diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts
index 21664368..5a5ac666 100644
--- a/api/src/util/handlers/Message.ts
+++ b/api/src/util/handlers/Message.ts
@@ -7,6 +7,7 @@ import {
MessageCreateEvent,
MessageUpdateEvent,
getPermission,
+ getRights,
CHANNEL_MENTION,
Snowflake,
USER_MENTION,
@@ -61,19 +62,20 @@ export async function handleMessage(opts: MessageOptions): Promise<Message> {
throw new HTTPError("Content length over max character limit")
}
- // TODO: are tts messages allowed in dm channels? should permission be checked?
if (opts.author_id) {
message.author = await User.getPublicUser(opts.author_id);
- }
+ const rights = await getRights(opts.author_id);
+ rights.hasThrow("SEND_MESSAGES");
+ }
if (opts.application_id) {
message.application = await Application.findOneOrFail({ id: opts.application_id });
}
if (opts.webhook_id) {
message.webhook = await Webhook.findOneOrFail({ id: opts.webhook_id });
}
-
+
const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id);
- permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check
+ permission.hasThrow("SEND_MESSAGES");
if (permission.cache.member) {
message.member = permission.cache.member;
}
@@ -81,13 +83,15 @@ export async function handleMessage(opts: MessageOptions): Promise<Message> {
if (opts.tts) permission.hasThrow("SEND_TTS_MESSAGES");
if (opts.message_reference) {
permission.hasThrow("READ_MESSAGE_HISTORY");
- // code below has to be redone when we add custom message routing and cross-channel replies
- const guild = await Guild.findOneOrFail({ id: channel.guild_id });
- if (!guild.features.includes("CROSS_CHANNEL_REPLIES")) {
- if (opts.message_reference.guild_id !== channel.guild_id) throw new HTTPError("You can only reference messages from this guild");
- if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel");
+ // code below has to be redone when we add custom message routing
+ if (message.guild_id !== null) {
+ const guild = await Guild.findOneOrFail({ id: channel.guild_id });
+ if (!guild.features.includes("CROSS_CHANNEL_REPLIES")) {
+ if (opts.message_reference.guild_id !== channel.guild_id) throw new HTTPError("You can only reference messages from this guild");
+ if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel");
+ }
}
- // TODO: should be checked if the referenced message exists?
+ // Q: should be checked if the referenced message exists? ANSWER: NO
// @ts-ignore
message.type = MessageType.REPLY;
}
diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts
index 047df008..e75e48f6 100644
--- a/api/src/util/utility/passwordStrength.ts
+++ b/api/src/util/utility/passwordStrength.ts
@@ -13,6 +13,7 @@ const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored
* - min <n> numbers
* - min <n> symbols
* - min <n> uppercase chars
+ * - shannon entropy divided by password entropy
*
* Returns: 0 > pw > 1
*/
@@ -22,28 +23,38 @@ export function checkPassword(password: string): number {
// checks for total password len
if (password.length >= minLength - 1) {
- strength += 0.25;
+ strength += 0.05;
}
// checks for amount of Numbers
if (password.count(reNUMBER) >= minNumbers - 1) {
- strength += 0.25;
+ strength += 0.05;
}
// checks for amount of Uppercase Letters
if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) {
- strength += 0.25;
+ strength += 0.05;
}
// checks for amount of symbols
if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) {
- strength += 0.25;
+ strength += 0.05;
}
// checks if password only consists of numbers or only consists of chars
if (password.length == password.count(reNUMBER) || password.length === password.count(reUPPERCASELETTER)) {
strength = 0;
}
-
+
+ let entropyMap;
+ for (let i = 0; i < password.length; i++) {
+ if (entropyMap[password[i]]) entropyMap[password[i]]++;
+ else entropyMap[password[i]] = 1;
+ }
+
+ let entropies = Array(entropyMap);
+
+ entropies.map(x => (x / entropyMap.length));
+ strength += entropies.reduceRight((a, x), a - (x * Math.log2(x))) / Math.log2(password.length);
return strength;
}
|
