Add Forgejo/Codeberg-specific documentation #2

n0toose commented 2023年05月14日 18:47:00 +02:00

During my efforts to investigate a more accessible CAPTCHA, I came across some difficulties with testing the repository in a real environment, as I am not very proficient in Golang. I created this change so as to lower the bar required to get started with Codeberg-related contributions in the future.

I had some difficulties with using the replace directive properly (see: Codeberg/forgejo@b45069b323), but I came across Go Workspaces and decided to use that instead, as it's apparently a new standard introduced in Go 1.18 that works better than the replace directive in local developer environments. Further changes, e.g. explicitly excluding go.work, were deemed out-of-scope and will be made later.

The code is not that complex and it is in our best interest to attract as many contributions as possible, even from beginners. That influenced the way I wrote this document, e.g. recommending SQLite3.

During my efforts to investigate a more accessible CAPTCHA, I came across some difficulties with testing the repository in a real environment, as I am not very proficient in Golang. I created this change so as to lower the bar required to get started with Codeberg-related contributions in the future. I had some difficulties with using the `replace` directive properly (see: https://codeberg.org/Codeberg/forgejo/commit/b45069b3237a92b998295dd28c23184d4ad02eeb), but I came across Go Workspaces and decided to use that instead, as it's apparently a new standard introduced in Go 1.18 that works better than the `replace` directive in local developer environments. Further changes, e.g. explicitly excluding `go.work`, were deemed out-of-scope and will be made later. The code is not that complex and it is in our best interest to attract as many contributions as possible, even from beginners. That influenced the way I wrote this document, e.g. recommending SQLite3.

n0toose commented 2023年05月16日 11:11:41 +02:00

Misclick.

Misclick.

fnetX commented 2023年05月16日 14:06:13 +02:00

TBH, I don't think that we should invest much time into this captcha library here. It's pretty much stupid simple code we forked off to make it a little harder for bots. If we want to have an accessible solution, we should just drop the captcha IMHO.

We could replace it with mcaptcha and see how it goes, or just disable it completely and see how it goes.

I can merge it anyway, but I think there's a better direction. Someone should propose to try disabling the captcha at the annual assembly, and then we can see if we can live without.

TBH, I don't think that we should invest much time into this captcha library here. It's pretty much stupid simple code we forked off to make it a little harder for bots. If we want to have an accessible solution, we should just drop the captcha IMHO. We could replace it with mcaptcha and see how it goes, or just disable it completely and see how it goes. I can merge it anyway, but I think there's a better direction. Someone should propose to try disabling the captcha at the annual assembly, and then we can see if we can live without.

n0toose commented 2023年05月16日 18:43:11 +02:00

If we want to have an accessible solution, we should just drop the captcha IMHO.

Well, we still get spam even WITH a CAPTCHA. CAPTCHAs can be done in an accessible manner too, e.g. what's 2 times 7. mCaptcha should be fine.

Is the user's IP transmitted onto a hypothetical mCaptcha instance (GDPR), would we host mCaptcha ourselves, or does Codeberg act as a proxy?

> If we want to have an accessible solution, we should just drop the captcha IMHO. Well, we still get spam even WITH a CAPTCHA. CAPTCHAs can be done in an accessible manner too, e.g. `what's 2 times 7`. mCaptcha should be fine. Is the user's IP transmitted onto a hypothetical mCaptcha instance (GDPR), would we host mCaptcha ourselves, or does Codeberg act as a proxy?

n0toose commented 2023年05月18日 23:11:12 +02:00

See: Codeberg/Community#479 (comment)

See: https://codeberg.org/Codeberg/Community/issues/479#issuecomment-581973

n0toose commented 2023年05月18日 23:26:21 +02:00

Maybe my intentions here with this PR were not super clear, which is why the conversation here steered away from the subject that I wanted to concentrate on. For clarity: This repository, no matter how silly the captcha is, has one concept that I'd like to preserve; it contains some sort of a base that works correctly with Gitea, and we can just take that thing, replace how two-three functions work, and then do whatever we want on top of it without necessarily doing this from scratch. The "show the user a question in HTML form and then have them submit the answer via an API and check whether it is correct" part is a complex-ish problem that has been already solved.

Maybe my intentions here with this PR were not super clear, which is why the conversation here steered away from the subject that I wanted to concentrate on. For clarity: This repository, no matter how silly the captcha is, has one concept that I'd like to preserve; it contains some sort of a base that works correctly with Gitea, and we can just take that thing, replace how two-three functions work, and then do whatever we want on top of it without necessarily doing this from scratch. The "show the user a question in HTML form and then have them submit the answer via an API and check whether it is correct" part is a complex-ish problem that has been already solved.

fnetX commented 2023年05月21日 10:54:17 +02:00

We are already hosting mcaptcha. The integration bit is missing.

We are already hosting mcaptcha. The integration bit is missing.

n0toose commented 2023年05月21日 11:22:01 +02:00

Spoke with gusted over all of this and he told me that it's a matter of "having someone to look after whether it's stable" and pointed me to the right configurations under Codeberg-Infrastructure - I worked on this PR out of relative ignorance. If that doesn't work out, feel free to let me know and I'll continue working on it.

Spoke with gusted over all of this and he told me that it's a matter of "having someone to look after whether it's stable" and pointed me to the right configurations under `Codeberg-Infrastructure` - I worked on this PR out of relative ignorance. If that doesn't work out, feel free to let me know and I'll continue working on it.