Author here. I was actually somewhat worried that someone gonna get to my Pi that has some other stuff running on it, because I am absolutely not doing any security and sandboxing on this nodejs server...
But I guess you made a good point, here you go :) Welcome to the wonderful world of random code copy-and-pasted from Stackoverflow!
Thanks for sharing the code mate. May i also suggest adding a token/password if you want to reduce attack surface. Also from a quick glance, this looks like it is vulnerable to ssrf style attack. This type of service is often vulnerable to it given the nature of it is fetching url on user's behalf. I would suggest either isolate it, have a whitelist of domains that you trust or having iptables to deny internal access.
Thanks for the suggestions. I know this implementation has more holes than a swiss cheese, but I will try to plug them as I figure out how to deal with js callbacks :)
And you may very well know this, but keep in mind that if this is on a LAN only and not port forwarded in from the internet, that substantially reduces your exposure; to exploit anything on your server code they'd need to be running behind your firewall. And there are probably juicier targets at that point.
What you built is super cool. If I would like to hack on an m5paper myself what ressources would you recommend that I start with to kick off a small project?
I read the M5paper Factory Test app [1] and it has tons of interesting details.
m5stack has several other example applications in their repo, but I learned a lot from reading their source code in the test app. Their code is quite sane and organized. You just need to be tolerant to their spelling from time to time, I figure English is not their first language (just like me).
We as a community also need to do a better job of embracing unpolished projects and emphasizing a “don’t be bashful” approach. I’ve seen far too many hobbiest projects posted here where the comments have nitpicked them apart in a derogatory, non-constructive way.
> ...a better job of embracing unpolished projects and emphasizing a “don’t be bashful” approach...
Absolutely. One thing I've found is that the tone of HNers varies a lot. As you pointed out, many are very constructive ("have you thought about...") while some are more critical ("you don't have ..." or "the UX is horrible").
If more people could work on doing the former, then I think we can create a more constructive environment for people to do this.
In my opinion, work in progress type projects (or "research projects" should have only constructive feedback, while Finished Products(tm) can take a more critical approach to comments.
But I guess you made a good point, here you go :) Welcome to the wonderful world of random code copy-and-pasted from Stackoverflow!
https://gist.github.com/htruong/692b1bca7b94db20051b601c89a4...