SAFE Network API - Getting started (draft)

I think the problem is that if you allow inline scripting (or inline CSS) a script can’t be prevented from loading from another domain, so in order to implement a same origin policy, CSP rules normally block inline scripts & CSS. I suspect we don’t have any CSP rules being imposed by the browser at present, but have not checked that.

When testing websites with the early SAFE Beaker Browser inline scripts & CSS were disabled for same origin security, but I think this was imposed by the web proxy which has since been removed, so that may be why it is no longer active.

What I’m not sure about is whether it is still needed or not. So that’s really my question - have we left a security hole open, or is this no longer a risk?

I suspect it is a risk, but that it is (like the current Web) up to the website to provide appropriate CSP headers. However, my understanding is that the main browsers are taking on that responsibility by gradually imposing ever stricter CSP rules because so few websites are set up adequately in this regard. In which case we should probably have SAFE Browser do the same.

So my hunch is that we will need to close this loophole or we risk leaving users open to using websites and apps that are at risk from attacks such as XSS (eg inserting HTML into comments, forum posts etc).

Hi @bochaco, I started using an Ubuntu 17.04 VM for dev purposes, and got the same problem for the mock browser for Example 3.

The JS Console still gives no errors, nothing at all except for the first log message at the beginning, but this time i ran the browser executable from a terminal, and I saw this in the terminal after I authorized the example 3 app:

Mutation not authorised
thread 'App Event Loop' panicked at 'assertion failed: vault.authorise_mutation(dst, self.full_id.public_id().signing_public_key())', /home/travis/build/krishnaIndia/safe_core/safe_core/src/client/mock/routing.rs:854
note: Run with `RUST_BACKTRACE=1` for a backtrace.
thread 'App Event Loop' panicked at '

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!   unwrap! called on Result::Err                                              !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
/home/travis/build/krishnaIndia/safe_core/safe_core/src/client/mock/routing.rs:848,20 in safe_core::client::mock::routing

Err(
    "PoisonError { inner: .. }"
)

', /home/travis/.cargo/registry/src/github.com-1ecc6299db9ec823/unwrap-1.1.0/src/lib.rs:67

I also discovered this error only occurs the first time the app asks for authorization. If I restart the browser and open the page without revoking authorization, the MD example starts working as intended, and there is no error in the terminal!

But if I revoke the app’s permissions before restarting the browser, and accept the permissions again, the problem happens again.

On my Win10 machine, where I originally encountered the problem, it works all the time now – even after revoking and reauthorizing. I was trying to run the mock browser & example from CMD, to see if the underlying error message was similar, but I can’t reproduce on this system anymore. I’m not sure why.

Also, when I tested it (on the Ubuntu VM and the Windows host), I’m running the JS from a separate file, so it’s not inline js anymore. I used exactly the same JS & index.html for both systems.

Hope this info is useful!

Hi @am2on, let me ask this first, are you building the browser yourself, and if so, note that we merged everything to the master branch last week, so are you building the master branch?

Also, if you are following the tutorial from this post, note that it’s a bit outdated now.

I was using the prebuilt browser binary on the release page (v0.2.1). I can try building the browser myself with the latest changes, and see if that improves things. Are there any up-to-date guides for building it with mock-routing? If not, what should I do differently from that post to get it to work? Thanks!

I am interested in binaries that would allow me to develop/test web apps on a non-connected laptop. My style of coding is very iterative and loading new files into the actual network every time I do a small edit is extremely painful.

I understand there is a mock-vault binary. Is this all that is needed, or is there a special mock version of the breaker browser needed as well? If I use the mock-vault, can I just copy the app files to a directory, or do I still need to “upload” them into the mock-vault (which would still present something of a bottleneck to iterative development)?

Ideally, I want to edit my javascript, click something (double clicking on a batch file would be OK), wait only a second or two, and be able to test the edits.

Hi @pdx, @am2on, currently the browser is set to build with network libraries only, we will be updating the documentation soon for those who want to build for the mock as there is a minor issue in the browser build for mock we first need to solve (https://maidsafe.atlassian.net/browse/MAID-2150). As you can imagine this is having a lower priority than the other functional issues we are working on, so please be a bit patient that we’ll get there soon.
There is also an ongoing effort to provide tools for development, so you can work with the mock using the browser and loading locally stored webapps, trust me, I’m also as anxious as you to have them ready as hey’ll help us all to speed up in developing safe apps.

When I run example 3, it only works the first time I run it, on subsequent runs it generates the error message

Error from webapp: Error: Unexpected (probably a logic error): Could not connect to the SAFE Network(…)

If I restart the browser and then wait for a while, it will work again, but then also just one single time.

Hi @intrz, this is a known issue related to the number of safe clients allowed, and it will be solved in next release of the binaries. See some details of the issue here.

The issue still exists to some extent with the new binaries on test 18.

If I run one of the examples I have to wait for about 1 minute before I can click reload, if I reload before this the same error will show again.

Hi @intrz, can you please publish the example that is giving you problem on the Test18, share the safe:// and the steps to reproduce it?

Go to safe://nasa.gov, then open the dev console and click reload. It you reloaded without waiting at least one minute you’ll see the error

Error from webapp: Error: Unexpected (probably a logic error): Could not connect to the SAFE Network(…)

Hi @intrz, thanks for that. Unfortunately I’m not able to reproduce it. So in your case does it connect the first time when you loaded the website? or it doesn’t even connect the first time?
Also, can you please run the browser from a shell console so you can then see any error thrown there when that happens?

Yes, it connects the first time I load the website and it connects again if I wait more than one minute between each reload.

I 17-08-10 09:58:03.423323 Failed to Bootstrap with 138.68.147.195:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:03.423323 Failed to Bootstrap with 138.68.145.41:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:03.423824 Failed to Bootstrap with 138.68.154.44:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:03.508813 Failed to Bootstrap with 139.59.185.49:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:03.509314 Failed to Bootstrap with 138.68.155.8:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:03.513818 Failed to Bootstrap with 138.68.147.124:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:03.514818 Failed to Bootstrap with 138.68.157.171:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:03.515319 Failed to Bootstrap with 138.68.157.147:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:03.515818 Failed to Bootstrap with 138.68.157.221:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:03.519821 Bootstrapping(7f8b2b..) Connection to 72827e.. failed: PeerNotFound
I 17-08-10 09:58:03.519821 Bootstrapping(7f8b2b..) Connection failed: The chosen proxy node already has connections to the maximum number of clients allowed per proxy.
I 17-08-10 09:58:03.519821 Bootstrapping(7f8b2b..) Lost connection to proxy PublicId(name: 72827e..).
I 17-08-10 09:58:04.757239 Failed to Bootstrap with 138.68.145.41:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:04.757739 Failed to Bootstrap with 138.68.157.147:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:04.757739 Failed to Bootstrap with 178.62.61.231:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:04.757739 Failed to Bootstrap with 139.59.185.49:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:04.758239 Failed to Bootstrap with 138.68.147.183:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:04.758740 Bootstrapping(7f8b2b..) Connection to ec42d7.. failed: PeerNotFound
I 17-08-10 09:58:04.758740 Bootstrapping(7f8b2b..) Connection failed: The chosen proxy node already has connections to the maximum number of clients allowed per proxy.
I 17-08-10 09:58:04.758740 Bootstrapping(7f8b2b..) Lost connection to proxy PublicId(name: ec42d7..).
I 17-08-10 09:58:06.134827 Failed to Bootstrap with 138.68.154.44:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.135327 Failed to Bootstrap with 138.68.155.8:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.135327 Failed to Bootstrap with 138.68.145.41:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.135828 Failed to Bootstrap with 138.68.147.195:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.135828 Failed to Bootstrap with 139.59.174.145:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.136328 Failed to Bootstrap with 138.68.157.147:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.136328 Failed to Bootstrap with 138.68.157.171:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.136829 Failed to Bootstrap with 178.62.61.231:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.136829 Failed to Bootstrap with 138.68.157.71:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.137329 Failed to Bootstrap with 138.68.147.124:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.137329 Failed to Bootstrap with 139.59.185.49:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.137829 Failed to Bootstrap with 138.68.157.221:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.137829 Failed to Bootstrap with 138.68.147.183:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:06.138830 Bootstrapping(7f8b2b..) Connection to 8d8991.. failed: PeerNotFound
I 17-08-10 09:58:06.138830 Bootstrapping(7f8b2b..) Connection failed: The chosen proxy node already has connections to the maximum number of clients allowed per proxy.
I 17-08-10 09:58:06.138830 Bootstrapping(7f8b2b..) Lost connection to proxy PublicId(name: 8d8991..).
I 17-08-10 09:58:07.517986 Failed to Bootstrap with 138.68.157.147:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.517986 Failed to Bootstrap with 139.59.174.145:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.519991 Failed to Bootstrap with 139.59.185.49:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.520990 Failed to Bootstrap with 138.68.155.8:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.521489 Failed to Bootstrap with 138.68.154.44:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.521489 Failed to Bootstrap with 138.68.157.171:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.521489 Failed to Bootstrap with 138.68.157.221:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.521989 Failed to Bootstrap with 138.68.147.124:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.521989 Failed to Bootstrap with 178.62.61.231:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.521989 Failed to Bootstrap with 138.68.157.71:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.522490 Failed to Bootstrap with 138.68.145.41:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.522490 Failed to Bootstrap with 138.68.157.132:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.522490 Failed to Bootstrap with 138.68.147.195:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.522490 Failed to Bootstrap with 138.68.157.95:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.522990 Failed to Bootstrap with 139.59.190.50:5483: (ClientNotWhitelisted) Our Client is not whitelisted
I 17-08-10 09:58:07.522990 Failed to Bootstrap with 138.68.147.183:5483: (ClientNotWhitelisted) Our Client is not whitelisted
E 17-08-10 09:58:07.522990 Bootstrapper has no active children left - bootstrap has failed
I 17-08-10 09:58:07.522990 Bootstrapping(7f8b2b..) Failed to bootstrap. Terminating.

Hi @intrz, I raised a ticket to track this. I will contact you to try to debug it on your PC in the next few days since I cannot reproduce it and cannot understand what could be happening there.
One more question in the meantime, do you have any other web pages connecting to the network, and/or any other desktop apps connecting to the network when you reproduce this issue?

I’m only running the SAFE browser. I just tried it on another computer in a different location and I get the exact same behavior.

I open the browser, then open the dev console and go to the site, no other tabs open. It works fine, then I click reload and I get the error message in the dev console, then if I wait for a minute and click reload again it loads without any error again.

Hi @intrz, we were able to reproduce the issue on Test-18 and it’s not reproducible on Test-19. Please raise a ticket on github if you happen to experience any other issue/s.

It’s released now! But I’m having issues – I’ve installed

"@maidsafe/safe-node-app": "0.2.2"

and imported

import safe from '@maidsafe/safe-node-app';

and now I’m getting

TypeError: exists is not a function
at
  Function.getRoot
  node_modules/bindings/bindings.js:158
    > 158 | if (exists(join(dir, 'package.json')) || exists(join(dir, 'node_modules')))

It seems this error is caused by safe-app itself; commenting out the import statement fixes the error. I wasn’t able to find much help online. Any ideas?

N.B. I’m using React with create-react-app. Here’s a link to a working demo of the error: 💥 Try to import safe; getting errors · cooperka/personal-website@9d4474b · GitHub

After a bit more digging, it looks like safe-app requires weak which requires bindings which creates a function called exists (source), but in my case this function is undefined because fs.accessSync, fs.existsSync, and path.existsSync are all undefined. This happens using [node v6.4 + npm v4.0] and also [node v8.4 + npm v5.4]. I’ll keep digging tomorrow.

@cooperka, it looks like you’re setting up a website, and not a node/electron app.

safe-node-app is built for these kind of things. If you’re building a website, you’ll need to use the SAFE Browser APIs which are built into the browser itself, and can be accessed via the window object.

See: http://docs.maidsafe.net/beaker-plugin-safe-app/

I see, thanks for the clarification. I tried that originally but window.safeApp is undefined in my SAFE Browser (built for production from latest master). My code can’t use it, and when I open the console (from any website) and begin typing window.safe I see auto-suggestions for window.safeAppGroupId but nothing else. Any idea why it wouldn’t exist for me?

You’ll need to be on a safe: protocol url, the APIs are only loaded on safe: or localhost: protocol links.

So you can actually use localhost to access a site you’re serving locally (from create-react-app, for eg). Say you’re serving http://127.0.0.1:8080, you can access this in the SAFE Browser on localhost://p:8080 (localhost://p:<your port>)