[Feature] XMPP javascript client plus ruby (vines) server #5073
Conversation
|
Okay, my first issue with this: it's too big. I see two things to do to greatly reduce the size of the PR which means it'll be much much easier to review, it won't bloat the repo and codebase as much and it'll be much much easier to maintain. First, make use of the vines gem. If that's for some reason impossible, make a fork of the gem and publish that. We can totally talk about adding a diaspora/vines repository for that. The second thing is to make a Bower package for Jappix mini. That allows to pull it in as a gem via Rails assets. Here again we can totally talk about a diaspora/bower-jappix-mini repository. |
|
|
||
| ## You have a custom XMPP server running? | ||
| ## Then you can disable the internal server here: | ||
| server: true |
There was a problem hiding this comment.
Only add commented examples, defaults go into config/defaults.yml
|
@jhass agree. I already created and used https://rubygems.org/gems/diaspora-vines . I was not sure what the best way would be.. that was a 50:50 chance .. and I took the wrong. Regarding bower, I was not aware of that. I will clean the PR up asap. |
This seems to be relevant to #4687 |
|
I had just prepared a dev environment and got myself qucik Ruby/ROR courses to implement chat. I was working on prosody with websocks (not BOSH), and was looking at using strophe.js to implement the chat. With websocks, there shouldn't be a need for a reverse proxy, right? Or did I misunderstand what you meant by reverse proxy? How can I help test this since my dev site is up and running? Mind you I'm a newbie with ROR and trying to get my feet wet and will definitely be asking dumb questions. |
|
@ominds : No, that is a general problem (more a security aspect then a problem). If you load from a secure connection un-encrypted content (see mixed content). |
|
@jhass : the problem with bower is : is css files are packaged in a bower package with all tha jappix files, how could I use the inheritance capacity of SCSS to make the UI consistent with the D* design, since the stylesheets aren't in the same directory ? |
|
I'd rather like to see overrides (see CSS specificity), that'll be much easier to maintain. |
|
I might be a possibility, but a CSS file standing anlone in the middle of others and related to no specific file other than this package's, it would be awkward, no ? |
|
@jhass do you think a proxy for mixed content would be merged? If so, I'd start working on this issue. |
|
I don't know. I've no doubts about support for being able to use such a thing, but it should be entirely optional IMO. |
|
I'll move the
We should move that to an official repo later! |
| if [ "$chat" = "true" ] && [ "$chat_server" = "true" ] | ||
| then | ||
| xmpp="xmpp=1," | ||
| if [ "$chat_bosh_url" = "" ] |
There was a problem hiding this comment.
and ssl is true
|
A quick q, during my checks on prosody I found two ways for communication. Via bosh and via websockets which is more efficient and solves the cross-domain issues. Is there some reason why bosh was chosen here? Here's the draft spec, it's implemented by many XMPP servers http://tools.ietf.org/html/draft-ietf-xmpp-websocket-07 Also, how are you handling the cross-domain issue. CORS? |
|
@ominds do not mix "cross-domain" with "mixed-content" and with websockets it seams to be the same if you connect from a secure to an unsecure connection:
Which really makes sense cause it is a security aspect. |
|
@zauberstuhl I understand the difference. mixed-content happens when a secure page contains resources from insecure pages (images, etc). Cross domain is the restriction for communication between different domains via XHR calls. I was just wondering why you went with BOSH rather than websockets which are both supported by most XMPP servers. Websockets being better in performance. |
Please change the hompage link to your repo or diasporafoundation.org. |
|
I have some concerns about the Jappix Mini code. I'd like to implements a few features and fix some issues on Jappix Mini but this would require to deeply modify the Jappix Mini Origina code. I wanted to know any element could interfere with these plans ? |
|
I'd still like to see that as a fork and maintained in a separate repository, maybe we can eventually even upstream some of these changes. |
|
Sorry, I don't understand what you mean. A fork of what ? Jappi Mini ? Maintained in a searate repository from... ? |
|
Yes, a fork of Jappix Mini, maintained in a separate repository from the one this PR goes to ;) Probably also a separate bower package then to make clear to others that it's a modified version. |
|
Oh yes ! Well Zauberstuhl did a bower package. |
|
Yeah, keeping the license will cause the least headaches. I still would look into at least renaming that package though. |
|
Into what ? bower-jappixmini-diaspora ? |
|
For example, just making sure this is not simply a packaged upstream. |
|
Ok, we are going to do it. Thanks for the advice. |
|
I pulled this and started the server, it seems vines is started, but there's nothing in the UI for chat. Sorry if this is a newbie question but I'm very new to ROR. Is there something else I should be doing to see chat running? |
|
@ominds you executed bundler after pulling? |
On default none is permitted to chat with you. You have to set extra privilege for an aspect.
* create a new token on a new session * delete the current token on session exit
* add to contacts header for later modification * add to aspect creation box
* add jsxc helper file
If you try to connect from a secure connection to a insecure connection; Most modern browser block the request and flag it as mixed-content.
|
I cleaned up. I am not sure why is still failing it works for me locally. |
|
Implementing OTR is best left to a browser extension or native client because if the javascript is served by the pod it is trivial to serve malicious js to extract your password/private key. You shouldn't give people a false sense of security. Maybe some sort of cryptocat integration could be investigated? [cryptocat itself used to have a web version that was vulnerable to this very attack which is why they moved to browser extensions and native apps]. |
|
Okay, let's break stuff. I'm merging this now to open it to a wider test audience as well as to ease contribution and review of further development. I still consider this highly experimental and will revert the merge if there's any indication that it influences normal operation. |
[Feature] XMPP javascript client plus ruby (vines) server
|
Christmas came early!!! |
|
Great work @zauberstuhl and everybody involved!! |
|
Yeepee!! I think I'll wait ~one week before merging this in diaspora-fr, the database is too huge to be the first pod to add this. So other podmins running develop, please post your feedback! |
|
diaspora.yml indicates:
The url is not correct anymore. |
Open :
mixed content; writing reverse proxy for rails application?!using webserver as proxy solves it(to be extended)
I as a Pod Maintainer, what do I have to configure to make that work?
That was the magic!
Your XMPP server sucks! I have my own already running!
How can I add user/friends to my contact list?!
Diaspora has standards like XMPP presence:
Jappix is only displaying "online" contacts and you can see the presence of the contact if you and your contact are sharing (XMPP 'both')!
Everything written underlib/vines*was forked from https://github.com/negativecode/vinesexcept for
lib/vines/storage/diaspora.rband some minor tweaks on the configuration processWe moved the xmpp server to a extra location.