RE: register without entering email

Is there any development with this feature request?

For some users it is preferable to be able to signup without forcing them to enter an email address.

Automatically adding a fake email (like my suggestion posted on pastebin above) is not a very elegant solution. Also, scripts that send emails should not be triggered to try sending emails to the fake email addresses.

I like how it's implemented on Reddit - the email field is not mandatory.

Also forcing users to receive emails is not ok for some users.

The /api/ should be added on the left side, not at the end, just tested it:

Example:

https://community.nodebb.org/api/topic/10213/is-there-any-brief-introductions-to-nodebb-apis/

I just tested it and it works.

I installed nodebb-plugin-sanitizehtml, enabled it, and enabled HTML (from Plugins -> Markdown -> Allow HTML).

$ npm install nodebb-plugin-sanitizehtml

Then changed the settings for "allowed attributes" to:

{"a":["href","name","target","rel"],"img":["src","class","alt","title"]}

and "allowed tags" to:

["h1","h2","h3","h4","h5","h6","blockquote","p","a","ul","ol","nl","li","b","img","i","strong","em","strike","code","hr","br","div","table","thead","caption","tbody","tr","th","td","pre"]

Now this should work:

<a href="http://amazon.com/" rel="nofollow">Amazon </a>

I get error:

Session Mismatch
It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page.

When I click [OK] it appears again (infinitely).

My server config is:

upstream io_nodes {
ip_hash;
server 127.0.0.1:4567;
server 127.0.0.1:4568;
server 127.0.0.1:4569;
}

server {
server_name example.com;
listen 192.168.100.42;
listen 192.168.100.42:443 ssl;
listen [::];
listen [::]:443 ssl;
ssl_certificate /home/userhomedir/ssl.cert;
ssl_certificate_key /home/userhomedir/ssl.key;
root /home/userhomedir/public_html;
index index.html index.htm index.php;
access_log /var/log/virtualmin/example.com_access_log;
error_log /var/log/virtualmin/example.com_error_log;

if ($scheme = http) {
return 301 https://$server_name$request_uri;
}

#  if ($host ~ ^www\.) {
#     return 301 https://example.com$request_uri;
#  }

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;

# https://github.com/NodeBB/NodeBB/issues/4734
proxy_set_header X-Forwarded-Proto $scheme;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";


gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

location @nodebb {
proxy_pass http://io_nodes;
}

location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) {
root /home/usernodebb/nodebb/public;
try_files $uri $uri/ @nodebb;
}

location / {
proxy_pass http://io_nodes;       
}    

} # end of server example.com


server {
server_name live.example.com;
listen 192.168.100.42:443 ssl;
listen [::]:443 ssl;
ssl_certificate /home/userhomedir/ssl.cert;
ssl_certificate_key /home/userhomedir/ssl.key;
access_log /var/log/virtualmin/live.example.com_access_log;
error_log /var/log/virtualmin/live.example.com_error_log;

location / {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;

# https://github.com/NodeBB/NodeBB/issues/4734
proxy_set_header X-Forwarded-Proto $scheme;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

proxy_pass http://io_nodes;

} # end of location block

} # end of server live.example.com

My config.json is:

{
    "url": "https://example.com",
    "port": [4567,4568,4569],
    "bind_address": "127.0.0.1",
    "secret": "<hehehe>",
    "database": "mongo",
    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "live.example.com"
    },
    "mongo": {
        "host": "127.0.0.1",
        "port": "27017",
        "username": "nodebb",
        "password": "<hehehe>",
        "database": "nodebb"
    },
    "redis": {
        "host":"127.0.0.1",
        "port":"6379",
        "password":"<hehehe>",
        "database": 0
    }
}

It is not working the same way also if I change

    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "live.example.com"
    },

to

    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "https://live.example.com"
    },

I tried first to visit https://live.example.com first and then https://example.com. This way I don't see the error message. However, when I delete all of the browser cookies and visit https://example.com directly - it shows the same error.

When I visit https://live.example.com/ it did not show the error message, however I don't want visitors to use the subdomain to access the website (because this way caching of images by CloudFlare/Incapsula will not work).

Tried to downgrade socket.io - no effect.

Reported here: https://github.com/NodeBB/NodeBB/issues/5430

julianlam created this issue in NodeBB/NodeBB

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

julianlam created this issue in NodeBB/NodeBB

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

vstoykovbg created this issue in NodeBB/NodeBB

closed Session Mismatch when trying to use separate subdomain for socket.io #5430

Some users don't want spam (and are concerned to give their email address). Others need anonymity and do not want to be fussing with making fake email for the purpose of registration.

I tried also this:

                        emailValid: function (next) {
                                if (userData.email) {
//                                      next(!utils.isEmailValid(userData.email) ? new Error('[[error:invalid-email]]') : null);
                                        next(!(utils.isEmailValid(userData.email) || userData.email==="" ) ? new Error('[[error:invalid-email]]') : null);
                                } else {
                                        next();
                                }

But it looks like there is a validation somewhere else.

I would like to make my NodeBB forum to write a cookie when the

I found the function that is executed when user is logged in successfully: authenticationController.onSuccessfulLogin.

How to make this function also to write a cookie?

I tried to guess, but it did not work:

req.cookie('loggedin', '1');
res.cookie('loggedin', '1');

Also I would like this cookie to be removed when the user is not logged in.

I need this cookie in order to make another layer of caching (for non-logged in users) using Nginx and to test how it will work.

Is it possible this to be made by a plugin?

Is there any development with this feature request?

For some users it is preferable to be able to signup without forcing them to enter an email address.

Automatically adding a fake email (like my suggestion posted on pastebin above) is not a very elegant solution. Also, scripts that send emails should not be triggered to try sending emails to the fake email addresses.

I like how it's implemented on Reddit - the email field is not mandatory.

Also forcing users to receive emails is not ok for some users.

To learn more about the newest big thing in the European legislative spam: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Do you think that the GDPR will kill the small user-generated content platforms based on open-source platforms like NodeBB?

I posted a similar question on Reddit here:

Is open source platforms for forums, social networks, wikis compliant with the GDPR?

@julian said in Feeling the need for speed?:

@vstoykov additional caching is recommended to be handled by third party systems like nginx or varnish.

Scaling - NodeBB Documentation

I am familiar with that (nginx serving static content).

But I mean caching of the dynamic content for non-logged-in users.

Nginx need a cookie to distinguish between logged-in and not logged-in users (because otherwise it would cache personalized dynamic content).

Do you plan to implement second layer caching (to be used in case of traffic surge)?

https://github.com/NodeBB/NodeBB/issues/5418

vstoykovbg created this issue in NodeBB/NodeBB

closed Suggestion: cookie "loggedin" when the visitor is logged in (and deleting the same cookie when visitor is logged out) #5418

I will install more than one NodeBB forum on the same VPS (I don't expect many traffic from the beginning, if traffic increase I will move the forums on another VPS).

I like how nvm works, but I am worried that it's not efficient, because of RAM usage - when running another NodeBB executable it will be loaded in the RAM as different program. If I run several instances of NodeBB with global Node.js install it will take less RAM for the loading of the Node.js executable. Is this correct?

Solve this with:

# chmod o-rwx /var/lib/redis
# chmod o-rwx /var/lib/mongo

If you are the only user with access to the server it's not a big problem. However, it's better to make it inaccessible by other users just in case a cracker get access with non-root user account.

I made it to work.

I tried to post more details here, but I got error:

Error

Post content was flagged as spam by Akismet.com

Here is my original post: http://pastebin.com/5s9jUe6N

Also, Pastebin gave me similar error and I needed to solve a captcha...

@scottalanmiller Do you use CloudFlare for WebSocket requests?

I tried to route WebSocket requests on a subdomain, but it did not work:
https://github.com/NodeBB/NodeBB/issues/5430

See also:

@hek said in Using CloudFlare with NodeBB:

Recommendation

Do NOT use cloudflare (at least not the free plan) on NodeBB when you have a moderate traffic to your forum. Cloudflare seems to silently throttle the traffic resulting in very strange NodeBB behaviour (for some clients) where the simply cut websockets.

The throttled client will see a lot of popups "Looks like your connection to XXX Forum was lost, please wait while we try to reconnect."

In the ngnix error log you will also see lots of:
2017/01/25 09:56:15 [error] 13909#13909: *799654 upstream timed out (110: Connection timed out) while reading response header from upstream, client: xxxxxxxxxxxx.123, server: forum.mysensors.org, request: "GET /socket.io/?EIO=3&transport=polling&t=xxxxx&sid=xxxxxxxxx HTTP/1.1", upstream: "http://127.0.0.1:4568/socket.io/?EIO=3&transport=polling&t=xxxx&sid=xxxxxxx", host: "forum.mysensors.org", referrer: "https://forum.mysensors.org/topic/702/openhab-mqtt-example/2"

It has been kind of hellish to find the root cause.

vstoykovbg created this issue in NodeBB/NodeBB

closed Session Mismatch when trying to use separate subdomain for socket.io #5430

I get error:

Session Mismatch
It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page.

When I click [OK] it appears again (infinitely).

My server config is:

upstream io_nodes {
ip_hash;
server 127.0.0.1:4567;
server 127.0.0.1:4568;
server 127.0.0.1:4569;
}

server {
server_name example.com;
listen 192.168.100.42;
listen 192.168.100.42:443 ssl;
listen [::];
listen [::]:443 ssl;
ssl_certificate /home/userhomedir/ssl.cert;
ssl_certificate_key /home/userhomedir/ssl.key;
root /home/userhomedir/public_html;
index index.html index.htm index.php;
access_log /var/log/virtualmin/example.com_access_log;
error_log /var/log/virtualmin/example.com_error_log;

if ($scheme = http) {
return 301 https://$server_name$request_uri;
}

#  if ($host ~ ^www\.) {
#     return 301 https://example.com$request_uri;
#  }

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;

# https://github.com/NodeBB/NodeBB/issues/4734
proxy_set_header X-Forwarded-Proto $scheme;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";


gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

location @nodebb {
proxy_pass http://io_nodes;
}

location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) {
root /home/usernodebb/nodebb/public;
try_files $uri $uri/ @nodebb;
}

location / {
proxy_pass http://io_nodes;       
}    

} # end of server example.com


server {
server_name live.example.com;
listen 192.168.100.42:443 ssl;
listen [::]:443 ssl;
ssl_certificate /home/userhomedir/ssl.cert;
ssl_certificate_key /home/userhomedir/ssl.key;
access_log /var/log/virtualmin/live.example.com_access_log;
error_log /var/log/virtualmin/live.example.com_error_log;

location / {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;

# https://github.com/NodeBB/NodeBB/issues/4734
proxy_set_header X-Forwarded-Proto $scheme;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

proxy_pass http://io_nodes;

} # end of location block

} # end of server live.example.com

My config.json is:

{
    "url": "https://example.com",
    "port": [4567,4568,4569],
    "bind_address": "127.0.0.1",
    "secret": "<hehehe>",
    "database": "mongo",
    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "live.example.com"
    },
    "mongo": {
        "host": "127.0.0.1",
        "port": "27017",
        "username": "nodebb",
        "password": "<hehehe>",
        "database": "nodebb"
    },
    "redis": {
        "host":"127.0.0.1",
        "port":"6379",
        "password":"<hehehe>",
        "database": 0
    }
}

It is not working the same way also if I change

    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "live.example.com"
    },

to

    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "https://live.example.com"
    },

I tried first to visit https://live.example.com first and then https://example.com. This way I don't see the error message. However, when I delete all of the browser cookies and visit https://example.com directly - it shows the same error.

When I visit https://live.example.com/ it did not show the error message, however I don't want visitors to use the subdomain to access the website (because this way caching of images by CloudFlare/Incapsula will not work).

Tried to downgrade socket.io - no effect.

Reported here: https://github.com/NodeBB/NodeBB/issues/5430

julianlam created this issue in NodeBB/NodeBB

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

julianlam created this issue in NodeBB/NodeBB

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

vstoykovbg created this issue in NodeBB/NodeBB

closed Session Mismatch when trying to use separate subdomain for socket.io #5430

I would like to make my NodeBB forum to write a cookie when the

I found the function that is executed when user is logged in successfully: authenticationController.onSuccessfulLogin.

How to make this function also to write a cookie?

I tried to guess, but it did not work:

req.cookie('loggedin', '1');
res.cookie('loggedin', '1');

Also I would like this cookie to be removed when the user is not logged in.

I need this cookie in order to make another layer of caching (for non-logged in users) using Nginx and to test how it will work.

Is it possible this to be made by a plugin?