vstoykov

vstoykov

Is there any development with this feature request?

For some users it is preferable to be able to signup without forcing them to enter an email address.

Automatically adding a fake email (like my suggestion posted on pastebin above) is not a very elegant solution. Also, scripts that send emails should not be triggered to try sending emails to the fake email addresses.

I like how it's implemented on Reddit - the email field is not mandatory.

Also forcing users to receive emails is not ok for some users.

vstoykov

The /api/ should be added on the left side, not at the end, just tested it:

Example:

https://community.nodebb.org/api/topic/10213/is-there-any-brief-introductions-to-nodebb-apis/

vstoykov

I just tested it and it works.

I installed nodebb-plugin-sanitizehtml, enabled it, and enabled HTML (from Plugins -> Markdown -> Allow HTML).

$ npm install nodebb-plugin-sanitizehtml

Then changed the settings for "allowed attributes" to:

{"a":["href","name","target","rel"],"img":["src","class","alt","title"]}

and "allowed tags" to:

["h1","h2","h3","h4","h5","h6","blockquote","p","a","ul","ol","nl","li","b","img","i","strong","em","strike","code","hr","br","div","table","thead","caption","tbody","tr","th","td","pre"]

Now this should work:

<a href="http://amazon.com/" rel="nofollow">Amazon </a>

vstoykov

I get error:

Session Mismatch
It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page.

When I click [OK] it appears again (infinitely).

My server config is:

upstream io_nodes {
ip_hash;
server 127.0.0.1:4567;
server 127.0.0.1:4568;
server 127.0.0.1:4569;
}

server {
server_name example.com;
listen 192.168.100.42;
listen 192.168.100.42:443 ssl;
listen [::];
listen [::]:443 ssl;
ssl_certificate /home/userhomedir/ssl.cert;
ssl_certificate_key /home/userhomedir/ssl.key;
root /home/userhomedir/public_html;
index index.html index.htm index.php;
access_log /var/log/virtualmin/example.com_access_log;
error_log /var/log/virtualmin/example.com_error_log;

if ($scheme = http) {
return 301 https://$server_name$request_uri;
}

#  if ($host ~ ^www\.) {
#     return 301 https://example.com$request_uri;
#  }

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;

# https://github.com/NodeBB/NodeBB/issues/4734
proxy_set_header X-Forwarded-Proto $scheme;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";


gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

location @nodebb {
proxy_pass http://io_nodes;
}

location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) {
root /home/usernodebb/nodebb/public;
try_files $uri $uri/ @nodebb;
}

location / {
proxy_pass http://io_nodes;       
}    

} # end of server example.com


server {
server_name live.example.com;
listen 192.168.100.42:443 ssl;
listen [::]:443 ssl;
ssl_certificate /home/userhomedir/ssl.cert;
ssl_certificate_key /home/userhomedir/ssl.key;
access_log /var/log/virtualmin/live.example.com_access_log;
error_log /var/log/virtualmin/live.example.com_error_log;

location / {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;

# https://github.com/NodeBB/NodeBB/issues/4734
proxy_set_header X-Forwarded-Proto $scheme;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

proxy_pass http://io_nodes;

} # end of location block

} # end of server live.example.com

My config.json is:

{
    "url": "https://example.com",
    "port": [4567,4568,4569],
    "bind_address": "127.0.0.1",
    "secret": "<hehehe>",
    "database": "mongo",
    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "live.example.com"
    },
    "mongo": {
        "host": "127.0.0.1",
        "port": "27017",
        "username": "nodebb",
        "password": "<hehehe>",
        "database": "nodebb"
    },
    "redis": {
        "host":"127.0.0.1",
        "port":"6379",
        "password":"<hehehe>",
        "database": 0
    }
}

It is not working the same way also if I change

    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "live.example.com"
    },

to

    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "https://live.example.com"
    },

I tried first to visit https://live.example.com first and then https://example.com. This way I don't see the error message. However, when I delete all of the browser cookies and visit https://example.com directly - it shows the same error.

When I visit https://live.example.com/ it did not show the error message, however I don't want visitors to use the subdomain to access the website (because this way caching of images by CloudFlare/Incapsula will not work).

Tried to downgrade socket.io - no effect.

Reported here: https://github.com/NodeBB/NodeBB/issues/5430

julianlam created this issue in NodeBB/NodeBB

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

julianlam created this issue in NodeBB/NodeBB

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

vstoykovbg created this issue in NodeBB/NodeBB

closed Session Mismatch when trying to use separate subdomain for socket.io #5430

vstoykov

Some users don't want spam (and are concerned to give their email address). Others need anonymity and do not want to be fussing with making fake email for the purpose of registration.

I tried also this:

                        emailValid: function (next) {
                                if (userData.email) {
//                                      next(!utils.isEmailValid(userData.email) ? new Error('[[error:invalid-email]]') : null);
                                        next(!(utils.isEmailValid(userData.email) || userData.email==="" ) ? new Error('[[error:invalid-email]]') : null);
                                } else {
                                        next();
                                }

But it looks like there is a validation somewhere else.

vstoykov

I would like to make my NodeBB forum to write a cookie when the

I found the function that is executed when user is logged in successfully: authenticationController.onSuccessfulLogin.

How to make this function also to write a cookie?

I tried to guess, but it did not work:

req.cookie('loggedin', '1');
res.cookie('loggedin', '1');

Also I would like this cookie to be removed when the user is not logged in.

I need this cookie in order to make another layer of caching (for non-logged in users) using Nginx and to test how it will work.

Is it possible this to be made by a plugin?

vstoykov

Is there any development with this feature request?

For some users it is preferable to be able to signup without forcing them to enter an email address.

Automatically adding a fake email (like my suggestion posted on pastebin above) is not a very elegant solution. Also, scripts that send emails should not be triggered to try sending emails to the fake email addresses.

I like how it's implemented on Reddit - the email field is not mandatory.

Also forcing users to receive emails is not ok for some users.

vstoykov

To learn more about the newest big thing in the European legislative spam: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Do you think that the GDPR will kill the small user-generated content platforms based on open-source platforms like NodeBB?

I posted a similar question on Reddit here:

vstoykov

r/privacy - Is open source platforms for forums, social networks, wikis compliant with the GDPR?

2 votes and 7 comments so far on Reddit

vstoykov

@julian said in Feeling the need for speed?:

@vstoykov additional caching is recommended to be handled by third party systems like nginx or varnish.

Scaling - NodeBB Documentation

I am familiar with that (nginx serving static content).

But I mean caching of the dynamic content for non-logged-in users.

Nginx need a cookie to distinguish between logged-in and not logged-in users (because otherwise it would cache personalized dynamic content).

vstoykov

Do you plan to implement second layer caching (to be used in case of traffic surge)?

https://github.com/NodeBB/NodeBB/issues/5418

vstoykovbg created this issue in NodeBB/NodeBB

closed Suggestion: cookie "loggedin" when the visitor is logged in (and deleting the same cookie when visitor is logged out) #5418

vstoykov

I will install more than one NodeBB forum on the same VPS (I don't expect many traffic from the beginning, if traffic increase I will move the forums on another VPS).

I like how nvm works, but I am worried that it's not efficient, because of RAM usage - when running another NodeBB executable it will be loaded in the RAM as different program. If I run several instances of NodeBB with global Node.js install it will take less RAM for the loading of the Node.js executable. Is this correct?

vstoykov

Solve this with:

# chmod o-rwx /var/lib/redis
# chmod o-rwx /var/lib/mongo

If you are the only user with access to the server it's not a big problem. However, it's better to make it inaccessible by other users just in case a cracker get access with non-root user account.

vstoykov

I made it to work.

I tried to post more details here, but I got error:

Error

Post content was flagged as spam by Akismet.com

Here is my original post: http://pastebin.com/5s9jUe6N

Also, Pastebin gave me similar error and I needed to solve a captcha...

vstoykov

@scottalanmiller Do you use CloudFlare for WebSocket requests?

I tried to route WebSocket requests on a subdomain, but it did not work:
https://github.com/NodeBB/NodeBB/issues/5430

closed Session Mismatch when trying to use separate subdomain for socket.io #5430

vstoykov

I get error:

Session Mismatch
It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page.

When I click [OK] it appears again (infinitely).

My server config is:

upstream io_nodes {
ip_hash;
server 127.0.0.1:4567;
server 127.0.0.1:4568;
server 127.0.0.1:4569;
}

server {
server_name example.com;
listen 192.168.100.42;
listen 192.168.100.42:443 ssl;
listen [::];
listen [::]:443 ssl;
ssl_certificate /home/userhomedir/ssl.cert;
ssl_certificate_key /home/userhomedir/ssl.key;
root /home/userhomedir/public_html;
index index.html index.htm index.php;
access_log /var/log/virtualmin/example.com_access_log;
error_log /var/log/virtualmin/example.com_error_log;

if ($scheme = http) {
return 301 https://$server_name$request_uri;
}

#  if ($host ~ ^www\.) {
#     return 301 https://example.com$request_uri;
#  }

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;

# https://github.com/NodeBB/NodeBB/issues/4734
proxy_set_header X-Forwarded-Proto $scheme;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";


gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

location @nodebb {
proxy_pass http://io_nodes;
}

location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) {
root /home/usernodebb/nodebb/public;
try_files $uri $uri/ @nodebb;
}

location / {
proxy_pass http://io_nodes;       
}    

} # end of server example.com


server {
server_name live.example.com;
listen 192.168.100.42:443 ssl;
listen [::]:443 ssl;
ssl_certificate /home/userhomedir/ssl.cert;
ssl_certificate_key /home/userhomedir/ssl.key;
access_log /var/log/virtualmin/live.example.com_access_log;
error_log /var/log/virtualmin/live.example.com_error_log;

location / {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;

# https://github.com/NodeBB/NodeBB/issues/4734
proxy_set_header X-Forwarded-Proto $scheme;

# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

gzip            on;
gzip_min_length 1000;
gzip_proxied    off;
gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

proxy_pass http://io_nodes;

} # end of location block

} # end of server live.example.com

My config.json is:

{
    "url": "https://example.com",
    "port": [4567,4568,4569],
    "bind_address": "127.0.0.1",
    "secret": "<hehehe>",
    "database": "mongo",
    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "live.example.com"
    },
    "mongo": {
        "host": "127.0.0.1",
        "port": "27017",
        "username": "nodebb",
        "password": "<hehehe>",
        "database": "nodebb"
    },
    "redis": {
        "host":"127.0.0.1",
        "port":"6379",
        "password":"<hehehe>",
        "database": 0
    }
}

It is not working the same way also if I change

    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "live.example.com"
    },

to

    "socket.io": {
        "transports": ["websocket", "polling"],
        "address": "https://live.example.com"
    },

I tried first to visit https://live.example.com first and then https://example.com. This way I don't see the error message. However, when I delete all of the browser cookies and visit https://example.com directly - it shows the same error.

When I visit https://live.example.com/ it did not show the error message, however I don't want visitors to use the subdomain to access the website (because this way caching of images by CloudFlare/Incapsula will not work).

Tried to downgrade socket.io - no effect.

Reported here: https://github.com/NodeBB/NodeBB/issues/5430

julianlam created this issue in NodeBB/NodeBB

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

julianlam created this issue in NodeBB/NodeBB

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

vstoykovbg created this issue in NodeBB/NodeBB

closed Session Mismatch when trying to use separate subdomain for socket.io #5430

vstoykov

I would like to make my NodeBB forum to write a cookie when the

I found the function that is executed when user is logged in successfully: authenticationController.onSuccessfulLogin.

How to make this function also to write a cookie?

I tried to guess, but it did not work:

req.cookie('loggedin', '1');
res.cookie('loggedin', '1');

Also I would like this cookie to be removed when the user is not logged in.

I need this cookie in order to make another layer of caching (for non-logged in users) using Nginx and to test how it will work.

Is it possible this to be made by a plugin?

vstoykov

@vstoykov

Best posts made by vstoykov

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

closed Session Mismatch when trying to use separate subdomain for socket.io #5430

Latest posts made by vstoykov

r/privacy - Is open source platforms for forums, social networks, wikis compliant with the GDPR?

closed Suggestion: cookie "loggedin" when the visitor is logged in (and deleting the same cookie when visitor is logged out) #5418

closed Session Mismatch when trying to use separate subdomain for socket.io #5430

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

closed Ensure cookie is secure even if NodeBB does not handle the SSL certificate #4734

closed Session Mismatch when trying to use separate subdomain for socket.io #5430