Skip to content

Commit

Permalink
Release 1.2.7 - check_session_valid, Terms, More doc, jshint found a …
Browse files Browse the repository at this point in the history 
…lot of things I have fixed
  • Loading branch information
@peterlembke
peterlembke committed Feb 16, 2020
1 parent 90f9556 commit b07d112
Show file tree
Hide file tree
Showing 144 changed files with 1,488 additions and 2,411 deletions.
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ folder/db/*
*-test-php.json
*-test-js.json
/nbproject/private/
nbproject/*
nbproject/*
dox.zip
50 changes: 41 additions & 9 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,47 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]
Below is the aim for version 1.3.0
- infohub_audio - Using Howler to play sound.
- infohub_transfer, use sessions data
- infohub_session, Validate if session is still valid
- infohub_transfer, Incoming - if no session_id or wrong sign_code then restrict what messages are allowed
- If I am not logged in then show only the login plugin.
- Have logged in user_id available to all plugins
- Register sessions on user
- Infohub_Exchange must check if the plugin you send a message to is allowed
- Exchange check messages - Refuse messages that goes to a plugin I do not have right to.
- Outgoing package - Sign the package
- Incoming response package - Check sign code. Refuse query messages.
- Incoming query package - Check sign code.

## [1.2.7] - 2020-02-16
Code on [Github](https://github.com/peterlembke/infohub/releases/tag/v1.2.7)
Main focus in this release was to finish the login and sessions but I got side tracked and fixed a lot of other things. TERMS and jshint took my attention this time.

### Added
- TERMS.md - To follow if you want to display the Infohub TOS logo (future feature)
- folder/doc/design/ added documentation about design decisions.
- infohub_encrypt_none.md - New documentation
- infohub_encrypt_pgp.md - New documentation
- package.json - With parameters for JS hint
- infohub_login_login.js - Check if we already have a valid session before trying to login.
- infohub_session.js - Added initiator_check_session_valid
- infohub_session.php - Added responder_check_session_valid

### Changed
- folder/plugins/plugin/plugin.md - Improved documentation
- Infohub Login - Improved Swedish translations
- Infohub Contact - Improved Swedish translations
- On all JS plugins: Removed the usage of all ++ and --.
/jshint and put them in package.json instead.
- Added missing ; on rows in JS plugins. jshint helped me find them.
- On all JS plugins: Loops. Added check for hasOwnProperty
- Changed to dot notation ($withHeader['data'] to $withHeader.data) wherever jshint found them.
- jshint found and I removed initialization values that are never used.
- jshint found and I removed return value variables that are never used.
- Loop key variables should not be $i. I renamed some of them but there are many more to change later.
- There were still some "var" left that I changed to let or const.
- Refactored Infohub JS files: uuid, transfer, template, asset, base, render, markdown, launcher, markdown_own, demo_form2, checksum_personnummer, contact_client, compress, configlocal_allow, checksum_md5, cache, view,

### Removed
- On all JS plugins: Removed inline options for jslint
- On all JS plugins: Removed "use strict" from each function and set it on class level instead.
- Removed deprecated parameters on iframe: render_video,

### Fixed
- asset, Assigned a variable with === instead of =.

## [1.2.6] - 2020-02-02
Code on [Github](https://github.com/peterlembke/infohub/releases/tag/v1.2.6)
Expand All @@ -32,7 +65,6 @@ Main focus in this release was to finish the login and sessions but I got side t
- Render Document - Plugin got updated documentation
- Infohub_View - Fixed bugs in _GetBoxId


### Removed
- Code contained a lot of blocks with comments. Removed most of them.

Expand Down
153 changes: 153 additions & 0 deletions TERMS.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
# Terms of Infohub
These terms are based on the work made by [tosdr.org](https://tosdr.org/) and their [checklist](https://github.com/tosdr/tosdr.org/wiki/checklist).

The Infohub software is licensed under GNU GENERAL PUBLIC LICENSE Version 3. You can modify the software and use it however you want.

The branding "Applies to the Infohub terms" and/or the corresponding logo can only be used on the site if you the site owner apply to the terms in this document.

Created at: 2020-02-08 by Peter Lembke, Infohub
Updated at: 2020-02-08 by Peter Lembke, Infohub

## Words we use in this document
- **you** - that is you the responsible party for the site.
- **site** - That is the Infohub web site you are responsible for.
- **Infohub** - That is we that create the Infohub software.
- **Infohub software** - The software that you use on your site.
- **users** - Persons and other Infohub servers that you invite to login to your site.
- **we** - That is you and the people at Infohub and your users together.

## Does the service use first-party and/or third-party cookies?

Infohub never ever use ANY cookies on live sites. We are not allowed to add any cookies to Infohub on a live site.

While developing Infohub we use a debugging cookie so that xdebug and similar debug tools works during development.

If you see Infohub using any cookie then please report an issue on [Github](https://github.com/peterlembke/infohub/issues).

## Can they change the terms at any time?

Infohub can change the terms in this document at every new version of the Infohub software.

Old releases keep their terms.

The terms will not have a changelog. If you are interested then you can compare terms from different releases on Github.

The document has a date when it was first added and last modified by Infohub.

## Do they claim copyright (or what sort of license) over your content (where applicable)?

The very purpose of Infohub is to be a private place on the web. The data provided by users remain their own property.

## Do you have a right to leave the service?

Yes.

- The user can download private data.
- The user can delete private data.
- The user can delete its login account.

Infohub software provide the tools for this.
You the site owner must make these tools available to all users.

The user should not use site if this download tool is missing.

A person can not register or demand to become a user of the site. A person can be invited by the site owner to become a user of the site. The site owner can just as easy revoke the invitation.

## Can you export your data (where applicable)?

You as a site owner has no obligation to take backups or care for the user data. The user must take backups of its own data and make sure they can read the data themself.

Infohub software provide a data download tool for data added to the Tree plugin.

The site owner must make that tool available to all users.

If a user do not have that tool available then it is the users responsibility to not add any data to the site until the tool is available.

## How do they work with third parties (contractors they use)?

A 3rd party is every service that the Infohub software exchange data with that is not a user.

The Infohub software and the site owner can use any service from the server as long as it never ever share private user data in any way.

- Examples of allowed services: RSS, Yr.no
- Examples of prohibited practice: Scrape other sites pages.

One example that is prohibited is sending an email or SMS to a user. This is prohibited because there is a 3rd party involved and the user telephone/email address are then revealed.

The use of 3rd party client side services are prohibited because all data must go trough the server. We can not secure the client side if we do not know what code is running there.

Examples of prohibited services: Google maps, Spotify, Soundcloud, Open street map, Youtube, Vimeo, Daily motion. Also CDN services, iframes and files linked from any server.

It is the users responsibility to not use a site that provide client side 3rd party services.

The user must protect its data by using secure web browsers like Firefox, Safari, DuckDuckGo. And also be sure not to use browser plugins that leak data to 3rd party.

The Infohub software need to be on a private web server or at a web hosting company so the users can connect. You as a site owner is responsible for using https in your domain address. The user is responsible for not using a site that have issues with the certificate.

The site owner is not allowed to remove the client side scanner that detects possible data breaches.

## How do they work with government requests?

You as a site owner must apply to the laws of your country.

If a site owner can not protect the anonymity and privacy of the site users the the site owner must delete all the users private data and the users login accounts and all database backups that contain private user data.

## How do they handle decisions about suspension of your account when they feel you breached the terms?

A person can only become a user by an invite from you the site owner. The site owner can at any time redraw the invite without having to give the user any reason. But it is always best to communicate human to human before doing this.

Examples of reasons could be that the user have poor security on its computer, browser, browser plugins. Have shared the login credentials with others. Have uploaded more material than agreed on. Have not logged in to the site for a month. Have done manipulations to the client side code.

If you as a site owner do not want a specific user on your site then mark the user as "You got two weeks notice to move from this site and then you will be automatically deleted".

The Infohub software will refuse the user to save any more data to the server Storage.

The Infohub software show a message to the user when the user login. The user can download its private data and delete the account.

The user can later find another Infohub home to use and upload the data there.

After the time period the Infohub software will delete the user private data and the user account.

The delete will occur regardless if the user have seen the message or not and regardless if the user have downloaded its data or not.

There might be a situation where an older database backup have to be restored on the site and a user account are accidentally restored. That account will then be deleted by the Infohub software at the next clean out.

If the privacy of the site have been breached then the site owner might delete all user accounts and all user data without any notice to protect everyones privacy.

## Do they (try to) prohibit you from going to court against them?

If you as a site owner want to go to court and sue Infohub then please do.
The Infohub Software is GNU GPL 3 and we operate in Sweden.

If the user want to sue you as a site owner the please do.
The user is obligated to have read the TERMS.md and know about who is responsible for what.

In any case it is always best to resolve issues human to human before going further.

## What happens to your data when they get acquired or when they shut down the service?

It is the users responsibility to regularly use the data download tool to have a copy of the own data.

It is the users responsibility to have a working copy of its encryption key.

You the site owner that "Applies to the Infohub terms" must check with the site buyer if they intend to continue with "Applies to the Infohub terms" or not. If the new owner will apply then you only need to change the responsible persons name so all users can see that.

If the new owner will not apply to the terms then you must mark all users with "New owner will not apply to the Infohub terms".

The users then have two weeks notice to accept the new owner by marking that. Or their account will be deleted.

The user can download its data before the account is deleted.

If you will shut down the site then it would be nice to give the users a two weeks notice before the users and their data are automatically deleted.

## How long do they keep your private data and what do they use it for?

The user private data are encrypted with a key that only the user have. The encrypted private data might be saved on the server database. The server database might get a backup made by the site owner or by the web hosting company.

The site owner should make a statement about the backup strategy and also check with the hosting company how their backups work and relay that information to the user.
Should is not a must.

The site owner should also make a statement on how the backups are stored and have a plan so that there is no risk of exposing the backups to others.
Should is not a must.

The user should only use sites that can tell what backup strategy they are following.
76 changes: 76 additions & 0 deletions folder/doc/design/client/classes/design_client_classes.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# Design Client - Classes
Design decisions when creating the Infohub Javascript client.

## Classes
ES6, also known as ECMAScript2015, introduced classes.
Infohub design has evolved since 2010. Back then there were no classes.
But we can change that if classes are good enough in Javascript.

Read more at [W3Schools](https://www.w3schools.com/js/js_classes.asp) and at [sitepoint](https://www.sitepoint.com/javascript-private-class-fields/).

## Requirements of a class
* A class can inherit the Base class
* A class can have private properties
* A class can have public and private methods
* You can override a function in the Base class
* The syntax is clear and logical

### A class need to inherit the Base class
This requirement is fulfilled.
```javascript
class Human extends Animal {}
```

### A class can have private properties
The brand new ES2019 allow you to have private properties in a class. You can put a # in front of a property to make it private.
But it is way to early to use. See [CanIUse](https://caniuse.com/#search=private).
The syntax looks like this:
```javascript
class MyClass {
// private property
#x = 0;
}
```

### A class can have public and private methods
Public methods were introduced in ES6.
The brand new ES2019 do not allow # to be used on methods. There is no way to have private methods.
There is a proposal to use this syntax in the future:
```javascript
class MyClass {
// private method (can only be called within the class)
#incX() {
this.#x = this.#x + 1;
}
}
```

### You can override a function in the Base class
Yes that is possible. You can even call the parent function.
```javascript
class Human extends Animal {
// override Animal.speak
speak(to) {
super.speak();
if (to) {
console.log("to = " + to);
}
}
}
```

## Conclusion
The class concept in Javascript is crude and lack basic features. It is also not implemented in all common browsers.
The use of # is ugly but that is besides the point.

If the class concept evolve in the future and all criteria are met then it would be possible to support classes in new plugins.

For now I will continue with the current plugin structure.

# License
This documentation is copyright (C) 2020 Peter Lembke.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
You should have received a copy of the GNU Free Documentation License along with this documentation. If not, see [https://www.gnu.org/licenses/](https://www.gnu.org/licenses/).

Created 2020-02-15 by Peter Lembke
Updated 2020-02-15 by Peter Lembke
10 changes: 10 additions & 0 deletions folder/doc/design/client/design_client.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Design Client
Design decisions when creating the Infohub Javascript client.

# License
This documentation is copyright (C) 2020 Peter Lembke.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
You should have received a copy of the GNU Free Documentation License along with this documentation. If not, see [https://www.gnu.org/licenses/](https://www.gnu.org/licenses/).

Created 2020-02-15 by Peter Lembke
Updated 2020-02-15 by Peter Lembke
10 changes: 10 additions & 0 deletions folder/doc/design/design.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Design
Design decisions when creating Infohub.

# License
This documentation is copyright (C) 2020 Peter Lembke.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
You should have received a copy of the GNU Free Documentation License along with this documentation. If not, see [https://www.gnu.org/licenses/](https://www.gnu.org/licenses/).

Created 2020-02-15 by Peter Lembke
Updated 2020-02-15 by Peter Lembke
Loading

0 comments on commit b07d112

Please sign in to comment.