From 12aed1db1ffadbcac4ed7cae68b6a6d8b88fa4cc Mon Sep 17 00:00:00 2001 From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> Date: Mon, 11 Apr 2022 00:36:12 +1000 Subject: Fix compile errors in checkPassword's entropy check --- api/src/util/utility/passwordStrength.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'api/src/util') diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts index e75e48f6..f3960e48 100644 --- a/api/src/util/utility/passwordStrength.ts +++ b/api/src/util/utility/passwordStrength.ts @@ -46,15 +46,15 @@ export function checkPassword(password: string): number { strength = 0; } - let entropyMap; + let entropyMap: { [key: string]: number } = {}; for (let i = 0; i < password.length; i++) { if (entropyMap[password[i]]) entropyMap[password[i]]++; else entropyMap[password[i]] = 1; } - let entropies = Array(entropyMap); - + let entropies = Object.values(entropyMap); + entropies.map(x => (x / entropyMap.length)); - strength += entropies.reduceRight((a, x), a - (x * Math.log2(x))) / Math.log2(password.length); + strength += entropies.reduceRight((a: number, x: number) => a - (x * Math.log2(x))) / Math.log2(password.length); return strength; } -- cgit 1.5.1 From d53702e3599acc762b8a9beeea8cbaf386c8e138 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Tue, 12 Apr 2022 20:10:30 +0300 Subject: Update passwordStrength.ts --- api/src/util/utility/passwordStrength.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src/util') diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts index f3960e48..439700d0 100644 --- a/api/src/util/utility/passwordStrength.ts +++ b/api/src/util/utility/passwordStrength.ts @@ -13,7 +13,7 @@ const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored * - min numbers * - min symbols * - min uppercase chars - * - shannon entropy divided by password entropy + * - shannon entropy folded into [0, 1) interval * * Returns: 0 > pw > 1 */ -- cgit 1.5.1 From c3f69bc6d835035bc03b80896348477ba94fa473 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Mon, 18 Apr 2022 22:02:32 +0300 Subject: general rights enforcement stuff --- api/src/util/handlers/route.ts | 3 +++ 1 file changed, 3 insertions(+) (limited to 'api/src/util') diff --git a/api/src/util/handlers/route.ts b/api/src/util/handlers/route.ts index 0048c4dd..3d3bbc37 100644 --- a/api/src/util/handlers/route.ts +++ b/api/src/util/handlers/route.ts @@ -6,6 +6,7 @@ import { FieldErrors, FosscordApiErrors, getPermission, + getRights, PermissionResolvable, Permissions, RightResolvable, @@ -105,6 +106,8 @@ export function route(opts: RouteOptions) { if (opts.right) { const required = new Rights(opts.right); + req.rights = await getRights(req.user_id); + if (!req.rights || !req.rights.has(required)) { throw FosscordApiErrors.MISSING_RIGHTS.withParams(opts.right as string); } -- cgit 1.5.1 From b81017bc605847c98537cc6bb34ea3880a7b1d6c Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Sat, 23 Apr 2022 10:56:47 +0300 Subject: backfilling — first steps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../#channel_id/messages/#message_id/index.ts | 86 +++++++++++++++++++++- api/src/util/handlers/Message.ts | 3 +- 2 files changed, 87 insertions(+), 2 deletions(-) (limited to 'api/src/util') diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index a27c71e1..6d2bf185 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -1,5 +1,18 @@ -import { Channel, emitEvent, getPermission, getRights, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; +import { + Attachment, + Channel, + Embed, + emitEvent, + getPermission, + getRights, + Message, + MessageCreateEvent, + MessageDeleteEvent, + MessageUpdateEvent, + uploadFile +} from "@fosscord/util"; import { Router, Response, Request } from "express"; +import multer from "multer"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; import { MessageCreateSchema } from "../index"; @@ -7,6 +20,15 @@ import { MessageCreateSchema } from "../index"; const router = Router(); // TODO: message content/embed string length limit +const messageUpload = multer({ + limits: { + fileSize: 1024 * 1024 * 100, + fields: 10, + files: 1 + }, + storage: multer.memoryStorage() +}); // max upload 50 mb + router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; var body = req.body as MessageCreateSchema; @@ -51,6 +73,68 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE return res.json(message); }); + +// Backfill message with specific timestamp +router.put( + "/", + messageUpload.single("file"), + async (req, res, next) => { + if (req.body.payload_json) { + req.body = JSON.parse(req.body.payload_json); + } + + next(); + }, + route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_BACKDATED_EVENTS" }), + async (req: Request, res: Response) => { + const { channel_id, message_id } = req.params; + var body = req.body as MessageCreateSchema; + const attachments: Attachment[] = []; + + if (req.file) { + try { + const file = await uploadFile(`/attachments/${req.params.channel_id}`, req.file); + attachments.push({ ...file, proxy_url: file.url }); + } catch (error) { + return res.status(400).json(error); + } + } + const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] }); + + // TODO: check the ID is not from the future, to prevent future-faking of channel histories + + const embeds = body.embeds || []; + if (body.embed) embeds.push(body.embed); + let message = await handleMessage({ + ...body, + type: 0, + pinned: false, + author_id: req.user_id, + id: message_id, + embeds, + channel_id, + attachments, + edited_timestamp: undefined, + timestamp: undefined, // FIXME: calculate timestamp from snowflake + }); + + channel.last_message_id = message.id; + + //Fix for the client bug + delete message.member + + await Promise.all([ + message.save(), + emitEvent({ event: "MESSAGE_CREATE", channel_id: channel_id, data: message } as MessageCreateEvent), + channel.save() + ]); + + postHandleMessage(message).catch((e) => { }); // no await as it shouldnt block the message send function and silently catch error + + return res.json(message); + } +); + router.get("/", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts index 5a5ac666..e9f0ac55 100644 --- a/api/src/util/handlers/Message.ts +++ b/api/src/util/handlers/Message.ts @@ -91,7 +91,8 @@ export async function handleMessage(opts: MessageOptions): Promise { if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel"); } } - // Q: should be checked if the referenced message exists? ANSWER: NO + /** Q: should be checked if the referenced message exists? ANSWER: NO + otherwise backfilling won't work **/ // @ts-ignore message.type = MessageType.REPLY; } -- cgit 1.5.1