Closed caub closed 8 years ago
Zirak
commented
9 years ago Thanks for the PR!
Does this pose any limitations on you? Since you're just putting this out here random people of the internet can use it. Are you comfortable with that?
Moreover, can openweathermap suddenly invalidate your key for some reason or another? Will we be notified of it?
It's the same concern I had in #234...embedding API keys is annoying in the bot's context right now.
caub
commented
9 years ago There are no risk, except a possible abuse of it (I can't monitor usage of the API on their site), it would just be blocked again. But I agree, it feels dirty with this API key :)
else we can do like Awal's suggestion in your reference, using google (I'll test if we can read those things from scraping... edit: nah it's all in JS, would need some overkill PhantomJS etc.. to read it, Awal's response below is best)
awalgarg
commented
9 years ago I think it'd be better to add an API key management system to the bot usable only by the bot maintainer backed by a local store (like localStorage/indexedDB/whatever).
Since Caprica essentially functions as a server itself right now, I think this would be harmless. Implementation for the above should take less than 20 loc and would potentially open doors for much a richer set of plugins.
SomeKittens
commented
9 years ago Yeah, I wouldn't use keys that were checked into GitHub - they will get found & used.
@cauburtin If you generate a new key and send that to rlemon privately, he can enable it as @awalGarg mentioned.
@rlemon How are you running the bot right now? Still as a userscript?
Zirak
commented
8 years ago This will be part of a config.js. Thanks for the PR, but this problem should be solved more widely.
limited to 50,000 req/day http://openweathermap.org/price