Coffee-cogs

Applications
#1

Discord Name: @co.dev

GitHub Repository (Must be V3): GitHub - coffeebank/coffee-cogs: Discord bots for webhooks, invite-based welcomes, moving messages, and more ☕🧩

Description: A repo with customized and niche cogs for targeting specific pain points.

Hi Red team! Been a longtime user of Red bot. Was not expecting to verify my repo due to the Dpy 2.0 situation, but things have settled down a bit, and perhaps the repo can get a fresh pair of eyes on and some polish before launching into approved territory.

All cogs should work on v3.5. A lot of the code is pretty rusty, please let me know if there are improvements that can be made (on top of any changes necessary for the approval process) :')

If any cogs are unapprovable, let me know and I shall move them out to an unapproved repo or archive/delete them altogether.

Thanks!

#2
#3

Thank you for your patience.

Commit hash: d98281e8704725341163966cd8b0bc4ca6a8f590
Red v3.5.14
Consider only bullets prefixed with :memo: to be required.

General

  • Consider using TitleCase instead of Titlecase casing for your class names to maintain consistency with how users expect to get [p]help for 3rd party cogs.
  • :memo: Several of your cogs use requests (or urllib.requests), which is a blocking way to make HTTP requests. You should instead use aiohttp (as several of your cogs do) to make HTTP requests in an asynchronous way.
  • :memo: Some cogs have requests in their requirements, despite it not being used.
  • Some cogs have aiohttp and asyncio in their requirements. Those libraries are already requirements of Red, so listing them is not necessary.
  • Despite some cogs including it, permissions is not a valid info.json key, and including it will not resolve the need to add proper permissions checking to commands.
  • You have bare except blocks in a few places. Consider at least replacing them with except Exception, to avoid catching standard control errors like the one generated by CTRL+Cing. Ideally, identify the error you actually intend to catch and use that instead (generally discord.HTTPException is a good bet for Discord API calls).
  • Consider checking the response.status in your aiohttp requests in case the URL requested goes offline or has an error.
  • Your cogs don’t have internal consistency between [p]<cog>set (ie [p]barset) and [p]set<cog> (ie [p]setwebsearch).
  • Consider using await ctx.tick() instead of a manual add_reaction call in places where you are just adding a checkmark to the invoking message.

Bartender

  • :memo: [p]barserve does not check if the bot has embed_links permissions.
  • :memo: [p]barset does not check if the bot has add_reactions permissions.
  • The [p]barserve menu tries to use an inline codeblock in the embed footer, but footers do not support formatting codes.
  • The images for the two default drinks are 404s now.

Bookery

  • :memo: Commands do not check if the bot has embed_links permissions where needed.

Clara

  • :memo: Commands do not check if the bot has add_reactions permissions where needed.

CoffeeAni

  • :memo: Some commands do not check if the bot has embed_links permissions where needed.
  • I don’t see anything in the docs or the install_msg talking about the deepl integration, and it also doesn’t seem hooked up to actually ever be called.

CoffeeTime

  • :memo: Commands do not check if the bot has embed_links permissions where needed.
  • [p]timetools user, [p]timetools compare, and [p]time all seem to do a very similar thing.

CoffeeTools

  • I don’t know if it is fair to call this cog a replacement of the General cog, when it only contains a different implementation of one command from that cog.
  • I’m not sure what error case the error message is describing, but the case when it would actually trigger is if the bot does not have embed_links.

DMReply

  • :memo: Commands do not check if the bot has embed_links permissions where needed.
    • In this particular case, the error handling does not catch it, as no error happens. If a message has content and an embed, missing embed perms just makes the embed not appear, it does not cause an error.
  • :memo: It is in the description, but the install_msg for this cog should probably state that all users with mod level permissions will be able to send DMs from the bot using this cog if it is used. The default [p]dm command is owner only, and while it is not unreasonable to offer a cog that allows a larger selection of people to DM from the bot, it could be unexpected.
  • It is unclear what the regex import or compiled patterns are there for.
  • The commands for configuring the embed do not check against embed field limits, which then gets caught by the [p]replydm catch-all error handler that does not explain why it failed.

Emotes

  • [p]ei only responds in two cases
    • If used as a reply to a message containing at least one custom emoji, with the expected output.
    • If used with no argument or as a reply to a message with no custom emojis, with a :dash: reaction.
    • The case of passing an emoji as an argument does not work, and the bot does nothing. This is because you do not have a converter, but have a typecheck for something other than str that exists early with no feedback.
  • :memo: Commands do not check if the bot has embed_links permissions where needed.
  • :memo: Commands do not check if the bot has add_reactions permissions where needed.
  • [p]emotelist does not check if the bot has read_message_history permissions.
  • :memo: [p]emotelist does not check if the command message is actually a reply:
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\emotes\emotes.py", line 407, in emotelist
    messages = [ctx.message.reference.resolved]
AttributeError: 'NoneType' object has no attribute 'resolved'
  • :memo: [p]emotelist t doesn’t appear to be updated with changes in dpy 2.0
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\emotes\emotes.py", line 403, in emotelist
    messageCountRaw = await ctx.channel.history(limit=None, after=ctx.message.reference.resolved).flatten()
AttributeError: 'async_generator' object has no attribute 'flatten'
  • :memo: [p]showemote has a typo that makes it always error:
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\emotes\emotes.py", line 440, in showemote
    if isinstance(emoteUrl, str):
NameError: name 'emoteUrl' is not defined

HelloHook

  • :memo: Commands do not check if the bot has embed_links permissions where needed.
  • :memo: Commands do not check if the bot has add_reactions permissions where needed.
  • [p]hellohook invite add does not have a check to make sure the message is from the correct author, in the correct channel. This would make it nearly impossible to use on a larger bot.
    • The docstring for this command is also not a triple quote string, so it does not apply as the help text.
  • The explanation as to why https:// is needed in the variables isn’t very clear, and I don’t think it is actually needed.
  • :memo: If join/leave messages are toggled on and a message is configured without setting the webhook URL, the cog errors whenever someone joins/leaves a guild:
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\hellohook\hellohook.py", line 577, in on_member_join
    webhook = SyncWebhook.from_url(greetWebhook)
ValueError: Invalid webhook URL given.
    • There is already logic for detecting if there is not a message, you just need that same logic for the URL as well.
    • Technically there is also no handling for if the URL is invalid.
  • :memo: [p]hellohook setgreet/setleave error if incorrectly formatted data is passed to them:
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\hellohook\hellohook.py", line 295, in hellohooksetleave
    await self.config.guild(ctx.guild).leaveMessage.set(welcomeMsg)
ValueError: You may only set the value of a group to be a dict.

Jadict

  • :memo: [p]jadict and [p]jasearch do not check if the bot has embed_links permissions.

JsonRequest

  • :memo: Allowing users to make arbitrary API requests is considered a permission escalation. The most basic example as to why this can be a problem is that it can be used to get the IP address of the machine Red is hosted on. If domains were required to be whitelisted, and only the bot owner could configure the domains, it may be acceptable. However, it would be much more comfortable to restrict this cog to be owner only or to not include it in your repo.

KoDict

  • It is unclear why the coffee_redbot path exists as a clone of Red, unless it is being used in the public bot version of this cog and you didn’t want to change the imports between versions. I would suggest using the normal Red imports in the cog if possible.
  • :memo: It doesn’t appear that lxml or krdict.py are being used, despite being in the requirements.
  • The install_msg points to setup instructions in the docs that only list krdict as a valid [p]set api name, but deepl is not listed. Additionally, there are no instructions as to how to get tokens from the API services.
  • :memo: The cog silently edits the Searching text to an empty message in [p]kodict if the bot does not have embed_links permissions.
  • :memo: [p]kosearch does not check if the bot has embed_links permissions.

KyaruTail

  • :memo: Commands do not check if the bot has embed_links permissions where needed.
  • :memo: Commands do not check if the bot has add_reactions permissions where needed.
  • You might want to mark this cog as hidden, if the setup instructions require access to servers you aren’t able to link and no method is provided to override the default emoji IDs.
  • :memo: Since the emojis are longer than the source text, a sufficiently long message results in an output that exceeds the 2000 character limit:
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\kyarutail\kyarutail.py", line 139, in kyaruself
    webhook.send(
discord.errors.HTTPException: 400 Bad Request (error code: 50035): Invalid Form Body
In content: Must be 2000 or fewer in length.

LovePlay

  • :memo: Commands do not check if the bot has embed_links permissions where needed.

MsgMover

  • :memo: Commands do not check if the bot has add_reactions permissions where needed.
  • Commands do not check if the bot has read_message_history permissions where needed.
  • With the new “forward” feature in discord, you can consider if this cog is still needed, or try to market its strengths over that system.
    • Also consider “announcement channels” as another competing discord feature.
  • Why does the [p]msgmover group exist with no subcommands and a docstring that reads like an install_msg? Just put that message into the install_msg?
  • The legacy commands should probably be hidden.
  • discord.errors is technically private. Rather than using discord.errors.NotFound, it is preferred to use discord.NotFound. (A traceback has the full path because that is how Python sees it, but the shorter version is the documented way to call it that is covered by version guarantees)
  • :memo: [p]msgcopy doesn’t handle non-positive message counts or negative skip values nicely:
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\msgmover\msgmover.py", line 213, in msgcopy
    msgItemLast = msgList[0].created_at
IndexError: list index out of range
  • I have no idea what itemToEdit is supposed to be in [p]msgrelay edit.
    • Assuming it is supposed to be an index like [p]msgrelay delete, the converter for the second channel/webhook is not a union of TextChannel and str, so passing a channel incorrectly causes a fail state.

PinBoard

  • :memo: Some commands do not check if the bot has embed_links permissions where needed.
  • :memo: Some commands do not check if the bot has add_reactions permissions where needed.
  • The [p]setpoinboard import command should probably be hidden, as users won’t know the config schema.
  • [p]setpinboard reset has a default value for the bool, and doesn’t send help or a message when the bool is False, so it is unclear that it does not work without passing True without manually invoking help.
  • :memo: There are a lot of edge case checks missing from this cog:
    • Referencing pinboards that do not exist causes an error.
    • Creating a pinboard with the same name as an existing pinboard overrides the existing one.
    • There are no checks that embed field count or character count limits are not exceeded.
    • There are no checks that the bot has manage_messages permissions to pin the message.

Quarantine

  • :memo: Some commands do not check if the bot has embed_links permissions where needed.
  • :memo: Some commands do not check if the bot has add_reactions permissions where needed.
  • Rather than requiring a cog-specific log channel to be specified, consider hooking into the ModLog API for Red to use users’ existing modlog channel.
  • The [p]setquar command should probably have a mod check on it, so the (empty) group isn’t visible in [p]help to non-mods.
  • :memo: Mods should not be able to [p]serquar role a role higher than their role in the hierarchy.
  • :memo: Mods should not be able to [p]quar/[p]quarall users who are higher than them on the hierarchy.
  • The kick/ban logic for [p]quarall depending on the mute role being defined, and whether a user already has it, is a little strange.
  • :memo: You shouldn’t leave print statements in your code, as that makes it unclear where the logs are coming from. Either remove them, or replace them with logging calls that properly identify your cog as the source.
  • The cog doesn’t make it clear whether a particular quarantine failed because:
    • The bot does not have permissions to manage roles
    • The role was not set up
    • The user is above the bot in hierarchy (which can lead to a partial finish that is not logged for [p]quarall)

SendHook

  • :memo: Some commands do not check if the bot has add_reactions permissions where needed.
  • :memo: The cog does not check if the bot has manage_webhooks permissions where needed.
  • :memo: [p]aliashook show errors if the alias has not been configured yet:
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\sendhook\sendhook.py", line 115, in ahshow
    webhookData = webhookAlias[alias]
KeyError: 'example'
  • Consider using SyncWebhook.edit_message instead of a manual API request.
  • You should either swap the permission requirement to manage_webhooks or use mod_or_permissions with that permission. This will allow for more seamless access.
  • The help texts for the commands in this cog are not very verbose, and many commands have basic text inputs with special requirements that are not explained (ie links to images).
  • :memo: [p]sendhook listhooks doesn’t handle a channel with < 2 webhooks nicely.
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\sendhook\sendhook.py", line 251, in listhooks
    name = str(b.name)
UnboundLocalError: local variable 'b' referenced before assignment
  • It probably makes more sense to automatically alias a webhook to its title, rather than sending the URL.
    • Webhook URLs are technically privileged information, so this would make it less likely to accidentally leak one, and make the UX neater.

SpotifyEmbed

  • :memo: [p]spotifyembed errors if given an input that is not a Spotify URL"
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\spotifyembed\spotifyembed.py", line 100, in spotifyembed
    sendMsg = spembedSplit[0] + ".com/embed/" + spembedSplit[1]
IndexError: list index out of range
  • [p]setspe note/[p]setspe customurl don’t have any message length checks:
    Traceback (most recent call last):
  File "datapath\cogs\CogManager\cogs\spotifyembed\spotifyembed.py", line 179, in on_message
    webhook.send(
discord.errors.HTTPException: 400 Bad Request (error code: 50035): Invalid Form Body
In content: Must be 2000 or fewer in length.
  • Consider adding a setting for enabling/disabling sending with a webhook in the autoreply, similar to the bool argument in the command.
  • Consider moving your logic for sending the modified message to a helper function that can be shared by the command and listener.
  • Consider using on_message_without_command instead of regex searching for the command name in the listener.
  • I’m not sure if Spotify changed the URL you need to use to generate embeds, or if Discord is just being weird, but neither my links nor those sent by this cog embed anymore.
  • :memo: [p]setspe commands do not check if the bot has add_reactions permissions.

WebSearch

  • :memo: [p]setwebsearch add/remove do not check if the bot has add_reactions permissions where needed.
  • [p]websearch/[p]weblink/[p]websearchset list do not check if the message would be too long:
    Traceback (most recent call last):
  File "datapath\cogs\websearch\websearch.py", line 64, in websearch
    await ctx.send(message)
discord.errors.HTTPException: 400 Bad Request (error code: 50035): Invalid Form Body
In content: Must be 4000 or fewer in length.
  • [p]weblink should return in the except block instead of having a second try/except to see if the variable was defined.

Zidian

  • The #s to denote comments cause the [p]setzidian headers output to use h1 formatting and be very big. Consider stripping the leading # for readability.
  • :memo: [p]zidian does not check if the bot has embed_links permissions.
  • :memo: [p]zidian update does not check if the bot has add_reactions permissions.
  • :memo: You should not be extracting the zip file without specifying the path to extract to as a path within cog_data_path.
    • It is unclear if this is an actual API, or a statically hosted file that should never change. If it isn’t expected to change, consider bundling it and using bundled_data_path instead.