I’ve made an app that makes it possible to schedule a post in Lemmy at an arbitrary time. It’s available at https://schedule.lemmings.world and can be used by people from any instance.

Let me know what you think!

P.S. This post is made using the app!

Edit: And it’s open source!

    • Durotar@lemmy.ml
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      1 year ago

      I wouldn’t trust a website that wants your username and password.

      • w2qw
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Use a bot account to post if you are worried

        • Durotar@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          1 year ago

          I would if it was a bot instead of an obscure service that collects my credentials.

        • Durotar@lemmy.ml
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          2
          ·
          edit-2
          1 year ago

          With a mobile client, for example, you can check if it sends your password somewhere else, there are tools. If you use an open-source client then it’s even easier. Major clients have something that you could call reputation, though I wouldn’t put too much trust into it.

          Here I know for a fact that my password goes to a third-party:

    • Rikudou_Sage@lemmings.worldOP
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      4
      ·
      1 year ago

      I don’t store your password if that’s what you’re asking! I’m planning to make it open source once I make sure I didn’t accidentally leave any production secrets in the code.

      Anyway, here’s how it works:

      • You log in using your account, the site checks whether it’s a valid account using api and if it is, it creates a JWT token that’s used to authenticate you against Lemmy. At this point your password is already forgotten and the site has no way of getting it.
        • The JWT token is effectively the same as having your password - it allows you to do the same things you could if you have logged in normally.
      • The JWT token is not stored on the server, it’s only in a cookie in your browser.
      • When you schedule a post, the post details, your instance, your username and your JWT token are stored in a job that gets scheduled to run later. This is the only part where any sensitive information (JWT) about you are stored somewhere else than your computer.
      • After the scheduled job is triggered, it authenticates as you and creates the post as if it were you, immediately afterwards the job config is deleted, meaning the JWT is no longer stored.
      • The JWT is stored in every scheduled post you make, meaning as long as you have any scheduled post, the JWT is stored somewhere. When all scheduled posts are posted, your JWT is no longer present anywhere on the backend.
      • Note that due to current technical limitations, even if you cancel a scheduled job, its config (including the JWT) is stored until the original scheduled time. This will be (probably) fixed in future versions when I have some time to work on it.

      Hope it clarifies it, let me know if you don’t understand any part of it!

        • Rikudou_Sage@lemmings.worldOP
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          2
          ·
          1 year ago

          Yup, that’s right. I don’t do that, though. Which obviously you’ll have to trust me on (or don’t and don’t use it). It has been open sourced now, but that still doesn’t solve it and I’m obviously not gonna go and give people production access to my AWS account.

          I’m not saying you must use it, I’m just giving it here in case anyone wants to.

            • Fluba@lemdro.id
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              1 year ago

              Do you have a recommendation for how OP can change things so you’re satisfied with your privacy?

              • trakata@lemmy.ca
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                4
                ·
                1 year ago

                Simply don’t use it, this is posted in bad faith attempting to deceive for access credentials.

                • Rikudou_Sage@lemmings.worldOP
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  1
                  ·
                  1 year ago

                  Dude, I literally develop stuff all the time and have dozens of open source projects. Why the hell do you think I have the need for collecting your credentials? Use a fake account for all I care, the code is open source and you can read it.

                  • trakata@lemmy.ca
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    arrow-down
                    5
                    ·
                    1 year ago

                    I’m not concerned with your code, it’s passable, I’m concerned with you hosting other people’s effective access and leading people into thinking you have secure coding practices in mind when you clearly lied and are being unusually defensive when called out for stating fact about your project.

      • Durotar@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        JWT token is not stored on the server

        JWT token are stored in a job that gets scheduled to run later

        Where’s the job stored?

        • Rikudou_Sage@lemmings.worldOP
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          2
          ·
          1 year ago

          In a scheduling system. Probably bad wording on my part, sorry. I meant that it’s not stored anywhere for just logging in, though it’s stored as part of every scheduling job in the scheduling system.