godotengine / godot-asset-library Goto Github PK
View Code? Open in Web Editor NEWPHP frontend for Godot Engine's asset library
Home Page: https://godotengine.org/asset-library
License: MIT License
PHP frontend for Godot Engine's asset library
Home Page: https://godotengine.org/asset-library
License: MIT License
When I edit my terrain editor on the website, I can submit and see a diff, but nothing tells me what's next. The only option is to "revise". If I leave the page it seems I loose all the edits and have to fill the form again. Is there a missing button? Otherwise, maybe it's a missing notification?
For some reason two dependencies, slim/php-view
and monolog/monolog
, are only listed in composer.lock but not in composer.json itself. composer install
works, as the lock file has priority there but if someone ever decides to run composer update
those dependencies would get removed from the project.
I validated a few updates yesterday, and every single time the hash I gave when validating the edit was discarded, and the old hash was kept in the db. So I had to fix the db manually.
Currently, as done in 25809e0, the asset's hash would be set manually by the moderator on asset accept, which isn't too good in the long run. We should either proxy asset zips and construct the hash while resending it, or downloading the zip and having mods ensure that they've downloaded the same zip.
Currently, to see addons, you would go to api/asset
, and to see only projects, you would go to api/asset?type=project
... without any way to see both.
(opening in order not to forget this)
This would enable moderators to improve some entries when needed, and also to help maintain assets where the initial maintainer might have went MIA.
When editing description, or adding screens to existing asset on the store, it would be great if after clicking submit changes
on the next page there was an information about change need to be approval before it goes life. Currently It's a little confusing since we can see something that looks like a preview of a changes but there is no information on how to publish them :)
As I was editing the submission I sent some minutes earlier, I got this error:
{"id":"23","url":"asset\/edit\/23"}<br />
<b>Notice</b>: Undefined offset: 0 in <b>/data/web/df/e1/53/godotengine.org/htdocs/asset-library/src/routes/asset_edit.php</b> on line <b>370</b><br />
I was just updating the URLs of the images and video (logo, video and thumbnail) as I copied the URL wrongly.
See e.g. https://godotengine.org/asset-library/frontend/asset/2
It's description is:
The Logger class is a GDScript singleton that provides a logging API for Godot projects.
It allows logging messages with different levels (error, warning, info, debug, verbose) and user-defined modules/channels. The output can be done to the console/terminal, to files, or to a configurable buffer that can be retrieved and displayed in game.
**Important:** The current version is a work in progress, and the API *will* evolve in the near future until a version 1.0 is tagged.
Supporting basic Markdown would be awesome too, but that's another topic ;)
A lightbox system for asset images and videos should be implemented, using something like sachinchoolur/lightgallery.js.
I moved all my plugins into single repository and created zip files manually.
It turned out that when users are downloading them they are unziped in project root folder instead of addons
, despite the fact that there is addons
folder inside the zip.
Here is example zip which is not working correctly.
https://github.com/kubecz3k/KivanoGodotPlugins/raw/master/builds/v091fsm.zip
ps. uploaded new archives with additional fake root folder.
After I submitted my first Asset and not finding it under My Assets I thought a bug happend and the Asset wasn't submitted.
When accessing https://godotengine.org/asset-library, users should land directly on the frontend without having to use https://godotengine.org/asset-library/frontend.
A redirect could easily be done, but the better solution would be to remove/hide the /frontend
part of the URL, as it's pretty obvious that https://godotengine.org/asset-library would be a web-based frontend (the api can of course stay as /api
).
It looks like we just need to move the index.php
and .htaccess
and likely fix some relative paths.
I submitted an entry for my asset, then if I click "revise" I get this:
Notice: Undefined index: original in /data/web/df/e1/53/godotengine.org/htdocs/asset-library/templates/edit_asset_edit.phtml on line 2
Warning: array_merge(): Argument #1 is not an array in /data/web/df/e1/53/godotengine.org/htdocs/asset-library/templates/edit_asset_edit.phtml on line 2
Currently, there is no way users can change the rating of an asset. We should implement some way to do it though (and disallow double rating, etc.).
It would be nice to have 2FA using algorithm from RFC 6238. It can be really simply implemented with not much code - https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
We can even use the simplified version of that algorithm used by Google (pseudocode).
I edited my submission to give it a different download URL, then I got this when I validated:
Fatal error: Using $this when not in object context in /data/web/df/e1/53/godotengine.org/htdocs/asset-library/src/routes/asset_edit.php on line 12
That would be needed to show the asset library in the project manager.
Related to #37.
Might be made obsolete if we decide to implement third party login providers (GitHub, OpenID, Facebook, etc.) and drop our own registration form.
User can edit not own asset (show edit button).
Currently it's just a redirect to the main frontend page.
@alketii already started implementing some of the templates, would be nice if he commits them.
It seems that you use some Slim framework, and according to their webpage this can be simply enabled - http://www.slimframework.com/docs/features/csrf.html
More about CSRF attack - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Currently you need to manually copy-paste the previous hash for edits like adding a screenshot, changing the description, etc., even if the download itself and thus the hash of the zipball do not change.
Pretty much like the other Godot's sites or any other website that requires user identification.
i.e. to move it between Testing, Community and Official.
So that people can find back why their proposal was not accepted.
Here's the link for the first edit in this screenshot: http://godotengine.org/asset-library/frontend/asset/edit/18
The icon looks fine there.
Markdown or BBCode should be supported in asset descriptions. See below for a comparison of each. Perhaps the asset store could use Markdown, and convert it to BBCode when needed for Godot's purposes.
See https://godotengine.org/asset-library/asset
We now have a 11th asset that doesn't show up: https://godotengine.org/asset-library/asset/11
I've looked a little at code and I don't see any usage of htmlspecialchars() nor regexps for escaping HTML/JS - does it mean, that every user can put their own JS (including trojan horse, etc.) into asset name/describtion/etc?
Currently it is rather easy to make the frontend display a ridiculous amount of Notice messages, like by opening asset with id -1. It should rather display a semi-descriptive error message.
I just validated this edit which creates a new asset: https://godotengine.org/asset-library/asset/edit/40
The resulting asset had (at the time of this writing) no previews: https://godotengine.org/asset-library/asset/9
We should hash the zips on submit, and store the hash in the DB. Then, the downloading client wil be able to ensure that the correct zip was downloaded, and not some changed one.
The hash algorithm is to be sha-256
, though we are open to suggestions if you have some (@est31 ๐)
That would allow for easier division based on stability required.
Clicking "Godot Asset Library" in the navigation bar does not make you go to the home page (like it probably should), instead, it brings you to the top of the current page.
We discussed it on #kobuge but I don't remember what was the consensus.
Currently the copyright mention in the license says:
Copyright (c) 2016 Alket Rexhepi
But it should definitely mention at least Bojidar Marinov and/or be made more generic by referring to Godot itself (e.g. "The Godot Engine community" / "The Godot Engine developers").
Some possibilities:
Copyright (c) 2016 Alket Rexhepi, Bojidar Marinov and the Godot community
Copyright (c) 2016 The Godot Engine community
Copyright (c) 2016 The Godot Engine developers
Copyright (c) 2016 Godot Engine Project
Copyright (c) 2016 Juan Linietsky, Ariel Manzur // like Godot, but wouldn't be fair to @alketii and @bojidar-bg I guess
Suggestions?
The copyright mention in the frontend footer should also be adapted accordingly.
When I was creating new asset, I checked category as 'tool'. In preview I got 'scripts'. So I clicked Revise and then I was seeing it's under tools once again. Was thinking it's shifted once place so I choose 'materials' to see what's going on. When I accepted edit, I got some text error (unfortunately I ddint save it).
Currently, an attacker just needs to guess the secret, after which he would be able to create session tokens for any existing user, as long as he knows the id.
I guess user_id-based tokens should be dropped, and only session tokens be given.
See e.g. https://godotengine.org/asset-library/frontend/asset/edit/6:
It should be shown as "Script" and not 6.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.