Closed ryancwalsh closed 2 years ago
As we talked about on the T3 call just now, we'll close this issue since it feels like somewhat of a security issue to allow the image generator to be manipulated via plaintext params.
Maybe one day we'll decide that we want to re-open this issue, and maybe we'll encrypt the payload of text fields that are the ingredients for the image generator.
Currently a certificate page (
web-app/pages/certificate/[tokenId].tsx
) like https://near-certification-tools-tpq1.onrender.com/certificate/923216412112497cb6c193152a27c49a just shows an image of the certificate and then some social sharing buttons whose parameters are all hardcoded and do not rely on any on-chain data (except the token ID).Ideally, we'd fetch the on-chain data and display some of it in text (via HTML) above or below the image. And this data would also enable us to edit the social sharing links to use some of that personalized information.
But we should consider efficiency; this page should fetch certificate data just once and then pass that data to the image generator.
fetchCertificateDetails
should not be insideweb-app/pages/api/cert/[imageFileName].ts
We might also want the account page (such as https://near-certification-tools-tpq1.onrender.com/account/hatchet.testnet) to have some data in HTML rather than just images (especially since we might want social share links on that page accompanying each image).