@ -17,7 +17,6 @@ const app = express();
const server = http . createServer ( app ) ;
const server = http . createServer ( app ) ;
const io = socketio ( server ) ;
const io = socketio ( server ) ;
const store = dirty ( ) ;
const store = dirty ( ) ;
var banlist ;
var jwkey ;
var jwkey ;
try {
try {
jwkey = JWK . asKey ( readFileSync ( './config/jwt.pem' ) ) ;
jwkey = JWK . asKey ( readFileSync ( './config/jwt.pem' ) ) ;
@ -77,7 +76,7 @@ async function init(){
else res . status ( 404 ) . render ( '404.njk' , njkconf ) ;
else res . status ( 404 ) . render ( '404.njk' , njkconf ) ;
//res.status(404).render('404.njk', njkconf);
//res.status(404).render('404.njk', njkconf);
} ) ;
} ) ;
banlist = new dirty ( './config/bans.db' ) . on ( 'load' , ( ) = > { initChat ( ) } ) ;
await initChat ( ) ;
server . listen ( config [ 'http' ] [ 'port' ] ) ;
server . listen ( config [ 'http' ] [ 'port' ] ) ;
}
}
@ -254,6 +253,7 @@ async function initAPI() {
api . register ( req . body . username , req . body . password , req . body . confirm , true ) . then ( ( result ) = > {
api . register ( req . body . username , req . body . password , req . body . confirm , true ) . then ( ( result ) = > {
if ( result [ 0 ] ) return genToken ( req . body . username ) . then ( ( t ) = > {
if ( result [ 0 ] ) return genToken ( req . body . username ) . then ( ( t ) = > {
res . cookie ( 'Authorization' , t , { maxAge : 604800000 , httpOnly : true , sameSite : 'Lax' } ) ;
res . cookie ( 'Authorization' , t , { maxAge : 604800000 , httpOnly : true , sameSite : 'Lax' } ) ;
res . cookie ( 'X-Auth-As' , req . body . username , { maxAge : 604800000 , httpOnly : false , sameSite : 'Lax' } )
res . json ( result ) ;
res . json ( result ) ;
api . useInvite ( req . body . invite ) ;
api . useInvite ( req . body . invite ) ;
return ;
return ;
@ -268,6 +268,7 @@ async function initAPI() {
api . register ( req . body . username , req . body . password , req . body . confirm ) . then ( ( result ) = > {
api . register ( req . body . username , req . body . password , req . body . confirm ) . then ( ( result ) = > {
if ( result [ 0 ] ) return genToken ( req . body . username ) . then ( ( t ) = > {
if ( result [ 0 ] ) return genToken ( req . body . username ) . then ( ( t ) = > {
res . cookie ( 'Authorization' , t , { maxAge : 604800000 , httpOnly : true , sameSite : 'Lax' } ) ;
res . cookie ( 'Authorization' , t , { maxAge : 604800000 , httpOnly : true , sameSite : 'Lax' } ) ;
res . cookie ( 'X-Auth-As' , req . body . username , { maxAge : 604800000 , httpOnly : false , sameSite : 'Lax' } )
res . json ( result ) ;
res . json ( result ) ;
return ;
return ;
} ) ;
} ) ;
@ -589,9 +590,10 @@ async function initChat() {
socket . on ( 'JOINROOM' , async ( data ) = > {
socket . on ( 'JOINROOM' , async ( data ) = > {
let t : any = await db . query ( 'select username from users where username=' + db . raw . escape ( data ) ) ;
let t : any = await db . query ( 'select username from users where username=' + db . raw . escape ( data ) ) ;
if ( t [ 0 ] ) {
if ( t [ 0 ] ) {
if ( banlist . get ( data ) && banlist . get ( data ) [ socket [ 'handshake' ] [ 'address' ] ] ) {
let b = await db . query ( 'select * from ch_bans where target=' + db . raw . escape ( socket [ 'handshake' ] [ 'address' ] ) + ' and channel=' + db . raw . escape ( data ) ) ;
if ( Math . floor ( banlist . get ( data ) [ socket [ 'handshake' ] [ 'address' ] ] [ 'time' ] + ( banlist . get ( data ) [ socket [ 'handshake' ] [ 'address' ] ] [ 'length' ] * 60 ) ) < Math . floor ( Date . now ( ) / 1000 ) ) {
if ( b [ 0 ] ) {
banlist . set ( data , Object . assign ( { } , banlist . get ( data ) , { [ socket [ 'handshake' ] [ 'address' ] ] : null } ) ) ;
if ( Math . floor ( b [ 0 ] . time + ( b [ 0 ] . length * 60 ) ) < Math . floor ( Date . now ( ) / 1000 ) ) {
await db . query ( 'delete from ch_bans where target=' + db . raw . escape ( b [ 0 ] . target ) + 'and channel=' + db . raw . escape ( b [ 0 ] . channel ) + ' and time=' + db . raw . escape ( b [ 0 ] . time ) + ' and length=' + db . raw . escape ( b [ 0 ] . length ) ) ;
}
}
else {
else {
socket . emit ( 'ALERT' , 'You are banned from that room' ) ;
socket . emit ( 'ALERT' , 'You are banned from that room' ) ;
@ -680,23 +682,27 @@ async function initChat() {
}
}
else socket . emit ( 'ALERT' , 'Not authorized to do that.' ) ;
else socket . emit ( 'ALERT' , 'Not authorized to do that.' ) ;
} ) ;
} ) ;
socket . on ( 'BAN' , ( data : Object ) = > {
socket . on ( 'BAN' , async ( data : Object ) = > {
if ( socket . nick === data [ 'room' ] ) {
if ( socket . nick === data [ 'room' ] ) {
let id : string = store . get ( data [ 'nick' ] ) ;
let id : string = store . get ( data [ 'nick' ] ) ;
if ( id ) {
if ( id ) {
if ( Array . isArray ( id ) ) {
if ( Array . isArray ( id ) ) {
for ( let i = 0 ; i < id.length ; i + + ) {
for ( let i = 0 ; i < id.length ; i + + ) {
let target = io . sockets . connected [ id [ i ] ] ;
let target = io . sockets . connected [ id [ i ] ] ;
if ( typeof ( data [ 'time' ] ) === 'number' && ( data [ 'time' ] !== 0 && data [ 'time' ] !== NaN ) ) banlist . set ( data [ 'room' ] , Object . assign ( { } , banlist . get ( data [ 'room' ] ) , { [ target . ip ] : { time : Math.floor ( Date . now ( ) / 1000 ) , length : data [ 'time' ] } } ) ) ;
if ( typeof ( data [ 'time' ] ) === 'number' && ( data [ 'time' ] !== 0 && data [ 'time' ] !== NaN ) )
else banlist . set ( data [ 'room' ] , Object . assign ( { } , banlist . get ( data [ 'room' ] ) , { [ target . ip ] : { time : Math.floor ( Date . now ( ) / 1000 ) , length : 30 } } ) ) ;
await db . query ( 'insert into ch_bans (channel, target, time, length) VALUES (' + db . raw . escape ( data [ 'room' ] ) + ', ' + db . raw . escape ( target . ip ) + ', ' + db . raw . escape ( Math . floor ( Date . now ( ) / 1000 ) ) + ', ' + db . raw . escape ( data [ 'time' ] ) + ')' ) ;
else
await db . query ( 'insert into ch_bans (channel, target, time, length) VALUES (' + db . raw . escape ( data [ 'room' ] ) + ', ' + db . raw . escape ( target . ip ) + ', ' + db . raw . escape ( Math . floor ( Date . now ( ) / 1000 ) ) + ', ' + db . raw . escape ( 30 ) + ')' ) ;
target . leave ( data [ 'room' ] ) ;
target . leave ( data [ 'room' ] ) ;
}
}
io . to ( data [ 'room' ] ) . emit ( 'ALERT' , data [ 'nick' ] + ' was banned.' ) ;
io . to ( data [ 'room' ] ) . emit ( 'ALERT' , data [ 'nick' ] + ' was banned.' ) ;
return ;
return ;
}
}
let target = io . sockets . connected [ id ] ;
let target = io . sockets . connected [ id ] ;
if ( typeof ( data [ 'time' ] ) === 'number' && ( data [ 'time' ] !== 0 && data [ 'time' ] !== NaN ) ) banlist . set ( data [ 'room' ] , Object . assign ( { } , banlist . get ( data [ 'room' ] ) , { [ target . ip ] : { time : Math.floor ( Date . now ( ) / 1000 ) , length : data [ 'time' ] } } ) ) ;
if ( typeof ( data [ 'time' ] ) === 'number' && ( data [ 'time' ] !== 0 && data [ 'time' ] !== NaN ) )
else banlist . set ( data [ 'room' ] , Object . assign ( { } , banlist . get ( data [ 'room' ] ) , { [ target . ip ] : { time : Math.floor ( Date . now ( ) / 1000 ) , length : 30 } } ) ) ;
await db . query ( 'insert into ch_bans (channel, target, time, length) VALUES (' + db . raw . escape ( data [ 'room' ] ) + ', ' + db . raw . escape ( target . ip ) + ', ' + db . raw . escape ( Math . floor ( Date . now ( ) / 1000 ) ) + ', ' + db . raw . escape ( data [ 'time' ] ) + ')' ) ;
else
await db . query ( 'insert into ch_bans (channel, target, time, length) VALUES (' + db . raw . escape ( data [ 'room' ] ) + ', ' + db . raw . escape ( target . ip ) + ', ' + db . raw . escape ( Math . floor ( Date . now ( ) / 1000 ) ) + ', ' + db . raw . escape ( 30 ) + ')' ) ;
target . leave ( data [ 'room' ] ) ;
target . leave ( data [ 'room' ] ) ;
io . to ( data [ 'room' ] ) . emit ( 'ALERT' , target . nick + ' was banned.' ) ;
io . to ( data [ 'room' ] ) . emit ( 'ALERT' , target . nick + ' was banned.' ) ;
}
}
@ -704,10 +710,11 @@ async function initChat() {
}
}
else socket . emit ( 'ALERT' , 'Not authorized to do that.' ) ;
else socket . emit ( 'ALERT' , 'Not authorized to do that.' ) ;
} ) ;
} ) ;
socket . on ( 'UNBAN' , ( data : Object ) = > {
socket . on ( 'UNBAN' , async ( data : Object ) = > {
if ( socket . nick === data [ 'room' ] ) {
if ( socket . nick === data [ 'room' ] ) {
if ( banlist . get ( data [ 'room' ] ) && banlist . get ( data [ 'room' ] ) [ data [ 'ip' ] ] ) {
let b = await db . query ( 'select * from ch_bans where channel=' + db . raw . escape ( data [ 'room' ] ) + ' and target=' + db . raw . escape ( data [ 'ip' ] ) ) ;
banlist . set ( data [ 'room' ] , Object . assign ( { } , banlist . get ( data [ 'room' ] ) , { [ data [ 'ip' ] ] : null } ) ) ;
if ( b [ 0 ] ) {
await db . query ( 'delete from ch_bans where channel=' + db . raw . escape ( data [ 'room' ] ) + ' and target=' + db . raw . escape ( data [ 'ip' ] ) ) ;
socket . emit ( 'ALERT' , data [ 'ip' ] + ' was unbanned.' ) ;
socket . emit ( 'ALERT' , data [ 'ip' ] + ' was unbanned.' ) ;
}
}
else
else
@ -715,13 +722,13 @@ async function initChat() {
}
}
else socket . emit ( 'ALERT' , 'Not authorized to do that.' ) ;
else socket . emit ( 'ALERT' , 'Not authorized to do that.' ) ;
} ) ;
} ) ;
socket . on ( 'LISTBAN' , ( data : Object ) = > {
socket . on ( 'LISTBAN' , async ( data : Object ) = > {
if ( socket . nick === data [ 'room' ] ) {
if ( socket . nick === data [ 'room' ] ) {
if ( banlist . get ( data [ 'room' ] ) ) {
let b = await db . query ( 'select target from ch_bans where channel=' + db . raw . escape ( data [ 'room' ] ) ) ;
let bans = Object . keys ( banlist . get ( data [ 'room' ] ) ) ;
if ( b [ 0 ] ) {
let str = '' ;
let str = '' ;
for ( let i = 0 ; i < bans .length ; i + + ) {
for ( let i = 0 ; i < b.length ; i + + ) {
str += bans [ i ] + ', ' ;
str += b [ i ] . target + ', ' ;
}
}
socket . emit ( 'ALERT' , 'Banned IP adresses: ' + str . substring ( 0 , str . length - 2 ) ) ;
socket . emit ( 'ALERT' , 'Banned IP adresses: ' + str . substring ( 0 , str . length - 2 ) ) ;
return ;
return ;