NodeBB v1.0.0

The NodeBB Team is proud to announce the release of NodeBB v1.0.0!

This milestone has been a long time in coming, and the previous release, v0.9.3, had been out for several months already.

Click here to see the full blog post

We've had some really great contributions to our language files since we started supporting translations in NodeBB core, although keeping up with the changes has been quite hard. Specifically:

• There was never really any way to check if any changes were out of date, except trying out every page of NodeBB in a new language and looking for incorrect language tags
• When a language tag was missing, the system ended up showing the unattractive "code" behind the tag, instead of a sensible fallback like English

To that end, we've registered NodeBB as a project on Transifex! Using a web site like this will allow us to see at a glance how complete each language is, and allow translators to quickly see which strings need translating, and which do not.

(clap)

Start Translating Now!

Following up from here, in the lead-up to ForumCon, the NodeBB developers are hosting a Google Hangouts AMA (Ask Me Anything) session!

Date: Monday, June 16th, 2014
Time: 20:00 (8pm) Eastern Daylight Time (GMT -0400)
Location: Google Hangouts, link will be posted here (and twitter, and facebook, etc) when it begins.

Tell your friends, tell everybody! We'll be talking about ForumCon and some really exciting things we have planned for NodeBB v0.5.0 and beyond. Hope to see you there!

Session Sharing for NodeBB

In a nutshell, this plugin allows you to share sessions between your application and NodeBB. You'll need to set a
special cookie with a common domain, containing a JSON Web Token with user data. If sufficient, this plugin will
handle the rest (user registration/login).

How is this related to SSO?

Single Sign-On allows a user to log into NodeBB through a third-party service. It is best (and most securely)
achieved via OAuth2 provider, although other alternatives exist. An example of a single sign-on plugin is
nodebb-plugin-sso-facebook.

Single sign-on does not allow a session to become automatically created if a login is made to another site.
This is the one misconception that people hold when thinking about SSO and session sharing.

This session sharing plugin will allow NodeBB to automatically log in users (and optionally, log out users)
if the requisite shared cookie is found (more on that below).

You can use this plugin and single sign-on plugins together, but they won't be seamlessly integrated.

How does this work?

This plugin checks incoming requests for a shared cookie that is saved by your application when a user
logs in. This cookie contains in its value, a specially crafted signed token containing unique identifying
information for that user.

If the user can be found in NodeBB, that user will be logged in. If not, then a user is created, and that
unique indentifier is saved for future reference.

---

Read more at the project repository

---

Updates

• v1.0.13 released
• v2.0.0 released

I suppose in the grand scheme of things, the wait between the last NodeBB release (v1.4.6) and this release, v1.5.0, has not actually been long, though it has felt like so because the development team has been working on it for quite some time. In fact, the first closed issue of this milestone was actually completed in mid-December, and we've been anxiously waiting for the right time to release it.

The reason why we've held off on releasing v1.5.0 until today is so we could fit in as many breaking changes as we could at one time. We've received constructive criticism in the past about how difficult it was to upgrade NodeBB due to breaking changes (some unintentional), and so since the last minor release (v1.4.0), we've changed our strategy once again so that subsequent releases along the same branch should be more stable.

Click here to see the full blog post

Hello everybody,

The NodeBB team is proud to release v0.7.2, the second revision along the v0.7.x branch. As mentioned in an earlier post, we're aiming to launch more often (roughly every week or so), and the Persona theme is now standard across all new installations.

Since v0.7.0, we've also added Serbian and Danish to our list of supported translations, bringing our total up to 38 languages! More languages are undergoing translations at the moment, and supported languages will always need updating. If you speak a language other than English, please check out our internationalisation project on Transifex!

Concurrent with this release, I'm also releasing a Two-Factor Authentication plugin for NodeBB. To my knowledge, this is a feature unique to forum softwares, and one that is definitely in-demand. In fact, we're already seeing downloads of the plugin, and it hasn't even been formally announced yet!

For those of you in the San Francisco/Silicon Valley area, @psychobunny will be in town for the next two weeks! If you want to grab a coffee or otherwise meet one of the founders (and not to mention, our main designer) in person, feel free to send him an email

This past week, we also happened to hit 10,000 commits on GitHub, which we couldn't have done without our 99 contributors! Who will be the 100th?

For all of our supporters who have been with us since the beginning, and to those who are just joining us recently, thank you for spreading the word about NodeBB -- simply seeing NodeBBs in the wild still makes my day, and we're all happy to make a difference in the forum ecosystem, one community at a time.

The version history can be found on the project's GitHub wiki, and will be updated periodically.

Just some teaser screenshots of what you can expect to see when it comes to user groups, in v0.6.1.

Right now, groups are more of an administrative concept -- users are slotted into groups based on an administrator's decision. These changes introduce the concept of a private group, where members must request access from the owner. In addition, groups can be made public, so anybody may join.

Let me know if you have any questions about how this will work

Pushbullet Integration for NodeBB

After much anticipated demand, I'm proud to say that Push Notifications have landed in NodeBB!

We've been in touch with PushBullet, a Y Combinator-funded startup in San Francisco, and they granted us early access to their OAuth based integration, allowing me to bring this to you guys. We're going into full testing mode with this now that the plugin is more or less complete, so you can try it out here on this forum (by clicking the "Pushbullet" menu option in your user settings), or by clicking here

Pushbullet released their OAuth interface yesterday, and so now's the perfect time to unveil our integration with it too!

This plugin is a premium plugin. What this means is that upon release, it is available exclusively to members of our hosted community and select partners. After a short period, it will be released publically and published on npm like other plugins.

Tentatively, the release date is scheduled for: When NodeBB v0.5.0 lands

EDIT: The plugin is now available to the general public! Install it via

npm install nodebb-plugin-pushbullet

Spring has finally arrived in Toronto, and that means it's time for a brand new NodeBB release!

So what's new?

We initially planned this release for late April, although we ran into a couple of last-minute blockers that necessitated pushing back the launch until today. We're excited to share this new version with you as it contains a couple of new features that allow for compliance with GDPR, as well as fixing a number of issues present in the current stable release.

Click here to see the full blog post

HTML to Markdown javascript library, for Nodejs and the browser | upndown

Perhaps I can work this into the markdown plugin, so that WYSIWYG integration is toggleable via ACP/frontend...

@rdomzim

1. Not easily, as /login is hardcoded in a couple places in the codebase. To combat these types of attacks, we introduce a delay when logging in that somewhat matches the bcrypt runtime. You could always edit the codebase to increase the delay some more, but what I'd recommend is setting up spam-be-gone so these requests are curbed before it hits bcrypt.

2. Yes. bcrypt is processor intensive by design (that's what makes it so good as a password hashing algorithm, but I am no expert).

@gotwf said in Plugin idea: emailrep.io:

Which seems to be nodebb's approach in general w.r.t. stuff like this

In general, yes. We try to not muck around with existing installs too much, but plugins are a little more fast and loose with things like this. Will keep it in mind

Definitely makes sense to integrate this as an additional verification vector in the spam-be-gone plugin.

Thoughts @akhoury ?

This topic was created as an entry in the Developer FAQ. Respond below if you have additional information to add re: SSO or other session-sharing implementations.

---

The common causes for a session mismatch error are usually one of the following:

1. Mis-configured URL parameter in your config.json file

If you have a misconfigured url value in your config.json file, the cookie may be saved incorrectly (or not at all), causing a session mismatch error. Please ensure that the link you are accessing your site with and the url defined match.

2. Improper/malformed cookieDomain set in ACP

Sometimes admins set this value realising that they probably don't need to set it at all. The default is perfectly fine. If this is set, you'll want to revert the setting by editing your database directly:

Redis: hdel config cookieDomain
MongoDB: db.objects.update({ _key: "config" }, { $set: { "cookieDomain": "" } });

3. Missing X-Forwarded-Proto header from nginx/apache

If you are using a reverse proxy, you will need to have nginx pass a header through to NodeBB so it correctly determines the correct cookie secure property.

In nginx, you will need to add the directive like so:

location / {
    ...
    proxy_set_header X-Forwarded-Proto $scheme;
    ...
}

This topic was created as an entry in the Developer FAQ. Respond below if you have additional information to add re: SSO or other session-sharing implementations.

---

The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.

Luckily, it's quite straightforward to get things working with OAuth2!

The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.

Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.

Once everything is working properly, you should be able to register and log in/out via your web app.

By default, NodeBB instances should be able to send email out of the box. However, having the server send emails is not ideal, as the server itself does not have any reputation (and in some cases, may have a negative reputation if a spammer sent messages from the IP in the past).

In nearly all cases, you will want to open up an account with a third-party emailer service, who can handle these outgoing messages for you.

Here at NodeBB, we recommend "nodebb-plugin-emailer-sendgrid", which is installable via the admin control panel. SendGrid has a free tier that is fairly generous, so you should not have to pay any upfront or recurring costs.

Once the plugin is installed and activated, you will need to register a new account at SendGrid and create an API key for NodeBB to use.

@y-h said in ERROR invalid-event:

reinstall this plugin

What plugin are you referring to?

Have you tried running ./nodebb build? Please let us know how you installed the plugin (via npm?)

I've heard that Docker is just an abstraction of LXC... but that makes me wonder if it's just easier to use LXC to begin with.

Admittedly, LXC is a little rough, but LXD is the official abstraction that works quite well.

Oof! That's spectacularly bad timing! However, I suppose it's good that we have two dice roller plugins in the wild now?