mayeaux
commented
4 years ago @BassOfBass can you point me to an example so I can see what you mean?
Open BassOfBass opened 4 years ago
mayeaux
commented
4 years ago @BassOfBass can you point me to an example so I can see what you mean?
BassOfBass
commented
4 years ago @mayeaux Just open element inspector on any page of newtube.app and I guarantee there will be a bunch of html comments in the DOM tree, a lot of them feature pug syntax and sometimes even commented js code, which may or may not be working and thus potentially can become a source of vulnerabilities.
BassOfBass
commented
4 years ago Something along these lines: https://github.com/BassOfBass/nodetube/commit/fe3c916da066f60649cc8d709ee2c97386896848 Not doing a pull request because I am on win7 and thus can't install Redis and MongoDB clients which also means I can't run local dev server. Is there a way to start it using cloud Redis?
mayeaux
commented
4 years ago You should be able to install Mongo and Redis on Windows still. Otherwise if you get a redis/mongo url from Heroku for example that'd be fine too (a cloud provider of each)
BassOfBass
commented
4 years ago So I've kinda figured the setup out and can even start in dev mode, but Redis spews Uncaught Exception: ReplyError: NOAUTH Authentication required errors. After some research I found it requires password, which isn't the part of URL.
The endpoint link from redislabs doesn't look like it has the space for password, so where does it go?
mayeaux
commented
4 years ago config/redis.js:4
Set it as a process var or in .env.private
BassOfBass
commented
4 years ago I did set it in .env.private, but it doesn't look like Redis Cloud server URL follows the format expected by createClient(), judging by the code in redis.js.
It accepts the URL, but then complains about NOAUTH during development and tests, which makes me assume the auth/password should be a part of URL somehow.
BassOfBass
commented
4 years ago https://github.com/mayeaux/nodetube/pull/363 Pretty sure these changes don't require to pass all tests.
The
//comments are used for html comments and thus spill into production code. The javascript comments are marked by//-as per pug docs. I don't think there are a lot of cases requiring explicit html comments in production files.