From 949404cd1aad8492ae0338130f16054adfa38ab7 Mon Sep 17 00:00:00 2001
From: Neel Kamath <neelkamath@protonmail.com>
Date: Sun, 13 May 2018 16:37:56 +0530
Subject: Prevent fucking shit up

---
 server/src/commands/admin/addmod.js     |  47 +++++++++++
 server/src/commands/admin/listusers.js  |  38 +++++++++
 server/src/commands/admin/reload.js     |  35 +++++++++
 server/src/commands/admin/saveconfig.js |  36 +++++++++
 server/src/commands/admin/shout.js      |  23 ++++++
 server/src/commands/core/changenick.js  |  88 +++++++++++++++++++++
 server/src/commands/core/chat.js        |  62 +++++++++++++++
 server/src/commands/core/disconnect.js  |  21 +++++
 server/src/commands/core/help.js        |  49 ++++++++++++
 server/src/commands/core/invite.js      |  65 +++++++++++++++
 server/src/commands/core/join.js        | 135 ++++++++++++++++++++++++++++++++
 server/src/commands/core/morestats.js   |  53 +++++++++++++
 server/src/commands/core/move.js        |  83 ++++++++++++++++++++
 server/src/commands/core/stats.js       |  32 ++++++++
 server/src/commands/mod/ban.js          |  64 +++++++++++++++
 server/src/commands/mod/kick.js         |  78 ++++++++++++++++++
 server/src/commands/mod/unban.js        |  55 +++++++++++++
 17 files changed, 964 insertions(+)
 create mode 100644 server/src/commands/admin/addmod.js
 create mode 100644 server/src/commands/admin/listusers.js
 create mode 100644 server/src/commands/admin/reload.js
 create mode 100644 server/src/commands/admin/saveconfig.js
 create mode 100644 server/src/commands/admin/shout.js
 create mode 100644 server/src/commands/core/changenick.js
 create mode 100644 server/src/commands/core/chat.js
 create mode 100644 server/src/commands/core/disconnect.js
 create mode 100644 server/src/commands/core/help.js
 create mode 100644 server/src/commands/core/invite.js
 create mode 100644 server/src/commands/core/join.js
 create mode 100644 server/src/commands/core/morestats.js
 create mode 100644 server/src/commands/core/move.js
 create mode 100644 server/src/commands/core/stats.js
 create mode 100644 server/src/commands/mod/ban.js
 create mode 100644 server/src/commands/mod/kick.js
 create mode 100644 server/src/commands/mod/unban.js

(limited to 'server/src/commands')

diff --git a/server/src/commands/admin/addmod.js b/server/src/commands/admin/addmod.js
new file mode 100644
index 0000000..4c13b22
--- /dev/null
+++ b/server/src/commands/admin/addmod.js
@@ -0,0 +1,47 @@
+/*
+  Description: Adds the target trip to the mod list then elevates the uType
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (socket.uType != 'admin') {
+    // ignore if not admin
+    return;
+  }
+
+  let mod = {
+    trip: data.trip
+  }
+
+  core.config.mods.push(mod); // purposely not using `config.set()` to avoid auto-save
+
+  let newMod = server.findSockets({ trip: data.trip });
+
+  if (newMod.length !== 0) {
+    for (let i = 0, l = newMod.length; i < l; i++) {
+      newMod[i].uType = 'mod';
+
+      server.send({
+        cmd: 'info',
+        text: 'You are now a mod.'
+      }, newMod[i]);
+    }
+  }
+
+  server.reply({
+    cmd: 'info',
+    text: `Added mod trip: ${data.trip}`
+  }, socket);
+
+  server.broadcast({
+    cmd: 'info',
+    text: `Added mod trip: ${data.trip}`
+  }, { uType: 'mod' });
+};
+
+exports.requiredData = ['trip'];
+
+exports.info = {
+  name: 'addmod',
+  usage: 'addmod {trip}',
+  description: 'Adds target trip to the config as a mod and upgrades the socket type'
+};
diff --git a/server/src/commands/admin/listusers.js b/server/src/commands/admin/listusers.js
new file mode 100644
index 0000000..a539a3c
--- /dev/null
+++ b/server/src/commands/admin/listusers.js
@@ -0,0 +1,38 @@
+/*
+  Description: Outputs all current channels and their user nicks
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (socket.uType != 'admin') {
+    // ignore if not admin
+    return;
+  }
+
+  let channels = {};
+  for (var client of server.clients) {
+    if (client.channel) {
+      if (!channels[client.channel]) {
+        channels[client.channel] = [];
+      }
+      channels[client.channel].push(client.nick);
+    }
+  }
+
+  let lines = [];
+  for (let channel in channels) {
+    lines.push(`?${channel} ${channels[channel].join(", ")}`);
+  }
+
+  let text = '';
+  text += lines.join("\n");
+
+  server.reply({
+    cmd: 'info',
+    text: text
+  }, socket);
+};
+
+exports.info = {
+  name: 'listusers',
+  description: 'Outputs all current channels and sockets in those channels'
+};
diff --git a/server/src/commands/admin/reload.js b/server/src/commands/admin/reload.js
new file mode 100644
index 0000000..e2cfbe6
--- /dev/null
+++ b/server/src/commands/admin/reload.js
@@ -0,0 +1,35 @@
+/*
+  Description: Clears and resets the command modules, outputting any errors
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (socket.uType != 'admin') {
+    // ignore if not admin
+    return;
+  }
+
+  let loadResult = core.managers.dynamicImports.reloadDirCache('src/commands');
+  loadResult += core.commands.loadCommands();
+
+  if (loadResult == '') {
+    loadResult = `Loaded ${core.commands._commands.length} commands, 0 errors`;
+  } else {
+    loadResult = `Loaded ${core.commands._commands.length} commands, error(s): ${loadResult}`;
+  }
+
+  server.reply({
+    cmd: 'info',
+    text: loadResult
+  }, socket);
+
+  server.broadcast({
+    cmd: 'info',
+    text: loadResult
+  }, { uType: 'mod' });
+};
+
+exports.info = {
+  name: 'reload',
+  description: '(Re)loads any new commands into memory, outputs errors if any'
+};
+
diff --git a/server/src/commands/admin/saveconfig.js b/server/src/commands/admin/saveconfig.js
new file mode 100644
index 0000000..ed3a312
--- /dev/null
+++ b/server/src/commands/admin/saveconfig.js
@@ -0,0 +1,36 @@
+/*
+  Description: Writes any changes to the config to the disk
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (socket.uType != 'admin') {
+    // ignore if not admin
+    return;
+  }
+
+  let saveResult = core.managers.config.save();
+
+  if (!saveResult) {
+    server.reply({
+      cmd: 'warn',
+      text: 'Failed to save config, check logs.'
+    }, client);
+
+    return;
+  }
+
+  server.reply({
+    cmd: 'info',
+    text: 'Config saved!'
+  }, socket);
+
+  server.broadcast({
+    cmd: 'info',
+    text: 'Config saved!'
+  }, { uType: 'mod' });
+};
+
+exports.info = {
+  name: 'saveconfig',
+  description: 'Saves current config'
+};
diff --git a/server/src/commands/admin/shout.js b/server/src/commands/admin/shout.js
new file mode 100644
index 0000000..1358dd9
--- /dev/null
+++ b/server/src/commands/admin/shout.js
@@ -0,0 +1,23 @@
+/*
+  Description: Emmits a server-wide message as `info`
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (socket.uType != 'admin') {
+    // ignore if not admin
+    return;
+  }
+
+  server.broadcast( {
+    cmd: 'info',
+    text: `Server Notice: ${data.text}`
+  }, {});
+};
+
+exports.requiredData = ['text'];
+
+exports.info = {
+  name: 'shout',
+  usage: 'shout {text}',
+  description: 'Displays passed text to every client connected'
+};
\ No newline at end of file
diff --git a/server/src/commands/core/changenick.js b/server/src/commands/core/changenick.js
new file mode 100644
index 0000000..4041bb0
--- /dev/null
+++ b/server/src/commands/core/changenick.js
@@ -0,0 +1,88 @@
+/*
+  Description: Generates a semi-unique channel name then broadcasts it to each client
+*/
+
+const verifyNickname = (nick) => {
+  return /^[a-zA-Z0-9_]{1,24}$/.test(nick);
+};
+
+exports.run = async (core, server, socket, data) => {
+  if (server._police.frisk(socket.remoteAddress, 6)) {
+    server.reply({
+      cmd: 'warn',
+      text: 'You are changing nicknames too fast. Wait a moment before trying again.'
+    }, socket);
+
+    return;
+  }
+
+  if (typeof data.nick !== 'string') {
+    return;
+  }
+
+  let newNick = data.nick.trim();
+
+  if (!verifyNickname(newNick)) {
+    server.reply({
+      cmd: 'warn',
+      text: 'Nickname must consist of up to 24 letters, numbers, and underscores'
+    }, socket);
+
+    return;
+  }
+
+  if (newNick.toLowerCase() == core.config.adminName.toLowerCase()) {
+    server._police.frisk(socket.remoteAddress, 4);
+
+    server.reply({
+      cmd: 'warn',
+      text: 'Gtfo'
+    }, socket);
+
+    return;
+  }
+
+  let userExists = server.findSockets({
+    channel: socket.channel,
+    nick: (targetNick) => targetNick.toLowerCase() === newNick.toLowerCase()
+  });
+
+  if (userExists.length > 0) {
+    // That nickname is already in that channel
+    server.reply({
+      cmd: 'warn',
+      text: 'Nickname taken'
+    }, socket);
+
+    return;
+  }
+
+  let peerList = server.findSockets({ channel: socket.channel });
+  let leaveNotice = {
+    cmd: 'onlineRemove',
+    nick: socket.nick
+  };
+  let joinNotice = {
+    cmd: 'onlineAdd',
+    nick: newNick,
+    trip: socket.trip || 'null',
+    hash: server.getSocketHash(socket)
+  };
+
+  server.broadcast( leaveNotice, { channel: socket.channel });
+  server.broadcast( joinNotice, { channel: socket.channel });
+  server.broadcast( {
+    cmd: 'info',
+    text: `${socket.nick} is now ${newNick}`
+  }, { channel: socket.channel });
+
+  socket.nick = newNick;
+};
+
+exports.requiredData = ['nick'];
+
+exports.info = {
+  name: 'changenick',
+  usage: 'changenick {nick}',
+  description: 'This will change your current connections nickname'
+};
diff --git a/server/src/commands/core/chat.js b/server/src/commands/core/chat.js
new file mode 100644
index 0000000..bce6adb
--- /dev/null
+++ b/server/src/commands/core/chat.js
@@ -0,0 +1,62 @@
+/*
+  Description: Rebroadcasts any `text` to all clients in a `channel`
+*/
+
+const parseText = (text) => {
+  if (typeof text !== 'string') {
+    return false;
+  }
+
+  // strip newlines from beginning and end
+  text = text.replace(/^\s*\n|^\s+$|\n\s*$/g, '');
+  // replace 3+ newlines with just 2 newlines
+  text = text.replace(/\n{3,}/g, "\n\n");
+
+  return text;
+};
+
+exports.run = async (core, server, socket, data) => {
+  let text = parseText(data.text);
+  if (!text) {
+    // lets not send objects or empty text, yea?
+    return;
+  }
+
+  let score = text.length / 83 / 4;
+  if (server._police.frisk(socket.remoteAddress, score)) {
+    server.reply({
+      cmd: 'warn',
+      text: 'You are sending too much text. Wait a moment and try again.\nPress the up arrow key to restore your last message.'
+    }, socket);
+
+    return;
+  }
+
+  let payload = {
+    cmd: 'chat',
+    nick: socket.nick,
+    text: text
+  };
+
+  if (socket.uType == 'admin') {
+    payload.admin = true;
+  } else if (socket.uType == 'mod') {
+    payload.mod = true;
+  }
+
+  if (socket.trip) {
+    payload.trip = socket.trip;
+  }
+
+  server.broadcast( payload, { channel: socket.channel });
+
+  core.managers.stats.increment('messages-sent');
+};
+
+exports.requiredData = ['text'];
+
+exports.info = {
+  name: 'chat',
+  usage: 'chat {text}',
+  description: 'Broadcasts passed `text` field to the calling users channel'
+};
\ No newline at end of file
diff --git a/server/src/commands/core/disconnect.js b/server/src/commands/core/disconnect.js
new file mode 100644
index 0000000..9b54214
--- /dev/null
+++ b/server/src/commands/core/disconnect.js
@@ -0,0 +1,21 @@
+/*
+  Description: This module will be directly called by the server event handler
+               when a socket connection is closed or lost. It can calso be called
+               by a client to have the connection severed.
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (socket.channel) {
+    server.broadcast({
+      cmd: 'onlineRemove',
+      nick: socket.nick
+    }, { channel: socket.channel });
+  }
+
+  socket.terminate();
+};
+
+exports.info = {
+  name: 'disconnect',
+  description: 'Event handler or force disconnect (if your into that kind of thing)'
+};
\ No newline at end of file
diff --git a/server/src/commands/core/help.js b/server/src/commands/core/help.js
new file mode 100644
index 0000000..7f63d3d
--- /dev/null
+++ b/server/src/commands/core/help.js
@@ -0,0 +1,49 @@
+/*
+  Description: Outputs the current command module list or command categories
+*/
+
+const stripIndents = require('common-tags').stripIndents;
+
+exports.run = async (core, server, socket, data) => {
+  // verify passed arguments
+  let typeDt = typeof data.type;
+  let catDt = typeof data.category;
+  let cmdDt = typeof data.command;
+  if (typeDt !== 'undefined' && typeDt !== 'string' ) {
+    return;
+  } else if (catDt !== 'undefined' && catDt !== 'string' ) {
+    return;
+  } else if (cmdDt !== 'undefined' && cmdDt !== 'string' ) {
+    return;
+  }
+
+  // set default reply
+  let reply = stripIndents`Help usage:
+    Show all categories -> { cmd: 'help', type: 'categories' }
+    Show all commands in category -> { cmd: 'help', category: '<category name>' }
+    Show specific command -> { cmd: 'help', command: '<command name>' }`;
+
+  if (typeDt !== 'undefined') {
+    let categories = core.commands.categories().sort();
+    reply = `Command Categories:\n${categories.map(c => `- ${c.replace('../src/commands/', '')}`).join('\n')}`;
+  } else if (catDt !== 'undefined') {
+    let catCommands = core.commands.all('../src/commands/' + data.category).sort((a, b) => a.info.name.localeCompare(b.info.name));
+    reply = `${data.category} commands:\n${catCommands.map(c => `- ${c.info.name}`).join('\n')}`;
+  } else if (cmdDt !== 'undefined') {
+    let command = core.commands.get(data.command);
+    reply = stripIndents`
+      Usage: ${command.info.usage || command.info.name}
+      Description: ${command.info.description || '¯\_(ツ)_/¯'}`;
+  }
+
+  server.reply({
+    cmd: 'info',
+    text: reply
+  }, socket);
+};
+
+exports.info = {
+  name: 'help',
+  usage: 'help ([ type:categories] | [category:<category name> | command:<command name> ])',
+  description: 'Outputs information about the servers current protocol'
+};
\ No newline at end of file
diff --git a/server/src/commands/core/invite.js b/server/src/commands/core/invite.js
new file mode 100644
index 0000000..bcf9097
--- /dev/null
+++ b/server/src/commands/core/invite.js
@@ -0,0 +1,65 @@
+/*
+  Description: Generates a semi-unique channel name then broadcasts it to each client
+*/
+
+const verifyNickname = (nick) => {
+  return /^[a-zA-Z0-9_]{1,24}$/.test(nick);
+};
+
+exports.run = async (core, server, socket, data) => {
+  if (server._police.frisk(socket.remoteAddress, 2)) {
+    server.reply({
+      cmd: 'warn',
+      text: 'You are sending invites too fast. Wait a moment before trying again.'
+    }, socket);
+
+    return;
+  }
+
+  if (typeof data.nick !== 'string') {
+    return;
+  }
+
+  if (!verifyNickname(data.nick)) {
+    // Not a valid nickname? Chances are we won't find them
+    return;
+  }
+
+  if (data.nick == socket.nick) {
+    // They invited themself
+    return;
+  }
+  
+  let channel = Math.random().toString(36).substr(2, 8);
+
+  let payload = {
+    cmd: 'info',
+    invite: channel,
+    text: `${socket.nick} invited you to ?${channel}`
+  };
+  let inviteSent = server.broadcast( payload, { channel: socket.channel, nick: data.nick });
+
+  if (!inviteSent) {
+    server.reply({
+      cmd: 'warn',
+      text: 'Could not find user in channel'
+    }, socket);
+
+    return;
+  }
+
+  server.reply({
+    cmd: 'info',
+    text: `You invited ${data.nick} to ?${channel}`
+  }, socket);
+
+  core.managers.stats.increment('invites-sent');
+};
+
+exports.requiredData = ['nick'];
+
+exports.info = {
+  name: 'invite',
+  usage: 'invite {nick}',
+  description: 'Generates a unique (more or less) room name and passes it to two clients'
+};
\ No newline at end of file
diff --git a/server/src/commands/core/join.js b/server/src/commands/core/join.js
new file mode 100644
index 0000000..f2b2c9d
--- /dev/null
+++ b/server/src/commands/core/join.js
@@ -0,0 +1,135 @@
+/*
+  Description: Initial entry point, applies `channel` and `nick` to the calling socket
+*/
+
+const crypto = require('crypto');
+
+const hash = (password) => {
+  let sha = crypto.createHash('sha256');
+  sha.update(password);
+  return sha.digest('base64').substr(0, 6);
+};
+
+const verifyNickname = (nick) => {
+  return /^[a-zA-Z0-9_]{1,24}$/.test(nick);
+};
+
+exports.run = async (core, server, socket, data) => {
+  if (server._police.frisk(socket.remoteAddress, 3)) {
+    server.reply({
+      cmd: 'warn',
+      text: 'You are joining channels too fast. Wait a moment and try again.'
+    }, socket);
+
+    return;
+  }
+
+  if (typeof socket.channel !== 'undefined') {
+    // Calling socket already in a channel
+    return;
+  }
+
+  if (typeof data.channel !== 'string' || typeof data.nick !== 'string') {
+    return;
+  }
+
+  let channel = data.channel.trim();
+  if (!channel) {
+    // Must join a non-blank channel
+    return;
+  }
+
+  // Process nickname
+  let nick = data.nick;
+  let nickArray = nick.split('#', 2);
+  nick = nickArray[0].trim();
+
+  if (!verifyNickname(nick)) {
+    server.reply({
+      cmd: 'warn',
+      text: 'Nickname must consist of up to 24 letters, numbers, and underscores'
+    }, socket);
+
+    return;
+  }
+
+  let userExists = server.findSockets({
+    channel: data.channel,
+    nick: (targetNick) => targetNick.toLowerCase() === nick.toLowerCase()
+  });
+
+  if (userExists.length > 0) {
+    // That nickname is already in that channel
+    server.reply({
+      cmd: 'warn',
+      text: 'Nickname taken'
+    }, socket);
+
+    return;
+  }
+
+  // TODO: Should we check for mod status first to prevent overwriting of admin status somehow? Meh, w/e, cba.
+  let uType = 'user';
+  let trip = null;
+  let password = nickArray[1];
+  if (nick.toLowerCase() == core.config.adminName.toLowerCase()) {
+    if (password != core.config.adminPass) {
+      server._police.frisk(socket.remoteAddress, 4);
+
+      server.reply({
+        cmd: 'warn',
+        text: 'Gtfo'
+      }, socket);
+
+      return;
+    } else {
+      uType = 'admin';
+      trip = 'Admin';
+    }
+  } else if (password) {
+    trip = hash(password + core.config.tripSalt);
+  }
+
+  // TODO: Disallow moderator impersonation
+  for (let mod of core.config.mods) {
+    if (trip === mod.trip) {
+      uType = 'mod';
+    }
+  }
+
+  // Reply with online user list
+  let newPeerList = server.findSockets({ channel: data.channel });
+  let joinAnnouncement = {
+    cmd: 'onlineAdd',
+    nick: nick,
+    trip: trip || 'null',
+    hash: server.getSocketHash(socket)
+  };
+  let nicks = [];
+
+  for (let i = 0, l = newPeerList.length; i < l; i++) {
+    server.reply(joinAnnouncement, newPeerList[i]);
+    nicks.push(newPeerList[i].nick);
+  }
+
+  socket.uType = uType;
+  socket.nick = nick;
+  socket.channel = channel;
+  if (trip !== null) socket.trip = trip;
+  nicks.push(socket.nick);
+
+  server.reply({
+    cmd: 'onlineSet',
+    nicks: nicks
+  }, socket);
+
+  core.managers.stats.increment('users-joined');
+};
+
+exports.requiredData = ['channel', 'nick'];
+
+exports.info = {
+  name: 'join',
+  usage: 'join {channel} {nick}',
+  description: 'Place calling socket into target channel with target nick & broadcast event to channel'
+};
\ No newline at end of file
diff --git a/server/src/commands/core/morestats.js b/server/src/commands/core/morestats.js
new file mode 100644
index 0000000..5510cb1
--- /dev/null
+++ b/server/src/commands/core/morestats.js
@@ -0,0 +1,53 @@
+/*
+  Description: Outputs more info than the legacy stats command
+*/
+
+const stripIndents = require('common-tags').stripIndents;
+
+const formatTime = (time) => {
+  let seconds = time[0] + time[1] / 1e9;
+
+  let minutes = Math.floor(seconds / 60);
+  seconds = seconds % 60;
+
+  let hours = Math.floor(minutes / 60);
+  minutes = minutes % 60;
+  return `${hours.toFixed(0)}h ${minutes.toFixed(0)}m ${seconds.toFixed(0)}s`;
+};
+
+exports.run = async (core, server, socket, data) => {
+  let ips = {};
+  let channels = {};
+  for (let client of server.clients) {
+    if (client.channel) {
+      channels[client.channel] = true;
+      ips[client.remoteAddress] = true;
+    }
+  }
+
+  let uniqueClientCount = Object.keys(ips).length;
+  let uniqueChannels = Object.keys(channels).length;
+
+  ips = null;
+  channels = null;
+
+  server.reply({
+    cmd: 'info',
+    text: stripIndents`current-connections: ${uniqueClientCount}
+                       current-channels: ${uniqueChannels}
+                       users-joined: ${(core.managers.stats.get('users-joined') || 0)}
+                       invites-sent: ${(core.managers.stats.get('invites-sent') || 0)}
+                       messages-sent: ${(core.managers.stats.get('messages-sent') || 0)}
+                       users-banned: ${(core.managers.stats.get('users-banned') || 0)}
+                       users-kicked: ${(core.managers.stats.get('users-kicked') || 0)}
+                       stats-requested: ${(core.managers.stats.get('stats-requested') || 0)}
+                       server-uptime: ${formatTime(process.hrtime(core.managers.stats.get('start-time')))}`
+  }, socket);
+
+  core.managers.stats.increment('stats-requested');
+};
+
+exports.info = {
+  name: 'morestats',
+  description: 'Sends back current server stats to the calling client'
+};
\ No newline at end of file
diff --git a/server/src/commands/core/move.js b/server/src/commands/core/move.js
new file mode 100644
index 0000000..c5efafd
--- /dev/null
+++ b/server/src/commands/core/move.js
@@ -0,0 +1,83 @@
+/*
+  Description: Generates a semi-unique channel name then broadcasts it to each client
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (server._police.frisk(socket.remoteAddress, 6)) {
+    server.reply({
+      cmd: 'warn',
+      text: 'You are changing channels too fast. Wait a moment before trying again.'
+    }, socket);
+
+    return;
+  }
+
+  if (typeof data.channel !== 'string') {
+    return;
+  }
+
+  if (data.channel === socket.channel) {
+    // They are trying to rejoin the channel
+    return;
+  }
+
+  const currentNick = socket.nick.toLowerCase();
+  let userExists = server.findSockets({
+    channel: data.channel,
+    nick: (targetNick) => targetNick.toLowerCase() === currentNick
+  });
+
+  if (userExists.length > 0) {
+    // That nickname is already in that channel
+    return;
+  }
+
+  let peerList = server.findSockets({ channel: socket.channel });
+
+  if (peerList.length > 1) {
+    for (let i = 0, l = peerList.length; i < l; i++) {
+      server.reply({
+        cmd: 'onlineRemove',
+        nick: peerList[i].nick
+      }, socket);
+
+      if (socket.nick !== peerList[i].nick){
+        server.reply({
+          cmd: 'onlineRemove',
+          nick: socket.nick
+        }, peerList[i]);
+      }
+    }
+  }
+
+  let newPeerList = server.findSockets({ channel: data.channel });
+  let moveAnnouncement = {
+    cmd: 'onlineAdd',
+    nick: socket.nick,
+    trip: socket.trip || 'null',
+    hash: server.getSocketHash(socket)
+  };
+  let nicks = [];
+
+  for (let i = 0, l = newPeerList.length; i < l; i++) {
+    server.reply(moveAnnouncement, newPeerList[i]);
+    nicks.push(newPeerList[i].nick);
+  }
+
+  nicks.push(socket.nick);
+
+  server.reply({
+    cmd: 'onlineSet',
+    nicks: nicks
+  }, socket);
+
+  socket.channel = data.channel;
+};
+
+exports.requiredData = ['channel'];
+
+exports.info = {
+  name: 'move',
+  usage: 'move {channel}',
+  description: 'This will change the current channel to the new one provided'
+};
\ No newline at end of file
diff --git a/server/src/commands/core/stats.js b/server/src/commands/core/stats.js
new file mode 100644
index 0000000..b9dc002
--- /dev/null
+++ b/server/src/commands/core/stats.js
@@ -0,0 +1,32 @@
+/*
+  Description: Legacy stats output, kept for compatibility, outputs user and channel count
+*/
+
+exports.run = async (core, server, socket, data) => {
+  let ips = {};
+  let channels = {};
+  for (let client of server.clients) {
+    if (client.channel) {
+      channels[client.channel] = true;
+      ips[client.remoteAddress] = true;
+    }
+  }
+
+  let uniqueClientCount = Object.keys(ips).length;
+  let uniqueChannels = Object.keys(channels).length;
+
+  ips = null;
+  channels = null;
+
+  server.reply({
+    cmd: 'info',
+    text: `${uniqueClientCount} unique IPs in ${uniqueChannels} channels`
+  }, socket);
+
+  core.managers.stats.increment('stats-requested');
+};
+
+exports.info = {
+  name: 'stats',
+  description: 'Sends back legacy server stats to the calling client'
+};
\ No newline at end of file
diff --git a/server/src/commands/mod/ban.js b/server/src/commands/mod/ban.js
new file mode 100644
index 0000000..e19efc2
--- /dev/null
+++ b/server/src/commands/mod/ban.js
@@ -0,0 +1,64 @@
+/*
+  Description: Adds the target socket's ip to the ratelimiter
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (socket.uType == 'user') {
+    // ignore if not mod or admin
+    return;
+  }
+
+  if (typeof data.nick !== 'string') {
+    return;
+  }
+
+  let targetNick = data.nick;
+  let badClient = server.findSockets({ channel: socket.channel, nick: targetNick });
+
+  if (badClient.length === 0) {
+    server.reply({
+      cmd: 'warn',
+      text: 'Could not find user in channel'
+    }, socket);
+
+    return;
+  }
+
+  badClient = badClient[0];
+
+  if (badClient.uType !== 'user') {
+    server.reply({
+      cmd: 'warn',
+      text: 'Cannot ban other mods, how rude'
+    }, socket);
+
+    return;
+  }
+
+  let clientHash = server.getSocketHash(badClient);
+  server._police.arrest(badClient.remoteAddress, clientHash);
+
+  console.log(`${socket.nick} [${socket.trip}] banned ${targetNick} in ${socket.channel}`);
+
+  server.broadcast({
+    cmd: 'info',
+    text: `Banned ${targetNick}`
+  }, { channel: socket.channel, uType: 'user' });
+
+  server.broadcast({
+    cmd: 'info',
+    text: `${socket.nick} banned ${targetNick} in ${socket.channel}, userhash: ${clientHash}`
+  }, { uType: 'mod' });
+
+  badClient.close();
+
+  core.managers.stats.increment('users-banned');
+};
+
+exports.requiredData = ['nick'];
+
+exports.info = {
+  name: 'ban',
+  usage: 'ban {nick}',
+  description: 'Disconnects the target nickname in the same channel as calling socket & adds to ratelimiter'
+};
diff --git a/server/src/commands/mod/kick.js b/server/src/commands/mod/kick.js
new file mode 100644
index 0000000..157592d
--- /dev/null
+++ b/server/src/commands/mod/kick.js
@@ -0,0 +1,78 @@
+/*
+  Description: Forces a change on the target socket's channel, then broadcasts event
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (socket.uType === 'user') {
+    // ignore if not mod or admin
+    return;
+  }
+
+  if (typeof data.nick !== 'string') {
+    if (typeof data.nick !== 'object' && !Array.isArray(data.nick)) {
+      return;
+    }
+  }
+
+  let badClients = server.findSockets({ channel: socket.channel, nick: data.nick });
+
+  if (badClients.length === 0) {
+    server.reply({
+      cmd: 'warn',
+      text: 'Could not find user(s) in channel'
+    }, socket);
+
+    return;
+  }
+
+  let newChannel = '';
+  let kicked = [];
+  for (let i = 0, j = badClients.length; i < j; i++) {
+    if (badClients[i].uType !== 'user') {
+      server.reply({
+        cmd: 'warn',
+        text: 'Cannot kick other mods, how rude'
+      }, socket);
+    } else {
+      newChannel = Math.random().toString(36).substr(2, 8);
+      badClients[i].channel = newChannel;
+
+      // inform mods with where they were sent
+      server.broadcast({
+        cmd: 'info',
+        text: `${badClients[i].nick} was banished to ?${newChannel}`
+      }, { channel: socket.channel, uType: 'mod' });
+
+      kicked.push(badClients[i].nick);
+      console.log(`${socket.nick} [${socket.trip}] kicked ${badClients[i].nick} in ${socket.channel}`);
+    }
+  }
+
+  if (kicked.length === 0) {
+    return;
+  }
+
+  // broadcast client leave event
+  for (let i = 0, j = kicked.length; i < j; i++) {
+    server.broadcast({
+      cmd: 'onlineRemove',
+      nick: kicked[i]
+    }, { channel: socket.channel });
+  }
+
+  // publicly broadcast kick event
+  server.broadcast({
+    cmd: 'info',
+    text: `Kicked ${kicked.join(', ')}`
+  }, { channel: socket.channel, uType: 'user' });
+
+  core.managers.stats.increment('users-kicked', kicked.length);
+};
+
+exports.requiredData = ['nick'];
+
+exports.info = {
+  name: 'kick',
+  usage: 'kick {nick}',
+  description: 'Silently forces target client(s) into another channel. `nick` may be string or array of strings'
+};
\ No newline at end of file
diff --git a/server/src/commands/mod/unban.js b/server/src/commands/mod/unban.js
new file mode 100644
index 0000000..e82f0b9
--- /dev/null
+++ b/server/src/commands/mod/unban.js
@@ -0,0 +1,55 @@
+/*
+  Description: Removes a target ip from the ratelimiter
+*/
+
+exports.run = async (core, server, socket, data) => {
+  if (socket.uType == 'user') {
+    // ignore if not mod or admin
+    return;
+  }
+
+  if (typeof data.ip !== 'string' && typeof data.hash !== 'string') {
+    server.reply({
+      cmd: 'warn',
+      text: "hash:'targethash' or ip:'1.2.3.4' is required"
+    }, socket);
+
+    return;
+  }
+
+  let mode, target;
+
+  if (typeof data.ip === 'string') {
+    mode = 'ip';
+    target = data.ip;
+  } else {
+    mode = 'hash';
+    target = data.hash;
+  }
+
+  server._police.pardon(target);
+
+  if (mode === 'ip') {
+    target = server.getSocketHash(target);
+  }
+
+  console.log(`${socket.nick} [${socket.trip}] unbanned ${target} in ${socket.channel}`);
+
+  server.reply({
+    cmd: 'info',
+    text: `Unbanned ${target}`
+  }, socket);
+
+  server.broadcast({
+    cmd: 'info',
+    text: `${socket.nick} unbanned: ${target}`
+  }, { uType: 'mod' });
+
+  core.managers.stats.decrement('users-banned');
+};
+
+exports.info = {
+  name: 'unban',
+  usage: 'unban {[ip || hash]}',
+  description: 'Removes target ip from the ratelimiter'
+};
\ No newline at end of file
-- 
cgit v1.2.1