Is there a setting page on the lemmy instance where I can download all my data?

  • freamon@endlesstalk.org
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    8 months ago

    No settings page (as far as I’m aware), but you can use the API to get everything (posts, comments, etc):

    step 1: get login token -

    curl --request POST \
         --url https://lemmy.ml/api/v3/user/login \
         --header 'accept: application/json' \
         --header 'content-type: application/json' \
         --data '
    {
      "username_or_email": "2br02b",
      "password": "YOUR-PASSWORD"
    }
    '
    

    step 2: use login token (big long string starting with ‘ey’) to get data -

    curl --request GET \
         --url 'https://lemmy.ml/api/v3/user?username=2br02b&page=1' \
         --header 'accept: application/json' \
         --header 'authorization: Bearer YOUR-JWT'
    

    Increment page number until you have everything. source: https://lemmy.readme.io/reference/get_user

    • 7heo
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      8 months ago

      One thing to be aware of is that there is currently, AFAIK, no now (since 0.19.3) a way to “disable” a JWT.

      Before that, once you had created it, if you leaked it, your account was, as far as I can tell, definitely compromised.

      Now, it is possible to logout, to mark the JWT as “invalid”.

      I will add, as a disclaimer, that I have not checked if that as Nutomic highlighted below, there are conditions (password change, etc) under which any or all JWT (user, instance, etc) become invalid. So do audit the code if this is something that concerns you. As far as I am concerned, I treat the JWTs as extra-sensitive information, and store them only on machines I own.

      Edit: correct information in the light of Nutomic’s comments.

      • nutomicMA
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        The jwt is invalidated once you logout. You can also change/reset your password to invalidate all login tokens for your account.

        • 7heo
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          8 months ago

          The jwt is invalidated once you logout.

          Invalidated how?

          You can also change/reset your password to invalidate all login tokens for your account.

          OK. I was afraid this would not be the case. Thanks for confirming.

          • nutomicMA
            link
            fedilink
            English
            arrow-up
            2
            ·
            8 months ago

            Invalidated how?

            Well it’s deleted from the database so you can’t authenticate with it anymore.

            • 7heo
              link
              fedilink
              English
              arrow-up
              3
              ·
              8 months ago

              OK there now is a LoginToken class. This was not the case last time I checked. Good. Thanks for your answers.