summary refs log tree commit diff
path: root/api/src/util
diff options
context:
space:
mode:
Diffstat (limited to 'api/src/util')
-rw-r--r--api/src/util/handlers/Message.ts14
-rw-r--r--api/src/util/handlers/route.ts3
-rw-r--r--api/src/util/utility/passwordStrength.ts21
3 files changed, 27 insertions, 11 deletions
diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts

index 2d9f7032..5a5ac666 100644
--- a/api/src/util/handlers/Message.ts
+++ b/api/src/util/handlers/Message.ts
@@ -7,6 +7,7 @@ import {
 	MessageCreateEvent,
 	MessageUpdateEvent,
 	getPermission,
+	getRights,
 	CHANNEL_MENTION,
 	Snowflake,
 	USER_MENTION,
@@ -61,19 +62,20 @@ export async function handleMessage(opts: MessageOptions): Promise<Message> {
 		throw new HTTPError("Content length over max character limit")
 	}
 
-	// TODO: are tts messages allowed in dm channels? should permission be checked?
 	if (opts.author_id) {
 		message.author = await User.getPublicUser(opts.author_id);
-	}
+		const rights = await getRights(opts.author_id);
+		rights.hasThrow("SEND_MESSAGES");
+	}	
 	if (opts.application_id) {
 		message.application = await Application.findOneOrFail({ id: opts.application_id });
 	}
 	if (opts.webhook_id) {
 		message.webhook = await Webhook.findOneOrFail({ id: opts.webhook_id });
 	}
-
+	
 	const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id);
-	permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check
+	permission.hasThrow("SEND_MESSAGES");
 	if (permission.cache.member) {
 		message.member = permission.cache.member;
 	}
@@ -81,7 +83,7 @@ export async function handleMessage(opts: MessageOptions): Promise<Message> {
 	if (opts.tts) permission.hasThrow("SEND_TTS_MESSAGES");
 	if (opts.message_reference) {
 		permission.hasThrow("READ_MESSAGE_HISTORY");
-		// code below has to be redone when we add custom message routing and cross-channel replies
+		// code below has to be redone when we add custom message routing
 		if (message.guild_id !== null) {
 			const guild = await Guild.findOneOrFail({ id: channel.guild_id });
 			if (!guild.features.includes("CROSS_CHANNEL_REPLIES")) {
@@ -89,7 +91,7 @@ export async function handleMessage(opts: MessageOptions): Promise<Message> {
 				if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel");
 			}
 		}
-		// TODO: should be checked if the referenced message exists?
+		// Q: should be checked if the referenced message exists? ANSWER: NO
 		// @ts-ignore
 		message.type = MessageType.REPLY;
 	}
diff --git a/api/src/util/handlers/route.ts b/api/src/util/handlers/route.ts

index 0048c4dd..3d3bbc37 100644
--- a/api/src/util/handlers/route.ts
+++ b/api/src/util/handlers/route.ts
@@ -6,6 +6,7 @@ import {
 	FieldErrors,
 	FosscordApiErrors,
 	getPermission,
+	getRights,
 	PermissionResolvable,
 	Permissions,
 	RightResolvable,
@@ -105,6 +106,8 @@ export function route(opts: RouteOptions) {
 
 		if (opts.right) {
 			const required = new Rights(opts.right);
+			req.rights = await getRights(req.user_id);
+
 			if (!req.rights || !req.rights.has(required)) {
 				throw FosscordApiErrors.MISSING_RIGHTS.withParams(opts.right as string);
 			}
diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts

index 047df008..439700d0 100644
--- a/api/src/util/utility/passwordStrength.ts
+++ b/api/src/util/utility/passwordStrength.ts
@@ -13,6 +13,7 @@ const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored
  *  - min <n> numbers
  *  - min <n> symbols
  *  - min <n> uppercase chars
+ *  - shannon entropy folded into [0, 1) interval
  *
  * Returns: 0 > pw > 1
  */
@@ -22,28 +23,38 @@ export function checkPassword(password: string): number {
 
 	// checks for total password len
 	if (password.length >= minLength - 1) {
-		strength += 0.25;
+		strength += 0.05;
 	}
 
 	// checks for amount of Numbers
 	if (password.count(reNUMBER) >= minNumbers - 1) {
-		strength += 0.25;
+		strength += 0.05;
 	}
 
 	// checks for amount of Uppercase Letters
 	if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) {
-		strength += 0.25;
+		strength += 0.05;
 	}
 
 	// checks for amount of symbols
 	if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) {
-		strength += 0.25;
+		strength += 0.05;
 	}
 
 	// checks if password only consists of numbers or only consists of chars
 	if (password.length == password.count(reNUMBER) || password.length === password.count(reUPPERCASELETTER)) {
 		strength = 0;
 	}
-
+	
+	let entropyMap: { [key: string]: number } = {};
+	for (let i = 0; i < password.length; i++) {
+		if (entropyMap[password[i]]) entropyMap[password[i]]++;
+		else entropyMap[password[i]] = 1;
+	}
+	
+	let entropies = Object.values(entropyMap);
+	
+	entropies.map(x => (x / entropyMap.length));
+	strength += entropies.reduceRight((a: number, x: number) => a - (x * Math.log2(x))) / Math.log2(password.length);	
 	return strength;
 }
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-13 12:11:12 +0000