Suggestion Resource Update API

Discussion in 'Community Feedback and Suggestions' started by KiranHart, Jun 24, 2021.

  1. Suggestion: Have an API endpoint where users can make a request to update their plugins.

    This would be helpful for developers who post resources on different platforms other than SpigotMC. I personally post my plugins on two other sites on top of Spigot, so when I have to post an update I have to go around manually on all these sites and fill in the same information, not only does it get very tedious, but the time starts to add up when I have to update multiple plugins at any given time on all these sites.

    So having an endpoint would really make the process quicker, since I will be able to "automate" the update process of my plugins.

    I would use other methods to do this, but they would be considered accessing the site using a bot which I don't believe is allowed.

    I actually don't know whether this is a thing, so do let me know so if it is so I can close this thread.
     
  2. Andre_601

    Supporter

  3. You can probably automate this yourself.

    Take same user agent and cookies as your browser and youre logged in, now just request the update form, read the html in your program, fill it out and send it.
     
  4. Just host your plugin on your github, ci box, or whatever, and use external links on those sites to point to your latest stable build. You never have to update outside of your workspace again.
     
  5. Unless you have a premium resource, in which case, you do not want a publicly available URL to download the resource.
     
  6. There was no indication they were inquiring about premium specifically though.
     
  7. There was no indication they were inquiring about non-premium resources, either. I think a solution should be optimal for both sides of the spectrum.
     
  8. Seeing how it's the bigger majority, free resources, and this would resolve that.
     
  9. Afaik its not possible for premium resources to use external url
     
  10. I know. But his suggestion was to use something like GitHub to source all of your updates as a replacement for this solution. That solution doesn’t work for premium resources because of the reason I listed and the reason you listed. An API that allows users to push updates works for both types of resources.
     
  11. Andre_601

    Supporter

    ...at the cost of being risky and opening yet another possible door for people to upload malicious jars under your name.

    Laziness does not justify risking things.
     
  12. If the API requires authorization credentials, it would not open the possibility for malicious jars to be uploaded under your name. Realistically, it would be easier to access someones account and upload malicious content through SpigotMC itself because: user created passwords < randomized API credentials. Guessing a password is easy (especially with databases like Dehash), guessing a 64? 128? 256? character string of randomized numbers and letters, not so much.

    PayPal should remove their API because it introduces the possibility of an unauthorized actor sending funds to themselves! /s

    This suggestion has literally no caveats besides the cost to develop and maintain, which is why it won’t be implemented.

    edit: Just saw your original post where you stated that fact as well.
     
    #12 Religion, Jun 25, 2021
    Last edited: Jun 25, 2021
  13. It's 2021, continuous delivery is everywhere, so it's quite a normal suggestion. However, how many updates do you post? If you post updates say weekly, I don't think it's worth it to spend the hours and funds to develop such thing.

    Regarding security, there really is no concern.
     
    • Like Like x 1
  14. Honestly, almost sounds like a fun project to create a simple script that uploads the resource.

    However, I could certainly see this being used to just spam every tiny update which is certainly not good for users & spigot. For some resources, the only way they get any attention is by publishing an update every once in a while. Not sure what the current limit is on resource updates, but I don't believe it's very high.