Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
  • 02:57
    bmatusiak commented #1239
  • 02:42
    bmatusiak opened #1239
  • 00:14

    amark on master

    prepare to sync gun lib unbuild… (compare)

  • 00:14
    amark closed #1237
  • 00:14
    amark commented #1237
  • May 23 15:55
    draeder updated the wiki
  • May 22 14:36
    igormuba opened #1238
  • May 22 12:04
    bmatusiak opened #1237
  • May 22 11:42
    bmatusiak synchronize #865
  • May 22 11:42
    bmatusiak closed #865
  • May 19 16:06
    bmatusiak opened #1236
  • May 19 01:36

    amark on master

    ok ack + webrtc Merge branch 'master' of http:/… bump (ok ack + webrtc) @Draeder… (compare)

  • May 17 23:08
    bresnow updated the wiki
  • May 16 01:07

    amark on master

    websocket ../index to ./index (… (compare)

  • May 16 01:07
    amark closed #1235
  • May 16 01:07
    amark commented #1235
  • May 15 21:38
    amark updated the wiki
  • May 15 21:37
    amark updated the wiki
  • May 15 20:04
    bmatusiak opened #1235
  • May 15 13:07
    bmatusiak updated the wiki
@amark yep havnt linked it up yet
Ronald Prato
Hey there! i've been reading the docs all day and i'm still having a question about delete data. What if i have a medium-deeply nested schema? if i set null to a node which have other relationships those get deleted as well ?
Wasis Haryo Sasoko
@Ronald-Prato no.
kristof de spiegeleer
trying to figure out how to use gun with typescript, but the examples I found don't work, anyone an idea, would be great
@amark Is there a way to log get requests on a node.js gun server?
yash deore
How long does a gun js server hold on to data .
Asking because I made a chat app but some hours later it did not show the previous messages .
Did you have a relay node set up or did you just use the browser's local storage?
has anyone combined RxJS with gun?
@yash-deore i think the one click heroku peers delete data every 15 mins
@yash-deore: if you are using some community gun relay (or even yours) that happen to be deployed on heroku free tier, the storage will be wiped after some minutes of inactivity. If you are using some real production environment it will be stored for ever.
@mossmanpete RxJS with Gun is a really good idea since they are both working with streams, definitely doable
Mark Nadal
@Ronald-Prato @despiegk @yash-deore @simjnd:matrix.org 👋👋
@rococtz:matrix.org 👏
@adam-12:matrix.org 👏
@simjnd:matrix.org 👏
@despiegk very few people seem to know how to fix typescript 😥 could someone on discord tag the typescript role and tell them to move here?
Mark Nadal
@deathg0d not an ways flag, but could add an adapter gun.on('in', cb
Tho it may need to be wired correctly, I need to update those docs...
I wonder if just using dts-gen to generate new typescript definition files would be better than what we have now.
yash deore
@rococtz:matrix.org @adam-12:matrix.org @amark Thanks a lot for your anticipation guys 😀.
Devin Santamaria

hey amazing ppl - I'm building a nextjs app, and getting the following err thrown when using getServerSideProps - interestingly, neither page is using any gun functionality.

ERROR    Error: Cannot find module './lib/text-encoding'
Require stack:
- /var/task/node_modules/gun/sea.js

has anyone run into this, or is a next/gun wizard who'd be willing to take a peak at my code?


@amark so the problem seems to be docker. My setup was:

ufw firewall
    - docker-compose
        - nginx proxy manager docker container
        - gundb node.js docker container

I could not debug the issue at all. All realtime updates are fine but unable to receive old data from the client side. I put logs on the node.js server to make sure it does have the data and it does. Connections also look fine. I have no idea what's wrong. It feels like when I spin up the docker instance and connect remote clients to it, the clients connect to a different gun instance that has no record of old file, which is so weird.

I changed the setup to:

ufw firewall
    - docker-compose 
       - nginx proxy manager docker container
    - gundb node.js run using pm2 instead of inside a docker container

And now the issue seems to be solved. I have some other pressing tasks right now so cannot really play around more for the time being, but it would be great if I could solve this using the docker container (docker compose). By doing this I could avoid node dependencies on the host machine. It would also be easier to maintain the server.

Mark Nadal
@webprismdevin look for any import or require statements of gun in your project (?)
@deathg0d wow that seems obscure, I can't believe you figured it out. Is it because Docker routes to a different container? I'm sure there is a way to force "sticky" sessions cause websockets in general need this.
Hey, there seem to be problem with: https://gun-manhattan.herokuapp.com/gun . I remember there was list of community /fallback gun servers do you know where i can find them?
Mark Nadal
@MaciejDot may be end-of-month it only has so many hours per month it can run. https://github.com/amark/gun/wiki/volunteer.dht yipes, I need to get docs & Secure Render finished so I can get on AXE again (which will automatically choose peers for you)
@amark thanks a lot for help

@despiegk i had the same problem i wrote some proxy types but its bit hacky and i dont use all functions from api so i didnt need full interface also i restricted their usage to end on first on() or once()

import Gun, { SEA } from "gun";
import 'gun/axe'
import 'gun/sea'
import { IGunConstructorOptions } from "gun/types/options";
import { AckCallback } from "gun/types/types";

type AuthArgs = [username: string, password: string, callback: (data: { err?: string }) => any] | [ pair :SEAPair, callback: (data: { err?: string }) => any]

export interface GunUser<T> {
    is?: undefined
    recall: (opt?: { sessionStorage: typeof sessionStorage }) => GunUser<T> |AuthenticatedGunUser<T>
    auth: (...t: AuthArgs) => GunUser<T> |AuthenticatedGunUser<T> 
    create: (...t: AuthArgs) => GunUser<T> |AuthenticatedGunUser<T> 

export interface AuthenticatedGunUser<T >{
    is: {
        alias: string | SEAPair
        epub: string
        pub: string
    get: <TKey extends keyof T>(name: TKey) => AuthenticatedGunUserTree<T, TKey> & Promise<T[TKey]>
    leave: () => void

type AuthenticatedGunUserTree<T  , TKey extends keyof T> = AuthenticatedGunUser<T[TKey]> & GunTree<T,TKey>;

interface GunGet<T> {
    get: <TKey extends keyof T>(name: TKey) =>  GunTree<T ,TKey> & GunGet<T[TKey]> &Promise<T[TKey]>

type GunTree<T  , TKey extends keyof T> = {
    on: (callback:(state:T[TKey], key: TKey) => any) => { off: ()=> void }
    once: (callback: (state:T[TKey], key: TKey) => any) => void
    put: (state: T[TKey], callback?: AckCallback, options ?: {opt ?: { cert ?: string}} ) => void,
    set: (state: T[TKey]) => void,
    map: (match?: any) => AuthenticatedGunUserTree<T[TKey], keyof T[TKey]>

export function isUserAuthenticated  <T>(user : GunUser<T> |AuthenticatedGunUser<T>): user is AuthenticatedGunUser<T>{
    return !!user.is

interface GunDefinition {
    user: <T>() => GunUser<T> | AuthenticatedGunUser<T>,
    get: <T,TKey extends keyof T>(name: TKey) =>  GunTree<T ,TKey> & GunGet<T[TKey]> &Promise<T[TKey]>,
    on: (eventName: 'auth', callback: () => any) => { off: ()=> void },

const TypedGun = Gun as any as {
    (options?: string | string[] | IGunConstructorOptions): GunDefinition;
    new (options?: string | string[] | IGunConstructorOptions): GunDefinition;

export interface SEAPair{
    epriv: string
    epub: string
    priv: string
    pub: string

type Authority = SEAPair

export const TypedSEA = SEA as any as {
    secret: (epubKey: string, pair: SEAPair) => Promise<string>
    pair: () => Promise<SEAPair>
    sign: (data:any, pair: SEAPair) => Promise<string>
    verify: <T>(data: string, pair: SEAPair | string) => Promise<T | undefined>
    encrypt: (data:any, pair: SEAPair | string) => Promise<string>
    decrypt: <T>(data:string, pair: SEAPair | string) => Promise<T| undefined>
    certify: (user : string | string[]| {pub:string} | {pub:string}[], policies: any, pair: Authority, callback: (cert:string) => any, opt?: { blacklist?: string, expiry?:number }) => Promise<string>

just use TypedGun or TypedSEA


@amark. Please implement this Forum as multiple threads initiated by each user, not a single thread currently. It is just a mess. Shift this Forum to reddit, and leave gitter?

@amark how can I change the username or alias for gun.user()?

@amark. I want to implement state management on the Clent-side using gundb. I want to expose only a subset of nodes e.g. gun.get("sessionid") on Client-side. I searched a lot, but still have doubts what if client-side hacking may access full gun graph network using XSS/code-injection. What security measures should I take? Is including SEA library enough security measure?

@amark. I am implementing gundb for a production grade app.

First post. Been stuck on reproducing the basic to-do list example on my desktop. Initialized the http server at local host and ran the following code. The list doesn't update or really do anything. Understand this is extremely basic, but I've been stuck for days now. Thanks!

// Clear out localstorage to give Gun a fresh start on every load

// Import Gun as a dependency
import Gun from 'gun'

var gun = Gun();

const server = require('http').createServer().listen(8080);
const gun = Gun({web: server});

var items = gun.get('items');

$('form').on('submit', function(e){

items.map().on(function(item, id){
var li = $('#' + id).get(0) || $('<li>').attr('id', id).appendTo('ul');
} else {

Barłomiej Bąk
@shecky2000 it seems you messed up browser and server side there
you can setup your own super peer using nodejs, but for now you can use a public server
so what you need to do is
const gun = Gun( / settings /)
and you are good to go
5 replies
remember that public servers are used by many other developers and reset data every 15 min or so
Magnus Furcifer

Sorry if this is a silly question, but I've been going over the docs today and I don't quite understand conceptually how the scopes work. So I think I get how user contexts work with storing data like in the following snippet:
$('#said').on('submit', function(e){
if(!user.is){ return }

where the get/set/map methods apply to that users space, but if any endpoint can set data into the global space doesn't that mean that the global data set can be flooded? or is there some logic in the relay servers that I'm not understanding that prevents arbitrary data from being ingested and stored?

If I created an instance of gun with a public peer, is there anything stopping me just smashing it with data?
sua yoo

thoughts on how i would achieve key pair rotation for users created with user.create? reading the docs, it seems that gun users are essentially key pairs generated with SEA.pair(). does this mean i need to keep my own way of mapping usernames/alias to a pair, something like:

SEA.pair(({pair}) => {

  // use `.activePublicKey` to encrypt, certify, etc.

or will gun.user().create(oldUsername, oldPaassphrase) automatically update the keys? (nope that would return a "user already exists" error.)

Barłomiej Bąk
@SuaYoo I'm not sure what are you trying to achieve, but in general user is identified by SEA keys(), you should keep them secret, except for the public key. You can use them for encrytpion, but it's not a must, you can generate another pair of keys for encryption purposes. You can use user's keys for authentication instead of login/password. The advantage of using keys for authentication is that it does not require lookup which means it's faster than login/password way
1 reply
Barłomiej Bąk

@amark hey Mark, I guess I know why I had issue with missing data in .map().on(). It seem that 'on' cannot be async like

gun.get('docs').map().on(async data => { ... })

Maybe I'm wrong, but since I removed async from my code I have better results

@magnusfurcifer_twitter: First of all, the global space should not be used because anyone can change it or even delete it. All data must be stored in user nodes (because only that particular user can change the data by default and nobody else) or using Content Addressing (nobody can change it, not even the creator).
Second of all, if someone decides to dump a lot of data in your network, the only problem is that you will end-up storing it for them and nothing else. The apps you build will not care about that data and they won't download it on their clients. If you still want to restrict write access to the network based on some rules, you can have a loot at https://github.com/zrrrzzt/bullet-catcher but I haven't used it myself, I only know of it. The problem is that it goes against the Gun philosophy on long term where everybody should be able to donate their relays to the network and we all use and enjoy the network together (with the purpose of better redundancy, wider distribution around the world and at lower costs)
1 reply
Mark Nadal
@despiegk :clap: @MaciejDot ! Can you contribute that to the Type Definitions or ... ANYONE, literally ANYONE, help edit this page? https://github.com/amark/gun/wiki/TypeScript
@awaisnazir21 :) :wave: . Sorry, :( that makes it hard for me to answer people versus a thread. I'm more than happy for the community to use a forum, but if a question fallsback to me... it needs to be accessible for me to process. :/
I think all you have to do is gun.get('@newAliasYouWant').set(user) (where user is logged in)
XSS is sadly every app owner's responsibility to handle, tho I think I figured out a new way to fix this, and hope to be demoing a prototype soon. The Iris app does do a local-only GUN peer for indexing tho, by local = GUN(); gun = GUN(peers);. Does this help?
Congrats!! How many active users does your app currently have!?
@shecky2000 a few days! Oh noooo! THat's not good, the rule is 5min!! (partly cause sometimes it takes a day to get a reply). :clap: @dweorh_twitter was fast tho! Were you able to get it fixed? Seems like it. Remember, browsers still require :( :( bootstrapping peers to make WebRTC connections or sync. Tho we're working with browsers... (they're so slow) to maybe fix this in the future. NodeJS is able to access UDP multicast tho, so its more powerful than browsers.
@magnusfurcifer_twitter :wave: . :clap: :clap: @rococtz:matrix.org well said! Also: User space only allows the user to write to it. Public space can be written to by anyone, yes. If you're worried about that, just don't use the public space - that's fine. But its an important feature for some apps. We'll be building DDoS protection and stuff into AXE, but not there yet (the real 60 million users is DDoSing things enough, that I'm trying to scale up for, not even bots!).
@SuaYoo :clap: @dweorh_twitter tho yeah, Iris plans to enable key rotation management in the future, but even it (probably the most advanced app on this stuff so far) hasn't built it yet either. So key rotation is important, but I haven't seen it demoed yet.
@dweorh_twitter hmmm. Any JS function should be allowed to be async, this would be very mysterious if true. Can you replicate?
Mark Nadal
Hey everyone + @rogowski , important security question & help I can't find an answer to:
UntrustedApp.com -> iframe.src = TrustedApp.com -> sandboxIframe
The whole reason I was adding a trusted iframe between the sandboxIframe is to STOP/PREVENT sandboxIframe being able to talk to UntrustedApp.com, but so far... untrusted sandbox code injected into the sandbox could still postMessage to UntrustedApp.com, I need to stop this. How?
@daviddahl do you know any people who would know the answer ^?
Lorenzo Mangani @qxip
Isn't that what COOP/COEP are for?
@amark or i just can repair ts definition that is shipped with package
then there want be need for documentation types
tedd pasta
made some updates
it now shows examples
if you use gun-fetch without a special character as the first letter of the url, then it will assume you are wanting user interaction. special characters are for non-user interactions, like regular gun.get() path. for example '_' is path(gun.get())