WE'VE MOVED THREADS
See this for the latest info.

Banner by GrahamSH

AutoUOC
Official Testing & Discussion Topic

Heyo! My name is BGMead and I'm the dev behind AutoUOC, a work-in-progress website that will make shop management extremely easy with an auto-updating Unclaimed Orders Center, or UOC for short! I got the idea for the it when I was messing around with HTTP POST requests and decided to see if I could write some code which posted to the Scratch forums and comments, and it worked! Sadly, the ST is too cool for bots I guess, so now we're website-only.

Current Status
Updated Sep. 10, 2020
The API can currently: post comments, forum posts, edit posts (untested), get message counts, and get forum data.
Starting work on the main website.

Links
API GitHub Repository
Website GitHub Repository
Main Website coming soon

• New shop orders
  
• Employees taking orders
  
• Employees completing orders
  

1. Make three text files, one for each category above
   
2. Find a post that meets any of the categories above
   
3. Click the post time stamp (Example: Today 19:27:33)
   
4. Copy the little number at the end of the URL you were sent to (this is the post ID) and paste it into the text document!
   
5. Use a site like pastebin.com to paste the text docs!
   
6. Post the links here!
   

Pufferfish_Test wrote:

This looks really great! I've just forked the repo and am working on the post api. I'll make a pull request when I'm done.
However, this won't be testable until you get alproval from the ST, will it?

AutoUOC wrote:

Hello! This is a test post. If you are seeing this, it means the forum post API endpoint is working!

Nambaseking01 wrote:

This is definitely a very interesting project! I'll keep following the discussion and remain in touch to see how well everything goes - I'll definitely try to include the system in my shop when it launches.

BGMead wrote:

Nambaseking01 wrote:

This is definitely a very interesting project! I'll keep following the discussion and remain in touch to see how well everything goes - I'll definitely try to include the system in my shop when it launches.

Awesome, thanks! Beta should be rolling out very soon actually, since development is going a lot smoother than expected!

Nambaseking01 wrote:

BGMead wrote:

Nambaseking01 wrote:

This is definitely a very interesting project! I'll keep following the discussion and remain in touch to see how well everything goes - I'll definitely try to include the system in my shop when it launches.

Awesome, thanks! Beta should be rolling out very soon actually, since development is going a lot smoother than expected!

I have a question though: will it also be possible to have one UOC post and have this bot constantly update it with orders? Because my shop works differently from TIPS and we don't repost the UOC on every single page.

BGMead wrote:

Yep, the default behavior is to make one post that you can style with BBCode on the website. The bot will then auto-update it with orders. If we constantly reposted we'd hit the 60-sec rule all the time since the bot runs in multiple shops.

Nambaseking01 wrote:

BGMead wrote:

Yep, the default behavior is to make one post that you can style with BBCode on the website. The bot will then auto-update it with orders. If we constantly reposted we'd hit the 60-sec rule all the time since the bot runs in multiple shops.

Hm, OK, that's convenient. But that does mean that TIPS can't use this bot though

BGMead wrote:

Ok, I made a neat discovery. Turns out the CSRF token is stored with the cookie. Only one issue - the token updates every 24 hours or so. We're going to need something that keeps the token up to date - perhaps a browser extension that POSTs to the website?

_nix wrote:

BGMead wrote:

Ok, I made a neat discovery. Turns out the CSRF token is stored with the cookie. Only one issue - the token updates every 24 hours or so. We're going to need something that keeps the token up to date - perhaps a browser extension that POSTs to the website?

assuming the csrf token changes but the session id stays the same (which i think is a fair assumption, since otherwise how else do you stay logged in on the site every day ) maybe you could periodically (as well as when running into authorization errors) request to scratch.mit.edu/csrf_token/ and read the cookie set there? no need for post requests or browser extensions then, assuming your code has access to a session id!

….
….that said im just remembering that i dont think the CSRF token is actually necessary at all. test your code and see if it works when you set the header X-CSRFToken=a (or the cookie scratchcsrftoken=a) – i feel like i remember that working in the past without issue. if thats still the case, you can just skip dealing with csrf tokens at all.

edit: btw, this is a really neat project idea and im excited to see where it goes :0
edit 2: im just going to drop a link to my api docs if you havent seen them already, because they could come in handy! im pretty experienced with api stuff so if theres anything youre stumped trying to figure out please feel free to poke me!

BGMead wrote:

_nix wrote:

BGMead wrote:

Ok, I made a neat discovery. Turns out the CSRF token is stored with the cookie. Only one issue - the token updates every 24 hours or so. We're going to need something that keeps the token up to date - perhaps a browser extension that POSTs to the website?

assuming the csrf token changes but the session id stays the same (which i think is a fair assumption, since otherwise how else do you stay logged in on the site every day ) maybe you could periodically (as well as when running into authorization errors) request to scratch.mit.edu/csrf_token/ and read the cookie set there? no need for post requests or browser extensions then, assuming your code has access to a session id!

….
….that said im just remembering that i dont think the CSRF token is actually necessary at all. test your code and see if it works when you set the header X-CSRFToken=a (or the cookie scratchcsrftoken=a) – i feel like i remember that working in the past without issue. if thats still the case, you can just skip dealing with csrf tokens at all.

edit: btw, this is a really neat project idea and im excited to see where it goes :0
edit 2: im just going to drop a link to my api docs if you havent seen them already, because they could come in handy! im pretty experienced with api stuff so if theres anything youre stumped trying to figure out please feel free to poke me!

Epic, thanks so much! I opened this issue an hour ago trying to resolve the issue. I'll try your workaround.

Nambaseking01 wrote:

Also, do you think I should make a pull request to implement issue templates? It's a thing I do to a couple of repositories just so it's more convenient for the issue-makers - I'll set up a basic template and you can edit it as much as you like