elective-stereophonic
elective-stereophonic
[Client Plugins] Specification / Developers Guide singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client: Nxt 1.11.15

Pages: 1 2 3 ... 5 [All]

Author Topic: [Client Plugins] Specification / Developers Guide  (Read 32012 times)

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
[Client Plugins] Specification / Developers Guide
« on: February 18, 2015, 09:24:13 am »

Hi guys,
here the draft for the developers guide for upcoming plugin system for the NRS client, directly copied from the DEVELOPERS-GUIDE.md readme file:

----
# PLUGIN DEVELOPERS GUIDE #

----
Current Plugin Version: 1

## Introduction ##

By developing a plugin, you can add functionality to the NRS client. Have
a look at the client source code and documentation to get an overview
about the various javascript APIs and best practices and examples how to
use them.

For a plugin to be valid is has to be delivered with a minimum set of files
and come with a ``manifest.json`` plugin manifest file being compatibel with
the current major plugin version and providing some meta information about
the plugin.

----
## Example Plugin ##

There is an example plugin ``hello_world`` which can be found in the ``plugins``
folder. If you want to see this plugin in the client UI you can activate it
in the associated ``manifest.json`` file by setting the ``deactivated`` flag to ``false``.

----
## File Structure ###

The following is the minimal file structure for a plugin:

```
[plugin_name]/
[plugin_name]/manifest.json
[plugin_name]/html/pages/[plugin_name].html
[plugin_name]/html/modals/[plugin_name].html
[plugin_name]/js/nrs.[plugin_name].js
[plugin_name]/css/[plugin_name].css
```

### Manifest File ###

Meta information about the plugin is provided as a ``JSON`` dictionary in a
``manifest.json`` file in following format:

```
{
    //mandatory
    "pluginVersion": 1, //Integer, don't use parenthesis!
   
    "name": "Name of your plugin", //max. 20 characters
    "myVersion": "Your plugin version", //no format requirements
    "short_description": "A description of your plugin", //max. 200 characters
    "infoUrl": "http://infosaboutmyplugin.info",
    "startPage": "p_hello_world", //One of the pages used for NRS.pages.PAGENAME method(s)

    "nrsVersion": "1.5.0", //ALWAYS provide three sequence numbers, no additions like "e"!

    //optional
    "deactivated": true, //hard-set deactivation, default: false
    "sidebarOptOut": true //opt out of being listed under sidebar "Plugins" entry, default: false
}
```

Hint: Don't use comments in your own ``JSON`` file!

### Plugin Compatibility/Valdation ###

Plugins are compatible when the manifest file is written for the same
major plugin version supported by the installed client.

Mayor plugin versions won't change very often, minor plugin version releases will
remain compatible within the major version.

After a detected plugin is determined as compatible the NRS client will be validating the
manifest file format and file structure.

### NRS Compatibility ###

Due to the broad scope of plugins the functional compatility of the plugin
with various NRS versions can't be guaranteed by the plugin mechanism
and is the responsibility of the plugin creator.

The ``nrs_version`` attribute in the manifest file indicates the NRS version
the plugin was written for. Due to possible changes in javascript API behaviour
it is recommended to release a new plugin version for every new NRS release,
though a plugin will still be running after minor release updates (e.g. a
plugin written for "1.5.1" running under "1.5.5" client installation).

After a major NRS update (e.g. from "1.5.9" to "1.6.0"), the plugin will stop
working and has to be updated.

## Best Practices for Development ##

- Namespace your function names, CSS IDs and classes and other possible
identifiers to avoid collisions affecting core NRS behaviour
- Convention vor namespacing: "p_[PLUGINNAME]_[LOCALIDENTIFIER]", e.g.
"p_hello_world_info_modal"
- Don't manipulate non-plugin HTML or CSS with your javascript code or CSS
declarations

----
## Changelog ##

**Version 1.0, 2015/02/16**

Initial plugin/manifest version
« Last Edit: February 18, 2015, 09:26:44 am by HolgerD77 »
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1794
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #1 on: February 18, 2015, 09:45:43 am »

After a major NRS update (e.g. from "1.5.9" to "1.6.0"), the plugin will stop
working and has to be updated.

I don't think this is necessary. Chances are most plugins will continue to work on a minor upgrade and we can't expect developers to update their plugins every 2 month.
I would just restrict plugin version to be less than or equal to the NRS version so that new plugins cannot work with old client versions and display the plugin version in a visible location.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

SwissAlps

  • Hero Member
  • *****
  • Karma: +31/-16
  • Offline Offline
  • Posts: 519
    • View Profile
    • NxtTracker.com
Re: [Client Plugins] Specification / Developers Guide
« Reply #2 on: February 18, 2015, 09:57:03 am »

Would like to try this "Hello world", but I do not know where to find this "Plugin" folder...?
 ???

OK, just found it using Wikipedia...oops
« Last Edit: February 18, 2015, 09:59:15 am by SwissAlps »
Logged
CryptoNanoPay project
Note that the "Barter Point" test has just started...

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #3 on: February 18, 2015, 10:49:03 am »

Would like to try this "Hello world", but I do not know where to find this "Plugin" folder...?
 ???

OK, just found it using Wikipedia...oops

can you enlighten us?

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #4 on: February 18, 2015, 12:40:40 pm »

After a major NRS update (e.g. from "1.5.9" to "1.6.0"), the plugin will stop
working and has to be updated.

I don't think this is necessary. Chances are most plugins will continue to work on a minor upgrade and we can't expect developers to update their plugins every 2 month.
I would just restrict plugin version to be less than or equal to the NRS version so that new plugins cannot work with old client versions and display the plugin version in a visible location.

Ok, will change that and just show a warning.
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #5 on: February 18, 2015, 12:42:13 pm »

Would like to try this "Hello world", but I do not know where to find this "Plugin" folder...?
 ???

OK, just found it using Wikipedia...oops

One of the most cryptic posts I read on this forum to date. :-)
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #6 on: February 18, 2015, 12:45:25 pm »

But I have the same problem. Where is the "plugin" folder? I would like to port my plugin to the tool so it can be published soon ;)

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1794
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #7 on: February 18, 2015, 01:06:59 pm »

But I have the same problem. Where is the "plugin" folder? I would like to port my plugin to the tool so it can be published soon ;)

It will be available in 1.5.0e
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #8 on: February 18, 2015, 01:08:43 pm »

Current status of plugins overview page:

Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #9 on: February 18, 2015, 03:32:43 pm »

Ok, I have setup all the things you defined above. Would be ready for testing =)

jones

  • Hero Member
  • *****
  • Karma: +310/-8
  • Offline Offline
  • Posts: 1043
  • write code not war
    • View Profile
    • jNxt
Re: [Client Plugins] Specification / Developers Guide
« Reply #10 on: February 18, 2015, 07:31:27 pm »

I suggest adding a section to include a validation token.

createToken(sha256(plugincode), personWhoMadeItsAccount).

That way we can validate that this person did create the plugin and that the text of the plugin you recieved is correct and from that person who owns that account at a specific time.

Also managing security is tough, what if I make a plugin that just sends everyones balance to my account, A system of code reviewers signing off on plugins would be helpful down the line.
Logged
-- Jones NXT-RJU8-JSNR-H9J4-2KWKY

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-589
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #11 on: February 18, 2015, 07:32:01 pm »

This is great.

Could Multigateway (and every other shit out there) be developed as a plugin, please.
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #12 on: February 18, 2015, 08:47:09 pm »

I suggest adding a section to include a validation token.

createToken(sha256(plugincode), personWhoMadeItsAccount).

That way we can validate that this person did create the plugin and that the text of the plugin you recieved is correct and from that person who owns that account at a specific time.

Could you describe this a bit more detailed in a few steps and separated by actions by plugin creator and plugin user? Not yet really understand the process.
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #13 on: February 18, 2015, 10:05:31 pm »


This is great.

Could Multigateway (and every other shit out there) be developed as a plugin, please.

Yes would work, I would expect multigateway to issue a plugin, the trade volume would grow significantly.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
[Client Plugins] Specification / Developers Guide
« Reply #14 on: February 18, 2015, 10:10:00 pm »

Great work Holger.

How do you access each of the launched plugins UI? Appear as a sub menu item in plugins?
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

Sebastien256

  • Hero Member
  • *****
  • Karma: +169/-24
  • Offline Offline
  • Posts: 2823
  • ^LOOK UP^ = Nxt community!
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #15 on: February 18, 2015, 10:26:35 pm »


This is great.

Could Multigateway (and every other shit out there) be developed as a plugin, please.

Yes would work, I would expect multigateway to issue a plugin, the trade volume would grow significantly.

That would awesome. Exactly what is need now! With 2 phase transaction in NRS 1.5 mgw could be much less centralized. This would be very good.
Logged
Please drop your ideas concerning Nxt and/or NRS in this topic -> List of feature request for Nxt and/or NRS (with the full list in OP).

jones

  • Hero Member
  • *****
  • Karma: +310/-8
  • Offline Offline
  • Posts: 1043
  • write code not war
    • View Profile
    • jNxt
Re: [Client Plugins] Specification / Developers Guide
« Reply #16 on: February 18, 2015, 10:44:50 pm »

I suggest adding a section to include a validation token.

createToken(sha256(plugincode), personWhoMadeItsAccount).

That way we can validate that this person did create the plugin and that the text of the plugin you recieved is correct and from that person who owns that account at a specific time.

Could you describe this a bit more detailed in a few steps and separated by actions by plugin creator and plugin user? Not yet really understand the process.

1. User completes the entire plugin with manifest, signature field is empty.
2. User takes a sha256 sum of all the files in the directory of the plugin, (through a command or a tool can be made)
3. User puts the hash into token of nxt client.
4. User takes the token generated and adds it to the manifest.

Validating:
1. Valudator zeros the signature spot and hashes the plugin
2. Compares the hash and public key to affirm the token signature.
3. If it passes this plugin is valid.
Logged
-- Jones NXT-RJU8-JSNR-H9J4-2KWKY

SwissAlps

  • Hero Member
  • *****
  • Karma: +31/-16
  • Offline Offline
  • Posts: 519
    • View Profile
    • NxtTracker.com
Re: [Client Plugins] Specification / Developers Guide
« Reply #17 on: February 19, 2015, 06:45:41 am »

Would like to try this "Hello world", but I do not know where to find this "Plugin" folder...?
 ???

OK, just found it using Wikipedia...oops

One of the most cryptic posts I read on this forum to date. :-)

Sorry, I was just trying to have a first view of how this plugins are working, so yes, wiki was quite helpful... ;D

May be I come later with other very strange questions...
Logged
CryptoNanoPay project
Note that the "Barter Point" test has just started...

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #18 on: February 19, 2015, 06:52:39 am »

Great work Holger.

How do you access each of the launched plugins UI? Appear as a sub menu item in plugins?

Yes, that's standard behaviour like in following screenshot of example hello_world plugin. Plugins can also opt out of sidebar integration (after current specification) and manage their own navi item e.g. to build up something more complex with subpages and the like.

Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #19 on: February 19, 2015, 06:57:53 am »

Yes would work, I would expect multigateway to issue a plugin, the trade volume would grow significantly.

That would awesome. Exactly what is need now! With 2 phase transaction in NRS 1.5 mgw could be much less centralized. This would be very good.

As far as I understand it, this needs also account control (which is basically 2phased transactions behaviour locked/set to mandatory for an account), which is not part of 1.5.0 yet and will come one or two major releases later. Nevertheless a good step in this direction though.

What I didn't follow: is MGW meanwhile completely merged with SuperNET, so does MGW-plugin means SuperNet plugin? Or is this still handled as separate technologies?
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #20 on: February 19, 2015, 06:59:02 am »

Sorry, I was just trying to have a first view of how this plugins are working, so yes, wiki was quite helpful... ;D

May be I come later with other very strange questions...

You're very welcome! :-)
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #21 on: February 19, 2015, 07:09:21 am »

Security wise there will be a very visible security note on login page, before any JS code of a plugin was loaded. Same note is also placed very prominently in the plugins folder. After logging in a user has to know what he/she is doing.

I could imagine that there will be some kind of app/plugin store/repository, where trusted users from the Nxt community curate a selected set of plugins to make sure these can be used safely. For the more prominent ones like MGW the trust level is more or less the same like for the NRS client itself (where you also have to trust some people).

And when account control is released, security situation relaxes a lot, then it will be possible to use plugins just in 2-factor-authentication secured environments and a plugin can't alone control/issue a transaction.

Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

shin

  • Sr. Member
  • ****
  • Karma: +47/-4
  • Offline Offline
  • Posts: 456
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #22 on: February 19, 2015, 07:27:16 am »

Is it a good idea to have a 'safe mode' button too? All plugins will then be ignored and not activated. :)
Logged
Wallet: NXT-ELEB-XT6G-L475-HXRFX • 18354136531262130569 • Twitter: Shin NXT

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #23 on: February 19, 2015, 09:29:12 am »

Is it a good idea to have a 'safe mode' button too? All plugins will then be ignored and not activated. :)

Yes, that's actually a brilliant idea, will add this asap.
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #24 on: February 19, 2015, 05:03:32 pm »


Is it a good idea to have a 'safe mode' button too? All plugins will then be ignored and not activated. :)

Great idea
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

shin

  • Sr. Member
  • ****
  • Karma: +47/-4
  • Offline Offline
  • Posts: 456
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #25 on: February 19, 2015, 05:22:15 pm »

Sweet!!
Logged
Wallet: NXT-ELEB-XT6G-L475-HXRFX • 18354136531262130569 • Twitter: Shin NXT

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #26 on: February 19, 2015, 09:40:23 pm »

Is it possible to use third-party plugins in a plugin/js/3rdparty folder?

Daedelus

  • Hero Member
  • *****
  • Karma: +230/-12
  • Offline Offline
  • Posts: 3280
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #27 on: February 19, 2015, 11:25:12 pm »

Is it a good idea to have a 'safe mode' button too? All plugins will then be ignored and not activated. :)

Damn it, I was just about to say that  :D  On the front page pls, next to the "remember my passphrase" bit

Good thinking shin  ;D
Logged
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #28 on: February 20, 2015, 02:37:03 am »

First plugin almost finished :)

https://www.youtube.com/watch?v=JBsKVJYbitY

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #29 on: February 20, 2015, 08:22:25 am »

Is it possible to use third-party plugins in a plugin/js/3rdparty folder?

Not really getting this idea actually.
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #30 on: February 20, 2015, 08:25:08 am »

First plugin almost finished :)

https://www.youtube.com/watch?v=JBsKVJYbitY

Wow, totally speechless. This looks amazing! :-)
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #32 on: February 20, 2015, 09:32:31 am »

Random thought, not sure if technically possible.

A plugin that checks other plugins for potential security issues. I.e. lists every NRS API call listed within a certain plugin, maybe flagging the more risky types e.g. Send money.

Obviously couldn't trust completely and would still have to exercise caution, but could be used to help keep users safe.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #33 on: February 20, 2015, 05:54:03 pm »



Better?
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

jones

  • Hero Member
  • *****
  • Karma: +310/-8
  • Offline Offline
  • Posts: 1043
  • write code not war
    • View Profile
    • jNxt
Re: [Client Plugins] Specification / Developers Guide
« Reply #34 on: February 20, 2015, 05:55:20 pm »

I suggest adding a section to include a validation token.

createToken(sha256(plugincode), personWhoMadeItsAccount).

That way we can validate that this person did create the plugin and that the text of the plugin you recieved is correct and from that person who owns that account at a specific time.

Could you describe this a bit more detailed in a few steps and separated by actions by plugin creator and plugin user? Not yet really understand the process.

1. User completes the entire plugin with manifest, signature field is empty.
2. User takes a sha256 sum of all the files in the directory of the plugin, (through a command or a tool can be made)
3. User puts the hash into token of nxt client.
4. User takes the token generated and adds it to the manifest.

Validating:
1. Valudator zeros the signature spot and hashes the plugin
2. Compares the hash and public key to affirm the token signature.
3. If it passes this plugin is valid.

Bump, I feel this should at least be an option if not required, I will probably implement a plugin validator plugin anyways.
Logged
-- Jones NXT-RJU8-JSNR-H9J4-2KWKY

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #35 on: February 20, 2015, 05:56:01 pm »

Next teaser for the plugin system ;)

https://www.youtube.com/watch?v=a6lcrNh9AuI

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #36 on: February 20, 2015, 06:17:14 pm »


Current status of plugins overview page:



Off topic but when did blocks and peers disappear from the menu? I'm glad they are no longer there, but how do you get to those pages now?
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

MrV777

  • Hero Member
  • *****
  • Karma: +115/-4
  • Offline Offline
  • Posts: 988
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #37 on: February 20, 2015, 06:20:07 pm »

Off topic but when did blocks and peers disappear from the menu? I'm glad they are no longer there, but how do you get to those pages now?

They are now under the gear menu in the top right




Edit: HolgerD77 is to thank for this
« Last Edit: February 20, 2015, 06:35:45 pm by MrV777 »
Logged
NXT: NXT-BK2J-ZMY4-93UY-8EM9V
NXT nodes: 209.222.98.250, 216.155.128.10

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
[Client Plugins] Specification / Developers Guide
« Reply #38 on: February 20, 2015, 06:30:51 pm »

Off topic but when did blocks and peers disappear from the menu? I'm glad they are no longer there, but how do you get to those pages now?

They are now under the gear menu in the top right



Cheers, nice work.

Maybe for making more space 'my store' could be under the marketplace sub menu, a sub menu in a sub menu if possible. As I can't imagine there are enough users having a store to warrant it being a main menu item.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #39 on: February 20, 2015, 07:07:13 pm »

I suggest adding a section to include a validation token.

createToken(sha256(plugincode), personWhoMadeItsAccount).

That way we can validate that this person did create the plugin and that the text of the plugin you recieved is correct and from that person who owns that account at a specific time.

Could you describe this a bit more detailed in a few steps and separated by actions by plugin creator and plugin user? Not yet really understand the process.

1. User completes the entire plugin with manifest, signature field is empty.
2. User takes a sha256 sum of all the files in the directory of the plugin, (through a command or a tool can be made)
3. User puts the hash into token of nxt client.
4. User takes the token generated and adds it to the manifest.

Validating:
1. Valudator zeros the signature spot and hashes the plugin
2. Compares the hash and public key to affirm the token signature.
3. If it passes this plugin is valid.

Bump, I feel this should at least be an option if not required, I will probably implement a plugin validator plugin anyways.

Yes! Mightn't make it for first version, but should be in later versions. Perhaps plugin creators can review each other's plugins so that several eyes have been on each plugin after the files have been hashed and before they are likely to be used by everyone else.
Logged
NXT-CSED-4PK5-AR4V-6UB5V

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #40 on: February 21, 2015, 05:00:35 pm »

Is it possible to use third-party plugins in a plugin/js/3rdparty folder?

Not really getting this idea actually.

sry, brainfart :D

xchrix

  • Guest
Re: [Client Plugins] Specification / Developers Guide
« Reply #41 on: February 23, 2015, 08:18:58 pm »

is it possible to generate a token as plugin?
i think about doing some ajax calls to a webservice and this service needs a token to identify the NXT account.
Logged

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #42 on: February 23, 2015, 08:21:55 pm »

is it possible to generate a token as plugin?
i think about doing some ajax calls to a webservice and this service needs a token to identify the NXT account.

yes, you can use all the NRS functions and make your own requests. Have not been using this plugin integration yet but this is how I understand it.

Check out nrs.server.js and nrs.util.js which will be really helpful for you ;)

xchrix

  • Guest
Re: [Client Plugins] Specification / Developers Guide
« Reply #43 on: February 23, 2015, 08:47:46 pm »

i know i am able to make a request to the NXT API and call the generateToken function
http://wiki.nxtcrypto.org/wiki/Nxt_API#Generate_Token
but that means i have to provide the passphrase. i dont think plugins should have access to the passphrase!


is it possible to generate a token as plugin?
i think about doing some ajax calls to a webservice and this service needs a token to identify the NXT account.

yes, you can use all the NRS functions and make your own requests. Have not been using this plugin integration yet but this is how I understand it.

Check out nrs.server.js and nrs.util.js which will be really helpful for you ;)
Logged

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #44 on: February 23, 2015, 08:54:35 pm »

i know i am able to make a request to the NXT API and call the generateToken function
http://wiki.nxtcrypto.org/wiki/Nxt_API#Generate_Token
but that means i have to provide the passphrase. i dont think plugins should have access to the passphrase!

But they do! There's no sandboxing. Downloaded plugins have to be trusted.
Logged
NXT-CSED-4PK5-AR4V-6UB5V

NxtSwe

  • Hero Member
  • *****
  • Karma: +124/-9
  • Offline Offline
  • Posts: 657
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #45 on: February 23, 2015, 08:58:41 pm »

i know i am able to make a request to the NXT API and call the generateToken function
http://wiki.nxtcrypto.org/wiki/Nxt_API#Generate_Token
but that means i have to provide the passphrase. i dont think plugins should have access to the passphrase!

But they do! There's no sandboxing. Downloaded plugins have to be trusted.

 :o
I hope this point is extremely clear in the UI when installing/downloading the plugin!

Edit:
No offense, I love the whole consept of plugins!
I would just hate to see it fail because of angry users who get robbed because they did not know the capabilities of what a plugin can/can't do.
Logged
Check out the NxtLib, the .NET Framework API for the Nxt platform.

jones

  • Hero Member
  • *****
  • Karma: +310/-8
  • Offline Offline
  • Posts: 1043
  • write code not war
    • View Profile
    • jNxt
Re: [Client Plugins] Specification / Developers Guide
« Reply #46 on: February 24, 2015, 02:27:37 am »

is it possible to generate a token as plugin?
i think about doing some ajax calls to a webservice and this service needs a token to identify the NXT account.

yes, you can use all the NRS functions and make your own requests. Have not been using this plugin integration yet but this is how I understand it.

Check out nrs.server.js and nrs.util.js which will be really helpful for you ;)

https://github.com/jonesnxt/tokenjs

been meaning to integrate this with NRS for a couple weeks, seems I need to get this done :)
Logged
-- Jones NXT-RJU8-JSNR-H9J4-2KWKY

xchrix

  • Guest
Re: [Client Plugins] Specification / Developers Guide
« Reply #47 on: February 24, 2015, 07:14:24 am »

tokenjs is really nice! this should be included by default.

no sandboxing? that could be a real show stopper for plugins. personally i wont install plugins which are trying to grab my passphrase or for example have ajax requests. is it possible to scan the plugin code for "passphrase" or "ajax" before installing one and if something like this is found the user gets a warning prior the install?
Logged

shin

  • Sr. Member
  • ****
  • Karma: +47/-4
  • Offline Offline
  • Posts: 456
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #48 on: February 24, 2015, 07:30:17 am »

So, is the gate opened wide for malicious hackers to place their code to?

They used to have to have an external place for their malicious software: injected nxt clients, infectious web pages, etc.
Now there is this plugins area right on our lawn!

Are these plugins going to be audited before published? I hope so!

Is it better to wait for two-phase auth?
« Last Edit: February 24, 2015, 07:41:44 am by shin »
Logged
Wallet: NXT-ELEB-XT6G-L475-HXRFX • 18354136531262130569 • Twitter: Shin NXT

cc001

  • Hero Member
  • *****
  • Karma: +68/-4
  • Offline Offline
  • Posts: 829
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #49 on: February 24, 2015, 07:42:18 am »

Would it be possible to define per plugin if it is sandboxed with restricted access or not?
Some kind of a permission system like in Android would be nice. A plugin that needs access to the passphrase has to request for that permission, (maybe with a password?).
If a plugin does not ask for that permission, there will be no way that it could get access to the passphrase.

This would allow a lot of simple plugins with very low permission. Those plugins don't need some fancy verification or hash or whatever, everybody could write and publish them, and the user can be sure, that even if there is some hidden code/functionality in it, there is no way that it could gain access to the account. Only sophisticated plugins that need access to the passphrase must be managed somehow with some verification, so the user can be sure that the plugin will do what it is supposed to do.
Logged
cc001 Personal - NXT-8RXS-2SSK-RNF2-HSNL8
NxtReporting.com - The Nxt Asset Exchange Portfolio Manager with Profitability Tracking - Donations are greatly appreciated on NXT-5W4G-GAR6-JHJP-H8ZTW

shin

  • Sr. Member
  • ****
  • Karma: +47/-4
  • Offline Offline
  • Posts: 456
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #50 on: February 24, 2015, 07:57:44 am »

cc001, that is a great idea! To notify users upon/prior to installation (or even stated on the plugin's overview) what it has access to.

Practically, I am not so sure how this can be realised. Scanning for some method calls is useless as javascript code can be obfuscated and yet still executable.

The only thing I can think of is to reforge the current NXT API, anything that requires passphrase or spits it out, to have an extra parameter that takes the identity of the method caller. If the id does not match with the native NRS, then it must be an external caller. If that makes sense.
« Last Edit: February 24, 2015, 08:07:26 am by shin »
Logged
Wallet: NXT-ELEB-XT6G-L475-HXRFX • 18354136531262130569 • Twitter: Shin NXT

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #51 on: February 24, 2015, 08:20:25 am »

There will not be any sandboxing in 1.5, not because it's not wanted but because of the technical difficulty of implementing and the current API.

However hopefully in future versions the community can think of a viable sandboxing method. For 1.5 only run plugins that have been independently code reviewed or are from a trusted dev.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #52 on: February 24, 2015, 08:48:08 am »

no sandboxing? that could be a real show stopper for plugins. personally i wont install plugins which are trying to grab my passphrase or for example have ajax requests. is it possible to scan the plugin code for "passphrase" or "ajax" before installing one and if something like this is found the user gets a warning prior the install?

This is just not possible, there are so many ways to hook into something to manipulate things, e.g. change the recipient address of an existing transaction modal on sending, change variable fees and use transparent forging to have stuff channelled, the list goes on an on.

And the client JS API isn't just not as well defined, that you could channel all requests in a managed way. But if you guys come up with mechanisms to improve security this would be really great.

Atm I don't see this as a large scale feature (having hundreds of plugins you can choose from), I would be already calling this a success if we have a handful plugins coming from trusted members of the Nxt community - the Crowdfunding plugin from Tosch, a MGW/SuperNET plugin, maybe 2-3 others - which can enhance the client functionality in a meaningful way.
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #53 on: February 24, 2015, 08:50:03 am »

:o
I hope this point is extremely clear in the UI when installing/downloading the plugin!

Edit:
No offense, I love the whole consept of plugins!
I would just hate to see it fail because of angry users who get robbed because they did not know the capabilities of what a plugin can/can't do.

This is pointed out very prominently on all entry point to plugin installation/usage, being the login page (displayed when a plugin is detected, determined as valid and active and would be loaded into the client after login) and the installation folder in form of a separate "SECURITY_WARNING.md" readme file.
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #54 on: February 24, 2015, 08:52:59 am »

Are these plugins going to be audited before published? I hope so!

One way I could imagine this out is that some trusted/technically capable member from the Nxt community will run a curated plugin store/repository, and it becomes good habit/standard behaviour to just use the plugins from this trusted repo.
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

TwinWinNerD

  • Hero Member
  • *****
  • Karma: +222/-116
  • Offline Offline
  • Posts: 2012
  • CEO BitPanda.com
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #55 on: February 25, 2015, 01:44:22 pm »

Coinimal is looking for a Freelancer that codes the Coinimal Plugin for the upcoming Plugin NXT System. PM.

_mr_e

  • Hero Member
  • *****
  • Karma: +88/-18
  • Offline Offline
  • Posts: 956
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #56 on: February 25, 2015, 02:01:56 pm »

This scares the shit out of me. All it would take is for one popular trusted plugin to manage to go rogue and get through verification and nxt could effectively be destroyed. Many accounts permanently hacked with a simple ajax request and then the hacker is in control of massive amounts of forging power. It would be game over.
Logged

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #57 on: February 25, 2015, 02:12:23 pm »

This scares the shit out of me. All it would take is for one popular trusted plugin to manage to go rogue and get through verification and nxt could effectively be destroyed. Many accounts permanently hacked with a simple ajax request and then the hacker is in control of massive amounts of forging power. It would be game over.

Wouldn't be that simple (has to be a rogue app where the malware doesn't get noticed for a long time while everyone updates). Someone managing to get something malicious into the latest Nxt or superNET release would have a similar terrible outcome.

There should be multiple people checking every plugin release before anyone installs them, never mind everyone. There's no room for complacency regarding plugins becoming trusted. The more paranoid people are about double checking, the better.
Logged
NXT-CSED-4PK5-AR4V-6UB5V

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #58 on: February 25, 2015, 07:01:36 pm »

Yep, in my opinion the best way to solve this is having multiple eyes checking and verifying plugins. Though, this may not be possible for all plugins as they can be offered anyway but maybe we can have some kind of committee or so which handles plugins and their verification (like an app store)

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #59 on: February 25, 2015, 07:59:40 pm »

Yep, in my opinion the best way to solve this is having multiple eyes checking and verifying plugins. Though, this may not be possible for all plugins as they can be offered anyway but maybe we can have some kind of committee or so which handles plugins and their verification (like an app store)

Don't know, if we need a committee like structure for everything, maybe this will also organize itself by demand on the free market! :-)
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #60 on: February 25, 2015, 09:02:27 pm »

This scares the shit out of me. All it would take is for one popular trusted plugin to manage to go rogue and get through verification and nxt could effectively be destroyed. Many accounts permanently hacked with a simple ajax request and then the hacker is in control of massive amounts of forging power. It would be game over.

Wouldn't be that simple (has to be a rogue app where the malware doesn't get noticed for a long time while everyone updates). Someone managing to get something malicious into the latest Nxt or superNET release would have a similar terrible outcome.

There should be multiple people checking every plugin release before anyone installs them, never mind everyone. There's no room for complacency regarding plugins becoming trusted. The more paranoid people are about double checking, the better.

Why not just delay the plugin feature until you guys have figured out sandboxing so that plugins don't have access to the password?


Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1794
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #61 on: February 25, 2015, 09:18:23 pm »

Wesley once suggested that we support Html5 content security policy and/or sand boxing, see: http://www.html5rocks.com/en/tutorials/security/content-security-policy/
My understanding is that content security policy makes sure that all JavaScript executed by the browser originates from the NRS server so that a malicious plugin cannot load and execute JavaScript from another site or inline JavaScript i.e. XSS attack.
And sand boxing further reduces the privileges of plugin code.

Once we support these feature we can at least assert that if the plugin JavaScript looks safe, it won't be able to trick the user into executing external unsafe JavaScript.

While I'm not sure at all I understand all the implications, one challenge in implementing this feature is that it does not allow inline JavaScript. All JavaScript has to be loaded from .js files.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

verymuchso

  • Hero Member
  • *****
  • Karma: +118/-2
  • Offline Offline
  • Posts: 549
    • View Profile
    • HEAT Ledger
Re: [Client Plugins] Specification / Developers Guide
« Reply #62 on: February 25, 2015, 10:11:06 pm »

If you use iframe with @sandbox you should be save (after making sure the browser version supports @sanbox - js can do that) and you can run unsafe js in that frame.
Communication with the parent frame can be done through window.postMessage which if done right even allows external pages to interface with the client running in one tab while the interfacing website is in another tab. Such a postMessage based API can be made safe and not leak any info to the external page or untrusted plugin.

http://www.w3.org/TR/2011/WD-html5-20110525/the-iframe-element.html#attr-iframe-sandbox
https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
Logged
HEAT: DEX | SDK | HOME

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #63 on: February 27, 2015, 12:52:33 am »

I also found this, I have not worked with it but maybe that rings a bell for somebody because it very much sounds like this is what could be helpful:

http://stackoverflow.com/a/196064

ThomasVeil

  • Hero Member
  • *****
  • Karma: +183/-11
  • Offline Offline
  • Posts: 1400
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #64 on: February 28, 2015, 09:07:19 pm »

Could someone add this info to the nxtwiki? That would be better for referencing to it, than the forums thread.
Logged
ARDOR-BPV3-837M-QZTQ-9DQ69  oxpal.com

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #65 on: February 28, 2015, 09:12:44 pm »

Could someone add this info to the nxtwiki? That would be better for referencing to it, than the forums thread.

yes, lets wait until its finished though before someone needs to update it on every step Holger is doing

Daedelus

  • Hero Member
  • *****
  • Karma: +230/-12
  • Offline Offline
  • Posts: 3280
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #66 on: March 13, 2015, 09:42:39 am »

Are plugins only going to be released when they are sandboxed? Seems like a lot of people are keen to try them but it could be disastrous if they are a huge security risk.

Or at least we should warn people? Even so, I don't think I would use any that shared my passphrase (except for low level things like chat apps where I could use a separate account with 100 Nxt in it. For an exchange if I wanted to trade sizable amounts? No, thank you.)
Logged
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #67 on: March 13, 2015, 09:53:38 am »

Are plugins only going to be released when they are sandboxed? Seems like a lot of people are keen to try them but it could be disastrous if they are a huge security risk.

Or at least we should warn people? Even so, I don't think I would use any that shared my passphrase (except for low level things like chat apps where I could use a separate account with 100 Nxt in it. For an exchange if I wanted to trade sizable amounts? No, thank you.)

What about a plugin released by the superNET team? What about plugins that the Nxt dev team had reviewed and said were okay? Obviously people need to be security conscious about them, but it's not like they are unusable if handled correctly.
Logged
NXT-CSED-4PK5-AR4V-6UB5V

Daedelus

  • Hero Member
  • *****
  • Karma: +230/-12
  • Offline Offline
  • Posts: 3280
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #68 on: March 13, 2015, 09:57:34 am »

To be clear, the way plug ins are set up now you send your passphrase in a different way you would when forging a block? They are higher risk?
Logged
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #69 on: March 13, 2015, 10:06:13 am »

Are plugins only going to be released when they are sandboxed? Seems like a lot of people are keen to try them but it could be disastrous if they are a huge security risk.

Or at least we should warn people? Even so, I don't think I would use any that shared my passphrase (except for low level things like chat apps where I could use a separate account with 100 Nxt in it. For an exchange if I wanted to trade sizable amounts? No, thank you.)

What about a plugin released by the superNET team? What about plugins that the Nxt dev team had reviewed and said were okay? Obviously people need to be security conscious about them, but it's not like they are unusable if handled correctly.

I am going to do it this way. I am sending the code to lyaffe and Holger, as both of them are a great help while developing and answering all my questions :D
So they will know the code when I am going to release my plugins. I hope this is enough so people can trust that those are fine codewise. Anyway, as soon as you purchase the plugin feel free to take a look at the code and get sure everything is safe. Depending on the amount of plugins there will be, we will see if it can be handled similar in the future

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #70 on: March 13, 2015, 10:11:36 am »

To be clear, the way plug ins are set up now you send your passphrase in a different way you would when forging a block? They are higher risk?

No. It's exactly the same same as with NRS. The only thing is that there's some software that has access to the passphrase that hasn't been written/reviewed by the core devs.

So say the Nxt core devs decided to create a plugin, and reviewed it in exactly the same way as NRS, and released it exactly the same as NRS, there's no additional risk.

The risk is simply that someone will write malicious code that steals the passphrase/Nxt and put it in a plugin. If the plugin written by someone trusted and it is reviewed as thoroughly as NRS, and the delivery of plugin can't be interfered with, then there isn't too much to worry about.
Logged
NXT-CSED-4PK5-AR4V-6UB5V

Daedelus

  • Hero Member
  • *****
  • Karma: +230/-12
  • Offline Offline
  • Posts: 3280
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #71 on: March 13, 2015, 10:22:45 am »

Ok, that is clear thanks. I misunderstood.


If lyaffe/JL etc. post a link with a hash, then I would be comfortable.

Opportunity for someone to make a ratings website that collates and publishes the blockchain messages from accounts known to belong to devs.

Top tier devs (JL), their word alone might be enough. It could take 1-3 second tier devs before I trust them. Then maybe 1 second tier devs and 3-4 third tier devs before I trust another plug in. Everyone will have a subjective view on which devs go into which tier and everyone can pick their own combinations to suit their comfort level  ;D And it is another possible revenue stream for devs.

Ok, I'm sold now.
Logged
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #72 on: March 13, 2015, 10:34:41 am »

Ok, that is clear thanks. I misunderstood.


If lyaffe/JL etc. post a link with a hash, then I would be comfortable.

Opportunity for someone to make a ratings website that collates and publishes the blockchain messages from accounts known to belong to devs.

Top tier devs (JL), their word alone might be enough. It could take 1-3 second tier devs before I trust them. Then maybe 1 second tier devs and 3-4 third tier devs before I trust another plug in. Everyone will have a subjective view on which devs go into which tier and everyone can pick their own combinations to suit their comfort level  ;D And it is another possible revenue stream for devs.

Ok, I'm sold now.

Interesting ranking you have there ^^

Daedelus

  • Hero Member
  • *****
  • Karma: +230/-12
  • Offline Offline
  • Posts: 3280
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #73 on: March 13, 2015, 10:41:40 am »

Ok, that is clear thanks. I misunderstood.


If lyaffe/JL etc. post a link with a hash, then I would be comfortable.

Opportunity for someone to make a ratings website that collates and publishes the blockchain messages from accounts known to belong to devs.

Top tier devs (JL), their word alone might be enough. It could take 1-3 second tier devs before I trust them. Then maybe 1 second tier devs and 3-4 third tier devs before I trust another plug in. Everyone will have a subjective view on which devs go into which tier and everyone can pick their own combinations to suit their comfort level  ;D And it is another possible revenue stream for devs.

Ok, I'm sold now.

Interesting ranking you have there ^^

Nothing is fixed  ;D It is just a general feel about a non-specific app laid out in a 15 second brain dump.  :D

I guess it would depend on the app and how I planned to use it too (i.e. chat app where I have max 200 Nxt in, I might trust 1 dev with a long Nxt history and run NRS with apps off by default) Apps 'off' by default should be the default position when NRS is started too, but I think that was covered above.

And the ratings site, I could filter for just the devs I trust so I only see what I consider to be a "safe" apps list. Nxt Repuation System (when implemented) would probably make this a lot simpler, especially for new users who don't know any devs.
« Last Edit: March 13, 2015, 10:46:12 am by Daedelus »
Logged
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

2Kool4Skewl

  • Hero Member
  • *****
  • Karma: +396/-246
  • Offline Offline
  • Posts: 1897
  • Banned!
  • Because I'm a Genius
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #74 on: March 13, 2015, 10:42:06 am »

To be clear, the way plug ins are set up now you send your passphrase in a different way you would when forging a block? They are higher risk?

No. It's exactly the same same as with NRS. The only thing is that there's some software that has access to the passphrase that hasn't been written/reviewed by the core devs.

So say the Nxt core devs decided to create a plugin, and reviewed it in exactly the same way as NRS, and released it exactly the same as NRS, there's no additional risk.

The risk is simply that someone will write malicious code that steals the passphrase/Nxt and put it in a plugin. If the plugin written by someone trusted and it is reviewed as thoroughly as NRS, and the delivery of plugin can't be interfered with, then there isn't too much to worry about.

Someone should make a NXT client that provides security through isolation with Xen.

For instance the NXT client could be downloaded as a bootable iso/usb file, thus written to a disk or usb drive and independently booted.  The core of NRS could be run on one VM and plugins and GUI could be run on a separate VM that had limited access to the NRS core VM.
Logged
We are the descendants of Bitcoin.  We are the continuation of the cause it started, but that perished with its centralization.
An economic system is a manifestation of an ideology.  What was lost, we shall reclaim.
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #75 on: March 13, 2015, 10:53:38 am »


Someone should make a NXT client that provides security through isolation with Xen.

For instance the NXT client could be downloaded as a bootable iso/usb file, thus written to a disk or usb drive and independently booted.  The core of NRS could be run on one VM and plugins and GUI could be run on a separate VM that had limited access to the NRS core VM.

Not sure how that helps much. Passphrase still has to be input to GUI/plugins to be able to do anything.
Logged
NXT-CSED-4PK5-AR4V-6UB5V

Daedelus

  • Hero Member
  • *****
  • Karma: +230/-12
  • Offline Offline
  • Posts: 3280
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #76 on: March 13, 2015, 11:02:21 am »



Better?

Just while I am here...

Following on from above, can the plugins be disabled by default (and confident users can change this in the nxt.properties)? This would help those who don't know or understand exactly what they are doing. If they do blindly download a malicious app they saw on facebook, it won't run by default every time they log into NRS. It could help limit the fallout.

And when I click "Enable plugins", a checkbox list of plugins appear so I can choose only to run the plugins I want for that session? This would help the paranoid who only want to run as little as possible, 'just in case'  ;D (Jean-luc says he has 4 bolts on his door)


« Last Edit: March 13, 2015, 11:04:32 am by Daedelus »
Logged
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

Sebastien256

  • Hero Member
  • *****
  • Karma: +169/-24
  • Offline Offline
  • Posts: 2823
  • ^LOOK UP^ = Nxt community!
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #77 on: March 13, 2015, 11:18:17 am »

Plugin disabled by default is more secure, imo.
Logged
Please drop your ideas concerning Nxt and/or NRS in this topic -> List of feature request for Nxt and/or NRS (with the full list in OP).

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #78 on: March 13, 2015, 11:34:06 am »

Following on from above, can the plugins be disabled by default (and confident users can change this in the nxt.properties)?

No. If plugins can't be enabled via the GUI (because you are so afraid of security issues), then might as well not allow them. Plugins can be used, for instance, to make crowdfunding become ten times easier. If the user has to change nxt.properties, then that crowdfunding plugin just lost most of its user friendliness.

BTW, a similar concept to a plugin has already been done with the superNET functions (MGW, Dividends+), only it was done in a less secure way and much less user friendly way because a feature like this wasn't available. Nevertheless, these superNET features have been widely used.
Logged
NXT-CSED-4PK5-AR4V-6UB5V

Sebastien256

  • Hero Member
  • *****
  • Karma: +169/-24
  • Offline Offline
  • Posts: 2823
  • ^LOOK UP^ = Nxt community!
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #79 on: March 13, 2015, 11:35:52 am »

Personnaly, in the gui, instead of a "disable plugins check case" uncheck by default, I would prefer an "enable plugins check case" uncheck by default. A suitable warning when enable plugin is clicked should appears.
« Last Edit: March 13, 2015, 11:38:52 am by Sebastien256 »
Logged
Please drop your ideas concerning Nxt and/or NRS in this topic -> List of feature request for Nxt and/or NRS (with the full list in OP).

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1794
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #80 on: March 13, 2015, 12:09:49 pm »

My thoughts:
The problem of trusting plugins in decentralized environment while maintaining the anonymity of the developers is a difficult one.

I suggest the following best practices to make plugins more trustworthy:

For developers, use distribution system like the one we already use for the NXT itself and SuperNet:
1. Open source code.
2. Reproducible packaging procedure.
3. Package downloaded directly from the same source control system.
4. Hash of the package posted on the nxtforum.
5. Additional PGP or some form of digital signature which confirms the identity of the developer.

For users, I suggest the following best practices:
1. Do not install plugins which does not rely on the distribution system described above.
2. Use only plugins installed by yourself, avoid using plugins when connecting to a public node.
3. Do not use plugins when connecting to an account which has significant amount of NXT.
4. Make sure a plugin uses only JavaScript and Html, avoid plugins which rely on fat client technologies such as Java Applet, ActiveX, Flash etc, in other words, do not confirm any browser security prompt when using plugins.
5. Do not follow links from plugin pages to external web sites.

In general I don't think we should introduce a new feature and disable it by default.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #81 on: March 13, 2015, 12:53:21 pm »

In this sense maybe the easiest way would be to have the plugins inactive as default. They are shown in the navigation bar. Once you click them, you see a first page "plugin disabled" with a button "enable" and you can proceed using this plugin.
Instead of either choosing to disable / enable them on the login page first.

You would not have to worry using big accounts in the first place as they are disabled by default. Then you can choose to just use enabled plugins (in this session)?

jones

  • Hero Member
  • *****
  • Karma: +310/-8
  • Offline Offline
  • Posts: 1043
  • write code not war
    • View Profile
    • jNxt
Re: [Client Plugins] Specification / Developers Guide
« Reply #82 on: March 14, 2015, 03:30:06 am »

Ok, that is clear thanks. I misunderstood.


If lyaffe/JL etc. post a link with a hash, then I would be comfortable.

Opportunity for someone to make a ratings website that collates and publishes the blockchain messages from accounts known to belong to devs.

Top tier devs (JL), their word alone might be enough. It could take 1-3 second tier devs before I trust them. Then maybe 1 second tier devs and 3-4 third tier devs before I trust another plug in. Everyone will have a subjective view on which devs go into which tier and everyone can pick their own combinations to suit their comfort level  ;D And it is another possible revenue stream for devs.

Ok, I'm sold now.

A cool idea here, I've been thinking about how best to do this for a while now as trust systems intrigue me :)

I'll have to give this one a try in the near future.
Logged
-- Jones NXT-RJU8-JSNR-H9J4-2KWKY

marek3ball

  • Sr. Member
  • ****
  • Karma: +31/-2
  • Offline Offline
  • Posts: 305
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #83 on: March 15, 2015, 10:38:57 am »

In this sense maybe the easiest way would be to have the plugins inactive as default. They are shown in the navigation bar. Once you click them, you see a first page "plugin disabled" with a button "enable" and you can proceed using this plugin.
Instead of either choosing to disable / enable them on the login page first.

You would not have to worry using big accounts in the first place as they are disabled by default. Then you can choose to just use enabled plugins (in this session)?

This sounds user friendly if it is possible. Will I see warning during enabling the plugin that he will know my password? Problem is that infected plugin won't say that he will read password.
Logged

chevdor

  • Full Member
  • ***
  • Karma: +19/-0
  • Offline Offline
  • Posts: 166
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #84 on: May 11, 2015, 08:32:31 am »

Hello,

How do you develop your plugins?

Do you test within the NRS client and is there a way to refresh a plugin without log out then back in?
Or do you test outside NRS somehow?

I was able to write and install my plugin but I don´t see it possible to log out and back in constantly to test.
Logged
NXT-YCLA-V44V-USJK-3GPJD
BM-2cXnA5HdtsDttGaPEAJd1oYX3zMbiKDewV

NxtSwe

  • Hero Member
  • *****
  • Karma: +124/-9
  • Offline Offline
  • Posts: 657
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #85 on: May 15, 2015, 09:36:43 am »

How do I show a custom modal dialog in my plugin?

hello_world comes with a 'p_hello_word_info_modal' sample but it is never used.
How would I go about to actually show this in the hello world example?

Thanx!
Logged
Check out the NxtLib, the .NET Framework API for the Nxt platform.

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #86 on: May 15, 2015, 10:11:26 am »

How do I show a custom modal dialog in my plugin?

hello_world comes with a 'p_hello_word_info_modal' sample but it is never used.
How would I go about to actually show this in the hello world example?

Thanx!

Try out this:

Code: [Select]
NRS.setup.p_hello_world = function() {
//Do one-time initialization stuff here
$('#p_hello_world_startup_date_time').html('<a href="#" data-toggle="modal" data-target="#p_hello_word_info_modal"'+moment().format('LLL')+'</a>');

}

Now the datum at the bottom of the plugin shows the example modal

NxtSwe

  • Hero Member
  • *****
  • Karma: +124/-9
  • Offline Offline
  • Posts: 657
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #87 on: May 15, 2015, 10:58:49 am »

How do I show a custom modal dialog in my plugin?

hello_world comes with a 'p_hello_word_info_modal' sample but it is never used.
How would I go about to actually show this in the hello world example?

Thanx!

Try out this:

Code: [Select]
NRS.setup.p_hello_world = function() {
//Do one-time initialization stuff here
$('#p_hello_world_startup_date_time').html('<a href="#" data-toggle="modal" data-target="#p_hello_word_info_modal"'+moment().format('LLL')+'</a>');

}

Now the datum at the bottom of the plugin shows the example modal

Thanx, that works.
PS. you forgot a '>' in the code above.
Code: [Select]
$('#p_hello_world_startup_date_time').html('<a href="#" data-toggle="modal" data-target="#p_hello_word_info_modal">'+moment().format('LLL')+'</a>');
Logged
Check out the NxtLib, the .NET Framework API for the Nxt platform.

SwissAlps

  • Hero Member
  • *****
  • Karma: +31/-16
  • Offline Offline
  • Posts: 519
    • View Profile
    • NxtTracker.com
Re: [Client Plugins] Specification / Developers Guide
« Reply #88 on: May 15, 2015, 12:39:19 pm »

Hi guys,

I'm trying the plugins on version 1.5.8e

It shows Hello World correctly.  I made a directory similar to this but when I look at the starting page, it doesn't show in the "Active Plugins", showing only the "Hello World", any idea
why ?

Thanks... :)
Logged
CryptoNanoPay project
Note that the "Barter Point" test has just started...

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #89 on: May 15, 2015, 12:56:56 pm »

Hi guys,

I'm trying the plugins on version 1.5.8e

It shows Hello World correctly.  I made a directory similar to this but when I look at the starting page, it doesn't show in the "Active Plugins", showing only the "Hello World", any idea
why ?

Thanks... :)

To create a new Plugin, copy paste and rename the folder hello_world. For example: "test".
Modify to:

test/html/pages/test.html
test/html/modals/test.html
test/js/nrs.test.js
test/css/test.css

Now you can use as startpage in manifest.json what you are using in test/html/pages/test.html and test/js/nrs.test.js

See what might be missing with your plugin here:

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #90 on: May 15, 2015, 01:56:36 pm »

Hi guys,

I'm trying the plugins on version 1.5.8e

It shows Hello World correctly.  I made a directory similar to this but when I look at the starting page, it doesn't show in the "Active Plugins", showing only the "Hello World", any idea
why ?

Thanks... :)

Have you read the developers guide at the beginning of this thread?
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

SwissAlps

  • Hero Member
  • *****
  • Karma: +31/-16
  • Offline Offline
  • Posts: 519
    • View Profile
    • NxtTracker.com
Re: [Client Plugins] Specification / Developers Guide
« Reply #91 on: May 16, 2015, 06:06:36 am »

Hi guys,

I'm trying the plugins on version 1.5.8e

It shows Hello World correctly.  I made a directory similar to this but when I look at the starting page, it doesn't show in the "Active Plugins", showing only the "Hello World", any idea
why ?

Thanks... :)

To create a new Plugin, copy paste and rename the folder hello_world. For example: "test".
Modify to:

test/html/pages/test.html
test/html/modals/test.html
test/js/nrs.test.js
test/css/test.css

Now you can use as startpage in manifest.json what you are using in test/html/pages/test.html and test/js/nrs.test.js

See what might be missing with your plugin here:



Thanks, you devs guys are real geniuses !  It is working now like a charm.

(I forgot the CSS rename...as I said somewhere, I am very low level in java, so if I can do it, it shows that everybody can do it  ;D ;D ;D.

You made life very simple for us  :) :))
Logged
CryptoNanoPay project
Note that the "Barter Point" test has just started...

chevdor

  • Full Member
  • ***
  • Karma: +19/-0
  • Offline Offline
  • Posts: 166
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #92 on: June 17, 2015, 04:35:41 pm »

Cross posting a bit here but I guess the following link will be helpful to whoever was fighting while renaming everything everywhere and forgetting half of it (as I did :) )

https://github.com/chevdor/generator-nrs-plugin
Logged
NXT-YCLA-V44V-USJK-3GPJD
BM-2cXnA5HdtsDttGaPEAJd1oYX3zMbiKDewV

Irontiga

  • Full Member
  • ***
  • Karma: +9/-4
  • Offline Offline
  • Posts: 123
    • View Profile
    • burstcoin.info
Re: [Client Plugins] Specification / Developers Guide
« Reply #93 on: September 15, 2015, 12:27:50 am »

Thanks, you devs guys are real geniuses !  It is working now like a charm.

(I forgot the CSS rename...as I said somewhere, I am very low level in java, so if I can do it, it shows that everybody can do it  ;D ;D ;D.

You made life very simple for us  :) :))

There's no java involved, only javascript ;P

Also, do we have to do all this renaming and stuff of file and what not?

Can we not just have, inside of manifest.json, fields which point to the files we're using? There could be
Code: [Select]
{
"html" : ["main.html", "responses.html"]
"js" : ["run.js", "backend/functions.js"],
"css" : ["main.css"]
}
etc. This would make the structure and code a lot cleaner imho....
« Last Edit: September 15, 2015, 01:34:30 am by Irontiga »
Logged
NXT-S27N-JBGA-J8QD-AMAT8

devlux

  • Sr. Member
  • ****
  • Karma: +67/-2
  • Offline Offline
  • Posts: 307
    • View Profile
    • Gemspace
Re: [Client Plugins] Specification / Developers Guide
« Reply #94 on: April 07, 2016, 03:57:09 am »

Ubuntu Xenial
Chrome Version 49.0.2623.108 Ubuntu 16.04 (64-bit)
Firefox 45.0.1

NRS 1.8.0e and 1.7.5

Plugin API appears to be completely broken.
Changing the "Plugins Enabled/Disabled" does nothing even on logout, and reset.

I'm going to dig deeper but I think it may be the way you are persisting the change from enabled to disabled.
Hello World
Quack
etc all seem to be busted right now.  They will not enable no matter what I try.  There are errors in the console mostly related to using outdated API that are deprecated and disabled.  However most of those seem to be about someone's use of synchronous ajax.

I'm going to dig in and change whatever guard code is blocking plugins to be default enabled, see if that fixes it.
Plugins are enabled according to the login page.  Just the account seems to be where they are disabled. 
Someone should see if they can replicate please. 
Logged
Evolution NEXT D.A.C.
NXTAE:3385321989487982138 (EVOLVE)

devlux

  • Sr. Member
  • ****
  • Karma: +67/-2
  • Offline Offline
  • Posts: 307
    • View Profile
    • Gemspace
Re: [Client Plugins] Specification / Developers Guide
« Reply #95 on: April 07, 2016, 04:04:15 am »

Ubuntu Xenial
Chrome Version 49.0.2623.108 Ubuntu 16.04 (64-bit)
Firefox 45.0.1

NRS 1.8.0e and 1.7.5

Plugin API appears to be completely broken.
Changing the "Plugins Enabled/Disabled" does nothing even on logout, and reset.

I'm going to dig deeper but I think it may be the way you are persisting the change from enabled to disabled.
Hello World
Quack
etc all seem to be busted right now.  They will not enable no matter what I try.  There are errors in the console mostly related to using outdated API that are deprecated and disabled.  However most of those seem to be about someone's use of synchronous ajax.

I'm going to dig in and change whatever guard code is blocking plugins to be default enabled, see if that fixes it.
Plugins are enabled according to the login page.  Just the account seems to be where they are disabled. 
Someone should see if they can replicate please.

Confirmed on this site as well  http://198.46.193.111:6876/index.html
Logged
Evolution NEXT D.A.C.
NXTAE:3385321989487982138 (EVOLVE)

devlux

  • Sr. Member
  • ****
  • Karma: +67/-2
  • Offline Offline
  • Posts: 307
    • View Profile
    • Gemspace
Re: [Client Plugins] Specification / Developers Guide
« Reply #96 on: April 07, 2016, 05:29:37 am »

Found the problem and posted a temporary work around here...
https://nxtforum.org/core-development-discussion/something-is-broken-in-the-plugin-api/
Logged
Evolution NEXT D.A.C.
NXTAE:3385321989487982138 (EVOLVE)

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: [Client Plugins] Specification / Developers Guide
« Reply #97 on: April 07, 2016, 12:52:08 pm »

Found the problem and posted a temporary work around here...
https://nxtforum.org/core-development-discussion/something-is-broken-in-the-plugin-api/

Thank you for digging so deep into the code. I hope the necessary changes will soon make it into the new builds.
Pages: 1 2 3 ... 5 [All]
 

elective-stereophonic
elective-stereophonic
assembly
assembly