superpowers / superpowers-core Goto Github PK

If an asset takes a while to be written to disk or is written to disk in several steps, it could be deleted while in middle of saving. Other similar non-atomic operations involving async callbacks might clash and lead to crashes. This is a theoretical issue at this point, but something we should tackle before it bites us.

The best approach is to create a type of asset that takes 5s+ to write itself to disk (by adding a setTimeout between steps) and then provoking a bug by doing a conflicting action while that is happening.

Then we can fix it properly by having global locks that must be acquired before a long-running operation can start.

npm modules to look into: https://www.npmjs.com/package/async-lock and https://www.npmjs.com/package/rwlock.

Whenever i'm trying to start the server, it crashes immediately, trying to locate the templates.json file in .DS_Store before looking into the supGame folder. You can start the server if you remove the file, but you'll have to do it every time you want to start it.

App threw an error when running { [Error: ENOTDIR: not a directory, open '../superpowers-master/systems/.DS_Store/public/templates.json']
errno: -20,
code: 'ENOTDIR',
syscall: 'open',
path: '../superpowers-master/systems/.DS_Store/public/templates.json' }

Plugins should use SupClient.registerPlugin in some agreed-upon bundle (public/bundles/import.js?) to declare accepted media types or extensions and expose import methods.

In client/src/project/index.ts, we can load up the import.js bundles for each plugin (similar to how we load documentation.js bundles)

Then, in onTreeViewDrop, we should look through event.dataTransfer.files for media type or extensions matches. If there are multiple matches, open a dialog to ask the user to choose what to do.

Finally, call the exposed import methods which will use ProjectClient to edit the project, and see assets be magically imported! :O

See also superpowers/superpowers-game#30

Electron problem: Drag'n'drop Web page.

Hi !

I found a problem when I drag and drop a website adress into the electron application of Superpowers.
The application loads the link but you cannot go back and any of the links in the electron app don't run in some cases.

Best regards.

Nattack

Socket.IO 1.4 no longer has a hard dependency on the native bufferutil module which is nice as it will remove many spurious errors from the build for people who don't have Python + a C++ compiler installed. Also it has cool new features / better perf.

• Update package.json to reference ~1.4.4
• Figure out how the internal adapter.rooms API changed and update RemoteProjectClient.ts consequently
• Update Socket.IO-client to 1.4 in the socketio plugin of Superpowers Game

I just find a bug, in the master version and in the 0.17 version.
If you try to delete a file when you have it opened the server crash with this error :

2016-01-06 22:11:06 - The server crashed.
TypeError: Cannot read property 'socket' of undefined
    at superpowers\server\RemoteProjectClient.js:198:49
    at Entries.TreeById.remove (superpowers\SupCore\Data\Base\TreeById.js:165:9)
    at Entries.remove (superpowers\SupCore\Data\Entries.js:85:33)
    at superpowers\server\RemoteProjectClient.js:185:55
    at superpowers\node_modules\async\lib\async.js:718:13
    at Immediate.iterate [as _onImmediate] (superpowers\node_modules\async\lib\async.js:262:13)
    at processImmediate [as _immediateCallback] (timers.js:383:17)

Following http://docs.superpowers-html5.com/en/getting-started/first-game

The editor does not support Command-X,C,V consistently.

Right-click menu does work.

A Superpowers server provides client JS code that is then run by the browser or Electron. In the browser, that JS code is sandboxed. But in Electron, the JS code needs full access to be able to do all kinds of useful stuff:

• Run things like love.exe in Superpowers LÖVE
• Export projects to disk

In the future, we might be able to sandbox the server-provided client JS code and provide a limited set of native APIs from the launcher with explicit permission request dialogs.

For now, we should add a clear warning to the "Add Server" popup that only trusted servers should be connected to. Connecting to a server through the app is equivalent to running a binary from them.

I understand you have a forum, at html5gamedevs, there are largest community members you should be made SuperPowers a presence there and most of us already have user accounts. Hope to see you there!

http://www.html5gamedevs.com/

If the Superpowers server happens to crash, it is important that files are fully written to minimize the risk of user data corruption.

We should have a facility that writes to a temporary file and then renames it in an atomic operation on top of the existing file when it is done writing. There are probably npm modules to do this. The following is important:

• The API we expose to plugins and systems should be simple to use and fool-proof
• The temporary files should have a unique name and be created next to the final files, so that if and when we crash, the temporary files can be easily located and used for data recovery.

To be consistent, we should use the part after superpowers- in the repository name as the system folder name. Same for markSlide (should be markslide) and supWeb (should be web).

• Automate the 3 folder renames by checking if they exist with fs.statSync (ensure .isDir is true) and do a fs.renameSync call in https://github.com/superpowers/superpowers/blob/master/scripts/build.js
• Bump currentFormatVersion to 4 and update pub.system if oldFormatVersion <= 3 in https://github.com/superpowers/superpowers/blob/master/SupCore/Data/ProjectManifest.ts

Mac, Yosemite, 10.10.4

So there's no other option to workaround "Uncontrollably Fast Zoom In and Out" issue for Magic Trackpad users:
#62

When clicking the Publish project button (http://docs.superpowers-html5.com/en/getting-started/publishing-your-game), rather than always downloading a ZIP archive of your exported game, a system and/or maybe one of its plugins should be able define different options.

Some use cases:

• Push a static website on GitHub Pages with Superpowers Web
• Upload a game or an update directly to itch.io with Superpowers Game or LÖVE
• Install or update a Minecraft resource pack and launch Minecraft with it
• etc.

Should we be using ES5 strict mode for performance and/or better runtime error detection?

If so, do we need to put the "use strict"; marker in each file? Only the entry files for Node.js? What about browserified modules? Is it enough to put it at the top of the browserify bundles, or do we need one inside each module like strictify does?

Mac, Yosemite, 10.10.4

ctrl + plus zooms in and ctrl + minus zooms out.
alt + plus zooms in and alt + minus zooms out.
shift + plus zooms in and shift + minus zooms out.

Just zoom in and out using above methods as much as you like and then use zoom function with cmd key... It zooms one level up once and/or one level down once, later stops zooming as if no keys pressed... then try to zoom in and out using ctrl, alt or shift keys, nothing happens until you pressed + or - twice then it zooms in or out again as expected.

With the recently added node server install $SYSTEM_ID command, we can now install the latest release of a system quite easily from the command line. Also node server init $SYSTEM_ID is a new command for generating a system skeleton for developers. Here are some improvements we should look at:

• Use yargs for parsing arguments in server/index.ts as in server/paths.ts (and share the parser)
• Double-check that the server isn't running before doing anything on it (lockfile!)
• Install a system from sources: node server install --source $SYSTEM_ID. This should clone the GitHub repository, init submodules and build the system
• Install a particular plugin: node server install $SYSTEM_ID:$PLUGIN_AUTHOR/$PLUGIN_NAME
• Add support for generating plugin skeleton with node server init $SYSTEM_ID:$PLUGIN_AUTHOR/$PLUGIN_NAME
• Allow adding the common plugins submodule with --add-common maybe?

The URL should probably be something like ?build=latest instead of current ?build=buildId.

At least this particular section need modification.
https://github.com/superpowers/superpowers/blob/9fcff9f0bad576729f22fbd3c8c1aa56a721d04c/server/index.ts#L121

We've been using let for declaring variables almost everywhere. This is a good thing, as it is better-behaved than var (yay for block-scoping!).

But ES6 / TypeScript actually comes with const keyword. As a general rule, we should use it whenever possible, that is, whenever the variable identifier isn't meant to be reassigned.

Rationale: It will make variable identifiers that are meant to be reassigned easier to locate, and will reduce the likelihood of accidental reassignements.

The const declaration creates a read-only reference to a value. It does not mean the value it holds is immutable, just that the variable identifier cannot be reassigned.

Doing this in the whole codebase all at once might be a pain, so feel free to submit a pull request that just takes care of a file or two. Over time, we'll get there.

Quoting https://twitter.com/paprikorange/status/687225738026729472:

@SuperpowersDev do you already have contact to Nintendo? They could promote you on https://wiiu-developers.nintendo.com/ like Construct 2 & Co

I didn't find the docs source code, so I figured I would just create an issue here.
I think you should mention that when an ArcadeBody2D.Body is attached to an Actor you cannot use setPosition or setLocalPosition on this Actor. Of course it makes sense, but I just spent half an hour debugging my code and it wasn't obvious at all :P
I know you are all really busy, so if the docs are available just tell me where they are and I will make the modification myself 👍

For instance, on Unix, ~/.local/share might not exist.

Basically, the change amounts to importing mkdirp and replacing the call to fs.mkdirSync here: https://github.com/superpowers/superpowers/blob/5aa494a71e63cf465253390f68a3166b99c32921/server/paths.ts#L41 with mkdirp.sync.

I spend some time around server/authenticate.ts and have some considerations regarding the way it is handled.

Firstly the password must be stored hashed. If the server is ever taken over from another way it shall not give this indication easily.

Secondly the use of a stronger way to compare credentials is a must have. Currently a brute-force attack would be easily executed. Something like bcrypt is a great first step. A credentials validation has to be slow.

Thirdly I looked over some network exchanges - just from the web developers tool in iceweasel - and I saw a lot of GET request containing {password, login}. This duple seems to be stored in a cookie ... in plain text. That's a big no no. Is the identification taking place at every exchange ? If so, it should not.

I am not used to nodeJS nor websocket so I need some time before going further but these behaviors are dangerous.
Obviously this is nearly useless without https, but this point needs it own issue.

Hi ! First, congrats for the open-sourcing ! That's an awesome project :)

I have a question regarding plugins and package management :
Currently the plugins used by a system are stored (and versioned) in the plugins/ directory under different namespaces. Some plugins are used in different systems (common) and are fetched using git submodules.

As every plugin has a package.json in superpowers, why not just using npm to resolve plugins dependencies ? (and, potentially, to use systems as superpowers dependencies ?)

This may bring many benefits: maintainability, installing and updating plugins from cli/ui, nested dependencies...

I made some quick tests if you are interested. This is just a proof of concept (a quick hack on the system loader).

If you want to test it, just clone the repo ([email protected]:risq/superpowers.git), checkout on externalized-plugins, clone the official superpowers-game into ./systems.

Then manually delete plugins/default/font and build superpowers. Add the external font plugin (https://github.com/risq/superpowers-game-sparklinlabs-font-plugin) dependency with npm i risq/superpowers-game-sparklinlabs-font-plugin --save. Run the server, you should see the fonts plugin properly loaded.

Tell me what you think about this, and thanks for your great work !

Maybe the badge update is sent before the entry itself?

Uncaught TypeError: Cannot read property 'byId' of undefined
onBadgeSet @ index.js:393
Emitter.emit @ SupClient.js:1569Socket.onevent

fr/common.json as contributed by @Pangoraw translates "Upload" as "Télécharger". We often use "Download" and "Upload" together, so it leads to confusion:

We might want to use "Téléverser", although from a quick strawpoll I did a while ago, there are still lots of people who have never heard the word.

cc @Cosmikats @Pangoraw

We probably don't want to always synchronize the selection from the active tab since it can be troublesome sometimes. But when you explicitly look for an asset, it probably makes sense ?
Any thoughts ?

OK, I think we finally have a decent proposal for how to deal with user authentication and settings in Superpowers. Feedback welcome!

First of all, some goals:

• Avoid single points of failure and costly (both money- and time-wise) centralized infrastructure
• Maintain the ability to join a server temporarily without maintaining an account
• Automate as much as possible so users don't have to do drudge work

And some non-goals:

• We can't protect users from malicious server owners storing a user's password, because the client JS code is provided by the server. This is a core aspect of Superpowers's design and as such, users should only connect to servers they trust and for added security, use a different, unpredictable password on every server. See #53

Now, with that in mind, here's the proposed design:

Authentication

We'll use passport as the authentication framework, along with a text-based store (with in-memory cache) for user accounts and session objects. We could use sqlite but it seems overkill for the small amount of users and connections a Superpowers server will have. Plus being text-based means one could easily version or duplicate the server membership information, if desired.

The global server password will be re-purposed as an optional key for restricting access to the sign up form and stored as a bcrypt hash. A separate option will be added to open the server to outside connections or not and it will stay disabled by default, as it currently is, to avoid exposing users exposing their projects to the Internet accidentally.

Authentication options

A server owner will be able to enable various login options:

Temporary login: Clients can enter an available guest username, the account will be tagged visually as guest and will automatically expire after an hour. No one can log in to it without the session key.

Local password: Clients can choose an available username and a password. We should mention in the UI that a unique password should be used. The server will store a bcrypt hash of the user's password. They can also upload a profile picture.

Login with external service: Using OAuth, server owners can setup authentication with GitHub, Twitter or whatever other service they want. It is up to the server owner to setup an OAuth id/secret on the external service and fill them in the server config. After logging in with the service, the client will have still provide a local username (though the field can be pre-filled with the one from the external service used to log in). The OAuth-provided profile picture will automatically be used.

Each user account will be stored in a users folder, with the username as the folder name.
It will contain an auth.json that looks something like this:

{
  "auth": {
    "guest": { "expires": "some timestamp" },
    "local": { "passwordHash": "some bcrypt hash" },
    "github or twitter or whatever": {
      "token": "oauth token",
      "pictureURL": "url"
    },
    /* etc. */
  },
  "picture": "url of the active picture if any, otherwise it'll automatically use the local one"
}

We'll store a local picture.png file in the same folder if the user uploads one.

QUESTION: The primary key for the user account would then be its username. Is that a bad thing? Do we care about renaming accounts on servers? If so, where will we reference user accounts in Superpowers? do we need to have a never-changing user ID instead?

Access rights

The server can have one of several default settings:

• No access to anything (not even the list of projects)
• Read-only access to every project
• Read/write access to every project for everyone (does not apply to temporary logins)

Each user can then have custom access rights for each project. That information should be stored in the user's folder, not in project's folder, to avoid versioning it accidentally.

User settings

User settings will be stored in localStorage. Each namespace (similar to resource IDs) will be stored as a separate key, something like superpowers.textEditor. It should have a format version for migration.

Editors interested should subscribe to localStorage events and react to changes as needed.

Each settings tool plugin will be able to add a user-specific section for user-specific settings.

In the browser, the settings tool will provide buttons to import and export user settings as a JSON file.

In the app, the launcher will provide those buttons in the settings instead. The settings tool of a project will notify Electron of changes to the settings so that it can keep the global copy updated and update the localStorage of other origins currently open. And it will update it when opening a server, too.

The as operator is more readable and it's the recommended operator going forward because of clashes with JSX syntax.

Like #14, this is an easy but somewhat menial task that might take a while so feel free to do a couple files at a time if you want to get started contributing!

See microsoft/TypeScript#3564 and https://facebook.github.io/react/docs/jsx-in-depth.html

Unable to publish games using the one-click Publish project button located in the top-left corner.
Application exit, then system alert raised: "Superpowers quit unexpectedly."
OSX 10.11.2

We're using lodash 1.x for some stuff which is deprecated, we should be using lodash 4.x, maybe even only import or install the modules we actually need since it's been modularized.

Updated npm to latest version

https://gist.github.com/zacharycarter/b4fe815e68bbb42871fd

node server init $SYSTEM_ID is a new command for generating a system skeleton for developers.

• Add support for generating plugin skeleton with node server init $SYSTEM_ID:$PLUGIN_AUTHOR/$PLUGIN_NAME
• Allow adding the common plugins submodule with --add-common maybe?

That would make it very easy to join a server through the app.

From Gitter:

We could use Electron to register a custom protocol: https://github.com/atom/electron/blob/master/docs/api/protocol.md
and then links like superpowers://1.2.3.4:4237/ could work?
with a redirect service so that it links in most chats: something like http://server.superpowers-html5.com/1.2.3.4/4237 that redirect to superpowers://1.2.3.4:4237/

And if the superpowers:// doesn't open the app, the page could still offer to connect directly through the browser. Best of both worlds!

We should load/migrate one project at a time so that if one crashes, others aren't affected

One should be able to upload a project ZIP file to a server from the server hub and have it be unzipped and loaded automatically. Also an option to import from URL.

Support 32-bits linux?

When starting a server and double clicking to open it you are presented with a screen where you type your username. I typed d-Pixie, as usual, and saw something flicker when I pressed enter just to find myself back at the same screen.

After a while I tried without the hyphen and that worked. But I would expect an invalid username to give a message to that effect so I knew what to fix :)

I'm on OS X El Capitan running v0.18.1

GIF representation of the Problem: https://gfycat.com/QuaintArcticHoki

Two finger swipe on Apple Magic Trackpad emulates mouse wheel's up and down movement. Zoomable editor screens moves too fast in and out if you use a Magic Trackpad. No superpowers with a Magic Trackpad, in other words, it's like kryptonite :)

I'm willing to find a solution but I don't know where to look in the code... any suggestions? This may be a Chromium problem though it feels better in Google Chrome Canary and worst in Electron. If this is a problem out of our reach... I mean, I wouldn't want to mess with Chromium code...

Could you please introduce an alternative control scheme for zooming in an out? Like: cmd + plus and cmd + minus.

runtime.js:1394 Uncaught TypeError: Failed to construct 'ImageData': Illegal constructor

var imageData = new ImageData(new Uint8ClampedArray(map), data.textureWidth, data.textureHeight);

I am using node-webkit to run a simple test game, after publishing it it won't run. seems to work fine in the editor though i haven't taken a look. but i thought i would put this here for now

There should be a funnel button next to the search button that toggles a panel (below the asset management buttons but above the asset tree) with an icon for every asset type.

• Clicking on one of them filters the whole tree to display only that type of asset
• Right-clicking on one of them would enable/disable it (multiples can be active at once)
• There would be a "reset" button as the first icon that enables all the icons

This seems to be an Electron bug. Updating to 0.36 might just fix it. Otherwise we'll have to dig deeper.

Workaround for now: Use the 32-bit of Superpowers, with Electron 32-bit!

its not really an issue, more like an "help" (im sorry if this isnt the right place for it)
i want re use my own project code on super powers but its in javascript, and i didn't figure out how to mix javascript with TS, acording to microsoft any javascript code should be an valid typescript code, but when i try an simple alert or console.log test i got errors, even microsoft typescript "helloworld" don't work.

im not sure but i guess the syntax highlight and compiler is only checking for typescript code instead of acept both js and js?

i can port my own code to typescript, but thirdyparty libraries that im using would be PITS

Both in superpowers and superpowers-game, we have various error messages sent by the server through callbacks that haven't been internationalized.

A couple examples:

• RemoteProjectClient.ts
• RemoteHubClient.ts
• SceneAsset in SupGame and most of the other asset classes

They should be replaced by localization IDs ("namespace:some.key"), added to the locale files and the client should run the IDs through SupClient.i18n.t(...). Even better, it should enclose them in a descriptive string like Could not create project: ${reason} which should itself be locazlized.

The localized reasons should be full sentences (maybe multiple) so they should end with a full stop.

Hello,

I just downloaded your first release for linux 64, and there's a problem for the translation of the "cancel" button when I click on "Add Server" (see screenshot)

I looked into "locales" in your repo, there's the translation. So, it's strange^^

Regards,
Peekmo

Just ran into this problem on Fedora/CentOS. Workaround is to create the directory manually. Something wrong with the mkdir code not creating the directory if it doesn't already exist?

Using data from /root/.local/share/Superpowers.
/root/superpowers-0.18.1-linux-x64/resources/app/server/paths.js:47
throw err;
^

Error: ENOENT: no such file or directory, mkdir '/root/.local/share/Superpowers'
at Error (native)
at Object.fs.mkdirSync (fs.js:794:18)
at Object. (/root/superpowers-0.18.1-linux-x64/resources/app/server/paths.js:43:8)
at Module._compile (module.js:435:26)
at Object.Module._extensions..js (module.js:442:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:313:12)
at Module.require (module.js:366:17)
at require (module.js:385:17)
at Object. (/root/superpowers-0.18.1-linux-x64/resources/app/server/index.js:8:13)

We should have a "Connecting..." indicator while everything is being fetched. This will prevent having the password field appear randomly while the user is typing their username, especially on slow connections to a remote server.

The relevant folder is client/src/login

If you want to help but need guidance, feel free to ask! http://docs.superpowers-html5.com/en/development/how-to-contribute

I'm not sure if the Documentation window is where I'm supposed to write documentation for my project or if it's supposed to be documentation on how to use Superpowers, but either way something about it is broken.

I just see a blank window with a grey sidebar. I can't edit or change anything there, so right now it's pretty useless.

Mac, Yosemite, 10.10.4

"Energy Impact: A relative measure of the current energy consumption of the app. Lower numbers are better."

"The Energy tab of Activity Monitor displays the Energy Impact of each open app based on a number of factors including CPU usage, network traffic, disk activity and more. The higher the number, the more impact an app has on battery power."

Source

...

Scene Editor's "energy impact" value can quickly go over 100 and heat the computer then all the fans fires up to cool down. If you close the Scene Editor tab, everything goes back to normal. I've never seen this before, even hungry apps usually impact around max 30-40 for a very short amount of time.

Other Superpowers editors have considerably low energy impact on my computer.

For comparison...

JetBrains' Webstorm example:

• Webstorm window is focused.
• 3 tabs are open.
• The program is IDLE...

Energy impact is around 6-7.

Superpowers example:

• The window is focused.
• 4 tabs are open.
  • One tab is Scene Editor tab but not the active one.
• The program is IDLE...

Energy impact is around 22-27.

I closed the Scene Editor tab... Energy impact immediately dropped down to 4-6.

There's something wrong with Scene Editor and this is bad because it would drain laptop batteries quickly.