From 949404cd1aad8492ae0338130f16054adfa38ab7 Mon Sep 17 00:00:00 2001 From: Neel Kamath Date: Sun, 13 May 2018 16:37:56 +0530 Subject: Prevent fucking shit up --- server/src/commands/core/changenick.js | 88 +++++++++++++++++++++ server/src/commands/core/chat.js | 62 +++++++++++++++ server/src/commands/core/disconnect.js | 21 +++++ server/src/commands/core/help.js | 49 ++++++++++++ server/src/commands/core/invite.js | 65 ++++++++++++++++ server/src/commands/core/join.js | 135 +++++++++++++++++++++++++++++++++ server/src/commands/core/morestats.js | 53 +++++++++++++ server/src/commands/core/move.js | 83 ++++++++++++++++++++ server/src/commands/core/stats.js | 32 ++++++++ 9 files changed, 588 insertions(+) create mode 100644 server/src/commands/core/changenick.js create mode 100644 server/src/commands/core/chat.js create mode 100644 server/src/commands/core/disconnect.js create mode 100644 server/src/commands/core/help.js create mode 100644 server/src/commands/core/invite.js create mode 100644 server/src/commands/core/join.js create mode 100644 server/src/commands/core/morestats.js create mode 100644 server/src/commands/core/move.js create mode 100644 server/src/commands/core/stats.js (limited to 'server/src/commands/core') diff --git a/server/src/commands/core/changenick.js b/server/src/commands/core/changenick.js new file mode 100644 index 0000000..4041bb0 --- /dev/null +++ b/server/src/commands/core/changenick.js @@ -0,0 +1,88 @@ +/* + Description: Generates a semi-unique channel name then broadcasts it to each client +*/ + +const verifyNickname = (nick) => { + return /^[a-zA-Z0-9_]{1,24}$/.test(nick); +}; + +exports.run = async (core, server, socket, data) => { + if (server._police.frisk(socket.remoteAddress, 6)) { + server.reply({ + cmd: 'warn', + text: 'You are changing nicknames too fast. Wait a moment before trying again.' + }, socket); + + return; + } + + if (typeof data.nick !== 'string') { + return; + } + + let newNick = data.nick.trim(); + + if (!verifyNickname(newNick)) { + server.reply({ + cmd: 'warn', + text: 'Nickname must consist of up to 24 letters, numbers, and underscores' + }, socket); + + return; + } + + if (newNick.toLowerCase() == core.config.adminName.toLowerCase()) { + server._police.frisk(socket.remoteAddress, 4); + + server.reply({ + cmd: 'warn', + text: 'Gtfo' + }, socket); + + return; + } + + let userExists = server.findSockets({ + channel: socket.channel, + nick: (targetNick) => targetNick.toLowerCase() === newNick.toLowerCase() + }); + + if (userExists.length > 0) { + // That nickname is already in that channel + server.reply({ + cmd: 'warn', + text: 'Nickname taken' + }, socket); + + return; + } + + let peerList = server.findSockets({ channel: socket.channel }); + let leaveNotice = { + cmd: 'onlineRemove', + nick: socket.nick + }; + let joinNotice = { + cmd: 'onlineAdd', + nick: newNick, + trip: socket.trip || 'null', + hash: server.getSocketHash(socket) + }; + + server.broadcast( leaveNotice, { channel: socket.channel }); + server.broadcast( joinNotice, { channel: socket.channel }); + server.broadcast( { + cmd: 'info', + text: `${socket.nick} is now ${newNick}` + }, { channel: socket.channel }); + + socket.nick = newNick; +}; + +exports.requiredData = ['nick']; + +exports.info = { + name: 'changenick', + usage: 'changenick {nick}', + description: 'This will change your current connections nickname' +}; diff --git a/server/src/commands/core/chat.js b/server/src/commands/core/chat.js new file mode 100644 index 0000000..bce6adb --- /dev/null +++ b/server/src/commands/core/chat.js @@ -0,0 +1,62 @@ +/* + Description: Rebroadcasts any `text` to all clients in a `channel` +*/ + +const parseText = (text) => { + if (typeof text !== 'string') { + return false; + } + + // strip newlines from beginning and end + text = text.replace(/^\s*\n|^\s+$|\n\s*$/g, ''); + // replace 3+ newlines with just 2 newlines + text = text.replace(/\n{3,}/g, "\n\n"); + + return text; +}; + +exports.run = async (core, server, socket, data) => { + let text = parseText(data.text); + if (!text) { + // lets not send objects or empty text, yea? + return; + } + + let score = text.length / 83 / 4; + if (server._police.frisk(socket.remoteAddress, score)) { + server.reply({ + cmd: 'warn', + text: 'You are sending too much text. Wait a moment and try again.\nPress the up arrow key to restore your last message.' + }, socket); + + return; + } + + let payload = { + cmd: 'chat', + nick: socket.nick, + text: text + }; + + if (socket.uType == 'admin') { + payload.admin = true; + } else if (socket.uType == 'mod') { + payload.mod = true; + } + + if (socket.trip) { + payload.trip = socket.trip; + } + + server.broadcast( payload, { channel: socket.channel }); + + core.managers.stats.increment('messages-sent'); +}; + +exports.requiredData = ['text']; + +exports.info = { + name: 'chat', + usage: 'chat {text}', + description: 'Broadcasts passed `text` field to the calling users channel' +}; \ No newline at end of file diff --git a/server/src/commands/core/disconnect.js b/server/src/commands/core/disconnect.js new file mode 100644 index 0000000..9b54214 --- /dev/null +++ b/server/src/commands/core/disconnect.js @@ -0,0 +1,21 @@ +/* + Description: This module will be directly called by the server event handler + when a socket connection is closed or lost. It can calso be called + by a client to have the connection severed. +*/ + +exports.run = async (core, server, socket, data) => { + if (socket.channel) { + server.broadcast({ + cmd: 'onlineRemove', + nick: socket.nick + }, { channel: socket.channel }); + } + + socket.terminate(); +}; + +exports.info = { + name: 'disconnect', + description: 'Event handler or force disconnect (if your into that kind of thing)' +}; \ No newline at end of file diff --git a/server/src/commands/core/help.js b/server/src/commands/core/help.js new file mode 100644 index 0000000..7f63d3d --- /dev/null +++ b/server/src/commands/core/help.js @@ -0,0 +1,49 @@ +/* + Description: Outputs the current command module list or command categories +*/ + +const stripIndents = require('common-tags').stripIndents; + +exports.run = async (core, server, socket, data) => { + // verify passed arguments + let typeDt = typeof data.type; + let catDt = typeof data.category; + let cmdDt = typeof data.command; + if (typeDt !== 'undefined' && typeDt !== 'string' ) { + return; + } else if (catDt !== 'undefined' && catDt !== 'string' ) { + return; + } else if (cmdDt !== 'undefined' && cmdDt !== 'string' ) { + return; + } + + // set default reply + let reply = stripIndents`Help usage: + Show all categories -> { cmd: 'help', type: 'categories' } + Show all commands in category -> { cmd: 'help', category: '' } + Show specific command -> { cmd: 'help', command: '' }`; + + if (typeDt !== 'undefined') { + let categories = core.commands.categories().sort(); + reply = `Command Categories:\n${categories.map(c => `- ${c.replace('../src/commands/', '')}`).join('\n')}`; + } else if (catDt !== 'undefined') { + let catCommands = core.commands.all('../src/commands/' + data.category).sort((a, b) => a.info.name.localeCompare(b.info.name)); + reply = `${data.category} commands:\n${catCommands.map(c => `- ${c.info.name}`).join('\n')}`; + } else if (cmdDt !== 'undefined') { + let command = core.commands.get(data.command); + reply = stripIndents` + Usage: ${command.info.usage || command.info.name} + Description: ${command.info.description || '¯\_(ツ)_/¯'}`; + } + + server.reply({ + cmd: 'info', + text: reply + }, socket); +}; + +exports.info = { + name: 'help', + usage: 'help ([ type:categories] | [category: | command: ])', + description: 'Outputs information about the servers current protocol' +}; \ No newline at end of file diff --git a/server/src/commands/core/invite.js b/server/src/commands/core/invite.js new file mode 100644 index 0000000..bcf9097 --- /dev/null +++ b/server/src/commands/core/invite.js @@ -0,0 +1,65 @@ +/* + Description: Generates a semi-unique channel name then broadcasts it to each client +*/ + +const verifyNickname = (nick) => { + return /^[a-zA-Z0-9_]{1,24}$/.test(nick); +}; + +exports.run = async (core, server, socket, data) => { + if (server._police.frisk(socket.remoteAddress, 2)) { + server.reply({ + cmd: 'warn', + text: 'You are sending invites too fast. Wait a moment before trying again.' + }, socket); + + return; + } + + if (typeof data.nick !== 'string') { + return; + } + + if (!verifyNickname(data.nick)) { + // Not a valid nickname? Chances are we won't find them + return; + } + + if (data.nick == socket.nick) { + // They invited themself + return; + } + + let channel = Math.random().toString(36).substr(2, 8); + + let payload = { + cmd: 'info', + invite: channel, + text: `${socket.nick} invited you to ?${channel}` + }; + let inviteSent = server.broadcast( payload, { channel: socket.channel, nick: data.nick }); + + if (!inviteSent) { + server.reply({ + cmd: 'warn', + text: 'Could not find user in channel' + }, socket); + + return; + } + + server.reply({ + cmd: 'info', + text: `You invited ${data.nick} to ?${channel}` + }, socket); + + core.managers.stats.increment('invites-sent'); +}; + +exports.requiredData = ['nick']; + +exports.info = { + name: 'invite', + usage: 'invite {nick}', + description: 'Generates a unique (more or less) room name and passes it to two clients' +}; \ No newline at end of file diff --git a/server/src/commands/core/join.js b/server/src/commands/core/join.js new file mode 100644 index 0000000..f2b2c9d --- /dev/null +++ b/server/src/commands/core/join.js @@ -0,0 +1,135 @@ +/* + Description: Initial entry point, applies `channel` and `nick` to the calling socket +*/ + +const crypto = require('crypto'); + +const hash = (password) => { + let sha = crypto.createHash('sha256'); + sha.update(password); + return sha.digest('base64').substr(0, 6); +}; + +const verifyNickname = (nick) => { + return /^[a-zA-Z0-9_]{1,24}$/.test(nick); +}; + +exports.run = async (core, server, socket, data) => { + if (server._police.frisk(socket.remoteAddress, 3)) { + server.reply({ + cmd: 'warn', + text: 'You are joining channels too fast. Wait a moment and try again.' + }, socket); + + return; + } + + if (typeof socket.channel !== 'undefined') { + // Calling socket already in a channel + return; + } + + if (typeof data.channel !== 'string' || typeof data.nick !== 'string') { + return; + } + + let channel = data.channel.trim(); + if (!channel) { + // Must join a non-blank channel + return; + } + + // Process nickname + let nick = data.nick; + let nickArray = nick.split('#', 2); + nick = nickArray[0].trim(); + + if (!verifyNickname(nick)) { + server.reply({ + cmd: 'warn', + text: 'Nickname must consist of up to 24 letters, numbers, and underscores' + }, socket); + + return; + } + + let userExists = server.findSockets({ + channel: data.channel, + nick: (targetNick) => targetNick.toLowerCase() === nick.toLowerCase() + }); + + if (userExists.length > 0) { + // That nickname is already in that channel + server.reply({ + cmd: 'warn', + text: 'Nickname taken' + }, socket); + + return; + } + + // TODO: Should we check for mod status first to prevent overwriting of admin status somehow? Meh, w/e, cba. + let uType = 'user'; + let trip = null; + let password = nickArray[1]; + if (nick.toLowerCase() == core.config.adminName.toLowerCase()) { + if (password != core.config.adminPass) { + server._police.frisk(socket.remoteAddress, 4); + + server.reply({ + cmd: 'warn', + text: 'Gtfo' + }, socket); + + return; + } else { + uType = 'admin'; + trip = 'Admin'; + } + } else if (password) { + trip = hash(password + core.config.tripSalt); + } + + // TODO: Disallow moderator impersonation + for (let mod of core.config.mods) { + if (trip === mod.trip) { + uType = 'mod'; + } + } + + // Reply with online user list + let newPeerList = server.findSockets({ channel: data.channel }); + let joinAnnouncement = { + cmd: 'onlineAdd', + nick: nick, + trip: trip || 'null', + hash: server.getSocketHash(socket) + }; + let nicks = []; + + for (let i = 0, l = newPeerList.length; i < l; i++) { + server.reply(joinAnnouncement, newPeerList[i]); + nicks.push(newPeerList[i].nick); + } + + socket.uType = uType; + socket.nick = nick; + socket.channel = channel; + if (trip !== null) socket.trip = trip; + nicks.push(socket.nick); + + server.reply({ + cmd: 'onlineSet', + nicks: nicks + }, socket); + + core.managers.stats.increment('users-joined'); +}; + +exports.requiredData = ['channel', 'nick']; + +exports.info = { + name: 'join', + usage: 'join {channel} {nick}', + description: 'Place calling socket into target channel with target nick & broadcast event to channel' +}; \ No newline at end of file diff --git a/server/src/commands/core/morestats.js b/server/src/commands/core/morestats.js new file mode 100644 index 0000000..5510cb1 --- /dev/null +++ b/server/src/commands/core/morestats.js @@ -0,0 +1,53 @@ +/* + Description: Outputs more info than the legacy stats command +*/ + +const stripIndents = require('common-tags').stripIndents; + +const formatTime = (time) => { + let seconds = time[0] + time[1] / 1e9; + + let minutes = Math.floor(seconds / 60); + seconds = seconds % 60; + + let hours = Math.floor(minutes / 60); + minutes = minutes % 60; + return `${hours.toFixed(0)}h ${minutes.toFixed(0)}m ${seconds.toFixed(0)}s`; +}; + +exports.run = async (core, server, socket, data) => { + let ips = {}; + let channels = {}; + for (let client of server.clients) { + if (client.channel) { + channels[client.channel] = true; + ips[client.remoteAddress] = true; + } + } + + let uniqueClientCount = Object.keys(ips).length; + let uniqueChannels = Object.keys(channels).length; + + ips = null; + channels = null; + + server.reply({ + cmd: 'info', + text: stripIndents`current-connections: ${uniqueClientCount} + current-channels: ${uniqueChannels} + users-joined: ${(core.managers.stats.get('users-joined') || 0)} + invites-sent: ${(core.managers.stats.get('invites-sent') || 0)} + messages-sent: ${(core.managers.stats.get('messages-sent') || 0)} + users-banned: ${(core.managers.stats.get('users-banned') || 0)} + users-kicked: ${(core.managers.stats.get('users-kicked') || 0)} + stats-requested: ${(core.managers.stats.get('stats-requested') || 0)} + server-uptime: ${formatTime(process.hrtime(core.managers.stats.get('start-time')))}` + }, socket); + + core.managers.stats.increment('stats-requested'); +}; + +exports.info = { + name: 'morestats', + description: 'Sends back current server stats to the calling client' +}; \ No newline at end of file diff --git a/server/src/commands/core/move.js b/server/src/commands/core/move.js new file mode 100644 index 0000000..c5efafd --- /dev/null +++ b/server/src/commands/core/move.js @@ -0,0 +1,83 @@ +/* + Description: Generates a semi-unique channel name then broadcasts it to each client +*/ + +exports.run = async (core, server, socket, data) => { + if (server._police.frisk(socket.remoteAddress, 6)) { + server.reply({ + cmd: 'warn', + text: 'You are changing channels too fast. Wait a moment before trying again.' + }, socket); + + return; + } + + if (typeof data.channel !== 'string') { + return; + } + + if (data.channel === socket.channel) { + // They are trying to rejoin the channel + return; + } + + const currentNick = socket.nick.toLowerCase(); + let userExists = server.findSockets({ + channel: data.channel, + nick: (targetNick) => targetNick.toLowerCase() === currentNick + }); + + if (userExists.length > 0) { + // That nickname is already in that channel + return; + } + + let peerList = server.findSockets({ channel: socket.channel }); + + if (peerList.length > 1) { + for (let i = 0, l = peerList.length; i < l; i++) { + server.reply({ + cmd: 'onlineRemove', + nick: peerList[i].nick + }, socket); + + if (socket.nick !== peerList[i].nick){ + server.reply({ + cmd: 'onlineRemove', + nick: socket.nick + }, peerList[i]); + } + } + } + + let newPeerList = server.findSockets({ channel: data.channel }); + let moveAnnouncement = { + cmd: 'onlineAdd', + nick: socket.nick, + trip: socket.trip || 'null', + hash: server.getSocketHash(socket) + }; + let nicks = []; + + for (let i = 0, l = newPeerList.length; i < l; i++) { + server.reply(moveAnnouncement, newPeerList[i]); + nicks.push(newPeerList[i].nick); + } + + nicks.push(socket.nick); + + server.reply({ + cmd: 'onlineSet', + nicks: nicks + }, socket); + + socket.channel = data.channel; +}; + +exports.requiredData = ['channel']; + +exports.info = { + name: 'move', + usage: 'move {channel}', + description: 'This will change the current channel to the new one provided' +}; \ No newline at end of file diff --git a/server/src/commands/core/stats.js b/server/src/commands/core/stats.js new file mode 100644 index 0000000..b9dc002 --- /dev/null +++ b/server/src/commands/core/stats.js @@ -0,0 +1,32 @@ +/* + Description: Legacy stats output, kept for compatibility, outputs user and channel count +*/ + +exports.run = async (core, server, socket, data) => { + let ips = {}; + let channels = {}; + for (let client of server.clients) { + if (client.channel) { + channels[client.channel] = true; + ips[client.remoteAddress] = true; + } + } + + let uniqueClientCount = Object.keys(ips).length; + let uniqueChannels = Object.keys(channels).length; + + ips = null; + channels = null; + + server.reply({ + cmd: 'info', + text: `${uniqueClientCount} unique IPs in ${uniqueChannels} channels` + }, socket); + + core.managers.stats.increment('stats-requested'); +}; + +exports.info = { + name: 'stats', + description: 'Sends back legacy server stats to the calling client' +}; \ No newline at end of file -- cgit v1.2.1