The Scratch Channel - The most reliable news to your device - 3 jobs needed

snoopythe3

GvYoutube wrote:
Can I be a news writer aswell? Coding for me is on pause as im on mobile, because my Pi is dead

Sure! Give me a sec to add you to the news team on github

snoopythe3

Hello! So I noticed that we are making a admin.js file and i saw this line of code:

let admins = ['kRxZy_kRxZy', 'Snoopythe3'];

Can i safely add everyone who helped with the code to the list or do I have to wait until it comes out? And will it have restrictions that Higher-ups can change?

Here's what i think would happen when the website is released on Dec 14th 2025 @krxzy_krxzy If i'm correct please let me know.
Add admins - admin.js:13

  // Check if the requester is a valid admin with a valid auth code
  if (authCodes.includes(auth) && admins.includes(username)) {
    // Check if the user to be promoted is not already an admin
    if (!admins.includes(userToBeAdmin)) {
      admins.push(userToBeAdmin);
      res.status(200).send(`${userToBeAdmin} has been added as an admin.`);
    } else {
      res.status(409).send(`${userToBeAdmin} is already an admin.`);
    }
  } else {
    res.status(403).send('Forbidden: Unauthorized access');
  }
});

The scratch channel profiles - users.js

const express = require('express');
const router = express.Router();
const escapeHtml = require('escape-html');
function escapeAttribute(value) {
  if (typeof value !== "string") return "";
  return value.match(/^https?:\/\/[a-zA-Z0-9\-._~:/?#@!$&'()*+,;=%]+$/) ? value : "";
}
let users = [];
const htmlWrapper = (title, bodyContent) => `
<!DOCTYPE html>
<html lang="en">
<head>
  <title>${escapeHtml(title)} - The Scratch Channel</title>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <link rel="stylesheet" href="../static/index-revamp.css">
  <link rel="stylesheet" href="../static/new.css">
  <link rel="stylesheet" href="../static/index.css">
</head>
<body>
  <div class="header">
    <p class="nav-logo">TSC</p>
    <nav class="nav-links">
      <a href="/">Home</a>
      <a href="articles.html">Articles</a>
      <a href="login.html">Log In</a>
    </nav>
  </div>  
  <div class="main">
    ${bodyContent}
  </div>
  <div class="footer">
  </div>
</body>
</html>
`;
router.post('/api/new-user', (req, res) => {
  const { username, pfp } = req.body;
  if (!username || !pfp) {
    return res.status(400).json({ error: 'Username and profile picture (pfp) required' });
  }
  const safeUsername = String(username).replace(/[^\w-]/g, '').slice(0, 32);
  const safePfp = escapeAttribute(pfp);
  if (!safeUsername || !safePfp) {
    return res.status(400).json({ error: 'Invalid username or profile picture URL' });
  }
  const userData = {
    username: safeUsername,
    pfp: safePfp,
    followers: [],
    followings: ['krxzy_krxzy', 'snoopythe3', 'swiftpixel']
  };
  users.push(userData);
  res.json({ message: 'Welcome New User', user: userData });
});
router.get('/users/:username', (req, res) => {
  const user = users.find(u => u.username === req.params.username.replace(/[^\w-]/g, ''));
  if (!user) return res.status(404).send('User not found');
  const profileHtml = `
    <img src="${escapeAttribute(user.pfp)}" alt="${escapeHtml(user.username)}'s profile picture" style="width:100px;border-radius:50%;" />
    <h2>@${escapeHtml(user.username)}</h2>
    <p>Followers: ${user.followers.length}</p>
    <p>Following: ${user.followings.length}</p>
    <div class="actions">
      <a href="/users/${escapeHtml(user.username)}/followers">View Followers</a> | 
      <a href="/users/${escapeHtml(user.username)}/following">View Following</a>
    </div>
  `;
  res.send(htmlWrapper(`${user.username}'s Profile`, profileHtml));
});
router.get('/users/:username/followers', (req, res) => {
  const safeUsername = req.params.username.replace(/[^\w-]/g, '');
  const user = users.find(u => u.username === safeUsername);
  if (!user) return res.status(404).send('User not found');
  const followersHtml = `
    <h2>@${escapeHtml(user.username)}'s Followers</h2>
    <ul>${user.followers.map(f => `<li>${escapeHtml(f)}</li>`).join('') || '<li>No followers yet.</li>'}</ul>
    <div class="actions"><a href="/users/${escapeHtml(user.username)}">Back to Profile</a></div>
  `;
  res.send(htmlWrapper(`${escapeHtml(user.username)} Followers`, followersHtml));
});
router.get('/users/:username/following', (req, res) => {
  const safeUsername = req.params.username.replace(/[^\w-]/g, '');
  const user = users.find(u => u.username === safeUsername);
  if (!user) return res.status(404).send('User not found');
  const followingHtml = `
    <h2>@${escapeHtml(user.username)} is Following</h2>
    <ul>${user.followings.map(f => `<li>${escapeHtml(f)}</li>`).join('')}</ul>
    <div class="actions"><a href="/users/${escapeHtml(user.username)}">Back to Profile</a></div>
  `;
  res.send(htmlWrapper(`${escapeHtml(user.username)} Following`, followingHtml));
});
module.exports = { router };

MORE SOON

GvYoutube

snoopythe3 wrote:
Hello! So I noticed that we are making a admin.js file and i saw this line of code:
let admins = ['kRxZy_kRxZy', 'Snoopythe3']; 
Can i safely add everyone who helped with the code to the list or do I have to wait until it comes out? And will it have restrictions that Higher-ups can change?
Snip

MORE SOON

DELETE the admin files until release, the add everyone.
This poses a high security threat as people can know what user is an admin, and how to sign in to thier GH once we are able to have the implementation.

snoopythe3

We could just put it as an environment variable for now in render so its secret

Swiftpixel

GvYoutube wrote:
snoopythe3 wrote:
Hello! So I noticed that we are making a admin.js file and i saw this line of code:
let admins = ['kRxZy_kRxZy', 'Snoopythe3']; 
Can i safely add everyone who helped with the code to the list or do I have to wait until it comes out? And will it have restrictions that Higher-ups can change?
Snip

MORE SOON
DELETE the admin files until release, the add everyone.
This poses a high security threat as people can know what user is an admin, and how to sign in to thier GH once we are able to have the implementation.

To be honest the website is already filled with security threats

SmartCat3

I think it might be better to use something like firebase instead of having a backend.

SmartCat3

Or we can just store articles in Markdown on github, and render them using marked

snoopythe3

Bump

snoopythe3

Why did i forget that its not in advanced topics

snoopythe3

Bump

snoopythe3

bump

snoopythe3

bump

snoopythe3

bump

snoopythe3

Bump

snoopythe3

Bump

GvYoutube

unrelated but I'm currently eating a cup of luck charms that's barely has marshmallows in it.
where did they go

snoopythe3

Guys i made a points system so if you complete a task you get a point https://www.classdojo.com/ul/p/addKid?target=class&class=CEANJA8

Last edited by snoopythe3 (Sept. 3, 2025 15:06:01)

GvYoutube

snoopythe3 wrote:
Guys i made a points system so if you complete a task you get a point https://www.classdojo.com/ul/p/addKid?target=class&class=CEANJA8

S I R D

snoopythe3

GvYoutube wrote:
snoopythe3 wrote:
Guys i made a points system so if you complete a task you get a point https://www.classdojo.com/ul/p/addKid?target=class&class=CEANJA8
S I R D

lol

da-ultimate-creater

Bump
This topic has been bumped by SushiCat_75's Bump Shop.
visit us here: https://scratch.mit.edu/discuss/topic/828552/

Discuss Scratch