Sessions created by Read API and Write API?

Yes, I just did it without the Authorization header, and it didn't increase the session count. However, I was hoping to protect privacy by making these endpoints visible only to registered users.

Hi @julian! Nice to connect again as well! You guys are doing great stuff. When we were deciding which forum software to use for the new forum we were creating in 2020, it didn't take me long to choose NodeBB again!

I'm using v1.13.1 right now. The specific issue is that if I issue this command (with the appropriate master bearer token):

curl -H "Authorization: Bearer XXXXXX" "https://forum.poshenloh.com/api/uid/481?_uid=1"

then in my MongoDB console I see that db.sessions.count() increases by +1. The same thing happens when I go to the Read API endpoint /user/, which is what I really need. More worryingly, if I simply issue:

curl https://forum.poshenloh.com/api/user/sharpotter

with no tokens at all, then our db.sessions.count() also increases by +1, even though the return value is "not-authorized". This seems like it could create an easy DoS attack where our session database fills rapidly. Do you have a suggestion of what to do? Thanks!

Edit: because this was a potential DoS vulnerability, I turned on the privileges to allow guests to "View Users". Now there is no need to authenticate, and the session count does not increase. However, this is not optimal, because I'd like to protect user privacy by blocking access to this page for guests. Thanks!

Thanks! I just added you on Facebook!

I don't want to create a new session for every API request. I was sending requests to the Read API, but I couldn't find clear documentation for it online. So, I just sent the bearer token I had previously generated for the Write API, and made Read API requests to endpoints with "?_uid=1" appended at the end, to authenticate as administrator.

My guess is that the Read API is where all of the sessions were being created. Is there a better way to open one session, make a lot of Read API requests, and then close the session? I'd love to do that. Could you please point me to a code example?

Hi! I have been very happily using NodeBB for the forum on Expii, and I am now deploying a new installation of NodeBB for an online math school that I just opened. For that second installation, I need to coordinate the NodeBB forum with another 3rd-party course management tool, and so I was excited to use the NodeBB Read and Write API's. However, it seems like my sessions are going through the roof. I make many NodeBB API calls each second, and it almost seems like the number of sessions is increasing by at the same rate, at least according to db.sessions.count(). Is this the expected behavior? Is there a way to use the Read/Write API's without creating so many new sessions? Thank you!

Thank you all for posting this plugin! I just upgraded our site's NodeBB to v1.5.3, and was pleasantly surprised to see that this plugin is now fully functional. This was one of my favorite features from the beginning of NodeBB.

Oh, I see! And I just saw your reply appear.

Great! I'll wait until 1.5.0.

Also, as I was watching this thread with my browser open, I noticed that it didn't auto-refresh when there was a new reply. I remember the old version used to do that in real time whenever someone replied and your browser window was open. Will that feature come back too?

Hi guys! I have been out working on other aspects of Expii for several months, and am coming back to our NodeBB installation. Time to upgrade to your new versions.

I am curious: how far along is the support for real time display of users viewing the same thread as you?

Thanks @baris for working on this!

Thanks for your quick reply! I had not been following your release schedule closely. When might you anticipate that release happening? I don't mean to rush you, and will use that information to decide when to inform our groups.

Hooray!

Thanks for letting me know! Over the weekend, we have attracted a number of groups who are looking at our NodeBB-powered forum with significant interest. The feedback has been uniformly enthusiastic, and people have not seen anything like this before!

Will this plugin be compatible with NodeBB v1.3.0, or will we need to wait for the next release? I will install it as soon as it becomes available and stable, as I think it is immensely impactful.

Thank you for working on this!

Thank you for your quick reply! It was extremely helpful.

I have added the 1-line fix to map your from_name field to SendGrid's API. I submitted a PR to the nodebb-plugin-emailer-sendgrid GitHub repo, so that hopefully others can benefit too. This is the first time I have submitted a PR to an open source project, so I hope I did the procedure correctly.

The 1-line fix works on our installation, and I am now receiving emails which have a proper From name!

By the way, @baris, it appears that your deployment of SendGrid here in community.nodebb.org also does not put a human-readable "From" name when it sends email. The header is simply:

From: [email protected]

Is this considered to be a bug in the plugin, or does this happen with all mailer plugins? @teh_g with your Mailgun plugin do the emails come with a From name in addition to the bare email address, like this instead?

From: "Forum Team" [email protected]

Thanks again for your assistance. I now have emailing set up on our NodeBB installation, and this is great! We're using SendGrid. Everything has gone extremely smoothly, except for one item: it seems that the "From" field only shows the bare email address, without the human-readable display name, even though I have set the field appropriately in your Admin Control Panel, in Email Settings > From Name. Do you know if this is a known bug in the plugin?

Thank you!

Thanks for your replies! I'll check these out.

As I explore all of the features in v1.3.0, I continue to be amazed. Our community of math enthusiasts spans the globe, and the fact that your forum is already translated into other languages is incredible.

I'm now working with some of those communities to try out our NodeBB deployment. Since these communities are building a new online presence here from zero, it would be very useful to be able to send emails which notify them when there is activity. I see a large number of email plugins. Which one do you use for this deployment on community.nodebb.org? What are the currently recommended best practices?

Thanks for answering all of my questions. As these communities come on and see how awesome NodeBB is, I think that we'll be able to help you translate your interface into even more languages via your Transifex project.

Thank you for your quick reply, and for sharing your opinion on the feature. It really helps my confidence to know that you value it highly. I think that it can fundamentally transform the landscape of several communities with which I am now working. I will tell them that it's coming back soon, and even speak of it as a feature to count on.

Speaking of real-time, your system certainly works well in notifying me that there was a response to this thread. It is so neat to sense that a community is alive.

Wow, you guys are so fast at replying. Thank you for letting me know where the status is. Do you know how long it typically takes for a PR like that to be merged into socket.io-redis? I see that there are 11 open PR's right now, some of which are quite old. Is there anything I can do to help accelerate the process, e.g., by commenting to show that more people find this helpful?

After the PR merges in, when might you estimate to finish the plugin? (Also, would I need to upgrade NodeBB to a development or testing branch, or would it work with a stable release like v1.3.0?) I'm asking because I'm trying to gauge whether to inform this potential community of enthusiast educators that this will likely be released soon. They're trying to decide on which platform to use for their collaboration to organize educational material around a new set of learning standards, and I would like to propose for them to try using NodeBB + Expii instead of their existing combination of Twitter + Discussion Groups + Shared Documents.

I think that the real-time features would push this over the tipping point, as there are very few other systems with the same real sense of community. I remember how wowed I was when I first saw it myself, and I would be thrilled to introduce more and more groups to your platform technology.

Hi there!

I have been an enormous fan of NodeBB since discovering it in April 2014. We used it to power our forums for our free math+science learning site, and we appreciate your listing Expii on your front page of companies using your software!

I just installed the fresh NodeBB (1.3.0), and I am amazed by how great it is. There is even a plugin to support math input, which is was a major feature request for our community! The whole forum looks extremely well-designed and professional, and it feels smooth. Congratulations on some great work!

I noticed that one feature had been taken out: the real-time list of people viewing the thread you were looking at. I found a discussion thread about this from the beginning of this year:
https://community.nodebb.org/topic/7880/what-happened-with-the-users-viewing-a-topic-feature

Do you have any plans to release a plugin which would bring this back? Back when I was choosing our forum platform (April 2014), that was the feature which really got me super-excited about NodeBB. Unlike all other forum systems, this one felt like you were actually among people, and not just interacting with a website.

Our upcoming use case would make this particularly valuable. We are a community-built learning website, in the sense that all of the content is user-generated, and shared via the Creative Commons License. There are communities around the world which would be interested in collaborating on this project, and I think that the real-time feature would really help to bring all of us together. (One upcoming feature will focus on the enthusiast teacher community, and I believe that the real-time community would deliver something for them that they do not have similar access to today.)

We're completing an overhaul of design site-wide, and are looking forward to a re-launch of our forum, where it will be properly linked to from various parts of our site. (A previous design update had taken out many of the links while concentrating on polishing the core product, but now we're ready to integrate deeply with community features.)

Thank you for your great work. Our platform is expanding in usage, and I would be thrilled to introduce the community of learners and educators to NodeBB as the next-generation community platform.