so I can fix that. Anyway, I am going to keep a gota “token” through the whole process. It is the client id of the application you are verifying with. Right now, the login flow keeps a copy of it, but it does not use it for anything yet. That will be the next log.

Other changes

The demo build text was updated to link to a demo application

Style it up

Some css and layouts have been changed. There really isnt much to log about here

Changelog

• My apps was moved from the header into the account page
• Code blocks are now styled (like in the docs page from the previous log)
• Readme was slightly improved
• The link to OIDC help is now more obvious

OIDC docs 2

These two devlogs are probably the longest time on one section of the site. Anyway, the OIDC docs are complete now. This covers most of the authentication logic, from creating an app, to authenticating a user, to getting their information. There is a link to this documentation on the modify app page. This doesn’t look good right now, so the next log will probably be styling (probably for the whole site too).

Docs part one

There is now basic help documentation for openid connect. This will be improved upon later, as it is incomplete, but this is a good starting point.

Other changes

• The app clientid has been removed from the issuer url, because no code actually needed it.
• The create app button is now hidden if your app creation permission has been revoked
• The my apps header button is also hidden if your creation permission was revoked, and you also have no apps

Login with code

This took way longer then I thought it would, but logins are now handled with codes instead of via a link. Each login request gets assigned a unique id, which is basically a login session. The ID is provided in the email and login page, so just in case you try logging on using multiple devices, you know which code belongs to which page. This also makes trying to steal a code from a user harder. The codes still expire after five minutes, so an attacker cannot just bruteforce the endpoint. The rate limit gives an attacker 150 code attempts for any given session. Considering there are ~9000000 possible codes, this gives about a 0.0016667% chance of them getting it right. The login endpoint also can only send 10 emails per hour to any given email, so they must wait an hour to get 10 more attempts. I know this is pretty basic information, but at least it’s secure when needed (especially for high-risk admin accounts).

Other

• Minor readme changes
• Rate limit changes
• Other backend stuff that im forgetting about

Restrictions and “guest” accounts

Admins can now restrict accounts to specific apps. When combined with administrator created accounts (especially using emails outside the regex), you can effectively make guest accounts for people who should only be able to access one or two services.

Creating accounts

Administrators can now create user accounts. They bypass most limits, like the email validator. The username and name are still checked client-side, but the admin user creator does not check server side, so feel free to make it whatever. Because the email is not validated for admin created users, you can lock a user account emails to a specific domain while still creating accounts for other people when needed. This goes with another feature that should be ready by next log.

Contact info

You can now add administrator contact info to be displayed on some error pages. Right now it is just restriction messages, but I may add it into more places later. This does mean adding a new ENV variable CONTACT_EMAIL.

Other

The scopes db column was removed because scopes are provided through parameters now.

I did a thing

You can now sign in using another device, for devices where you cannot access your email. This was not needed at all, but it lets me do funny things like access the app via IOS 6, which is pretty cool. Ignore the weird border, my power button is broken so I have to use three finger pinch to screenshot. I also tried getting it to work on the 3ds, and I got the UI working, but I cannot get cookies to save. Anyway, the code feature works well. You input your username and a one time 7 digit code, and it logs you in.

User profile changes

Users can now change their name by themselves! This also means server side validation. I implemented this in the DB stage so all requests (even admin ones) need to follow the username regex. If a request does not follow the formula, it will error and not change anything. Most modern browsers will also preform client side validation because they support regex, but server side is always a good fallback.

Account page and fixes

I forgot to update the expiry code everywhere, so registration was broken, but it is fixed now! Anyway, the dashboard was simplified by moving the revoke access button to the new account page! The page will do more soon, but it just does this for now. A bug was also fixed on the admin page where clicking a non-admin user would remove the admin section from the header because I was accidentally overriding the user variable that the header checks for.

Email expiry

The registration code email now expires after 5 minutes. The rate limits were also increased to allow more attempts, just in case.

More error pages

401 and 403 now have error pages.

Restrict app creation

Admins can now restrict people from creating apps on a per-user basis.

Email verification

You can now set a regex for emails to lock registration to specific domains! You may also specify a message to be put on the login page as a hint.

Form submit

There is now a form submission animation, this is probably overdone, and is the only piece of javascript in the whole application.

Thou shall not authorize!

You can now deny auth prompts. It will return you to the application, but it will return access_denied.

Manage accounts

Admin users can now modify accounts, including disabling them. This is an extension of my last log.

User page

Admins can now see user details. Editing does not work yet.

Hackin da mainframe

There is now an admin page, it lists all apps and users. The apps buttons work, but the users section will have actions next.

Partial redesign

The modify app page was redesigned. It might need more later, but it does its job.

Error pages

A few small changes here, most notably error pages.

Bugs

Before being able to modify an app, you now need to authenticate as the app owner.

Second log

I forgot to hit create on this log, then went back to work, so here is another log:

Deleting apps

You can now delete apps from it’s modify page. This also brings the css for three types of buttons:

• Main (highlighted)
• Secondary (default)
• Danger (red)

Bugfixes (again)

Reaching a 500 error page now prints the traceback to console

Revoke

This devlog took a while because ft would not let me sync my time correctly, so I probably did more that I forgot about. The dashboard now lets you revoke app permissions.

Better app setup

The modify page now shows important information for setup with external apps. Before this, you would need to guess the links or find the .well-known path. Anyway, they are now displayed on the app modify page.

Docs

A simple readme has been made. Not much else to say.

Consent

The auth flows are no longer implicit. The first time you authenticate an app, you will be asked for consent. Every time after, you will not be asked.
Edit: My OBS glitched and didn’t show the auth flow. Oops

Darn it

In the interest of time (and getting this in for lock in), I caved in and used copilot for the backend openid logic, then spent time fixing the places where it did not understand how my code worked. There is no auth page right now, I will make that next.
Anyway, after an hour of debugging nextcloud oidc, I got the first login working! The flow works, but there is no user-facing prompt yet.

OIDC config endpoint working

More will need to be added to this later, but some basic information is now shown in the .well-known of the oidc endpoint. More will need to be added later.

Apps style

The my apps page is now styled. Also, work is being done to get the .well-known address working for OIDC

Modify apps 2

You can now modify apps. The form works now.

Modify apps

You can now modify your new app (not really yet)! The regenerate secret button works, but saving does not. As always, there were also a few backend changes.

Create an app

The create app button actually does something now. It adds an app to the db and redirects you to the modify page.

Other

• Dashboard shows app creator
• Backend changes

Your apps page

The your apps page is here, still nothing to test with though. The dashboard also had the featured section removed.

Auth

Authentication works now, and users can authenticate and access the dashboard, The header also changes content based on whether the request was authenticated or not.

Getting more ready

I don’t have much to show for this log, but I’m trying to log every 30 minutes. I spent my time making the DB support saving user auths. Also, there is a dashboard layout now! No data in it yet though. I’m going to make it look better soon, but I want to make sure the core works before finishing this.

Signup/login

The final login thing is done! You can signup/login, and you automatically get redirected to the right flow when you enter your email. If you set an owner email in the env variables, it can also automatically give you admin!

Codes

The code page works now! If you type an incorrect code, it says so, and if you get it right, it shows a final register page (not complete yet).

Email!

Sending emails works now. You just need to provide an SMTP server and credentials.

Email

The email send logic should be working now. I do not have any SMTP credentials to test it with though. Anyway, the base login logic is mostly done, but I still need to make it fully work.

Style pt 2

I improved the style again. Most form elements have been styled. Not much else to put here.

Style

Nothing much has changed, but the style was improved, and the name was changed from authy to AuthBridge. An env variable (APP_NAME) lets you change it to something else if you want (I can’t decide on a name, this is my way of letting me change it quickly later).

Getting further

After messing with db permissions, there is now a non-working login form. At some point this will email you, but right now it does nothing. Also, the abc is from a header! It’s not done yet but at some point it will be at the top of the screen.

Beginnings ish

There is a working base page now. I spent an hour trying to get docker to play nice with uv. Anyway, images build and I can run the container. A basic DB structure has also been designed, but nothing is final yet.

Demo!

The first github release was published, along with a demo video in the repo. It is also attached here. The demo is sped up in some places, most notably the upload files section, because my internet is really slow right now.

Inbox 2

You can now send messages! Also, messages are marked as read when you open them, this includes on the web UI. While this was already happening, the docs say that won’t be the default behavior forever, so the app now manually sets the parameter.

Other

Some minor wording was changed on

• Initial/new instance setup
• Announcement list page

Inbox

You can now view canvas messages, replying does not work yet, but that should be ready by next log.
It also shows the unread count on the instance dashboard now!

Other

• We no longer crash the app when an unknown module item type is selected, we just provide a hint and return to the selection screen
• Basic ExternalUrl type support was added, right now it just prints the url to the screen and returns.

Lights, camera, ACTION!

There is now a GitHub action to automatically build binaries, because building them locally kept erroring out. This also has the plus that I do not need to cross compile, they are built natively.

Other

• Adding a submission comment now asks for confirmation
• A ... was added to the grades exit text to match the other prompts
  and a few other code-only changes.

Grades

The grade display works! It’s pretty basic because I can’t currently find an API to batch get individual grades. If I find one I’ll add it. This mirrors the web interface sidebar, the including ungraded section is what your grade would be if all your ungraded assignment suddenly became scored as 0.

Announce!

You can now browse and view announcements. It’s view is the same as pages, and searches the same as assignments

Other

• The course selection menu is now a fuzzy search

Submissions

I would have made a devlog sooner but my internet is bugging. You can now submit assignments from the tui! All 3 online submission types are included (excluding submission via an external tool, for obvious reasons). The demo video is pretty long, but it shows everything. I am the most proud of the file uploader, because for some reason the file upload api is really weird because of the many upload destinations. Anyway, all 4 file upload stages have been implemented as close to the documentation as I can.

Other

The submission type is now shown on the submission page.

Assignments pt 2

You can now get a searchable list of assignments in the assignments tab. This even works on instances where the assignments tab is disabled!

Other changes

• The token input field is now a secret input, so your token is no longer outputted to the terminal.
• The setup function now has a timeout set, so a dead server can no longer hang the program

Banner!

There is now a project banner. Ignore the lapse video, I forgot I renamed this project to electoric (the old name was electorial). Idk comment if the old name was better.

Wrapping up

Mostly bug fixes before I ship. I missed a few return statements and a few ephemeral=True statements. Notable changes:

• /vc rename was removed, use /vc modify instead
• /startelection was renamed to /resign
• Elected leader can no longer select a bot/themselves as vice (bugfix, i missed the return statement)
• UwUify now works if the user has no avatar, and dosent throw an error anymore
  I cant really show much proof, but the changes were released as v1.0.3

Comments

You can now view/add comments to submissions. It also shows which attempt a comment was written for, which even the actual UI hides.

Assignments

You can now view assignments and submissions. You can view most of the things that you can in the UI, comments are not supported yet, but the button is there. Most formatting is supported, links and bold works. Colors, italics, and underlines seem to not be working. Everything else does.

Multi-instance support

I spent an hour getting my own canvas instance set up (not tracked), and now I can demo more features! The switch instances button also works now, so you can switch between accounts/servers with no problem. Each are cached individually.

Pages

You can now browse pages, with (mostly) working formatting!

I am not able to show much proof for this because I would like like to leak my canvas.

Modules

You can now browse canvas modules! There is a module selector, and you can scroll the list to find what you want. You can also select a module to view its contents (not shown).

Slow and steady

A few more template pages are here now. You can browse your courses, they are organized in the same way as your dashboard, and there is a non-working course page.

Other

• The dashboard now has the option to delete the cache

Log within a log

I started coding and forgot I had not submitted this log yet, so here is another! There are now back buttons on all pages, the home pages back button is labeled as change instance, because exiting should be done via ctrl+c

Caches!

Requests are now cached, and are saved into a cache json file. Individual requests are marked stale after 5 minutes, and the whole file is marked stale after two hours. I once again spent 15 minutes messing with dependencies, but this time it was my fault! I managed to make a circular import that I thought didn’t exist, and was confused as to why one file was getting all functions and the other was not. Anyway, the cache is not speeding up much, but the test was only ran on one simple endpoint (/api/v1/users/self), this should speed up heavier endpoints.

just enough progress

Basically requests can be made now. If your token becomes invalid you are re-prompted for it (i cant demo it because i would not like to leak my api key). Anyway, after spending 20 minutes on a weird visual bug and then figuring out curses was the problem, the basic selection menu works now! It also retrieves your name and shows it on the selection screen, once again, not demoed.

Go(lang) away

In the interest of getting this project done in one week for the lockin sidequest, I have rewritten the whole thing in python. Anyway, you can now set up a canvas instance, it is saved into a file, and set as only readable to your user account (chmod 0o600). I obviously cannot show the whole thing (I don’t want to leak my canvas account), but it validates all input.

Save states

I have decided I am going to try using bubble tea for a UI, I havent figured it out yet, but I managed to get it installed! Anyway, there is a save function now to be able to save json. I made this devlog late so some of the logged time is me trying to figure out the library.

Beginnings

This is my first time using GO, so progress will be slow. Right now, I made a simple program that fetches a web server and returns json from it. The server it is fetching right now just returns {"ip": "whatever"}, but hopefully I will get something more useful next.

Containers!

The app is now built and published as ghcr container images! A docker-compose.yml is provided in the readme.md for anyone interested in running their own version of the bot. It is built from every commit and tagged on version releases.

TODO: fix

I have completed all the TODOs in my code, so there are many new features!

Voice rooms manager

There is now a /vc modify command for changing settings of your room. It contains a few settings:

• Rename
• Extra people (people who can join regardless of permission level)
• Banned people (same as extra people but in reverse, people who could normally join would no longer be allowed to join)
• Change allowed features
• Change max people
  The /vc create command now also allows setting invited people directly via the modal, which is useful for the “just me” permission level.

Other

• You can now set a custom ping message for elections
• The backend now (mostly) uses get_or_fetch to avoid unneeded API calls
• After someone leaves the server (or is kicked), any vote channel that mentions them (excluding elections) is deleted.
• If the leader fails to pick a vice, the election can be restarted.
• You can now set the grace period for the leader to pick a vice leader
• Being UwUified no longer causes buggy autoreplies
• Sending a message while UwUified no longer throws an error message
• Autoreplies now use discord.MessageReference.from_message(message) so they don’t throw warnings on every use

I choose you!

After an election, the new leader can pick a vice-leader that is granted permission level 3. By default this prevents them from getting kicked, and a few other things. You can also make it so that the leader is required to set a vice-leader. You can also disable picking a vice entirely.

Elections 3

Elections are now automatically started when the leader leaves. This is reliant on the pycord cache, so while it should work most of the time, sometimes the on_member_remove function may not be called. To my knowledge, I cannot fix this, however this should only be a problem with abnormally large servers and an overthrow passing right after bot start. I may try a fix at a later time.

Other

• The docs were improved a little bit
• Admin logs now include the date/time of the event at the bottom

Bugfixes

• Overthrow votes where the leader was not found no longer throw an error.
• Probably more that I am forgetting

Works on my machine

There are now install docs, not much else to put here.

Thou shalt not rule

You can now overthrow the current leader with a vote, I cannot calculate majority due to a lot of factors, so the required votes is a config value.

Config options

• Set the required vote count
• Should they be kicked from the server, or just have their role removed
• Should a new election start after an overthrow

Election 2

More logic has been added, including settings for some existing functions, and scheduling elections.

Scheduling

You can now set a day of week and hour to automatically start an election.

Logging

The bot now logs when an election restore is attempted, and the state id it is recovering from.

New config options

You can now change the target end hour for elections.

New features

The election channel is now automatically deleted, and force_vice is now enforced, but there is currently no way to pick a vice leader.

Restoring state improvements

Every state of an election can now be restored (to my knowledge). The bot now saves who has won the vote before deleting the messages. The only downside is once the bot is back up, it does not have enough information to play the animation, but roles are still given out.

Overthrow

This is work in progress, the feature does not fully work yet, but the channel is now automatically created. More info will be shown probably next log.

bugfixes

Whoever is being voted on can no longer see the vote channel, e.g. the person being votekicked/promoted can not see that they are in a vote (unless you give them audit log/administrator perms, this is a reminder that most bot features will not work if anyone has administrator perms).
Important messages are now pinned.

hackatime was down so this is pretty long

Election

I couldn’t think of a good name for this devlog, but it includes a pretty important feature. The groundwork for leader elections is now here, and contains a lot of features.

Start

There is no actual way to start an election right now, the demo video just creates a fake save state that the bot assumes is correct. However, when there is a way to start an election, the start function allows a reason to be passed in. When the channel is made, it is locked to everyone until all the messages are set up, then it is unlocked and an @everyone is sent.

Save state

The bot can be turned off or terminated (except during tallying), and pick up from where it left off when turned back on. I set a challenge for myself to not store any data on disk, so the current election state is stored within invisible characters in the channel topic. I have a function that takes a decimal input, and converts it into binary, then converts the binary into a string of invisible characters that can be put in the channel topic, and is invisible. The characters can only be seen by opening the channel topic, then highlighting all text.

Exceptions

If no votes are cast the leader and vice-leader stay the same.

Election end

All messages should be deleted, the demo video shows one getting past because it was recorded before the fix. There is a little “animation” that plays when the election finishes that shows the top 3 placements. If there is a tie for first, the leader is randomly chosen. The channel is deleted an hour after the vote concludes, but a simple <user> is the new leader! message is sent in the public channel, and a log of the top 3 places are sent in the log channel. The send message permission is also locked to leader and vice leader after the vote is over.

Lock

A few features can be locked during elections, like kick, votekick, and promote.
Hopefully hackatime works today so I can post shorter devlogs.

Opened rooms

Rooms now have more features! You can manually add/remove members from your channel. This also means the Just me vc option has a reason to exist now. When you add a user, they are given connect permission. When you remove a member, you can choose to kick them from vc, or keep them in, but their connect permission is removed. Also, /vc rename exists now, you can rename your channel after it has been made.

Closed rooms

You can now end your vc, and either kick everyone out or move them to another call. If you chose to move members, it respects permissions, but you must have permission for it to move anyone else. If someone is not able to join the vc, you will be told.

Bugfixes

The max number of rooms was fixed, I forgot to actually save the amount of rooms you have, so it always thought you had zero.
Starting the bot while people are in rooms no longer throws an error

Small changes

This devlog contains many small changes that I don’t think need their own devlog. These changes are:

• load_config now uses os.path.join instead of raw strings
• /features/plusvote/required_wait is now enforced. Members must wait 48 hours before being eligible to be promoted. The vote is still required.
• Only one votekick/promotion vote for a user can be made at a time
• Most if not all completed TODOs have been removed
• If the bot gets shut down or killed after a vote has concluded, but during the 60-second period where it has not been deleted, it will be deleted the next time the bot starts.

Kick them out 2

Leader and vice leader now have permission to kick people. This is different from giving leader the kick members permission for three reasons:

• It is logged
• You can set permissions on who they can kick
• You can set a cooldown

Nametag 2

Leaders can now rename permission roles (including theirs). Any other role will give an error. The permissions can still be changed, but no matter the permissions set, people are not allowed to change the name of levels above theirs.

Nametag

The server details can now be changed by people. Vice leader and up can rename the server, and leader can change the icon.

Why not give leader Manage Server

Manage server comes with more permissions than just details, that you usually dont want people having.

:3

You can now “uwuify” people. That’s basically it. The settings are the basically same as timeout.

backend

more things are logged in the log channel

Ping pong

You can now set up regex for messages you want the bot to automatically reply to messages. The settings are:

• The regex you want to reply to
• What you want to reply with
• If the bot should delete the original message

Backend

There are also a few backend UX improvements. The 5 minute voice cache duration can now be changed, and when missing a config option, the full path is now shown.

Call me

Pretty simple update. Somehow, discord has not added the ability for voice channels to call people in servers yet. This is the closest I could get. The bot can ping for the first person to start a call, and can be configured to also:

• Send a message on any join
• Send a message on any leave
• Only send a leave message when the last person leaves the call

Shush

This took somehow way more and way less time then i thought it would. Anyway, when you are server muted/deafened or channel permissions prevent you from talking, the bot takes note of what you can do, and saves/restores it when switching channels. This fixes being able to make your own voice channel, and unmute yourself, then rejoin wherever you were muted. Right now, they are saved for a minimum 5 minutes, but can be extended when you update your voice status. This might not seem like much, but this is really useful to me.

Getting a promotion!

You can now promote guests to plus members by a vote. This one was faster then the votekick because most of the code is copied from votekick, so it works basically the same. Some of the code that I think will be reused in future votes is now in functions.

Smaller changes

This devlog contains pretty small changes to some wording, but I still wanted to make it because I forgot some demo images in my last one. Some notable (but still small) changes are:

• Wording changes on some logs
• /vc create now allows disabling people from using activities
• Fixed a bug where people may have been able to double trigger the votekick message

Kick them out!

This update includes a few features, including votekicks. People can now start votekicks to kick members out of the server.
As always, there is a lot of config, and you can change:

• Who can start a vote
• Who can vote
• Who is exempt from being votekicked
• How many times one person can start a votekick in a specified duration
• How many votes are required for a decision
  The vote happens in an individual channel, so permissions are customized by the bot, and the channel gets deleted after the vote.

backend

Permission checks can now be completed by a decorator

Sorting hat

People who join now automatically get given the guest role if they are not a bot, and are given the VIP role if they are on the VIP list. It also gets logged to the configures log channel

Go to timeout

People can now time each other out! It’s mostly for fun, not for actual moderation. It has a configurable timeout duration and cooldown. You can also make the duration different when the leader times someone out!

Bugfixes

Rooms that are created now actually get deleted when you leave
People can no longer change the channel status when in a room
Permissions are actually enforced now

More room functionality

The text boxes work correctly now! The support team in pycords discord server got back really fast, and was really helpful. The fix was to use a pre-release that contained the bugfix. Anyway, you can now limit what others can do in vc, and change how many people can be in it at once. The channel owner can also bypass their own restrictions.

Voice rooms

After messing with modals for an hour, I got something mostly working. The channels do not auto delete yet, but most code is there. There is a weird bug right now where the text inputs should be optional, but are not. This looks like a library issue, so I will wait for a fix. Voice channels can be made, and the privacy level can be set up to whatever you can join, but the features and max people boxes do not work yet. Auto delete when nobody joins is working though!

Restricting permissions

I have now planned out how the permission system will work. This is still a work in progress and new things will be added, but this is a good start. Sadly, discord does not let bot owners restrict commands to roles, so it is not possible to have the buttons hidden in UI.

A fresh start

The bot and example config have all been planned out. The rest of this project should be implementing features from this config file to make everything work. I have a lot planned. I’m also giving myself the challenge of not using a DB, or any data storage, if possible, everything should be stored inside the discord server. The config file has also been documented, so anyone who wants to use my app, should have little trouble, even though it asks for a lot.

I added an optimization section to the README so I can submit for the optimization sidequest (hopefully).

There is a demo video on GitHub now!

PYThing has banner art now! It’s pretty simple, and might be improved later.

Frontend

The visual language has been changed. All apps have a slight transparency now. It’s supposed to be close to glass, but I can’t blur it due to old chrome restrictions, so it’s just transparent.

Backend

A few backend bugs were fixed

• The spotify and lyrics app actually send a user agent now.
• The number of ignored type errors went from 28 to 7, these were not actual bugs, but just false positives that have been refactored to not trigger anymore.
• The carthing related code has been moved to an app in an attempt to reduce the file size of init.py
• The spotify app downloads the cover art at half resolution now, which makes the file ~1/3 of the space on average.

More backend and documentation changes, but oooh pretty gradient. Jokes aside I think it looks pretty nice.

Another big update, there are now configurable accent colors, and they can also be set automatically by the current song (or any app if you feel like making your own)! The code that determines the color is just ok (it favors saturated colors over the one with the most area, feel free to pr), in the demo video I kept getting yellow. Anyway, for the songs that work, it works really well! All apps have been given some color, some more than others. Another notable mention, more apps tell you when it has nothing to show, like the lyrics app, which used to just show a blank screen, but now tells you what it’s doing. The dashboard also tells you to check out settings, and there is a setting to turn off the message (to make sure you have actually visited the page). The loading animation also now actually waits for the app to fully load, and for the websocket to be established before revealing the app. Apps can also inject code into other apps now, so that’s cool I guess. The customizer app uses it to allow the app to get the current accent color. There were a few more changes, but I dont have a reason to include all of them.

The README is sorted now, so it’s not one giant chunk of text.

Wrapping up, there is now a binary release (hour of debugging for a problem that copilot solved in 5 minutes), and a few other changes. The music app now gives a warning if it has gotten no data, and the app data is stored in the home folder, instead of the source directory.

As I get ready to ship, I have created a release with usage instructions.

The music app now has a UI! It’s pretty basic, but it shows what song is playing. The UI was assisted by Gemini, and is a little bugged on desktop chrome, but looks fine on the Car Thing. This might be the one of the last few devlogs before ship.

Quick devlog, but I want to be honest with my AI usage. Before, the lyrics app would poll every 20ms, which was way heavier then what I wanted. I have gotten copilot to rewrite the client javascript, so it should be less heavy. Also (non-ai), the spotify app can fetch the album art for the current song to be used in other apps.

I have added a readme with usage instructions and how to make your first app.

New app: Lyrics! Get the synced lyrics for whatever song is currently playing, not many backend changes this time, I think the app API is almost complete.

Windows support has been added and tested! Also, the music playbar moves the app content up and out of the way. The background is now black again.

The settings page has been completed, and to demo it, there is now a music app that shows a progress bar of the current song at the bottom of the screen. The music and spotify apps are both separate, so you can create your own provider (like jellyfin) with your own data if you wish. Other apps can also hook into this and get the current playback state for their own use. Also, the rounded corners now only show on car things. To make all this work, apps can now directly inject html into the client page, for whatever they want.

The hardware app has been completed! I was not able to find a good way to get GPU data, so it was replaced with disk r/w. Also, carthing detection and setup is faster now. There was a 3 second delay to check if the carthing already had the client on it, but now it is done by checking for a specific file in the root of the webapp directory that is placed there on setup. For carthing support, the app needs access to adb, and if it is not in path, the app now asks to download it for you. Work is also being done to allow apps to inject html directly into the client view, so that apps can have persistent overlays across apps.

I have made a github release, and have published an image to ghcr. People can now pull the image without pulling the whole git repo.

I have changed the background color to make the fake rounded corners stand out more, in the future a custom color should be able to be set. The auto-time element and getRealDate client function should also now be able to be used quicker, as the real date offset is now sent on connect, and updated every minute, instead of every second, and having the client wait for the next update. The most notable feature is that apps are now able to send data between the client and server in real time, and can be demoed in the new “System” app, which updates ram usage once per second. Client > server communication has no demo yet. There was also a bugfix where I was accidentally importing init.py multiple times, so variables could have two different values depending on where you read them from.

This log comes with a few style changes, a working dashboard, and a clock app. Apps also now have more functions available for them to use. Also, this should work on Windows now, although I have not been able to test yet. The menu button on the car thing (key m on desktop) sends you to the apps menu, and you can select apps with the wheel and button, or the touch screen.

As a start, there is one working backend, and one working app, although no dashboard (so no app demos yet).

TLDR:

• Fabric server support
• Running commands through the server page now sends the command through STDIN, not RCON
• Servers are created faster because logic that required the server to be on is now done on server start
• You can now delete servers
  Full:
  Finally, fabric server support. You can now create a modded server. It seems like forge support is not possible (at least automatically), as there seems to be no download api. The fabric server automatically installs luckperms, simple voice chat, fabricproxy-lite, and the fabric api. Some mods need extra configuration because they are not able to detect client mods through velocity.
  The server page now has a command bar, which sends commands to STDIN, instead of through RCON, it also has history.
  When a server was created, before, the server would be temporarily started to run a luckperms command, now, that is ran after every start, and saves a few minutes of server creation time.
  Servers can also be deleted now! When you delete a server, the process is killed, and the directory is deleted.

There is now a basic file manager, no editing files, but it does let you do everything you would need, with some help. Clicking a folder opens it, and clicking a file downloads it to your computer.

Shutting down the host machine now gracefully stops the servers, so you don’t need to worry about manually stopping the servers anymore. There is also an individual server page, that will eventually be used for a file browser!

The console was improved, and you can now create a server from the web UI, and it updates velocity instantly. The demo video attached has cuts to keep it short.

You can now stop, start, restart, and run commands from the web dashboard. Logs are streamed to the console (why is socketio so hard to get working), and server status live updates. The app also now automatically sets up geyser and floodgate (including backend servers), so bedrock players can play too.

No full webui yet, but after a few hours of debugging, the first stack is up. The app will auto generate server and plugin configurations for velocity and paper server softwares, and it configures the proxy to point to the paper server. If you have a domain, it also sets up a forced host with subdomains, so that it can automatically route you to the right server with a subdomain, e.x. lobby.mc.example.com routing to the lobby server. If you give it your Minecraft UUID, it can also give you the * permission on the proxy and all backends using luckperms. The proxy can also route simple voice chat packets to the backend, so any clients with simple voice chat just work. Next is finishing the dashboard and adding fabric and forge.

There is now a template, css, and partial backend. Still much more to go, but I now have a template for more pages to be added quicker.

There is now a basic (but not working) authentication system and a basic database. Now, if a user attempts going to a restricted page, they are redirected to /login. Hopefully next log will have more content.

I have created a planning document with some backend features I want, and it outlines what I would like to do going forward. I have also created a basic init script, that does nothing yet.