TsundokuDB Future Home
This page will be the new home of Tsundoku DB, a project started by Roachie.
The old site's method of requesting most of the files stored in the JSON database was broken by a decision by the hosts to patch the request headers exploits I had been using to serve you content.
I have chosen a new host, and this time they will be more reliable, hopefully. I am working on the frontend, so the new site should go up here in spring of 2024.
- Exploit?
- Ok, maybe I exaggerated. It was less of an exploit, technically an oversight. I was using 2 oversights by both discord and google to essentially use both services as a hacky cdn by storing data in 8 mb javascript files and hosting them as discord attachments, or as 8 mb css files and hosting them on google drive. Normally, CORS restrictions do not allow you to do this, but since both scripts and stylesheets are inline resources, they could still be used to store and fetch data cross origin. In other words, I stored massive amounts of data hidden in javascript and CSS files. In 2024, either google or mozilla killed the bug that allowed me to host stylesheets from google drive and then discord rolled out their url params update that essentially breaks old hotlinks and now gives any new ones a time limit. Probably to mitigate server costs since they may have realized that people were using discord as a file host.
- Now What?
- Well, I decided to host my database using a more "legit" method. And the "legit" method is my unlimited google drive subscription that my college forgot to cancel when I graduated 5 years ago, which I wanted to use for something. So I thought this project could potentially make use of it for as long as it remains functional.
- How does the new system work?
- I
load an iframe containing send a GET request to a google script. The google script has been configured to send and receive messages with the webpage and when prompted will generate a new OAuth token. The page then uses this time-sensitive OAuth token to make request to the Google Drive API and get updates, fetch and download files, etc.
- Is this legit?
- More legit than my old hacky unofficial cloud storage squatting system. I'm not sure if Google intended for Google Apps Scripts to be used in this manner, but for as long as this service exists, I think it's likely there will be other ways of obtaining OAuth tokens. And if google drive eventually fails me, I'll find another way to do this. Who knows. Maybe someday I will be able to afford to run an actual dedicated server for this in my home.