search

sag-enhanced / sage-issues

Issue tracker for SAGE
1 stars 0 forks source link

Random PFP From folder #20

Closed JohhoA closed 2 months ago

JohhoA commented 3 months ago

Describe the feature

Add an option to pick a random pfp from a local folder instead of using a api.

Use case

Would be easier to use in my opinion, and and there isnt really a api for the images i want when using the "Custom" option

Additional context

No response

Le0Developer commented 3 months ago

Likely won't happen because of security reasons and attack surface reduction. There are two components at play here: the native app which runs native code and has a lot of access to your system, and the frontend (closed source), which has most of the generation logic. The native app exposes a limited set of APIs to the frontend (https://github.com/sag-enhanced/native-app/blob/master/src/bindings.go) as a security measure. The frontend can be updated at any time by the remote server (aka me), so my security model takes full frontend compromise into account.

Generation is an entirely frontend operation (which calls the native app for making http requests and such). When you pick a profile picture, the native app sends the full content of the file to the frontend which then stores it in the settings file. The frontend does not have access to your filesystem, so this is impossible.

This would either need something like granting the frontend persistent access to a directory (security issue due to symbolic/hard links?) or some other special integration.

I think this is better implemented using the custom option. You can embed all the possible images into the script as data URLs

Le0Developer commented 3 months ago

You can use something like this script to convert the files into a single (big) script:

from pathlib import Path
from base64 import b64encode
from json import dumps

location = Path(".")
images = []
for file in location.glob("*.png"):
    images.append("data:image/png;base64," + b64encode(file.read_bytes()).decode())

images_encoded = dumps(images, indent=2)
script = f"() => {{\nconst images = {images_encoded};\nreturn images[Math.floor(Math.random() * images.length)];\n}}"

(location / "script.js").write_text(script)
Le0Developer commented 2 months ago

New script API has filesystem access: https://sage.party/custom/custom/#environment

See this example: https://sage.party/custom/custom/#random-pfp-from-a-directory

NOTE: you will need b8 for filesystem access which isn't out yet! You can get a pre-release here: https://github.com/sag-enhanced/native-app/actions/runs/8739366578