[–] Ghost777 0 points 1 points (+1|-0) ago 

I've been programming in solely Python for the last year myself, and I know exactly what you mean. After going through a crash course video on JS as well as some Udemy thing, I realized how much better engineered Python is than JS.

[–] TeranNotTerran [S] 0 points 0 points (+0|-0) ago 

I think Javascript started bad and just got more and more tacked onto it. Some of it is interesting but man, Python is a breeze by comparison.

[–] Drenki 0 points 1 points (+1|-0) ago 

A good place to start with modern JS and libraries is npm.

The basic gestalt is that your write you code in something like typescript and then use tools like babel to create targeted distributions (different ways of packaging the modules) for different runtime environments, as browser js capabilities vary greatly and node is a totally different beast.

[–] avgwhtguy1 0 points 0 points (+0|-0) ago  (edited ago)

Its meant for scripts. Quick and dirty. Trying to build nonclientside libraries should be a pain - it wasnt designed for that.

[–] Omnicis 0 points 0 points (+0|-0) ago 

How is JS like C at all? are you talking about just the syntax? C isn't meant to "crash so hard", and if the programmer knows what they are doing, it won't. They will check the state at appropriate times and gracefully handle issues if they appear.

[–] TeranNotTerran [S] 0 points 1 points (+1|-0) ago 

I'm making a general complaint. C will give you segfault if you try to do something out of bounds. JS doesn't even throw a warning if you try to access something you haven't allocated.

They don't have a lot in common. I guess JS has the ease of shooting yourself in the foot with C, but you don't always know that you have.

[–] Satirical 0 points 0 points (+0|-0) ago  (edited ago)

Are your machine IDs used as identifiers in API requests? If so you should probably ensure that they're generated on the backend, rather than in the client to avoid any possible encoding issues in transport if someone tries to be clever.

I would also wrap that library in a self executing function / closure with exports. Like this:

var sporestack = (function() {

    var dostuff = () => console.log("I did stuff!");

    return {
        doStuff: dostuff
    }
})()

This would then be evaluated when you import the file, and you would be left with a variable to use as sort of a namespace for your javascript functions.

Like so:

sporestack.doStuff();
// I did stuff!

Assuming you're already sanitizing the input on the post calls when someone creates an instance, if you're not that could be a potential sql injection vector, possibly even a stored xss vector in your front end if you don't html encode values displayed from the response data.

What are you using for the VPS bootstrapping? Saltstack, Kubernetes, Terraform?

[–] TeranNotTerran [S] 0 points 0 points (+0|-0) ago 

The machine ID is used as password instead of accounts. Machine secret would have been better name, in retrospect. They're generated client side given the stateless nature of the backends and how the API works.

I would also wrap that library in a closure with exports.

What do you mean?

Lots of santization and validation on the backend. No database, so no SQL injection possible. The API is "trusted", so if it's giving bad data there's bigger issues. Can you see an issue with XSS how it is now? Any modifying change is a POST.

I use Saltstack but this is mostly just a proxy launcher into Digital Ocean for now. I had Vultr for the V1 API and will add it along side DO. I had another host in V2 with my own stack on it, but getting the network filtering reliable was a real pain.

Thanks for your reply.

[–] Satirical 0 points 1 points (+1|-0) ago  (edited ago)

If there's no db, nothing to be stored/rendered theres no persistent xss.

It's funny, I built a platform that does the same thing, with the same providers using the same technology (saltstack), only difference being it auto provisioned game servers.

I updated my original comment to include an example for the closure/selfexec function

[–] TeranNotTerran [S] 0 points 0 points (+0|-0) ago 

Ohh, I like that. Better namespacing. Will keep that in mind, thank you!