"Based on the way your application uses our infrastructure, your monthly bill for team My Team is projected to go from $ 20 to $ 69 on July 22nd."
I'm surprised by this change in pricing. This will likely force me to move to fly.io. Curious if others had a similar price hike. I utilize a single "seat" for a single repository on my Team plan. This plan has around 1.1million middleware edge invocations each month. This previously was the only limit I was exceeding for many months.
Hey chaz! Currently not an option, and as I write that out, you're right that it should be an option.
Even if it was something like "/api/read?key=getOnlyThisKey" which returns your value or perhaps a 404 or maybe a 204, implying your response was succesful, but there was no key with the specified requested key.
Hmmm, it looks like the post is flagged. I had to look up what that meant. I'm guessing I may be breaking the rule of including the website name in the title of the post. :(
I mean, there's a whole industry dedicated to preventing abuse of computing resources exposed to the internet. You basically opened your MongoDB instance to the world - you are lucky they haven't already stored anything horribly illegal in there.
Anything is certainly possible on the internet, if or when that happens I'll intervene.
Implementing authentication and or authorization is not beyond my ability, and could have been setup, but it would have severely tarnished ease of access to the platform, and hindered the amount of people who already tried out the service.
The hubris of software engineers never ceases to amaze me. I'm not trying to scare you here, I am just gently suggesting that you might not have the capacity to provide this as a public service. Keep using it for your projects if it works for you, maybe wrap it in a docker container for other people to deploy on their own if they so want.
Side note, I just tested a curl command with
-d '{"key": {"$regex": ".*"}, "value": "..."}'
and it went through, updating the already existing first key in the collection, so you're not even sanitizing your inputs - there's likely some Mongo lookup code that will enumerate the existing collections, or overwrite someone else's data, or possibly read all of it, I am not going to continue with the probing (are you sanitizing the api key?). You can either assume good faith from all your users, or open the API to the internet, but definitely not both.
So far the worst thing is that someone is trying to actively stop my service from being functional? Idk, I guess it's more fun than other things?
Anyways they mass created hashmaps using UUIDs.
Someone lower in the comments made a great point on this, unfortunately this is why people have to crack down on things and require accounts and stuff like that before you can use a service.
:) Service is up and running, but we'll see for how long.
Great idea putting all actions behind a token. This removes most types of abuse.
Still, a great place to backup my video library!
I once thought about doing this using RDF/Tuple based data where most elements are forced to be UUID-4's (whose purpose and meaning are invisible) except for values. I imagined a public service without a token.
Thanks so much for the suggestion and checking me out.
I think for Read it makes a ton of sense to be able to provide a key to only get that specific key from your dataset.
I could add support for allowing you to use your token in the url to avoid headers, but to be very clear that token should NEVER be exposed to other users or to the public, that token isn't changeable, and if another user has it they can modify your dataset. Maybe I could add read only tokens at some point?
With your exact URL above, are you proposing the ability to Write data from the browser? I see you're providing a value so it lead me to believe you're suggesting writing a key/value pair with your token from the browser
