Most active commenters
  • aizk(6)
  • mikedelfino(4)
  • jumploops(3)

←back to thread

WikiTok

(wikitok.vercel.app)
1459 points Group_B | 32 comments | 04 Feb 25 18:40 UTC | HN request time: 0.001s | source | bottom
Show context
aizk ◴[04 Feb 25 18:56 UTC] No.42936923[source]
Hi! I'm the dev here! I built this on a whim at after seeing someone ask for it on twitter. It was 12:30 at night but I couldn't pass down the opportunity to build it.

The code is very simple, there's no backend at all actually, I believe because wikipedia's api is very permissive and you can just make the requests in the frontend. So you just simply request random articles, get some snippets, and the image attached!

I used Claude and cursor do 90% of the heavy lifting, so I am positive there's plenty of room for optimizations. But right now as it stands, it's quite fun to play with, even without anything very sophisticated.

Here is the source code. https://github.com/IsaacGemal/wikitok

replies(18): >>42936962 #>>42936974 #>>42937696 #>>42937871 #>>42937989 #>>42938002 #>>42938007 #>>42938164 #>>42938260 #>>42938330 #>>42939286 #>>42939520 #>>42940031 #>>42940626 #>>42942340 #>>42944933 #>>42945717 #>>42947803 #
1. tomashubelbauer ◴[04 Feb 25 20:44 UTC] No.42938330[source]
Shoutout to APIs that do not enforce CORS preventing requests be made from FE without a need for a BE. There's so many toy apps I started building that would have just worked if this was more common, but they have CORS restrictions requiring me to spin up a BE which for many one-off tools and personal tools just isn't worth doing and maintaining. Same with OAuth.
replies(9): >>42938463 #>>42938484 #>>42938836 #>>42939162 #>>42939366 #>>42939679 #>>42939693 #>>42939990 #>>42944599 #
2. aizk ◴[04 Feb 25 20:52 UTC] No.42938463[source]
The only caveat I feel is that the speed of the API is definitely not comparable to something more purpose built for this kind of scale, but overall I'm happy as it works well enough that I don't have to think about it too hard.
replies(2): >>42938559 #>>42949475 #
3. Klonoar ◴[04 Feb 25 20:53 UTC] No.42938484[source]
I kind of miss the era of JSON-P supported APIs. Feels like such a weird little moment in time.
4. mikedelfino ◴[04 Feb 25 20:58 UTC] No.42938559[source]
I think Github Actions could be used for scheduled builds, so that the initial load would have random articles right in. Further requests could then be made in advance so users would not notice any delay from the API.
replies(1): >>42939936 #
5. spencerchubb ◴[04 Feb 25 21:15 UTC] No.42938836[source]
use firebase cloud functions free tier
6. jumploops ◴[04 Feb 25 21:37 UTC] No.42939162[source]
Shameless plug for Magic Loops -- we run code in isolated MicroVMs and students love our lack of CORS enforcement, as the APIs they build can be easily integrated into their hackathon projects :)
replies(2): >>42940172 #>>42943100 #
7. egonschiele ◴[04 Feb 25 21:50 UTC] No.42939366[source]
nit: same-origin policy is the restriction. CORS isn't the restriction, it's the thing that helps you. CORS is the solution, not the problem.
replies(2): >>42946764 #>>42949446 #
8. tasuki ◴[04 Feb 25 22:10 UTC] No.42939679[source]
There's many services to solve this pain point. I've used https://allorigins.win/ in the past.
replies(3): >>42940663 #>>42946388 #>>42959729 #
9. qudat ◴[04 Feb 25 22:11 UTC] No.42939693[source]
Many platforms can enable proxying through their service to avoid CORS issues: https://pico.sh/pgs#proxy-to-another-service
10. aizk ◴[04 Feb 25 22:29 UTC] No.42939936{3}[source]
Do you have any examples of that I can look at as a reference? I'm used to github actions just being my CI/CD build step checking tool.
replies(2): >>42942098 #>>42945694 #
11. nathansherburn ◴[04 Feb 25 22:32 UTC] No.42939990[source]
A great way to get around this is with an edge function from deno deploy.
12. aizk ◴[04 Feb 25 22:45 UTC] No.42940172[source]
Tell me more?
replies(1): >>42942253 #
13. aizk ◴[04 Feb 25 23:19 UTC] No.42940663[source]
Oh this looks neat!
replies(1): >>42946732 #
14. mikedelfino ◴[05 Feb 25 01:17 UTC] No.42942098{4}[source]
I attempted to implement the schedule trigger [1] on GitHub Actions as an example, but it is not being triggered as I expected. It needs more digging if you're so inclined.

Aside from that, the whole gist is that the initial data can be injected into the static files during the build step, or even saved as separate JSON files that the app can load instead of reaching out to the API. As long as you're willing to refresh the static data from time to time, of course.

I created a basic example at https://schedbuild.pages.dev/ with a rough, manual implementation of a build step. Frameworks like Next.js offer a more sophisticated approach that can render the entire HTML, allowing users to load the static page with the initial data already rendered without Javascript, and subsequent interactions taking over from there more seamlessly.

If the Github Actions schedule feature is ever sorted out, in my opinion it's a reasonable alternative to setting up a backend just for this.

[1] https://docs.github.com/en/actions/writing-workflows/choosin...

replies(2): >>42943078 #>>42945687 #
15. jumploops ◴[05 Feb 25 01:28 UTC] No.42942253{3}[source]
We built an LLM-based no-code "all-code" tool for non-developers to automate their daily tasks.

Counterintuitively, it's been picking up steam among student developers and professional devs due to how fast you can spin up API endpoints.

We're currently working to build on this momentum, and are now shifting focus to existing devs.

tl;dr - we use LLMs to create APIs that are run in Firecracker-based MicroVMs

16. jahsome ◴[05 Feb 25 02:52 UTC] No.42943078{5}[source]
in lieu of a cron server, I use scheduled jobs without any issues for a few production workloads on azure devops (AKA gh actions 0.1).
replies(1): >>42945705 #
17. e12e ◴[05 Feb 25 02:54 UTC] No.42943100[source]
https://magicloops.dev/ ?
replies(1): >>42943802 #
18. jumploops ◴[05 Feb 25 04:28 UTC] No.42943802{3}[source]
That’s it!
19. anon3459 ◴[05 Feb 25 06:21 UTC] No.42944599[source]
Using nextjs with a serverless function acting as a proxy is pretty simple
replies(1): >>42945530 #
20. Liquidor ◴[05 Feb 25 08:14 UTC] No.42945530[source]
Don't you mean Node.js ? I don't see why you would use a full Next.js framework for just a reverse proxy.
21. ◴[05 Feb 25 08:34 UTC] No.42945687{5}[source]
22. mikedelfino ◴[05 Feb 25 08:35 UTC] No.42945694{4}[source]
Edit to the other comment: the cron job wasn't being triggered at first, but turns out it's just slightly delayed. The example has been updated hourly since then.

You can use a schedule trigger [1] on GitHub Actions.

The whole gist is that the initial data can be injected into the static files during the build step, or even saved as separate JSON files that the app can load instead of reaching out to the API. As long as you're willing to refresh the static data from time to time, of course.

I created a basic example at https://schedbuild.pages.dev/ with a rough, manual implementation of a build step. Frameworks like Next.js offer a more sophisticated approach that can render the entire HTML, allowing users to load the static page with the initial data already rendered without Javascript, and subsequent interactions taking over from there more seamlessly.

In my opinion this is a reasonable alternative to setting up a backend just for this.

[1] https://docs.github.com/en/actions/writing-workflows/choosin...

23. mikedelfino ◴[05 Feb 25 08:36 UTC] No.42945705{6}[source]
You're right. I just checked the example project now and it's been updated hourly since then. It's just slightly delayed.
24. swyx ◴[05 Feb 25 10:06 UTC] No.42946388[source]
this ol' one as well https://github.com/Rob--W/cors-anywhere
25. ahoka ◴[05 Feb 25 10:50 UTC] No.42946732{3}[source]
Neet, if you want to leak your users' credentials in a XSS attack.
replies(2): >>42947601 #>>42968560 #
26. ahoka ◴[05 Feb 25 10:54 UTC] No.42946764[source]
Yes, exactly. People who want to "disable" it have no idea how the web works. Developers have all kinds of misconceptions about what it is, I even heard someone saying it disallows backends to call their API.
27. pooper ◴[05 Feb 25 12:34 UTC] No.42947601{4}[source]
I would only use something like this that requires absolutely no authentication. For example, I had a one page app that showed me instantly when the next shuttle(s) were scheduled for my stop. Instead of having to click through multiple steps, this allowed me to see it in one step. As far as I know, I was the only user for this thing I built and put up on gitlab pages. I don't know exactly because I didn't bother to track who visited the page.
replies(1): >>42959741 #
28. bawolff ◴[05 Feb 25 15:06 UTC] No.42949446[source]
And in particular CORS is the region you can read the wikkpedia api cross origin (unless you are doing jsonp, but hopefully they are using CORS because it is better in every way)
29. bawolff ◴[05 Feb 25 15:07 UTC] No.42949475[source]
Could you just preload the next few entries before the user swipes?
30. reynaldi ◴[06 Feb 25 06:43 UTC] No.42959729[source]
These services are called CORS proxies! I recently made an updated list of the currently working free ones here: https://gist.github.com/reynaldichernando/eab9c4e31e30677f17...

Do note that these proxies are for testing only, and they are heavily rate limited.

For production use case, you might consider using Corsfix (https://corsfix.com)

(I am affiliated with Corsfix)

31. reynaldi ◴[06 Feb 25 06:45 UTC] No.42959741{5}[source]
This is the way to go, you wouldn't want to use a CORS proxy for something authenticated/with credentials (e.g. API key). But for public unauthenticated request, they work just fine.
32. aizk ◴[07 Feb 25 02:15 UTC] No.42968560{4}[source]
Oh that explains why it's not a popular architecture.