"errors"
"fmt"
"gopkg.in/yaml.v3"
- "io/ioutil"
"math/big"
"os"
"path"
formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(fieldData).Data)
}
+ // The ChatID field is used to identify messages as belonging to a private chat.
+ // All clients *except* Frogblast omit this field for public chat, but Frogblast sends a value of 00 00 00 00.
chatID := t.GetField(fieldChatID).Data
- // a non-nil chatID indicates the message belongs to a private chat
- if chatID != nil {
+ if chatID != nil && !bytes.Equal([]byte{0, 0, 0, 0}, chatID) {
chatInt := binary.BigEndian.Uint32(chatID)
privChat := cc.Server.PrivateChats[chatInt]
reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data))
}
- res = append(res, *reply)
-
id, _ := byteToInt(ID.Data)
otherClient, ok := cc.Server.Clients[uint16(id)]
if !ok {
return res, errors.New("invalid client ID")
}
+ // Check if target user has "Refuse private messages" flag
+ flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags)))
+ if flagBitmap.Bit(userFLagRefusePChat) == 1 {
+ res = append(res,
+ *NewTransaction(
+ tranServerMsg,
+ cc.ID,
+ NewField(fieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")),
+ NewField(fieldUserName, otherClient.UserName),
+ NewField(fieldUserID, *otherClient.ID),
+ NewField(fieldOptions, []byte{0, 2}),
+ ),
+ )
+ } else {
+ res = append(res, *reply)
+ }
+
// Respond with auto reply if other client has it enabled
if len(otherClient.AutoReply) > 0 {
res = append(res,
return res, err
}
if err != nil {
- panic(err)
+ return res, err
}
}
}
newAccess := accessBitmap{}
copy(newAccess[:], getField(fieldUserAccess, &subFields).Data[:])
+ // Prevent account from creating new account with greater permission
+ for i := 0; i < 64; i++ {
+ if newAccess.IsSet(i) {
+ if !cc.Authorize(i) {
+ return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), err
+ }
+ }
+ }
+
err := cc.Server.NewUser(login, string(getField(fieldUserName, &subFields).Data), string(getField(fieldUserPassword, &subFields).Data), newAccess)
if err != nil {
return []Transaction{}, err
newAccess := accessBitmap{}
copy(newAccess[:], t.GetField(fieldUserAccess).Data[:])
+ // Prevent account from creating new account with greater permission
+ for i := 0; i < 64; i++ {
+ if newAccess.IsSet(i) {
+ if !cc.Authorize(i) {
+ res = append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself."))
+ return res, err
+ }
+ }
+ }
+
if err := cc.Server.NewUser(login, string(t.GetField(fieldUserName).Data), string(t.GetField(fieldUserPassword).Data), newAccess); err != nil {
return []Transaction{}, err
}
cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...)
// update news on disk
- if err := ioutil.WriteFile(cc.Server.ConfigDir+"MessageBoard.txt", cc.Server.FlatNews, 0644); err != nil {
+ if err := cc.Server.FS.WriteFile(filepath.Join(cc.Server.ConfigDir, "MessageBoard.txt"), cc.Server.FlatNews, 0644); err != nil {
return res, err
}
return res, err
}
+// HandleDelNewsItem deletes an existing threaded news folder or category from the server.
+// Fields used in the request:
+// 325 News path
+// Fields used in the reply:
+// None
func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- // Has multiple access flags: News Delete Folder (37) or News Delete Category (35)
- // TODO: Implement
-
pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
- // TODO: determine if path is a Folder (Bundle) or Category and check for permission
-
- cc.logger.Infof("DelNewsItem %v", pathStrs)
-
cats := cc.Server.ThreadedNews.Categories
-
delName := pathStrs[len(pathStrs)-1]
if len(pathStrs) > 1 {
for _, fp := range pathStrs[0 : len(pathStrs)-1] {
}
}
+ if bytes.Equal(cats[delName].Type, []byte{0, 3}) {
+ if !cc.Authorize(accessNewsDeleteCat) {
+ return append(res, cc.NewErrReply(t, "You are not allowed to delete news categories.")), nil
+ }
+ } else {
+ if !cc.Authorize(accessNewsDeleteFldr) {
+ return append(res, cc.NewErrReply(t, "You are not allowed to delete news folders.")), nil
+ }
+ }
+
delete(cats, delName)
- err = cc.Server.writeThreadedNews()
- if err != nil {
+ if err := cc.Server.writeThreadedNews(); err != nil {
return res, err
}
- // Reply params: none
- res = append(res, cc.NewReply(t))
-
- return res, err
+ return append(res, cc.NewReply(t)), nil
}
func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
targetID := t.GetField(fieldUserID).Data
newChatID := cc.Server.NewPrivateChat(cc)
- res = append(res,
- *NewTransaction(
- tranInviteToChat,
- &targetID,
- NewField(fieldChatID, newChatID),
- NewField(fieldUserName, cc.UserName),
- NewField(fieldUserID, *cc.ID),
- ),
- )
+ // Check if target user has "Refuse private chat" flag
+ binary.BigEndian.Uint16(targetID)
+ targetClient := cc.Server.Clients[binary.BigEndian.Uint16(targetID)]
+
+ flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(targetClient.Flags)))
+ if flagBitmap.Bit(userFLagRefusePChat) == 1 {
+ res = append(res,
+ *NewTransaction(
+ tranServerMsg,
+ cc.ID,
+ NewField(fieldData, []byte(string(targetClient.UserName)+" does not accept private chats.")),
+ NewField(fieldUserName, targetClient.UserName),
+ NewField(fieldUserID, *targetClient.ID),
+ NewField(fieldOptions, []byte{0, 2}),
+ ),
+ )
+ } else {
+ res = append(res,
+ *NewTransaction(
+ tranInviteToChat,
+ &targetID,
+ NewField(fieldChatID, newChatID),
+ NewField(fieldUserName, cc.UserName),
+ NewField(fieldUserID, *cc.ID),
+ ),
+ )
+ }
res = append(res,
cc.NewReply(t,
return res, err
}
+// HandleDownloadBanner handles requests for a new banner from the server
+// Fields used in the request:
+// None
+// Fields used in the reply:
+// 107 fieldRefNum Used later for transfer
+// 108 fieldTransferSize Size of data to be downloaded
func HandleDownloadBanner(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
fi, err := cc.Server.FS.Stat(filepath.Join(cc.Server.ConfigDir, cc.Server.Config.BannerFile))
if err != nil {
git.r.bdr.sh / rbdr / mobius / blobdiff