WeSaga.com just went Open Source (Skyrooms)

Main Production Website




Really excited to open source this project. It currently needs all the new logos added, branding, cleanup, etc.

Note that the data subscription model is awful. I have since figured it out and built a new application called StarCommanderOnline.com which I will be releasing open source shortly as well.

Let’s kill Facebook.

Also a note that I’m not yet running a NodeJS server, just a quick cheat server with Apache and Passthrough. Will get the proper hosting setup this week. But I know people have been hungry to see this ACTUALLY go open source.


Not to alarm you or anything, but you’ve got some pretty serious security holes.

Didn’t look at the code but maybe he’s referring to the tokens you have publicly in GitHub (which most likely have been invalidated by now :wink: ).

I am building the same thing you are based on our existing community as a platform. We just did an MVP of a platform for community building so just to give my two cents, you probably want to move all your tokens / settings into an API and feed them from there to the client so you can handle everything dynamically (and don’t expose it on your repo).

No, I haven’t explored the repo yet.

The specific issues that I see at first glance are.

  1. No SSL which means login tokens are sent in the open. It’s not a huge issue right now, but anyone on the same network could hijack your session.

  2. The first one really doesn’t matter any way because the login tokens for other users are being published to the client.

  3. The insecure package is still installed… I can literally add/edit/deleted anything I want.

  4. The user.profile key is being used to store the profile without any kind of checking or schema applied. Even without the insecure package installed I could just write any kind of arbitrary data there.


Yes, it was my first Meteor project. My second one is patched up. I have a GitHub issue to track this.

I legit just moved this from private to public – not super worried about it either, as I sincerely doubt any one will ever submit a patch anyway.

1 Like

I feel ya there… I’ve put thousands of hours into the Meteor Social Network space with very little outside help, all while watching people constantly fight through the same stuff I’ve already done for them :joy:.

1 Like

I looked. I tried.

The problem was I was new to Meteor and barely understood collections.

Before advertising or going live, remove insecure package! Insecure description:

Allow almost all collection methods, such as insert, update, and remove, to be called from the client. This package is useful for prototyping an app without worrying about database permissions, but should be removed as soon as the app needs to restrict database access.

Also, run it in some production environment, not development :slight_smile:

@copleykj It makes sense that since my source code is super insecure, that rather than porting my code over to a secure Meteor method, to migrate to your social packages.

I’ll front end for your back end.

Did we just be come best friends?

This is one of the best use cases for the packages. Plug them in, hydrate an interface and you’ve got a secure social application in like 1/10th the time :slight_smile:

1 Like

Woah, at least take me on a date first! :blush:

I’m not sure about best friends… That’s a highly sought after title. My wife and my code editor are currently involved in an epic battle over it, you can jump in if you’re feeling lucky though.

In all seriousness though, I would love to see all of the packages used more often rather than people spending all the extra time recreating the same functionality, worrying about security, data structure, best practices and scalability. I’d much rather see people use the packages and take all the time they saved by doing so, and put it into making their product that much more awesome.


Yeah like I said, I had tried – but it was above my head at the time.

I’m going to try integrating a package today, will report back.

@copleykj, I installed your meteor app and it worked superbly, well done!

Still struggling to find a way to link people to each other (i.e. friends) … if you have insight, would be great.

Then we’ll start brainstorming ideas to collaborate (if you want). Are you using your packages in production yet? I am asking to see if there is incentive for on-going development

Awesome, and thanks! :slight_smile:

This is one of the reasons I haven’t published this to a server yet, it needs a way to discover other users. If you know the username of another user, you can type the url to a users profile in the address bar {origin}/profile/username and then you can initiate a friend request from there.

I’m more than happy to collaborate. I don’t have anything in production at the moment which is using the packages. There is definitely incentive for ongoing development. I’m in the process of porting all of the packages to NPM for use with React Native and once that is finished I would really love to see a RN demo app that connects to the Meteor demo.

So if you guys work on the packages, can we use this WeSaga as a frontend to glue it all together?

@SkyRooms, to be honest I expect we will likely need to customize the front-end based on user needs.

@copleykj, thanks so much, we’ll start diving into the code. What would make sense is a search (like in FB). And then a friend request is made. If it’s not in production, can I ask your incentive? Don’t mean to be prying, gives us insight :slight_smile: – especially that good development is expensive and it looks like it was well thought-out.

Some of the packages started out as part of the codebase for a contracted app that I started and never received payment for. Back then we had the meteor-talk google group instead of these awesome forums :smile:, and one day a message came across my inbox about friends / requests in meteor from meteor-talk and I thought, hey, I got this code here that’s looking like I’m not going to get paid for, why don’t I put it into a package and let people get some use out of it. The rest of the packages followed and it’s sort of been a labor of love ever since.

meteor-talk link for reference: https://groups.google.com/forum/#!msg/meteor-talk/_asXbuW_PZI/6_f3g_qwoCMJ

1 Like

Not sure if anyone is interested, but the packages for use with React-Native are being slowly released under the @socialize namespace on NPM, and the development work is being done on the feature/react-native branches of each package.


Just in case anyone tries to use the packages, you may run into an issue with the simpl-schema package being recompiled by metro. I waiting on @aldeed to merge #246 to fix #244, until then you can clone my fork and use whackage to link it to your project.