Wait so how do accounts work if there is no password
Glad you asked! Each account has a different “session” that is saved in your local browser data, along with the username. When you enter the website, the API checks if your username matches with your session. You cannot actually see that session because the only time your browser will actually receive it is when you sign up, so that it can be saved in your local browser data.
Am I only able to sign on with the device+browser I made the account with?
well, yes, but i am planning to create a token feature where you can generate a key for your account that you can use to log in from other devices
Uhh, that sounds bad. Accounts could very easily be lost and it sounds like there’s one token that can be used, meaning if the token is stolen that person has full access over their account. I would recommend just using normal accounts and also having a token pair, one for accessing the site that expires after a short amount of time and one that refreshes the session with a different token, also detect token re-use and all of that.
This was a conversation about a website that doesn’t seem to exist anymore
i legit have no idea about what i was talking about here. Your password and username were saved in localStorage and that was basically the entire auth system. Bundle uses a better system now