silverbullet icon indicating copy to clipboard operation
silverbullet copied to clipboard
verified publisher icon silverbulletmd

This is fantastic, some wish list items

Open JakeIn2l opened this issue 1 year ago • 8 comments

I love this app! As a software engineer - this is the perfect note taking app. Here are some big wish list items I have.

  • Biggest one: Ability to use silver bullet as a rest client. I think this would really be a killer feature. Something like this https://marketplace.visualstudio.com/items?itemName=humao.rest-client

  • An external security audit of some sort, or anything really that would give me enough trust to expose this app to the internet. Right now, I'm only comfortable putting it behind a vpn until I get unlazy enough to take a good look at the code.

JakeIn2l avatar Jul 02 '24 16:07 JakeIn2l

  • This feels like an XY problem, what would be the use case for this? But if you would want it, it should be easily implemented using plugs.
  • Yeah, ahm, probably don't. If you want to expose it put it behind something like authelia. Theoretically silverbullets auth flow is relatively basic and per standard, but id still always run it securely somewhere. I also don't really see a reason for fully exposing it.

MrMugame avatar Jul 02 '24 21:07 MrMugame

For my use case, I'd love to have my self documentation and endpoint testing in one spot. This is currently what I do with VS Code. You are probably right that this is an XY problem.

Regarding exposing the app. I'd like to be able to quickly pull up SilverBullet on my phone. Its tedious to constantly have my phone connected to my VPN.

JakeIn2l avatar Jul 03 '24 15:07 JakeIn2l

I'm no security expert at all, so somebody who does and can have a look at the authentication system (and ideally fix it). That'd be great. I do know some security professionals are using SB, but all with a custom authentication layer on top like Authelia, because they wouldn't have it any other way anyway.

zefhemel avatar Jul 03 '24 16:07 zefhemel

What about running 2 instances of Silverbullet against the same content directory? Have one instance behind a VPN, and a second instance not behind a VPN that has read-only access to the content directory. That might solve the non-VPN phone access use case.

jkjustjoshing avatar Jul 05 '24 06:07 jkjustjoshing

Regarding exposing the app. I'd like to be able to quickly pull up SilverBullet on my phone. Its tedious to constantly have my phone connected to my VPN.

I am using Tailscale as set up in the following docker-compose.yml and have Tailscale on my phone set-up with its "VPN On-Demand" feature enabled (in particular, "Detect MagicDNS Hostnames" on).

I then added SilverBullet to my home screen in iOS and whenever I open the "app", DNS transparently connects.

services:
  silverbullet:
    image: zefhemel/silverbullet:latest
    container_name: silverbullet
    volumes:
      - silverbullet:/space
    environment:
      SB_PORT: ${SB_PORT}
    restart: always

  ts:
    image: ghcr.io/shayne/tsnet-serve:v1.1.0
    volumes:
      - /state
    environment:
      TSNS_HOSTNAME: silverbullet
      TSNS_BACKEND: silverbullet:${SB_PORT}
      TS_AUTHKEY: ${TS_AUTHKEY}
    depends_on:
      - silverbullet
    restart: always

volumes:
  silverbullet:
    external: true

The only flaw, as I've discovered yesterday, is that my work might be adopting Tailscale and it doesn't support being connected to more than one Tailnet at a time, which means I won't easily have access to my notes on my work machine, so I will probably be doing something like the above, but with ZeroTier (which does support multiple networks connected from the one client device).

bjeanes avatar Jul 22 '24 22:07 bjeanes

it doesn't support being connected to more than one Tailnet at a time

if you share your server node with your work tailnet, you should be able to access it still. You’d need to figure out how to keep your coworkers out of it, but that may be a solution.

I also use Tailscale, and it works great!

jkjustjoshing avatar Jul 23 '24 00:07 jkjustjoshing

if you share your server node with your work tailnet, you should be able to access it still.

I thought the same, but bizarrely only privileged talent users (eg IT Admin or Network Admin) can redeem invitations. So I actually am locked out of being able to invite my work machine to my private node.

Really surprising constraint and I don't understand it, since I am not inviting the node to the whole tailnet.

bjeanes avatar Jul 25 '24 23:07 bjeanes

Biggest one: Ability to use silver bullet as a rest client. I think this would really be a killer feature. Something like this https://marketplace.visualstudio.com/items?itemName=humao.rest-client

Does the lastest release 0.8.4: https://silverbullet.md/Space%20Script#Custom%20HTTP%20endpoints help you?

montarion avatar Jul 28 '24 13:07 montarion