Is there an existing issue for this?

• I have searched the existing issues

What happened?

1. A bug with turnsile where the widget doesn't show up

Console output:

sitekey was not provided

2. A bug with getPageData where returns code 500

Reference:

[{"error":{"json":{"message":"Unexpected end of JSON input","code":-32603,"data":{"code":"INTERNAL_SERVER_ERROR","httpStatus":500,"path":"site.getPageData"}}}},{"error":{"json":{"message":"Unexpected end of JSON input","code":-32603,"data":{"code":"INTERNAL_SERVER_ERROR","httpStatus":500,"path":"site.getPageData"}}}},{"error":{"json":{"message":"Unexpected end of JSON input","code":-32603,"data":{"code":"INTERNAL_SERVER_ERROR","httpStatus":500,"path":"site.getPageData"}}}}]

Steps To Reproduce

1. Go to website

Project

Website

What browsers are you seeing the problem on?

Firefox, Chrome, Safari, Microsoft Edge

Relevant log output

Check references

Code of Conduct

• I agree to follow this project's Code of Conduct

Providers to add:

• Discord
• Google
• Github
• Battlenet
• Faceit
• Steam
• Apple
  Add envs for client id and secret for all.

Should implement multiple providers before MVP to discourage reliance upon Discord as a provider

• OAuth should be eligible for Google
• OAuth should be eligible for Discord
• OAuth should be eligible for GitHub

General Idea

Currently on the submission, review, and sign in page there is no explicit way for the user to agree to the terms, there is only an implicit agreement. Therefor, there must be a checkbox for the user to click to signal they agree to the TOS and Privacy Policy. This checkbox would be on the sign in / sign up page, thus meaning that we likely don't need the additional notices on the submission and review page because the user must be authed to access these paged and you shouldn't be able to signup withoit agreeing.

implementation details:
There should be checks client and server side that the user agreed to the terms. The client side check just prevents them from sending, and the serverside check is just a flag in the json object.

Problem

Proper Description

Any Alternatives?

None

Additional context

Is there an existing issue for this?

• I have searched the existing issues

What happened?

Yarn errors out in ci due to The lockfile would have been modified by this install, which is explicitly forbidden.

Some relevant issues:

• yarnpkg/berry#2948
• yarnpkg/berry#2561
• yarnpkg/berry#4598

Steps To Reproduce

1. Run the pr ci workflow

Project

Website

What browsers are you seeing the problem on?

No response

Relevant log output

Run yarn install
➤ YN0000: ┌ Resolution step
Resolution step
➤ YN0000: └ Completed in 0s 570ms

➤ YN0000: ┌ Post-resolution validation
Post-resolution validation
  ➤ YN0000: │ @@ -12555,13 +12555,12 @@
  ➤ YN0000: │    linkType: hard
  ➤ YN0000: │  
  ➤ YN0000: │  "typescript@patch:typescript@*#~builtin<compat/typescript>, typescript@patch:typescript@[4](https://github.com/waldo-vision/waldo/actions/runs/4358512079/jobs/7619182677#step:4:5).9.4#~builtin<compat/typescript>, typescript@patch:typescript@^4.8.4#~builtin<compat/typescript>":
  ➤ YN0000: │    version: 4.9.4
  ➤ YN0028: │ -  resolution: "typescript@patch:typescript@npm%3A4.9.4#~builtin<compat/typescript>::version=4.9.4&hash=d73830"
  ➤ YN0028: │ +  resolution: "typescript@patch:typescript@npm%3A4.9.4#~builtin<compat/typescript>::version=4.9.4&hash=23ec76"
  ➤ YN0000: │    bin:
  ➤ YN0000: │      tsc: bin/tsc
  ➤ YN0000: │      tsserver: bin/tsserver
  ➤ YN0028: │ -  checksum: 37f6e2c3c[5](https://github.com/waldo-vision/waldo/actions/runs/4358512079/jobs/7619182677#step:4:6)e2aa5934b85b0fddbf32eeac8b1bacf3a5b51d01946936d03f5377fe86255d4e5a4ae628fd0cd553386355ad362c57f13b4635064400f3e8e05b9d
  ➤ YN0000: │    languageName: node
  ➤ YN0000: │    linkType: hard
  ➤ YN0000: │  
  ➤ YN0000: │  "unbox-primitive@npm:^1.0.2":
  ➤ YN0000: │ 
  ➤ YN0028: │ The lockfile would have been modified by this install, which is explicitly forbidden.
➤ YN0000: └ Completed
➤ YN0000: Failed with errors in 0s 691ms
Error: Process completed with exit code 1.

(https://github.com/waldo-vision/waldo/actions/runs/4358512079/jobs/7619182677)

Code of Conduct

• I agree to follow this project's Code of Conduct

Is there an existing issue for this?

• I have searched the existing issues

General Idea

Currently there is no way to add the trusted role to a user without digging directly into the database. A option to add the trusted role needs to be added to the edit user dropdown.

Problem

There is no way to add the trusted role to a user.

Projects

Website

Any Alternatives?

No.

Additional context

Ex of how the role option should be added ^^^^

Code of Conduct

• I agree to follow this project's Code of Conduct

It is intended that the front-end parts would be hosted on the existing domain through the cloudflare instance. This way we can maintain styling accordingly and would be a separate page on the existing tailwind/vite site.

Using the preferred framework by the front end team, the submission form should require the Discord username, Discord ID, and a valid YouTube video URL. In addition to these factors, there should be some kind of human authentication input (ReCAPTCHA or Turnstile).

An additional possibility for authentication would be to use a Discord OAuth application on the web form.
https://discordjs.guide/oauth2/#a-quick-example

Add option to label a submitted clip as 'Aimbot' or 'No Cheats' when a Trusted User (or higher privileged role) is submitting a clip.

This option should not be visible to standard users.

I'm imagining a dropdown list item where a user can select from the options to allow us to expand the types of cheats that can be labelled in the future.

Create a low-code implementation of a dashboard for usage by admins to manage users and submissions.

Initially this should be very minor and more or less work as a query search system to look up all users, user by ID and perform ban action.

• Create design for simple queries by User UUID, User Discord ID, or YT URL
• Create view for displaying returned data from the simple as configuration [JSON or YML (?)]
• Create action buttons to ban user or remove footage

The objective of this task is to create and validate the schemas projected for the MVP.

• Accounts Table (?)
• Users Table/Schema
• Footage Table/Schema
• Voting Table/Schema
• Session Table/Schema (?)

Husky, idk where you are with this but thought this would be a good way to keep track of monitoring and alert imp status (once rdy ofc)

Create endpoint to ban a specific user
DELETE /user/:uuid (?)

• For the time being this should update the banned boolean in schema

Need to choose an orm for next auth. Whatever this orm ends up being, it will likely replace the backend orm for the sake of consistency.

General Idea

The next config shouldn't ignore typescript and eslint.

• Don't ignore typescript
• Don't ignore eslint

Problem

They are currently ignored and prevents us from catching errors before runtime.

Proper Description

its above

Any Alternatives?

we should just not

Additional context

The ts ignore is easy, but the eslint config is held up by turbo in docker. From what I've seen, the eslint config files are getting added, thus the lint fails because its not using our rules.

General Idea

The getYtVidDataFromId endpoint should be removed and should instead be an internal function used to seed data into the nessicary endpoints.

Problem

The getYtVidDataFromId can be abused by malicious actors to spam the yt api using our key, potentially getting us ratelimited.

Proper Description

_

Any Alternatives?

No, this is nessicary task

Additional context

_

Is there an existing issue for this?

• I have searched the existing issues

What happened?

NOTE: This does not seem to occur with docker.

The endpoint verifyUser is used to check whether a user is a bot or not. This endpoint is then called by the client to see whether it passed the test or not. Then the browser makes the decison whether to send the "turnstile protected" api call. The server completly trusts all api requests (assuming they have proper auth). This in effect means turnstile does nothing because anyone could just send auth'd api requests without ever having to worry about turnstile.

Steps To Reproduce

Use a "secured" page. (ie one with the turnstile component)

Project

Website

What browsers are you seeing the problem on?

Chrome, Safari, Microsoft Edge

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Backend

• Make sure api security is up to snuff
• nextjs security headers
  • csp
  • referance nextjs's guide
  • need to apply 'unsafe-eval' only when not in prod
• Fix review page re-render bug
• k8s cluster
  • vault
  • website
    • docker image
    • helm chart
  • docs
    • docker image
    • helm chart

docs

• robots.txt
• 404 page
• #148 includes
  • #145
  • #99
  • #146

Frontend

• styling: terms of service, snackbar, disabled option and a scroll viewbox issue on chrome based browser
  all on login page
• robots.txt
• Context migration
  • isLoading for each page working
  • Session migrated
• #58
  • Account
  • Review
  • Upload
  • Maintenance
• Finish Admin dash design
• Gameplay @ceriddenn
• Legal (rican)? 23/12/2022
  -[ ] add pages for each legal document.
  • update tos link in footer
  • add privacy policy
  • add cookie policy
  • add code of conduct?
• Min Legal required for comm testing
• Update acc page (gameplay) responsiveness
• User Panel search and filter logic @ceriddenn
• Fix any build errors (next build)
  (feel free to add any other tasks here)
• make roles an enum again
• review
  • should use turnstile here too
  • getReviewItems currently exposes the FULL user schema this INCLUDES THE USER EMAIL!!
  • page doesn't consistentlyload
• comeplete 'resolved' items in #61
  • there are a number with the comment will solve later, these should be addresses in new prs
• #35
• make turnstile site key an env var
• Add a design to the new Finished component that renders if the review page no longer receives gameplay docs for the user.
• dashboard
  • handle apply functions on the pages use the change arg, but its not clear what the number it contains repersents
    (just going to add comments that explains what each # change does -ceri)
  • remove typecasting in the form of as, defeats the purpose of ts

R&D: Validate kubernetes deployments and public accessibility on staging server

• Implement Kubernetes cluster on staging server
• Create docker images for each app (web, desktop)
• Upload images to repository for cluster usage
• Align cluster to use docker images for each project container

see infra project board for updated info on this task

General Idea

• Remove the Proper Description feild and make Additional context optional.
• Is missing the I agree to follow this project's Code of Conduct box like the one in the bug report template.
• It's also missing the projetc selection found in the bug reports

Problem

This isn't implamented

Proper Description

_

Any Alternatives?

no, this is the way

Additional context

_

As husky changes the redundant naming, this is just a reminder to change the api name usage in the upload or login pages or any page that uses trpc.

Update placeholder legal documentation text with proper documents.

• Privacy Policy
• Cookie Policy
• Terms of Service

Update schemas to store details about the available formats for the YouTube video
Store available formats and desired video details into database

• Get available formats from YTDL
• List available formats, statistics, and ratings for criteria
• Validate legit YT video with acceptable footage criteria (eligible for download/processing)

Create an algorithm that serves clips for people to review.

This algorithm should do the following:

1. Randomly show a clip to a user for review.
2. Stop showing clips after they have X amount of reviews.
3. Automatically flag clips in the database as community confirmed or community rejected.

All api endpoints should be carefully evaluated to meet the following criteria:

• Least privillage
  • Can't access/modify other user's data
  • Can't access systems they shouldn't be able to use
    • like access/modify the blocklist in any capacity

Migrate/Re-initialize the existing endpoints into Next API using TPRC.

• Migrate current Express API to a basic Next API
  • /footage
    • POST
    • GET
    • GET /:uuid
    • DELETE /:uuid
    • PATCH /:uuid
  • /clip
    • POST
    • GET
    • GET /:uuid
    • DELETE /:uuid
    • GET /download/:uuid
  • GET /user
  • GET /clips
• Move into web app project?

General Idea

All our projects should have open graph images, as they not only greatly increase SEO, but also the user experiance for people sharing our sites on social media sites.

For the main site, we can use satori to dynamiclly built the images (it we want), and for the docs we need to hand create some images due to the static nature of the site.

Problem

We current;y don't have any open graph images.

Proper Description

_

Any Alternatives?

We could not have open graph images

Additional context

_

• Implement docs gh-pages deploy
• need linting
• should also lint styles too

Create a role for Trusted User, that allows the user to label clips that they upload with a aimbot / no cheat option.

This role will have privileges higher than a standard user, but lower than a moderator/admin.
This role will NOT have access to the admin dashboard.

All higher roles will have the permission to label uploaded clips as well.

Could I get some feature requests or feedback on current design to implemment them into draft design on figma

Is there an existing issue for this?

• I have searched the existing issues

General Idea

Document the entire workflow of releasing waldo to prod.
Document the need to create migrations every time the schema is updated.

Problem

we need docs

Projects

Website, Docs Site

Any Alternatives?

none

Additional context

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Is there an existing issue for this?

• I have searched the existing issues

What happened?

Hy i use debian 11 in a proxmox VM and try to get through the install Instructions here: https://docs.waldo.vision/en/getting-started/
When I run the command yarn turbo run db:push I get this output:

$`yarn turbo run db:push
• Packages in scope: backend, database, desktop, docs, eslint-config-custom, tsconfig, web
• Running db:push in 7 packages
• Remote caching disabled
database:db:push: cache bypass, force executing 60ab0451ae0ca164
database:db:push: Prisma schema loaded from prisma/schema.prisma
database:db:push: Datasource "db": CockroachDB database
database:db:push: 
database:db:push: Error: Prisma schema validation - (get-config wasm)
database:db:push: Error code: P1012
database:db:push: error: Environment variable not found: DATABASE_URL.
database:db:push:   -->  schema.prisma:10
database:db:push:    | 
database:db:push:  9 |   provider = "cockroachdb"
database:db:push: 10 |   url      = env("DATABASE_URL")
database:db:push:    | 
database:db:push: 
database:db:push: Validation Error Count: 1
database:db:push: [Context: getConfig]
database:db:push: 
database:db:push: Prisma CLI Version : 4.10.1
database:db:push: ERROR: command finished with error: command (/opt/waldo/packages/database) yarn run db:push exited (1)
command (/opt/waldo/packages/database) yarn run db:push exited (1)

 Tasks:    0 successful, 1 total
Cached:    0 cached, 1 total
  Time:    1.521s 

 ERROR  run failed: command  exited (1)

It says Environment Variable not found but i set the Environment Variable as in the instructions.

my .env file from /opt/waldo/apps/web:

# make sure to update the turbo.json

DISCORD_CLIENT_ID=example
DISCORD_CLIENT_SECRET=example

# google api
GOOGLE_CLIENT_ID=example
GOOGLE_CLIENT_SECRET=example
YOUTUBE_API_KEY=example

GITHUB_CLIENT_ID="myclientID"
GITHUB_CLIENT_SECRET="mysecretkey"

BTLNET_CLIENT_ID=example
BTLNET_CLIENT_SECRET=example

TWITCH_CLIENT_ID=example
TWITCH_CLIENT_SECRET=example

FB_CLIENT_ID=example
FB_CLIENT_SECRET=example

# cloudflare
CLOUDFLARE_TURNSTILE_SECRET=example
NEXT_PUBLIC_CLOUDFLARE_TURNSTILE_SITE_KEY=example

# database
DATABASE_URL="postgresql://root@localhost:26257?sslmode=disable"

# next auth
NEXTAUTH_URL=example
NEXTAUTH_SECRET=example

I tried to put "postgresql" in the /opt/waldo/packages/database/prisma/schema.prisma file with the same result.
How can i set the database variable correctly. Can I use my existing mysql database? And how?

Steps To Reproduce

run
yarn turbo run db:push

Project

Website

What browsers are you seeing the problem on?

No response

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Create a breaking change guide (changelog)

A list of tasks that really should be completed, but are so small they don't require their own issue.

• migrate next auth file to ts
• fix all turbo cmds in the root
• #34
• fix packages
  • move dev dependencies out of the main dependencies in every package.json
  • remove unneeded packages from root
    • they should be moved to the necessary apps/packages
  • fixed in #36
• #45
• each app should have an example env file
  • should also make the env file names consistent across them
• update naming
  • based on the terminology provided by Rican
  • rename "footage" to "gameplay"
  • rename "clip" to "segment"
  • Update frontend (toast) msgs to use segment and gameplay terminology
  • update db schema
  • also see #44
• Fix chalkra type defs
• Fix prisma not being imported right (might need to wait on a patch from prisma itself)
• Cleanup eslint config
• fix errors
  • typescript (mostly chalkra, need to figure something out, maybe a module def)
  • eslint/prettier
• migrate to file based directory methods reference

If you complete one of these please edit this post, mark it as complete and link to where it was completed.

Finish google OAuth verification after website page is live on prod.

• Create designs for initial login page
• Implement basic UI/UX for OAuth methods
• Create UI/UX for linking accounts between authentications

Overview v1.0.0🚀

This is an overview post for the Waldo data collection site v1.0.0. This will mention all the issues that have been assigned and/or currently assigned. We will also discuss future features we could to improve the project.

What is the goal for this side project? ⭐

The project involves the creation of a data collection site where users can submit their own video clips and vote on others, with the goal of building a diverse and representative dataset for training a machine learning model. Some of the benefits of this project include the potential to improve the fairness and integrity of online gaming, as well as the opportunity to gather valuable data for machine learning research. However, there are also several roadblocks that we will need to tackle, including issues related to data quality and privacy, as well as the challenges of detecting complex and varied cheating behaviors. We will need to carefully consider these and other factors as we move forward with the project.

What features does it have directly to an end user or community? 💫

• The project will allow the submission of video clips; users would be able to upload their own video clips, from a video hosting provider in this case YouTube, of video game gameplay for inclusion in the dataset.
• It will also allow the voting on video clips where users would be able to view and vote on other users' video clips to indicate whether they believe the clip contains the correct gameplay footage type. This could help to improve the quality and relevance of the dataset by providing a way for the community to provide feedback and input. This will benefit us as managing and going through every submission manually is not a valid solution.

How users can get involved, such as by submitting video clips or voting on others' submissions? 🎉

We are inviting the community to participate in the project by submitting video clips of gameplay footage that you believe may contain instances of cheating or hacking. You can do this through our data collection website. In addition, you can help to improve the quality and relevance of the dataset by voting on other users' video clips and indicating whether you believe the video contains the correct gameplay. Your input will be valuable in helping us to build a comprehensive and accurate dataset for training our machine learning model.

What are the timelines for the project, including any milestones or deadlines that have been set? 💎

We have set the following timeline for the project:

• January: Trial run of the data collection site, including user testing and debugging
• Mid-January: Version 1.0 release of the data collection site, including basic features such as submission and voting

We will be closely tracking our progress against these milestones and will update the community as we make progress. If you have any questions or ideas for how you can get involved, please don't hesitate to reach out to us."

Any rules or guidelines that users should be aware of, such as those related to data quality or privacy? 📏

As we develop and test the model, we will be taking a number of ethical and legal considerations into account. Some of the issues that we will be paying particular attention to include:

• Data privacy: We will be taking steps to protect the privacy of the individuals depicted in the video clips, including by obtaining appropriate consent and anonymizing data where necessary.

• Fairness and bias: We will be careful to ensure that the model is trained on a diverse and representative dataset and that it is free from bias. We will also be testing the model to ensure that it performs equally well across different groups of players.

• Transparency: We will be transparent about the methods and techniques used to develop the model, and will be open to feedback and suggestions from the community.

We will be actively seeking input and guidance from experts in the fields of artificial intelligence and online gaming to help us navigate these and other issues as we move forward with the project.

Developers & Contributers 💖

The project involves the development of a data collection site where users can submit their own video clips and vote on others, with the goal of building a diverse and representative dataset for training a machine learning model.

Core Features 🧪

What features are needed for this side project:

• Create and sign up an account.

• Upload a video link from a youtube video and submit it to our backend database.

• Review gameplay with either yes or no on other peoples submissions.

• Admin Panel

Accounts

We will be using Oauth providers such as Google, Facebook & more.

• Login
• Logout
• Sign up
• View account details
• Ability to delete account

Uploading gameplay

We are using youtube for video hosting.

• Upload links
• Ability to view and delete submitted gameplay

Reviewing gameplay

A place for users to review uploaded gameplay

• Review gameplay that has never been seen
• A way for managing certain videos on a certainty of "Yes" and "No"

Admin Panel

For admins to remove, add or create moderators and other admins and gmaeplay.

• Ability to search all of users
• Search all of gameplay and the ability to remove it
• Way to stop certain services such as site maintenance, upload, reviews and sign ups.

R&D: Find and implement best lightweight option for rate limiting on Next API system

• Research ideal rate limiting system for Next API
• Implement rate limiting framework for Next API

• Privacy Policy
• Terms of Service