nebulade
commented
6 years ago That seem indeed to be an oversight on my end.
Out of curiosity, what is the reason to reimplement the backend?
Closed hugot closed 4 years ago
nebulade
commented
6 years ago That seem indeed to be an oversight on my end.
Out of curiosity, what is the reason to reimplement the backend?
hugot
commented
6 years ago Well, first of all, I really love the app! Working with tags is just such an easy way to categorize things and the simplistic UI is very nice, as well as the archive feature, it's just perfect for my workflow, and for my private notes as well. You've done a really nice job on the app man! :)
The reason I reimplemented the backend is mostly that I found installing mongoDB a huge pain, and it did not play nicely with my environment. I run most of my apps on a raspberry pi atm, which has an ARM CPU. That ARM CPU meant that I could not install MongoDB version 2.6.x, because the project did not support ARM at the time that version was released. The alternative was to use version 2.4 from the debian repo's, which worked, but the search functionality wouldn't work (something about a syntax error). Then I decided that version 3.0.9 might be worth a try as that does support ARM, but using that version made my entire database process crash when performing a full text search (yes I kid you not, the whole thing just panicked and crashed).
After that, I decided that I could not trust MongoDB to work well for my use case, but i really liked the app and I figured that I might as well reimplement the backend and make it work with a mysql(-compliant) database. A huge plus of mysql/mariadadb for me is that it is easy to install and manage, it works well without needing a lot of memory, and that the API does not have as many backwards compatibility breakages between versions.
You can take a look at my fork here: https://github.com/hugot/meemo . I haven't updated the README yet and it is still rough around the edges, but I have all the basic functionalities working and I plan on adding more soon :nerd_face:
sprnza
commented
5 years ago @nebulade do you have plans to fix this? Thank you for the great app.
nebulade
commented
5 years ago Actually thanks for the heads up, I will have another look at that.
While reimplementing meemo's backend, I noticed that in your implementation, attachments of private notes are visible for outsiders as you have not implemented a way to check for a users credentials when serving these attachments.
I think that this is very bad because private notes are private for a reason, and their attachments shouldn't be treated differently.
Your users probably count on their attachments being private, which means that they might be exposing private documents and photo's to anyone with malicious intent without even knowing it.
I hope you find a way to fix this and roll it out to your users, cheers! :)