Yes, I know I said this release would contain room script improvements, but instead I ended up paying off some technical debt. Hopefully you may notice some performance boost from this release.
Features
File service improvements
There are many improvements and changes made to the file service - the server part which handles serving images. It is nothing exciting, but things needed to be done.
HTTP upload of files
Images are no longer uploaded over WebSocket as base64 encoded strings, but are instead uploaded over HTTP.
Attempting to upload a too large file will now directly show a dialog with information on the limits:
Thanks to @Scarlet_Himari for reporting the issue and suggesting solutions in this thread.
GitHub issue #323 - HTTP upload of files
Image size limits
Images are now limited in size to 1 MiB per image for ordinary users, and 4 MiB for supporters. Previously uploaded images exceeding the limit will not be affected.
This limit covers characters (including avatars), rooms, and areas.
Webp image support
Non-animated webp images can now be uploaded. Animated webp images will result in an error, as the library being used does not support them.
Thanks to @maximus for coming with the suggestion!
Restricted image formats
It is no longer possible to upload bmp or tiff images. Didn’t you know that you could do it? Well, now you can’t. Allowed formats are jpeg, png, gif, and webp.
Restricted image dimensions
Images are now restricted to max 4096 Ă— 4096 pixels. Previously, there were no limits, allowing a malicious user to upload an image that consumed all memory resources of the server.
Access token on image access
When loading an image, the file service can now refresh the access token in case it has expired.
Etag and cache control
The file service now has a better way of handling the behavior of the browser’s cache, leading to less load on the server.
File access restriction
Most image files are no longer accessible unless you are logged in. This is to prevent images to be linked to from external sites. However, avatars are still publicly accessible.
Auth service token in-memory cache
To speed up file loading, in-memory caching of access tokens has been added to quickly validate that a user is logged in.
Improvements
Authentication during WebSocket handshake
Authentication of the WebSocket connection is now done during its HTTP handshake. Previously, authentication was made in a call sent over the the WebSocket once the connection was established.
As an effect, the WebSocket connection may now also refresh any access token cookie, as long as a valid refresh token is available, without having to make any separate HTTP call.
Note on bot scripts
Bot scripts should still use the
auth.authenticateBotcall for authentication.
GitHub issue #321 - Authentication during WebSocket handshake
Tab focus for navigation buttons
It is now possible to use the Tab key to get focus for the navigation wheel buttons in the Edit exit panel. Once you’ve tabbed to the navigation button of choice, you can use Space or Enter to select it.
Thanks to @GreenReaper for reporting the issue and exploring the solution on GitHub!
GitHub issue #324 - Navigational direction setting inaccessible via tabbing
Fixes
Push notifications not delivered to Mozilla Firefox on Android
Mozilla Firefox on Android mobile didn’t receive push notifications. This has been fixed.
File service sometimes not sending images
Files occasionally didn’t load properly due to a race bug on the file service. This has been fixed.
Events in empty rooms not triggering scripts
The onRoomEvent callback for room scripts were not called when the event occurred in an empty room, such as when a character arrives to an empty room, or when a character is the last to leave a room. This has been fixed.
Thanks to @farcaller for reporting the issue!