nurdism/neko

Minor problems spotted

m1k1o opened this issue · 7 comments

m1k1o commented

I have found some non-critical problems, that could be considered in upcomming release, if there will be enough time.

  • It automatically distributes my public IP in SDP (if it fails to get some, then it reaches out to local). Maybe I want to run my container in local environment, where I don't have open ports to outside. Mentioned it #37 (comment)

  • There should be option, if i want to trust X-Forwarded-Headers. Introduced at 362cf6c.

  • Password should not be visible in console, or in network tab. It should be at least hashed. Mentioned by #37 (comment).

  • If I lock room and get disconnected, I can't join. Maybe if system detects, everyone left locked room, it should unlock it or at least let admin log in.

  • If there are two admins, kick, mute & ban controls are displayed but they don't do anything. Should be hidden.

  • It would be great, if usage of adorable avatars was optional.

  • After user is kicked, he joins back with empty name:

image

I'm using Chrome 80 @ Win10. I will be happy to implement some features over time.

It automatically distributes my public IP in SDP (if it fails to get some, then it reaches out to local). Maybe I want to run my container in local environment, where I don't have open ports to outside. Mentioned it #37 (comment)

This is by design as neko was made to run on an external network by default, localhost/local networks is really only meant for local dev, doesn't make sense to have it local if you can just open up a browser on your pc.

There should be option, if i want to trust X-Forwarded-Headers. Introduced at 362cf6c.

good catch that should be an easy fix

Password should not be visible in console, or in network tab. It should be at least hashed. Mentioned by #37 (comment).

Not sure this one can really be helped here, if we hash the password we'd still have to hash it on the client and send it, which would be visible. Either way we do it, the password will be visible, I log the password for debug purposes. If your neko instance is under https then it shouldn't be an issue security wise

If I lock room and get disconnected, I can't join. Maybe if system detects, everyone left locked room, it should unlock it or at least let admin log in.

I'll have to look into this one, but good catch

If there are two admins, kick, mute & ban controls are displayed but they don't do anything. Should be hidden.

also good catch.

It would be great, if usage of adorable avatars was optional.

good idea, any suggestions for an alternative/placeholder image?

After user is kicked, he joins back with empty name:

also good catch.

m1k1o commented

This is by design as neko was made to run on an external network by default, localhost/local networks is really only meant for local dev, doesn't make sense to have it local if you can just open up a browser on your pc.

With streaming option in the future it should be interesting to run neko locally and stream to YouTube (or TV). Using neko as sandboxed streaming environment.

Oh for sure, that's definitely a use case, but I think by default it should be set up for external networks with the option to use locally. Might want to set up a few docker-compose examples for different use cases like this

idea for avatars https://avatars.dicebear.com/ maybe make a client option to set what api to use

m1k1o commented

Set from list of apis or maybe allow own api?

NEKO_AVATARS: ''http://my_service/avatars/{username}.jpg'

Or any other placeholder for username.

Or allow to turn off avatars and I.E. displaying just circle with first two letters (as idea)?

--disable-avatars

But that's client thing... yeah...

idea: https://jdenticon.com/

But that's client thing... yeah...

@m1k1o I’ve always been a fan of generating an unique HSL color from the user’s display name. Provides a way to differentiate users and is as minimal as you can take it IMHO.

m1k1o commented

@alectrocute I've implemeted it in my fork already m1k1o/neko@299b1d7. I could create PR, but there was similar PR at the same time #105.