Proposal for user system and user configuration

[DIYgod]

What feature is it?

Currently, each RSSHub instance has a fixed global configuration. Users who wish to customize their configurations can only do so by self-hosting their own RSSHub instance. However, many users lack the technical ability to self-host, which hampers the advancement of RSSHub.

For example, numerous users have recently inquired about subscribing to Twitter feeds. The only solution at present is self-hosting.

Therefore, I propose implementing a user system that enables users to log in and set up personal configurations to override the global configurations. This way, they can use their private addresses for subscriptions.

What problem does this feature solve?

As mentioned above.

Additional description

This feature offers the benefit of providing our official instance with a profit model to cover high operating costs and project development costs. However, it may also have the drawback of encouraging users to become overly dependent on the same instance.

This is not a duplicated feature request or new RSS proposal

• I have searched existing issues to ensure this feature has not already been requested and this is not a new RSS proposal.

[Songkeys]

I'm curious about the security aspect. Could you explain how the personal configuration will be stored and how we can prevent any leaks?

[DIYgod]

I'm curious about the security aspect. Could you explain how the personal configuration will be stored and how we can prevent any leaks?

This is indeed a very challenging problem, and I currently have no ideas about it. It seems that it cannot be encrypted for storage because the instance need to read these configurations in plain text.

[NeverBehave]

A quick idea is to use some get some of gist service like https://gist.github.com. User could create a secret gist and attach it as part of the url, and then we can temporarily cache config using gist ID as keys(avoid frequent parse&fetch).

Still, one pitfall is if the URL is exposed, info will still leaked.

https://docs.github.com/en/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists
Secret gists aren't private. If you send the URL of a secret gist to a friend, they'll be able to see it. However, if someone you don't know discovers the URL, they'll also be able to see your gist. If you need to keep your code away from prying eyes, you may want to create a private repository instead.

However I believe at that point it is more on the user side not to share their key to others, like API token and PT passkey etc. We should educate our user what to do and what not to do.

[9k001]

我的 自用的 Radar Rules的方法是
用Python

1. 远程下载 官方的 Radar Rules，
2. 替换字符串
3. 上传自用代码库
4. raw出来
   安全问题，因为是自建内网服务器，暂时没有考虑安全得问题。
   我觉得安全性的问题，带个password就好了。或者是类似于 git的公钥私钥管理的方法，只读，可编辑巴拉巴拉得。。
   这里可以用中文讨论么？。。。。大家都是英文。。。

---

English

My own method of Radar Rules is to replace it with Python.
The steps are as follows:

1. Download official rules.
2. Replacement string.
3. Upload to the code base.
4. Use the RAW page to release it.
   For security issues, I suggest that you can use a custom password. Or the management of public and private keys based on git.

[Jiang10086]

我的 自用的 Radar Rules的方法是 用Python

1. 远程下载 官方的 Radar Rules，
2. 替换字符串
3. 上传自用代码库
4. raw出来
   安全问题，因为是自建内网服务器，暂时没有考虑安全得问题。
   我觉得安全性的问题，带个password就好了。或者是类似于 git的公钥私钥管理的方法，只读，可编辑巴拉巴拉得。。
   这里可以用中文讨论么？。。。。大家都是英文。。。

Beacuse there are developer from all around the world, I think we all talk in English is better, although we know DIYGod master Chinese.

[9k001]

我的 自用的 Radar Rules的方法是 用Python

1. 远程下载 官方的 Radar Rules，
2. 替换字符串
3. 上传自用代码库
4. raw出来
   安全问题，因为是自建内网服务器，暂时没有考虑安全得问题。
   我觉得安全性的问题，带个password就好了。或者是类似于 git的公钥私钥管理的方法，只读，可编辑巴拉巴拉得。。
   这里可以用中文讨论么？。。。。大家都是英文。。。

Beacuse there are developer from all around the world, I think we all talk in English is better, although we know DIYGod master Chinese.
Ok, I picked up the translation software go go go.

[Ray-D-Song]

A compromise implementation may not yield good results.
If we were to introduce a user system and a subscription-based model, the only successful way would be to integrate a reader. Then we would become Feedly. (Just kidding)
I think we can offer the user system and reader as additional features provided by the official service, separate from the core service of rsshub.
Those with self-hosting capabilities can continue to use rsshub, while others can subscribe to the official service.
I would be happy to contribute code.

[Ray-D-Song]

Another strange thing is that there currently isn't a good reader with cross-platform syncing capabilities.
I have been self-hosting FreshRSS and using NetNewsWire as my reader.
I have to say, it's not an elegant solution.