package hotline import ( "bufio" "bytes" "encoding/binary" "errors" "fmt" "gopkg.in/yaml.v3" "io" "math/big" "os" "path" "path/filepath" "sort" "strings" "time" ) type HandlerFunc func(*ClientConn, *Transaction) ([]Transaction, error) type TransactionType struct { Handler HandlerFunc // function for handling the transaction type Name string // Name of transaction as it will appear in logging RequiredFields []requiredField } var TransactionHandlers = map[uint16]TransactionType{ // Server initiated TranChatMsg: { Name: "TranChatMsg", }, // Server initiated TranNotifyChangeUser: { Name: "TranNotifyChangeUser", }, TranError: { Name: "TranError", }, TranShowAgreement: { Name: "TranShowAgreement", }, TranUserAccess: { Name: "TranUserAccess", }, TranNotifyDeleteUser: { Name: "TranNotifyDeleteUser", }, TranAgreed: { Name: "TranAgreed", Handler: HandleTranAgreed, }, TranChatSend: { Name: "TranChatSend", Handler: HandleChatSend, RequiredFields: []requiredField{ { ID: FieldData, minLen: 0, }, }, }, TranDelNewsArt: { Name: "TranDelNewsArt", Handler: HandleDelNewsArt, }, TranDelNewsItem: { Name: "TranDelNewsItem", Handler: HandleDelNewsItem, }, TranDeleteFile: { Name: "TranDeleteFile", Handler: HandleDeleteFile, }, TranDeleteUser: { Name: "TranDeleteUser", Handler: HandleDeleteUser, }, TranDisconnectUser: { Name: "TranDisconnectUser", Handler: HandleDisconnectUser, }, TranDownloadFile: { Name: "TranDownloadFile", Handler: HandleDownloadFile, }, TranDownloadFldr: { Name: "TranDownloadFldr", Handler: HandleDownloadFolder, }, TranGetClientInfoText: { Name: "TranGetClientInfoText", Handler: HandleGetClientInfoText, }, TranGetFileInfo: { Name: "TranGetFileInfo", Handler: HandleGetFileInfo, }, TranGetFileNameList: { Name: "TranGetFileNameList", Handler: HandleGetFileNameList, }, TranGetMsgs: { Name: "TranGetMsgs", Handler: HandleGetMsgs, }, TranGetNewsArtData: { Name: "TranGetNewsArtData", Handler: HandleGetNewsArtData, }, TranGetNewsArtNameList: { Name: "TranGetNewsArtNameList", Handler: HandleGetNewsArtNameList, }, TranGetNewsCatNameList: { Name: "TranGetNewsCatNameList", Handler: HandleGetNewsCatNameList, }, TranGetUser: { Name: "TranGetUser", Handler: HandleGetUser, }, TranGetUserNameList: { Name: "tranHandleGetUserNameList", Handler: HandleGetUserNameList, }, TranInviteNewChat: { Name: "TranInviteNewChat", Handler: HandleInviteNewChat, }, TranInviteToChat: { Name: "TranInviteToChat", Handler: HandleInviteToChat, }, TranJoinChat: { Name: "TranJoinChat", Handler: HandleJoinChat, }, TranKeepAlive: { Name: "TranKeepAlive", Handler: HandleKeepAlive, }, TranLeaveChat: { Name: "TranJoinChat", Handler: HandleLeaveChat, }, TranListUsers: { Name: "TranListUsers", Handler: HandleListUsers, }, TranMoveFile: { Name: "TranMoveFile", Handler: HandleMoveFile, }, TranNewFolder: { Name: "TranNewFolder", Handler: HandleNewFolder, }, TranNewNewsCat: { Name: "TranNewNewsCat", Handler: HandleNewNewsCat, }, TranNewNewsFldr: { Name: "TranNewNewsFldr", Handler: HandleNewNewsFldr, }, TranNewUser: { Name: "TranNewUser", Handler: HandleNewUser, }, TranUpdateUser: { Name: "TranUpdateUser", Handler: HandleUpdateUser, }, TranOldPostNews: { Name: "TranOldPostNews", Handler: HandleTranOldPostNews, }, TranPostNewsArt: { Name: "TranPostNewsArt", Handler: HandlePostNewsArt, }, TranRejectChatInvite: { Name: "TranRejectChatInvite", Handler: HandleRejectChatInvite, }, TranSendInstantMsg: { Name: "TranSendInstantMsg", Handler: HandleSendInstantMsg, RequiredFields: []requiredField{ { ID: FieldData, minLen: 0, }, { ID: FieldUserID, }, }, }, TranSetChatSubject: { Name: "TranSetChatSubject", Handler: HandleSetChatSubject, }, TranMakeFileAlias: { Name: "TranMakeFileAlias", Handler: HandleMakeAlias, RequiredFields: []requiredField{ {ID: FieldFileName, minLen: 1}, {ID: FieldFilePath, minLen: 1}, {ID: FieldFileNewPath, minLen: 1}, }, }, TranSetClientUserInfo: { Name: "TranSetClientUserInfo", Handler: HandleSetClientUserInfo, }, TranSetFileInfo: { Name: "TranSetFileInfo", Handler: HandleSetFileInfo, }, TranSetUser: { Name: "TranSetUser", Handler: HandleSetUser, }, TranUploadFile: { Name: "TranUploadFile", Handler: HandleUploadFile, }, TranUploadFldr: { Name: "TranUploadFldr", Handler: HandleUploadFolder, }, TranUserBroadcast: { Name: "TranUserBroadcast", Handler: HandleUserBroadcast, }, TranDownloadBanner: { Name: "TranDownloadBanner", Handler: HandleDownloadBanner, }, } func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessSendChat) { res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat.")) return res, err } // Truncate long usernames trunc := fmt.Sprintf("%13s", cc.UserName) formattedMsg := fmt.Sprintf("\r%.14s: %s", trunc, t.GetField(FieldData).Data) // By holding the option key, Hotline chat allows users to send /me formatted messages like: // *** Halcyon does stuff // This is indicated by the presence of the optional field FieldChatOptions set to a value of 1. // Most clients do not send this option for normal chat messages. if t.GetField(FieldChatOptions).Data != nil && bytes.Equal(t.GetField(FieldChatOptions).Data, []byte{0, 1}) { formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(FieldData).Data) } // The ChatID field is used to identify messages as belonging to a private chat. // All clients *except* Frogblast omit this field for public chat, but Frogblast sends a value of 00 00 00 00. chatID := t.GetField(FieldChatID).Data if chatID != nil && !bytes.Equal([]byte{0, 0, 0, 0}, chatID) { chatInt := binary.BigEndian.Uint32(chatID) privChat := cc.Server.PrivateChats[chatInt] clients := sortedClients(privChat.ClientConn) // send the message to all connected clients of the private chat for _, c := range clients { res = append(res, *NewTransaction( TranChatMsg, c.ID, NewField(FieldChatID, chatID), NewField(FieldData, []byte(formattedMsg)), )) } return res, err } for _, c := range sortedClients(cc.Server.Clients) { // Filter out clients that do not have the read chat permission if c.Authorize(accessReadChat) { res = append(res, *NewTransaction(TranChatMsg, c.ID, NewField(FieldData, []byte(formattedMsg)))) } } return res, err } // HandleSendInstantMsg sends instant message to the user on the current server. // Fields used in the request: // // 103 User ID // 113 Options // One of the following values: // - User message (myOpt_UserMessage = 1) // - Refuse message (myOpt_RefuseMessage = 2) // - Refuse chat (myOpt_RefuseChat = 3) // - Automatic response (myOpt_AutomaticResponse = 4)" // 101 Data Optional // 214 Quoting message Optional // // Fields used in the reply: // None func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessSendPrivMsg) { res = append(res, cc.NewErrReply(t, "You are not allowed to send private messages.")) return res, errors.New("user is not allowed to send private messages") } msg := t.GetField(FieldData) ID := t.GetField(FieldUserID) reply := NewTransaction( TranServerMsg, &ID.Data, NewField(FieldData, msg.Data), NewField(FieldUserName, cc.UserName), NewField(FieldUserID, *cc.ID), NewField(FieldOptions, []byte{0, 1}), ) // Later versions of Hotline include the original message in the FieldQuotingMsg field so // the receiving client can display both the received message and what it is in reply to if t.GetField(FieldQuotingMsg).Data != nil { reply.Fields = append(reply.Fields, NewField(FieldQuotingMsg, t.GetField(FieldQuotingMsg).Data)) } id, err := byteToInt(ID.Data) if err != nil { return res, errors.New("invalid client ID") } otherClient, ok := cc.Server.Clients[uint16(id)] if !ok { return res, errors.New("invalid client ID") } // Check if target user has "Refuse private messages" flag flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags))) if flagBitmap.Bit(UserFlagRefusePM) == 1 { res = append(res, *NewTransaction( TranServerMsg, cc.ID, NewField(FieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")), NewField(FieldUserName, otherClient.UserName), NewField(FieldUserID, *otherClient.ID), NewField(FieldOptions, []byte{0, 2}), ), ) } else { res = append(res, *reply) } // Respond with auto reply if other client has it enabled if len(otherClient.AutoReply) > 0 { res = append(res, *NewTransaction( TranServerMsg, cc.ID, NewField(FieldData, otherClient.AutoReply), NewField(FieldUserName, otherClient.UserName), NewField(FieldUserID, *otherClient.ID), NewField(FieldOptions, []byte{0, 1}), ), ) } res = append(res, cc.NewReply(t)) return res, err } func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) { fileName := t.GetField(FieldFileName).Data filePath := t.GetField(FieldFilePath).Data fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) if err != nil { return res, err } fw, err := newFileWrapper(cc.Server.FS, fullFilePath, 0) if err != nil { return res, err } encodedName, err := txtEncoder.String(fw.name) if err != nil { return res, fmt.Errorf("invalid filepath encoding: %w", err) } fields := []Field{ NewField(FieldFileName, []byte(encodedName)), NewField(FieldFileTypeString, fw.ffo.FlatFileInformationFork.friendlyType()), NewField(FieldFileCreatorString, fw.ffo.FlatFileInformationFork.friendlyCreator()), NewField(FieldFileType, fw.ffo.FlatFileInformationFork.TypeSignature), NewField(FieldFileCreateDate, fw.ffo.FlatFileInformationFork.CreateDate), NewField(FieldFileModifyDate, fw.ffo.FlatFileInformationFork.ModifyDate), } // Include the optional FileComment field if there is a comment. if len(fw.ffo.FlatFileInformationFork.Comment) != 0 { fields = append(fields, NewField(FieldFileComment, fw.ffo.FlatFileInformationFork.Comment)) } // Include the FileSize field for files. if !bytes.Equal(fw.ffo.FlatFileInformationFork.TypeSignature, []byte{0x66, 0x6c, 0x64, 0x72}) { fields = append(fields, NewField(FieldFileSize, fw.totalSize())) } res = append(res, cc.NewReply(t, fields...)) return res, err } // HandleSetFileInfo updates a file or folder Name and/or comment from the Get Info window // Fields used in the request: // * 201 File Name // * 202 File path Optional // * 211 File new Name Optional // * 210 File comment Optional // Fields used in the reply: None func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) { fileName := t.GetField(FieldFileName).Data filePath := t.GetField(FieldFilePath).Data fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) if err != nil { return res, err } fi, err := cc.Server.FS.Stat(fullFilePath) if err != nil { return res, err } hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0) if err != nil { return res, err } if t.GetField(FieldFileComment).Data != nil { switch mode := fi.Mode(); { case mode.IsDir(): if !cc.Authorize(accessSetFolderComment) { res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for folders.")) return res, err } case mode.IsRegular(): if !cc.Authorize(accessSetFileComment) { res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for files.")) return res, err } } if err := hlFile.ffo.FlatFileInformationFork.setComment(t.GetField(FieldFileComment).Data); err != nil { return res, err } w, err := hlFile.infoForkWriter() if err != nil { return res, err } _, err = io.Copy(w, &hlFile.ffo.FlatFileInformationFork) if err != nil { return res, err } } fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(FieldFileNewName).Data) if err != nil { return nil, err } fileNewName := t.GetField(FieldFileNewName).Data if fileNewName != nil { switch mode := fi.Mode(); { case mode.IsDir(): if !cc.Authorize(accessRenameFolder) { res = append(res, cc.NewErrReply(t, "You are not allowed to rename folders.")) return res, err } err = os.Rename(fullFilePath, fullNewFilePath) if os.IsNotExist(err) { res = append(res, cc.NewErrReply(t, "Cannot rename folder "+string(fileName)+" because it does not exist or cannot be found.")) return res, err } case mode.IsRegular(): if !cc.Authorize(accessRenameFile) { res = append(res, cc.NewErrReply(t, "You are not allowed to rename files.")) return res, err } fileDir, err := readPath(cc.Server.Config.FileRoot, filePath, []byte{}) if err != nil { return nil, err } hlFile.name, err = txtDecoder.String(string(fileNewName)) if err != nil { return res, fmt.Errorf("invalid filepath encoding: %w", err) } err = hlFile.move(fileDir) if os.IsNotExist(err) { res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found.")) return res, err } if err != nil { return res, err } } } res = append(res, cc.NewReply(t)) return res, err } // HandleDeleteFile deletes a file or folder // Fields used in the request: // * 201 File Name // * 202 File path // Fields used in the reply: none func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { fileName := t.GetField(FieldFileName).Data filePath := t.GetField(FieldFilePath).Data fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) if err != nil { return res, err } hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0) if err != nil { return res, err } fi, err := hlFile.dataFile() if err != nil { res = append(res, cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found.")) return res, nil } switch mode := fi.Mode(); { case mode.IsDir(): if !cc.Authorize(accessDeleteFolder) { res = append(res, cc.NewErrReply(t, "You are not allowed to delete folders.")) return res, err } case mode.IsRegular(): if !cc.Authorize(accessDeleteFile) { res = append(res, cc.NewErrReply(t, "You are not allowed to delete files.")) return res, err } } if err := hlFile.delete(); err != nil { return res, err } res = append(res, cc.NewReply(t)) return res, err } // HandleMoveFile moves files or folders. Note: seemingly not documented func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { fileName := string(t.GetField(FieldFileName).Data) filePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFilePath).Data, t.GetField(FieldFileName).Data) if err != nil { return res, err } fileNewPath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFileNewPath).Data, nil) if err != nil { return res, err } cc.logger.Info("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName) hlFile, err := newFileWrapper(cc.Server.FS, filePath, 0) if err != nil { return res, err } fi, err := hlFile.dataFile() if err != nil { res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found.")) return res, err } switch mode := fi.Mode(); { case mode.IsDir(): if !cc.Authorize(accessMoveFolder) { res = append(res, cc.NewErrReply(t, "You are not allowed to move folders.")) return res, err } case mode.IsRegular(): if !cc.Authorize(accessMoveFile) { res = append(res, cc.NewErrReply(t, "You are not allowed to move files.")) return res, err } } if err := hlFile.move(fileNewPath); err != nil { return res, err } // TODO: handle other possible errors; e.g. fileWrapper delete fails due to fileWrapper permission issue res = append(res, cc.NewReply(t)) return res, err } func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessCreateFolder) { res = append(res, cc.NewErrReply(t, "You are not allowed to create folders.")) return res, err } folderName := string(t.GetField(FieldFileName).Data) folderName = path.Join("/", folderName) var subPath string // FieldFilePath is only present for nested paths if t.GetField(FieldFilePath).Data != nil { var newFp FilePath _, err := newFp.Write(t.GetField(FieldFilePath).Data) if err != nil { return nil, err } for _, pathItem := range newFp.Items { subPath = filepath.Join("/", subPath, string(pathItem.Name)) } } newFolderPath := path.Join(cc.Server.Config.FileRoot, subPath, folderName) newFolderPath, err = txtDecoder.String(newFolderPath) if err != nil { return res, fmt.Errorf("invalid filepath encoding: %w", err) } // TODO: check path and folder Name lengths if _, err := cc.Server.FS.Stat(newFolderPath); !os.IsNotExist(err) { msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that Name.", folderName) return []Transaction{cc.NewErrReply(t, msg)}, nil } if err := cc.Server.FS.Mkdir(newFolderPath, 0777); err != nil { msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName) return []Transaction{cc.NewErrReply(t, msg)}, nil } res = append(res, cc.NewReply(t)) return res, err } func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessModifyUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts.")) return res, err } login := string(encodeString(t.GetField(FieldUserLogin).Data)) userName := string(t.GetField(FieldUserName).Data) newAccessLvl := t.GetField(FieldUserAccess).Data account := cc.Server.Accounts[login] if account == nil { return append(res, cc.NewErrReply(t, "Account not found.")), nil } account.Name = userName copy(account.Access[:], newAccessLvl) // If the password field is cleared in the Hotline edit user UI, the SetUser transaction does // not include FieldUserPassword if t.GetField(FieldUserPassword).Data == nil { account.Password = hashAndSalt([]byte("")) } if !bytes.Equal([]byte{0}, t.GetField(FieldUserPassword).Data) { account.Password = hashAndSalt(t.GetField(FieldUserPassword).Data) } out, err := yaml.Marshal(&account) if err != nil { return res, err } if err := os.WriteFile(filepath.Join(cc.Server.ConfigDir, "Users", login+".yaml"), out, 0666); err != nil { return res, err } // Notify connected clients logged in as the user of the new access level for _, c := range cc.Server.Clients { if c.Account.Login == login { // Note: comment out these two lines to test server-side deny messages newT := NewTransaction(TranUserAccess, c.ID, NewField(FieldUserAccess, newAccessLvl)) res = append(res, *newT) flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(c.Flags))) if c.Authorize(accessDisconUser) { flagBitmap.SetBit(flagBitmap, UserFlagAdmin, 1) } else { flagBitmap.SetBit(flagBitmap, UserFlagAdmin, 0) } binary.BigEndian.PutUint16(c.Flags, uint16(flagBitmap.Int64())) c.Account.Access = account.Access cc.sendAll( TranNotifyChangeUser, NewField(FieldUserID, *c.ID), NewField(FieldUserFlags, c.Flags), NewField(FieldUserName, c.UserName), NewField(FieldUserIconID, c.Icon), ) } } res = append(res, cc.NewReply(t)) return res, err } func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessOpenUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts.")) return res, err } account := cc.Server.Accounts[string(t.GetField(FieldUserLogin).Data)] if account == nil { res = append(res, cc.NewErrReply(t, "Account does not exist.")) return res, err } res = append(res, cc.NewReply(t, NewField(FieldUserName, []byte(account.Name)), NewField(FieldUserLogin, encodeString(t.GetField(FieldUserLogin).Data)), NewField(FieldUserPassword, []byte(account.Password)), NewField(FieldUserAccess, account.Access[:]), )) return res, err } func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessOpenUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts.")) return res, err } var userFields []Field for _, acc := range cc.Server.Accounts { accCopy := *acc b, err := io.ReadAll(&accCopy) if err != nil { return res, err } userFields = append(userFields, NewField(FieldData, b)) } res = append(res, cc.NewReply(t, userFields...)) return res, err } // HandleUpdateUser is used by the v1.5+ multi-user editor to perform account editing for multiple users at a time. // An update can be a mix of these actions: // * Create user // * Delete user // * Modify user (including renaming the account login) // // The Transaction sent by the client includes one data field per user that was modified. This data field in turn // contains another data field encoded in its payload with a varying number of sub fields depending on which action is // performed. This seems to be the only place in the Hotline protocol where a data field contains another data field. func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { for _, field := range t.Fields { var subFields []Field // Create a new scanner for parsing incoming bytes into transaction tokens scanner := bufio.NewScanner(bytes.NewReader(field.Data[2:])) scanner.Split(fieldScanner) for i := 0; i < int(binary.BigEndian.Uint16(field.Data[0:2])); i++ { scanner.Scan() var field Field if _, err := field.Write(scanner.Bytes()); err != nil { return res, fmt.Errorf("error reading field: %w", err) } subFields = append(subFields, field) } // If there's only one subfield, that indicates this is a delete operation for the login in FieldData if len(subFields) == 1 { if !cc.Authorize(accessDeleteUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) return res, err } login := string(encodeString(getField(FieldData, &subFields).Data)) cc.logger.Info("DeleteUser", "login", login) if err := cc.Server.DeleteUser(login); err != nil { return res, err } continue } // login of the account to update var accountToUpdate, loginToRename string // If FieldData is included, this is a rename operation where FieldData contains the login of the existing // account and FieldUserLogin contains the new login. if getField(FieldData, &subFields) != nil { loginToRename = string(encodeString(getField(FieldData, &subFields).Data)) } userLogin := string(encodeString(getField(FieldUserLogin, &subFields).Data)) if loginToRename != "" { accountToUpdate = loginToRename } else { accountToUpdate = userLogin } // Check if accountToUpdate has an existing account. If so, we know we are updating an existing user. if acc, ok := cc.Server.Accounts[accountToUpdate]; ok { if loginToRename != "" { cc.logger.Info("RenameUser", "prevLogin", accountToUpdate, "newLogin", userLogin) } else { cc.logger.Info("UpdateUser", "login", accountToUpdate) } // account exists, so this is an update action if !cc.Authorize(accessModifyUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts.")) return res, nil } // This part is a bit tricky. There are three possibilities: // 1) The transaction is intended to update the password. // In this case, FieldUserPassword is sent with the new password. // 2) The transaction is intended to remove the password. // In this case, FieldUserPassword is not sent. // 3) The transaction updates the users access bits, but not the password. // In this case, FieldUserPassword is sent with zero as the only byte. if getField(FieldUserPassword, &subFields) != nil { newPass := getField(FieldUserPassword, &subFields).Data if !bytes.Equal([]byte{0}, newPass) { acc.Password = hashAndSalt(newPass) } } else { acc.Password = hashAndSalt([]byte("")) } if getField(FieldUserAccess, &subFields) != nil { copy(acc.Access[:], getField(FieldUserAccess, &subFields).Data) } err = cc.Server.UpdateUser( string(encodeString(getField(FieldData, &subFields).Data)), string(encodeString(getField(FieldUserLogin, &subFields).Data)), string(getField(FieldUserName, &subFields).Data), acc.Password, acc.Access, ) if err != nil { return res, err } } else { if !cc.Authorize(accessCreateUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts.")) return res, nil } cc.logger.Info("CreateUser", "login", userLogin) newAccess := accessBitmap{} copy(newAccess[:], getField(FieldUserAccess, &subFields).Data) // Prevent account from creating new account with greater permission for i := 0; i < 64; i++ { if newAccess.IsSet(i) { if !cc.Authorize(i) { return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), nil } } } err = cc.Server.NewUser(userLogin, string(getField(FieldUserName, &subFields).Data), string(getField(FieldUserPassword, &subFields).Data), newAccess) if err != nil { return append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")), nil } } } res = append(res, cc.NewReply(t)) return res, err } // HandleNewUser creates a new user account func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessCreateUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts.")) return res, err } login := string(encodeString(t.GetField(FieldUserLogin).Data)) // If the account already dataFile, reply with an error if _, ok := cc.Server.Accounts[login]; ok { res = append(res, cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login.")) return res, err } newAccess := accessBitmap{} copy(newAccess[:], t.GetField(FieldUserAccess).Data) // Prevent account from creating new account with greater permission for i := 0; i < 64; i++ { if newAccess.IsSet(i) { if !cc.Authorize(i) { res = append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")) return res, err } } } if err := cc.Server.NewUser(login, string(t.GetField(FieldUserName).Data), string(t.GetField(FieldUserPassword).Data), newAccess); err != nil { res = append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")) return res, err } res = append(res, cc.NewReply(t)) return res, err } func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessDeleteUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) return res, nil } login := string(encodeString(t.GetField(FieldUserLogin).Data)) if err := cc.Server.DeleteUser(login); err != nil { return res, err } res = append(res, cc.NewReply(t)) return res, err } // HandleUserBroadcast sends an Administrator Message to all connected clients of the server func HandleUserBroadcast(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessBroadcast) { res = append(res, cc.NewErrReply(t, "You are not allowed to send broadcast messages.")) return res, err } cc.sendAll( TranServerMsg, NewField(FieldData, t.GetField(TranGetMsgs).Data), NewField(FieldChatOptions, []byte{0}), ) res = append(res, cc.NewReply(t)) return res, err } // HandleGetClientInfoText returns user information for the specific user. // // Fields used in the request: // 103 User ID // // Fields used in the reply: // 102 User Name // 101 Data User info text string func HandleGetClientInfoText(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessGetClientInfo) { res = append(res, cc.NewErrReply(t, "You are not allowed to get client info.")) return res, err } clientID, _ := byteToInt(t.GetField(FieldUserID).Data) clientConn := cc.Server.Clients[uint16(clientID)] if clientConn == nil { return append(res, cc.NewErrReply(t, "User not found.")), err } res = append(res, cc.NewReply(t, NewField(FieldData, []byte(clientConn.String())), NewField(FieldUserName, clientConn.UserName), )) return res, err } func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) { res = append(res, cc.NewReply(t, cc.Server.connectedUsers()...)) return res, err } func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if t.GetField(FieldUserName).Data != nil { if cc.Authorize(accessAnyName) { cc.UserName = t.GetField(FieldUserName).Data } else { cc.UserName = []byte(cc.Account.Name) } } cc.Icon = t.GetField(FieldUserIconID).Data cc.logger = cc.logger.With("Name", string(cc.UserName)) cc.logger.Info("Login successful", "clientVersion", fmt.Sprintf("%v", func() int { i, _ := byteToInt(cc.Version); return i }())) options := t.GetField(FieldOptions).Data optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options))) flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags))) // Check refuse private PM option if optBitmap.Bit(UserOptRefusePM) == 1 { flagBitmap.SetBit(flagBitmap, UserFlagRefusePM, 1) binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) } // Check refuse private chat option if optBitmap.Bit(UserOptRefuseChat) == 1 { flagBitmap.SetBit(flagBitmap, UserFlagRefusePChat, 1) binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) } // Check auto response if optBitmap.Bit(UserOptAutoResponse) == 1 { cc.AutoReply = t.GetField(FieldAutomaticResponse).Data } else { cc.AutoReply = []byte{} } trans := cc.notifyOthers( *NewTransaction( TranNotifyChangeUser, nil, NewField(FieldUserName, cc.UserName), NewField(FieldUserID, *cc.ID), NewField(FieldUserIconID, cc.Icon), NewField(FieldUserFlags, cc.Flags), ), ) res = append(res, trans...) if cc.Server.Config.BannerFile != "" { res = append(res, *NewTransaction(TranServerBanner, cc.ID, NewField(FieldBannerType, []byte("JPEG")))) } res = append(res, cc.NewReply(t)) return res, err } // HandleTranOldPostNews updates the flat news // Fields used in this request: // 101 Data func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessNewsPostArt) { res = append(res, cc.NewErrReply(t, "You are not allowed to post news.")) return res, err } cc.Server.flatNewsMux.Lock() defer cc.Server.flatNewsMux.Unlock() newsDateTemplate := defaultNewsDateFormat if cc.Server.Config.NewsDateFormat != "" { newsDateTemplate = cc.Server.Config.NewsDateFormat } newsTemplate := defaultNewsTemplate if cc.Server.Config.NewsDelimiter != "" { newsTemplate = cc.Server.Config.NewsDelimiter } newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(FieldData).Data) newsPost = strings.ReplaceAll(newsPost, "\n", "\r") // update news in memory cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...) // update news on disk if err := cc.Server.FS.WriteFile(filepath.Join(cc.Server.ConfigDir, "MessageBoard.txt"), cc.Server.FlatNews, 0644); err != nil { return res, err } // Notify all clients of updated news cc.sendAll( TranNewMsg, NewField(FieldData, []byte(newsPost)), ) res = append(res, cc.NewReply(t)) return res, err } func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessDisconUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to disconnect users.")) return res, err } clientConn := cc.Server.Clients[binary.BigEndian.Uint16(t.GetField(FieldUserID).Data)] if clientConn.Authorize(accessCannotBeDiscon) { res = append(res, cc.NewErrReply(t, clientConn.Account.Login+" is not allowed to be disconnected.")) return res, err } // If FieldOptions is set, then the client IP is banned in addition to disconnected. // 00 01 = temporary ban // 00 02 = permanent ban if t.GetField(FieldOptions).Data != nil { switch t.GetField(FieldOptions).Data[1] { case 1: // send message: "You are temporarily banned on this server" cc.logger.Info("Disconnect & temporarily ban " + string(clientConn.UserName)) res = append(res, *NewTransaction( TranServerMsg, clientConn.ID, NewField(FieldData, []byte("You are temporarily banned on this server")), NewField(FieldChatOptions, []byte{0, 0}), )) banUntil := time.Now().Add(tempBanDuration) cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = &banUntil case 2: // send message: "You are permanently banned on this server" cc.logger.Info("Disconnect & ban " + string(clientConn.UserName)) res = append(res, *NewTransaction( TranServerMsg, clientConn.ID, NewField(FieldData, []byte("You are permanently banned on this server")), NewField(FieldChatOptions, []byte{0, 0}), )) cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = nil } err := cc.Server.writeBanList() if err != nil { return res, err } } // TODO: remove this awful hack go func() { time.Sleep(1 * time.Second) clientConn.Disconnect() }() return append(res, cc.NewReply(t)), err } // HandleGetNewsCatNameList returns a list of news categories for a path // Fields used in the request: // 325 News path (Optional) func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessNewsReadArt) { res = append(res, cc.NewErrReply(t, "You are not allowed to read news.")) return res, err } pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data) cats := cc.Server.GetNewsCatByPath(pathStrs) // To store the keys in slice in sorted order keys := make([]string, len(cats)) i := 0 for k := range cats { keys[i] = k i++ } sort.Strings(keys) var fieldData []Field for _, k := range keys { cat := cats[k] b, _ := cat.MarshalBinary() fieldData = append(fieldData, NewField( FieldNewsCatListData15, b, )) } res = append(res, cc.NewReply(t, fieldData...)) return res, err } func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessNewsCreateCat) { res = append(res, cc.NewErrReply(t, "You are not allowed to create news categories.")) return res, err } name := string(t.GetField(FieldNewsCatName).Data) pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data) cats := cc.Server.GetNewsCatByPath(pathStrs) cats[name] = NewsCategoryListData15{ Name: name, Type: [2]byte{0, 3}, Articles: map[uint32]*NewsArtData{}, SubCats: make(map[string]NewsCategoryListData15), } if err := cc.Server.writeThreadedNews(); err != nil { return res, err } res = append(res, cc.NewReply(t)) return res, err } // Fields used in the request: // 322 News category Name // 325 News path func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessNewsCreateFldr) { res = append(res, cc.NewErrReply(t, "You are not allowed to create news folders.")) return res, err } name := string(t.GetField(FieldFileName).Data) pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data) cats := cc.Server.GetNewsCatByPath(pathStrs) cats[name] = NewsCategoryListData15{ Name: name, Type: [2]byte{0, 2}, Articles: map[uint32]*NewsArtData{}, SubCats: make(map[string]NewsCategoryListData15), } if err := cc.Server.writeThreadedNews(); err != nil { return res, err } res = append(res, cc.NewReply(t)) return res, err } // HandleGetNewsArtData gets the list of article names at the specified news path. // Fields used in the request: // 325 News path Optional // Fields used in the reply: // 321 News article list data Optional func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessNewsReadArt) { res = append(res, cc.NewErrReply(t, "You are not allowed to read news.")) return res, nil } pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data) var cat NewsCategoryListData15 cats := cc.Server.ThreadedNews.Categories for _, fp := range pathStrs { cat = cats[fp] cats = cats[fp].SubCats } nald := cat.GetNewsArtListData() b, err := io.ReadAll(&nald) if err != nil { return res, fmt.Errorf("error loading news articles: %w", err) } res = append(res, cc.NewReply(t, NewField(FieldNewsArtListData, b))) return res, nil } // HandleGetNewsArtData requests information about the specific news article. // Fields used in the request: // // Request fields // 325 News path // 326 News article ID // 327 News article data flavor // // Fields used in the reply: // 328 News article title // 329 News article poster // 330 News article date // 331 Previous article ID // 332 Next article ID // 335 Parent article ID // 336 First child article ID // 327 News article data flavor "Should be “text/plain” // 333 News article data Optional (if data flavor is “text/plain”) func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessNewsReadArt) { res = append(res, cc.NewErrReply(t, "You are not allowed to read news.")) return res, err } var cat NewsCategoryListData15 cats := cc.Server.ThreadedNews.Categories for _, fp := range ReadNewsPath(t.GetField(FieldNewsPath).Data) { cat = cats[fp] cats = cats[fp].SubCats } // The official Hotline clients will send the article ID as 2 bytes if possible, but // some third party clients such as Frogblast and Heildrun will always send 4 bytes convertedID, err := byteToInt(t.GetField(FieldNewsArtID).Data) if err != nil { return res, err } art := cat.Articles[uint32(convertedID)] if art == nil { res = append(res, cc.NewReply(t)) return res, err } res = append(res, cc.NewReply(t, NewField(FieldNewsArtTitle, []byte(art.Title)), NewField(FieldNewsArtPoster, []byte(art.Poster)), NewField(FieldNewsArtDate, art.Date[:]), NewField(FieldNewsArtPrevArt, art.PrevArt[:]), NewField(FieldNewsArtNextArt, art.NextArt[:]), NewField(FieldNewsArtParentArt, art.ParentArt[:]), NewField(FieldNewsArt1stChildArt, art.FirstChildArt[:]), NewField(FieldNewsArtDataFlav, []byte("text/plain")), NewField(FieldNewsArtData, []byte(art.Data)), )) return res, err } // HandleDelNewsItem deletes an existing threaded news folder or category from the server. // Fields used in the request: // 325 News path // Fields used in the reply: // None func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err error) { pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data) cats := cc.Server.ThreadedNews.Categories delName := pathStrs[len(pathStrs)-1] if len(pathStrs) > 1 { for _, fp := range pathStrs[0 : len(pathStrs)-1] { cats = cats[fp].SubCats } } if cats[delName].Type == [2]byte{0, 3} { if !cc.Authorize(accessNewsDeleteCat) { return append(res, cc.NewErrReply(t, "You are not allowed to delete news categories.")), nil } } else { if !cc.Authorize(accessNewsDeleteFldr) { return append(res, cc.NewErrReply(t, "You are not allowed to delete news folders.")), nil } } delete(cats, delName) if err := cc.Server.writeThreadedNews(); err != nil { return res, err } return append(res, cc.NewReply(t)), nil } func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessNewsDeleteArt) { res = append(res, cc.NewErrReply(t, "You are not allowed to delete news articles.")) return res, err } // Request Fields // 325 News path // 326 News article ID // 337 News article – recursive delete Delete child articles (1) or not (0) pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data) ID, err := byteToInt(t.GetField(FieldNewsArtID).Data) if err != nil { return res, err } // TODO: Delete recursive cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1]) catName := pathStrs[len(pathStrs)-1] cat := cats[catName] delete(cat.Articles, uint32(ID)) cats[catName] = cat if err := cc.Server.writeThreadedNews(); err != nil { return res, err } res = append(res, cc.NewReply(t)) return res, err } // Request fields // 325 News path // 326 News article ID ID of the parent article? // 328 News article title // 334 News article flags // 327 News article data flavor Currently “text/plain” // 333 News article data func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessNewsPostArt) { res = append(res, cc.NewErrReply(t, "You are not allowed to post news articles.")) return res, err } pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data) cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1]) catName := pathStrs[len(pathStrs)-1] cat := cats[catName] artID, err := byteToInt(t.GetField(FieldNewsArtID).Data) if err != nil { return res, err } convertedArtID := uint32(artID) bs := make([]byte, 4) binary.BigEndian.PutUint32(bs, convertedArtID) cc.Server.mux.Lock() defer cc.Server.mux.Unlock() newArt := NewsArtData{ Title: string(t.GetField(FieldNewsArtTitle).Data), Poster: string(cc.UserName), Date: toHotlineTime(time.Now()), PrevArt: [4]byte{}, NextArt: [4]byte{}, ParentArt: [4]byte(bs), FirstChildArt: [4]byte{}, DataFlav: []byte("text/plain"), Data: string(t.GetField(FieldNewsArtData).Data), } var keys []int for k := range cat.Articles { keys = append(keys, int(k)) } nextID := uint32(1) if len(keys) > 0 { sort.Ints(keys) prevID := uint32(keys[len(keys)-1]) nextID = prevID + 1 binary.BigEndian.PutUint32(newArt.PrevArt[:], prevID) // Set next article ID binary.BigEndian.PutUint32(cat.Articles[prevID].NextArt[:], nextID) } // Update parent article with first child reply parentID := convertedArtID if parentID != 0 { parentArt := cat.Articles[parentID] if parentArt.FirstChildArt == [4]byte{0, 0, 0, 0} { binary.BigEndian.PutUint32(parentArt.FirstChildArt[:], nextID) } } cat.Articles[nextID] = &newArt cats[catName] = cat if err := cc.Server.writeThreadedNews(); err != nil { return res, err } res = append(res, cc.NewReply(t)) return res, err } // HandleGetMsgs returns the flat news data func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessNewsReadArt) { res = append(res, cc.NewErrReply(t, "You are not allowed to read news.")) return res, err } res = append(res, cc.NewReply(t, NewField(FieldData, cc.Server.FlatNews))) return res, err } func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessDownloadFile) { res = append(res, cc.NewErrReply(t, "You are not allowed to download files.")) return res, err } fileName := t.GetField(FieldFileName).Data filePath := t.GetField(FieldFilePath).Data resumeData := t.GetField(FieldFileResumeData).Data var dataOffset int64 var frd FileResumeData if resumeData != nil { if err := frd.UnmarshalBinary(t.GetField(FieldFileResumeData).Data); err != nil { return res, err } // TODO: handle rsrc fork offset dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:])) } fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) if err != nil { return res, err } hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, dataOffset) if err != nil { return res, err } xferSize := hlFile.ffo.TransferSize(0) ft := cc.newFileTransfer(FileDownload, fileName, filePath, xferSize) // TODO: refactor to remove this if resumeData != nil { var frd FileResumeData if err := frd.UnmarshalBinary(t.GetField(FieldFileResumeData).Data); err != nil { return res, err } ft.fileResumeData = &frd } // Optional field for when a HL v1.5+ client requests file preview // Used only for TEXT, JPEG, GIFF, BMP or PICT files // The value will always be 2 if t.GetField(FieldFileTransferOptions).Data != nil { ft.options = t.GetField(FieldFileTransferOptions).Data xferSize = hlFile.ffo.FlatFileDataForkHeader.DataSize[:] } res = append(res, cc.NewReply(t, NewField(FieldRefNum, ft.refNum[:]), NewField(FieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count NewField(FieldTransferSize, xferSize), NewField(FieldFileSize, hlFile.ffo.FlatFileDataForkHeader.DataSize[:]), )) return res, err } // Download all files from the specified folder and sub-folders func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessDownloadFile) { res = append(res, cc.NewErrReply(t, "You are not allowed to download folders.")) return res, err } fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFilePath).Data, t.GetField(FieldFileName).Data) if err != nil { return res, err } transferSize, err := CalcTotalSize(fullFilePath) if err != nil { return res, err } itemCount, err := CalcItemCount(fullFilePath) if err != nil { return res, err } fileTransfer := cc.newFileTransfer(FolderDownload, t.GetField(FieldFileName).Data, t.GetField(FieldFilePath).Data, transferSize) var fp FilePath _, err = fp.Write(t.GetField(FieldFilePath).Data) if err != nil { return res, err } res = append(res, cc.NewReply(t, NewField(FieldRefNum, fileTransfer.ReferenceNumber), NewField(FieldTransferSize, transferSize), NewField(FieldFolderItemCount, itemCount), NewField(FieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count )) return res, err } // Upload all files from the local folder and its subfolders to the specified path on the server // Fields used in the request // 201 File Name // 202 File path // 108 transfer size Total size of all items in the folder // 220 Folder item count // 204 File transfer options "Optional Currently set to 1" (TODO: ??) func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) { var fp FilePath if t.GetField(FieldFilePath).Data != nil { if _, err = fp.Write(t.GetField(FieldFilePath).Data); err != nil { return res, err } } // Handle special cases for Upload and Drop Box folders if !cc.Authorize(accessUploadAnywhere) { if !fp.IsUploadDir() && !fp.IsDropbox() { res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(FieldFileName).Data)))) return res, err } } fileTransfer := cc.newFileTransfer(FolderUpload, t.GetField(FieldFileName).Data, t.GetField(FieldFilePath).Data, t.GetField(FieldTransferSize).Data, ) fileTransfer.FolderItemCount = t.GetField(FieldFolderItemCount).Data res = append(res, cc.NewReply(t, NewField(FieldRefNum, fileTransfer.ReferenceNumber))) return res, err } // HandleUploadFile // Fields used in the request: // 201 File Name // 202 File path // 204 File transfer options "Optional // Used only to resume download, currently has value 2" // 108 File transfer size "Optional used if download is not resumed" func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessUploadFile) { res = append(res, cc.NewErrReply(t, "You are not allowed to upload files.")) return res, err } fileName := t.GetField(FieldFileName).Data filePath := t.GetField(FieldFilePath).Data transferOptions := t.GetField(FieldFileTransferOptions).Data transferSize := t.GetField(FieldTransferSize).Data // not sent for resume var fp FilePath if filePath != nil { if _, err = fp.Write(filePath); err != nil { return res, err } } // Handle special cases for Upload and Drop Box folders if !cc.Authorize(accessUploadAnywhere) { if !fp.IsUploadDir() && !fp.IsDropbox() { res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName)))) return res, err } } fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) if err != nil { return res, err } if _, err := cc.Server.FS.Stat(fullFilePath); err == nil { res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload because there is already a file named \"%v\". Try choosing a different Name.", string(fileName)))) return res, err } ft := cc.newFileTransfer(FileUpload, fileName, filePath, transferSize) replyT := cc.NewReply(t, NewField(FieldRefNum, ft.ReferenceNumber)) // client has requested to resume a partially transferred file if transferOptions != nil { fileInfo, err := cc.Server.FS.Stat(fullFilePath + incompleteFileSuffix) if err != nil { return res, err } offset := make([]byte, 4) binary.BigEndian.PutUint32(offset, uint32(fileInfo.Size())) fileResumeData := NewFileResumeData([]ForkInfoList{ *NewForkInfoList(offset), }) b, _ := fileResumeData.BinaryMarshal() ft.TransferSize = offset replyT.Fields = append(replyT.Fields, NewField(FieldFileResumeData, b)) } res = append(res, replyT) return res, err } func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if len(t.GetField(FieldUserIconID).Data) == 4 { cc.Icon = t.GetField(FieldUserIconID).Data[2:] } else { cc.Icon = t.GetField(FieldUserIconID).Data } if cc.Authorize(accessAnyName) { cc.UserName = t.GetField(FieldUserName).Data } // the options field is only passed by the client versions > 1.2.3. options := t.GetField(FieldOptions).Data if options != nil { optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options))) flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags))) flagBitmap.SetBit(flagBitmap, UserFlagRefusePM, optBitmap.Bit(UserOptRefusePM)) binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) flagBitmap.SetBit(flagBitmap, UserFlagRefusePChat, optBitmap.Bit(UserOptRefuseChat)) binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) // Check auto response if optBitmap.Bit(UserOptAutoResponse) == 1 { cc.AutoReply = t.GetField(FieldAutomaticResponse).Data } else { cc.AutoReply = []byte{} } } for _, c := range sortedClients(cc.Server.Clients) { res = append(res, *NewTransaction( TranNotifyChangeUser, c.ID, NewField(FieldUserID, *cc.ID), NewField(FieldUserIconID, cc.Icon), NewField(FieldUserFlags, cc.Flags), NewField(FieldUserName, cc.UserName), )) } return res, err } // HandleKeepAlive responds to keepalive transactions with an empty reply // * HL 1.9.2 Client sends keepalive msg every 3 minutes // * HL 1.2.3 Client doesn't send keepalives func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err error) { res = append(res, cc.NewReply(t)) return res, err } func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) { fullPath, err := readPath( cc.Server.Config.FileRoot, t.GetField(FieldFilePath).Data, nil, ) if err != nil { return res, fmt.Errorf("error reading file path: %w", err) } var fp FilePath if t.GetField(FieldFilePath).Data != nil { if _, err = fp.Write(t.GetField(FieldFilePath).Data); err != nil { return res, fmt.Errorf("error writing file path: %w", err) } } // Handle special case for drop box folders if fp.IsDropbox() && !cc.Authorize(accessViewDropBoxes) { res = append(res, cc.NewErrReply(t, "You are not allowed to view drop boxes.")) return res, err } fileNames, err := getFileNameList(fullPath, cc.Server.Config.IgnoreFiles) if err != nil { return res, fmt.Errorf("getFileNameList: %w", err) } res = append(res, cc.NewReply(t, fileNames...)) return res, err } // ================================= // Hotline private chat flow // ================================= // 1. ClientA sends TranInviteNewChat to server with user ID to invite // 2. Server creates new ChatID // 3. Server sends TranInviteToChat to invitee // 4. Server replies to ClientA with new Chat ID // // A dialog box pops up in the invitee client with options to accept or decline the invitation. // If Accepted is clicked: // 1. ClientB sends TranJoinChat with FieldChatID // HandleInviteNewChat invites users to new private chat func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessOpenChat) { res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat.")) return res, err } // Client to Invite targetID := t.GetField(FieldUserID).Data newChatID := cc.Server.NewPrivateChat(cc) // Check if target user has "Refuse private chat" flag binary.BigEndian.Uint16(targetID) targetClient := cc.Server.Clients[binary.BigEndian.Uint16(targetID)] flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(targetClient.Flags))) if flagBitmap.Bit(UserFlagRefusePChat) == 1 { res = append(res, *NewTransaction( TranServerMsg, cc.ID, NewField(FieldData, []byte(string(targetClient.UserName)+" does not accept private chats.")), NewField(FieldUserName, targetClient.UserName), NewField(FieldUserID, *targetClient.ID), NewField(FieldOptions, []byte{0, 2}), ), ) } else { res = append(res, *NewTransaction( TranInviteToChat, &targetID, NewField(FieldChatID, newChatID), NewField(FieldUserName, cc.UserName), NewField(FieldUserID, *cc.ID), ), ) } res = append(res, cc.NewReply(t, NewField(FieldChatID, newChatID), NewField(FieldUserName, cc.UserName), NewField(FieldUserID, *cc.ID), NewField(FieldUserIconID, cc.Icon), NewField(FieldUserFlags, cc.Flags), ), ) return res, err } func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessOpenChat) { res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat.")) return res, err } // Client to Invite targetID := t.GetField(FieldUserID).Data chatID := t.GetField(FieldChatID).Data res = append(res, *NewTransaction( TranInviteToChat, &targetID, NewField(FieldChatID, chatID), NewField(FieldUserName, cc.UserName), NewField(FieldUserID, *cc.ID), ), ) res = append(res, cc.NewReply( t, NewField(FieldChatID, chatID), NewField(FieldUserName, cc.UserName), NewField(FieldUserID, *cc.ID), NewField(FieldUserIconID, cc.Icon), NewField(FieldUserFlags, cc.Flags), ), ) return res, err } func HandleRejectChatInvite(cc *ClientConn, t *Transaction) (res []Transaction, err error) { chatID := t.GetField(FieldChatID).Data chatInt := binary.BigEndian.Uint32(chatID) privChat := cc.Server.PrivateChats[chatInt] resMsg := append(cc.UserName, []byte(" declined invitation to chat")...) for _, c := range sortedClients(privChat.ClientConn) { res = append(res, *NewTransaction( TranChatMsg, c.ID, NewField(FieldChatID, chatID), NewField(FieldData, resMsg), ), ) } return res, err } // HandleJoinChat is sent from a v1.8+ Hotline client when the joins a private chat // Fields used in the reply: // * 115 Chat subject // * 300 User Name with info (Optional) // * 300 (more user names with info) func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) { chatID := t.GetField(FieldChatID).Data chatInt := binary.BigEndian.Uint32(chatID) privChat := cc.Server.PrivateChats[chatInt] // Send TranNotifyChatChangeUser to current members of the chat to inform of new user for _, c := range sortedClients(privChat.ClientConn) { res = append(res, *NewTransaction( TranNotifyChatChangeUser, c.ID, NewField(FieldChatID, chatID), NewField(FieldUserName, cc.UserName), NewField(FieldUserID, *cc.ID), NewField(FieldUserIconID, cc.Icon), NewField(FieldUserFlags, cc.Flags), ), ) } privChat.ClientConn[cc.uint16ID()] = cc replyFields := []Field{NewField(FieldChatSubject, []byte(privChat.Subject))} for _, c := range sortedClients(privChat.ClientConn) { b, err := io.ReadAll(&User{ ID: *c.ID, Icon: c.Icon, Flags: c.Flags, Name: string(c.UserName), }) if err != nil { return res, nil } replyFields = append(replyFields, NewField(FieldUsernameWithInfo, b)) } res = append(res, cc.NewReply(t, replyFields...)) return res, err } // HandleLeaveChat is sent from a v1.8+ Hotline client when the user exits a private chat // Fields used in the request: // - 114 FieldChatID // // Reply is not expected. func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) { chatID := t.GetField(FieldChatID).Data chatInt := binary.BigEndian.Uint32(chatID) privChat, ok := cc.Server.PrivateChats[chatInt] if !ok { return res, nil } delete(privChat.ClientConn, cc.uint16ID()) // Notify members of the private chat that the user has left for _, c := range sortedClients(privChat.ClientConn) { res = append(res, *NewTransaction( TranNotifyChatDeleteUser, c.ID, NewField(FieldChatID, chatID), NewField(FieldUserID, *cc.ID), ), ) } return res, err } // HandleSetChatSubject is sent from a v1.8+ Hotline client when the user sets a private chat subject // Fields used in the request: // * 114 Chat ID // * 115 Chat subject // Reply is not expected. func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, err error) { chatID := t.GetField(FieldChatID).Data chatInt := binary.BigEndian.Uint32(chatID) privChat := cc.Server.PrivateChats[chatInt] privChat.Subject = string(t.GetField(FieldChatSubject).Data) for _, c := range sortedClients(privChat.ClientConn) { res = append(res, *NewTransaction( TranNotifyChatSubject, c.ID, NewField(FieldChatID, chatID), NewField(FieldChatSubject, t.GetField(FieldChatSubject).Data), ), ) } return res, err } // HandleMakeAlias makes a file alias using the specified path. // Fields used in the request: // 201 File Name // 202 File path // 212 File new path Destination path // // Fields used in the reply: // None func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessMakeAlias) { res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases.")) return res, err } fileName := t.GetField(FieldFileName).Data filePath := t.GetField(FieldFilePath).Data fileNewPath := t.GetField(FieldFileNewPath).Data fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) if err != nil { return res, err } fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, fileNewPath, fileName) if err != nil { return res, err } cc.logger.Debug("Make alias", "src", fullFilePath, "dst", fullNewFilePath) if err := cc.Server.FS.Symlink(fullFilePath, fullNewFilePath); err != nil { res = append(res, cc.NewErrReply(t, "Error creating alias")) return res, nil } res = append(res, cc.NewReply(t)) return res, err } // HandleDownloadBanner handles requests for a new banner from the server // Fields used in the request: // None // Fields used in the reply: // 107 FieldRefNum Used later for transfer // 108 FieldTransferSize Size of data to be downloaded func HandleDownloadBanner(cc *ClientConn, t *Transaction) (res []Transaction, err error) { ft := cc.newFileTransfer(bannerDownload, []byte{}, []byte{}, make([]byte, 4)) binary.BigEndian.PutUint32(ft.TransferSize, uint32(len(cc.Server.banner))) return append(res, cc.NewReply(t, NewField(FieldRefNum, ft.refNum[:]), NewField(FieldTransferSize, ft.TransferSize), )), err }