[nodebb-plugin-calendar] Fully featured calendar plugin for NodeBB - Testers needed

  • Global Moderator Plugin & Theme Dev

    @Frozen_byte you'll really just need to wait until I release a new version. I'll try to get that done tonight.

  • Global Moderator Plugin & Theme Dev

    New version. Please try out [email protected]
    Note: this version requires NodeBB v1.19.6 or later

    npm i [email protected]
    

    Changelog:


  • @PitaJ thanks 🙏

  • Community Rep

    @PitaJ Tried this for first time 1.19.7, installed via ACP not npm via terminal.

    Popped the calendar button on the nav menu.

    Click it and got a button labelled Show Only "Yes"

    Bug or Human setup/error?

  • Global Moderator Plugin & Theme Dev

    @omega do you have any errors in the js console


  • @teh_g said in [nodebb-plugin-calendar] Fully featured calendar plugin for NodeBB - Testers needed:

    I think I asked a while ago, but is it possible to add events via an ical feed to this calendar?

    The specific one I am looking to add is this one here: http://c.opencritic.com/calendar/OpenCritic.ics

    I am very interested in an ICS-export function. I've developed a calendar extension for phpBB, that can export and import ICS. I can write JavaScript, so it should be easy, to port the ICS-function to this calendar.

    The difficult/time expensive part would be to create an alternative user login. As ICS requires a simple URL to load the events from, there needs to be an extra ICS download key for each user, that can be put into the URL's query string to enable the ICS download...

    @PitaJ Maybe we can work together - with some help regarding the nodeBB's extension structure, it should be possible...

  • GNU/Linux Admin

    The difficult/time expensive part would be to create an alternative user login. As ICS requires a simple URL to load the events from, there needs to be an extra ICS download key for each user, that can be put into the URL's query string to enable the ICS download...

    @MitjaStachowiak Good news! — Each user already has an automatically generated field in their user hash called rss_token. It is semi-private key that is used in conjunction with the uid to protect RSS feeds from uid enumeration.

    You can get a user's feed token by calling await user.auth.getFeedToken(uid) (it generates one if the user account doesn't already have one.)

    There are other places where this token can be used, although right now it is only used in the RSS functionality. It will not go away (not without ample warning, anyway.) In the future, we may rename rss_token to something more generic.


    When I say that rss_token is "semi-private" I mean that it is sent to the browser in plain text (you can see it if you investigate the URL for this topic's RSS feed). It's hidden from other users insomuch that you can't easily find out someone else's rss_token, but that's about it.


  • @julian Okay, yes, this should work. ICS-Export is not extremely secure. There is a wide range of apps, that can import ICS, but I guess many of them have no ssh-key-validation included and accept any key.

    Who enables ICS-export should know, that a capable attacker can find a way to get the ICS of some users.

    Hopefully next week, I may find time to have a look on it.

  • GNU/Linux Admin

    @MitjaStachowiak wait, did I say that it wasn't going to go away?

    Now I am thinking that maybe it should go away 😔 the rss token functionality could potentially be rolled into the already existing API token feature...

    That said there are a lot of steps between here and using the API token for this ... The main stumbling block being done RSS clients do not send customizable headers when grabbing RSS feeds... So it might be a no-go from the start.

    Anyway, just thinking aloud.


  • @julian The ICS-Export in my calendar works with an URL like

    https://theforum.xy/app.php/calendar/?action=ics&user=2&password=XXXXXX&from=D-10&promoters=27,8
    

    User ID (here 2) and a special password (here XXXXXX) are given in the URL. Yes, it is possible to use HTTP-Passwords as well, but not all clients support this. So I decided to go for the URL-password.

    The script, that generates the ICS must be accessible for public. You simply give each user an extra ICS-key in the database and grab the events directly from there. If the rss-token can be used for this - nice. If not, the addon needs to add an extra column in the db.

    phpBB has a migrationsystem, that manages databasemodifications for extensions and I needed a felt couple of months to understand this 😜 . If someone gives me a code point, where the special-key-authentification is done and a database access is possible, I can write the ICS composition for export.


Suggested Topics

| | |

© 2014 – 2022 NodeBB, Inc. — Made in Canada.