Announcing Fluxo 1.0, a Kanban Dashboard for Trello

 

Now that’s a great milestone Hugo but can you tell me what’s new in this release?

-Almost nothing, but let’s turn the clock back a week…

About a week ago on my way to work I started to notice how my Kanban dashboard had some trouble loading. Naturally I opened up the developer tools in Chrome and noticed a lot of “429 Too Many Requests” errors. (The Trello api has a Rate Limit that you can read about here http://help.trello.com/article/838-api-rate-limits )

That’s odd, it can’t be that many people using Fluxo at this time in the morning I thought to myself, and then it hit me. Someone had probably hijacked my Trello application key because I was using Trello’s own Client.js with the key and it was all stored on GitHub in a public repo.

From Trello’s on how to use their Client.js documentation:

<head>
<!-- ...  -->
<!-- The client library requires jQuery  -->
<script src="http://code.jquery.com/jquery-1.7.1.min.js"></script>
<script src="https://api.trello.com/1/client.js?key=substitutewithyourapplicationkey"></script>
<!-- ...  -->
</head>

I remember thinking that this client side key exposure could cause some issues the first time I started to use it but I hadn’t thought about it ever since.

Anyways I decided to do a complete rewrite and use a server side OAuth solution instead. And last Friday I actually finished it.

To sum it up Fluxo now uses a server side OAuth solution and I also added a 5 minute caching on all requests to prevent hitting the Rate Limit of 300 requests per 10 seconds.

This time no keys are stored in the repo, a lesson I’ve learned the hard but funny way,

Hugo

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.