Thoughts on content ownership and long, meaningful discussions

Now, that is interesting...

@baris Awesome news! Thanks for the swift reply

Hi,

I wanted to make sure that the Upgrade Path, as described on https://docs.nodebb.org/configuring/upgrade/ is still valid/relevant.
I have a forums running on v1.10.0 and would like to upgrade to v1.12.0.

Is is still the case that I need to go through 1.10.0 -> 1.10.2 -> 1.11.0 and finally 1.12.0? That's a lot of upgrades and I would like to squash them if possible

Thanks!

Hi,
I think I have discovered another breaking change that you didn't mention, though it is probably super-niche.

This commit: https://github.com/NodeBB/NodeBB/commit/ec91ef1c644044bba44198b031913655e784b4bb
broke our custom SSO plugin. The result was that after successfully logging in our external identity provider and being redirected to our Forum's callback endpoint, I was ending up not logged in (the button in the header still said "Log in") and stuck on /register/complete roadblock. It looked like our Passport strategy verify callback, that parses output from the identity provider and fetches user data via OAuth2 was not invoked at all.

It turns out that the changes in this commit don't play well together with passport-oauth2 (https://github.com/jaredhanson/passport-oauth2) internal ability to protect against CSRF (which we were using). This strategy was already using state parameter to pass its own CSRF token. I don't have more time to investigate but I suspect things shipwrecked when NodeBB overwrote the state parameter with its own CSRF token.

Turning off passport-oauth2 internal CSRF protection (by removing state: true from its options) fixed the issue.

@baris I've added some debug code in the place you mentioned. Having opened two browsers, each connected to a different NodeBB instance I see the following behaviour:

• there's a lot of keys being cleared all the time
• among them, if I modify widgets I see widgets:global being cleared but only on the instance that initiated the change.
• the second instance shows no sign of clearing widgets:global (and the change obviously is not visible on it)
• this is consistent for any other change - navbar changes, profile edits...

So the question is: should I not be seeing the same cache key being cleared on both instances?

[UPDATE]
This looks interesting:

PUBSUB CHANNELS
*2
$27
db:0:adapter_key-request#/#
$28
db:0:adapter_key-response#/#

I see no pubsub_channel in our Redis instance...

[UPDATE 2]
It all seems clear to me now. In https://github.com/NodeBB/NodeBB/commit/e85aabbe74d7838185d0b102bf37a20c1a1b62a1 a logic was added that looks at isCluster to determine whether initialize "real" pub/sub mechanism or a "fake" local only. In our scenario we have instances running on separate machines and each instance is running just one NodeBB process. Therefore isCluster is false as determined by process.env.isCluster = ports.length > 1; in loader.js:118.

I am fixing this temporarily in our codebase by reversing the if...else if...else..if so that is does not look at isCluster in src/pubsub.js because I am not sure if "faking" or "forcing" NodeBB to recognize our scenario as clustered is correct and would not have any side-effects.

Advices?

To clarify, the code after my fix looks like this:

	var pubsub;

	if (nconf.get('redis')) {
		pubsub = require('./database/redis/pubsub');
	} else if (nconf.get('mongo')) {
		pubsub = require('./database/mongo/pubsub');
	} else {
		var EventEmitter = require('events');
		pubsub = new EventEmitter();
		pubsub.publish = pubsub.emit.bind(pubsub);
	}

Feel free to borrow it if it looks okay to you. It works for us

Ok. Still being able to reproduce - this time I've added a new item to navigation bar and it did not show up for users that are directed to second instance. Restarting both instances (i.e. forcefully clearing local caches) did the trick. Definitely something's off here. I guess I need to play around with console.log tomorrow and try to figure out what broke down.

Will try to work on this on Monday. We'll see if I'm still able to reproduce.
Thanks.

Hi,

We have a procedure to let users know about scheduled maintenance by adding a global widget with appropriate info:

After the upgrade is compete we have simply ticked "Hide from anonymous users" and "Hide from registered users". This effectively hid it for everyone. At least in the past. Now, after upgrading to 1.9.0 the widget persists no matter what I do. It does not respond to edits of the content (it is reflected in ACP but not on the Forums pages).

I even removed the widget completely:

It is still there, informing about past maintenance
https://forums.opera.com/
How can I get rid of the damn thing? Any ideas what's wrong?

Thanks!

[EDIT]
Further intel: We have two instances behind a load balancer. It seems like the changes to widgets are not synchronized... By removing "session stickiness" cookie I was able to access the second instance and indeed the stubborn widget was still present there in ACP. Removing it helped. The widget is gone. Now the question is: why wasn't two instances synchronized? Aren't widgets stored in database? Isn't Redis pub-sub mechanism supposed to sync the all instances in any case?
Definitely something's off here...

https://github.com/NodeBB/NodeBB/issues/4804 - seems like this will be released in 1.7.2

Thanks! Pulling right now

[EDIT] Seems to have solved it!

Hi!

After today upgrade to 1.7.0 we observe a significant increase in errors leading to process dying and being restarted.
Seems to always be preceded by this stacktrace:

23/11 14:30:39 [94] - error: TypeError: Cannot read property 'disabled' of undefined
at /home/app/nodebb/src/controllers/composer.js:22:25
at nextTask (/home/app/nodebb/node_modules/async/dist/async.js:5297:14)
at next (/home/app/nodebb/node_modules/async/dist/async.js:5304:9)
at /home/app/nodebb/node_modules/async/dist/async.js:906:16
at /home/app/nodebb/node_modules/nodebb-plugin-composer-default/library.js:160:12
at /home/app/nodebb/node_modules/async/dist/async.js:3861:9
at /home/app/nodebb/node_modules/async/dist/async.js:421:16
at iterateeCallback (/home/app/nodebb/node_modules/async/dist/async.js:928:24)
at /home/app/nodebb/node_modules/async/dist/async.js:906:16
at Immediate.<anonymous> (/home/app/nodebb/node_modules/async/dist/async.js:3858:13)
at runCallback (timers.js:676:20)
at tryOnImmediate (timers.js:645:5)
at processImmediate [as _immediateCallback] (timers.js:617:5)

Would you care to take a look? Thanks!

@teh_g said in content security policy:

'unsafe-inline' 'unsafe-eval'

Hi guys, any luck getting rid of the above? We'd like to implement CSP for our forums but it does not make much sense (in terms of combating XSS) if we have to allow inline and eval

Hi, no, it's our own, in-house fork of Persona. Sorry

There's one more breaking change that I did not find documented anywhere.
For our theme we had to change:

	var templates = require('templates.js');
	templates.registerHelper('generateCategoryBorder', helpers.generateCategoryBorder);

to

	var Benchpress = require('benchpressjs');
	Benchpress.registerHelper('generateCategoryBorder', helpers.generateCategoryBorder);

Not a big deal but some folks might struggle to see why their template helpers don't work on server side.

@pitaj said in NodeBB v1.6.0 has been released!:

I suggest you try it. It has been tested with Gmail, but we haven't been able to test other providers there.

The switch offers no explanation and seems not to do anything.

The switch enables that configuration, but it only applies if an emailer plugin isn't activated.

OK, thanks for the explanation.

I think I will stick to the external SES plugin since, as far as I understand, this whole section is about using SMTP for sending e-mails which requires storing credentials in database. We use IAM roles to grant implicit permissions to use SES on instances that run our Forums - and nodebb-plugin-emailer-ses is able to pick that up.

Hi,

I am planning a migration from 1.5.3 to 1.6.0 and I am confused about e-mail sending.
Currently I am using nodebb-plugin-emailer-ses but now I see that "core" Email was rebuild and looks like this:

which also includes SES and SES-.... in the dropdown.
I am confused. Should I continue using the third-party plugin or does somehow core NodeBB knows how to talk to SES?

Also what is

Use an external email server to send mails

?

The switch offers no explanation and seems not to do anything.

Any help/clarifications will be welcome

@julian how much memory did your forum consume when you decided to switch?

We think about using Amazon Elasticache as the DB backend so for us there is no argument of "sparing RAM for other things" since the instance is dedicated just for Redis - it's just a question of how big it should be

Also - is configuring NodeBB for mongo as a primary storage + redis for sessions documented somewhere?

Thanks for the numbers @Giggiux!

I am leaning towards Redis because I don't like how NodeBB structures data inside MongoDB - with Redis it is also not-so-pretty (well, that's how NoSQL operates), but at least I get a feeling that I can search and modify the database by hand, if necessary.