Closed JOELwindows7 closed 3 years ago
JOELwindows7
commented
3 years ago okay idk where this should go. I believe this is related to the SDK itself, which this should be an SDK feature.
if you found otherwise, feel free to suggest me where this request should've been.
tzarebczan
commented
3 years ago Thanks for the write up and filing the issue. This would be handled on our authentication system for odysee via something like OAUTH that just allows publishing via a key. We don't have an ETA for this feature at this time
There's also ways to setup secrets on CIs, you should look into that and maybe this can be automated via the web apis (see how odysee uploads today via the network tab and publish call or the LBRY-desktop code).
JOELwindows7
commented
3 years ago Thanks for the write up and filing the issue. This would be handled on our authentication system for odysee via something like OAUTH that just allows publishing via a key. We don't have an ETA for this feature at this time
There's also ways to setup secrets on CIs, you should look into that and maybe this can be automated via the web apis (see how odysee uploads today via the network tab and publish call or the LBRY-desktop code).
Alright. I've analyzed just enough how upload in Odysee works. Well, I did not yet fully figured out the lbry-desktop source code, because that will require another time to learn how does it work.
but, as you said: in Ctrl + Shift + I, Network tab, filter publish. First, I make test claim to get the publish call. then I looked at this particular LBRY API call that uses access token in it. something like https://api.lbry.com/event/publish followed by ?authToken=... stuff like that. In my Odysee session, the token looks like this, and on my LBRY desktop is another different one (as I updated the same claim, edit the content something).
Help and look at its access tokenOh, that Access Token is the same as the call does use. I just wonder, does this Access token string value changes everytime? does it change timely, different machine, or manually resetable (no, uh I don't see the button where)?
well in anyways, we probably be able to put this value into the CI secret setting there. and then replicate the rest of web call structure.
Um, again, I am really concern to try this option right away, so the question is: can the Access token expire? Yeah, we are very careful with the account security. Most important thing such as in event of attacks is the ability to expire the access token key, stuff like that. Maybe, in Odysee the access token can change every login, but idk if this is true, haven't checked yet.
That's all, I think. will take another look later.
also, we hope that one day OAUTH is a thing here, because it will be fun for more software developer to hop in, publishing their creation in, easy and efficient.
Original post in Odysee
https://odysee.com/@JOELwindows7:a/we-need-api-key:e
So
we want to configure Continuous Integration that once the build has been successful, it automatically upload this artifact to here Odysee.
but there's a problem
Key
We can download the LBRY SDK onto that CI. but, putting wallet private key (even on the CI setting page, separate from the git repository itself) is the worst idea ever.
I am not comfortable to hand my wallet private key to anyone but LBRY inc. themselves (that sync thingy). even if those CI providers promised that every single Environment Variable is encrypted and only admin and the CI bot can access it. What if one day the CI got compromised, hacked, raided, hijacked, something something?
so
We need revocable upload API key
this key can be generated anytime for the sole purpose of uploading.
we can adjust this key's permission and what this key allows. and then, once we generated new key, we can paste the key in the CI setting page, environment variables (separate from the CI config file in the git repository)
NOW, we can configure the CI to add the key into the
lbry-sdkcommand app, and then tell that SDK to upload this artifact, to our channel using this key as the access key.In case of compromise from any side, we can simply revoke some or all keys. poof! now cracking hackers can't use that anymore. we can then regenerate brand new key again once the crackers gave up.
My use case
I am making video games. as well as mods of someone's video games.
I have trust issue against those game upload hostings, just like I am against YouTube. My game one day can be banned unfairly or destroyed due to a war then everything may gone to dust.
So I will also upload games to Odysee. People can query my claims here and then download whereever they are. Since Odysee is an interface of LBRY blockchain, and let's say that LBRY Blockchain nodes are already deployed not just on Earth but also other galaxies, these claims from mine to others will preserve forever, more as the new nodes and users come in joined LBRY through various interfaces (LBRY Odysee apps).
yeah! we need to upload to Odysee, but having prepare things in order to upload the game, is quite tedious and heavy. Our contributors may not have the best equipment, let alone the time and patience needed to compile things. That is why we use CI. we can have dedicated computer for the sole purpose to compile games and then upload them.
but as I've learned a bit about the
lbry-sdk, it looks like that it didn't have anything I've asked for.Is there's any way to insert safe and revocable upload key into the lbrycrd server daemon so I don't have to put my wallet private key so that it goes to my channel?. We need the feature. trusting private wallet key to anyone isn't LBRY inc. Sync system is the worst idea ever. if one day, who knows, the CI got hacked, we're dead, done for. that hacker got our private wallet key. our LBC siphoned this instant.Yes, with upload key,
lbrycrdinside the CI will only able to upload file to my channel, and nothing else. and this key is revocable in case of CI got hacked.yeah
LBRY inc. and contributors needs to know this. We must reach more audiences, like Game developers. bring newgrounds over here but it's decentralized
by JOELwindows7
Perkedel Technologies
CC4.0-BY-SA