Switch all backend endpoints to api.xmoj-script.uk#980
Merged
Conversation
Agent-Logs-Url: https://github.com/XMOJ-Script-dev/XMOJ-Script/sessions/3a87c529-2f63-4617-8be5-5b9f3c33f751 Co-authored-by: PythonSmall-Q <106425289+PythonSmall-Q@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
PythonSmall-Q
May 2, 2026 07:40
View session
Contributor
Reviewer's guide (collapsed on small PRs)Reviewer's GuideUpdates all frontend script and HTML references from legacy xmoj-bbs domains to the new xmoj-script / assets domains, including API, WebSocket, image, homepage/support, and versioning metadata, and marks SSO as in-development while removing the Alpha badge from the messages page link. Sequence diagram for messages page using new api.xmoj-script.uk endpointssequenceDiagram
actor User
participant BrowserMessagesPage
participant XMOJBackendAPI as api_xmoj_script_uk
participant AssetsService as assets_xmoj_script_uk
participant NotificationsWS as ws_api_xmoj_script_uk
User->>BrowserMessagesPage: Open messages.html
BrowserMessagesPage->>XMOJBackendAPI: POST API_BASE action (https://api.xmoj-script.uk/)
XMOJBackendAPI-->>BrowserMessagesPage: Messages data (includes ImageID values)
loop For each message with image
BrowserMessagesPage->>AssetsService: GET ASSET_BASE + ImageID (https://assets.xmoj-script.uk/GetImage)
AssetsService-->>BrowserMessagesPage: Image binary
end
User->>BrowserMessagesPage: Enable notifications
BrowserMessagesPage->>NotificationsWS: Connect wss://api.xmoj-script.uk/ws/notifications
NotificationsWS-->>BrowserMessagesPage: Push new message events
BrowserMessagesPage-->>User: Render messages and images
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
Signed-off-by: Shan Wenxiao <seanoj_noreply@yeah.net>
Deploying xmoj-script-dev-channel with
|
| Latest commit: |
e09ddc3
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://57a57d48.xmoj-script-dev-channel.pages.dev |
| Branch Preview URL: | https://copilot-switch-endpoint-to-a.xmoj-script-dev-channel.pages.dev |
hendragon-bot
Bot
added
user-script
Signed-off-by: Shan Wenxiao <seanoj_noreply@yeah.net>
Signed-off-by: Shan Wenxiao <seanoj_noreply@yeah.net>
Signed-off-by: Shan Wenxiao <seanoj_noreply@yeah.net>
Signed-off-by: Shan Wenxiao <seanoj_noreply@yeah.net>
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Hey - I've found 1 issue, and left some high level feedback:
- Now that all runtime API calls target
api.xmoj-script.uk, consider removing the legacy@connectentries (api.xmoj-bbs.tech/api.xmoj-bbs.me) from the userscript header to avoid requesting unnecessary Tampermonkey permissions. - In
messages.html, the SSO authorize function no longer navigates toOAUTH_AUTHORIZE_URL; if SSO is intentionally disabled, consider either removing or clearly feature-flagging that path (and associated UI tab) to avoid leaving a partially wired flow in the codebase.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Now that all runtime API calls target `api.xmoj-script.uk`, consider removing the legacy `@connect` entries (`api.xmoj-bbs.tech` / `api.xmoj-bbs.me`) from the userscript header to avoid requesting unnecessary Tampermonkey permissions.
- In `messages.html`, the SSO authorize function no longer navigates to `OAUTH_AUTHORIZE_URL`; if SSO is intentionally disabled, consider either removing or clearly feature-flagging that path (and associated UI tab) to avoid leaving a partially wired flow in the codebase.
## Individual Comments
### Comment 1
<location path="messages.html" line_range="994" />
<code_context>
scope: OAUTH_SCOPE,
state: state
});
- location.href = OAUTH_AUTHORIZE_URL + '?' + params.toString();
}
</code_context>
<issue_to_address>
**suggestion:** The SSO initiate function now becomes a no-op, which may be confusing and could be simplified or guarded.
With the redirect removed, `startSsoAuthorize` now just creates `state` and `params` without any effect. If this is a deliberate dev-only stub, consider making that explicit by returning early with a clear stub behavior, or by not constructing `state`/`params` until the flow is re‑enabled. This will reduce confusion for future maintainers.
Suggested implementation:
```
// SSO initiate flow is temporarily disabled.
// This stub is intentional: remove or replace when re‑enabling SSO.
return;
}
```
I assumed the existing implementation of `startSsoAuthorize` was computing `state` and `params` exactly as shown in the `SEARCH` block, and that those values are now unused since the redirect was removed. If the function signature or surrounding code differs, you should:
1. Ensure the `SEARCH` block matches the actual body of `startSsoAuthorize` that creates `state`/`params` so it can be fully replaced with the stub.
2. Optionally add a more explicit comment (e.g., `// TODO: Re‑enable SSO redirect when backend is ready`) if your codebase prefers TODO annotations for temporary stubs.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
1 issue found across 5 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="messages.html">
<violation number="1" location="messages.html:77">
P2: The SSO login tab button uses `data-tab="sso-develop"`, but tab logic still expects `sso`, so clicking it won’t display the SSO panel.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migrates every backend API reference from the legacy
api.xmoj-bbs.me/api.xmoj-bbs.techdomains to the newapi.xmoj-script.ukdomain.Changes
XMOJ.user.js@connectdirectives: consolidatesapi.xmoj-bbs.tech+api.xmoj-bbs.meinto singleapi.xmoj-script.ukassets.xmoj-bbs.me→api.xmoj-script.uk)messages.htmlAPI_BASEandASSET_BASEconstants updatedSummary by Sourcery
Update XMOJ script and web UI to use the new xmoj-script.uk domains and adjust related UX and metadata.
Enhancements:
Summary by cubic
Switches all API and WebSocket endpoints to
api.xmoj-script.ukand standardizes image URLs toassets.xmoj-script.uk/GetImage. Updates homepage/debug URLs and support link, flags SSO login as in development (redirect disabled), removes the “Alpha” badge in navigation, and bumps to 3.4.6 (prerelease).api.xmoj-script.ukaccess on update. Accept it.api.xmoj-script.ukandassets.xmoj-script.uk, and remove the old ones.Written for commit e09ddc3. Summary will update on new commits.