1. Post #41
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    couldn't you cache per user group?
    There's no reliable way of detecting user groups, the ID isn't included in the page source anywhere iirc.

    You could look at username colours, but then there are special cases like garry's.

  2. Post #42
    Gold Member
    danharibo's Avatar
    July 2006
    4,498 Posts
    There's no reliable way of detecting user groups, the ID isn't included in the page source anywhere iirc.

    You could look at username colours, but then there are special cases like garry's.
    And I guess adding some hidden fields to the forum just for the API is not possible.

  3. Post #43
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    Wouldn't just hitting CloudFlare for read requests solve the problem? That way we're only hitting with the same load a normal web user would hit with, and it involves no extra complexity API side.

  4. Post #44
    garry's Avatar
    September 2001
    12,411 Posts
    Not really, if you hit cloudflare or the server directly it's the same result. I was just looking for a way to stop the effect of people reading a thread of 2,000 posts over and over.. but I guess there's no way for it to be done nicely.

  5. Post #45
    Gold Member
    Lexic's Avatar
    March 2009
    6,123 Posts
    You could add <!-- YOU ARE A GOLD MEMBER --> to the header?

    Edited:

    (or whatever usergroup the user is)

  6. Post #46
    garry's Avatar
    September 2001
    12,411 Posts
    Maybe reading public forums could always be done `logged out` and cached?

  7. Post #47
    Gold Member
    Lexic's Avatar
    March 2009
    6,123 Posts
    You don't let logged out users browse the forums.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Funny Funny x 3Disagree Disagree x 1 (list)

  8. Post #48
    garry's Avatar
    September 2001
    12,411 Posts
    Yeah I do

    Reply With Quote Edit / Delete Reply Windows 7 Show Events Informative Informative x 2Zing Zing x 1Funny Funny x 1Agree Agree x 1 (list)

  9. Post #49
    Gold Member
    Lexic's Avatar
    March 2009
    6,123 Posts
    Huh, when did that change?
    Last week I had to log in on someone else's computer because it wouldn't let me browse otherwise.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Agree Agree x 13 (list)

  10. Post #50
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    Maybe reading public forums could always be done `logged out` and cached?
    We wouldn't have the rating keys then to allow post ratings, or the security tokens to allow posting.
    Reply With Quote Edit / Delete Reply Mac United Kingdom Show Events Informative Informative x 1 (list)

  11. Post #51
    garry's Avatar
    September 2001
    12,411 Posts
    I'd imagine your api would be one call to post - which would load the page, get the security token and then post. Seems odd to make the user of the API manually load the page to make a post?

  12. Post #52
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    I'd imagine your api would be one call to post - which would load the page, get the security token and then post. Seems odd to make the user of the API manually load the page to make a post?
    For posting, yeah, but for ratings they need to provide the key from the original getposts call, we don't retrieve that for them. I try to keep duplicate requests like the secinfo ones to a minimum because they increase the request response time.

    Why wouldn't CloudFlare for read requests solve the problem? Doesn't that prevent a hit on the server for a previously loaded page?

    Another thing I could do is implement request rate limiting per client, if that'd help.

  13. Post #53
    Gold Member
    toaster468's Avatar
    January 2010
    3,243 Posts
    It is taking a long time for requests to be processed.

    Edited:

    nvm it's probably just facepunch.

  14. Post #54
    Gold Member
    toaster468's Avatar
    January 2010
    3,243 Posts
    Should we have a separate thread for tests? Like for testing different positing functionalities?

    EDIT:

    Also, how do I send a new post in a URL? Is that even possible?

    Edited:

    I'm posting alot but I found this:

    Code:
    \/avatar\/63187.png?garryis=awesome
    In one of the responses , garry u so silly
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Late Late x 9 (list)

  15. Post #55
    Gold Member
    dije's Avatar
    December 2008
    4,754 Posts
    Hexxeh, are there a limit to how many login requests can be done?

    Edited:

    Also, you should list all the error codes you can get on the API Actions page.

  16. Post #56
    garry's Avatar
    September 2001
    12,411 Posts
    For posting, yeah, but for ratings they need to provide the key from the original getposts call, we don't retrieve that for them. I try to keep duplicate requests like the secinfo ones to a minimum because they increase the request response time.

    Why wouldn't CloudFlare for read requests solve the problem? Doesn't that prevent a hit on the server for a previously loaded page?

    Another thing I could do is implement request rate limiting per client, if that'd help.
    No cloudflare doesn't work like that for dynamic pages, it just passes right through (unless it detects you as a DDOS attack, then it blocks it).

  17. Post #57
    RUBY OVERLORD
    swift and shift's Avatar
    November 2011
    2,115 Posts
    No cloudflare doesn't work like that for dynamic pages, it just passes right through (unless it detects you as a DDOS attack, then it blocks it).
    Why use cloudflare then?

  18. Post #58
    garry's Avatar
    September 2001
    12,411 Posts
    Because it protects against DDOS and caches static content

  19. Post #59
    RUBY OVERLORD
    swift and shift's Avatar
    November 2011
    2,115 Posts
    Because it protects against DDOS and caches static content
    It doesn't stop someone attacking the real Facepunch server(s?) and static content is something you can just stick appropriate cache headers on
    Reply With Quote Edit / Delete Reply Mac Australia Show Events Agree Agree x 4 (list)

  20. Post #60
    Gold Member
    dije's Avatar
    December 2008
    4,754 Posts
    Oh great

    Edited:

    Worked

  21. Post #61
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    Hexxeh, are there a limit to how many login requests can be done?

    Edited:

    Also, you should list all the error codes you can get on the API Actions page.
    No limit on successful ones, but too many incorrect ones and Facepunch will block you for a while.

    It doesn't stop someone attacking the real Facepunch server(s?) and static content is something you can just stick appropriate cache headers on
    They don't know the real server addresses, only the CloudFlare addresses. CloudFlare knows the Facepunch addresses and passes requests onwards on your behalf. That's my understanding at least.
    Reply With Quote Edit / Delete Reply Linux United Kingdom Show Events Agree Agree x 1 (list)

  22. Post #62
    RUBY OVERLORD
    swift and shift's Avatar
    November 2011
    2,115 Posts
    They don't know the real server addresses, only the CloudFlare addresses. CloudFlare knows the Facepunch addresses and passes requests onwards on your behalf. That's my understanding at least.
    That's exactly right, but it's possible to get Facepunch to reveal it's own IP address which kinda defeats any obscurity cloudflare provides
    Reply With Quote Edit / Delete Reply Mac Australia Show Events Agree Agree x 6 (list)

  23. Post #63
    Gold Member
    dije's Avatar
    December 2008
    4,754 Posts
    No limit on successful ones, but too many incorrect ones and Facepunch will block you for a while.



    They don't know the real server addresses, only the CloudFlare addresses. CloudFlare knows the Facepunch addresses and passes requests onwards on your behalf. That's my understanding at least.
    Would you accept my steam friendship invite? I'm having some troubles with posting. Login works fine. :)

  24. Post #64
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    That's exactly right, but it's possible to get Facepunch to reveal it's own IP address which kinda defeats any obscurity cloudflare provides
    If it's setup right, you shouldn't be able to get the real address should you?

    Edited:

    Would you accept my steam friendship invite? I'm having some troubles with posting. Login works fine. :)
    I'm not at a machine with Steam at the moment sorry, feel free to post here or if it has to be private for some reason PM me.

  25. Post #65
    RUBY OVERLORD
    swift and shift's Avatar
    November 2011
    2,115 Posts
    174.36.201.30
    Reply With Quote Edit / Delete Reply Mac Australia Show Events Funny Funny x 3Informative Informative x 1Zing Zing x 1 (list)

  26. Post #66
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    174.36.201.30
    So I don't understand how CloudFlare works, fair enough. I've never actually used it so that makes sense.

  27. Post #67
    Gold Member
    dije's Avatar
    December 2008
    4,754 Posts
    If it's setup right, you shouldn't be able to get the real address should you?

    Edited:



    I'm not at a machine with Steam at the moment sorry, feel free to post here or if it has to be private for some reason PM me.
    Oh ok. What I can't figure out, is how to post. I have all the info but I can't get it to work.

    I get "{"error":"No thread ID provided"}" back

  28. Post #68
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    Oh ok. What I can't figure out, is how to post. I have all the info but I can't get it to work.

    I get "{"error":"No thread ID provided"}" back
    Are you passing the thread ID on the post arguments?

  29. Post #69
    Gold Member
    dije's Avatar
    December 2008
    4,754 Posts
    I'm passing everything in the URL, am I doing something wrong?

    Edited:

    Test

  30. Post #70
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    I'm passing everything in the URL, am I doing something wrong?
    Yes. You need to make a POST request, not a GET request. Put your username and password on the query string, and thread_id and message in the post body, as per the docs.


  31. Post #71
    Gold Member
    dije's Avatar
    December 2008
    4,754 Posts
    Testing the FP Api. Ignore this post, please!

    Edited:

    Yes, it worked!

  32. Post #72
    Follow me on github!
    benjojo's Avatar
    January 2009
    2,620 Posts
    174.36.201.30
    I was thinking on how you did that and then I though of a way my self.

    So, I set up a tcpdump on one of my servers... And then pointed facepunch to download a image from the server.

    Download the pcap file and open it in wireshark.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Artistic Artistic x 2Informative Informative x 1Funny Funny x 1 (list)

  33. Post #73
    Gold Member
    BackwardSpy's Avatar
    May 2008
    6,538 Posts
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Zing Zing x 3Funny Funny x 3Agree Agree x 1 (list)

  34. Post #74
    Follow me on github!
    benjojo's Avatar
    January 2009
    2,620 Posts
    Oops, Spelling auto correct got me.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Friendly Friendly x 3Funny Funny x 1 (list)

  35. Post #75
    Gold Member
    The freeman's Avatar
    October 2007
    6,579 Posts
    Is there a way to see if someone is a gold member with this?

  36. Post #76
    Cyle's Avatar
    September 2011
    117 Posts
    I know this is going to sound noobish.

    You should post some tutorials. Step by Step.



    Also, how can this be valuable to somebody? Could this give someone a break on Facepunch of some sort?
    Reply With Quote Edit / Delete Reply United States Show Events Dumb Dumb x 5 (list)

  37. Post #77
    Gold Member
    toaster468's Avatar
    January 2010
    3,243 Posts
    t

  38. Post #78
    Gold Member
    horsedrowner's Avatar
    January 2009
    3,739 Posts
    I know this is going to sound noobish.

    You should post some tutorials. Step by Step.



    Also, how can this be valuable to somebody? Could this give someone a break on Facepunch of some sort?
    Do you know what an API is?

  39. Post #79
    Gold Member
    toaster468's Avatar
    January 2010
    3,243 Posts
    facepun.ch doesn't work with IE6 btw.

    EDIT:

    Jesus Christ, did you change the API? All of my projects aren't working now.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Funny Funny x 4Informative Informative x 1Optimistic Optimistic x 1Dumb Dumb x 1 (list)

  40. Post #80
    Moderator Illuminati
    Hexxeh's Avatar
    June 2006
    5,091 Posts
    facepun.ch doesn't work with IE6 btw.

    EDIT:

    Jesus Christ, did you change the API? All of my projects aren't working now.
    Nope, you're just failing apparently. Doubly so for using IE6.

    Edited:

    Is there a way to see if someone is a gold member with this?
    Sadly you'll need to just look at the username_html field, usergroups aren't exposed in the HTML in any other way as far as I know.