]> git.r.bdr.sh - rbdr/mobius/blob - hotline/transaction_handlers.go
git.r.bdr.sh / rbdr / mobius / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Implement "Can Send Messages" permission
[rbdr/mobius] / hotline / transaction_handlers.go
1 package hotline
2
3 import (
4 "bytes"
5 "encoding/binary"
6 "errors"
7 "fmt"
8 "gopkg.in/yaml.v3"
9 "io/ioutil"
10 "math/big"
11 "os"
12 "path"
13 "path/filepath"
14 "sort"
15 "strings"
16 "time"
17 )
18
19 type TransactionType struct {
20 Handler func(*ClientConn, *Transaction) ([]Transaction, error) // function for handling the transaction type
21 Name string // Name of transaction as it will appear in logging
22 RequiredFields []requiredField
23 }
24
25 var TransactionHandlers = map[uint16]TransactionType{
26 // Server initiated
27 tranChatMsg: {
28 Name: "tranChatMsg",
29 },
30 // Server initiated
31 tranNotifyChangeUser: {
32 Name: "tranNotifyChangeUser",
33 },
34 tranError: {
35 Name: "tranError",
36 },
37 tranShowAgreement: {
38 Name: "tranShowAgreement",
39 },
40 tranUserAccess: {
41 Name: "tranUserAccess",
42 },
43 tranNotifyDeleteUser: {
44 Name: "tranNotifyDeleteUser",
45 },
46 tranAgreed: {
47 Name: "tranAgreed",
48 Handler: HandleTranAgreed,
49 },
50 tranChatSend: {
51 Name: "tranChatSend",
52 Handler: HandleChatSend,
53 RequiredFields: []requiredField{
54 {
55 ID: fieldData,
56 minLen: 0,
57 },
58 },
59 },
60 tranDelNewsArt: {
61 Name: "tranDelNewsArt",
62 Handler: HandleDelNewsArt,
63 },
64 tranDelNewsItem: {
65 Name: "tranDelNewsItem",
66 Handler: HandleDelNewsItem,
67 },
68 tranDeleteFile: {
69 Name: "tranDeleteFile",
70 Handler: HandleDeleteFile,
71 },
72 tranDeleteUser: {
73 Name: "tranDeleteUser",
74 Handler: HandleDeleteUser,
75 },
76 tranDisconnectUser: {
77 Name: "tranDisconnectUser",
78 Handler: HandleDisconnectUser,
79 },
80 tranDownloadFile: {
81 Name: "tranDownloadFile",
82 Handler: HandleDownloadFile,
83 },
84 tranDownloadFldr: {
85 Name: "tranDownloadFldr",
86 Handler: HandleDownloadFolder,
87 },
88 tranGetClientInfoText: {
89 Name: "tranGetClientInfoText",
90 Handler: HandleGetClientInfoText,
91 },
92 tranGetFileInfo: {
93 Name: "tranGetFileInfo",
94 Handler: HandleGetFileInfo,
95 },
96 tranGetFileNameList: {
97 Name: "tranGetFileNameList",
98 Handler: HandleGetFileNameList,
99 },
100 tranGetMsgs: {
101 Name: "tranGetMsgs",
102 Handler: HandleGetMsgs,
103 },
104 tranGetNewsArtData: {
105 Name: "tranGetNewsArtData",
106 Handler: HandleGetNewsArtData,
107 },
108 tranGetNewsArtNameList: {
109 Name: "tranGetNewsArtNameList",
110 Handler: HandleGetNewsArtNameList,
111 },
112 tranGetNewsCatNameList: {
113 Name: "tranGetNewsCatNameList",
114 Handler: HandleGetNewsCatNameList,
115 },
116 tranGetUser: {
117 Name: "tranGetUser",
118 Handler: HandleGetUser,
119 },
120 tranGetUserNameList: {
121 Name: "tranHandleGetUserNameList",
122 Handler: HandleGetUserNameList,
123 },
124 tranInviteNewChat: {
125 Name: "tranInviteNewChat",
126 Handler: HandleInviteNewChat,
127 },
128 tranInviteToChat: {
129 Name: "tranInviteToChat",
130 Handler: HandleInviteToChat,
131 },
132 tranJoinChat: {
133 Name: "tranJoinChat",
134 Handler: HandleJoinChat,
135 },
136 tranKeepAlive: {
137 Name: "tranKeepAlive",
138 Handler: HandleKeepAlive,
139 },
140 tranLeaveChat: {
141 Name: "tranJoinChat",
142 Handler: HandleLeaveChat,
143 },
144 tranListUsers: {
145 Name: "tranListUsers",
146 Handler: HandleListUsers,
147 },
148 tranMoveFile: {
149 Name: "tranMoveFile",
150 Handler: HandleMoveFile,
151 },
152 tranNewFolder: {
153 Name: "tranNewFolder",
154 Handler: HandleNewFolder,
155 },
156 tranNewNewsCat: {
157 Name: "tranNewNewsCat",
158 Handler: HandleNewNewsCat,
159 },
160 tranNewNewsFldr: {
161 Name: "tranNewNewsFldr",
162 Handler: HandleNewNewsFldr,
163 },
164 tranNewUser: {
165 Name: "tranNewUser",
166 Handler: HandleNewUser,
167 },
168 tranUpdateUser: {
169 Name: "tranUpdateUser",
170 Handler: HandleUpdateUser,
171 },
172 tranOldPostNews: {
173 Name: "tranOldPostNews",
174 Handler: HandleTranOldPostNews,
175 },
176 tranPostNewsArt: {
177 Name: "tranPostNewsArt",
178 Handler: HandlePostNewsArt,
179 },
180 tranRejectChatInvite: {
181 Name: "tranRejectChatInvite",
182 Handler: HandleRejectChatInvite,
183 },
184 tranSendInstantMsg: {
185 Name: "tranSendInstantMsg",
186 Handler: HandleSendInstantMsg,
187 RequiredFields: []requiredField{
188 {
189 ID: fieldData,
190 minLen: 0,
191 },
192 {
193 ID: fieldUserID,
194 },
195 },
196 },
197 tranSetChatSubject: {
198 Name: "tranSetChatSubject",
199 Handler: HandleSetChatSubject,
200 },
201 tranMakeFileAlias: {
202 Name: "tranMakeFileAlias",
203 Handler: HandleMakeAlias,
204 RequiredFields: []requiredField{
205 {ID: fieldFileName, minLen: 1},
206 {ID: fieldFilePath, minLen: 1},
207 {ID: fieldFileNewPath, minLen: 1},
208 },
209 },
210 tranSetClientUserInfo: {
211 Name: "tranSetClientUserInfo",
212 Handler: HandleSetClientUserInfo,
213 },
214 tranSetFileInfo: {
215 Name: "tranSetFileInfo",
216 Handler: HandleSetFileInfo,
217 },
218 tranSetUser: {
219 Name: "tranSetUser",
220 Handler: HandleSetUser,
221 },
222 tranUploadFile: {
223 Name: "tranUploadFile",
224 Handler: HandleUploadFile,
225 },
226 tranUploadFldr: {
227 Name: "tranUploadFldr",
228 Handler: HandleUploadFolder,
229 },
230 tranUserBroadcast: {
231 Name: "tranUserBroadcast",
232 Handler: HandleUserBroadcast,
233 },
234 tranDownloadBanner: {
235 Name: "tranDownloadBanner",
236 Handler: HandleDownloadBanner,
237 },
238 }
239
240 func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
241 if !authorize(cc.Account.Access, accessSendChat) {
242 res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat."))
243 return res, err
244 }
245
246 // Truncate long usernames
247 trunc := fmt.Sprintf("%13s", cc.UserName)
248 formattedMsg := fmt.Sprintf("\r%.14s: %s", trunc, t.GetField(fieldData).Data)
249
250 // By holding the option key, Hotline chat allows users to send /me formatted messages like:
251 // *** Halcyon does stuff
252 // This is indicated by the presence of the optional field fieldChatOptions in the transaction payload
253 if t.GetField(fieldChatOptions).Data != nil {
254 formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(fieldData).Data)
255 }
256
257 chatID := t.GetField(fieldChatID).Data
258 // a non-nil chatID indicates the message belongs to a private chat
259 if chatID != nil {
260 chatInt := binary.BigEndian.Uint32(chatID)
261 privChat := cc.Server.PrivateChats[chatInt]
262
263 clients := sortedClients(privChat.ClientConn)
264
265 // send the message to all connected clients of the private chat
266 for _, c := range clients {
267 res = append(res, *NewTransaction(
268 tranChatMsg,
269 c.ID,
270 NewField(fieldChatID, chatID),
271 NewField(fieldData, []byte(formattedMsg)),
272 ))
273 }
274 return res, err
275 }
276
277 for _, c := range sortedClients(cc.Server.Clients) {
278 // Filter out clients that do not have the read chat permission
279 if authorize(c.Account.Access, accessReadChat) {
280 res = append(res, *NewTransaction(tranChatMsg, c.ID, NewField(fieldData, []byte(formattedMsg))))
281 }
282 }
283
284 return res, err
285 }
286
287 // HandleSendInstantMsg sends instant message to the user on the current server.
288 // Fields used in the request:
289 // 103 User ID
290 // 113 Options
291 // One of the following values:
292 // - User message (myOpt_UserMessage = 1)
293 // - Refuse message (myOpt_RefuseMessage = 2)
294 // - Refuse chat (myOpt_RefuseChat = 3)
295 // - Automatic response (myOpt_AutomaticResponse = 4)"
296 // 101 Data Optional
297 // 214 Quoting message Optional
298 //
299 // Fields used in the reply:
300 // None
301 func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
302 if !cc.Authorize(accessSendPrivMsg) {
303 res = append(res, cc.NewErrReply(t, "You are not allowed to send private messages."))
304 return res, err
305 }
306
307 msg := t.GetField(fieldData)
308 ID := t.GetField(fieldUserID)
309
310 reply := NewTransaction(
311 tranServerMsg,
312 &ID.Data,
313 NewField(fieldData, msg.Data),
314 NewField(fieldUserName, cc.UserName),
315 NewField(fieldUserID, *cc.ID),
316 NewField(fieldOptions, []byte{0, 1}),
317 )
318
319 // Later versions of Hotline include the original message in the fieldQuotingMsg field so
320 // the receiving client can display both the received message and what it is in reply to
321 if t.GetField(fieldQuotingMsg).Data != nil {
322 reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data))
323 }
324
325 res = append(res, *reply)
326
327 id, _ := byteToInt(ID.Data)
328 otherClient, ok := cc.Server.Clients[uint16(id)]
329 if !ok {
330 return res, errors.New("invalid client ID")
331 }
332
333 // Respond with auto reply if other client has it enabled
334 if len(otherClient.AutoReply) > 0 {
335 res = append(res,
336 *NewTransaction(
337 tranServerMsg,
338 cc.ID,
339 NewField(fieldData, otherClient.AutoReply),
340 NewField(fieldUserName, otherClient.UserName),
341 NewField(fieldUserID, *otherClient.ID),
342 NewField(fieldOptions, []byte{0, 1}),
343 ),
344 )
345 }
346
347 res = append(res, cc.NewReply(t))
348
349 return res, err
350 }
351
352 func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
353 fileName := t.GetField(fieldFileName).Data
354 filePath := t.GetField(fieldFilePath).Data
355
356 fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
357 if err != nil {
358 return res, err
359 }
360
361 fw, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
362 if err != nil {
363 return res, err
364 }
365
366 res = append(res, cc.NewReply(t,
367 NewField(fieldFileName, []byte(fw.name)),
368 NewField(fieldFileTypeString, fw.ffo.FlatFileInformationFork.friendlyType()),
369 NewField(fieldFileCreatorString, fw.ffo.FlatFileInformationFork.friendlyCreator()),
370 NewField(fieldFileComment, fw.ffo.FlatFileInformationFork.Comment),
371 NewField(fieldFileType, fw.ffo.FlatFileInformationFork.TypeSignature),
372 NewField(fieldFileCreateDate, fw.ffo.FlatFileInformationFork.CreateDate),
373 NewField(fieldFileModifyDate, fw.ffo.FlatFileInformationFork.ModifyDate),
374 NewField(fieldFileSize, fw.totalSize()),
375 ))
376 return res, err
377 }
378
379 // HandleSetFileInfo updates a file or folder name and/or comment from the Get Info window
380 // Fields used in the request:
381 // * 201 File name
382 // * 202 File path Optional
383 // * 211 File new name Optional
384 // * 210 File comment Optional
385 // Fields used in the reply: None
386 func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
387 fileName := t.GetField(fieldFileName).Data
388 filePath := t.GetField(fieldFilePath).Data
389
390 fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
391 if err != nil {
392 return res, err
393 }
394
395 fi, err := cc.Server.FS.Stat(fullFilePath)
396 if err != nil {
397 return res, err
398 }
399
400 hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
401 if err != nil {
402 return res, err
403 }
404 if t.GetField(fieldFileComment).Data != nil {
405 switch mode := fi.Mode(); {
406 case mode.IsDir():
407 if !authorize(cc.Account.Access, accessSetFolderComment) {
408 res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for folders."))
409 return res, err
410 }
411 case mode.IsRegular():
412 if !authorize(cc.Account.Access, accessSetFileComment) {
413 res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for files."))
414 return res, err
415 }
416 }
417
418 if err := hlFile.ffo.FlatFileInformationFork.setComment(t.GetField(fieldFileComment).Data); err != nil {
419 return res, err
420 }
421 w, err := hlFile.infoForkWriter()
422 if err != nil {
423 return res, err
424 }
425 _, err = w.Write(hlFile.ffo.FlatFileInformationFork.MarshalBinary())
426 if err != nil {
427 return res, err
428 }
429 }
430
431 fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(fieldFileNewName).Data)
432 if err != nil {
433 return nil, err
434 }
435
436 fileNewName := t.GetField(fieldFileNewName).Data
437
438 if fileNewName != nil {
439 switch mode := fi.Mode(); {
440 case mode.IsDir():
441 if !authorize(cc.Account.Access, accessRenameFolder) {
442 res = append(res, cc.NewErrReply(t, "You are not allowed to rename folders."))
443 return res, err
444 }
445 err = os.Rename(fullFilePath, fullNewFilePath)
446 if os.IsNotExist(err) {
447 res = append(res, cc.NewErrReply(t, "Cannot rename folder "+string(fileName)+" because it does not exist or cannot be found."))
448 return res, err
449 }
450 case mode.IsRegular():
451 if !authorize(cc.Account.Access, accessRenameFile) {
452 res = append(res, cc.NewErrReply(t, "You are not allowed to rename files."))
453 return res, err
454 }
455 fileDir, err := readPath(cc.Server.Config.FileRoot, filePath, []byte{})
456 if err != nil {
457 return nil, err
458 }
459 hlFile.name = string(fileNewName)
460 err = hlFile.move(fileDir)
461 if os.IsNotExist(err) {
462 res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found."))
463 return res, err
464 }
465 if err != nil {
466 panic(err)
467 }
468 }
469 }
470
471 res = append(res, cc.NewReply(t))
472 return res, err
473 }
474
475 // HandleDeleteFile deletes a file or folder
476 // Fields used in the request:
477 // * 201 File name
478 // * 202 File path
479 // Fields used in the reply: none
480 func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
481 fileName := t.GetField(fieldFileName).Data
482 filePath := t.GetField(fieldFilePath).Data
483
484 fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
485 if err != nil {
486 return res, err
487 }
488
489 hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
490 if err != nil {
491 return res, err
492 }
493
494 fi, err := hlFile.dataFile()
495 if err != nil {
496 res = append(res, cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found."))
497 return res, nil
498 }
499
500 switch mode := fi.Mode(); {
501 case mode.IsDir():
502 if !authorize(cc.Account.Access, accessDeleteFolder) {
503 res = append(res, cc.NewErrReply(t, "You are not allowed to delete folders."))
504 return res, err
505 }
506 case mode.IsRegular():
507 if !authorize(cc.Account.Access, accessDeleteFile) {
508 res = append(res, cc.NewErrReply(t, "You are not allowed to delete files."))
509 return res, err
510 }
511 }
512
513 if err := hlFile.delete(); err != nil {
514 return res, err
515 }
516
517 res = append(res, cc.NewReply(t))
518 return res, err
519 }
520
521 // HandleMoveFile moves files or folders. Note: seemingly not documented
522 func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
523 fileName := string(t.GetField(fieldFileName).Data)
524
525 filePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data)
526 if err != nil {
527 return res, err
528 }
529
530 fileNewPath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFileNewPath).Data, nil)
531 if err != nil {
532 return res, err
533 }
534
535 cc.logger.Infow("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
536
537 hlFile, err := newFileWrapper(cc.Server.FS, filePath, 0)
538 if err != nil {
539 return res, err
540 }
541
542 fi, err := hlFile.dataFile()
543 if err != nil {
544 res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found."))
545 return res, err
546 }
547 if err != nil {
548 return res, err
549 }
550 switch mode := fi.Mode(); {
551 case mode.IsDir():
552 if !authorize(cc.Account.Access, accessMoveFolder) {
553 res = append(res, cc.NewErrReply(t, "You are not allowed to move folders."))
554 return res, err
555 }
556 case mode.IsRegular():
557 if !authorize(cc.Account.Access, accessMoveFile) {
558 res = append(res, cc.NewErrReply(t, "You are not allowed to move files."))
559 return res, err
560 }
561 }
562 if err := hlFile.move(fileNewPath); err != nil {
563 return res, err
564 }
565 // TODO: handle other possible errors; e.g. fileWrapper delete fails due to fileWrapper permission issue
566
567 res = append(res, cc.NewReply(t))
568 return res, err
569 }
570
571 func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
572 if !authorize(cc.Account.Access, accessCreateFolder) {
573 res = append(res, cc.NewErrReply(t, "You are not allowed to create folders."))
574 return res, err
575 }
576 folderName := string(t.GetField(fieldFileName).Data)
577
578 folderName = path.Join("/", folderName)
579
580 var subPath string
581
582 // fieldFilePath is only present for nested paths
583 if t.GetField(fieldFilePath).Data != nil {
584 var newFp FilePath
585 err := newFp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
586 if err != nil {
587 return nil, err
588 }
589
590 for _, pathItem := range newFp.Items {
591 subPath = filepath.Join("/", subPath, string(pathItem.Name))
592 }
593 }
594 newFolderPath := path.Join(cc.Server.Config.FileRoot, subPath, folderName)
595
596 // TODO: check path and folder name lengths
597
598 if _, err := cc.Server.FS.Stat(newFolderPath); !os.IsNotExist(err) {
599 msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that name.", folderName)
600 return []Transaction{cc.NewErrReply(t, msg)}, nil
601 }
602
603 // TODO: check for disallowed characters to maintain compatibility for original client
604
605 if err := cc.Server.FS.Mkdir(newFolderPath, 0777); err != nil {
606 msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName)
607 return []Transaction{cc.NewErrReply(t, msg)}, nil
608 }
609
610 res = append(res, cc.NewReply(t))
611 return res, err
612 }
613
614 func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
615 if !authorize(cc.Account.Access, accessModifyUser) {
616 res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
617 return res, err
618 }
619
620 login := DecodeUserString(t.GetField(fieldUserLogin).Data)
621 userName := string(t.GetField(fieldUserName).Data)
622
623 newAccessLvl := t.GetField(fieldUserAccess).Data
624
625 account := cc.Server.Accounts[login]
626 account.Access = &newAccessLvl
627 account.Name = userName
628
629 // If the password field is cleared in the Hotline edit user UI, the SetUser transaction does
630 // not include fieldUserPassword
631 if t.GetField(fieldUserPassword).Data == nil {
632 account.Password = hashAndSalt([]byte(""))
633 }
634 if len(t.GetField(fieldUserPassword).Data) > 1 {
635 account.Password = hashAndSalt(t.GetField(fieldUserPassword).Data)
636 }
637
638 out, err := yaml.Marshal(&account)
639 if err != nil {
640 return res, err
641 }
642 if err := os.WriteFile(filepath.Join(cc.Server.ConfigDir, "Users", login+".yaml"), out, 0666); err != nil {
643 return res, err
644 }
645
646 // Notify connected clients logged in as the user of the new access level
647 for _, c := range cc.Server.Clients {
648 if c.Account.Login == login {
649 // Note: comment out these two lines to test server-side deny messages
650 newT := NewTransaction(tranUserAccess, c.ID, NewField(fieldUserAccess, newAccessLvl))
651 res = append(res, *newT)
652
653 flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(c.Flags)))
654 if authorize(c.Account.Access, accessDisconUser) {
655 flagBitmap.SetBit(flagBitmap, userFlagAdmin, 1)
656 } else {
657 flagBitmap.SetBit(flagBitmap, userFlagAdmin, 0)
658 }
659 binary.BigEndian.PutUint16(c.Flags, uint16(flagBitmap.Int64()))
660
661 c.Account.Access = account.Access
662
663 cc.sendAll(
664 tranNotifyChangeUser,
665 NewField(fieldUserID, *c.ID),
666 NewField(fieldUserFlags, c.Flags),
667 NewField(fieldUserName, c.UserName),
668 NewField(fieldUserIconID, c.Icon),
669 )
670 }
671 }
672
673 res = append(res, cc.NewReply(t))
674 return res, err
675 }
676
677 func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
678 if !authorize(cc.Account.Access, accessOpenUser) {
679 res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
680 return res, err
681 }
682
683 account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)]
684 if account == nil {
685 res = append(res, cc.NewErrReply(t, "Account does not exist."))
686 return res, err
687 }
688
689 res = append(res, cc.NewReply(t,
690 NewField(fieldUserName, []byte(account.Name)),
691 NewField(fieldUserLogin, negateString(t.GetField(fieldUserLogin).Data)),
692 NewField(fieldUserPassword, []byte(account.Password)),
693 NewField(fieldUserAccess, *account.Access),
694 ))
695 return res, err
696 }
697
698 func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
699 if !authorize(cc.Account.Access, accessOpenUser) {
700 res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
701 return res, err
702 }
703
704 var userFields []Field
705 for _, acc := range cc.Server.Accounts {
706 b := make([]byte, 0, 100)
707 n, err := acc.Read(b)
708 if err != nil {
709 return res, err
710 }
711
712 userFields = append(userFields, NewField(fieldData, b[:n]))
713 }
714
715 res = append(res, cc.NewReply(t, userFields...))
716 return res, err
717 }
718
719 // HandleUpdateUser is used by the v1.5+ multi-user editor to perform account editing for multiple users at a time.
720 // An update can be a mix of these actions:
721 // * Create user
722 // * Delete user
723 // * Modify user (including renaming the account login)
724 //
725 // The Transaction sent by the client includes one data field per user that was modified. This data field in turn
726 // contains another data field encoded in its payload with a varying number of sub fields depending on which action is
727 // performed. This seems to be the only place in the Hotline protocol where a data field contains another data field.
728 func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
729 for _, field := range t.Fields {
730 subFields, err := ReadFields(field.Data[0:2], field.Data[2:])
731 if err != nil {
732 return res, err
733 }
734
735 if len(subFields) == 1 {
736 login := DecodeUserString(getField(fieldData, &subFields).Data)
737 cc.logger.Infow("DeleteUser", "login", login)
738
739 if !authorize(cc.Account.Access, accessDeleteUser) {
740 res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
741 return res, err
742 }
743
744 if err := cc.Server.DeleteUser(login); err != nil {
745 return res, err
746 }
747 continue
748 }
749
750 login := DecodeUserString(getField(fieldUserLogin, &subFields).Data)
751
752 // check if the login dataFile; if so, we know we are updating an existing user
753 if acc, ok := cc.Server.Accounts[login]; ok {
754 cc.logger.Infow("UpdateUser", "login", login)
755
756 // account dataFile, so this is an update action
757 if !authorize(cc.Account.Access, accessModifyUser) {
758 res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
759 return res, err
760 }
761
762 if getField(fieldUserPassword, &subFields) != nil {
763 newPass := getField(fieldUserPassword, &subFields).Data
764 acc.Password = hashAndSalt(newPass)
765 } else {
766 acc.Password = hashAndSalt([]byte(""))
767 }
768
769 if getField(fieldUserAccess, &subFields) != nil {
770 acc.Access = &getField(fieldUserAccess, &subFields).Data
771 }
772
773 err = cc.Server.UpdateUser(
774 DecodeUserString(getField(fieldData, &subFields).Data),
775 DecodeUserString(getField(fieldUserLogin, &subFields).Data),
776 string(getField(fieldUserName, &subFields).Data),
777 acc.Password,
778 *acc.Access,
779 )
780 if err != nil {
781 return res, err
782 }
783 } else {
784 cc.logger.Infow("CreateUser", "login", login)
785
786 if !authorize(cc.Account.Access, accessCreateUser) {
787 res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
788 return res, err
789 }
790
791 err := cc.Server.NewUser(
792 login,
793 string(getField(fieldUserName, &subFields).Data),
794 string(getField(fieldUserPassword, &subFields).Data),
795 getField(fieldUserAccess, &subFields).Data,
796 )
797 if err != nil {
798 return []Transaction{}, err
799 }
800 }
801 }
802
803 res = append(res, cc.NewReply(t))
804 return res, err
805 }
806
807 // HandleNewUser creates a new user account
808 func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
809 if !authorize(cc.Account.Access, accessCreateUser) {
810 res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
811 return res, err
812 }
813
814 login := DecodeUserString(t.GetField(fieldUserLogin).Data)
815
816 // If the account already dataFile, reply with an error
817 if _, ok := cc.Server.Accounts[login]; ok {
818 res = append(res, cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login."))
819 return res, err
820 }
821
822 if err := cc.Server.NewUser(
823 login,
824 string(t.GetField(fieldUserName).Data),
825 string(t.GetField(fieldUserPassword).Data),
826 t.GetField(fieldUserAccess).Data,
827 ); err != nil {
828 return []Transaction{}, err
829 }
830
831 res = append(res, cc.NewReply(t))
832 return res, err
833 }
834
835 func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
836 if !authorize(cc.Account.Access, accessDeleteUser) {
837 res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
838 return res, err
839 }
840
841 // TODO: Handle case where account doesn't exist; e.g. delete race condition
842 login := DecodeUserString(t.GetField(fieldUserLogin).Data)
843
844 if err := cc.Server.DeleteUser(login); err != nil {
845 return res, err
846 }
847
848 res = append(res, cc.NewReply(t))
849 return res, err
850 }
851
852 // HandleUserBroadcast sends an Administrator Message to all connected clients of the server
853 func HandleUserBroadcast(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
854 if !authorize(cc.Account.Access, accessBroadcast) {
855 res = append(res, cc.NewErrReply(t, "You are not allowed to send broadcast messages."))
856 return res, err
857 }
858
859 cc.sendAll(
860 tranServerMsg,
861 NewField(fieldData, t.GetField(tranGetMsgs).Data),
862 NewField(fieldChatOptions, []byte{0}),
863 )
864
865 res = append(res, cc.NewReply(t))
866 return res, err
867 }
868
869 func byteToInt(bytes []byte) (int, error) {
870 switch len(bytes) {
871 case 2:
872 return int(binary.BigEndian.Uint16(bytes)), nil
873 case 4:
874 return int(binary.BigEndian.Uint32(bytes)), nil
875 }
876
877 return 0, errors.New("unknown byte length")
878 }
879
880 // HandleGetClientInfoText returns user information for the specific user.
881 //
882 // Fields used in the request:
883 // 103 User ID
884 //
885 // Fields used in the reply:
886 // 102 User name
887 // 101 Data User info text string
888 func HandleGetClientInfoText(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
889 if !authorize(cc.Account.Access, accessGetClientInfo) {
890 res = append(res, cc.NewErrReply(t, "You are not allowed to get client info."))
891 return res, err
892 }
893
894 clientID, _ := byteToInt(t.GetField(fieldUserID).Data)
895
896 clientConn := cc.Server.Clients[uint16(clientID)]
897 if clientConn == nil {
898 return append(res, cc.NewErrReply(t, "User not found.")), err
899 }
900
901 res = append(res, cc.NewReply(t,
902 NewField(fieldData, []byte(clientConn.String())),
903 NewField(fieldUserName, clientConn.UserName),
904 ))
905 return res, err
906 }
907
908 func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
909 res = append(res, cc.NewReply(t, cc.Server.connectedUsers()...))
910
911 return res, err
912 }
913
914 func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
915 cc.Agreed = true
916
917 if t.GetField(fieldUserName).Data != nil {
918 if cc.Authorize(accessAnyName) {
919 cc.UserName = t.GetField(fieldUserName).Data
920 } else {
921 cc.UserName = []byte(cc.Account.Name)
922 }
923 }
924
925 cc.Icon = t.GetField(fieldUserIconID).Data
926
927 cc.logger = cc.logger.With("name", string(cc.UserName))
928 cc.logger.Infow("Login successful", "clientVersion", fmt.Sprintf("%x", cc.Version))
929
930 options := t.GetField(fieldOptions).Data
931 optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
932
933 flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags)))
934
935 // Check refuse private PM option
936 if optBitmap.Bit(refusePM) == 1 {
937 flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1)
938 binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
939 }
940
941 // Check refuse private chat option
942 if optBitmap.Bit(refuseChat) == 1 {
943 flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1)
944 binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
945 }
946
947 // Check auto response
948 if optBitmap.Bit(autoResponse) == 1 {
949 cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
950 } else {
951 cc.AutoReply = []byte{}
952 }
953
954 trans := cc.notifyOthers(
955 *NewTransaction(
956 tranNotifyChangeUser, nil,
957 NewField(fieldUserName, cc.UserName),
958 NewField(fieldUserID, *cc.ID),
959 NewField(fieldUserIconID, cc.Icon),
960 NewField(fieldUserFlags, cc.Flags),
961 ),
962 )
963 res = append(res, trans...)
964
965 if cc.Server.Config.BannerFile != "" {
966 res = append(res, *NewTransaction(tranServerBanner, cc.ID, NewField(fieldBannerType, []byte("JPEG"))))
967 }
968
969 res = append(res, cc.NewReply(t))
970
971 return res, err
972 }
973
974 const defaultNewsDateFormat = "Jan02 15:04" // Jun23 20:49
975 // "Mon, 02 Jan 2006 15:04:05 MST"
976
977 const defaultNewsTemplate = `From %s (%s):
978
979 %s
980
981 __________________________________________________________`
982
983 // HandleTranOldPostNews updates the flat news
984 // Fields used in this request:
985 // 101 Data
986 func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
987 if !authorize(cc.Account.Access, accessNewsPostArt) {
988 res = append(res, cc.NewErrReply(t, "You are not allowed to post news."))
989 return res, err
990 }
991
992 cc.Server.flatNewsMux.Lock()
993 defer cc.Server.flatNewsMux.Unlock()
994
995 newsDateTemplate := defaultNewsDateFormat
996 if cc.Server.Config.NewsDateFormat != "" {
997 newsDateTemplate = cc.Server.Config.NewsDateFormat
998 }
999
1000 newsTemplate := defaultNewsTemplate
1001 if cc.Server.Config.NewsDelimiter != "" {
1002 newsTemplate = cc.Server.Config.NewsDelimiter
1003 }
1004
1005 newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(fieldData).Data)
1006 newsPost = strings.Replace(newsPost, "\n", "\r", -1)
1007
1008 // update news in memory
1009 cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...)
1010
1011 // update news on disk
1012 if err := ioutil.WriteFile(cc.Server.ConfigDir+"MessageBoard.txt", cc.Server.FlatNews, 0644); err != nil {
1013 return res, err
1014 }
1015
1016 // Notify all clients of updated news
1017 cc.sendAll(
1018 tranNewMsg,
1019 NewField(fieldData, []byte(newsPost)),
1020 )
1021
1022 res = append(res, cc.NewReply(t))
1023 return res, err
1024 }
1025
1026 func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1027 if !authorize(cc.Account.Access, accessDisconUser) {
1028 res = append(res, cc.NewErrReply(t, "You are not allowed to disconnect users."))
1029 return res, err
1030 }
1031
1032 clientConn := cc.Server.Clients[binary.BigEndian.Uint16(t.GetField(fieldUserID).Data)]
1033
1034 if authorize(clientConn.Account.Access, accessCannotBeDiscon) {
1035 res = append(res, cc.NewErrReply(t, clientConn.Account.Login+" is not allowed to be disconnected."))
1036 return res, err
1037 }
1038
1039 // If fieldOptions is set, then the client IP is banned in addition to disconnected.
1040 // 00 01 = temporary ban
1041 // 00 02 = permanent ban
1042 if t.GetField(fieldOptions).Data != nil {
1043 switch t.GetField(fieldOptions).Data[1] {
1044 case 1:
1045 // send message: "You are temporarily banned on this server"
1046 cc.logger.Infow("Disconnect & temporarily ban " + string(clientConn.UserName))
1047
1048 res = append(res, *NewTransaction(
1049 tranServerMsg,
1050 clientConn.ID,
1051 NewField(fieldData, []byte("You are temporarily banned on this server")),
1052 NewField(fieldChatOptions, []byte{0, 0}),
1053 ))
1054
1055 banUntil := time.Now().Add(tempBanDuration)
1056 cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = &banUntil
1057 cc.Server.writeBanList()
1058 case 2:
1059 // send message: "You are permanently banned on this server"
1060 cc.logger.Infow("Disconnect & ban " + string(clientConn.UserName))
1061
1062 res = append(res, *NewTransaction(
1063 tranServerMsg,
1064 clientConn.ID,
1065 NewField(fieldData, []byte("You are permanently banned on this server")),
1066 NewField(fieldChatOptions, []byte{0, 0}),
1067 ))
1068
1069 cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = nil
1070 cc.Server.writeBanList()
1071 }
1072 }
1073
1074 // TODO: remove this awful hack
1075 go func() {
1076 time.Sleep(1 * time.Second)
1077 clientConn.Disconnect()
1078 }()
1079
1080 return append(res, cc.NewReply(t)), err
1081 }
1082
1083 // HandleGetNewsCatNameList returns a list of news categories for a path
1084 // Fields used in the request:
1085 // 325 News path (Optional)
1086 func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1087 if !authorize(cc.Account.Access, accessNewsReadArt) {
1088 res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
1089 return res, err
1090 }
1091
1092 pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
1093 cats := cc.Server.GetNewsCatByPath(pathStrs)
1094
1095 // To store the keys in slice in sorted order
1096 keys := make([]string, len(cats))
1097 i := 0
1098 for k := range cats {
1099 keys[i] = k
1100 i++
1101 }
1102 sort.Strings(keys)
1103
1104 var fieldData []Field
1105 for _, k := range keys {
1106 cat := cats[k]
1107 b, _ := cat.MarshalBinary()
1108 fieldData = append(fieldData, NewField(
1109 fieldNewsCatListData15,
1110 b,
1111 ))
1112 }
1113
1114 res = append(res, cc.NewReply(t, fieldData...))
1115 return res, err
1116 }
1117
1118 func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1119 if !authorize(cc.Account.Access, accessNewsCreateCat) {
1120 res = append(res, cc.NewErrReply(t, "You are not allowed to create news categories."))
1121 return res, err
1122 }
1123
1124 name := string(t.GetField(fieldNewsCatName).Data)
1125 pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
1126
1127 cats := cc.Server.GetNewsCatByPath(pathStrs)
1128 cats[name] = NewsCategoryListData15{
1129 Name: name,
1130 Type: []byte{0, 3},
1131 Articles: map[uint32]*NewsArtData{},
1132 SubCats: make(map[string]NewsCategoryListData15),
1133 }
1134
1135 if err := cc.Server.writeThreadedNews(); err != nil {
1136 return res, err
1137 }
1138 res = append(res, cc.NewReply(t))
1139 return res, err
1140 }
1141
1142 // Fields used in the request:
1143 // 322 News category name
1144 // 325 News path
1145 func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1146 if !authorize(cc.Account.Access, accessNewsCreateFldr) {
1147 res = append(res, cc.NewErrReply(t, "You are not allowed to create news folders."))
1148 return res, err
1149 }
1150
1151 name := string(t.GetField(fieldFileName).Data)
1152 pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
1153
1154 cc.logger.Infof("Creating new news folder %s", name)
1155
1156 cats := cc.Server.GetNewsCatByPath(pathStrs)
1157 cats[name] = NewsCategoryListData15{
1158 Name: name,
1159 Type: []byte{0, 2},
1160 Articles: map[uint32]*NewsArtData{},
1161 SubCats: make(map[string]NewsCategoryListData15),
1162 }
1163 if err := cc.Server.writeThreadedNews(); err != nil {
1164 return res, err
1165 }
1166 res = append(res, cc.NewReply(t))
1167 return res, err
1168 }
1169
1170 // Fields used in the request:
1171 // 325 News path Optional
1172 //
1173 // Reply fields:
1174 // 321 News article list data Optional
1175 func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1176 if !authorize(cc.Account.Access, accessNewsReadArt) {
1177 res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
1178 return res, err
1179 }
1180 pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
1181
1182 var cat NewsCategoryListData15
1183 cats := cc.Server.ThreadedNews.Categories
1184
1185 for _, fp := range pathStrs {
1186 cat = cats[fp]
1187 cats = cats[fp].SubCats
1188 }
1189
1190 nald := cat.GetNewsArtListData()
1191
1192 res = append(res, cc.NewReply(t, NewField(fieldNewsArtListData, nald.Payload())))
1193 return res, err
1194 }
1195
1196 func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1197 if !authorize(cc.Account.Access, accessNewsReadArt) {
1198 res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
1199 return res, err
1200 }
1201
1202 // Request fields
1203 // 325 News fp
1204 // 326 News article ID
1205 // 327 News article data flavor
1206
1207 pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
1208
1209 var cat NewsCategoryListData15
1210 cats := cc.Server.ThreadedNews.Categories
1211
1212 for _, fp := range pathStrs {
1213 cat = cats[fp]
1214 cats = cats[fp].SubCats
1215 }
1216 newsArtID := t.GetField(fieldNewsArtID).Data
1217
1218 convertedArtID := binary.BigEndian.Uint16(newsArtID)
1219
1220 art := cat.Articles[uint32(convertedArtID)]
1221 if art == nil {
1222 res = append(res, cc.NewReply(t))
1223 return res, err
1224 }
1225
1226 // Reply fields
1227 // 328 News article title
1228 // 329 News article poster
1229 // 330 News article date
1230 // 331 Previous article ID
1231 // 332 Next article ID
1232 // 335 Parent article ID
1233 // 336 First child article ID
1234 // 327 News article data flavor "Should be “text/plain”
1235 // 333 News article data Optional (if data flavor is “text/plain”)
1236
1237 res = append(res, cc.NewReply(t,
1238 NewField(fieldNewsArtTitle, []byte(art.Title)),
1239 NewField(fieldNewsArtPoster, []byte(art.Poster)),
1240 NewField(fieldNewsArtDate, art.Date),
1241 NewField(fieldNewsArtPrevArt, art.PrevArt),
1242 NewField(fieldNewsArtNextArt, art.NextArt),
1243 NewField(fieldNewsArtParentArt, art.ParentArt),
1244 NewField(fieldNewsArt1stChildArt, art.FirstChildArt),
1245 NewField(fieldNewsArtDataFlav, []byte("text/plain")),
1246 NewField(fieldNewsArtData, []byte(art.Data)),
1247 ))
1248 return res, err
1249 }
1250
1251 func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1252 // Has multiple access flags: News Delete Folder (37) or News Delete Category (35)
1253 // TODO: Implement
1254
1255 pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
1256
1257 // TODO: determine if path is a Folder (Bundle) or Category and check for permission
1258
1259 cc.logger.Infof("DelNewsItem %v", pathStrs)
1260
1261 cats := cc.Server.ThreadedNews.Categories
1262
1263 delName := pathStrs[len(pathStrs)-1]
1264 if len(pathStrs) > 1 {
1265 for _, fp := range pathStrs[0 : len(pathStrs)-1] {
1266 cats = cats[fp].SubCats
1267 }
1268 }
1269
1270 delete(cats, delName)
1271
1272 err = cc.Server.writeThreadedNews()
1273 if err != nil {
1274 return res, err
1275 }
1276
1277 // Reply params: none
1278 res = append(res, cc.NewReply(t))
1279
1280 return res, err
1281 }
1282
1283 func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1284 if !authorize(cc.Account.Access, accessNewsDeleteArt) {
1285 res = append(res, cc.NewErrReply(t, "You are not allowed to delete news articles."))
1286 return res, err
1287 }
1288
1289 // Request Fields
1290 // 325 News path
1291 // 326 News article ID
1292 // 337 News article – recursive delete Delete child articles (1) or not (0)
1293 pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
1294 ID := binary.BigEndian.Uint16(t.GetField(fieldNewsArtID).Data)
1295
1296 // TODO: Delete recursive
1297 cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
1298
1299 catName := pathStrs[len(pathStrs)-1]
1300 cat := cats[catName]
1301
1302 delete(cat.Articles, uint32(ID))
1303
1304 cats[catName] = cat
1305 if err := cc.Server.writeThreadedNews(); err != nil {
1306 return res, err
1307 }
1308
1309 res = append(res, cc.NewReply(t))
1310 return res, err
1311 }
1312
1313 // Request fields
1314 // 325 News path
1315 // 326 News article ID ID of the parent article?
1316 // 328 News article title
1317 // 334 News article flags
1318 // 327 News article data flavor Currently “text/plain”
1319 // 333 News article data
1320 func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1321 if !authorize(cc.Account.Access, accessNewsPostArt) {
1322 res = append(res, cc.NewErrReply(t, "You are not allowed to post news articles."))
1323 return res, err
1324 }
1325
1326 pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
1327 cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
1328
1329 catName := pathStrs[len(pathStrs)-1]
1330 cat := cats[catName]
1331
1332 newArt := NewsArtData{
1333 Title: string(t.GetField(fieldNewsArtTitle).Data),
1334 Poster: string(cc.UserName),
1335 Date: toHotlineTime(time.Now()),
1336 PrevArt: []byte{0, 0, 0, 0},
1337 NextArt: []byte{0, 0, 0, 0},
1338 ParentArt: append([]byte{0, 0}, t.GetField(fieldNewsArtID).Data...),
1339 FirstChildArt: []byte{0, 0, 0, 0},
1340 DataFlav: []byte("text/plain"),
1341 Data: string(t.GetField(fieldNewsArtData).Data),
1342 }
1343
1344 var keys []int
1345 for k := range cat.Articles {
1346 keys = append(keys, int(k))
1347 }
1348
1349 nextID := uint32(1)
1350 if len(keys) > 0 {
1351 sort.Ints(keys)
1352 prevID := uint32(keys[len(keys)-1])
1353 nextID = prevID + 1
1354
1355 binary.BigEndian.PutUint32(newArt.PrevArt, prevID)
1356
1357 // Set next article ID
1358 binary.BigEndian.PutUint32(cat.Articles[prevID].NextArt, nextID)
1359 }
1360
1361 // Update parent article with first child reply
1362 parentID := binary.BigEndian.Uint16(t.GetField(fieldNewsArtID).Data)
1363 if parentID != 0 {
1364 parentArt := cat.Articles[uint32(parentID)]
1365
1366 if bytes.Equal(parentArt.FirstChildArt, []byte{0, 0, 0, 0}) {
1367 binary.BigEndian.PutUint32(parentArt.FirstChildArt, nextID)
1368 }
1369 }
1370
1371 cat.Articles[nextID] = &newArt
1372
1373 cats[catName] = cat
1374 if err := cc.Server.writeThreadedNews(); err != nil {
1375 return res, err
1376 }
1377
1378 res = append(res, cc.NewReply(t))
1379 return res, err
1380 }
1381
1382 // HandleGetMsgs returns the flat news data
1383 func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1384 if !authorize(cc.Account.Access, accessNewsReadArt) {
1385 res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
1386 return res, err
1387 }
1388
1389 res = append(res, cc.NewReply(t, NewField(fieldData, cc.Server.FlatNews)))
1390
1391 return res, err
1392 }
1393
1394 func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1395 if !authorize(cc.Account.Access, accessDownloadFile) {
1396 res = append(res, cc.NewErrReply(t, "You are not allowed to download files."))
1397 return res, err
1398 }
1399
1400 fileName := t.GetField(fieldFileName).Data
1401 filePath := t.GetField(fieldFilePath).Data
1402 resumeData := t.GetField(fieldFileResumeData).Data
1403
1404 var dataOffset int64
1405 var frd FileResumeData
1406 if resumeData != nil {
1407 if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil {
1408 return res, err
1409 }
1410 // TODO: handle rsrc fork offset
1411 dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:]))
1412 }
1413
1414 fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
1415 if err != nil {
1416 return res, err
1417 }
1418
1419 hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, dataOffset)
1420 if err != nil {
1421 return res, err
1422 }
1423
1424 xferSize := hlFile.ffo.TransferSize(0)
1425
1426 ft := cc.newFileTransfer(FileDownload, fileName, filePath, xferSize)
1427
1428 // TODO: refactor to remove this
1429 if resumeData != nil {
1430 var frd FileResumeData
1431 if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil {
1432 return res, err
1433 }
1434 ft.fileResumeData = &frd
1435 }
1436
1437 // Optional field for when a HL v1.5+ client requests file preview
1438 // Used only for TEXT, JPEG, GIFF, BMP or PICT files
1439 // The value will always be 2
1440 if t.GetField(fieldFileTransferOptions).Data != nil {
1441 ft.options = t.GetField(fieldFileTransferOptions).Data
1442 xferSize = hlFile.ffo.FlatFileDataForkHeader.DataSize[:]
1443 }
1444
1445 res = append(res, cc.NewReply(t,
1446 NewField(fieldRefNum, ft.refNum[:]),
1447 NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
1448 NewField(fieldTransferSize, xferSize),
1449 NewField(fieldFileSize, hlFile.ffo.FlatFileDataForkHeader.DataSize[:]),
1450 ))
1451
1452 return res, err
1453 }
1454
1455 // Download all files from the specified folder and sub-folders
1456 func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1457 if !authorize(cc.Account.Access, accessDownloadFile) {
1458 res = append(res, cc.NewErrReply(t, "You are not allowed to download folders."))
1459 return res, err
1460 }
1461
1462 fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data)
1463 if err != nil {
1464 return res, err
1465 }
1466
1467 transferSize, err := CalcTotalSize(fullFilePath)
1468 if err != nil {
1469 return res, err
1470 }
1471 itemCount, err := CalcItemCount(fullFilePath)
1472 if err != nil {
1473 return res, err
1474 }
1475
1476 fileTransfer := cc.newFileTransfer(FolderDownload, t.GetField(fieldFileName).Data, t.GetField(fieldFilePath).Data, transferSize)
1477
1478 var fp FilePath
1479 err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
1480 if err != nil {
1481 return res, err
1482 }
1483
1484 res = append(res, cc.NewReply(t,
1485 NewField(fieldRefNum, fileTransfer.ReferenceNumber),
1486 NewField(fieldTransferSize, transferSize),
1487 NewField(fieldFolderItemCount, itemCount),
1488 NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
1489 ))
1490 return res, err
1491 }
1492
1493 // Upload all files from the local folder and its subfolders to the specified path on the server
1494 // Fields used in the request
1495 // 201 File name
1496 // 202 File path
1497 // 108 transfer size Total size of all items in the folder
1498 // 220 Folder item count
1499 // 204 File transfer options "Optional Currently set to 1" (TODO: ??)
1500 func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1501 var fp FilePath
1502 if t.GetField(fieldFilePath).Data != nil {
1503 if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
1504 return res, err
1505 }
1506 }
1507
1508 // Handle special cases for Upload and Drop Box folders
1509 if !authorize(cc.Account.Access, accessUploadAnywhere) {
1510 if !fp.IsUploadDir() && !fp.IsDropbox() {
1511 res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(fieldFileName).Data))))
1512 return res, err
1513 }
1514 }
1515
1516 fileTransfer := cc.newFileTransfer(FolderUpload,
1517 t.GetField(fieldFileName).Data,
1518 t.GetField(fieldFilePath).Data,
1519 t.GetField(fieldTransferSize).Data,
1520 )
1521
1522 fileTransfer.FolderItemCount = t.GetField(fieldFolderItemCount).Data
1523
1524 res = append(res, cc.NewReply(t, NewField(fieldRefNum, fileTransfer.ReferenceNumber)))
1525 return res, err
1526 }
1527
1528 // HandleUploadFile
1529 // Fields used in the request:
1530 // 201 File name
1531 // 202 File path
1532 // 204 File transfer options "Optional
1533 // Used only to resume download, currently has value 2"
1534 // 108 File transfer size "Optional used if download is not resumed"
1535 func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1536 if !authorize(cc.Account.Access, accessUploadFile) {
1537 res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
1538 return res, err
1539 }
1540
1541 fileName := t.GetField(fieldFileName).Data
1542 filePath := t.GetField(fieldFilePath).Data
1543 transferOptions := t.GetField(fieldFileTransferOptions).Data
1544 transferSize := t.GetField(fieldTransferSize).Data // not sent for resume
1545
1546 var fp FilePath
1547 if filePath != nil {
1548 if err = fp.UnmarshalBinary(filePath); err != nil {
1549 return res, err
1550 }
1551 }
1552
1553 // Handle special cases for Upload and Drop Box folders
1554 if !authorize(cc.Account.Access, accessUploadAnywhere) {
1555 if !fp.IsUploadDir() && !fp.IsDropbox() {
1556 res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName))))
1557 return res, err
1558 }
1559 }
1560 fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
1561 if err != nil {
1562 return res, err
1563 }
1564
1565 if _, err := cc.Server.FS.Stat(fullFilePath); err == nil {
1566 res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload because there is already a file named \"%v\". Try choosing a different name.", string(fileName))))
1567 return res, err
1568 }
1569
1570 ft := cc.newFileTransfer(FileUpload, fileName, filePath, transferSize)
1571
1572 replyT := cc.NewReply(t, NewField(fieldRefNum, ft.ReferenceNumber))
1573
1574 // client has requested to resume a partially transferred file
1575 if transferOptions != nil {
1576
1577 fileInfo, err := cc.Server.FS.Stat(fullFilePath + incompleteFileSuffix)
1578 if err != nil {
1579 return res, err
1580 }
1581
1582 offset := make([]byte, 4)
1583 binary.BigEndian.PutUint32(offset, uint32(fileInfo.Size()))
1584
1585 fileResumeData := NewFileResumeData([]ForkInfoList{
1586 *NewForkInfoList(offset),
1587 })
1588
1589 b, _ := fileResumeData.BinaryMarshal()
1590
1591 ft.TransferSize = offset
1592
1593 replyT.Fields = append(replyT.Fields, NewField(fieldFileResumeData, b))
1594 }
1595
1596 res = append(res, replyT)
1597 return res, err
1598 }
1599
1600 func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1601 if len(t.GetField(fieldUserIconID).Data) == 4 {
1602 cc.Icon = t.GetField(fieldUserIconID).Data[2:]
1603 } else {
1604 cc.Icon = t.GetField(fieldUserIconID).Data
1605 }
1606 if cc.Authorize(accessAnyName) {
1607 cc.UserName = t.GetField(fieldUserName).Data
1608 }
1609
1610 // the options field is only passed by the client versions > 1.2.3.
1611 options := t.GetField(fieldOptions).Data
1612 if options != nil {
1613 optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
1614 flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags)))
1615
1616 flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM))
1617 binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
1618
1619 flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat))
1620 binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
1621
1622 // Check auto response
1623 if optBitmap.Bit(autoResponse) == 1 {
1624 cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
1625 } else {
1626 cc.AutoReply = []byte{}
1627 }
1628 }
1629
1630 for _, c := range sortedClients(cc.Server.Clients) {
1631 res = append(res, *NewTransaction(
1632 tranNotifyChangeUser,
1633 c.ID,
1634 NewField(fieldUserID, *cc.ID),
1635 NewField(fieldUserIconID, cc.Icon),
1636 NewField(fieldUserFlags, cc.Flags),
1637 NewField(fieldUserName, cc.UserName),
1638 ))
1639 }
1640
1641 return res, err
1642 }
1643
1644 // HandleKeepAlive responds to keepalive transactions with an empty reply
1645 // * HL 1.9.2 Client sends keepalive msg every 3 minutes
1646 // * HL 1.2.3 Client doesn't send keepalives
1647 func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1648 res = append(res, cc.NewReply(t))
1649
1650 return res, err
1651 }
1652
1653 func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1654 fullPath, err := readPath(
1655 cc.Server.Config.FileRoot,
1656 t.GetField(fieldFilePath).Data,
1657 nil,
1658 )
1659 if err != nil {
1660 return res, err
1661 }
1662
1663 var fp FilePath
1664 if t.GetField(fieldFilePath).Data != nil {
1665 if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
1666 return res, err
1667 }
1668 }
1669
1670 // Handle special case for drop box folders
1671 if fp.IsDropbox() && !authorize(cc.Account.Access, accessViewDropBoxes) {
1672 res = append(res, cc.NewErrReply(t, "You are not allowed to view drop boxes."))
1673 return res, err
1674 }
1675
1676 fileNames, err := getFileNameList(fullPath, cc.Server.Config.IgnoreFiles)
1677 if err != nil {
1678 return res, err
1679 }
1680
1681 res = append(res, cc.NewReply(t, fileNames...))
1682
1683 return res, err
1684 }
1685
1686 // =================================
1687 // Hotline private chat flow
1688 // =================================
1689 // 1. ClientA sends tranInviteNewChat to server with user ID to invite
1690 // 2. Server creates new ChatID
1691 // 3. Server sends tranInviteToChat to invitee
1692 // 4. Server replies to ClientA with new Chat ID
1693 //
1694 // A dialog box pops up in the invitee client with options to accept or decline the invitation.
1695 // If Accepted is clicked:
1696 // 1. ClientB sends tranJoinChat with fieldChatID
1697
1698 // HandleInviteNewChat invites users to new private chat
1699 func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1700 if !authorize(cc.Account.Access, accessOpenChat) {
1701 res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat."))
1702 return res, err
1703 }
1704
1705 // Client to Invite
1706 targetID := t.GetField(fieldUserID).Data
1707 newChatID := cc.Server.NewPrivateChat(cc)
1708
1709 res = append(res,
1710 *NewTransaction(
1711 tranInviteToChat,
1712 &targetID,
1713 NewField(fieldChatID, newChatID),
1714 NewField(fieldUserName, cc.UserName),
1715 NewField(fieldUserID, *cc.ID),
1716 ),
1717 )
1718
1719 res = append(res,
1720 cc.NewReply(t,
1721 NewField(fieldChatID, newChatID),
1722 NewField(fieldUserName, cc.UserName),
1723 NewField(fieldUserID, *cc.ID),
1724 NewField(fieldUserIconID, cc.Icon),
1725 NewField(fieldUserFlags, cc.Flags),
1726 ),
1727 )
1728
1729 return res, err
1730 }
1731
1732 func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1733 if !authorize(cc.Account.Access, accessOpenChat) {
1734 res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat."))
1735 return res, err
1736 }
1737
1738 // Client to Invite
1739 targetID := t.GetField(fieldUserID).Data
1740 chatID := t.GetField(fieldChatID).Data
1741
1742 res = append(res,
1743 *NewTransaction(
1744 tranInviteToChat,
1745 &targetID,
1746 NewField(fieldChatID, chatID),
1747 NewField(fieldUserName, cc.UserName),
1748 NewField(fieldUserID, *cc.ID),
1749 ),
1750 )
1751 res = append(res,
1752 cc.NewReply(
1753 t,
1754 NewField(fieldChatID, chatID),
1755 NewField(fieldUserName, cc.UserName),
1756 NewField(fieldUserID, *cc.ID),
1757 NewField(fieldUserIconID, cc.Icon),
1758 NewField(fieldUserFlags, cc.Flags),
1759 ),
1760 )
1761
1762 return res, err
1763 }
1764
1765 func HandleRejectChatInvite(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1766 chatID := t.GetField(fieldChatID).Data
1767 chatInt := binary.BigEndian.Uint32(chatID)
1768
1769 privChat := cc.Server.PrivateChats[chatInt]
1770
1771 resMsg := append(cc.UserName, []byte(" declined invitation to chat")...)
1772
1773 for _, c := range sortedClients(privChat.ClientConn) {
1774 res = append(res,
1775 *NewTransaction(
1776 tranChatMsg,
1777 c.ID,
1778 NewField(fieldChatID, chatID),
1779 NewField(fieldData, resMsg),
1780 ),
1781 )
1782 }
1783
1784 return res, err
1785 }
1786
1787 // HandleJoinChat is sent from a v1.8+ Hotline client when the joins a private chat
1788 // Fields used in the reply:
1789 // * 115 Chat subject
1790 // * 300 User name with info (Optional)
1791 // * 300 (more user names with info)
1792 func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1793 chatID := t.GetField(fieldChatID).Data
1794 chatInt := binary.BigEndian.Uint32(chatID)
1795
1796 privChat := cc.Server.PrivateChats[chatInt]
1797
1798 // Send tranNotifyChatChangeUser to current members of the chat to inform of new user
1799 for _, c := range sortedClients(privChat.ClientConn) {
1800 res = append(res,
1801 *NewTransaction(
1802 tranNotifyChatChangeUser,
1803 c.ID,
1804 NewField(fieldChatID, chatID),
1805 NewField(fieldUserName, cc.UserName),
1806 NewField(fieldUserID, *cc.ID),
1807 NewField(fieldUserIconID, cc.Icon),
1808 NewField(fieldUserFlags, cc.Flags),
1809 ),
1810 )
1811 }
1812
1813 privChat.ClientConn[cc.uint16ID()] = cc
1814
1815 replyFields := []Field{NewField(fieldChatSubject, []byte(privChat.Subject))}
1816 for _, c := range sortedClients(privChat.ClientConn) {
1817 user := User{
1818 ID: *c.ID,
1819 Icon: c.Icon,
1820 Flags: c.Flags,
1821 Name: string(c.UserName),
1822 }
1823
1824 replyFields = append(replyFields, NewField(fieldUsernameWithInfo, user.Payload()))
1825 }
1826
1827 res = append(res, cc.NewReply(t, replyFields...))
1828 return res, err
1829 }
1830
1831 // HandleLeaveChat is sent from a v1.8+ Hotline client when the user exits a private chat
1832 // Fields used in the request:
1833 // * 114 fieldChatID
1834 // Reply is not expected.
1835 func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1836 chatID := t.GetField(fieldChatID).Data
1837 chatInt := binary.BigEndian.Uint32(chatID)
1838
1839 privChat, ok := cc.Server.PrivateChats[chatInt]
1840 if !ok {
1841 return res, nil
1842 }
1843
1844 delete(privChat.ClientConn, cc.uint16ID())
1845
1846 // Notify members of the private chat that the user has left
1847 for _, c := range sortedClients(privChat.ClientConn) {
1848 res = append(res,
1849 *NewTransaction(
1850 tranNotifyChatDeleteUser,
1851 c.ID,
1852 NewField(fieldChatID, chatID),
1853 NewField(fieldUserID, *cc.ID),
1854 ),
1855 )
1856 }
1857
1858 return res, err
1859 }
1860
1861 // HandleSetChatSubject is sent from a v1.8+ Hotline client when the user sets a private chat subject
1862 // Fields used in the request:
1863 // * 114 Chat ID
1864 // * 115 Chat subject Chat subject string
1865 // Reply is not expected.
1866 func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1867 chatID := t.GetField(fieldChatID).Data
1868 chatInt := binary.BigEndian.Uint32(chatID)
1869
1870 privChat := cc.Server.PrivateChats[chatInt]
1871 privChat.Subject = string(t.GetField(fieldChatSubject).Data)
1872
1873 for _, c := range sortedClients(privChat.ClientConn) {
1874 res = append(res,
1875 *NewTransaction(
1876 tranNotifyChatSubject,
1877 c.ID,
1878 NewField(fieldChatID, chatID),
1879 NewField(fieldChatSubject, t.GetField(fieldChatSubject).Data),
1880 ),
1881 )
1882 }
1883
1884 return res, err
1885 }
1886
1887 // HandleMakeAlias makes a filer alias using the specified path.
1888 // Fields used in the request:
1889 // 201 File name
1890 // 202 File path
1891 // 212 File new path Destination path
1892 //
1893 // Fields used in the reply:
1894 // None
1895 func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1896 if !authorize(cc.Account.Access, accessMakeAlias) {
1897 res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases."))
1898 return res, err
1899 }
1900 fileName := t.GetField(fieldFileName).Data
1901 filePath := t.GetField(fieldFilePath).Data
1902 fileNewPath := t.GetField(fieldFileNewPath).Data
1903
1904 fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
1905 if err != nil {
1906 return res, err
1907 }
1908
1909 fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, fileNewPath, fileName)
1910 if err != nil {
1911 return res, err
1912 }
1913
1914 cc.logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
1915
1916 if err := cc.Server.FS.Symlink(fullFilePath, fullNewFilePath); err != nil {
1917 res = append(res, cc.NewErrReply(t, "Error creating alias"))
1918 return res, nil
1919 }
1920
1921 res = append(res, cc.NewReply(t))
1922 return res, err
1923 }
1924
1925 func HandleDownloadBanner(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
1926 fi, err := cc.Server.FS.Stat(filepath.Join(cc.Server.ConfigDir, cc.Server.Config.BannerFile))
1927 if err != nil {
1928 return res, err
1929 }
1930
1931 ft := cc.newFileTransfer(bannerDownload, []byte{}, []byte{}, make([]byte, 4))
1932
1933 binary.BigEndian.PutUint32(ft.TransferSize, uint32(fi.Size()))
1934
1935 res = append(res, cc.NewReply(t,
1936 NewField(fieldRefNum, ft.refNum[:]),
1937 NewField(fieldTransferSize, ft.TransferSize),
1938 ))
1939
1940 return res, err
1941 }
Friendship Quest remix of mobius, a hotline server in go #cli