Separating board generation from the main repo

[TheRealAlph4]

Hi! I'm from the Hollow Knight vanilla bingo community, and while I can't speak for the randomizer community, from what I've heard, this is their biggest issue as well.

We're pretty active (you might remember me fixing our mod sending faulty requests a few months ago), and we've made quite a few new gamemodes and goals, and we would really like to have them up on the official site, but making pull requests here is not really a good solution for several reasons:

1. There's a lot more pressure and it's a "bigger deal", so people just don't do it.
2. Any changes (spelling, wording, etc) are tedious to have to make a PR for (and tedious for you to have to deal with).
3. That the PRs have to go through you makes the whole process slower than if all of it could happen within the HK community.

The solution that I think would be the best, would be to take all the Hollow Knight generator files and move them to a separate repo, where one or several people from the Hollow Knight bingo communities have permissions to accept PRs. This way, we could autonomously create new gamemodes, adjust the wording/spelling of goals and similar, without you having to look at every change. You also wouldn't have to give us any permissions over bingosync itself.

It would be awesome if you could make this happen, thank you in advance!

[kbuzsaki]

Hey, could you say a bit more about how you're envisioning this working mechanically? How would the generators in this separate repo be executed?

Right now Bingosync generates boards for its "supported games" by executing the generator javascript locally on the server. Because of that, I want to review all of the incoming generators to check that they don't contain malicious code. You're of course welcome to have a separate repo for your generators, but I would still need to review any changes before pushing them to the actual bingosync server.

Alternatively, if you want to also execute the hollow knight generator yourselves and then make a bingosync room with the board that you generate, that's possible today using the "Custom (Advanced)" function. It's maybe a bit tedious for humans to create rooms this way because they need to paste in the goal list instead of just selecting the game from the dropdown, but it technically works. The main functional limitation of this is that it makes it harder to have a truly fair hidden board since one of the users can see the goals when they paste them in.

One way to address your community's desire to have more control over the generator update process might be to improve this custom board support, maybe an API for room creation or new card generation that you can write a tool against so that it's easier for less tech-savvy users?

Another could be to separate out the hollow knight generator code and add support for custom hollow knight goal lists to be pasted in, similar to the "SRL v5" and "Isaac" variants of "Custom (Advanced)". With this model you wouldn't be able to modify the actual generator code on-demand but you would be able to paste in customized versions of the goal list and have them executed with random seeds on the Bingosync server.

[TheRealAlph4]

Alternatively, if you want to also execute the hollow knight generator yourselves and then make a bingosync room with the board that you generate, that's possible today using the "Custom (Advanced)" function. It's maybe a bit tedious for humans to create rooms this way because they need to paste in the goal list instead of just selecting the game from the dropdown, but it technically works. The main functional limitation of this is that it makes it harder to have a truly fair hidden board since one of the users can see the goals when they paste them in.

We have our own generators that also automatically upload the boards through the api/new-card endpoint. It works, but it's generally more inconvenient than just having the option on the site itself.

Hey, could you say a bit more about how you're envisioning this working mechanically? How would the generators in this separate repo be executed?

If I understand correctly, this is the part that loads the appropriate generator JS file, and sets it up to be executed.

The basic proof-of-concept level mechanism would be to fetch the JS file from a remote repo (using let's say urllib.request) instead of the filesystem, and proceed as normal.

Because of that, I want to review all of the incoming generators to check that they don't contain malicious code.

I haven't fully considered this, because I assumed that the way the JS generators were executed was by some python interpreter that can't have side-effects, just an output. Looking into your code a bit more, it looks like you're spawning a node.js process and taking its console output, so you would have to either try to make sure that the node.js process doesn't have permissions to read/write the filesystem and similar dangerous things it's not supposed to do, or find an entirely different solution.

One thing that comes to mind as a possibility is to forget about using generators on bingosync entirely, and instead have a gamemode link to an API that will generate and return the JSON. So when the generate button gets clicked, instead of spawning the node.js process and taking the JSON it outputs, bingosync could make an API call to say www.custom-HK-bingo-generator.com/<gamemodename>/?seed=<seed> which returns a JSON like the node.js process. This way there is no foreign code being executed on your server. There are also possibilities to automate adding new gamemodes by regularly making API calls that return the names of all the gamemodes that the remote generator supports.