zequez / factoriomods Goto Github PK

Example: http://www.factoriomods.com/mods/landfill

For me it states:

Factorio version: v0.11.x-0.12.x
Author: Rseding91
First version: 2.1.5 (5 months ago)
Last version: 2.1.4 (8 months ago)

But it should list the newest version (2.1.5) as "Last" aka Latest version. Preferably change the text to Latest as to eradicate any possible confusion like so:

Factorio version: v0.11.x-0.12.x
Author: Rseding91
Latest version: 2.1.5 (5 months ago)
First version: 2.1.4 (8 months ago)

• Site is not served over HTTPS
• Account recovery page exposes account enumeration vulnerability (It says when an account doesn't exist, it should behave the same as if you had entered a valid account)
• Account recovery email should send a code which is to be entered on the page following the enter your email address page (Users should not be encouraged to click links in emails and then enter their password)

To be honest I find Ruby really hard to read so I'm unable to review this site in full, but if there's one thing I've learnt from working on authentication / authorisation systems it's that they are far from trivial.

I would strongly recommend moving over to a well-known OpenID Connect provider such as Google. These days sites (Especially small ones such as this which don't have security teams and robust review processes) should not be expecting users to entrust them with their credentials.

I would be happy to advise on integrating with an OpenID Connect provider, although it would have to be general language-independent advice I'm afraid.

Example: http://www.factoriomods.com/mods/hebrew-rtl-fixer-inverter

The description gets cut off after the if:

Takes care of reverse Hebrew text. Enabling/disabling this mod has no effect, because if

While it should be:

Takes care of reverse Hebrew text. Enabling/disabling this mod has no effect, because if installed correctly, it irreversibly replaces game files.

rar archives are a proprietary format with awful compression ratios, and there's just no reason to ever use them, especially given the large number of much better archive and compression formats.

As title suggests, "&" on filenames are converterd to "_". If someone downloads the .zip and places them in the correct folder, upon launch they're greeted with an error due to this.

As an example, for the galactic trade mod: this is the decoded string:

'{"id":52,"url":"http://www.factoriomods.com/mods/galactic-trade-mod","categories":["gameplay"],"author":"coopmaster","contact":"[email protected]","title":"Galactic Trade Mod","name":"GalacticTrade","description":"This mod adds the ability to buy and sell items in the game at market prices. You unlock the chest by researching market trading which comes after electronics.","homepage":"","releases":[{"id":279,"version":"0.6.5","released_at":"2015-09-22T00:00:00.000Z","game_versions":["0.12.x"],"dependencies":[],"files":[{"id":293,"name":"","mirror":null,"url":"https://drive.google.com/open?id=0B-yFva9bu-RVRDlCWEZ0ZmNkOVE"},{"id":292,"name":"","mirror":null,"url":"http://www.factorioforums.com/forum/download/file.php?id=6083"}]},{"id":274,"version":"0.6.4","released_at":"2015-09-20T00:00:00.000Z","game_versions":["0.12.x"],"dependencies":[],"files":[{"id":287,"name":"","mirror":null,"url":"http://www.factorioforums.com/forum/download/file.php?id=6024"},{"id":286,"name":"","mirror":null,"url":"https://drive.google.com/open?id=0B-yFva9bu-RVblJEU0FkM01MZUk"}]},{"id":270,"version":"0.6.2","released_at":"2015-09-15T00:00:00.000Z","game_versions":["0.12.x"],"dependencies":[],"files":[{"id":279,"name":"","mirror":null,"url":"https://drive.google.com/open?id=0B-yFva9bu-RVdWNXSGxjaWxyT2s"}]},{"id":266,"version":"0.6.1","released_at":"2015-09-10T00:00:00.000Z","game_versions":["0.12.x"],"dependencies":[],"files":[{"id":273,"name":"","mirror":null,"url":"https://drive.google.com/open?id=0B-yFva9bu-RVSDFpc0ZMZ3RiQmM"}]},{"id":69,"versi'

As you can see, it simply ends midway and does not yield a proper json object.

Instead of encoding all this information, I'd recommend just linking to an url on factoriomods.com, that then yields the json data.

would be great to add a new cathegory : surfaces

I would like a method that allows me to count the number of pages available, so I do not have to guess while my app is loading the mod list.

Building a mod manager, with the aim of automatically updating mods before launching into factorio. Problem I'm running into, is that the files are inconsistent. You get download links from the api, that can link to practically anything. I can check the returned file to be zip and contains the info.json file, but if that doesn't exist, the file is worthless to an automated process. In my opinion the mods should be consistently factorio zip files, either by the website checking contributions to be that when the link is added, or by hosting the file on FactorioMods.

With the current mods, I mostly get zip files, but also stuff like "5dim pack.rar" "XxrcAy6" and "file.php"

Simply would be nice if for the url/mirror targets there was a checksum in the api (preferably sha or md5 - as those are guaranteed to exist in python), to validate a downloaded file.

Currently for a majority of mods, the info fields do not match up. That beeing the fields in the /mods json index and the info.json in the actual file.

For all current cases, look into https://travis-ci.org/Berserker66/FactorioManager/builds/82317559 and search for AssertionError.

It would be nice if added files are checked for actually beeing .zip's with info.json and enter the mod info automatically into factoriomods.com, as far as available. (I know for example categories would be missing).

Right now there are also 3 files:

broken_mods = {"5dim mod", "Air Filtering", "canInsert"}

That are not valid .zip's with an info.json, therefore fail on automated installs.

There doesn't seem to be a good way to handle what happens when a mod is taken over by a new author. I could re-submit a mod, but then you have duplicates of the same name, which is confusing.

Case in point, Marathon mod. The database lists it as for 0.11x, and with the old author. But it should be listed as 0.12x, and with the old and new author: http://www.factorioforums.com/forum/viewtopic.php?f=91&t=13567

Currently I'm forced to scrape the actual mod page for a thumbnail image to display in my manager. Would be nice to just have that link thrown in with the rest of the data returned with the mod info.

var match = Regex.Match(modPageSrc, "<div class=\'mod-image\'>.+?<img src=\"(?<ImgUri>.+?)\" />.+?</div>", RegexOptions.Compiled);
https://db.tt/iDrQYBfj

This depends on factorioforums.com offcourse, but you might like to use https://github.com/davidjbradshaw/iframe-resizer to keep the forum topic the correct height :)

Maybe it's possible with a simple setInterval however.