Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Niko
    @nikodunk

    And then you can get a Quill object to save as a string to your postgres-like database with

    let richtextFromRoom = await y.share.richtext.toDelta(); 
    saveToPostgres(richtextFromRoom);

    (I do the above every time a user leaves a room or disconnects).

    Niko
    @nikodunk
    Later if your server comes back up and the room is empty, simply get the object back from the database and put it back into the room with
    let save = loadfromPostgres(room)
    y.share.richtext.applyDelta({ops: save})
    Renie Ravin
    @renieravin
    @dmonad Thank you for Yjs! I have a question about granting a user read-only access. Does that functionality exist in v13?
    Callum Atwal
    @callum-atwal
    Hi all, how is it possible to get a CodeMirror example working using WebRTC instead of WebSockets?
    This is my first node project I'm doing, still trying to get my head around it all. I have a project which requires the dependencies yjs, y-webrtc and y-codemirror
    Kevin Jahns
    @dmonad
    Hi @renieravin , there is no functionality that enforces that a Yjs document is not modified. But you can enforce that a client does not receive messages from an unautorized user. This is part of the connector. y-websocket has such functionality, but you would need to modify the server a bit to make it work. I recommend that authentication happens before accepting the websocket connection - I made a marker here: https://github.com/yjs/y-websocket/blob/69c770174158ade76d23fe81443d7950a796d778/bin/server.js#L21
    Kevin Jahns
    @dmonad
    Welcome @callum-atwal Yeah that's possible, you simply need to exchange the connector. You should check out y-webrtc. It currently only works in v12 of Yjs. I'm currently working on a fork for v13 (the current version).
    Kevin Jahns
    @dmonad
    Hey @callum-atwal . Here is an update on y-webrtc: Today I took some time and polished and pushed a new version of y-webrtc. There is some documentation here https://github.com/y-js/y-webrtc
    The new y-webrtc connector, that is compatible with v13, implements a simple signalling server that should be easy to re-implement in other languages. Also I published several signalling servers that you can use for free. In the next few days I also want to implement password protection for webrtc rooms.
    Callum Atwal
    @callum-atwal
    @dmonad brilliant! I'll be sure to check it out. Using yjs for my final year project!
    Kevin Jahns
    @dmonad
    Nice, good luck!
    FYI Yjs was actually my final year project :p
    I just continued to work on it for five more years ..
    Winston Fassett
    @WinstonFassett
    I got auth working a while back based on that marker in bin/server.js, but it's been a bit of a struggle and is still a bit of a mess. If anyone else has had any success I'd love to know what they did.
    One question is how do you authenticate? A cookie? A request parameter? Send the message on a socket? I went with an access_token querystring parameter (over SSL)
    the other thing I wasn't sure of is how to reject access. I tried closing/destroying/terminating the socket and it caused the browser to start spooling up infinite new websockets, so I set a 10s timeout before closing.
    also once I added this I started seeing server crashes caused by what I think was a memory leak
    here's the code I ended up with. apologies for the messiness. some of it may not be strictly necessary:
    server.on('upgrade', (request, socket, upgradeHead) => {
      var head = new Buffer(upgradeHead.length);
      upgradeHead.copy(head);
      upgradeHead = null
      // You may check auth of request here..
      // or check cookie here
      // console.log('CHECK AUTH', request.url, request.headers.cookie)
      /**
       * @param {any} ws
       */
      const handleAuth = async ws => {
        const parsed = url.parse(request.url, true)
        const access_token = parsed.query.access_token
        const docName = parsed.pathname
        // console.log('parsed', parsed)
        request.url = (parsed.origin||'') + docName
        const access = await verifyAccess(access_token, docName)
        const { user } = access
        if (user) {
          // console.log('connecting inner request url', request.url)
          request.user = user
          wss.emit('connection', ws, request)
          // release ref?
          socket.unref()
          socket = null
        }
        // if (true || request.headers.cookie.indexOf('tehsecretpassword')> -1) {
          // } 
        else {
          console.log('access denied', request.url)
          // socket.close();
          setTimeout(() => {
            socket.destroy();
            socket = null;
          }, 10000)
          // socket.close()
          // socket.terminate()
          return;
        }
      }
      wss.handleUpgrade(request, socket, head, handleAuth)
    })
    Winston Fassett
    @WinstonFassett
    oh and as you can see I also had to modify the request.url to remove the access key so that YJS doesn't think it's part of the doc name
    Winston Fassett
    @WinstonFassett
    @dmonad I'm excited about trying the webrtc connector, though I haven't done webrtc before. I was wondering, and sorry if this is a naive question, why is crypto needed? I thought webrtc already had some sort of crypto bindings
    Kevin Jahns
    @dmonad
    @WinstonFassett Thanks for the feedback on the authentication method. I will look into it. I guess a client shouldn't try to reconnect after auth has been rejected. And the server should properly close the connection (I thought that this would be handled by the http module). I opened a ticket for this yjs/y-websocket#7
    Kevin Jahns
    @dmonad
    Regarding y-webrtc: You are right that webrtc connections are always encrypted (by web standard). But unless you trust the signaling server, webrtc is still vulnerable to man-in-the middle attacks. With y-webrtc, you can perform signaling handshakes over untrusted signaling servers. The crypto module encrypts signaling data that is sent over the signaling server so that only users with the shared secret can connect with each other.
    Kevin Jahns
    @dmonad

    As for the method how you authenticate over y-websocket: I think the best method to authenticate is before you create the actual websocket connection. This way you can really make sure that no data is shared with unauthenticated clients. If you want to authenticate over a message via the websocket connection you would need to adapt the connection protocol and make sure that unauthorized clients don't receive any data.

    I recommend to authenticate via request header or cookies. In general, you should avoid to authenticate via request parameters. Request parameters are often visible in the server logs and accessible by people who shouldn't have access to personal user data. Request headers and cookies are (presumptuously) always the better choice for sharing user secrets.

    Winston Fassett
    @WinstonFassett
    Yes my first choice was to use a header for auth, but I was unable to get it to work in the browser even using a protocol header hack that was supposed to work (I was using Chrome, which apparently strips security headers). Similarly basic auth didn't work. Querystring parameter and cookie both worked. Incidentally, the feathers-js API server I'm using for REST can also do websockets pretty well. When enabled it will use messages for auth rather than any of the mechanisms I just described. I lean towards that approach but don't see a good way to implement it with YJS.
    Kevin Jahns
    @dmonad

    That's a good point. I expected that headers should work because websockets are just http requests. Also the ws package (native nodejs) supports headers.

    I will rethink this approach then. In this case you are right that we should probably go for authentication via a websocket message. I opened a ticket for this yjs/y-websocket#8

    Harrison Lo
    @harrisonlo
    Hi all, I just discovered yjs today, watched the interviews, and thought the whole work is really interesting!
    rafeautie
    @rafeautie
    @dmonad Are you working on an ace binding for v13? I would love to help and talk to you about where to start
    Kevin Jahns
    @dmonad
    @harrisonlo Thanks :)
    Hey @rafeautie I think I have an unfinished version lying around somewhere. I'll push to https://github.com/yjs/y-ace and then you can have a look at it if you want
    rafeautie
    @rafeautie
    @dmonad Sounds good! cant wait
    Callum Atwal
    @callum-atwal
    Hey all, I decided to restart my project but instead using Angular for the frontend. I'm having a little trouble (which I think is a minor one). I've installed the yjs, y-codemirror, y-websocket and codemirror packages in npm. They exist in the package.json and my IDE doesn't complain they do not exist/not found. When I go to create a Y.Doc() instance, it tells me (on runtime in angular) that .Doc is not a constructor. Please see these images
    image.png
    image.png
    (I think this is more a Angular question, however was just hoping someone in here could field the question before I turn to Stackoverflow or something) :D
    micrology
    @micrology
    @Callum I had a similar issue. If you simply install yjs using npm, you get an earlier version than the current one. Try re-installing, but getting yjs@13.0.0-103 This might help. (I don't whether there is an even more recent version).
    micrology
    @micrology
    I'm developing an app that uses yjs and vis-network graph visualisation (watch this space for a submission as a yjs demo). While developing it and testing it, lots of test data was inserted into y.Doc, and now I want to start afresh, with an empty Doc. But I haven't found a method to do this (e.g. a destroy method). Note that I don't want to delete the structs/records (which would just mark them as deleted), but to go bak to the state where the Doc was just initialised. I'm using the standard WebsocketProvider and yjs v13. On a related issue, I am not clear where the y.Doc is stored (in the browser? if so, where? Can I use DevTools to view it?).
    Callum Atwal
    @callum-atwal
    @micrology npm pulled through version "yjs@13.0.0-78" - dont think this is the issue
    Callum Atwal
    @callum-atwal
    I noticed by forcing it to install the 103 tagged version it is different
    however, lib0 is running into an error, cannot find module crypto. I've installed it seperately and it still cannot find it
    reverting back to 78 doesnt give the error
    image.png
    ^ was the error
    Callum Atwal
    @callum-atwal
    Forced it to use version 103 and was successful finally. @dmonad I've raised an issue on your lib0 repo as this was the issue for me - dmonad/lib0#2
    Kevin Jahns
    @dmonad
    Sorry for the recent issues. JavaScript bundlers are sometimes weird and I haven't tested the Angular bundler. I fixed these issues in lib0 v0.2.5. Please let me know if you find any more issues.
    Kevin Jahns
    @dmonad
    @micrology The Y.Doc is stored in the Y.Doc instance that you create. I.e. const ydoc = Y.Doc() . ydoc holds all the data. If you don't reference the doc anymore it is automatically garbage collected. But it is good practice to ydoc.destroy() to make sure that the data is really removed. But you must .destroy() the provider instances and the document bindings because they register event handlers.
    micrology
    @micrology
    Is there documentation or some hints anywhere about how to use y-leveldb with y-websocket-server for version 13 of yjs (there is for version 12 at https://github.com/yjs/y-leveldb, but this does not seem to apply to version 13)? Alternatively any other way of giving y-websocket-server persistence?
    micrology
    @micrology
    And another query: I am running y-websocket-server on a remote server (specifically, an AWS ECS virtual machine) and my yjs app disconnects and immediately reconnects exactly every 30 seconds. See log below. Is there a timeout I should be setting to avoid this?
    22:44:11: connected to room 342186106253552448544
    22:44:41: disconnected from room 342186106253552448544
    22:44:41: connected to room 342186106253552448544
    22:45:11: disconnected from room 342186106253552448544
    Topper Bowers
    @tobowers
    I'm having trouble using typescript - anyone solved that?
    I starrted an empty project and added the tsconfig.json options but still get a 'no types' error
    Boris Petrov
    @boris-petrov
    Is there a migration guide from v12 to v13?
    István Koren
    @istvank

    Hi, still got trouble with the bundler used in es-dev-server, it gives me

    Uncaught SyntaxError: The requested module '../isomorphic.js/iso.js' does not provide an export named 'default'

    I guess dmonad/isomorphic.js@0bee192 did intend to fix it, but it didn't. :(