Running Without The Port?

General Discussion

Suggested Topics

  • 1 Votes
    1 Posts

    Hey all,
    I had never used Mongoose before but I know it is used for schema and validation. I was wondering though if anyone knew off chance if it could be added to NodeBB's database without it interfering with how it currently operates? I came across this backend administrative application called ForstAdmin and I was thinking about trying to see if I could add it into my current install. The application itself is made to integrate into an application you already have up and running, but that is under the assumption you are already have Mongoose and are using Express. I might spin up another board just to give it a go and see what happens, lol.

    Thanks all,

  • 0 Votes
    4 Posts

    DeprecationWarning ยท Issue #5184 ยท NodeBB/NodeBB

    DeprecationWarning: Using Buffer without new will soon stop working. Use new Buffer(), or preferably Buffer.from(), Buffer.allocUnsafe() or Buffer.alloc() instead. DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpdir() instead. V...


    GitHub (

  • 0 Votes
    1 Posts

    While browsing the 'net, I found a neat little IETF draft standard called JWT (JSON Web Tokens).

    Basically, the idea is that instead of having sessions on the server and a cookie to match a HTTP request to one of those sessions, one or more claims (i.e. user ID or admin status) are stored in a JSON object which is then signed by the server. (currently through either HMAC, RSA or ECDSA)
    The client then stores this in usually either localStorage or sessionStorage and sends it along in an HTTP header with any request requiring authorization.

    For example:

    client logs in with username "Example" and password "password" server if user and password match, issue a JWT containing the payload { 'userId': 47 } and send it to the client client stores the JWT in sessionStorage (later) client creates a new topic and sends the JWT along in the Authorization HTTP header server validates the signature in the JWT from the Authorization header with their own secret/key and if it's OK, uses the data from the JWT in the processing of the request
    (in this case, the userID of 47 is used as creator of the topic)

    Pros of JWT:

    The server doesn't need to store sessions!
    => less load on the server
    & no shared session store is needed when scaling horizontally as long as all instances share a secret or public/private keypair No cookies => no CSRF!


    XSS becomes more dangerous - any malicious script with access to the client's localStorage or sessionStorage for a site can fully impersonate the user until the token expires or is deletes

    There might be more cons & pros, I am neither good nor experienced enough to fully understand everything ๐Ÿ˜›

    ("everything" is a lot though, I do have trouble with way less than that ๐Ÿ˜’ anyway, don't take my words for granted, do your own research, etc. etc. you know the drill ๐Ÿ˜› )

    Some links:

    General introduction: Slightly more detailed introduction with INFOGRAPHICS(ish): Web-based token decoder: Express middleware:
  • 4 Votes
    5 Posts

    Lol and so did gmail

  • 0 Votes
    6 Posts

    Looking forward to when we can have a "Make Forum Private" option that sets all permissions on all forums automatically so that you don't have to go about changing each one.