Add boost like messaging system for members

[FlakM]

Feature Description

It would have been awesome to be able to send boost messages as a member. It would have enabled members to be more involved in shows.

The conversation around this topic has come multiple times in matrix:

• flakm's oauth idea
• nevoyu's nextcloud idea

Acceptance criteria:

1. Members should be able to post a message
2. Members should be authenticated
3. The backend if required should be low maintenance and up to date with memberful API
4. NTH: the message should be delivered to show hosts live
5. NTH: add information about the particular show that the message is related to
6. NTH: the authentication might be used to enhance some additional content on the website

Reference to Feature

No response

[FlakM]

Memberful has oauth 2.0 api that makes it possible to authenticate members without storing their credentials.

For this particular use case I think it would be reasonable to have a backend server that will handle the authorization code flow and provide users with up to date list of episodes based on podping or rss.

This server would be able to send the notifications about the messages to some convenient channel ie. matrix jb private matrix channel.

A 5$ linode should eat this kind of traffic for breakfast. If the JB finds it useful I'd be happy to implement it or support someone :+1:

[elreydetoda]

Just to add a few more things to help guide/comment for whoever takes this on:

• typically if we're doing development for anything outside the website (using a programming language) we prefer (not necessarily required, but it needs to have an extremely good reason not to) using python
  • FastAPI would be a great example that could probably handle this in Python
• while a $5 linode would probably eat that traffic for breakfast (love this analogy @FlakM 😂), another option is to consider Cloudflare workers (good example of where we couldn't use python).
  • that would use what's called a "serverless" function instead of JB having to maintain another server
  • Based on the Linode Greenlight page (Chris had mentioned during an ad read for Linode), it looks like they might be beta testing serverless functions, so that might also be an option 🤔

[elreydetoda]

BTW, while I love that we're planning on self-hosting as much as we can. I also (as a security person 🙃) want to make sure we're going to implement it correctly 😅

For example, this is a video that demonstrates how to self-host Oauth for a NetlifyCMS + GitHub authorization. So where possible I'd urge the person who works on this to ensure they use a 3rd party library for handling Oauth. I typically never recommend people rolling their own authentication, as that's a non-trivial task 😅

So, again I'm not discouraging us from doing this, but let's not try to reinvent the wheel, make sure it's thoroughly reviewed, and try to prevent introducing a vulnerability 🙂

[FlakM]

I avoid writing anything more complex than a script without a strong static type system. I feel the most productive in rust but I'd be happy to assist/review someone who wants to tackle this problem in python (if you decide to stick to python for obvious reasons).

Regarding security I also don't suggest writing anything new and off the shelf. Additionally in this case, there wouldn't be anything critical guarded by those tokens anyway apart from HTTP endpoint that sends a message.

It might be a personal opinion but it seems that having a single server would be far easier to manage and understand than on-edge workers. Especially if you decide to add some state like rate limiting or caching the list of possible episodes to link the boost message against. You can stick it in a local sqllite file and call it a day :+1:

[reclaimingmytime]

Just to list all possible options, Memberful has native Discord integration, so a members-only Discord server could be an option. I know JB and the community prefers Matrix as their chat platform, so this is probably not an ideal solution in terms of community adoption.