Feature Suggestion: Track Traveler's Diary

[EffortlessFury]

I know that this requires providing different auth credentials and thus means introducing an entire additional process, but I was wondering if this feature might be worth adding? I'm willing to work on implementing it myself but wanted to know if it seemed like too much to ask of players to go through an additional import process for it.

[MadeBaruna]

I kinda don't want to add something that requires credentials

[EffortlessFury]

Doesn't the Wish Importer use credentials?

[EffortlessFury]

You know, I may have used the wrong word. It doesn't require credentials, it requires an auth token (cookies).

[MadeBaruna]

The hoyolab token is basically the username and password, it's different from the wish import, the token can only access wish history

[EffortlessFury]

Or, in other words, you feel that the auth needed to facilitate this feature offers access to too many things to justify asking for it?

[MadeBaruna]

Yes. I might be wrong tho, never really check it.

[EffortlessFury]

Technically speaking, it theoretically gives you access to all of the HoYoLab endpoints; anything a user could do on the site you could technically do on their behalf. That said, this site is open source, so how it is used can be verified, but that's still not necessarily enough to convince most people.

Another approach could be to have a Powershell script retrieve the information locally and allow you to import the resulting Diary JSON into the site?

[nagi-desuuu]

Wouldn't the Privacy Policy come into play here?

[EffortlessFury]

Yes, it would. A new entry under what the site collects and does would be needed, but there wouldn't be any changes to what the site does not save, as this wouldn't be saving anything but the diary information you want imported.

[EffortlessFury]

So, is this something there's any interest in having be part of the site? It can definitely be implemented without requiring storing any auth info in any capacity, so is the concern with the feature's existence or with the implementation details?

[nagi-desuuu]

My simplest implementation if I were the developer would be to just have an option in the database that just links to the original website, which would be the safest. However, specialized shenanigans can turn HoYoLab's API into a Swiss Army Knife, which would achieve the above; I'm just not cut out for it.

[EffortlessFury]

The reason I suggest the feature is that the diary has a three-month expiration period. I can absolutely make this work, I just want to make sure it's wanted and, if so, what implementation is preferred.

• It can be done where the cookies are extracted via Powershell script, passed to the client by the user, sent to the CORS proxy, and the data from the API call(s) returned to the client to be processed.
• It can also be done by having a Powershell script grab the cookies and use them to make the API calls to HoYoLab's API from the Powershell script itself. Then a diary JSON object can be passed by the user to the client and processed.

These two methods are both already implemented for the Wish Importer. I could always start with the latter option (Local Importer) as that's the more secure option, and the option for utilizing the CORS proxy could be added later if desired?

[MadeBaruna]

Btw, isn't the traveler diary can be opened only in the app?

[EffortlessFury]

It's only served to the app but like anything it can be accessed via the API anywhere. You make a good point though, maybe better to not draw attention to "circumvention" on a well-known platform. I'll go implement it elsewhere less overt.