Readit News logoReadit News
darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
byearthithatius · 5 months ago
I already accidentally uploaded a cookie that I now need to reset because the website doesn't let me delete the curl -_-
darubramha · 5 months ago
You can delete the curl request if created from a logged in account.

Non-logged in curls are auto purged after 30 days.

darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
ustad · 5 months ago
Hey, that looks great.

Could you describe more about the docker sandbox that you have? I am especially interested in the network restrictions.

darubramha · 5 months ago
The sandbox is a lightweight Alpine-based container, it runs as a non-root user for security, it has minimal dependencies installed (curl, bash, coreutils)

The container has restricted outbound access—only HTTP/S requests are allowed. It runs inside an isolated network namespace with no access to the host network or other infrastructure components. There's no inbound access, and the container can't receive unsolicited requests from the outside world.

The sandbox container can only communicate with other containers in the same network, the main application container and sandbox container are on the same network, allowing them to communicate.

darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
polishdude20 · 5 months ago
Why the need for an account to execute? Are you executing the command on behalf of the user on your server? Is it possible to just do it locally in browser?
darubramha · 5 months ago
Yes — executions are done server-side, inside a resource-limited, sandboxed Docker container. That’s why login is required: to prevent abuse, rate-limit usage.

I have a feature working to allow users browser side execution, but as others have also pointed out CORS is a big blocker for client side execution not working for all APIs.

darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
byearthithatius · 5 months ago
Multiple people already did and are confirming they can't even delete it. This website is literally a security issue itself.
darubramha · 5 months ago
Hey, you can absolutely delete any curls created if done from a logged in user, for others it will get auto-purged in 30 days of non-usage.
darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
fitsumbelay · 5 months ago
This is a pretty cool project.

One thing: it's rejecting dict lookups as invalid URL, eg. `curl dict://dict.org/d:failure:fd-eng-fra`

I'm checking first here whether I missed something in the docs about not supporting DICT before I add issue to the GH repo

darubramha · 5 months ago
You didn’t miss anything in the docs. Right now uncurl.dev only supports http/https (and technically ftp, though it’s untested). Protocols like dict://, smtp://, etc. aren’t parsed or handled correctly yet, which is why you’re seeing that “invalid URL” error.

I hadn’t actually considered dict:// usage, I see the bug report as well, thanks, will see if I can include it.

darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
niek_pas · 5 months ago
Looks cool! One bug I found:

`curl www.google.com` works using 8.7.1 on macOS, but I get "Please enter a valid curl command" on your website.

darubramha · 5 months ago
:) the curl command parser expects some flags of GET, POST, stupidly overlooked, will get it fixed!
darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
Tabular-Iceberg · 5 months ago
It seems very particular about what curl options it supports. I keep getting “Please enter a valid curl command” no matter what I do.

Maybe the only solution is to somehow extract the actual command line parser from curl itself.

darubramha · 5 months ago
Hey that is weird, can you file a bug report here with the curl you were trying?

https://github.com/uncurl/uncurl-support

darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
markerz · 5 months ago
FYI, you can delete anyone's CURL (including your own if you were unauthenticated) with the following curl:

https://uncurl.dev/curl/78ab4bf5-34e8-45a0-b3b1-32dd6aa7e360

or this command

    curl -X DELETE "https://uncurl.dev/api/curls?id=051606b5-49c8-4f14-9689-4d424f71d331"
Looks like deletes are unauthenticated.

darubramha · 5 months ago
Haha love that you shared the curl with the uncurl.dev url!

Yes, delete is unauthenticated as highlighted, will be working on a fix for this. And you can delete any API if it is created as a logged in user.

darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
byearthithatius · 5 months ago
It 100% is because he just keeps your curl and you can't even delete it. He just keeps it forever for himself even if you made a whoops. Already accidentally uploaded my HN user cookie and had to reset it. JFC.... -_-
darubramha · 5 months ago
I have implemented auto-purge all curls that are created without login will get auto deleted after 30 days of non-usage.

You can absolutely delete your curl if you have created as a logged in user.

darubramha commented on Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI   uncurl.dev/... · Posted by u/darubramha
benoitg · 5 months ago
The Jetbrains suite of IDEs have this handy feature : if you copy a curl command into an HTTP scratch file, it is automatically converted to the HTTP equivalent, which is IMHO much more readable.

Your project looks very cool though, and expands on the share aspect of the Jetbrains feature, very interesting!

darubramha · 5 months ago
Appreciate the kind words—and the comparison!

uncurl.dev kind of grew out of that same spirit, but with the goal of making the output shareable and executable in a browser, especially for folks who might not have an IDE set up or are outside the usual dev loop (PMs, etc.)

d

u/darubramha

KarmaCake day51September 1, 2015View Original