nodebb / nodebb Goto Github PK

As on tin. Said dependency hasn't been updated in two years plus, and node ships with crypto support already.

EDIT: This is also applicable to npm package dependency "path", which also is a builtin.

add some padding to the bottom

As described above. I guess you either need to limit picture upload size in pixels or restrict the size on display.

userData[uid].username || 'anonymous', postTools.js line 155, doesn't happen all the time

https://github.com/designcreateplay/NodeBB/blob/master/src/routes/user.js#L115

I smell security issues with this, probably directory traversal; probably in that you're only working with / and not \ too. Let path do the job it is made to do.

http://nodejs.org/api/path.html

Use path.normalize to prevent directory traversal, path.relative to change the path we're aimed towards...etc.

websockets: anything not "important" (ex. calls to get total # of people, or people logging into a topic) should be disabled on mobile. And most especially stuff that isn't visible anyways. I think it slows down old phones

[email protected]

https://github.com/designcreateplay/NodeBB/blob/master/public/src/utils.js#L88

As on tin; would also make creation of a --help command much easier and make it a bit easier to determine how to run or configure the application from commandline.

Either need a X to delete them or remove them after they are clicked on.

JS error on try.nodebb.org

document.getElementById('thread_active_users').innerHTML = active;

hard to repro.

uid 1 is hardcoded as administrator in Redis, though on user creation, the user's administrator hash is defaulted to 0.

When you try to login with incorrect details or non-existant account there is no error/warrning message.

1. Opening a new composer window while another is already open causes both window buttons to become active
2. Restoring/unminimizing a composer window should cause the other buttons to reset to default (inactive) state
3. Shenanigans when toggling through windows

Third-party hosted redis databases usually have passwords.

I needed to add support of a password on Redis as I use an external service.
I added the following two lines to redis.js at line 9 (just after the redis.createClient line):

if( global.config.redis.password ) {
    RedisDB.exports.auth(global.config.redis.password);
}

Hi

I think it would make more sense to move the chat button from the bottom bar of the post to somewhere near the user's picture. The chat function has something to do with the user while all other buttons down there have something to do with the post itself.

See screenshot.

Really cool project!

Here's the error:

trying to upload to : /nodebb/public/uploads/photo.png

events.js:72
throw er; // Unhandled 'error' event
^
Error: spawn ENOENT
at errnoException (child_process.js:980:11)
at Process.ChildProcess._handle.onexit (child_process.js:771:34)

Edit: upon restart of the app, I can see that the upload did take place successfully

I have created two topics till now, and whatever replies I post more than 11 under a topic, they end up not being displayed. They show up in Recent posts, and redis as well, but not in the UI. Am I missing something ? Like pagination buttons or so?

As per: https://npmjs.org/doc/json.html

people fields: author, contributors

The "author" is one person. "contributors" is an array of people. A "person" is an object with a "name" field and optionally "url" and "email", like this:

{ "name" : "Barney Rubble"
, "email" : "[email protected]"
, "url" : "http://barnyrubble.tumblr.com/"
}

...also relevant:

If there is an AUTHORS file in the root of your package, npm will treat each line as a Name <email> (url) format, where email and url are optional. Lines which start with a # or are blank, will be ignored.

That may be a better solution than relying on the author or contributors field. :)

Further issue: no repository type is stated in package.json. Just add "type":"git" to the object for repository for compliance and proper parsing.

Doesn't work on this version of Chrome. Getting the following socket.io related error.

Failed to load resource: the server responded with a status of 500 (Internal Server Error)

Stack trace

GET http://localhost:4567/socket.io/1/?t=1371463646460 500 (Internal Server Error) socket.io.js:1659
Socket.handshake socket.io.js:1659
Socket.connect socket.io.js:1699
Socket socket.io.js:1551
io.connect socket.io.js:94
$.ajax.success app.js:15
fire jquery.js:3074
self.fireWith jquery.js:3186
done jquery.js:8253
callback jquery.js:8796
send jquery.js:8802
jQuery.extend.ajax jquery.js:8154
(anonymous function) app.js:9
(anonymous function) app.js:294

Should use the last post date in the topic for the sorting

The exact license is not mentioned neither in the readme nor in the package.json. Which license are you using? MIT, GPL etc.

Here's the error:

nodebb/node_modules/redis/index.js:535
throw err;
^
Error: write after end
at writeAfterEnd (_stream_writable.js:130:12)
at Gzip.Writable.write (_stream_writable.js:178:5)
at ServerResponse.res.write (/home/andy/dev/node/nodebb/nodebb/node_modules/connect/lib/middleware/compress.js:86:18)
at ServerResponse.res.end (/home/andy/dev/node/nodebb/nodebb/node_modules/connect/lib/middleware/compress.js:91:23)
at /home/andy/dev/node/nodebb/nodebb/node_modules/connect/lib/middleware/session.js:286:13
at /home/andy/dev/node/nodebb/nodebb/node_modules/connect-redis/lib/connect-redis.js:130:18
at try_callback (/home/andy/dev/node/nodebb/nodebb/node_modules/redis/index.js:532:9)
at RedisClient.return_reply (/home/andy/dev/node/nodebb/nodebb/node_modules/redis/index.js:614:13)
at ReplyParser. (/home/andy/dev/node/nodebb/nodebb/node_modules/redis/index.js:266:14)
at ReplyParser.EventEmitter.emit (events.js:95:17)

The local function set_up_posts should be deprecated in favour of delegated events in the $(document).ready() block in the same file.

I see the Users section under /admin but there is no way to delete a user or disable an account or change permissions on an account that I can find, is there a way to do any of this?

The formatting section looks like this: http://imgur.com/Q2p9gWk

But the links are present and do work fine.

The lis inside of the composer bar have a href of #, causing ajaxify to trigger.

It doesn't give rep but the post remains favourited after reload.

when a topic is moved from one category to another the topic_count of those categories should change. -1 from the old category +1 to the new category.

As stated above, there's zero csrf protection. This can be done in express already with express.csrf (reference express documentation).

If u make a post to a topic and go to the home page the category that topic is in is highlighted red. It shouldn't be highlighted

Related to issue #32, when a user registers, a slug should be generated, and whenever the change their name, or when a new user registers, slugs need to be compared.

Right now, users can register nearly identical usernames by using different cases (julian vs. Julian vs juLIAN)

On ajaxify.go, ajaxify.onclick should not be iteratively bound to every anchor element in the page.

Changing ajax.enable to:

$(document.body).on('click', 'a', ajaxify.onclick);  // this code is untested

and making sure that ajax.enable is only called in $('document').ready() should be enough to have all anchors accounted for at all times, even after the HTML in #content changes.

express comes with res.json() for sending json back with proper mimetype and stringification; why not use it? Easier to read.

This is a minor issue, I'm sure, but when a new view is loaded, there is a slight flicker possibly due to the scroll bar. It seems to render before the scrollbar then flick back when the scrollbar is present. This is the case even when both views required the scroll bar.

This is only really an issue because it loads so fast, but sorting this would make it much easier on the eye.

Related to this is the fade out/in of the views. Personally, I think it works much better without it (setting hide/show instead of fadeIn/fadeOut.

A user account is currently accessed via URL by their username (/users/julian), although for some social accounts (namely Facebook and Google), spaces are used, which while not technically broken, could do with some prettifying, since it currently saves as (/users/Julian%20H.%20Lam).

On user creation, a slug should be assigned to the user, and this should be the user's canonical username (as opposed to a display name)

Seemingly websocket related - features that require websockets just don't work. Not sure if this is an issue for Safari on Macs but I'll assume yes.

Need to create a 404 route as well, and send users to it instead of /403

If an app.alert is made with timeout and alert_id values set, and another timeout is made with the same alert_id, the old setTimeout(); is not cleared to make way for the new timeout, so the alert fades away prematurely.

Reproduction steps

1. `app.alert({ alert_id: 'foo', timeout: 10000 });
2. Wait five seconds.
3. `app.alert({ alert_id: 'foo', timeout: 10000 });
4. Alert disappears after another five seconds, instead of the expected ten.

seems like a sorting issue, post made more recently appear at the bottom of the recent replies section