Current state of multi-user with access control

[Greg Hodgins]

Hi all.  It's been a few years since I first discovered the incredible TiddlyWiki and TiddlyMap combination.  I find myself with a renewed interest in trying to get this combination to do what I would like with respect to IT network documentation - including among other things allowing multiple users controlled access.  I find myself confused with the current state of affairs given all the apparent options.  Native TW multi-user discussions go way back to 2015 or even earlier.

Anyhow, the upshot of my question is what the relationship between 5.1.18 or 19 and Bob?  Does native .18 or .19 offer multi-user access - or does Bob use what TW has implemented?  Are they complimentary or competitive solutions?  I seem to be seeing more information on setting up basic access control with native TW than I can find with Bob.  

I have Bob running in GCP fronted by a load balancer using https on the front end and basic http on the backend.  I am very close to securing access with IAP (Identity Aware Proxy).  It went pretty smoothly although I am currently getting very frequent and annoying (problematic actually) Warning : You are no longer connected messages.  I can't find any Bob documentation on establishing user access control.

Do either implementations offer some basic user definitions and access control?  I don't need fine grained authorization for authenticated users, but it would be nice to think there would be a user ID associated with any CRUD operations.

I think the other option for me might be Noteself, not configured for "self". :-)  I've historically had a Noteself instance up and running in the cloud with the benefits of couchdb/pouchdb synchronization that works quite well.  I think Noteself has multi-user options too.

So, unless I am mistaken, hosting multi-user in the cloud could be done with TW native/node, Bob/node, or potentially Noteself.

All the choices. :-)  What's recommended?

All the best.

[Greg Hodgins]

Just a quick update.  I started asking myself why my previous "go to" solution for TiddlyWiki/TiddlyMap installation, Noteself, wasn't what I tried first for multi-user.

 Given the success I had with it in the past (after some real struggles with CORS) it should have been my default.  

Last night I gave it a quick go and it looks good.

1. Performed a CouchDB one-click install on GCP.  I might look for a container version in the future.
   
2. Changed the auto generated CouchDB administrator password and added another admin (named) user
   
3. Enabled CORS in the CouchDB UI (Fauxton) and added noteself.github.io and my own domain to the allowed domains (this cause me hours of grief months ago - not this time! :-) )
   
4. Created a database called noteself in the CouchDB UI.
   
5. Added an admin and a member users to the database to restrict from public access
   
6. Created a GCP load balancer.  https on the front end with a Google letsencrypt free autogenerated cert.  Usual http:5984 to the back end
   
7. Removed the external interface from the CouchDB compute instance - no direct external access, only through the LB.
   
8. I could add the Identity aware proxy to this, but don't think I will for now.  I will just rely on CouchDB access control
   
9. Launched the online instance of Noteself from noteself.github.io.  Configured Noteself couchdb URL.  Was prompted for user and password and sync'd.
   
10. Dragged and dropped the four TiddlyMap plug-ins to Noteself.  Let it sync and reload.
    
11. Save some apparently innocuous sync errors on startup, looks good.
    
12. I can create additional wikis by creating new databases on the CouchDB instance and control access for multiple users through CouchDB access control.

Noteself synchronizes changes between clients/users including offline work using CouchDB/PouchDB.  Also has the benefit of versioning of Tiddlers.  I think the versioning capability is where the error is coming from on startup for a few special TiddlyMap tiddlers.  There is a defect report on it. https://github.com/felixhayashi/TW5-TiddlyMap/issues/282

Took less than an hour if you remove the problems I had with a missed port number on the load balancer configuration.

This is looking good.  Many thanks as always to those creating these incredible tools.

[TonyM]

Greg,

Thanks so much for sharing to the community and a timely reminder that noteself allows multi-user Tiddlywikis (Along with Bob).

The fact is any external database store can potentially hold tiddlers and serve them to wikis. I would like to see this on for MySQL/Maria DB databases since they are common and pervasive on hosting solutions.

Regards

Tony

On Wednesday, January 30, 2019 at 2:41:50 AM UTC+11, Greg Hodgins wrote:

Just a quick update.  I started asking myself why my previous "go to" solution for TiddlyWiki/TiddlyMap installation, Noteself, wasn't what tried first for multi-user.

 Given the success I had with it in the past (after some real struggles with CORS) if should have been my default.  

[Ste Wilson]

Will have to have a go at this soon....

[Greg Hodgins]

No problem. I get more than I give here. :-)  

I'm just starting to play with this for collaboration.  I am sure I will encounter more surprises and challenges along the way.  The first thing that caught me be surprise that would somewhat limit the current usability of the solution for many use cases is that there is no isolation of workspace per user from what I see.  If I am working on a wiki at the same time as someone else, my actions in the wiki affect the other user.  If I open a Tiddler, it appears on their screen.   More to the point for me, if I am moving things around on a map, they move around for the other users.  Even if I create a new view to try and work in isolation, the fact is the other user's view is changed to my view too.  This isn't bad for online/interactive collaboration - think two people working on the same spreadsheet.  Same thing.

However, where it falls short is if the two or more of us wanted to do our own thing in the wiki.  Work independently contributing to the same wiki.  That appears impossible unless I am missing something.

Still, for my current purposes of collaborating on a map, it looks like it might work quite well.

Interested in the experience of others.  Perhaps Bob addresses some of this, but again I could not even locate how to establish additional users in Bob.  TiddlyWiki nodejs install appears to offer multi-user, but not sure if it introduces any kind of independent workspace.  I'm sure multi-user opens up a whole can of worms I've not even thought of for an application like TW and the multi-user sync mechanisms.

All the best.

[TonyM]

Greg,

I have a lot to add that may help you. But its 4am here in sydney, being sitting in a hospital for 4 hours supporting someone.

Tomorrow

Regards
Tony

[Greg Hodgins]

Well now you have me all excited and I won't be able to sleep myself tonight. ;-)  Hope all is well at the hospital.

I just made another tweak to the setup.  Not that I had anything against launching from noteself.github.io and love how I can use this to try new versions (at risk of corrupting my CouchDB data I imagine), I wanted to have a completely vanity domain branded experience.  Given noteself/tiddlhwiki.html is just static content the fastest, simplest, cheapest method I found was to use a GCP storage bucket.  Took 2 minutes.  No web server to manage at all.

Create a CNAME in your DNS service with your new host.domain pointing to c.storage.googleapis.com.

Create a storage bucket with a name the same as the host.domain in the DNS

Upload the content.  

Set permissions (can allow anyone).

Done.

Don't forget the CouchDB CORS needs to allow your domain.  Otherwise you just get told the login failed with no real indicator of CORS being the issue.  I remember this well!!!

https://cloud.google.com/storage/docs/hosting-static-website

Having some other funky issues like a TiddlyMap plugin update that is not working and the yellow sync error popups appear on certain operations.