PWA push notifications

I'm also interested in pwa with push notifications working on android and iOS.

@julian said in Login seems succesfull but does not actually logs user in.:

@bejan Our community reps are pretty awesome,

Definitely!

Our docs are open source, and we accept pull requests to them: https://github.com/nodebb/docs

Great, thank you!

While I suppose more documentation doesn't always mean better documentation, we are always grateful for contributions

True

@gotwf I appreciate your reply, thank you.

Not everyone can use the standard setup or just may not want to implement it this way.

In my case I have a particular situation where the standard config is only a part of the bigger picture. To reach a working setup with all dependencies fullfilled, I had to tweak it quite a bit. In the end, some directives of the nodebb config weren't as suggested by the docs. To really know what can be done different and what not for nodebb to still work flawlessly is harder for anyone just starting with nodebb. It needs a helping hand to get it working again and now it's finally ready. So far I'm happy with how it is as of now.

The remaining issue is nothing major requiring immediate remedy right now.

@pitaj It's an issue of preference I guess. I'd like to avoid grunt being a dev tool forcing me to deviate from my integrations needs. If grunt would support multiple instances, it would be great and I'd use it. Else I'd stick with the current big hammer method of always recompiling unconditionally and restarting nodebb afterwards. Accepting the additional penalty of nginx rev proxy streaming timeouts. Not elegant but it works.

@gotwf said in Plugin development 2021 updated - environment and dev workflow - request:

Like all powerful tooling, Emacs doe have its learning curve. But it is free and pretty much does any and everything.

.. and even coffee.

As does vim with a couple of bundles. This is what I'm used to and also working with on nodebb.

It's just that you have to pick one and try it or learn how to do it.

@radu-ionescu said in Plugin development 2021 updated - environment and dev workflow - request:

Just started reading this thread, it has come a long way..

Nonetheless, the occasions multiply when I feel the urge to chime in. I'm in a similar position as you seem to be: sw dev w/ xp but being overwhelmed with the view the whole nodebb package. So far I dug my way through, having many questions, most of them cleared as of now, thanks to some awesome devs. But Me Too I suffer from the incomplete and outdated doc syndrome.

The docs says that you can be more efficient if you limit scope like ./nodebb build adminjs admincss tpl. But I did not find the definition of those scopes and I would be clueless on what scope to use.

I started with selective builds with more or less educated guesses which scope is/might be affected. More often than not I noticed, those guesses where just those - guesses. Sometimes right, sometimes not and often partially right as other scopes were inflicted, too. So my solution is the big hammer called "just-do-it-all". PITA. Go-around roughly 60 secs for build/restart/nginx reconnecting with nodebb instances. Not using grunt any more, not compatible with multiple nodebb instances, yet(?). My workflow ought to be as close to production as possible, so I'm running multiple instances for dev. PITA, again.

A very good point of yours is the need for an architectural overview of nodebb. What's were, how and when of sorts.

I'm using yalc and the compilation step (script) is nudged by

yalc push && ~/nodebb build && sudo systemctl restart nodebb

I'd set up a page to briefly sketch how the cogs work together if there's interest. Create child theme, register with yalc etc. All of it can be found in different places, I just plugged some of those ideas together in what works for me (tm).

Edit: I'm so glad @PitaJ having me pointed to this thread as I seem to have missed it completely so far.

Re: Plugin development 2021 updated - environment and dev workflow - request

I noticed grunt only working with a single instance (port number). I tried swapping in the multiple-instance target with no luck. Is there an easy way to "upgrade" grunt to make it work with multiple instances?

@pitaj Yeah, that's what it most probably boils down to. Right now, it's not a priority. Yet.

Will let you guys know when it's done and how.

So far: thank you for your support and patience. You guys rock. Docs aren't too recent and complete but you make it up. Of course it takes your time and mine to solve those issues that might not even surface with more extensive documentation. What I mean is, the available doc is already very nice. It's the little crooks and crannies and the code version referenced that could profit from some polish. As already offered, I can offer to improve on that if wanted. I.e. just add what was missing for me that would complement the doc that is there. Just my 2p

@baris Dam.. there it is, where all those magic strings meet!
Thank you.

@baris Your hint did it! Thank you!

Next question: where does that forum string come from? Is it because of some internal thing in nodebb?

Again, thank you!

@pitaj said in Login seems succesfull but does not actually logs user in.:

every X secconds the pop-up shows "Seems we lost connection to the server"

Check out the following faq topic

[FAQ] Websockets not working due to misconfigured origins

This FAQ is applicable for the following situations: You're receiving the following error in the Javascript console: WebSocket connection to 'wss:///socket...

NodeBB Community (community.nodebb.org)

I only have a single origin site and the url is set as it should. Is it allowed to have a trailing slash in url?

This issue is still haunting me.

/manifest.webmanifest is a 401 though CORS crossorigin: use-credentials is set.

Not sure. Can you show a screenshot of this happening? Can you try clearing your cookies and cache? What browser?

The manifest issue is solved. Thank you.

@baris Thank you.

Well, that is where I got the JS from in the first place. I renamed the files from quickstart.* and added those to the custom theme, then adapted plugin.json. That is where I am at right now. I seem to cannot get the JS rendering to work. Template is shown, the last-p inner HTML is not. I'm out of clues now.

@pitaj What would happen if you're using the custom pages plugin to create a route mynewtemplate and put widgets inside at the same time as creating a file templates/mynewtemplate.tpl and a corresponding mynewtemplate.js file?

The custom pages template takes precedence it seems like. But even without the custom pages template, the mynewtemplate.js is not executed.

@pitaj said in template.js not executed:

What are the contents of that file?

"use strict";
define("mynewtemplate",function(){
var t={};
t.init=function(){$("#last-p").text("mynewtemplate.js got loaded!");};
return t
});
//# sourceMappingURL=home.js.map

Have you tried just mynewtemplate.js instead of ../client/mynewtemplate.js?

You mean in the json file? I believe I tried that, too, once. Cannot remember the results. Will try again and report back.

@pitaj Oh, this looks very promising. Thank you for the pointer.

That's weird. The js file gets loaded and is present in the sources tab in dev console. It's just not executed in the rendered template. Executing the js code in the console manually yields the expected result in the rendered template, though.

Any ideas how to get the js code executed?

Thanks.

Currently, I'm deploying with the following security config. Working fine so far, I'd like to get some community feedback.

add_header Content-Security-Policy "default-src 'none'; \
connect-src 'self' https://forum.myforum.com/ wss://forum.myforum.com/ https://bootswatch.com/ https://api.github.com/; \
script-src 'self' 'unsafe-inline https://forum.myforum.com/ https://storage.googleapis.com/; \
img-src 'self' data: https://forum.myforum.com/ https://bootswatch.com/ https://i.imgur.com/ https://www.gravatar.com/; \
style-src 'self' 'unsafe-inline' https://forum.myforum.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/; \
font-src https://forum.myforum.com/ https://maxcdn.bootstrapcdn.com/bootswatch/latest/fonts/ chrome-extension://* 
 https://fonts.gstatic.com/; \
frame-ancestors 'self'; \
object-src 'none';
manifest-src https://forum.myforum.com/;";
  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";׬                                              
  add_header 'Referrer-Policy' 'same-origin';¬                                                                                        
  add_header X-Content-Type-Options nosniff;¬                                                                                         
  add_header X-XSS-Protection "1; mode=block";¬                                                                                       
  add_header X-Download-Options noopen;¬                                                                                              
  add_header X-Permitted-Cross-Domain-Policies none;¬                                                                                 
  add_header X-Frame-Options "SAMEORIGIN";

Helpful website for testing was https://observatory.mozilla.org/

edit: add manifest-src to enable webmanifest loading

It'd be awesome to have the 2FA plugin support FIDO2 devices for 2FA authentication. Like yubikeys, solos etc.

@julian Any updates on nodebb's CSP implementation? I'd like to avoid unsafe-* for obvious reasons.

@dunlix said in Custom Home Page?:

There must be something wrong with your forum's fonts or fontawesome files.

Correct. This is what console is telling:

service-worker.js:14 Refused to connect to 'https://fonts.googleapis.com/icon?family=Material+Icons#729a5fbf-716f-4b5b-be8f-f29fa5d531f3' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Solved by adding this to nginx' nodebb's server {} directive:

add_header Content-Security-Policy: "default-src 'self';font-src fonts.gstatic.com;style-src 'self' fonts.googleapis.com";

EDIT: Using this CSP config.

Also, Everywhere in the ACP the save button is in the exact same place. another button being there is much different to look.

Sure enough. The location is highly unusual, though. At least it was for me.