OpenStreetMap NextGen Development Diary #21 — User Diaries
Posted by NorthCrab on 25 November 2024 in English.A new week, a new OpenStreetMap-NG development update. This week, we announce the release of two significant features: an overhaul of the User Diaries and the implementation of client-side password hashing.
🔖 You can read other development diaries here:
https://www.openstreetmap.org/user/NorthCrab/diary/
⭐ This project is open-source — join us today:
https://github.com/openstreetmap-ng/openstreetmap-ng
🛈 This initiative is not affiliated with the OpenStreetMap Foundation.
Video Summary
Join me for a guided tour of the new functionalities. In this week’s video, I compare OpenStreetMap-NG’s approach with the current implementation, highlighting key improvements in navigation, performance, and user experience.
⬇ Click the image below to play
or click here: https://peertube.monicz.dev/w/3PTAV1rsrb7iJUdSBbUM3n
User Diaries Interface
The User Diaries section has undergone a significant redesign to improve navigation and usability. Key enhancements include:
- Sidebar Navigation: A new sidebar allows users to quickly access and keep track of articles, eliminating the need for excessive scrolling.
- Faster Page Loads: Lazy image loading has been implemented, resulting in User Diary pages loading up to 5 times faster compared to the OSM-Ruby implementation.
- Localized Date Formatting: Website dates and times are now displayed in the user’s local format, ensuring a consistent experience for our global community.
- Comment Indicators: Articles with active discussions are now easily identifiable through the addition of comment indicators.
- Improved Editing Tools: The diary editing interface has been streamlined, with the ability to remove location data with a single click, providing a more intuitive user experience.
Client-Side Password Hashing
We have implemented hybrid client-side password hashing, adding an extra layer of protection for user accounts while making the server even more lightweight to run.
- Hybrid Approach: Passwords are now hashed twice, first on the client-side using PBKDF2, followed by a second hashing on the server-side with Argon2 (the same algorithm as currently). While the total amount of work required increases, the server shares this work with the client, making it more scalable for the future.
- Accidental Leak Prevention: Client-side hashing ensures that even if a password is accidentally logged, it will never be exposed in clear text, safeguarding sensitive user data.
- Domain-Bound Hashes: Each password hash is uniquely tied to the specific OSM-NG domain, preventing password correlation across different deployments, such as production and testing environments.
Sponsors
This update was sponsored by 16 amazing people.
8 donors on Liberapay, and 8 on GitHub Sponsors.
Thank you, community! We are now closer than ever to the first public release of OpenStreetMap-NG. Right on track with ETA end of 2024. — NC 🦀
Discussion