Audible Backup 的评价
Audible Backup 作者: Patrick Meyer
Patrick Meyer 的回应
开发者回应
发布于 4 年前Haha, your assessment is almost spot on. I'm the author of this plugin and here are some pointers to why I made some of those bad decisions:
Q1) support whatever amazon.[tld] and audible.[tld] site you actually need:
Yes, totally. I actually verified the scraper to work for amazon.com too but I wasn't too sure how to integrate the many audible sites UX wise. Currently I just check if the library URL of audible.de redirects to the login page. If not: change the icon and stop showing the login link. It should be fairly easy to integrate more audible sites, it's mainly these UX flows that needs to be redesigned.
Q2) stop asking for access to every website:
Yeah.. I'd like to. Thing is, as you noted, this plugin uploads to a self hosted server. I want my half a dozen friends using this plugin to be able to set their own server URL via the plugin UI. That means I can't actually know which sites I have to give this plugin access to in it's manifest. Ideas welcome. On a site note: This isn't actually webdav. It probably should be but I just hacked together some rest API. The server is not even open source (yet?). It's rather simple though.
Q3) default to saving files locally:
I considered adding this functionality, but last time I checked this wasn't really feasible. The file picker is AFAIK not able to pick a folder at all, but only files. There is an experimental FileSystem JS api, but that was pretty much chrome only last time I checked. Would be great to have though, I agree!
Q4) only ask for a remote upload host if someone wants that (then add that host to the sites it has permission to access, and treat ID and PW info securely):
I'd love too, I don't think I can ask for host permissions past the installation though. If you find a way I will fix this. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions Otherwise you could upload a second, more locked down, version of this plugin that only has access to the audible domains. Only makes sense after solving Q3 though.
Re "treat ID and PW info securely": That is actually precisely the point of this extension. It never touches your username, password or even cookies at all. It just piggybacks onto your existing session. It requests audible endpoints. If you are logged in, the browser itself will inject the cookie into the request. If the audible endpoint doesn't redirect us to login we are good. This plugin never comes into contact with your session information and never sends any authentication information to the backup server. Feel free to audit/use from source :) https://github.com/HerrSpace/audible-backup-webextension
Thanks for taking the time to write this and I'm sorry this experience has been so frustrating for you.
Q1) support whatever amazon.[tld] and audible.[tld] site you actually need:
Yes, totally. I actually verified the scraper to work for amazon.com too but I wasn't too sure how to integrate the many audible sites UX wise. Currently I just check if the library URL of audible.de redirects to the login page. If not: change the icon and stop showing the login link. It should be fairly easy to integrate more audible sites, it's mainly these UX flows that needs to be redesigned.
Q2) stop asking for access to every website:
Yeah.. I'd like to. Thing is, as you noted, this plugin uploads to a self hosted server. I want my half a dozen friends using this plugin to be able to set their own server URL via the plugin UI. That means I can't actually know which sites I have to give this plugin access to in it's manifest. Ideas welcome. On a site note: This isn't actually webdav. It probably should be but I just hacked together some rest API. The server is not even open source (yet?). It's rather simple though.
Q3) default to saving files locally:
I considered adding this functionality, but last time I checked this wasn't really feasible. The file picker is AFAIK not able to pick a folder at all, but only files. There is an experimental FileSystem JS api, but that was pretty much chrome only last time I checked. Would be great to have though, I agree!
Q4) only ask for a remote upload host if someone wants that (then add that host to the sites it has permission to access, and treat ID and PW info securely):
I'd love too, I don't think I can ask for host permissions past the installation though. If you find a way I will fix this. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions Otherwise you could upload a second, more locked down, version of this plugin that only has access to the audible domains. Only makes sense after solving Q3 though.
Re "treat ID and PW info securely": That is actually precisely the point of this extension. It never touches your username, password or even cookies at all. It just piggybacks onto your existing session. It requests audible endpoints. If you are logged in, the browser itself will inject the cookie into the request. If the audible endpoint doesn't redirect us to login we are good. This plugin never comes into contact with your session information and never sends any authentication information to the backup server. Feel free to audit/use from source :) https://github.com/HerrSpace/audible-backup-webextension
Thanks for taking the time to write this and I'm sorry this experience has been so frustrating for you.