From 71e1b69afe788ae2efc4d79a71e52bc2ce80f0a8 Mon Sep 17 00:00:00 2001 From: immber Date: Tue, 16 Oct 2018 11:35:10 -0700 Subject: [PATCH 1/5] perspective documentation update (#1999) --- plugins/talk-plugin-toxic-comments/README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/plugins/talk-plugin-toxic-comments/README.md b/plugins/talk-plugin-toxic-comments/README.md index 60c05ad9f..6fb1849df 100644 --- a/plugins/talk-plugin-toxic-comments/README.md +++ b/plugins/talk-plugin-toxic-comments/README.md @@ -10,9 +10,11 @@ plugin: --- Using the [Perspective API](http://perspectiveapi.com/), this -plugin will warn users and reject comments that exceed the predefined toxicity -threshold. For more information on what Toxic Comments are, check out the -[Toxic Comments](/talk/toxic-comments/) documentation. +plugin will warn users when comments exceed the predefined toxicity +threshold. Toxic comments will be flagged and are held back from being posted until reviewed by a moderator. + +For more information on what Toxic Comments are, check out the +[Toxic Comments](/talk/toxic-comments/) documentation, and you can see how the plugin works on [this blog post](https://coralproject.net/blog/toxic-avenging/). Configuration: @@ -25,4 +27,4 @@ Configuration: - `TALK_PERSPECTIVE_TIMEOUT` - The timeout for sending a comment to be processed before it will skip the toxicity analysis, parsed by [ms](https://www.npmjs.com/package/ms). (Default `300ms`) -- `TALK_PERSPECTIVE_DO_NOT_STORE` - Whether the API is permitted to store comment and context from this request. Stored comments will be used for future research and community model building purposes to improve the API over time. (Default `true`) [Perspective API - Analize Comment Request](https://github.com/conversationai/perspectiveapi/blob/master/api_reference.md#analyzecomment-request) \ No newline at end of file +- `TALK_PERSPECTIVE_DO_NOT_STORE` - Whether the API stores or deletes the comment text and context from this request after it has been evaluated. Stored comments will be used for future research and community model building purposes to improve the API over time. (Default `true`) [Perspective API - Analize Comment Request](https://github.com/conversationai/perspectiveapi/blob/master/api_reference.md#analyzecomment-request) From 5e4bdf1f0cec4f9252da81967dfc7bbedff14667 Mon Sep 17 00:00:00 2001 From: immber Date: Tue, 16 Oct 2018 13:25:11 -0700 Subject: [PATCH 2/5] Perspective (#2001) * perspective documentation update * fixed typo --- plugins/talk-plugin-toxic-comments/README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/plugins/talk-plugin-toxic-comments/README.md b/plugins/talk-plugin-toxic-comments/README.md index 6fb1849df..19621ee13 100644 --- a/plugins/talk-plugin-toxic-comments/README.md +++ b/plugins/talk-plugin-toxic-comments/README.md @@ -13,8 +13,7 @@ Using the [Perspective API](http://perspectiveapi.com/), this plugin will warn users when comments exceed the predefined toxicity threshold. Toxic comments will be flagged and are held back from being posted until reviewed by a moderator. -For more information on what Toxic Comments are, check out the -[Toxic Comments](/talk/toxic-comments/) documentation, and you can see how the plugin works on [this blog post](https://coralproject.net/blog/toxic-avenging/). +For more information on what Toxic Comments are, check out the [Toxic Comments](/talk/toxic-comments/) documentation, and you can see how the plugin works on [this blog post](https://coralproject.net/blog/toxic-avenging/). Configuration: @@ -27,4 +26,4 @@ Configuration: - `TALK_PERSPECTIVE_TIMEOUT` - The timeout for sending a comment to be processed before it will skip the toxicity analysis, parsed by [ms](https://www.npmjs.com/package/ms). (Default `300ms`) -- `TALK_PERSPECTIVE_DO_NOT_STORE` - Whether the API stores or deletes the comment text and context from this request after it has been evaluated. Stored comments will be used for future research and community model building purposes to improve the API over time. (Default `true`) [Perspective API - Analize Comment Request](https://github.com/conversationai/perspectiveapi/blob/master/api_reference.md#analyzecomment-request) +- `TALK_PERSPECTIVE_DO_NOT_STORE` - Whether the API stores or deletes the comment text and context from this request after it has been evaluated. Stored comments will be used for future research and community model building purposes to improve the API over time. (Default `true`) [Perspective API - Analyze Comment Request](https://github.com/conversationai/perspectiveapi/blob/master/api_reference.md#analyzecomment-request) From 7ad3d247b5a09c6d4dd273e4509df405b98520a1 Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Thu, 18 Oct 2018 14:33:45 -0600 Subject: [PATCH 3/5] feat: added base64 secret encoding --- docs/source/02-02-advanced-configuration.md | 17 +++++++++++++++-- services/jwt.js | 5 +++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/docs/source/02-02-advanced-configuration.md b/docs/source/02-02-advanced-configuration.md index 083b4bcdb..49769be0b 100644 --- a/docs/source/02-02-advanced-configuration.md +++ b/docs/source/02-02-advanced-configuration.md @@ -246,6 +246,21 @@ Refer to the documentation for [TALK_JWT_ALG](#talk-jwt-alg) for other signing methods and other forms of the `TALK_JWT_SECRET`. If you are interested in using multiple keys, then refer to [TALK_JWT_SECRETS](#talk-jwt-secrets). +You can also encode your secret as a base64 string (if you are using a symmetric +algorithm) as long as you prefix it with `base64:`. For example: + +```plain +TALK_JWT_SECRET={"secret": "base64:dGVzdA=="} +``` + +Would be the same as: + +```plain +TALK_JWT_SECRET={"secret": "test"} +``` + +As `dGVzdA==` is just `test` encoded using base64. + ## TALK_JWT_SECRETS Used when specifying multiple secrets used for key rotations. This is a JSON @@ -271,7 +286,6 @@ Note that the secret is stored in a JSON object, keyed by `secret`. This is only needed when specifying in the multiple secrets for `TALK_JWT_SECRETS`, but may be used to specify the single [TALK_JWT_SECRET](#talk-jwt-secret). - When the value of [TALK_JWT_ALG](#talk-jwt-alg) is **not** a `HS*` value, then the value of the `TALK_JWT_SECRETS` should take the form: @@ -282,7 +296,6 @@ TALK_JWT_SECRETS=[{"kid": "1", "private": "", "public": " Date: Fri, 19 Oct 2018 10:05:05 -0600 Subject: [PATCH 4/5] fix: fixes #2009 --- config.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config.js b/config.js index 8987f1114..99600508a 100644 --- a/config.js +++ b/config.js @@ -30,7 +30,7 @@ const CONFIG = { ENABLE_TRACING: Boolean(process.env.APOLLO_ENGINE_KEY), // EMAIL_SUBJECT_PREFIX is the string before emails in the subject. - EMAIL_SUBJECT_PREFIX: process.env.TALK_EMAIL_SUBJECT_PREFIX || '[Talk]', + EMAIL_SUBJECT_PREFIX: process.env.TALK_EMAIL_SUBJECT_PREFIX, // DEFAULT_LANG is the default language used for server sent emails and // rendered text. @@ -271,6 +271,10 @@ const CONFIG = { // CONFIG VALIDATION //============================================================================== +if (typeof CONFIG.EMAIL_SUBJECT_PREFIX === 'undefined') { + CONFIG.EMAIL_SUBJECT_PREFIX = '[Talk]'; +} + if (process.env.NODE_ENV === 'test') { if (!CONFIG.ROOT_URL) { CONFIG.ROOT_URL = `http://${localAddress}:3001`; From fabec2c89b913c89e32755bdaeb9ecd11034c8e2 Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Fri, 19 Oct 2018 16:28:13 +0000 Subject: [PATCH 5/5] review: fix invalid substring --- services/jwt.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/jwt.js b/services/jwt.js index 21045da8f..b1e444dbd 100644 --- a/services/jwt.js +++ b/services/jwt.js @@ -122,7 +122,7 @@ function SharedSecret({ kid = undefined, secret = null }, algorithm) { // If the secret is base64 encoded, then decode it! if (secret.startsWith('base64:')) { - secret = Buffer.from(secret.substring(6), 'base64').toString(); + secret = Buffer.from(secret.substring(7), 'base64').toString(); } return new Secret({