Hello, I’m creating a system where I can send cross-server messages. I do this by connecting to Discord’s view channel API to get the most recent message in a certain channel. This channel is only accessible to developers.
function DiscordComm:Poll(retrys)
local suc, response = pcall(function()
local d = http:GetAsync(string.format(self.URL, self.Channel_Id), false, {["Authorization"] = string.format("Bot %s", self.Token)})
return d
end)
if not suc then
if retrys then
for i = 1, retrys do
self:Poll()
end
end
return
end
if response then
local messages = http:JSONDecode(response)
local recentMessage = messages[1]
local content = recentMessage.content
return content
end
return
end
The result of this is then sent to players via another method where a remote event is fired and a UI is created on everyone’s screens displaying the message. I’m worried that if I don’t filter this, my game may get shut down. But on the text and chat filtering developer hub article, it says
“Some games connect to external web servers. In some cases, this is used to fetch content that is used to display information in game. If the content of the external site is not in full control of the developer and it is possible for a third party to edit the information, that content should be filtered if it is to be displayed.”
Developers are the only people in full control of discord channel (only developers can view the channel and send messages) and the script is obviously a server script. No one else can touch it. But I know how Roblox moderation can be.
I’m using Discord so that I don’t have to join the game. I’m currently using MessagingService for my active game but I have to join the game and type a command in chat. It’s much more convenient if I can just type a message into Discord and have it display across all servers
What do you mean by ‘inefficient’? If you’d look at the script I provided, it clearly shows that I wrapped the HTTP call in a pcall to handle errors and included retries. Not sure why you’re saying that HTTP errors will break my script when I clearly already have systems in place to combat it.
It isn’t slow by any means (bear in mind you are still dealing with webhook request limits if any? I’ve never used Discord webhooks so I’m unsure). Like the OP said, they’ve provided pcalls in the situation they do fail.
Personally (from past experience with the shoddy Roblox moderation) I would play it safe and filter the text. You could make a throwaway alt to test the contrary though.
It isn’t combating it, it simply is doing if the GetAsync is erroring then another GetAsync will appear and it will just error as you can’t do 2 requests in <0.1 seconds
I’ve used webhooks in a old project, when a user presses a button (Having a 10 seconds debunce for every player with 25 players pressing at the same second we got a Discord alt banned very fast.
Logging with webhooks are a bad idea anyway, iirc we ended up getting Roblox server ip’s being black listed which was a result of this being made. We got whitelisted again though!
I don’t think anyone wants to go through that again lol
It is better being into this Roblox Discord Webhook Proxy Server than just doing a script which… Is replacing Messaging Service with Discord if he can only send the Message to the webhook and the Messaging service to go though all the servers?
AFAIK Discord chat channels are treated the same as the Roblox chat. Content pulled from Discord like this needs to be (or should be) filtered because it’s a chat channel and content isn’t considered in your full control since others can send messages that you can’t edit.
The highlighted excerpt is more for things pertaining to working raw data, certain configurations and web server responses. As you bear the responsibilities of the actions of your developers, content control over the content they submit is needed as well.
The explanation may seem a bit different but the gist is effectively the same the whole way through: if the content is displayed to a user, it must be filtered if it’s not strings you write out. If you are just working with raw data in the backend, you can continue to do so without trouble.
PS: I’ve recategorised this post to Game Design Support as this issue pertains primarily to the design of your system rather than an issue regarding programming.
The proxy isn’t being maintained anymore. It’s just up to the OP for what they want to do, I’m not familiar with MessagingService so I’m not if the same effects can be created.
I’m probably just going to filter text anyway to play it safe, but I must ask, what do you mean by this? All content being pulled from Discord channels will only be written by me or my brother, who is the only other developer working on this project. It sucks that I have to filter this because then my messages might end up being tagged out, which defeats the purpose of a cross-server messenger. My use-case for this is mainly notifying players a few minutes prior to shutting down servers.
Won’t lie, I don’t know either. It’s not exactly clear about what the expectations are. I’m not staff myself so I can’t give a definitive answer about how moderation interprets this either. The only way I’ve understood it so far is that if the content you pull can’t be edited by you (e.g. a string in Studio can be, but not a Discord chat), then it’s not considered your under your control.
Alright, this is getting confusing. I’m looking into filtering the strings but every filter functions needs a playerFrom argument, and some need a playerTo. I’m not sure who I would set playerFrom to in this situation.
playerFrom, and the wording on the developer hub, all imply that user generated text must be filtered. But this text is not user generated, it’s developer generated. Wiki says:
"A game not using this filter function for custom chat or other user generated text may be subjected to moderation action." user generated text
I don’t know what to do now that I know filtering takes a playerFrom argument. I would like to just filter to be safe but I don’t even know how I would do that now. It’d be nice if the wiki clarified what the expectation is here.
