HabNode(CMS) - Node.js Retro Solution [Node.js, Express, EJS, MySQL]

[TR10G33K]

Hi There

Last week I decided to make a Habbo CMS with Node.js.
Why? Because I want to get to know node better (I just started trying it a week ago lel (But I do know javascript and PHP and a bit C# so don't worry))

This is what I have planned for the CMS

• Default functionality (Login, Register, Client etc)
• Minimail
• Tags
• Homes
• Groups
• Custom Layout
• Application System (with questions)
• Housekeeping with a lot of functions
• Language System
• Maybe plugins

Technical plans

• Socket.IO
• Simple DDOS protection against request floods
• Support for Comet and Plus Database structure
• More things

Here are some snippets (not really interesting or good).

class.core.js

/* 
 * HabNode v1.0 -VIS000 2016
 */
var mysql = require('mysql2');
var config = require('./config');
var online = null;






var core = function() {
     this.conn = null;
     this.mysql = mysql;
    
    this.construct = function(){
        this.dbConnect();
    },
    
    this.dbConnect = function(){
        this.conn = mysql.createConnection({
            host: config.dbhost,
            user: config.dbuser,
            password: config.dbpass,
            database: config.dbname
        });
        
        this.conn.connect();
    };
    
    this.getUsersOnline = function(){
        console.log('SELECT * FROM server_status');
        this.conn.prepare('SELECT * FROM server_status', function(err, statement){
            if(err) {
                console.log(err);
            } else {
                statement.execute([], function(err, rows, columns) {
                    if(err) {
                        online = 'Error';
                    } else {
                        online = rows[0].users_online;
                    }
                });
            }
        });
        return online;
    };
 };
 
 module.exports = core;

class.users (far far far far far from finished)

/* 
 * HabNode v1.0 -VIS000
 */
var core = require('./class.core');
core = new core();


var time = Date.now || function() {
  return +new Date;
};


var habbo = function() {
    
    this.loginUser = function(username, password) {
        core.conn.prepare('SELECT * FROM players WHERE password = ? and username = ?', function(err, statement){
            if(err) {
                console.log(err);
            } else {
                statement.execute([password, username], function(err, rows){
                    if(rows === undefined) {
                        return null;
                    } else {
                        return rows;
                    }
                });
            }
        });
            
    };
    
    this.isBanned = function(username) {
        core.conn.prepare('SELECT * FROM bans WHERE data = ?', function(err, statement){
            if(err) {
                console.log(err);
            } else {
                statement.execute([username], function(err, rows){
                    if(rows === undefined) {
                        return false;
                    } else {
                        return true;
                    }
                });
            }
        });
            
    };
    
    this.addUser = function(username, password, email) {
        core.conn.prepare('INSERT INTO users (username, password, email, motto, reg_timestamp, figure) VALUES (?, ?, ?, ?, ?, ?)', function(err, statement){
            if(err) {
                console.log(err);
            } else {
                statement.execute([username, password, email, 'Habnode v1.0', time(), ''], function(err){
                        if(err) {
                            console.log(err);
                            return false;
                        } else {
                            return true;
                        }
                });
            }
            
         
        });
    };
};

It isn't a lot but it's a start yo.

I'm also looking for frontend developers because I am terrible at designing and CSS.
Also if people would like to help me with this project just send me a PM.

Feedback would be appreciated!

 

[Moogly]

Screenshots would be nice, good luck with this, I wish you would use Jade for templating, I have a project that was using Jade-like templates that could benefit from this.

 

[LeChris]

Good luck mate, I was working with something completely similar to the environment you're using yourself aha (Except I have 0 experience with Javascript)Will you be using Angular for a front-end as well?

 

[ovflowd]

You can simply remove two items from your list:

1. Socket.io: Why you will ever put socket.io in your CMS? Socket.Io is a reactive nio library.. as you know. I don't know for what you will use it. For remote emulator monitoring? Guy socket.io is made for JavaScript (not for node.js, you can use on node since node is JAVASCRIPT haha) The Python and Java ports from socket.io are horrrible. Also the C# port is discontinued and really a crap. I don't know why putting socket.io..
2. DDoS? You REALLY CAN'T PUT DOS PROTECTION IN A FUCKIN PHP SCRIPT. You need protect you Web server from Attacks, and NOT A PHP CMS. Your Apache will be crashed before ever your "dos php protection script" do something. The max that this script can do is end connection or/and show block message. But the attacks will be already received in your network adapter and in your web server. So this is totally USELESS and will consumpt memory from your web server. You can do DoS scripts to attack networks, but not in reverse way.
Or you put protection in your network interface through a firewall (cisco) or in your virtual adapter through softwares like PeerBlock. (that uses virtual firewall rules, so you can also crash PeerBlock if the attack is giga.) Protections that are good and necessary are XSS protection and Injection protection. But the best way of protecting is don't coding crazy codes.

Good luck!

 

[TR10G33K]

You can simply remove two items from your list:

1. Socket.io: Why you will ever put socket.io in your CMS? Socket.Io is a reactive nio library.. as you know. I don't know for what you will use it. For remote emulator monitoring? Guy socket.io is made for JavaScript (not for node.js, you can use on node since node is JAVASCRIPT haha) The Python and Java ports from socket.io are horrrible. Also the C# port is discontinued and really a crap. I don't know why putting socket.io..
2. DDoS? You REALLY CAN'T PUT DOS PROTECTION IN A FUCKIN PHP SCRIPT. You need protect you Web server from Attacks, and NOT A PHP CMS. Your Apache will be crashed before ever your "dos php protection script" do something. The max that this script can do is end connection or/and show block message. But the attacks will be already received in your network adapter and in your web server. So this is totally USELESS and will consumpt memory from your web server. You can do DoS scripts to attack networks, but not in reverse way.
Or you put protection in your network interface through a firewall (cisco) or in your virtual adapter through softwares like PeerBlock. (that uses virtual firewall rules, so you can also crash PeerBlock if the attack is giga.) Protections that are good and necessary are XSS protection and Injection protection. But the best way of protecting is don't coding crazy codes.

Good luck!

I'm not going to use php at all. Node.js is a server side script that hosts it's own server. So what I mean with basic ddos protection are mainly request limits.
Also socket io is very useful when working with node.js because it sends over json in a really great way. And I'm planned to add more features that'll really benefit of this since it's real-time.

Verstuurd vanaf mijn D6603 met Tapatalk

 

[TR10G33K]

I'm not going to use php at all. Node.js is a server side script that hosts it's own server. So what I mean with basic ddos protection are mainly request limits.
Also socket io is very useful when working with node.js because it sends over json in a really great way. And I'm planned to add more features that'll really benefit of this since it's real-time.

Verstuurd vanaf mijn D6603 met Tapatalk

And afcourse, it doesn't really stop layer7 attacks but it'll help a little bit.


Verstuurd vanaf mijn D6603 met Tapatalk

 

[ovflowd]

Now i saw that you will use Node.js, i wrote my last text 5 minutes before going to bed. hehe

 

[TR10G33K]

Updates:
-Added Queries
-Updating mysql to pool

 

[Articuz]

OFT:

Now i saw that you will use Node.js, i wrote my last text 5 minutes before going to bed. hehe

Sometimes ur just to tired for this m8tt1:

ONT: Good Luck With This M10

ML
Articuz

 

[TR10G33K]

Progress update:
-Client works
-Socket.io works
-Started on the frontend
-added callbacks for mysql queries.

Verstuurd vanaf mijn D6603 met Tapatalk

 

[Eronisch]

Just a tip, take a look at:

You must be registered to see links

Sequelize is a ORM for several databases including MySQL.
It makes CRUD operations a lot easier.

For example, retrieving data:

Post.findAll({
  where: {
    authorId: 12,
    status: 'active'
  }
});

This doesn't work:

this.getUsersOnline = function(){
        console.log('SELECT * FROM server_status');
        this.conn.prepare('SELECT * FROM server_status', function(err, statement){
            if(err) {
                console.log(err);
            } else {
                statement.execute([], function(err, rows, columns) {
                    if(err) {
                        online = 'Error';
                    } else {
                        online = rows[0].users_online;
                    }
                });
            }
        });
        return online;
    };
 };

online is always null at the first try because you assign a value to online in a callback function which is called after "return online". Don't set global variables like online in the getUsersOnline. It's not necessary.

Another tip is to handle error messages properly. If an error occurs i recommend to just return the error and handle it further with express. With express you can create middleware to for example log errors.

For example:

router.get('/search', function (req, res, next) {
    Promise.all([AccountService.searchAll(req.query.page, req.query.limit, req.query.search, AccountService.orderType.ascendingName), AccountService.getAmountAllSearchResults(req.query.search)])
        .then(function (result) {
            res.send({
                amount: result[1],
                accounts: result[0]
            });
        }).catch(function (err) {
        next(err);
    });
});

And to display the error to my screen (the error middleware needs to be declared as last):

app.use(function (err, req, res, next) {
        logError(err, req);
        next();
    });

I recommend to take a look at promises, EcmaScript 6 and how the event queue in NodeJS works.

Goodluck!

 

[TR10G33K]

Just a tip, take a look at:

You must be registered to see links

Sequelize is a ORM for several databases including MySQL.
It makes CRUD operations a lot easier.

For example, retrieving data:

Post.findAll({
  where: {
    authorId: 12,
    status: 'active'
  }
});

This doesn't work:

this.getUsersOnline = function(){
        console.log('SELECT * FROM server_status');
        this.conn.prepare('SELECT * FROM server_status', function(err, statement){
            if(err) {
                console.log(err);
            } else {
                statement.execute([], function(err, rows, columns) {
                    if(err) {
                        online = 'Error';
                    } else {
                        online = rows[0].users_online;
                    }
                });
            }
        });
        return online;
    };
 };

online is always null at the first try because you assign a value to online in a callback function which is called after "return online". Don't set global variables like online in the getUsersOnline. It's not necessary.

Another tip is to handle error messages properly. If an error occurs i recommend to just return the error and handle it further with express. With express you can create middleware to for example log errors.

For example:

router.get('/search', function (req, res, next) {
    Promise.all([AccountService.searchAll(req.query.page, req.query.limit, req.query.search, AccountService.orderType.ascendingName), AccountService.getAmountAllSearchResults(req.query.search)])
        .then(function (result) {
            res.send({
                amount: result[1],
                accounts: result[0]
            });
        }).catch(function (err) {
        next(err);
    });
});

And to display the error to my screen (the error middleware needs to be declared as last):

app.use(function (err, req, res, next) {
        logError(err, req);
        next();
    });

I recommend to take a look at promises, EcmaScript 6 and how the event queue in NodeJS works.

Goodluck!

Thanks for your feedback. I'll take a look at sequelize. I already found out that getonline didn't work. Fixed it using callbacks. Gonna do the proper error handling real soon. I'll upload it to github too

Verstuurd vanaf mijn D6603 met Tapatalk

 

[TR10G33K]

Updates:
Finished backend for login and index including sessions. Today the index and register frontend will be done. I'll add screenshots once finished

Verstuurd vanaf mijn D6603 met Tapatalk

 

[TR10G33K]

Development has been paused since I am stuck with the design. It just doesn't look good.
It'll continue once I've found someone that has more design and frontend development skills than me.
And I don't want to release this with a habbo rip or terrible layout.

 

[Caustik]

Forget about the layout - release something basic & let the community decide what theme they want to implement.
Also, as you're using javascript, I'd suggest looking into the Promise pattern:

You must be registered to see links

 

[Eronisch]

Forget about the layout - release something basic & let the community decide what theme they want to implement.
Also, as you're using javascript, I'd suggest looking into the Promise pattern:

You must be registered to see links

Even better:

You must be registered to see links

Though, learning promises is recommended!

 

[TR10G33K]

Thanks for the tips.
I think I'm going for bluebird because that's the easiest and most logic one for me.

Verstuurd vanaf mijn D6603 met Tapatalk

 

[boardza]

How many time to releases?

 

[TR10G33K]

might take a long time. but if people would like to use my code right now and/or finish it before me, go ahead!
as long as you keep some credit.

 

[Eronisch]

You could create a public git repository so people can view the source and contribute.