7
votes
News Desk Updated!
A few weeks ago I posted a project I was working on to read news from the command line. I incorporated the suggestions given in that thread (license, requirements.txt, etc), incorporated suggestions I've received elsewhere, and added a few features.
Here's the updated link: News Desk
Any feedback would be much appreciated!
Edit: And a specific point for feedback. I store the user's API key in ~/.nd_config/key
which I think is a step up from requiring the user to set their key as an environment variable (which is how I had it originally). Still though, is there some way I can not store the key in plaintext and still have it in a format that is readable by the computer and can be used to verify API access?
No matter what you do, you're going to be storing something in plaintext, even if it's an encryption key. Good APIs are generally designed to have their keys easily deauthorized and replaced (think of changing the lock on your door if someone manages to get your house key copied), and great APIs allow you to restrict permissions for certain keys so that even if the key is compromised you can mitigate any risk of data theft or tampering. Always just assume that your keys will be compromised and put safeguards in place ahead of time :)
Thanks for the reply! I hear what you're saying. This post says essentially the same thing, but also argues that many smaller security features add up to better overall security than one catch-all feature. Down the road I think I'll add a feature the encrypts the key and then decrypts it for use.
You're right though, the API does allow you to very easily regenerate your API key, which I think is a neat feature. I spent a good chunk of today making sure that if a user saves their key in
~/.nd_config/key
as they're prompted to and then has to regenerate it they won't see any errors, but instead just prompted to re-set their key value.That all sounds like the way to go. You're absolutely right that adding some additional hurdles is a good thing. I definitely don't intend to discourage you from that :)
Your configuration files should be stored in XDG_CONFIG_HOME/nd_config, in compliance with XDG specifications: https://wiki.archlinux.org/index.php/XDG_Base_Directory_support
So after a quick scan, am I right in that it basically says I just need to nest
.nd_config/
inside~/.config/
(so~/.config/.nd_config/key
in total)?Also thanks, I was looking for something earlier about where config files like this are actually supposed to go, but couldn't find much after a quick search so just kind of made it up
Not necessary .config (although this is what it will be in most cases), but whatever $XDG_CONFIG_HOME is set to.
This is probably not very helpful, but thanks for letting me know about newsapi.org! I could really use that in a project I’m working on. I was using google news rss but that does not scale, and is not really authorized. I can’t believe I had not heard of newsapi before.
Hey no problem, glad to help! It's been pretty great so far. The free developer account allows for 1,000 requests per day which is more than enough for almost anyone. Down the road I'd love to find some way to have the same functionality without requiring the user to register for an API, but for now this works.
Just so this type of out of the loopiness doesn't happen to me in the future, where did you learn about newsapi.org?
Well I originally was looking for an API from the Washington Post because I was going to build essentially the same project, but manually retrieving articles from the news sources I wanted. Somehow in my search for a proprietary WaPo API I stumbled upon this.
Here's another one that I just found recently: https://newsapi.aylien.com/
Thanks again!