j3k0 / ganomede-notifications

Long-pull notification service for Ganomede
0 stars 0 forks source link

General maintenance: upgrade node and libs #29

Closed j3k0 closed 8 years ago

j3k0 commented 8 years ago
elmigranto commented 8 years ago

I added spoofing with API_SECRET. One caveat — online list requires email to be present, not sure what you want done about that, maybe leave current check, but add or user._secret? I left it as is for now, so there is no way to add user to online list with API_SECRET.

elmigranto commented 8 years ago

I've updated some of the libs, specifically those that should not be a problem judgine on changelogs and other modules where we either started or upgraded to newer versions. However, I'm a bit reluctant to switch some of the others, specifically:

Let me know if you'd like me to look into any of those.

j3k0 commented 8 years ago

there is no way to add user to online list with API_SECRET.

It's alright: very minor (we'll probably never need that).

BTW why would the email be required for onlinelist, just wondering? That's part of a side question: we're discussing the option to allow users to change the email address associated with their account. To accomodate with way "authdb" works so far, we'll need to add a store "{ signupEmail => currentEmail }". Then, we make 2 requests at each authentication (current one to get user info + 1 request to override email with the current email). As far as I remember, the user's email address is mostly never used throughout the app. So I though we might just wipe it out from authdb store altogether? (thus my original question, why is it used by onlinelist)

[...] stuff to upgrade that requires some effort or might be a little risky [...] Let me know if you'd like me to look into any of those.

No, let's keep that aside.

elmigranto commented 8 years ago

My guess would be that users won't appear "online" when we access their endpoints with API_SECRET.