
Show HN: Automatically Thank Patreon Backers with OpenFaaS - alexellisuk
https://github.com/openfaas/backer-thankyou
======
koolba
Been a while since I've used Python but I'm pretty sure this code isn't
performing any validation the inbound events[1].

I'd expect some kind of signature validation or a call out to a Patreon API to
verify the authenticity of the request. Otherwise if I know the endpoint of
this handler I can get it to tweet anything I'd like from your account with a
simple cURL request. Could also specify a dummy patron_link and get the
service to bombard it.

[1]: [https://github.com/openfaas/backer-
thankyou/blob/15c22da638f...](https://github.com/openfaas/backer-
thankyou/blob/15c22da638f982623680187dd8220978a88baa81/patreon-
responder/handler.py#L15)

~~~
hnarn
As someone who barely uses curl, could you give an example of a curl command
that would send this kind of request?

~~~
j_s
One great way to get curl commands is the Chrome Developer Tools Network tab's
'Copy > Copy as curl' right click menu option.

------
zaarn
That does kind of take the sincerity out of it, in my opinion.

Atleast in a small community it should be no problem to thank supporters
individually and that is IMO more important than automating the task.

~~~
alexellisuk
We're doing both and know most of the backers so far - this is dogfooding
OpenFaaS functions. Webhooks are a perfect use-case for functions.

~~~
toomuchtodo
Awesome work on OpenFaaS. It serves a critical need in defending against
serverless vendor lock-in.

