search

dcdunkan / telegraph

Telegra.ph API wrapper for JavaScript
https://jsr.io/@dcdunkan/telegraph
MIT License
22 stars 3 forks source link

Creating a new Telegraph should assign an access token when not provided, or when using any of the methods #7

Closed carafelix closed 3 months ago

carafelix commented 4 months ago

As of right now if you don't provide an access token and try to, for e.g, create a page. It would fail because the access token it's undefined

KnorpelSenf commented 3 months ago

How would it create the account?

carafelix commented 3 months ago

How would it create the account?

When using any of the methods that requires an access_token, ex: 

// if publisher is undefined, just assign it to { short_name: 'Anonymous' }
if (!tph.token.length) {
     tph.token = (await tph.createAccount(publisher)).access_token;
}

EDIT: Ups... thought this was the posts repo

KnorpelSenf commented 3 months ago

So every API call now has to take a new parameter for the publisher, just in case there's no token yet?

dcdunkan commented 3 months ago

@carafelix I don't see a good side in this. Especially auto-generating an account everytime you are running it is just abuse of the FREE service itself. Imagine on a serverless environment like Deno Deploy where the server idles after timeout, a bot using grammyjs/posts! Countless number of redundant accounts, just waste of resources.

I don't think it should be auto-generated even in the posts. The plugin shouldn't be encouraging an option without token. Add some docs on how to obtain a token. Or throw a warning everytime the code is run without a token set by the user. Or at least use the sandbox token from the API docs, hehe.

I know you might be thinking about hitting rate limits, but that is something that needs to be taken care of in another way. I don't know any other actual cases where this approach might be needed. I'm open to addressing them, if there are any.

Back to the original topic, since this is an API library for Telegraph, sorry, I find it not okay to have this. Maybe in a purely client side app as an hack, but not here.

carafelix commented 3 months ago

Throw a warning everytime the code is run without a token set by the user.

I'll do. Right now it just console.warn, but I think your point is a fair one. I'll change it.

Or at least use the sandbox token from the API docs..

I thought about it, but it's a privacy risk, since if a shared token is used, all post's are accessible via getPageList.