Really excited to open source this project. It currently needs all the new logos added, branding, cleanup, etc.
Note that the data subscription model is awful. I have since figured it out and built a new application called StarCommanderOnline.com which I will be releasing open source shortly as well.
Also a note that I’m not yet running a NodeJS server, just a quick cheat server with Apache and Passthrough. Will get the proper hosting setup this week. But I know people have been hungry to see this ACTUALLY go open source.
Didn’t look at the code but maybe he’s referring to the tokens you have publicly in GitHub (which most likely have been invalidated by now ).
I am building the same thing you are based on our existing community as a platform. We just did an MVP of a platform for community building so just to give my two cents, you probably want to move all your tokens / settings into an API and feed them from there to the client so you can handle everything dynamically (and don’t expose it on your repo).
The specific issues that I see at first glance are.
No SSL which means login tokens are sent in the open. It’s not a huge issue right now, but anyone on the same network could hijack your session.
The first one really doesn’t matter any way because the login tokens for other users are being published to the client.
The insecure package is still installed… I can literally add/edit/deleted anything I want.
The user.profile key is being used to store the profile without any kind of checking or schema applied. Even without the insecure package installed I could just write any kind of arbitrary data there.
I feel ya there… I’ve put thousands of hours into the Meteor Social Network space with very little outside help, all while watching people constantly fight through the same stuff I’ve already done for them .
Before advertising or going live, remove insecure package! Insecure description:
Allow almost all collection methods, such as insert, update, and remove, to be called from the client. This package is useful for prototyping an app without worrying about database permissions, but should be removed as soon as the app needs to restrict database access.
Also, run it in some production environment, not development
@copleykj It makes sense that since my source code is super insecure, that rather than porting my code over to a secure Meteor method, to migrate to your social packages.
This is one of the best use cases for the packages. Plug them in, hydrate an interface and you’ve got a secure social application in like 1/10th the time
I’m not sure about best friends… That’s a highly sought after title. My wife and my code editor are currently involved in an epic battle over it, you can jump in if you’re feeling lucky though.
In all seriousness though, I would love to see all of the packages used more often rather than people spending all the extra time recreating the same functionality, worrying about security, data structure, best practices and scalability. I’d much rather see people use the packages and take all the time they saved by doing so, and put it into making their product that much more awesome.
@copleykj, I installed your meteor app and it worked superbly, well done!
Still struggling to find a way to link people to each other (i.e. friends) … if you have insight, would be great.
Then we’ll start brainstorming ideas to collaborate (if you want). Are you using your packages in production yet? I am asking to see if there is incentive for on-going development
This is one of the reasons I haven’t published this to a server yet, it needs a way to discover other users. If you know the username of another user, you can type the url to a users profile in the address bar {origin}/profile/username and then you can initiate a friend request from there.
I’m more than happy to collaborate. I don’t have anything in production at the moment which is using the packages. There is definitely incentive for ongoing development. I’m in the process of porting all of the packages to NPM for use with React Native and once that is finished I would really love to see a RN demo app that connects to the Meteor demo.
@SkyRooms, to be honest I expect we will likely need to customize the front-end based on user needs.
@copleykj, thanks so much, we’ll start diving into the code. What would make sense is a search (like in FB). And then a friend request is made. If it’s not in production, can I ask your incentive? Don’t mean to be prying, gives us insight – especially that good development is expensive and it looks like it was well thought-out.
Some of the packages started out as part of the codebase for a contracted app that I started and never received payment for. Back then we had the meteor-talk google group instead of these awesome forums , and one day a message came across my inbox about friends / requests in meteor from meteor-talk and I thought, hey, I got this code here that’s looking like I’m not going to get paid for, why don’t I put it into a package and let people get some use out of it. The rest of the packages followed and it’s sort of been a labor of love ever since.
Not sure if anyone is interested, but the packages for use with React-Native are being slowly released under the @socialize namespace on NPM, and the development work is being done on the feature/react-native branches of each package.
Edit:
Just in case anyone tries to use the packages, you may run into an issue with the simpl-schema package being recompiled by metro. I waiting on @aldeed to merge #246 to fix #244, until then you can clone my fork and use whackage to link it to your project.
).
.
, and one day a message came across my inbox about friends / requests in meteor from meteor-talk and I thought, hey, I got this code here that’s looking like I’m not going to get paid for, why don’t I put it into a package and let people get some use out of it. The rest of the packages followed and it’s sort of been a labor of love ever since.