New feature: shareable user query #6052
Conversation
Share the output of a user query by RSS / HTML / OPML with other people through unique URLs. Replaces the global admin token, which was the only option (but unsafe) to share RSS outputs with other people. Also add a new HTML output for people without an RSS reader. fix FreshRSS#3066 (comment) fix FreshRSS#3178 (comment)
|
Not completely done, but ready for tests and comments.
|
|
I realised that the current implementation of the user queries was doing lots of redundant SQL queries, also when the user queries were not used. So I did some more refactoring to fix that. |
|
I have addressed the latest details, so all done here for now (several improvements in particular of the HTML output view are left to future work). |
| ## Share your user queries | ||
|
|
||
| A prerequisite is that the FreshRSS API(s) must be enabled in FreshRSS authentication settings. | ||
|
|
||
| From the configuration page of the user queries, | ||
| it is possible to share the output of the user queries with external users, | ||
| in the formats HTML, RSS, and OPML: | ||
|
|
||
|  | ||
|
|
||
| > ℹ️ Note that the sharing as OPML is only available for user queries based on all feeds, a category, or a feed. | ||
| > Sharing by OPML is **not** available for queries based on user labels or favourites or important feeds, | ||
| > to avoid leaking some feed details in an unintended manner. | ||
|
|
There was a problem hiding this comment.
Let us think to give a note here, that this feature will be available with 1.24 (it will note, that it is not yet available)
| <div class="form-group"> | ||
| <div class="group-controls"> | ||
| <label class="checkbox" for="shareRss"> | ||
| <input type="checkbox" name="query[shareRss]" id="shareRss" value="1" <?= $this->query->shareRss() ? 'checked="checked"' : ''?> /> | ||
| <?= _t('conf.query.filter.shareRss') ?> | ||
| </label> | ||
| <?php if ($this->query->sharedUrlRss() !== ''): ?> | ||
| <ul> | ||
| <li><a href="<?= $this->query->sharedUrlHtml() ?>"><?= _i('link') ?> <?= _t('conf.query.share.html') ?></a></li> | ||
| <li><a href="<?= $this->query->sharedUrlRss() ?>"><?= _i('link') ?> <?= _t('conf.query.share.rss') ?></a></li> | ||
| </ul> | ||
| <?php endif; ?> | ||
| </div> | ||
| <div class="group-controls"> | ||
| <label class="checkbox" for="shareOpml"> | ||
| <input type="checkbox" name="query[shareOpml]" id="shareOpml" value="1" <?= $this->query->shareOpml() && $this->query->safeForOpml() ? 'checked="checked"' : '' ?> | ||
| <?= $this->query->safeForOpml() ? '' : 'disabled="disabled"' ?> /> | ||
| <?= _t('conf.query.filter.shareOpml') ?> | ||
| </label> | ||
| <?php if ($this->query->sharedUrlOpml() !== ''): ?> | ||
| <ul> | ||
| <li><a href="<?= $this->query->sharedUrlOpml() ?>"><?= _i('link') ?> <?= _t('conf.query.share.opml') ?></a></li> | ||
| </ul> | ||
| <?php endif; ?> | ||
| </div> | ||
| <p class="help"><?= _i('help') ?> <?= _t('conf.query.share.help') ?></a></p> | ||
| <p class="help"><?= _i('help') ?> <?= _t('conf.query.help') ?></a></p> | ||
| </div> |
There was a problem hiding this comment.
could we add a check here, if the API is disabled?
(btw: the text in the settings needs an update, while it is not only used for the API)
There was a problem hiding this comment.
It is indeed now used for more than the mobile apps.
Note that WebSub, which is also an API, has its own internal option
|
HTML: There is a pagination. When I click on "Next" an "empty" page appears |
|
There is no log entry if the user query is not available for sharing ( |
Inded (Edit: Now that I think about it, what I did in the main page is to fetch 1 article more than demanded to know whether there is more or not)
Yes, this is by design as this can better be seen and reacted upon from the Web server logs (e.g. with Fail2Ban or similar) as I would rather avoid giving the possibility to an external client to too easily flood the FreshRSS user logs. We return different HTTP status codes (404, 422, 503...), which are visible in the Web server logs. |
* OPML regression due to *shared user queries* (the XPath attributes were not exported anymore) FreshRSS#6052 * Add master token to HTML Meta RSS link and OPML link FreshRSS#6159 (reply in thread)
* OPML regression due to *shared user queries* (the XPath attributes were not exported anymore) #6052 * Add master token to HTML Meta RSS link and OPML link #6159 (reply in thread)
| 'state' => 'State', | ||
| 'tags' => 'Display by label', | ||
| 'type' => 'Type', | ||
| ), | ||
| 'get_all' => 'Display all articles', | ||
| 'get_all_labels' => 'Display articles with any label', |
There was a problem hiding this comment.
Is it obsolete? I cannot find any place where it is used
There was a problem hiding this comment.
Strange, I cannot find all this "get_...." labels used somewhere....
@Alkarex Could you help me please?
There was a problem hiding this comment.
It is because they are used by string concatenation (which I would like to get rid of precisely because it makes validation and maintenance quite challenging). And there is another layer of property with another name for the getter, which makes it even more difficult to search:
Share the output of a user query by RSS / HTML / OPML with other people through unique URLs.
Replaces the global admin token, which was the only option (but unsafe) to share RSS outputs with other people.
Also add a new HTML output for people without an RSS reader.
fix #3066 (comment)
fix #3178 (comment)