Luablox - Reliable noblox.js endpoint for groups

Resources Community Resources
, , ,
#1

luablox
luablox1146×272 81 KB

:computer: Github: Click me! | :building_construction: ‎‎‎‎‎Roblox model: Click me! | :credit_card: License: Licensed under MIT

:open_book: Introduction

Greetings, everyone. Today, I am releasing my first ever module, Luablox. What is Luablox? Luablox is a reliable endpoint URL that interacts with noblox.js and can be used to execute various tasks, mainly group-wise. I have seen other modules created in the past, but those were outdated or were using Glitch, something extremely unreliable considering how long it takes for HTTP requests to execute and for the project to wake up. Hence, I present to you Luablox, a 24/7 online endpoint for groups to use!

:comet: How to install

Intalling Luablox to your own game is fairly easy. After downloading the model from the Roblox library, enter Studio and insert it via the My Models tab in the Toolbox. After inserting your model, make sure to move the Server script over to ServerScriptService for it to properly function. You can now begin using Luablox!

:computer: Documentation

Here is full documentation of what Luablox can currently do:

server.GroupShout()
Parameters:

  • cookie - Your bot’s account cookie, see below on how to obtain it
  • groupid - The group ID that the ranking will take place at. Note: Please ensure that the bot has shout permissions inside the group for it to work, else it will sadly not work.
  • shoutstring - The string you wish for the bot to output inside the shout message in the group.

Permissions required: Create shout messages.

server.setRank()
Parameters:

  • cookie - Your bot’s account cookie, see below on how to obtain it
  • groupid - The group ID that the ranking will take place at. Note: Please ensure that the bot has ranking permissions inside the group for it to work, else it will sadly not work.
  • target - The user ID of the player you wish to set the rank.
  • rankid - The rank ID that the user will receive upon executing this function.

Permissions required: Manage member roles.

server.Promote()
Parameters:

  • cookie - Your bot’s account cookie, see below on how to obtain it
  • groupid - The group ID that the ranking will take place at. Note: Please ensure that the bot has ranking permissions inside the group for it to work, else it will sadly not work.
  • target - The user ID of the player you wish to promote.

Permissions required: Manage member roles.

server.Demote()
Parameters:

  • cookie - Your bot’s account cookie, see below on how to obtain it
  • groupid - The group ID that the ranking will take place at. Note: Please ensure that the bot has ranking permissions inside the group for it to work, else it will sadly not work.
  • target - The user ID of the player you wish to promote.

Permissions required: Manage member roles.

More to be added in future versions.

:keyboard: Code examples

Creating a group shout:

local server = -- Replace this with the path to the server module. Make sure to require() it as well.
local cookie = "" -- Replace this with the bot's account cookie.
local groupId = 6074059 -- You can replace this with your own group ID.

server.GroupShout(cookie, groupId, "This is a test message!")

Promoting a user in the group:

local server = -- Replace this with the path to the server module. Make sure to require() it as well.
local cookie = "" -- Replace this with the bot's account cookie.
local groupId = 6074059 -- You can replace this with your own group ID.

game.Players.PlayerAdded:Connect(function(player)
server.Promote(cookie, groupId, player.UserId)
end)

:pencil2: Final remarks

I hope my module will help a lot of groups with their projects, whether that can be an application center with an automatic system ranking or anything possible you can imagine. If you are a more experienced programmer, feel free to copy the source from GitHub and create your own module by forking the source code. The module is relatively new so if you locate any bugs, please report them on GitHub or down below along with any errors you might get so as to get them fixed. Here are some extras to end off.

:warning: Trust and Safety

To avoid any further requests in the future with the topic “How can I trust the module?” please see the source code at Luablox - Replit and match it up with the URL used inside the Lua server script:

image
image1083×22 3.54 KB

I do not and would never have any bad intents and I am not in any way storing or caching any account cookies, data collected by HTTP requests such as cookies are voided so they are unknown to me. Feel free to use this module at max safety

How to get an account cookie

Chrome: Sign up for a new bot account, make sure to remember the credentials so you don’t get locked out. When at the home page, right-click your window, and select Inspect. This window should pop up:

image
image757×896 122 KB

Next, head over to the Application tab:
image
image204×640 6.71 KB

Head over to cookies → https:/ /www.roblox.com
image
Scroll down until you find .ROBLOSECURITY, click on it and copy the contents of it, and there you have it!

WARNING: DO NOT share the account cookie with anyone you don’t trust as they can access the bot and rank or demote everyone in the group.

13 Likes
#2

This post was flagged by the community and is temporarily hidden.

1 Like
#3

Actually it wouldn’t. Feel free to ask another Javascript developer, but the Roblox account cookie is not cached or stored in any of the scripts, feel free to refer to the source in my GitHub repo if you wish to view the full code.

5 Likes
#4

This post was flagged by the community and is temporarily hidden.

2 Likes
#5

You can view the repl of which the system is being hosted at Luablox - Replit Comparing the URL of the repl to the URL inside the Lua server script, image
you can inspect the code freely, as it is the original.

5 Likes
#6

Hi!

Cool to see you have made something for the Roblox developer community, however there are several issues present that need to be addressed.

First of all, we have to trust the word of you, an unknown individual with no real liability should anything happen, and we’re taking your word for it.

“I do not and would never have any bad intents […]”

Although that’s how your current state of mind is, we have no guarantees for this. In addition, you might change your opinion when your service gets big enough and someone offers you $10,000 to get the data. I’m not saying this is you, but this is a real possibility.

Second of all, sending API requests with a highly sensitive account cookie is dangerous and should be avoided. You might find some services that do this with their APIs, but usually that’s because their API tokens aren’t as dangerous if leaked.

In addition, they have most likely set up a system that excludes logging the urls on every request, making it unlikely that the API keys get exposed. Sensitive Roblox account cookies sent in the requests can be exposed if your service provider logs requests, usually full URLs are included in logs (compared to headers).

Excluding the security concerns (which are definitely there), there’s no guarantee that you keep your system up, and it might break, or, you give up on it, and the consumers are left in the dark.

I have no intention to bring down you or your project but the issues above need to be addressed so the users can feel more safe, however, as an individual it’s not that likely that you can make people comfortable enough to use your service. Still a cool creation, though.

4 Likes
#7

Thanks for your concerns. This resource is currently for showcasing purposes mostly but is still free to take. I am still working on patching security leaks in the code to avoid abuse of it. I appreciate your concerns and your post will be taken into consideration. To add, I have placed servers in order to move my code into a more reliable host.

#8

If it’s meant for showcase then it should go into #help-and-feedback:cool-creations instead of #resources:community-resources, this category is meant for all sorts of things to help with development of games, not for someone to showcase something.

1 Like
#9

You can still download and use the module. I am patching some security bugs inside the code to make it even more reliable. The code works fine as of now.

#10

Forgot to add, there is no virtual way of the token getting leaked, I am the only one contributing to the project. HTTP data get voided after the function is executed and there is no way on obtaining them. I do not collect any data whether that’s a cookie or otherwise. Finally, no, nothing is logged anywhere whether that’s private or visible to the public.

#11

Something I don’t understand is how every time I come up with an idea, it gets created. I thought of this like 2 days ago, and now here we are. I also thought of Roblox Zoom and Roblox Netflix before they were created. This blows my mind.

Anyways, great module! It saves the time of learning JavaScript.

1 Like
#12

Thank you for the feedback, haha. And I am sure that one day you will think of something unique and creative. I am also planning on releasing a tutorial on how to fork my own system and create your own, for beginners so stay tuned!

#13

Nice module! Honestly, I have no words for how good this could be!

1 Like
#14

I looked through his code and it seems to be an extension of noblox.js. (noblox.js Home)
I do not see anywhere he is storing or stealing anything. As far as I can see this is safe like he claims.

1 Like
#15

the other thing you could do is take his code and host it yourself you have everything you would need to do so.

2 Likes
#16

  1. Pasting raw cookies into scripts is not safe until Roblox adds environment variables. I actually have been making something like this but was going to release it when environment variables are added.

  2. Does your repl have any DDoS protection?

  3. In the past, repls have been remotely edited. Yours might become a target.

  4. What if your repl account gets hacked?

  5. Do you have hacker plan on Replit? Otherwise, this endpoint will run pretty slowly when a decent amount of people use it.

1 Like
#17

To give an answer to most of the questions in your post:

I have placed an order for a server to move everything in there, thus ditching repl.it.

#18

It would be cool if you could set the cookie and groupid once so you don’t have to pass them as arguments every time.
Something like server.setInfo(cookie, groupid) and then they will be stored internally.
Therefore you could do server.Promote(player.UserId) for example.

#19

This is an interesting feature, but it would cause trust issues among clients, as I would have to store each seperate cookie in a datastore. I will be releasing a tutorial soon on how to fork my own system and create your own.

#20

No no don’t store it in a datastore, just store it in a variable in the module and then use it to create the url.

1 Like