update readme with slugs table

This commit is contained in:
Joe Ardent 2024-03-31 17:29:48 -07:00
parent 89a985e960
commit d1f45e98ef

View file

@ -20,7 +20,11 @@ of HTML + JS shows it in action:
<script defer> <script defer>
const hits = document.getElementById('allhits'); const hits = document.getElementById('allhits');
fetch('http://localhost:5000/hit/index.html').then((resp) => { fetch('http://localhost:5000/hit/index.html').then((resp) => {
if (resp.ok) {
return resp.text(); return resp.text();
} else {
return "I don't even know how many"
}
}).then((data) => { }).then((data) => {
hits.innerHTML = data; hits.innerHTML = data;
}); });
@ -38,6 +42,15 @@ then visit http://localhost:3000 you should see that there is 1 hit, if this is
you're trying it out. Reloading won't increment the count until the hour changes and you visit you're trying it out. Reloading won't increment the count until the hour changes and you visit
again, or you kill and restart Hitman. again, or you kill and restart Hitman.
If you see a log message like `rejecting invalid slug index.html`,
you'll need to add the allowed slugs into the `slugs` table:
``` sql
insert into slugs (slug) values ("index.html"), ("user");
```
See the note on security below.
### Privacy ### Privacy
The IP from the request is hashed with the date, hour of day, `:page`, and a random 64-bit number The IP from the request is hashed with the date, hour of day, `:page`, and a random 64-bit number
@ -52,4 +65,6 @@ There is no need to put up a tracking consent form because nothing is being trac
### Security? ### Security?
Well, you need to give it a specific origin that is allowed to connect. Is this enough? (lol, no) Well, you need to give it a specific origin that is allowed to connect; this isn't really enough,
though. To mitigate the potential for abuse, the code that registers a hit checks against a set of
allowed slugs. Any time you add a new page to your site, you'll need to update the `slugs` table.