Wyvern Alpha Release Disaster

I recently released the first version of Wyvern! After many production headaches, I sent it out to people... and things went south.
Blog post image
October 17, 2022


After honestly about 4 months of tears and Cross-Origin-Resource-Sharing errors, I have finally come up with a way to ship Wyvern off to production.

This has been my longest "consistently" worked on project ever (I worked on some part of it at least once a month). I started Wyvern on November 2nd, 2021. It is not October 8th, 2022. Almost a year, and I have a bug filled production version!

Short recap

If you don't know what Wyvern is, I don't blame you. I haven't hyped it up enough. Basically, Wyvern is a bad recreation of Discord. It's not done, never will be, but I am attempting to implement all the core features of Discord.

As I mentioned in my There are too many Javascript Frameworks article, I learned React for about a couple days before starting Wyvern. This was a horrible idea thinking about it now, but Wyvern works. At this point, I have pretty much removed all evidence of that first month of work. That meant replacing class components with functional components, and replacing shivers Material UI with shivers less Bootstrap.

The current version of Wyvern, available at https://wyvern.tkdkid1000.net is entirely custom CSS, and pretty much entirely home made React Components. (Wyvern may be down as I am working on breaking changes to fix the bugs...)

Anyway, I finally released alpha v1 after some motivation by certain people, and hell occurred.

The dangers of production

I never realized how much stuff breaks in production. Developers aren't great at catching bugs, our self arrogance makes it so we don't think about bugs that much. A good beta tester however, they are gonna try in every way to break your app.

First issue: I had literally no security whatsoever. Yep. So, Wyvern uses these things called Websockets, they allow for realtime message sending between a client and a server. Well, when I was listening for a chat message, I never verified that the user sending said message was even in the guild they were sending it in. Heck, I didn't even check if the user was in the guild. You could literally enter a certain guild's URL into the browser, and start chatting in someone else's guild.

Another issue: I forgot I was using mongodb. Until like 2 weeks ago, Wyvern was using an in memory database that is on the server. By in memory, I mean a single javascript object for the entire app's data. I switched to mongodb for optimization, and, because someone said I should. It was honestly not too hard to convert stuff. What was hard? Remembering I was using mongodb. I wrote a query that requested all the channels in a guild, sept, it wasn't just for the guild. It was getting every channel. (oh no)

This was an issue, not only could users use any channel by the previous bug, every channel ever created was visible in the channel navigator, regardless of the guild!

There were many other small things, but these were the significant ones.


I am working on fixes for all of these, and I have a theory of how all of the bugs started: I wasn't standardizing my requests.

You could make an api request, and it would do something completely different than making the same request to the websocket server. None of the api requests even sent stuff to the websocket users! This is where my next release (eventually) will come in. I am creating specific functions for handling every action. Ok, not every action, but any writing action.

My read requests to the database were mostly fine, so I can handle those. Most of my writes however, did not update things realtime. I am standardizing every action into the new server/src/functions directory, where I'm writing things like joinGuild, sendMessage, or createChannel. They all take specific parameters, and then I can just put these functions into an api/websocket request. Much easier!

I am taking this slowly, mostly only rewriting the existing ones. What did I notice? I ended up creating React hooks for every server side function. It was a really weird coincidence that I genuinely did on accident. Either way, this new system is working out pretty well.

Get involved

Wanna help in this boring process of code refactoring and writing React hooks? You can always contribue over on GitHub, even if you don't know too much, I am willing to assist anyone wanting to learn contribute to Wyvern.

Important Note: If you, yes you, reading this article, if you find a bug/error/security exploit in Wyvern, do tell! Make an issue in the Wyvern repository, and I will make it my highest priority to fix it.

That's all for now folks! Stay alive!

Related Posts

Blog post image

Why I chose to rewrite TKDKid1000's Website with Firebase and Next.js

The 2 older versions of TKDKid1000's website worked, but they had their issues. In this article, I explain the history of these websites, and why and how I'm switching to Next.js and Firebase.

October 17, 2022
Blog post image

There are too many Javascript frameworks!

Too many Javascript frameworks! I'm literally gonna list some, my experiences with some, and why I am making my own...

October 17, 2022

You must be logged in to comment!

© 2023 TKDKid1000TermsPrivacy