From a51de6b8f6f19d46628c881f4d6328b442fb009b Mon Sep 17 00:00:00 2001 From: xTrayambak Date: Sat, 17 Aug 2024 10:50:12 +0530 Subject: [PATCH 1/2] (add) URL validation for URLs in `donation` field --- package_scanner.nim | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/package_scanner.nim b/package_scanner.nim index b8a63b39c..f354d7328 100644 --- a/package_scanner.nim +++ b/package_scanner.nim @@ -23,7 +23,7 @@ import std/strutils import std/httpclient import std/streams import std/net - +import std/uri const usage = """ Usage: package_scanner [--old=packages_old.json] [--check-urls] @@ -35,7 +35,6 @@ Options: const allowedNameChars = {'a'..'z', 'A'..'Z', '0'..'9', '_', '-', '.'} - proc checkUrlReachable(client: HttpClient, url: string): string = var headers: HttpHeaders = nil if url.startsWith("https://github.com"): @@ -105,7 +104,7 @@ proc checkPackages(newPackagesPath: string, oldPackagesPath: string, checkUrls: var client: HttpClient = nil if checkUrls: client = newHttpClient(timeout=3000) - client.headers = newHttpHeaders({"User-Agent": "Nim packge_scanner/2.0"}) + client.headers = newHttpHeaders({"User-Agent": "Nim package_scanner/2.0"}) var modifiedPackagesCount = 0 var failedPackagesCount = 0 @@ -122,6 +121,13 @@ proc checkPackages(newPackagesPath: string, oldPackagesPath: string, checkUrls: let url = pkg.getStrIfExists("url", "") logPackageError("Duplicate package " & displayName & " from url " & url) + if "donations" in pkg and checkUrls: + for url in pkg["donations"]: + try: + let res = client.get(url.getStr()) + except ValueError as exc: + logPackageError("Invalid donation link: `" & url.getStr() & "` (" & exc.msg & ')') + # isNew should be used in future versions to do a conditional inspection # of the package contents which requires downloading the full release tarball let isNew = not oldPackagesTable.hasKey(pkgNameNorm) @@ -203,7 +209,6 @@ proc checkPackages(newPackagesPath: string, oldPackagesPath: string, checkUrls: if failedPackagesCount > 0: result = 1 - proc cliMain(): int = var parser = initOptParser(os.commandLineParams()) var newPackagesPath = "" From c7da714f19573c7d7268914f4754284d60000a46 Mon Sep 17 00:00:00 2001 From: xTrayambak Date: Sat, 17 Aug 2024 10:51:02 +0530 Subject: [PATCH 2/2] (add) documentation on how to add donation links --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 79f43520d..0de7e653e 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ optional): * web - An optional URL for humans to read additional information about the package. * doc - An optional URL for humans to read the package HTML documentation + * donations - A list of URLs that can be used to monetarily support the author of this package. Check [Accepting Donations](#accepting-donations) ### Requirements @@ -89,6 +90,23 @@ For example: ... ``` +## Accepting Donations + +You can optionally link donation URLs that can be used by other users to support you. \ +Try to link a mainstream donation website like BuyMeACoffee, Patreon or OpenCollective over less well-known ones to make it easier for others to support you. + +Donation links must follow the following guidelines: +* They must be valid URLs +* They mustn't be malicious (see [Donation Abuse](#donation-abuse)) +* If you decide to close your account on any of the websites you use to accept donations, you must remove the link from all your packages that still link to that URL. + +This is a relatively new feature (as of 17th of August 2024, the time of writing this, it hasn't been merged into Nimble's master branch) and the vast majority of Nimble clients will simply ignore this field for now. Newer ones that are taken from a source like `choosenim` or from a rolling release Linux distribution's packages will likely receive this update shortly after the [pull request](https://github.com/nim-lang/nimble/pulls/1258) is merged. + +If you wish to send a donation to a library's developer and are on a version of Nimble that supports this feature, run `nimble sponsor `. + +### Donation Abuse +Your package will be removed without notice if you attempt to use this feature maliciously (i.e, phishing via typosquatting or through another means) and you might be banned from adding your packages to the index for an indefinite period of time. + # License * `package_scanner.nim` - [GPLv3](LICENSE-GPLv3.txt)