Rongronggg9 / RSS-to-Telegram-Bot

A Telegram RSS bot that cares about your reading experience
https://t.me/RSStT_Bot
GNU Affero General Public License v3.0
1.54k stars 277 forks source link

[FR] Various content filtering options #159

Open bazir123 opened 2 years ago

bazir123 commented 2 years ago

hello can you add some sort of filtering? example i want it post when content include certain word or forward post contain certain word to another chat. or after posting in telegram delete post that not contain defined word

thanks

Rongronggg9 commented 2 years ago

Such a feature would cause a higher server load and open up some attack surfaces. There's no such a plan.

Maybe you would like to try https://siftrss.com/

update: https://feed.janicek.co/ may deserve a try too

ItIsSeven commented 2 years ago

Such a feature would cause a higher server load and open up some attack surfaces. There's no such a plan.

Surely it would just need to check the message before it's sent and if there's certain text don't send. And if there is send. I don't really see the attack vector, maybe with the public bot, but if you're hosting it privately there shouldn't be any issues.

& I imagine anyone using this project seriously would host themselves especially considering since you explicitly mention the public bot can go down at any time anyways.

This is definitely a key component to having a good RSS feed, being able to filter, and without this filter there's just too much noise. I would reconsider it to be honest.

Rongronggg9 commented 2 years ago

I don't really see the attack vector

There's no reason to implement only string matching but not regex matching. However, regex matching could lead to ReDoS. Using a backtracking-free engine, in which the best one is RE2, could help get rid of the vulnerability. The bad news is RE2 does not ship prebuilt wheels for Windows and the prebuilt wheel for macOS still needs a local RE2 installation, but RSStT does offer official support for the two platforms (though minor). This is the main blocker of the feature.

if you're hosting it privately there shouldn't be any issues

Nope. You may mistakenly write a ReDoS-vulnerable regex, and the RSS feed could accidentally contain ReDoS-vulnerable strings.

This is definitely a key component

A thousand users have a thousand key components, but there is still a lot to decide. TBH, I don't really see the necessity as https://siftrss.com should be enough for most users' demand.

Let's reexamine https://siftrss.com together. It provides 2*3*6=36 types of filters. The problem is not "whether to implement a filter feature or not", but "implement what kinds of filters", "how to implement them", "how to write an easy-to-use UI with Telegram inline buttons", "how to structure them and store them in the DB", and so on.

Looking back into the history of https://siftrss.com, you could see far more complex feature requests, e.g. https://www.reddit.com/r/rss/comments/5qw888/comment/dd2q1lg/

reconsider it to be honest

I will re-open the issue but do not plan to implement it by myself due to the above reasons. PR is welcomed.