Releases: immers-space/immers
v2.1.2 migration fix and db connection strings
What's Changed
- System user migration fix by @wmurphyrd in #53
- Bump tar from 6.1.0 to 6.1.11 by @dependabot in #49
- Use full connection string as config for mongo by @wmurphyrd in #54
New Contributors
- @dependabot made their first contribution in #49
Full Changelog: v2.1.1...v2.1.2
https://github.com/immers-space/immers/blob/0b24992cf9da77accc3dad97652b93f3b2eb0b28/CHANGELOG.md
Contributors
Assets 2
v2.1.0
What's Changed
- Dependencies, nodeinfo, proxy services by @wmurphyrd in #48
- Make blocklist endpont explicit by @wmurphyrd in #27
- migration to update actor endpoints and streams with latest features by @wmurphyrd in #52
Includes Migration, will take longer to restart than usual, see CHANGELOG.md
Full Changelog: v2.0.0...v2.1.0
Contributors
Assets 2
v2.0.0 - Mongo driver update
Major version update in mongo driver. Required for Mongo Atlas clusters upgrading to 5.0.
What's Changed
- apex 3 and mongo 4 update by @wmurphyrd in #46
Full Changelog: v1.5.0...v2.0.0
Contributors
Assets 2
v1.5.0
What's Changed
- logout from hubs endpoint with no redirect by @justincolangelo in #43
- keep local dev working if nodemailer test service happens to be down by @wmurphyrd in #42
- allow authenticated CORS requests from hub domain by @wmurphyrd in #41
- proxyMode env var, http server, express trust proxy setting by @wmurphyrd in #40
- update sanitize package due to vulnerability by @wmurphyrd in #45
- Housekeeping by @wmurphyrd in #44
New Contributors
- @justincolangelo made their first contribution in #43
Full Changelog: v1.4.0...v1.5.0
Contributors
Assets 2
2D Profiles, better automated deploy, Web Monetization update
2D Profiles
We've had a 2D profile and friends list viewer discretely available at an actor's ActivityPub ID URL for some time, e.g. https://immers.space/u/datatitian. It is still a work-in-progress, but now that we've added responsive display styling for mobile and a "start menu" style button to navigate through to the Immersive Web experience, we're ready to start showing them off. Now, when a logged-in user navigates to their Immer's base URL, e.g. https://immers.space, they will be directed to their 2D profile page.
Current profile features:
- View current avatar (including 3D/VR/AR views)
- See friends' current locations
- Accept / reject friends requests
- View Immers chat history
- Logout
Future profile features:
- Edit display name & summary
- Manage avatar collection
- Manage blocklist
- Browse discovered Immers
Automated Hubs Cloud client deploys
A big improvement in our automated Hubs Cloud deployment process used in our Docker Compose setup (https://github.com/immers-space/immers-app/immers-hubs) reduces the RAM requirements for less expensive hosting and easy updates.
Web Monetization - Coil plugin update
A new version of the Coil browser plugin simplifies compatibility with Content Security Policies, we've updated our Hubs client to the new version of our Web Monetization polyfill (https://github.com/immers-space/web-monetization-polyfill) and removed the now-obsolete script-src CSP directives from the Hubs configurator
On-boarding flow & UX cleanup
Immers Server
- Allow deep navigation direct to registration panel in login view
- Fix login/profile layout on mobile devices
- Fix difficult handle entry on mobile keyboards
Hubs Client
- Clean up scene entry / on boarding flow
- Remove many UX prompts that require hubs account registration if not already logged in (e.g. create avatar, create scene, favorite room, pin item)
- Fix loading custom avatar from URL
- Fix hubs disconnecting in background while going through registration form
Welcome messages
Added the potion to prepopulate new user's inbox with a welcome message.
Also added config to generate a system user which will be the sender of the welcome message. A side benefit of adding a system user is compatibility with Mastodon secure mode.
User safety & security update
A collection of changes design to enhance safety & security for users
No longer recording e-mail addresses
In the database, plaintext emails have been replaced with their SHA-256 hash. This way we can still verify account ownership when a user re-enters their email to request a password reset, but we can no longer view (and therefore no longer risk losing in a data breach) user e-mail addresses. New configuration options have been added to offer a link to a mailing list opt-in from the registration page. For existing users, we will send one email describing the change and offering a link to our e-mail opt-in before we hash their e-mails. #30
Blocked once - blocked everywhere
The "Hide" button in the Hubs client has been upgraded to a "Block" button that also publishes a "Block" activity for the target user. When joining a room & whenever a new user connects, your blocklist is checked against the room occupants and anyone previously blocked is automatically hidden (and you are hidden from them as well). This means blocking a user one time in one Immer will remove them from your experience across all of Immers Space. immers-space/hubs#37
Users get control over how much account access to grant when visiting other Immers
We've added 9 individual access control scopes linked to activity types and 4 roles (bundles of scopes) to our OAuth2 authorization server. When connecting to their account from a remote Immer, the user gets to decide how much access to grant to that site so they can explore new places without jeopardizing their account security. We also changed the authorization flow to use a popup window instead of a redirect in the Hubs client, allowing users to preview (and even spectate) an Immer before connecting their account and joining the room. #29 immers-space/hubs#40
Clients can request one of the 4 role names as the scope in their OAuth2 authorization request, and this will be the default selected option when users are shown the above dialog, however users will always be able to override that choice and creators need to check the new scope hash parameter that comes alongside the token to discover which of the 9 scopes were granted and adjust their experience accordingly.
Dockerized
Simplify deployment with Dockerfile. See https://github.com/immers-space/immers-app for docker-compose file and deploy instructions
Personal avatar collections
- Update to completed
activitypub-expressimplementation - Use custom ap collections to track each user's personal avatar collection gathered throughout the metaverse