BagelChip

BagelChip (real name: Nathaniel Thompson, also known as foodz, Legitosaurus and JustBonziThings) is the creator of bonzi.world (previously bonzi.dega.io) and a Regex connoisseur. He has his own homepage called "dega.io".

History

BagelChip was a relevant BonziWORLD user back in the days of jojudge/bonziworld.com. When jojudge shut down the original BonziWORLD, BagelChip downloaded BonziWORLD's public source code and put up his own version of BonziWORLD at bonzi.dega.io.

When bonzi.dega.io was shut down (due to an unbearable swarm of kiddies infesting it), he changed his name to Legitosaurus because he didn't like his old name. He gave bonzi.world a crappy minimalistic UI, account system and a RESTful API for rooms and all sort of stuff. The original server was shutdown because of Seamus destroying the server, and the revival was shut down as foodz didn't want to moderate it or the discord server as well. After the shutdown, @JustBonziThings went inactive for1 year except for his Github account and his main twitter account (@foodz), and finally returned in July of 2023.

And at the time he is working on a BonziWORLD server which he showcased on December of 2023 in a video, included Windows XP pop-ups and a title screen. The character and the video was most likely a placeholder.

API Routes

Bagelchip gave his BonziWORLD Server (bonzi.world) a REST API. There was absolutely no reason for a BonziWORLD API to ever exist, as that's an abysmal idea. If you ever want to code a REST API or account system, make sure it's not for an anonymous meme monkey chat website. Here is a "documentation" of the API.

• /api/v1/admin/sockets/:id/ - Allows admins to view connected sockets. the data received from this is vital for the rest of the admin dashboard moderation. uses GET, POST, PATCH and DELETE http methods.
• /api/v1/admin/messages/:id/ - Allows admins to get message history in a specified room. uses GET and POST http methods
• /api/v1/admin/rooms/:id/ - Used for admins to moderate rooms. uses GET, POST, PATCH and DELETE http methods
• /api/v1/admin/script/ - Sends remote JavaScript to a specified user
• /api/v1/admin/ban/ - Bans a user. uses GET, POST, PATCH and DELETE http methods)
• /api/v1/admin/shadowban/ - Bans a user without making it obvious (can also be used to specify chatting bans). uses GET, POST, PATCH and DELETE http methods
• /api/v1/admin/kick/ - Kicks a user. uses GET, POST and PATCH http methods
• /api/v1/admin/sapi/ - Toggles SAPI TTS voice on/off globally on the server
• /api/v1/admin/reload/ - Refreshes a client's page. Commonly used when Foodz would update his site
• /api/v1/admin/redirect/ - Redirects any user to any website
• /api/v1/admin/seizure/ - Triggers a seizure for an annoying kiddie
• /api/v1/login/register/ - Registers a new user. uses GET, POST and PATCH http methods
• /api/v1/login/ - Signs in a user (Requires valid username and password. Only works when you use it in tandem with /api/v1/session/). uses GET and POST http methods
• /api/v1/session/ - Gets login session token. expires after a few hours. uses GET, POST, PATCH and DELETE http methods
• /api/v1/login/forgot/ Sends an email to the account holder if they forgot their password (Requires the email address which was used to register). uses GET and POST http methods
• /api/v1/logout/ - Deletes session token and logs out the user. uses POST and DELETE http methods
• /api/v1/unload/ - Deletes session token and creates a new one. uses POST and DELETE http methods
• /api/v1/identity/fingerprint/ - Used for grabbing browser information and sending to sentry analytics
• /api/v1/sapi/ - Toggles SAPI TTS voice on/off on individual clients (Also used for speaking with SAPI5. You can use http headers to specify the text, voice and language)
• /api/v1/rooms/:id/ - Used for managing and querying room ids. uses GET, POST, PATCH and DELETE http methods.
• /api/v1/users/:id/ - Used for managing and querying user ids. uses GET, POST, PATCH and DELETE http methods

[Note: This is WIP. I gathered this information from scouring over the JavaScript on archive.org. Hopefully someone can expand this some more by adding information]

Use this for documenting the API --> app.min.js AngularJS source leak. Uncompiled Angular code is easier to read!

Le admin panel leek of 2021

In 2021, donutscout created a account via the REST API and realised a huge flaw: The user accounts are admins, and BagelChip had not fixed it.

This caused him to mess around with the admin panel, and by a quote by him: "I saw shadowban, ban, kick, and some sort of a announcing feature. They all worked. I couldn't believe this flaw. Was he that stupid in REST?"

It got fixed shortly after, but the damages were done.

The admin panel site was formerly: bonzi.world/admin (possibly moved to https://api.bonzi.world/)

Websites

• dega.io - his homepage
• bonzi.dega.io (shutdown) - his bonziworld associated with the website dega.io
• bonzi.world (shutdown) - bonziworld
• classic.bonzi.world (shutdown) - classic bonziworld

Social Media

• Github
• LinkedIn
• Twitter
• Keybase