Hi everyone, it's been over a month since I released my SC2 Pay project (you can read the intro post here if you're interested) and I'm really sorry it's taken me so long to put out another update!
Switched to using a browser popup window for security
In the comments of the first post a number of users quickly pointed out that my implementation presents a security issue because it's not possible to see the address bar for the SteemConnect iFrame to validate it's actually coming from steemconnect.com and not a phishing site.
They were absolutely right, and as a result I have now changed the plug-in to use a browser popup window in which the address bar is visible instead of a modal popup within the same browser window. It is now easy to look and validate that the URL is actually steemconnect.com.
Another big benefit of this change, aside from the increased security, is that the plug-in is now no longer dependent on jQuery or Bootstrap libraries! I am always in support of reducing dependencies so that's a big win in my opinion.
Added support for payments using Vessel!
Anyone who follows @jesta's awesome work might remember that a few months back he added support for the steem:// URI scheme into Vessel (the Steem desktop wallet software). You can read more about that here.
There are many reasons why using a desktop wallet software is more secure than copy/pasting keys into a web page, and I know some people prefer that option, so I thought it would be good to add support for it to this project so anyone using this plugin can offer both options to their users. Of course, I might have to change the name from SC2 Pay to something more generic, but I'll get to that when I get to it!
As you can see from the animated gif above, it's super smooth and just as easy as using SteemConnect in addition to being more security. The only drawback, from the development perspective, is that when using Vessel there is no way for the web page to know if the user cancelled the payment.
When using SteemConnect it checks to see if the popup window is closed so it knows that the user has cancelled the payment and it can stop checking to see if it went through and/or show some type of payment cancelled message to the user. When using Vessel if the payment isn't made then the code will just keep checking for 2 minutes and then stop.
Verify all transactions on the back-end
As I mentioned in the last post - you should NEVER trust a front-end callback as a completed purchase. You can pass the information from the front-end call back to your own server-side code to independently validate that the transaction actually took place before delivering any products. It's not included in the scope of this project but i'm always available if you need any help with that!
Please send me your feedback!
As I mentioned I received some great feedback on my initial post about this which has led to the changes made here...but I'm sure there's more things I could do better so please let me know in the comments or feel free to submit an issue or pull request to the GitHub repo!
Overall my hope is that this add-on can help more third party sites and services accept STEEM and SBD payments in as seamless and user-friendly a way as users are used to with other traditional payment methods.
Last, but not least, here is the link to the project on GitHub and relevant commits:
Look's really cool with the popup and Vessel integration :) Well done on the update! You could even make things lighter and easier to integrate if you get ride of
sc2.min.jsandsteem.min.js, you dont need encryption libraries embed in steem.js and sc2.min.js is only used for these lines: https://github.com/steemit/steemconnect-sdk/blob/2d91c5cd025b17d236c95b9a36f898d56fcfe1af/src/sc2.js#L206-L211Also does it check for irreversible block?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It doesn't check for irreversible block - that's a great idea so I'll have to look into that. Also good points on further reducing the dependencies, will also add that to the list! Thanks for the feedback and support as well as all the great work you do on SteemConnect and Busy!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I recently found out about Vessel and am going to have to look into using it. The world of code and apps is still pretty foreign to me. However, it seems Vessel can make life a little easier.
Thank you,
Spencer Coffman
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I have a quesiton:
That means if I want to integrate with a service, I have to call "checkSteemTransfer" in backend again. Is that duplicated? Why don't I just keep calling an api in which I check the transfer? Usually when we use a payment service, like stripe, they provide both "callback" and "webhook" api. I hope we can change to that.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yes, this is only a front-end SDK right now, it is not a full end-to-end payment service and requires additional validation on the server-side.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
You got a 23.65% upvote from @postpromoter courtesy of @postpromoter!
Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I am very interested in projects that allow people to use Steem in more ways. SC2 seems like it could be huge for the platform. I will be following closely!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great post...
Thank for sharing...
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
A successful project with more features and more safety, I wish to win everyone's trust , I wish you more success for your project.
thanks u for sharing , good luck my dear friend @yabapmatt
all the best for you.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
These are some amazing updates. Steembottracker is making a difference in all of our Steemit experiences. Thank you!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi @yabapmatt
Sorry for writing this here.
I want to ask you, what if a voting bot doesn't upvote post after taking money?
I use steembottracker.com, I sent 3SBD to @appreciator 1 hour ago for my dmania post.
But I couldn't get upvote altough voting round is over. They finished voting but they didn't vote my post. My post was listed in voting round. But not voted... They also didn't vote 3 other posts except mine... And you know there is not any contact method...
They are taking money. Then making a mistake or so... That's all.
We can't even contact them... Commented on their blog posts but no reply... Also 1 SBD has gone for @sneaky-ninja yesterday. Of course they did not refund back too.
It's unfair.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It's great
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
hi @yabapmatt I am sending 4 SBD - not upvoting. please help. url link
@postpromotor
https://steemit.com/r1/@melisound/sang-h-kim
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi @melisound, I'm very sorry about the missed vote. I have just refunded your 4 SBD. Unfortunately the bot does have errors sometimes but I am working hard to resolve them and I always refund anyone who did not get a vote. Please let me know if there is anything else I can do for you.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I think it's great now that you have added the security, the browser popup is better ,in this way people can see the link too. I think your work is beyond appreciation. Brother you have done a great service to the community. Thank you
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Is there a simple tutorial for using bots. I'm confused here.
I tried using from steembottracker and got a negative ROI ( though it was positive there).
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I don't think it needs more transformation now, it looks OK to me, you have added all possible things to it, what else can we want.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
nice post,,,guy
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
The more such blogs start coming the more life becomes easier.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
The steem bot tracker is fun, educational, and I have made some bidding friends too. IMHO, it would be useful to have a number shown besides the "Send Bid" button showing how many people are "going to send bid" at that moment. That is a counter of possible upcoming bids. I think there should still be some time lag technically, but interested to see if this indicator will affect the final bid amount.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Steemconnect.com can be accessed now properly, that issue you solved enhanced it to a greater extend though there are things to be taken in consideration for more betterment.. thanks for the updates @yabapmatt
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks @yabapmatt you have been working to make everything easy for us...thank you for the work....it will be of great help to everyone
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
after i read this post !! and in my opinion very interesting and profitable for every user .. very good @yabapmatt ??
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi @yabapmatt,
I have one suggestion for the Steem Bot Tracker: I think that a min age column should be added next to the max age column.
I usually wait for a nice offer to reach three minutes until vote, then publish a prepared post and send funds to a bot, so I would like to know that the bot will accept my bid prior to publishing the post.
Thank you again for all your work for the community!
Cheers,
@lifenbeauty
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
hello @yabapmatt
I have a delegation around 100k sp,
how do i become an automated bot and listed on steembottracker
Please help me!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi @novaswanner - please contact me on Discord or Steemit.Chat to discuss.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Can you explain this? https://steemit.com/steemit/@adonisabril/when-bid-bots-and-steembottracker-has-gone-to-shits
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Wow! It's one of your brilliant works which impressed me. I believe that it will create new opportunities for third parties. And users will feel more comfortable when it comes to the payout
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This is great! I love seeing stuff like this happen.
Good work 😍
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
The post is quite amazing, please permit me to post again .....
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I hate Javascript with a passion, but it looks like it might be worth learning it, just for this!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Does it support memo with "#" ? Looks like i got an invalid memo error when testing?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks for all the help you have given to the platform. I have just given a vote of witness to you actually as an acknowledgement of your good work not just as a witness but as a developer for Steemit enhancement. Hope to see more great things from you!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I didn't use Vessel because of lack of security. Looks like it's getting to the point, where more and more people will have guts to at least try it out ;)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hey man, came to show you my support, read the post attentively to find a way to contribute, but couldn't find one.
I feel like a hacker using the center command to format my posts so...
Well, security is vital and yeah, I always check the pop up to see if it IS steemconnect, so glad that is easier to do.
Cheers!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great post tnx for sharing I just upvoted.
steemit all the way.
check out my new post.
UPVOTE COMMENT RESTEEM.
@gclipse
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Just found you today, really like everything I'm seeing! Just voted you for witness @yabapmatt!!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
@yabapmatt
Your bot failed.
I clearly voted in the last voting block and it instead moved it to the newest voting block, which is now swamped with everyone else this also happened to.
I do not want to be a part of that block.
I'd appreciate a refund.
Thanks.
(Sorry to post this here. Also I'm aware the error was likely due to steemit issues this morning and not the bot directly)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi @jonny-clearwater - yes you are correct about the steemit issues affecting the bot. I am working on the situation now and will make sure everyone gets a fair-valued vote or a refund.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks.
I messaged you on chat too.
Thanks for handling the situation.
Steem on!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I also really appreciate your quick reply.
You do some great stuff for this platform.
I've just given you a witness vote!
Cheers
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi @yabapmatt, I've been working on a bot (@steemroasted) for the last few weeks, I've been testing it relentlessly and I've finally ironed out all the bugs and security risks.
It's not a big bot yet but I've put a lot of time and money into it and would love to see it succeed.
I've done the custom JSON a few times but I'm not listed yet, I'm assuming I have to contact you? My discord is @sisygoboom#6775
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi. Boss.
Well as you know I am a lover of steemit and I love to help and support others by reading their posts enjoying views of their pictures, memes, films...etc. and upvoting with resteeming their posts....
And I due to my illness and 2 heart attacks I reduced my activities on steemit but I still have good clients who are still asking daily for my simple humble resteeming service...
Can You please help me to set up a real automatic bot for resteeming ....
I will accept all of your suggestions and deal condition...
As you know. .. resteeming does not require delegations....
Can you...please?
Samet
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit