Embedding the Trello API token and key is not a very good idea if you don't want to compromise your account. Even if you're using a dedicated account just for submitting cards, the main Trello account is unaffected but attackers can still trash the account and ultimately break reporting for other users.
This is solved by adding an intermediate proxy as the only instance holding the Trello API token and key, which accepts a single request from the Godot reporting tool and submits multiple requests to the Trello API in the same way we had so far in the Godot implementation.
Since writing the proxy took only a few minutes it took several hours of fighting against GDScript, so having less complexity in the GDScript part is certainly a plus :sweat_smile:
The proxy is implemented in PHP because it's the most widespread language in shared hosting environments.
Note that the proxy currently doesn't have any added authentication and/or rate limiting/throttling, so the sole knowledge of the URL is enough to submit cards. However, this shouldn't result in any added attack surface, since an attacker with knowledge about authentication information (again - which can be extracted from the Godot project) can submit cards in exactly the same way anyway.
Another thing that took a while to implement was the integration test, since Godot acts differently in headless environments and it also refuses running with eg. Xvfb. Since we need to have networking in our test environment anyway, I went with NixOS VM tests for that. Unfortunately, running those tests on Windows or even GitHub Actions will need nested virtualisation, which unfortunately isn't supported.
Fortunately, someone™ is running a public Hydra instance, which should take care of CI.
Embedding the Trello API token and key is not a very good idea if you don't want to compromise your account. Even if you're using a dedicated account just for submitting cards, the main Trello account is unaffected but attackers can still trash the account and ultimately break reporting for other users.
This is solved by adding an intermediate proxy as the only instance holding the Trello API token and key, which accepts a single request from the Godot reporting tool and submits multiple requests to the Trello API in the same way we had so far in the Godot implementation.
Since writing the proxy took only a few minutes it took several hours of fighting against GDScript, so having less complexity in the GDScript part is certainly a plus :sweat_smile:
The proxy is implemented in PHP because it's the most widespread language in shared hosting environments.
Note that the proxy currently doesn't have any added authentication and/or rate limiting/throttling, so the sole knowledge of the URL is enough to submit cards. However, this shouldn't result in any added attack surface, since an attacker with knowledge about authentication information (again - which can be extracted from the Godot project) can submit cards in exactly the same way anyway.
Another thing that took a while to implement was the integration test, since Godot acts differently in headless environments and it also refuses running with eg. Xvfb. Since we need to have networking in our test environment anyway, I went with NixOS VM tests for that. Unfortunately, running those tests on Windows or even GitHub Actions will need nested virtualisation, which unfortunately isn't supported.
Fortunately, someone™ is running a public Hydra instance, which should take care of CI.