01:28:16  <SinisterRectus>everything you do with a "coro" function has to be done inside of a coroutine, including handling of the returns values. you can put all your code in one big coroutine if you want, but it will be asynchronous. if you break it into multiple coroutines, or coroutines within coroutines, it may be asynchronous (depending upon whether you're calling coro functions)
01:28:39  <SinisterRectus>first asynchronous should be synchronous*
01:31:36  <SinisterRectus>http://pastebin.com/GseNyv2K
01:32:12  <SinisterRectus>typos in there too, bah
01:48:59  * inexquit (Quit: oh)
02:47:36  * DarkGodquit (Ping timeout: 260 seconds)
02:59:18  * inexjoined
03:00:04  * rgrinbergjoined
03:18:16  * rgrinbergquit (Remote host closed the connection)
05:31:13  * SkyRocknRolljoined
07:44:50  * rendarjoined
07:52:37  * SkyRocknRollquit (Ping timeout: 248 seconds)
08:04:08  * rendarquit (Ping timeout: 244 seconds)
08:05:02  * SkyRocknRolljoined
08:31:30  * DarkGodjoined
09:23:36  * rendarjoined
10:30:00  * SinisterRectusquit (Ping timeout: 268 seconds)
11:38:33  * SkyRocknRollquit (Quit: Ex-Chat)
13:04:52  * CapsAdminjoined
14:29:33  * SkyRocknRolljoined
15:27:26  * SkyRocknRollquit (Ping timeout: 244 seconds)
15:42:09  * rgrinbergjoined
15:56:43  * SkyRocknRolljoined
16:12:03  * SinisterRectusjoined
18:01:09  * SkyRocknRollquit (Ping timeout: 248 seconds)
18:50:51  * DarkGodquit (Ping timeout: 265 seconds)
19:14:09  <creationix>Yorlik still around?
19:15:00  <Yorlik>Yes
19:19:46  <Yorlik>Checking the paste ...
20:04:09  * rendarquit (Ping timeout: 246 seconds)
20:08:45  * CapsAdminquit (Remote host closed the connection)
20:16:28  <creationix>Yorlik so basically, lua requires that you be in a coroutine to yield (pause the execution state)
20:16:47  <Yorlik>Yeah - that got obvious after the error
20:16:52  <creationix>You are not allowed to pause the main "thread" of execution (It's all one OS thread under the hood)
20:17:03  <creationix>I try to make this implicit in my APIs
20:17:15  <Yorlik>I just need to dig a bit deeper how the overall coro nesting and architecture works here
20:17:20  <creationix>the middleware functions for weblit, for example, are automatically run in the context of a per-request coroutine
20:17:34  <Yorlik>Makes sense
20:17:39  <creationix>this is actually created by coro-net when each tcp connection is made
20:17:57  <Yorlik>I like this thing. Its core lua
20:18:08  <Yorlik>And makes a lot of sense for our project
20:18:10  <creationix>but the TCP client will typically need a manual coroutine created
20:18:20  <creationix>Yorlik awesome. Let me know if anythinv confuses you
20:18:27  <Yorlik>Since we want to use that thing to connect game region servers and the postgres backend and a webfront
20:18:39  <creationix>I wrote a simple postgres client for luvuy btw
20:18:40  <Yorlik>Good to know about the TCP
20:18:45  <creationix>on top of coro-net tcp client
20:18:51  <creationix>*luvit
20:18:59  <Yorlik>Since we use barebones TCP for the message API between region servers and the central data hub
20:19:20  <creationix>I really enjoy the coro-net system of coroutines and codecs
20:19:31  <Yorlik>Coros kick butt. ;)
20:19:44  <Yorlik>We will chgange something on our networking
20:19:55  <Yorlik>Up to now the game regions were just polling
20:19:56  <creationix>apply http codec and it doesn't take much to write a web framework. Switch to websocket codec on upgrade event and you've got websockets
20:20:18  <creationix>websocket is actually a nice protocol for general use
20:20:18  <Yorlik>Probably its even easier to use websockets
20:20:29  <creationix>when used over HTTPS is traverses almost all networks
20:20:43  <creationix>proxies can't MITM you can break the protocol
20:20:49  <creationix>and port 443 is rarely blocked
20:20:57  <Yorlik>Since I finally managed to compile Luasec we now have https on the gameserver side
20:21:30  <Yorlik>The long term idea is to offer a service to other admins maybe.,
20:21:38  <Yorlik>So https is a must
20:21:55  <Yorlik>A letsencrypt helper would be cool to hgave
20:22:07  <Yorlik>Just plug and play https
20:22:09  <creationix>my typical deployment is to implement basic http + ws in luvit and put it behind a nginx proxy that handles HTTP2 and HTTPS
20:22:22  <Yorlik>Too bloated for our purpose
20:22:38  <Yorlik>We'll just make a nice module for the gameserver scripting engine
20:22:44  <Yorlik>Probably using copas
20:22:45  <creationix>too bloated? You're going to need stable public IPs and DNS entries for letsencrypt
20:22:51  <Yorlik>Which I find pretty awesome actuallöy
20:22:57  <creationix>yeah, copas isn't bad
20:23:13  <Yorlik>Oh - now I get you .. I think I had a misunderstanding here
20:23:24  <Yorlik>So you say using nginx to the outside
20:23:31  * Yorlikwas messed
20:23:43  <creationix>right, luvit.io is nginx proxying to a luvit server
20:23:58  <creationix>my luvti server has some bugs that I've never bothered to fix, but otherwise it works great
20:23:59  <Yorlik>luvit.io hangs quite a bit for me
20:24:10  <creationix>yep, the bugs
20:24:10  <Yorlik>The response times are not really advertising for the setup
20:24:26  <creationix>it's crazy fast when it works
20:24:33  <creationix>but something is deeply wrong with it
20:24:40  <Yorlik>How lonely would a coder be if he hadn't his bugs as company .... ;)
20:24:55  <creationix>I've currently got luvit.io rebooting every hour on a cron
20:25:00  <Yorlik>OMG
20:25:13  <creationix>I should really fix that at some point
20:25:21  <creationix>but it's such a low traffic site, it's not high priority
20:25:24  <Yorlik>I want to use the luvit app also to connect the gameservers with the portgress backend
20:25:36  <Yorlik>How good would that work form your perspective?
20:25:43  <Yorlik>As a Json Store and for accounting
20:25:55  <creationix>so luvit is the client?
20:26:00  <Yorlik>The new postgres json features are pretty awesome imo
20:26:11  <Yorlik>luvit is the central data huib
20:26:18  <Yorlik>luvit is the central data hub - to pg its client
20:26:32  <Yorlik>the gameservers would throw their requests at luvit
20:26:39  <Yorlik>and let it handle them
20:26:42  <creationix>got it, that could be neat
20:26:54  <Yorlik>Thats why i started with node initially
20:27:01  <creationix>so a proxy that translates postgres protocol to something https or wss based?
20:27:03  <Yorlik>I want a non blocking server in the middle
20:27:30  <Yorlik>There's hardly any translation - just plain sql and json strings
20:28:07  <Yorlik>But yes
20:28:09  <creationix>right, but postgres, http, and ws are very different protocols. I would know, I implemented all three for luvit
20:28:13  <Yorlik>Thats a second job of it
20:28:38  <Yorlik>So theres a postgres backend, a web frontend with different apps for players and admins and the game regions
20:28:54  <Yorlik>Remote gamereguions might throw messages of websockets or a rest api
20:29:04  <Yorlik>probably websockets simply
20:29:04  <creationix>this article may help some. https://luvit.io/blog/redis-client.html
20:29:10  <creationix>redis is simpler than postgres
20:29:21  <Yorlik>Nice. Thanks !
20:29:26  <Yorlik>lol
20:29:38  <creationix>when you say "web frontend" do you mean a front-end http server or a pure JS app in the browser?
20:29:47  <Yorlik>Web App for users
20:29:51  <Yorlik>polymer based
20:30:08  <creationix>so browser based then?
20:30:13  <Yorlik>In the moment it only has accounting and logging in
20:30:16  <Yorlik>Yes
20:30:21  <Yorlik>Browser
20:30:35  <creationix>yeah, a luvit server accepting requests over https or wss would work very well
20:30:38  <creationix>I do that often
20:30:58  <Yorlik>Could even us that infrastructure to make a mobile app
20:31:19  <Yorlik>But thats all a slowly growing side project
20:31:36  <Yorlik>We are mainly busy coding our gameservers Lua scripts
20:31:51  <Yorlik>Discord client also is in the long term pipeline
20:32:11  <creationix>since there isn't much in the way of docs, let me know what you need generally for the luvit server and I'll help code up the bones of it
20:32:15  <Yorlik>BTW - does Luvit has support for JWTs?
20:32:32  <Yorlik>I used JWTs with the old app for authentication
20:32:52  <creationix>don't think so https://luvit.io/lit.html#jwt
20:33:14  <creationix>Is it hard? If it's simple, I could code up a library some evening
20:33:44  * rendarjoined
20:34:37  <creationix>hmm, the open resty version is a couple thousand lines of code https://github.com/SkyLothar/lua-resty-jwt/tree/master/lib/resty
20:35:20  <Yorlik>JWTS are really good to have I think. Yopu can use them for other auth tasks as well (facebook, etc afaik)
20:35:57  <creationix>yeah, sounds like a neat building block
20:36:19  <creationix>having just implemented SAML2 SSO/SLO at work, I like simple building blocks for this kind of stuff
20:36:26  <Yorlik>And I wonder where t he functions of the old node crypto module are
20:36:42  <Yorlik>Is that in https?
20:36:45  <creationix>we don't clone that API any
20:36:54  <creationix>we're using a third-party lua bindings to openssl
20:36:56  <creationix>the docs are sparse
20:38:15  <Yorlik>node had a weakness with default diffie hellman params
20:38:31  <Yorlik>its easy to break security, even if you have the crypro libs
20:42:08  <creationix>so the latest and greatest of my luvit ssl work is this library https://github.com/luvit/lit/tree/master/deps/secure-socket
20:42:17  <creationix>it intends to be used by luvit's node clone and by coro-net's coroutine-style libs
20:42:50  <creationix>default ciphers can be seen at https://github.com/luvit/lit/blob/master/deps/secure-socket/context.lua#L30-L31
20:43:04  <Yorlik>My first question would be : Does it supply default and always the same diffie Hellman params then?
20:43:11  <Yorlik>Since it stems from node
20:43:23  <creationix>this particular code has no lineage from ndoe
20:43:27  <creationix>*node
20:43:28  <Yorlik>KK
20:43:38  <creationix>but I'm not an openssl expert by any means
20:43:53  <creationix>If I was, I would have written my own bindings for lua
20:44:57  <creationix>rphillips, who has used luvit at rackspace for years did a lot to keep luvit's openssl up-to-date and configured properly
20:46:07  <Yorlik>Nice!
20:46:39  <Yorlik>Our Security needs are not banking level anyways. Aftr all its a gaming project.
20:46:49  <Yorlik>But I want our userdata safe ofc.
20:49:52  <creationix>that's why I generally use nginx for my TLS termination
20:50:08  <creationix>I trust it much more than I trust node or luvit
20:50:16  <creationix>also it's probably faster
20:50:34  <creationix>(not that I ever benchmarked it)
20:52:17  <creationix>Yorlik, so JWT can be used basically as a real secure cookie
20:52:23  <creationix>one that even the client browser can't fake
20:52:43  <Yorlik>Yep
20:52:45  <creationix>and it can be passed anywhere, even between domains
20:52:48  <creationix>I like it
20:52:49  <Yorlik>Yep
20:52:59  <Yorlik>And you can stuff init whatever you like
20:53:16  <Yorlik>Theres I reason why i made this decision long ago .;)
20:53:39  <Yorlik>Single sign on in possible with it
20:53:43  <Yorlik>is
20:54:44  <creationix>I see, with the hmac you don't need pub/priv key pairs as long as you're a server that sets the value and then later validates it
20:56:19  <Yorlik>It's super convenient
20:58:53  <creationix>this looks really simple assuming you already have the crypto primitives
20:59:07  <creationix>I wonder why the resty library is so huge
20:59:15  <Yorlik>Yes. Even I could use them. :D
21:00:35  <creationix>Yorlik, ok, it's on my hack queue https://github.com/luvit/luvit/issues/934
21:00:45  <Yorlik>W000!
21:01:36  <creationix>For medical reasons I need to spend an hour or so each night sitting in the dark in bed programming (I have weird brain issues)
21:01:54  <creationix>lately I've been working on a blog and implementing a programming language in rust, but JWT for luvit sounds a lot more practical
21:02:52  <creationix>but seriously, I feel bad there are no docs on luvit coroutine stuff. Let me know what kind of app skeleton you want and I'll code it up complete with comments of where to insert your code
21:02:59  <creationix>think of it as personalized docs
21:05:07  * DarkGodjoined
21:06:19  * DarkGodquit (Client Quit)
21:06:20  <Yorlik>Thats awesome! Seems I finally need to nail our concept. What I find so interesting is the different applications that go into that app: Web Frontend, Database backend, Gameserver message API, Connection to the external drupal website and externalö game regions
21:06:34  * DarkGodjoined
21:06:38  <Yorlik>this suggests different approaches.
21:08:08  <creationix>I could maybe make some multiple samples. First one that comes to mind is a weblit server that uses JWT for auth for accepting postgres queries over websocket
21:09:22  <Yorlik>Yep. That sounds like a sane basis
21:09:25  <creationix>what I really like about JWT, if I understand it correctly, is I can scale horizontally and each instance just needs to share the secret to be able to independently issue and verify JWT tokens
21:09:43  <creationix>no need for etcd, consul or any distributed consesus
21:10:07  <Yorlik>Honestly - I'd need to reread about JWTs myself, but afaik it is like that
21:10:50  <creationix>(we have a very distributed application at work with pretty heavy scale so I've thought about these problems recently)
21:14:50  <Yorlik>One of the reasons why I used JWTs also was, I wanted to have an option to use external authentication, like from facebook users.
21:21:09  <creationix>lit auth is based on github public ssh keys
21:21:14  <creationix>it's weird, but seems to work
21:21:37  <creationix>the local CLI app will sign publish requests with your github username and private SSH key
21:21:48  <creationix>and then using the public github API, the server can verify the signature
21:21:55  <creationix>it's a pain and a hack though
21:22:22  <Soni>and doesn't support bitbucket :(
21:22:42  <creationix>I would love some sort of email based auth
21:23:25  <creationix>but it's not the most secure of transports
21:23:25  <Soni>I would love oauth
21:23:33  <creationix>oauth with who though?
21:23:55  <Soni>being able to configure publish-only keys, for use with CI
21:24:00  <Soni>uh
21:24:03  <Soni>not keys, tokens
21:24:08  <creationix>and most providers require a web based flow.
21:24:11  <Soni>I don't use oauth much :P
21:24:26  <Soni>creationix, oauth between lit and... lit?
21:24:31  <Soni>what do you call the lit server?
21:24:58  <creationix>in SAML terms, the lit server is a service provider, not an identity provider
21:25:21  <creationix>I don't want people to create yet another online profile just to use lit
21:25:39  <Soni>creationix, uh make it so you can sign an oauth token with the github key to "activate" it
21:25:47  <Soni>or something
21:25:56  <Soni>then instead of using the GH key every time you can just use oauth
21:26:13  <Soni>would that work?
21:26:13  <creationix>Soni do you know how oauth works?
21:26:27  <Yorlik>Auth qith google, facebook, etc?
21:26:27  <creationix>now github personal access tokens would work
21:27:01  <Soni>creationix, I've no idea how oauth works but I think it has something to do with handing off tokens that have different permission sets and stuff?
21:27:32  <Soni>like how github has all those permissions you need to grant to third parties so they can do stuff in your repos
21:27:47  <creationix>Soni it's browser based. You redirect the user to some github url with data embedded in the url. They login *on* the github website which then redirects them back to your website with data embedded in the request
21:27:47  <Soni>creationix, can't luvit have permissions like that?
21:28:04  <Soni>lit*
21:28:06  <Soni>creationix, uh
21:28:08  <Soni>really?
21:28:09  <creationix>It's kinda hard to redirect a CLI application to a website
21:28:10  <Soni>1 sec
21:28:23  <Soni>https://tools.ietf.org/html/rfc7628 ?
21:28:34  <creationix>but personal access tokens can be created manually in the github UI and then pasted in a CLI prompt
21:28:42  <Soni>no no no
21:28:45  <Soni>I don't want github tokens
21:28:48  <Soni>I want lit tokens
21:28:50  <Soni>for use with lit
21:28:51  <Soni>and ONLY lit
21:29:23  <creationix>what is a lit token if lit isn't the identity provider?
21:29:36  <creationix>I don't want people to have to create lit profiles
21:29:47  <creationix>they already have plenty of online identities
21:29:48  <Soni>well
21:29:56  <Soni>you request an oauth token from lit
21:30:02  <Soni>then you sign it with the github key
21:30:08  <Soni>together with a permission set
21:30:12  <Soni>and you send that to lit
21:30:40  <Soni>and it keeps track of the github account and the token (and permissions)
21:31:12  <Soni>and then you copy that token and shove it in the CI without risking your github account to random hackers
21:31:50  <Soni>hackers could wreck your lit packages, but only by e.g. uploading new versions, and nothing else
21:31:54  <Soni>and that's mostly fine
21:32:15  <Soni>creationix, this is how oauth works right?
21:33:32  <creationix>not really
21:33:53  <Soni>creationix, this is how oauth *could* be used right?
21:34:08  <Soni>I mean uh
21:34:25  <creationix>this is exactly how github personal access tokens are used
21:34:26  <Soni>idk sorry .-.
21:34:35  <creationix>you create a token with a set of permissions and then use that token to authenticate
21:34:52  <creationix>oauth the flow is a browser-based way to automate this so the user doesn't need to manually create the token
21:34:55  <Soni>creationix, but you don't support that in lit
21:35:08  <creationix>no, just github ssh keys currently
21:35:20  <Soni>creationix, also oauth is just a stupid API mechanism I thought
21:35:48  <Soni>unless I read that RFC wrong...
21:36:08  <creationix>I'm talking more about how github oauth works
21:36:28  <Soni>creationix, why not add oauth to lit? >.<
21:36:32  <Soni>non-github oauth
21:36:45  <creationix>I don't want to be an identity provider
21:36:59  <creationix>I just want to authenticate users with existing identities
21:37:06  <Soni>I didn't say add an account mechanism
21:37:23  <Soni>you're already tracking accounts w.r.t. modules anyway :/
21:37:46  <Soni>just extend it to tokens
21:39:23  <Soni>it should be that simple, assuming your codebase is modular...
21:40:09  <Soni>eh nvm it probably isn't :/
21:56:01  * rendarquit (Quit: std::lower_bound + std::less_equal *works* with a vector without duplicates!)
23:00:35  * travis-cijoined
23:00:36  <travis-ci>luvit/luv#296 (master - ec5cc5c : Tim Caswell): The build passed.
23:00:36  <travis-ci>Change view : https://github.com/luvit/luv/compare/a4a66bbe32e7...ec5cc5cfc37e
23:00:36  <travis-ci>Build details : https://travis-ci.org/luvit/luv/builds/174893285
23:00:36  * travis-cipart
23:21:20  * Sonichanged nick to APNG