Problem: When we use `ensureConnection()`, it doesn't have any handling
for when the database is being closed, and therefore can keep the
database up and running forever (which fails the tests).
Solution: Use `cooler.open()`, which has some database close handling
built in, and doesn't keep the tests open forever (causing them to time
out and fail).
Problem: Unfortunately `setImmediate()` doesn't actually ensure that
`server !== null`, so we can get fun race condition errors that have
been reported on Windows.
Solution: Replace `setImmediate()` hack with event emitter that actually
ensures that the server is listening (and hopefully isn't `null)`.
Fixes: https://github.com/fraction/oasis/issues/401
Problem: When proxying Oasis, the CSRF + DNS rebind security precautions
will respond with HTTP 400 if you use a hostname that Oasis doesn't
know about. For example, if Oasis is listening on `localhost` and you
use Caddy/Nginx/etc to proxy that to `oasis.example.com`, then Oasis
will see GET requests as DNS rebind attacks and POST requests as CSRF
attacks.
Solution: Add `--allow-host` command-line flag so that you can
`--allow-host oasis.example.com` and ensure that the host is allowed by
the security measures.
Problem: During a refactor the SSB connection management was changed to
be more conservative, so it only ensures that we have a connection once
the server is started. This isn't good, because it means `oasis
--no-open` no longer starts an SSB service in the background.
Solution: Run `ensureConnection()` to ensure that we have a connection
to the SSB service regardless of regardless of whether we've received
any requests over HTTP.
Problem: When replying to a private thread you only see the root post
because it's hiding all private comments. Instead, it should be hiding
all *encrypted* comments that we can't decrypt.
Solution: Use `isNotEncrypted()` instead of `isNotPrivate()`.
Problem: The Threads view advertises that it only shows public posts,
but is showing some private posts as well. This is not a security
concern, it's just a UI inconsistency.
Solution: Ensure that private posts are filtered from the view before
rendering. This also integrates a refactor that uses functions to check
for basic info like whether a message is a post, whether it's
encrypted/decrypted, whether it has a root, whether it has a fork, etc.
Problem: There's an intermittent test failure on Travis CI that seems on
only happen when we have two test suites. Since the lifecycle suite only
tests a subset of the basic test, we can safely remove it without
compromising any test coverage.
Solution: Remove the redundant lifecycle test and try not to think about
the problem too much. Maybe in the future when we need a second test
suite we can resolve this problem, or maybe the underlying bug will be
resolved downstream (e.g. https://github.com/tapjs/node-tap/pull/662),
but right now I think the benefits of "no intermittent test failures"
outweights the costs of "all tests must go in one file".
Problem: The Windows tests seem to be failing, it looks like a timeout
problem? Also there are a handful of debug statements around the code
that can be safely removed.
Solution: Double the timeout length and remove debug statements.
Problem: The test suite isn't closing the database because `app.close()`
only affects the HTTP server. This means that tests don't exit cleanly
and sockets remain open and all sorts of really fun stuff that we don't
want while writing tests.
Solution: Refactor `src/ssb.js` so that we can exit cleanly and have
less rope to hang ourselves with. Add a small lifecycle test that can
help us ensure that the bare minimum lifecycle events are working
correctly, plus now the previous tests are passing on my machine too.
Problem: ESLint and TypeScript help catch some types of regressions, but
they don't protect us against obvious stuff like "the server won't
start". This means that humans need to test a bunch of stuff manually,
and that can be really tedious and exhausting.
Solution: Yesterday someone invented this cool concept called "testing"
where you write automated tests for your software to ensure it actually
works the way you expect. It might have beeen invented before yesterday,
I don't know. Anyway, this solution adds a bunch of tests that send HTTP
GET requests to a bunch of endpoints to make sure the server is at least
returning HTTP 200 responses. It also fixes a race condition where HTTP
server was available before the readme / version strings were loaded.
Problem: I made a bad merge in 2836c80 which broke the server in some
environments. I had issues running the globablly installed binary,
whereas `npm start` seemed to work fine. Anyway, there's an error about
some missing config options because we weren't importing SSB-Config into
the server configuration. Instead, the full config was just:
```json
{ "conn": { "autostart": true } }
```
This lacks important properties like `shs`, which means that the server
can't start. Fun!
Solution: Pass SSB-Config first and then overlay our custom config on
top. I've also added comments and changed the variable names so that
this is harder to miss in the future.
Problem: Our dependencies are getting ahead of us!
Solution: Catch up with `npm update`. I think Markdown-It was the only
breaking change, and it didn't affect us.
Problem: Project root has a handful of files that aren't used at all or
could be placed elsewhere.
Solution: Delete unused files and move the changelog to the
documentation directory with the other Markdown files (other than the
readme, of course).
Problem: Footer buttons have the normal button background hover state
that makes them difficult to read. This was meant to be fixed in another
PR but I think I got the CSS order wrong.
Solution: Reorder the CSS hierarchy to fix the bug. For real this time.
- Instead of having a custom on hover effect, just add the Liked by
message to the title of the heart.
- When there are > 16 likes on a post, show +X more to convey this to
users.
Previous query incorrectly pulled and sorted posts, often showing years
old posts from newly followed people. This now behaves more consistently
as "recent threads from people in your extended network".
- Adds a hover popup that shows the names of everyone who liked a post
when hovering of the heart.
- Add new call to post.get that retrieves the names of all voters and
returns them instead of their ID's.
Christian Bundy
Nick Wynja
Sean Billig
Fred
Cinnamon
Nick Wynja
Tim Robinson
Jonathan Dahan