Welckom back splinterlands fam,

This week another land update… and this one started with a “simple” request from @warrentrx: could you show the last used date in the card overview screen?

At first I thought yeah I would like that too, including cooldown data of course. Shouldn’t be a problem, I know the API a bit and I know the values are there, ten minute job 🤣. But then the drawback came apparently Spl has a split access mode. Not all data is available unless you are logged in or use an API token.
Funny thing is that some old cards did show last played info, which caught me off guard.

And as you know me, I love a challenge. Up till now I always avoided implementing a login method, since that comes with risk and security issues. Not really my expertise. But I wanted to learn, so… I did it.

Quick Side Note

Some people think I get paid for building this, but that’s not the case, at least not directly.
I get paid in discussions, connections, and a huge learning experience.

Nice comments and especially upvotes help reduce the cost of running this tool. So if you like this project, please support me with an upvote either this post and even better on my validator.

✅ Upvote this post – it really helps!
👉 Vote for My SPS Validator Node

That’s the self-commercial part 🤣.

If you don’t want to read the rest, here’s the link where you can dive directly into the new features:
👉 https://land.spl-stats.com/

Security First

The first part was about obtaining a Splinterlands token. I knew how to do that, but the challenge was making sure it’s secured in a public web application.

The first layer is Hive Keychain, which is used for login credentials.

Tip for everyone:
Always check which key is being used when you sign a message or do any action.
For this login, the posting key is used.

That’s a safe one, since it can only “post” actions like signing messages. For transfers or locking cards, you would need the active key or higher. So keep an eye on which key is required before you click confirm. Very important!

The second layer is CSRF protection.

👉 CSRF (Cross-Site Request Forgery) is when an attacker tricks you into performing an action you didn’t intend, like sending a request with your credentials without you knowing. A CSRF token makes sure that only requests coming from your session are accepted, blocking these “forged” actions.

So I applied CSRF checks to the login call and card collection fetch, combined with allowed-origin checks.

I tested scenarios like token expiration, but some cases are hard to test manually (like expiration on the Spl side). If you run into issues, let me know.

As always:
Security is layered. Anyone with deep knowledge can still misuse mechanisms, especially since this is an open-source tool. People can look into the code and maybe spot vulnerabilities. If you see one, tell me. And of course: use at your own risk. I don’t store any credentials or tokens (Hive Keychain makes this impossible anyway because of timestamp + signature). Do your own research, protect your keys.

The Fun Part – New Features

After all that, the actual feature almost felt “easy” 🤣. It’s funny how often the stuff around the change takes the most time, but it’s worth it since I learned a lot.

So here’s what’s new:

On the overview screen you now see land cooldown and survival cooldown by default (no login needed).

When logged in (refresh data might be needed), you now also see last played date.

You can filter on all three new items.

If you have multiple cards, the first (youngest) date is shown, and you can hover for a tooltip with the others.

🧪 Want to See the Code?

🔍 GitHub Repos (If You Dare):
⚡ Next.js version

PRs, issues, or just general “what in the spaghetti is this?” reactions welcome — be kind 😅

🙌 Support the Project

✅ Upvote this post – it really helps!
👉 Vote for My SPS Validator Node
💬 Drop a comment or idea – weird edge cases welcome.

⚠️ Final Note

Still just a fun hobby project. Built during late-night, caffeine-fueled coding sessions.
If something breaks… ping me. I’ll fix it. Eventually. 😂

So there you have it — another sweet update imho. Hope you like it. As always, let me know in the comments if you spot issues, have remarks, or just want to chat about it.

— Beaker signing off 😀

Do you also want to be part of this amazing play to earn game consider using my refferal link.