In this news post, we want to give you an overview of the new features and changes in version 1.1.
New features
Statistical data without a time limit
mosparo stores the submissions of a project for only 14 days. The chart on a project’s dashboard and the statistical API use these submissions to calculate the statistical data. Because of the automatic cleanup, the statistical information is only available for these 14 days. Additionally, if you have a lot of submissions, the calculation of this statistic takes time.
We’ve introduced a separate storage of the statistical values to solve this issue and offer the option to store the statistical information for a longer period. In there, we store the number of valid and spam submissions for each day.
The project owner can decide how long the statistical data should be stored with an option in the project settings. It is possible to let mosparo delete these data after, for example, 14 days or keep them forever.
The dashboard and the statistical API use these separated statistical data to display and return their data. On the dashboard, an additional dropdown allows you to choose the time range in the dashboard. An additional argument in the API allows you to define from which date the data should be returned specifically.
Suggested by Tobi77
Origin-based security settings
The security settings for a project (Honeypot, Minimum time, Delay, and Lockout) are good to limit the damage a spammer can do with very simple things. But they are the same settings for all users around the world. If you have a website focused on users from Australia, users from Switzerland are not your number one priority.
With the newly added IP-based security settings, you can define that users from Australia have not-so-strict security settings (for example, no minimum time, no delay, and very generous lockout settings), while other users worldwide have very strict settings.
You can define as many guidelines as you want to override the needed settings. You can specify the guidelines on the IP subnet or, if you’ve set up GeoIP2, on the country or AS number.
Limit the access to the backend and the API
To enhance the security of mosparo, we’ve added two additional settings in the Administration area to limit access to the mosparo backend and the API (Verification and Statistic).
Previously, you had to set up this limitation in your webserver configuration, which was hard to do since mosparo’s frontend API must be accessible by all users.
With this change, you can manage the limitations of your mosparo installation in the administration interface. You can define which IP addresses or Subnets can access the backend (login form and the management interface) and the API (Verification and Statistic). Usually, only your web server needs access to the APIs so that you can limit that to the IP address of the web server.
Define the language of the frontend
mosparo uses the browser language to define the mosparo box’s language in your form. The idea is to maximize accessibility and show everybody the correct language.
While that can work very well, it also can create other issues. To offer an alternative, we’ve added an option in the JavaScript frontend library, with which you can specify the language that mosparo should use. If you define a language for which mosparo does not have the translations (yet), mosparo falls back to the English translations.
Suggested by brendofreitas
API debug mode
Developing an API client or an integration for mosparo can be challenging since the Verification API is not very talkative and can be complicated.
For this, we’ve added a debug mode. The debug mode can be enabled for every project. If the debug mode is enabled, mosparo will return with more explainable error messages and hints as to why the request was unsuccessful.
With the debug mode, finding the problem in the communication and solving the issue should be a lot easier.
Inspired by OriCat101
Verification simulation mode
Additionally to the added API debug mode, we’ve added a verification simulation mode. It can also be enabled per project.
If enabled, mosparo displays a new button in the top right corner of the submission detail page. When clicking this button, mosparo will show you step-by-step how to verify the submission. You can also see the values the API expects in your API requests.
Inspired by OriCat101
Changes
Active project while using mosparo
Since the beginning of the development of mosparo, we have stored the active project in the user session. This made some things very easy while others got very complicated. After a user reported wrongly stored settings in the project creation wizard, we thought about this setup again. We concluded that we have to change it to eliminate possible issues in the future.
We’ve changed all project-related URLs. The active project is now represented in the URL. This fixes all issues regarding the active project. Additionally, you can now edit multiple projects simultaneously in different browser tabs without any problems. Before, you were able to edit only one project at a time.
We still store the latest active project in the session, so if you visit the account settings or the administration interface, you can quickly return to the latest active project.
With this change, it is also possible to send the URL of a submission, rule, ruleset, or anything else project-related to someone else. After logging in, this person is redirected to the correct object.
Update for the import and export functionality
Since these new features added new options to the project settings, we’ve updated the import and export functionality to represent these options.
Additionally, we added the status of a project to the import and export functionality too. We should have added that in the initial development.
Bug fixes
- On the project dashboard, the button to the project settings was visible to all users, as well as users with lower access levels (like Reader and Editor). These users cannot access the project settings. With the fix, the button is not visible to those users.
Thank you
We thank all of our contributors and testers for their suggestions and work. We could not do such a project without your support and contributions!
As always, we’re looking forward to your feedback. You can send it to us by email (feedback@mosparo.io). You can also post a review on AlternativeTo, or WordPress.org (for our WordPress plugin).
If you have any suggestions to enhance or optimize mosparo, you can send these to us by creating a post in the Discussions on GitHub.