"errors"
"fmt"
"gopkg.in/yaml.v3"
- "io/ioutil"
+ "io"
"math/big"
"os"
"path"
+ "path/filepath"
"sort"
"strings"
"time"
)
+type HandlerFunc func(*ClientConn, *Transaction) ([]Transaction, error)
+
type TransactionType struct {
- Access int // Specifies access privilege required to perform the transaction
- DenyMsg string // The error reply message when user does not have access
- Handler func(*ClientConn, *Transaction) ([]Transaction, error) // function for handling the transaction type
- Name string // Name of transaction as it will appear in logging
+ Handler HandlerFunc // function for handling the transaction type
+ Name string // Name of transaction as it will appear in logging
RequiredFields []requiredField
}
var TransactionHandlers = map[uint16]TransactionType{
// Server initiated
- tranChatMsg: {
- Name: "tranChatMsg",
+ TranChatMsg: {
+ Name: "TranChatMsg",
},
// Server initiated
- tranNotifyChangeUser: {
- Name: "tranNotifyChangeUser",
+ TranNotifyChangeUser: {
+ Name: "TranNotifyChangeUser",
},
- tranError: {
- Name: "tranError",
+ TranError: {
+ Name: "TranError",
},
- tranShowAgreement: {
- Name: "tranShowAgreement",
+ TranShowAgreement: {
+ Name: "TranShowAgreement",
},
- tranUserAccess: {
- Name: "tranUserAccess",
+ TranUserAccess: {
+ Name: "TranUserAccess",
},
- tranNotifyDeleteUser: {
- Name: "tranNotifyDeleteUser",
+ TranNotifyDeleteUser: {
+ Name: "TranNotifyDeleteUser",
},
- tranAgreed: {
- Access: accessAlwaysAllow,
- Name: "tranAgreed",
+ TranAgreed: {
+ Name: "TranAgreed",
Handler: HandleTranAgreed,
},
- tranChatSend: {
- Access: accessSendChat,
- DenyMsg: "You are not allowed to participate in chat.",
+ TranChatSend: {
+ Name: "TranChatSend",
Handler: HandleChatSend,
- Name: "tranChatSend",
RequiredFields: []requiredField{
{
- ID: fieldData,
+ ID: FieldData,
minLen: 0,
},
},
},
- tranDelNewsArt: {
- Access: accessNewsDeleteArt,
- DenyMsg: "You are not allowed to delete news articles.",
- Name: "tranDelNewsArt",
+ TranDelNewsArt: {
+ Name: "TranDelNewsArt",
Handler: HandleDelNewsArt,
},
- tranDelNewsItem: {
- Access: accessAlwaysAllow, // Granular access enforced inside the handler
- // Has multiple access flags: News Delete Folder (37) or News Delete Category (35)
- // TODO: Implement inside the handler
- Name: "tranDelNewsItem",
+ TranDelNewsItem: {
+ Name: "TranDelNewsItem",
Handler: HandleDelNewsItem,
},
- tranDeleteFile: {
- Access: accessAlwaysAllow, // Granular access enforced inside the handler
- Name: "tranDeleteFile",
+ TranDeleteFile: {
+ Name: "TranDeleteFile",
Handler: HandleDeleteFile,
},
- tranDeleteUser: {
- Access: accessDeleteUser,
- DenyMsg: "You are not allowed to delete accounts.",
- Name: "tranDeleteUser",
+ TranDeleteUser: {
+ Name: "TranDeleteUser",
Handler: HandleDeleteUser,
},
- tranDisconnectUser: {
- Access: accessDisconUser,
- DenyMsg: "You are not allowed to disconnect users.",
- Name: "tranDisconnectUser",
+ TranDisconnectUser: {
+ Name: "TranDisconnectUser",
Handler: HandleDisconnectUser,
},
- tranDownloadFile: {
- Access: accessDownloadFile,
- DenyMsg: "You are not allowed to download files.",
- Name: "tranDownloadFile",
+ TranDownloadFile: {
+ Name: "TranDownloadFile",
Handler: HandleDownloadFile,
},
- tranDownloadFldr: {
- Access: accessDownloadFile, // There is no specific access flag for folder vs file download
- DenyMsg: "You are not allowed to download files.",
- Name: "tranDownloadFldr",
+ TranDownloadFldr: {
+ Name: "TranDownloadFldr",
Handler: HandleDownloadFolder,
},
- tranGetClientInfoText: {
- Access: accessGetClientInfo,
- DenyMsg: "You are not allowed to get client info",
- Name: "tranGetClientInfoText",
- Handler: HandleGetClientConnInfoText,
+ TranGetClientInfoText: {
+ Name: "TranGetClientInfoText",
+ Handler: HandleGetClientInfoText,
},
- tranGetFileInfo: {
- Access: accessAlwaysAllow,
- Name: "tranGetFileInfo",
+ TranGetFileInfo: {
+ Name: "TranGetFileInfo",
Handler: HandleGetFileInfo,
},
- tranGetFileNameList: {
- Access: accessAlwaysAllow,
- Name: "tranGetFileNameList",
+ TranGetFileNameList: {
+ Name: "TranGetFileNameList",
Handler: HandleGetFileNameList,
},
- tranGetMsgs: {
- Access: accessNewsReadArt,
- DenyMsg: "You are not allowed to read news.",
- Name: "tranGetMsgs",
+ TranGetMsgs: {
+ Name: "TranGetMsgs",
Handler: HandleGetMsgs,
},
- tranGetNewsArtData: {
- Access: accessNewsReadArt,
- DenyMsg: "You are not allowed to read news.",
- Name: "tranGetNewsArtData",
+ TranGetNewsArtData: {
+ Name: "TranGetNewsArtData",
Handler: HandleGetNewsArtData,
},
- tranGetNewsArtNameList: {
- Access: accessNewsReadArt,
- DenyMsg: "You are not allowed to read news.",
- Name: "tranGetNewsArtNameList",
+ TranGetNewsArtNameList: {
+ Name: "TranGetNewsArtNameList",
Handler: HandleGetNewsArtNameList,
},
- tranGetNewsCatNameList: {
- Access: accessNewsReadArt,
- DenyMsg: "You are not allowed to read news.",
- Name: "tranGetNewsCatNameList",
+ TranGetNewsCatNameList: {
+ Name: "TranGetNewsCatNameList",
Handler: HandleGetNewsCatNameList,
},
- tranGetUser: {
- Access: accessOpenUser,
- DenyMsg: "You are not allowed to view accounts.",
- Name: "tranGetUser",
+ TranGetUser: {
+ Name: "TranGetUser",
Handler: HandleGetUser,
},
- tranGetUserNameList: {
- Access: accessAlwaysAllow,
+ TranGetUserNameList: {
Name: "tranHandleGetUserNameList",
Handler: HandleGetUserNameList,
},
- tranInviteNewChat: {
- Access: accessOpenChat,
- DenyMsg: "You are not allowed to request private chat.",
- Name: "tranInviteNewChat",
+ TranInviteNewChat: {
+ Name: "TranInviteNewChat",
Handler: HandleInviteNewChat,
},
- tranInviteToChat: {
- Access: accessOpenChat,
- DenyMsg: "You are not allowed to request private chat.",
- Name: "tranInviteToChat",
+ TranInviteToChat: {
+ Name: "TranInviteToChat",
Handler: HandleInviteToChat,
},
- tranJoinChat: {
- Access: accessAlwaysAllow,
- Name: "tranJoinChat",
+ TranJoinChat: {
+ Name: "TranJoinChat",
Handler: HandleJoinChat,
},
- tranKeepAlive: {
- Access: accessAlwaysAllow,
- Name: "tranKeepAlive",
+ TranKeepAlive: {
+ Name: "TranKeepAlive",
Handler: HandleKeepAlive,
},
- tranLeaveChat: {
- Access: accessAlwaysAllow,
- Name: "tranJoinChat",
+ TranLeaveChat: {
+ Name: "TranJoinChat",
Handler: HandleLeaveChat,
},
-
- tranListUsers: {
- Access: accessOpenUser,
- DenyMsg: "You are not allowed to view accounts.",
- Name: "tranListUsers",
+ TranListUsers: {
+ Name: "TranListUsers",
Handler: HandleListUsers,
},
- tranMoveFile: {
- Access: accessMoveFile,
- DenyMsg: "You are not allowed to move files.",
- Name: "tranMoveFile",
+ TranMoveFile: {
+ Name: "TranMoveFile",
Handler: HandleMoveFile,
},
- tranNewFolder: {
- Access: accessCreateFolder,
- DenyMsg: "You are not allow to create folders.",
- Name: "tranNewFolder",
+ TranNewFolder: {
+ Name: "TranNewFolder",
Handler: HandleNewFolder,
},
- tranNewNewsCat: {
- Access: accessNewsCreateCat,
- DenyMsg: "You are not allowed to create news categories.",
- Name: "tranNewNewsCat",
+ TranNewNewsCat: {
+ Name: "TranNewNewsCat",
Handler: HandleNewNewsCat,
},
- tranNewNewsFldr: {
- Access: accessNewsCreateFldr,
- DenyMsg: "You are not allowed to create news folders.",
- Name: "tranNewNewsFldr",
+ TranNewNewsFldr: {
+ Name: "TranNewNewsFldr",
Handler: HandleNewNewsFldr,
},
- tranNewUser: {
- Access: accessCreateUser,
- DenyMsg: "You are not allowed to create new accounts.",
- Name: "tranNewUser",
+ TranNewUser: {
+ Name: "TranNewUser",
Handler: HandleNewUser,
},
- tranOldPostNews: {
- Access: accessNewsPostArt,
- DenyMsg: "You are not allowed to post news.",
- Name: "tranOldPostNews",
+ TranUpdateUser: {
+ Name: "TranUpdateUser",
+ Handler: HandleUpdateUser,
+ },
+ TranOldPostNews: {
+ Name: "TranOldPostNews",
Handler: HandleTranOldPostNews,
},
- tranPostNewsArt: {
- Access: accessNewsPostArt,
- DenyMsg: "You are not allowed to post news articles.",
- Name: "tranPostNewsArt",
+ TranPostNewsArt: {
+ Name: "TranPostNewsArt",
Handler: HandlePostNewsArt,
},
- tranRejectChatInvite: {
- Access: accessAlwaysAllow,
- Name: "tranRejectChatInvite",
+ TranRejectChatInvite: {
+ Name: "TranRejectChatInvite",
Handler: HandleRejectChatInvite,
},
- tranSendInstantMsg: {
- Access: accessAlwaysAllow,
- // Access: accessSendPrivMsg,
- // DenyMsg: "You are not allowed to send private messages",
- Name: "tranSendInstantMsg",
+ TranSendInstantMsg: {
+ Name: "TranSendInstantMsg",
Handler: HandleSendInstantMsg,
RequiredFields: []requiredField{
{
- ID: fieldData,
+ ID: FieldData,
minLen: 0,
},
{
- ID: fieldUserID,
+ ID: FieldUserID,
},
},
},
- tranSetChatSubject: {
- Access: accessAlwaysAllow,
- Name: "tranSetChatSubject",
+ TranSetChatSubject: {
+ Name: "TranSetChatSubject",
Handler: HandleSetChatSubject,
},
- tranMakeFileAlias: {
- Access: accessAlwaysAllow,
- Name: "tranMakeFileAlias",
+ TranMakeFileAlias: {
+ Name: "TranMakeFileAlias",
Handler: HandleMakeAlias,
RequiredFields: []requiredField{
- {ID: fieldFileName, minLen: 1},
- {ID: fieldFilePath, minLen: 1},
- {ID: fieldFileNewPath, minLen: 1},
+ {ID: FieldFileName, minLen: 1},
+ {ID: FieldFilePath, minLen: 1},
+ {ID: FieldFileNewPath, minLen: 1},
},
},
- tranSetClientUserInfo: {
- Access: accessAlwaysAllow,
- Name: "tranSetClientUserInfo",
+ TranSetClientUserInfo: {
+ Name: "TranSetClientUserInfo",
Handler: HandleSetClientUserInfo,
},
- tranSetFileInfo: {
- Access: accessAlwaysAllow,
- Name: "tranSetFileInfo",
+ TranSetFileInfo: {
+ Name: "TranSetFileInfo",
Handler: HandleSetFileInfo,
},
- tranSetUser: {
- Access: accessModifyUser,
- DenyMsg: "You are not allowed to modify accounts.",
- Name: "tranSetUser",
+ TranSetUser: {
+ Name: "TranSetUser",
Handler: HandleSetUser,
},
- tranUploadFile: {
- Access: accessAlwaysAllow,
- Name: "tranUploadFile",
+ TranUploadFile: {
+ Name: "TranUploadFile",
Handler: HandleUploadFile,
},
- tranUploadFldr: {
- Access: accessAlwaysAllow,
- Name: "tranUploadFldr",
+ TranUploadFldr: {
+ Name: "TranUploadFldr",
Handler: HandleUploadFolder,
},
- tranUserBroadcast: {
- Access: accessBroadcast,
- DenyMsg: "You are not allowed to send broadcast messages.",
- Name: "tranUserBroadcast",
+ TranUserBroadcast: {
+ Name: "TranUserBroadcast",
Handler: HandleUserBroadcast,
},
+ TranDownloadBanner: {
+ Name: "TranDownloadBanner",
+ Handler: HandleDownloadBanner,
+ },
}
func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- if !authorize(cc.Account.Access, accessSendChat) {
+ if !cc.Authorize(accessSendChat) {
res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat."))
return res, err
}
// Truncate long usernames
trunc := fmt.Sprintf("%13s", cc.UserName)
- formattedMsg := fmt.Sprintf("\r%.14s: %s", trunc, t.GetField(fieldData).Data)
+ formattedMsg := fmt.Sprintf("\r%.14s: %s", trunc, t.GetField(FieldData).Data)
// By holding the option key, Hotline chat allows users to send /me formatted messages like:
// *** Halcyon does stuff
- // This is indicated by the presence of the optional field fieldChatOptions in the transaction payload
- if t.GetField(fieldChatOptions).Data != nil {
- formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(fieldData).Data)
+ // This is indicated by the presence of the optional field FieldChatOptions set to a value of 1.
+ // Most clients do not send this option for normal chat messages.
+ if t.GetField(FieldChatOptions).Data != nil && bytes.Equal(t.GetField(FieldChatOptions).Data, []byte{0, 1}) {
+ formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(FieldData).Data)
}
- if bytes.Equal(t.GetField(fieldData).Data, []byte("/stats")) {
- formattedMsg = strings.Replace(cc.Server.Stats.String(), "\n", "\r", -1)
- }
-
- chatID := t.GetField(fieldChatID).Data
- // a non-nil chatID indicates the message belongs to a private chat
- if chatID != nil {
+ // The ChatID field is used to identify messages as belonging to a private chat.
+ // All clients *except* Frogblast omit this field for public chat, but Frogblast sends a value of 00 00 00 00.
+ chatID := t.GetField(FieldChatID).Data
+ if chatID != nil && !bytes.Equal([]byte{0, 0, 0, 0}, chatID) {
chatInt := binary.BigEndian.Uint32(chatID)
privChat := cc.Server.PrivateChats[chatInt]
+ clients := sortedClients(privChat.ClientConn)
+
// send the message to all connected clients of the private chat
- for _, c := range privChat.ClientConn {
+ for _, c := range clients {
res = append(res, *NewTransaction(
- tranChatMsg,
+ TranChatMsg,
c.ID,
- NewField(fieldChatID, chatID),
- NewField(fieldData, []byte(formattedMsg)),
+ NewField(FieldChatID, chatID),
+ NewField(FieldData, []byte(formattedMsg)),
))
}
return res, err
for _, c := range sortedClients(cc.Server.Clients) {
// Filter out clients that do not have the read chat permission
- if authorize(c.Account.Access, accessReadChat) {
- res = append(res, *NewTransaction(tranChatMsg, c.ID, NewField(fieldData, []byte(formattedMsg))))
+ if c.Authorize(accessReadChat) {
+ res = append(res, *NewTransaction(TranChatMsg, c.ID, NewField(FieldData, []byte(formattedMsg))))
}
}
// HandleSendInstantMsg sends instant message to the user on the current server.
// Fields used in the request:
+//
// 103 User ID
// 113 Options
// One of the following values:
// Fields used in the reply:
// None
func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- msg := t.GetField(fieldData)
- ID := t.GetField(fieldUserID)
+ if !cc.Authorize(accessSendPrivMsg) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to send private messages."))
+ return res, errors.New("user is not allowed to send private messages")
+ }
+
+ msg := t.GetField(FieldData)
+ ID := t.GetField(FieldUserID)
- reply := *NewTransaction(
- tranServerMsg,
+ reply := NewTransaction(
+ TranServerMsg,
&ID.Data,
- NewField(fieldData, msg.Data),
- NewField(fieldUserName, cc.UserName),
- NewField(fieldUserID, *cc.ID),
- NewField(fieldOptions, []byte{0, 1}),
+ NewField(FieldData, msg.Data),
+ NewField(FieldUserName, cc.UserName),
+ NewField(FieldUserID, *cc.ID),
+ NewField(FieldOptions, []byte{0, 1}),
)
- // Later versions of Hotline include the original message in the fieldQuotingMsg field so
+ // Later versions of Hotline include the original message in the FieldQuotingMsg field so
// the receiving client can display both the received message and what it is in reply to
- if t.GetField(fieldQuotingMsg).Data != nil {
- reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data))
+ if t.GetField(FieldQuotingMsg).Data != nil {
+ reply.Fields = append(reply.Fields, NewField(FieldQuotingMsg, t.GetField(FieldQuotingMsg).Data))
}
- res = append(res, reply)
+ id, err := byteToInt(ID.Data)
+ if err != nil {
+ return res, errors.New("invalid client ID")
+ }
+ otherClient, ok := cc.Server.Clients[uint16(id)]
+ if !ok {
+ return res, errors.New("invalid client ID")
+ }
- id, _ := byteToInt(ID.Data)
- otherClient := cc.Server.Clients[uint16(id)]
- if otherClient == nil {
- return res, errors.New("ohno")
+ // Check if target user has "Refuse private messages" flag
+ flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags)))
+ if flagBitmap.Bit(UserFlagRefusePM) == 1 {
+ res = append(res,
+ *NewTransaction(
+ TranServerMsg,
+ cc.ID,
+ NewField(FieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")),
+ NewField(FieldUserName, otherClient.UserName),
+ NewField(FieldUserID, *otherClient.ID),
+ NewField(FieldOptions, []byte{0, 2}),
+ ),
+ )
+ } else {
+ res = append(res, *reply)
}
// Respond with auto reply if other client has it enabled
if len(otherClient.AutoReply) > 0 {
res = append(res,
*NewTransaction(
- tranServerMsg,
+ TranServerMsg,
cc.ID,
- NewField(fieldData, otherClient.AutoReply),
- NewField(fieldUserName, otherClient.UserName),
- NewField(fieldUserID, *otherClient.ID),
- NewField(fieldOptions, []byte{0, 1}),
+ NewField(FieldData, otherClient.AutoReply),
+ NewField(FieldUserName, otherClient.UserName),
+ NewField(FieldUserID, *otherClient.ID),
+ NewField(FieldOptions, []byte{0, 1}),
),
)
}
}
func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- fileName := t.GetField(fieldFileName).Data
- filePath := t.GetField(fieldFilePath).Data
+ fileName := t.GetField(FieldFileName).Data
+ filePath := t.GetField(FieldFilePath).Data
- ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
+ fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
if err != nil {
return res, err
}
- res = append(res, cc.NewReply(t,
- NewField(fieldFileName, fileName),
- NewField(fieldFileTypeString, ffo.FlatFileInformationFork.TypeSignature),
- NewField(fieldFileCreatorString, ffo.FlatFileInformationFork.CreatorSignature),
- NewField(fieldFileComment, ffo.FlatFileInformationFork.Comment),
- NewField(fieldFileType, ffo.FlatFileInformationFork.TypeSignature),
- NewField(fieldFileCreateDate, ffo.FlatFileInformationFork.CreateDate),
- NewField(fieldFileModifyDate, ffo.FlatFileInformationFork.ModifyDate),
- NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]),
- ))
+ fw, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
+ if err != nil {
+ return res, err
+ }
+
+ encodedName, err := txtEncoder.String(fw.name)
+ if err != nil {
+ return res, fmt.Errorf("invalid filepath encoding: %w", err)
+ }
+
+ fields := []Field{
+ NewField(FieldFileName, []byte(encodedName)),
+ NewField(FieldFileTypeString, fw.ffo.FlatFileInformationFork.friendlyType()),
+ NewField(FieldFileCreatorString, fw.ffo.FlatFileInformationFork.friendlyCreator()),
+ NewField(FieldFileType, fw.ffo.FlatFileInformationFork.TypeSignature),
+ NewField(FieldFileCreateDate, fw.ffo.FlatFileInformationFork.CreateDate),
+ NewField(FieldFileModifyDate, fw.ffo.FlatFileInformationFork.ModifyDate),
+ }
+
+ // Include the optional FileComment field if there is a comment.
+ if len(fw.ffo.FlatFileInformationFork.Comment) != 0 {
+ fields = append(fields, NewField(FieldFileComment, fw.ffo.FlatFileInformationFork.Comment))
+ }
+
+ // Include the FileSize field for files.
+ if !bytes.Equal(fw.ffo.FlatFileInformationFork.TypeSignature, []byte{0x66, 0x6c, 0x64, 0x72}) {
+ fields = append(fields, NewField(FieldFileSize, fw.totalSize()))
+ }
+
+ res = append(res, cc.NewReply(t, fields...))
return res, err
}
// HandleSetFileInfo updates a file or folder name and/or comment from the Get Info window
-// TODO: Implement support for comments
// Fields used in the request:
// * 201 File name
// * 202 File path Optional
// * 210 File comment Optional
// Fields used in the reply: None
func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- fileName := t.GetField(fieldFileName).Data
- filePath := t.GetField(fieldFilePath).Data
+ fileName := t.GetField(FieldFileName).Data
+ filePath := t.GetField(FieldFilePath).Data
fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
if err != nil {
return res, err
}
- fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(fieldFileNewName).Data)
+ fi, err := cc.Server.FS.Stat(fullFilePath)
if err != nil {
- return nil, err
+ return res, err
}
- // fileComment := t.GetField(fieldFileComment).Data
- fileNewName := t.GetField(fieldFileNewName).Data
+ hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
+ if err != nil {
+ return res, err
+ }
+ if t.GetField(FieldFileComment).Data != nil {
+ switch mode := fi.Mode(); {
+ case mode.IsDir():
+ if !cc.Authorize(accessSetFolderComment) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for folders."))
+ return res, err
+ }
+ case mode.IsRegular():
+ if !cc.Authorize(accessSetFileComment) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for files."))
+ return res, err
+ }
+ }
- if fileNewName != nil {
- fi, err := FS.Stat(fullFilePath)
+ if err := hlFile.ffo.FlatFileInformationFork.setComment(t.GetField(FieldFileComment).Data); err != nil {
+ return res, err
+ }
+ w, err := hlFile.infoForkWriter()
if err != nil {
return res, err
}
+ _, err = io.Copy(w, &hlFile.ffo.FlatFileInformationFork)
+ if err != nil {
+ return res, err
+ }
+ }
+
+ fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(FieldFileNewName).Data)
+ if err != nil {
+ return nil, err
+ }
+
+ fileNewName := t.GetField(FieldFileNewName).Data
+
+ if fileNewName != nil {
switch mode := fi.Mode(); {
case mode.IsDir():
- if !authorize(cc.Account.Access, accessRenameFolder) {
+ if !cc.Authorize(accessRenameFolder) {
res = append(res, cc.NewErrReply(t, "You are not allowed to rename folders."))
return res, err
}
+ err = os.Rename(fullFilePath, fullNewFilePath)
+ if os.IsNotExist(err) {
+ res = append(res, cc.NewErrReply(t, "Cannot rename folder "+string(fileName)+" because it does not exist or cannot be found."))
+ return res, err
+ }
case mode.IsRegular():
- if !authorize(cc.Account.Access, accessRenameFile) {
+ if !cc.Authorize(accessRenameFile) {
res = append(res, cc.NewErrReply(t, "You are not allowed to rename files."))
return res, err
}
- }
+ fileDir, err := readPath(cc.Server.Config.FileRoot, filePath, []byte{})
+ if err != nil {
+ return nil, err
+ }
+ hlFile.name, err = txtDecoder.String(string(fileNewName))
+ if err != nil {
+ return res, fmt.Errorf("invalid filepath encoding: %w", err)
+ }
- err = os.Rename(fullFilePath, fullNewFilePath)
- if os.IsNotExist(err) {
- res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found."))
- return res, err
+ err = hlFile.move(fileDir)
+ if os.IsNotExist(err) {
+ res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found."))
+ return res, err
+ }
+ if err != nil {
+ return res, err
+ }
}
}
// * 202 File path
// Fields used in the reply: none
func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- fileName := t.GetField(fieldFileName).Data
- filePath := t.GetField(fieldFilePath).Data
+ fileName := t.GetField(FieldFileName).Data
+ filePath := t.GetField(FieldFilePath).Data
fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
if err != nil {
return res, err
}
- cc.Server.Logger.Debugw("Delete file", "src", fullFilePath)
+ hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
+ if err != nil {
+ return res, err
+ }
- fi, err := os.Stat(fullFilePath)
+ fi, err := hlFile.dataFile()
if err != nil {
res = append(res, cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found."))
return res, nil
}
+
switch mode := fi.Mode(); {
case mode.IsDir():
- if !authorize(cc.Account.Access, accessDeleteFolder) {
+ if !cc.Authorize(accessDeleteFolder) {
res = append(res, cc.NewErrReply(t, "You are not allowed to delete folders."))
return res, err
}
case mode.IsRegular():
- if !authorize(cc.Account.Access, accessDeleteFile) {
+ if !cc.Authorize(accessDeleteFile) {
res = append(res, cc.NewErrReply(t, "You are not allowed to delete files."))
return res, err
}
}
- if err := os.RemoveAll(fullFilePath); err != nil {
+ if err := hlFile.delete(); err != nil {
return res, err
}
// HandleMoveFile moves files or folders. Note: seemingly not documented
func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- fileName := string(t.GetField(fieldFileName).Data)
- filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
- fileNewPath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFileNewPath).Data)
+ fileName := string(t.GetField(FieldFileName).Data)
- cc.Server.Logger.Debugw("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
+ filePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFilePath).Data, t.GetField(FieldFileName).Data)
+ if err != nil {
+ return res, err
+ }
+
+ fileNewPath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFileNewPath).Data, nil)
+ if err != nil {
+ return res, err
+ }
+
+ cc.logger.Infow("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
- fp := filePath + "/" + fileName
- fi, err := os.Stat(fp)
+ hlFile, err := newFileWrapper(cc.Server.FS, filePath, 0)
if err != nil {
return res, err
}
+
+ fi, err := hlFile.dataFile()
+ if err != nil {
+ res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found."))
+ return res, err
+ }
switch mode := fi.Mode(); {
case mode.IsDir():
- if !authorize(cc.Account.Access, accessMoveFolder) {
+ if !cc.Authorize(accessMoveFolder) {
res = append(res, cc.NewErrReply(t, "You are not allowed to move folders."))
return res, err
}
case mode.IsRegular():
- if !authorize(cc.Account.Access, accessMoveFile) {
+ if !cc.Authorize(accessMoveFile) {
res = append(res, cc.NewErrReply(t, "You are not allowed to move files."))
return res, err
}
}
-
- err = os.Rename(filePath+"/"+fileName, fileNewPath+"/"+fileName)
- if os.IsNotExist(err) {
- res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found."))
+ if err := hlFile.move(fileNewPath); err != nil {
return res, err
}
- if err != nil {
- return []Transaction{}, err
- }
- // TODO: handle other possible errors; e.g. file delete fails due to file permission issue
+ // TODO: handle other possible errors; e.g. fileWrapper delete fails due to fileWrapper permission issue
res = append(res, cc.NewReply(t))
return res, err
}
func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- newFolderPath := cc.Server.Config.FileRoot
- folderName := string(t.GetField(fieldFileName).Data)
+ if !cc.Authorize(accessCreateFolder) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to create folders."))
+ return res, err
+ }
+ folderName := string(t.GetField(FieldFileName).Data)
folderName = path.Join("/", folderName)
- // fieldFilePath is only present for nested paths
- if t.GetField(fieldFilePath).Data != nil {
+ var subPath string
+
+ // FieldFilePath is only present for nested paths
+ if t.GetField(FieldFilePath).Data != nil {
var newFp FilePath
- err := newFp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
+ _, err := newFp.Write(t.GetField(FieldFilePath).Data)
if err != nil {
return nil, err
}
- newFolderPath += newFp.String()
+
+ for _, pathItem := range newFp.Items {
+ subPath = filepath.Join("/", subPath, string(pathItem.Name))
+ }
+ }
+ newFolderPath := path.Join(cc.Server.Config.FileRoot, subPath, folderName)
+ newFolderPath, err = txtDecoder.String(newFolderPath)
+ if err != nil {
+ return res, fmt.Errorf("invalid filepath encoding: %w", err)
}
- newFolderPath = path.Join(newFolderPath, folderName)
// TODO: check path and folder name lengths
- if _, err := FS.Stat(newFolderPath); !os.IsNotExist(err) {
+ if _, err := cc.Server.FS.Stat(newFolderPath); !os.IsNotExist(err) {
msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that name.", folderName)
return []Transaction{cc.NewErrReply(t, msg)}, nil
}
- // TODO: check for disallowed characters to maintain compatibility for original client
-
- if err := FS.Mkdir(newFolderPath, 0777); err != nil {
+ if err := cc.Server.FS.Mkdir(newFolderPath, 0777); err != nil {
msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName)
return []Transaction{cc.NewErrReply(t, msg)}, nil
}
}
func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- login := DecodeUserString(t.GetField(fieldUserLogin).Data)
- userName := string(t.GetField(fieldUserName).Data)
+ if !cc.Authorize(accessModifyUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
+ return res, err
+ }
+
+ login := decodeString(t.GetField(FieldUserLogin).Data)
+ userName := string(t.GetField(FieldUserName).Data)
- newAccessLvl := t.GetField(fieldUserAccess).Data
+ newAccessLvl := t.GetField(FieldUserAccess).Data
account := cc.Server.Accounts[login]
- account.Access = &newAccessLvl
+ if account == nil {
+ return append(res, cc.NewErrReply(t, "Account not found.")), nil
+ }
account.Name = userName
+ copy(account.Access[:], newAccessLvl)
// If the password field is cleared in the Hotline edit user UI, the SetUser transaction does
- // not include fieldUserPassword
- if t.GetField(fieldUserPassword).Data == nil {
+ // not include FieldUserPassword
+ if t.GetField(FieldUserPassword).Data == nil {
account.Password = hashAndSalt([]byte(""))
}
- if len(t.GetField(fieldUserPassword).Data) > 1 {
- account.Password = hashAndSalt(t.GetField(fieldUserPassword).Data)
+
+ if !bytes.Equal([]byte{0}, t.GetField(FieldUserPassword).Data) {
+ account.Password = hashAndSalt(t.GetField(FieldUserPassword).Data)
}
- file := cc.Server.ConfigDir + "Users/" + login + ".yaml"
out, err := yaml.Marshal(&account)
if err != nil {
return res, err
}
- if err := ioutil.WriteFile(file, out, 0666); err != nil {
+ if err := os.WriteFile(filepath.Join(cc.Server.ConfigDir, "Users", login+".yaml"), out, 0666); err != nil {
return res, err
}
for _, c := range cc.Server.Clients {
if c.Account.Login == login {
// Note: comment out these two lines to test server-side deny messages
- newT := NewTransaction(tranUserAccess, c.ID, NewField(fieldUserAccess, newAccessLvl))
+ newT := NewTransaction(TranUserAccess, c.ID, NewField(FieldUserAccess, newAccessLvl))
res = append(res, *newT)
- flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*c.Flags)))
- if authorize(c.Account.Access, accessDisconUser) {
- flagBitmap.SetBit(flagBitmap, userFlagAdmin, 1)
+ flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(c.Flags)))
+ if c.Authorize(accessDisconUser) {
+ flagBitmap.SetBit(flagBitmap, UserFlagAdmin, 1)
} else {
- flagBitmap.SetBit(flagBitmap, userFlagAdmin, 0)
+ flagBitmap.SetBit(flagBitmap, UserFlagAdmin, 0)
}
- binary.BigEndian.PutUint16(*c.Flags, uint16(flagBitmap.Int64()))
+ binary.BigEndian.PutUint16(c.Flags, uint16(flagBitmap.Int64()))
c.Account.Access = account.Access
cc.sendAll(
- tranNotifyChangeUser,
- NewField(fieldUserID, *c.ID),
- NewField(fieldUserFlags, *c.Flags),
- NewField(fieldUserName, c.UserName),
- NewField(fieldUserIconID, *c.Icon),
+ TranNotifyChangeUser,
+ NewField(FieldUserID, *c.ID),
+ NewField(FieldUserFlags, c.Flags),
+ NewField(FieldUserName, c.UserName),
+ NewField(FieldUserIconID, c.Icon),
)
}
}
}
func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- if !authorize(cc.Account.Access, accessOpenUser) {
+ if !cc.Authorize(accessOpenUser) {
res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
return res, err
}
- account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)]
+ account := cc.Server.Accounts[string(t.GetField(FieldUserLogin).Data)]
if account == nil {
- errorT := cc.NewErrReply(t, "Account does not exist.")
- res = append(res, errorT)
+ res = append(res, cc.NewErrReply(t, "Account does not exist."))
return res, err
}
res = append(res, cc.NewReply(t,
- NewField(fieldUserName, []byte(account.Name)),
- NewField(fieldUserLogin, negateString(t.GetField(fieldUserLogin).Data)),
- NewField(fieldUserPassword, []byte(account.Password)),
- NewField(fieldUserAccess, *account.Access),
+ NewField(FieldUserName, []byte(account.Name)),
+ NewField(FieldUserLogin, encodeString(t.GetField(FieldUserLogin).Data)),
+ NewField(FieldUserPassword, []byte(account.Password)),
+ NewField(FieldUserAccess, account.Access[:]),
))
return res, err
}
func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !cc.Authorize(accessOpenUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
+ return res, err
+ }
+
var userFields []Field
- // TODO: make order deterministic
for _, acc := range cc.Server.Accounts {
- userField := acc.MarshalBinary()
- userFields = append(userFields, NewField(fieldData, userField))
+ b, err := io.ReadAll(acc)
+ if err != nil {
+ return res, err
+ }
+
+ userFields = append(userFields, NewField(FieldData, b))
}
res = append(res, cc.NewReply(t, userFields...))
return res, err
}
+// HandleUpdateUser is used by the v1.5+ multi-user editor to perform account editing for multiple users at a time.
+// An update can be a mix of these actions:
+// * Create user
+// * Delete user
+// * Modify user (including renaming the account login)
+//
+// The Transaction sent by the client includes one data field per user that was modified. This data field in turn
+// contains another data field encoded in its payload with a varying number of sub fields depending on which action is
+// performed. This seems to be the only place in the Hotline protocol where a data field contains another data field.
+func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ for _, field := range t.Fields {
+ subFields, err := ReadFields(field.Data[0:2], field.Data[2:])
+ if err != nil {
+ return res, err
+ }
+
+ // If there's only one subfield, that indicates this is a delete operation for the login in FieldData
+ if len(subFields) == 1 {
+ if !cc.Authorize(accessDeleteUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
+ return res, err
+ }
+
+ login := decodeString(getField(FieldData, &subFields).Data)
+ cc.logger.Infow("DeleteUser", "login", login)
+
+ if err := cc.Server.DeleteUser(login); err != nil {
+ return res, err
+ }
+ continue
+ }
+
+ // login of the account to update
+ var accountToUpdate, loginToRename string
+
+ // If FieldData is included, this is a rename operation where FieldData contains the login of the existing
+ // account and FieldUserLogin contains the new login.
+ if getField(FieldData, &subFields) != nil {
+ loginToRename = decodeString(getField(FieldData, &subFields).Data)
+ }
+ userLogin := decodeString(getField(FieldUserLogin, &subFields).Data)
+ if loginToRename != "" {
+ accountToUpdate = loginToRename
+ } else {
+ accountToUpdate = userLogin
+ }
+
+ // Check if accountToUpdate has an existing account. If so, we know we are updating an existing user.
+ if acc, ok := cc.Server.Accounts[accountToUpdate]; ok {
+ if loginToRename != "" {
+ cc.logger.Infow("RenameUser", "prevLogin", accountToUpdate, "newLogin", userLogin)
+ } else {
+ cc.logger.Infow("UpdateUser", "login", accountToUpdate)
+ }
+
+ // account exists, so this is an update action
+ if !cc.Authorize(accessModifyUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
+ return res, nil
+ }
+
+ // This part is a bit tricky. There are three possibilities:
+ // 1) The transaction is intended to update the password.
+ // In this case, FieldUserPassword is sent with the new password.
+ // 2) The transaction is intended to remove the password.
+ // In this case, FieldUserPassword is not sent.
+ // 3) The transaction updates the users access bits, but not the password.
+ // In this case, FieldUserPassword is sent with zero as the only byte.
+ if getField(FieldUserPassword, &subFields) != nil {
+ newPass := getField(FieldUserPassword, &subFields).Data
+ if !bytes.Equal([]byte{0}, newPass) {
+ acc.Password = hashAndSalt(newPass)
+ }
+ } else {
+ acc.Password = hashAndSalt([]byte(""))
+ }
+
+ if getField(FieldUserAccess, &subFields) != nil {
+ copy(acc.Access[:], getField(FieldUserAccess, &subFields).Data)
+ }
+
+ err = cc.Server.UpdateUser(
+ decodeString(getField(FieldData, &subFields).Data),
+ decodeString(getField(FieldUserLogin, &subFields).Data),
+ string(getField(FieldUserName, &subFields).Data),
+ acc.Password,
+ acc.Access,
+ )
+ if err != nil {
+ return res, err
+ }
+ } else {
+ if !cc.Authorize(accessCreateUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
+ return res, nil
+ }
+
+ cc.logger.Infow("CreateUser", "login", userLogin)
+
+ newAccess := accessBitmap{}
+ copy(newAccess[:], getField(FieldUserAccess, &subFields).Data)
+
+ // Prevent account from creating new account with greater permission
+ for i := 0; i < 64; i++ {
+ if newAccess.IsSet(i) {
+ if !cc.Authorize(i) {
+ return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), nil
+ }
+ }
+ }
+
+ err = cc.Server.NewUser(userLogin, string(getField(FieldUserName, &subFields).Data), string(getField(FieldUserPassword, &subFields).Data), newAccess)
+ if err != nil {
+ return append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")), nil
+ }
+ }
+ }
+
+ res = append(res, cc.NewReply(t))
+ return res, err
+}
+
// HandleNewUser creates a new user account
func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- login := DecodeUserString(t.GetField(fieldUserLogin).Data)
+ if !cc.Authorize(accessCreateUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
+ return res, err
+ }
- // If the account already exists, reply with an error
- // TODO: make order deterministic
+ login := decodeString(t.GetField(FieldUserLogin).Data)
+
+ // If the account already dataFile, reply with an error
if _, ok := cc.Server.Accounts[login]; ok {
res = append(res, cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login."))
return res, err
}
- if err := cc.Server.NewUser(
- login,
- string(t.GetField(fieldUserName).Data),
- string(t.GetField(fieldUserPassword).Data),
- t.GetField(fieldUserAccess).Data,
- ); err != nil {
- return []Transaction{}, err
+ newAccess := accessBitmap{}
+ copy(newAccess[:], t.GetField(FieldUserAccess).Data)
+
+ // Prevent account from creating new account with greater permission
+ for i := 0; i < 64; i++ {
+ if newAccess.IsSet(i) {
+ if !cc.Authorize(i) {
+ res = append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself."))
+ return res, err
+ }
+ }
+ }
+
+ if err := cc.Server.NewUser(login, string(t.GetField(FieldUserName).Data), string(t.GetField(FieldUserPassword).Data), newAccess); err != nil {
+ res = append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login."))
+ return res, err
}
res = append(res, cc.NewReply(t))
}
func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- if !authorize(cc.Account.Access, accessDeleteUser) {
+ if !cc.Authorize(accessDeleteUser) {
res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
- return res, err
+ return res, nil
}
- // TODO: Handle case where account doesn't exist; e.g. delete race condition
- login := DecodeUserString(t.GetField(fieldUserLogin).Data)
+ login := decodeString(t.GetField(FieldUserLogin).Data)
if err := cc.Server.DeleteUser(login); err != nil {
return res, err
// HandleUserBroadcast sends an Administrator Message to all connected clients of the server
func HandleUserBroadcast(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !cc.Authorize(accessBroadcast) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to send broadcast messages."))
+ return res, err
+ }
+
cc.sendAll(
- tranServerMsg,
- NewField(fieldData, t.GetField(tranGetMsgs).Data),
- NewField(fieldChatOptions, []byte{0}),
+ TranServerMsg,
+ NewField(FieldData, t.GetField(TranGetMsgs).Data),
+ NewField(FieldChatOptions, []byte{0}),
)
res = append(res, cc.NewReply(t))
return res, err
}
-func byteToInt(bytes []byte) (int, error) {
- switch len(bytes) {
- case 2:
- return int(binary.BigEndian.Uint16(bytes)), nil
- case 4:
- return int(binary.BigEndian.Uint32(bytes)), nil
+// HandleGetClientInfoText returns user information for the specific user.
+//
+// Fields used in the request:
+// 103 User ID
+//
+// Fields used in the reply:
+// 102 User name
+// 101 Data User info text string
+func HandleGetClientInfoText(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !cc.Authorize(accessGetClientInfo) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to get client info."))
+ return res, err
}
- return 0, errors.New("unknown byte length")
-}
-
-func HandleGetClientConnInfoText(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- clientID, _ := byteToInt(t.GetField(fieldUserID).Data)
+ clientID, _ := byteToInt(t.GetField(FieldUserID).Data)
clientConn := cc.Server.Clients[uint16(clientID)]
if clientConn == nil {
- return res, errors.New("invalid client")
+ return append(res, cc.NewErrReply(t, "User not found.")), err
}
- // TODO: Implement non-hardcoded values
- template := `Nickname: %s
-Name: %s
-Account: %s
-Address: %s
-
--------- File Downloads ---------
-
-%s
-
-------- Folder Downloads --------
-
-None.
-
---------- File Uploads ----------
-
-None.
-
--------- Folder Uploads ---------
-
-None.
-
-------- Waiting Downloads -------
-
-None.
-
- `
-
- activeDownloads := clientConn.Transfers[FileDownload]
- activeDownloadList := "None."
- for _, dl := range activeDownloads {
- activeDownloadList += dl.String() + "\n"
- }
-
- template = fmt.Sprintf(
- template,
- clientConn.UserName,
- clientConn.Account.Name,
- clientConn.Account.Login,
- clientConn.Connection.RemoteAddr().String(),
- activeDownloadList,
- )
- template = strings.Replace(template, "\n", "\r", -1)
-
res = append(res, cc.NewReply(t,
- NewField(fieldData, []byte(template)),
- NewField(fieldUserName, clientConn.UserName),
+ NewField(FieldData, []byte(clientConn.String())),
+ NewField(FieldUserName, clientConn.UserName),
))
return res, err
}
}
func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- cc.Agreed = true
- cc.UserName = t.GetField(fieldUserName).Data
- *cc.Icon = t.GetField(fieldUserIconID).Data
+ if t.GetField(FieldUserName).Data != nil {
+ if cc.Authorize(accessAnyName) {
+ cc.UserName = t.GetField(FieldUserName).Data
+ } else {
+ cc.UserName = []byte(cc.Account.Name)
+ }
+ }
+
+ cc.Icon = t.GetField(FieldUserIconID).Data
+
+ cc.logger = cc.logger.With("name", string(cc.UserName))
+ cc.logger.Infow("Login successful", "clientVersion", fmt.Sprintf("%v", func() int { i, _ := byteToInt(cc.Version); return i }()))
- options := t.GetField(fieldOptions).Data
+ options := t.GetField(FieldOptions).Data
optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
- flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags)))
+ flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags)))
// Check refuse private PM option
if optBitmap.Bit(refusePM) == 1 {
- flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1)
- binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
+ flagBitmap.SetBit(flagBitmap, UserFlagRefusePM, 1)
+ binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
}
// Check refuse private chat option
if optBitmap.Bit(refuseChat) == 1 {
- flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1)
- binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
+ flagBitmap.SetBit(flagBitmap, UserFlagRefusePChat, 1)
+ binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
}
// Check auto response
if optBitmap.Bit(autoResponse) == 1 {
- cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+ cc.AutoReply = t.GetField(FieldAutomaticResponse).Data
} else {
cc.AutoReply = []byte{}
}
- cc.notifyOthers(
+ trans := cc.notifyOthers(
*NewTransaction(
- tranNotifyChangeUser, nil,
- NewField(fieldUserName, cc.UserName),
- NewField(fieldUserID, *cc.ID),
- NewField(fieldUserIconID, *cc.Icon),
- NewField(fieldUserFlags, *cc.Flags),
+ TranNotifyChangeUser, nil,
+ NewField(FieldUserName, cc.UserName),
+ NewField(FieldUserID, *cc.ID),
+ NewField(FieldUserIconID, cc.Icon),
+ NewField(FieldUserFlags, cc.Flags),
),
)
+ res = append(res, trans...)
+
+ if cc.Server.Config.BannerFile != "" {
+ res = append(res, *NewTransaction(TranServerBanner, cc.ID, NewField(FieldBannerType, []byte("JPEG"))))
+ }
res = append(res, cc.NewReply(t))
return res, err
}
-const defaultNewsDateFormat = "Jan02 15:04" // Jun23 20:49
-// "Mon, 02 Jan 2006 15:04:05 MST"
-
-const defaultNewsTemplate = `From %s (%s):
-
-%s
-
-__________________________________________________________`
-
// HandleTranOldPostNews updates the flat news
// Fields used in this request:
// 101 Data
func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !cc.Authorize(accessNewsPostArt) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to post news."))
+ return res, err
+ }
+
cc.Server.flatNewsMux.Lock()
defer cc.Server.flatNewsMux.Unlock()
newsTemplate = cc.Server.Config.NewsDelimiter
}
- newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(fieldData).Data)
- newsPost = strings.Replace(newsPost, "\n", "\r", -1)
+ newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(FieldData).Data)
+ newsPost = strings.ReplaceAll(newsPost, "\n", "\r")
// update news in memory
cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...)
// update news on disk
- if err := ioutil.WriteFile(cc.Server.ConfigDir+"MessageBoard.txt", cc.Server.FlatNews, 0644); err != nil {
+ if err := cc.Server.FS.WriteFile(filepath.Join(cc.Server.ConfigDir, "MessageBoard.txt"), cc.Server.FlatNews, 0644); err != nil {
return res, err
}
// Notify all clients of updated news
cc.sendAll(
- tranNewMsg,
- NewField(fieldData, []byte(newsPost)),
+ TranNewMsg,
+ NewField(FieldData, []byte(newsPost)),
)
res = append(res, cc.NewReply(t))
}
func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- clientConn := cc.Server.Clients[binary.BigEndian.Uint16(t.GetField(fieldUserID).Data)]
+ if !cc.Authorize(accessDisconUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to disconnect users."))
+ return res, err
+ }
+
+ clientConn := cc.Server.Clients[binary.BigEndian.Uint16(t.GetField(FieldUserID).Data)]
- if authorize(clientConn.Account.Access, accessCannotBeDiscon) {
+ if clientConn.Authorize(accessCannotBeDiscon) {
res = append(res, cc.NewErrReply(t, clientConn.Account.Login+" is not allowed to be disconnected."))
return res, err
}
- if err := clientConn.Connection.Close(); err != nil {
- return res, err
+ // If FieldOptions is set, then the client IP is banned in addition to disconnected.
+ // 00 01 = temporary ban
+ // 00 02 = permanent ban
+ if t.GetField(FieldOptions).Data != nil {
+ switch t.GetField(FieldOptions).Data[1] {
+ case 1:
+ // send message: "You are temporarily banned on this server"
+ cc.logger.Infow("Disconnect & temporarily ban " + string(clientConn.UserName))
+
+ res = append(res, *NewTransaction(
+ TranServerMsg,
+ clientConn.ID,
+ NewField(FieldData, []byte("You are temporarily banned on this server")),
+ NewField(FieldChatOptions, []byte{0, 0}),
+ ))
+
+ banUntil := time.Now().Add(tempBanDuration)
+ cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = &banUntil
+ case 2:
+ // send message: "You are permanently banned on this server"
+ cc.logger.Infow("Disconnect & ban " + string(clientConn.UserName))
+
+ res = append(res, *NewTransaction(
+ TranServerMsg,
+ clientConn.ID,
+ NewField(FieldData, []byte("You are permanently banned on this server")),
+ NewField(FieldChatOptions, []byte{0, 0}),
+ ))
+
+ cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = nil
+ }
+
+ err := cc.Server.writeBanList()
+ if err != nil {
+ return res, err
+ }
}
- res = append(res, cc.NewReply(t))
- return res, err
+ // TODO: remove this awful hack
+ go func() {
+ time.Sleep(1 * time.Second)
+ clientConn.Disconnect()
+ }()
+
+ return append(res, cc.NewReply(t)), err
}
+// HandleGetNewsCatNameList returns a list of news categories for a path
+// Fields used in the request:
+// 325 News path (Optional)
func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- // Fields used in the request:
- // 325 News path (Optional)
-
- newsPath := t.GetField(fieldNewsPath).Data
- cc.Server.Logger.Infow("NewsPath: ", "np", string(newsPath))
+ if !cc.Authorize(accessNewsReadArt) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
+ return res, err
+ }
- pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+ pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
cats := cc.Server.GetNewsCatByPath(pathStrs)
// To store the keys in slice in sorted order
cat := cats[k]
b, _ := cat.MarshalBinary()
fieldData = append(fieldData, NewField(
- fieldNewsCatListData15,
+ FieldNewsCatListData15,
b,
))
}
}
func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- name := string(t.GetField(fieldNewsCatName).Data)
- pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+ if !cc.Authorize(accessNewsCreateCat) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to create news categories."))
+ return res, err
+ }
+
+ name := string(t.GetField(FieldNewsCatName).Data)
+ pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
cats := cc.Server.GetNewsCatByPath(pathStrs)
cats[name] = NewsCategoryListData15{
Name: name,
- Type: []byte{0, 3},
+ Type: [2]byte{0, 3},
Articles: map[uint32]*NewsArtData{},
SubCats: make(map[string]NewsCategoryListData15),
}
return res, err
}
+// Fields used in the request:
+// 322 News category name
+// 325 News path
func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- // Fields used in the request:
- // 322 News category name
- // 325 News path
- name := string(t.GetField(fieldFileName).Data)
- pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+ if !cc.Authorize(accessNewsCreateFldr) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to create news folders."))
+ return res, err
+ }
+
+ name := string(t.GetField(FieldFileName).Data)
+ pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
- cc.Server.Logger.Infof("Creating new news folder %s", name)
+ cc.logger.Infof("Creating new news folder %s", name)
cats := cc.Server.GetNewsCatByPath(pathStrs)
cats[name] = NewsCategoryListData15{
Name: name,
- Type: []byte{0, 2},
+ Type: [2]byte{0, 2},
Articles: map[uint32]*NewsArtData{},
SubCats: make(map[string]NewsCategoryListData15),
}
return res, err
}
+// HandleGetNewsArtData gets the list of article names at the specified news path.
+
// Fields used in the request:
// 325 News path Optional
-//
-// Reply fields:
+
+// Fields used in the reply:
// 321 News article list data Optional
func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+ if !cc.Authorize(accessNewsReadArt) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
+ return res, err
+ }
+ pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
var cat NewsCategoryListData15
cats := cc.Server.ThreadedNews.Categories
nald := cat.GetNewsArtListData()
- res = append(res, cc.NewReply(t, NewField(fieldNewsArtListData, nald.Payload())))
+ b, err := io.ReadAll(&nald)
+ if err != nil {
+
+ }
+
+ res = append(res, cc.NewReply(t, NewField(FieldNewsArtListData, b)))
return res, err
}
+// HandleGetNewsArtData requests information about the specific news article.
+// Fields used in the request:
+//
+// Request fields
+// 325 News path
+// 326 News article ID
+// 327 News article data flavor
+//
+// Fields used in the reply:
+// 328 News article title
+// 329 News article poster
+// 330 News article date
+// 331 Previous article ID
+// 332 Next article ID
+// 335 Parent article ID
+// 336 First child article ID
+// 327 News article data flavor "Should be “text/plain”
+// 333 News article data Optional (if data flavor is “text/plain”)
func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- // Request fields
- // 325 News fp
- // 326 News article ID
- // 327 News article data flavor
-
- pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+ if !cc.Authorize(accessNewsReadArt) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
+ return res, err
+ }
var cat NewsCategoryListData15
cats := cc.Server.ThreadedNews.Categories
- for _, fp := range pathStrs {
+ for _, fp := range ReadNewsPath(t.GetField(FieldNewsPath).Data) {
cat = cats[fp]
cats = cats[fp].SubCats
}
- newsArtID := t.GetField(fieldNewsArtID).Data
- convertedArtID := binary.BigEndian.Uint16(newsArtID)
+ // The official Hotline clients will send the article ID as 2 bytes if possible, but
+ // some third party clients such as Frogblast and Heildrun will always send 4 bytes
+ convertedID, err := byteToInt(t.GetField(FieldNewsArtID).Data)
+ if err != nil {
+ return res, err
+ }
- art := cat.Articles[uint32(convertedArtID)]
+ art := cat.Articles[uint32(convertedID)]
if art == nil {
res = append(res, cc.NewReply(t))
return res, err
}
- // Reply fields
- // 328 News article title
- // 329 News article poster
- // 330 News article date
- // 331 Previous article ID
- // 332 Next article ID
- // 335 Parent article ID
- // 336 First child article ID
- // 327 News article data flavor "Should be “text/plain”
- // 333 News article data Optional (if data flavor is “text/plain”)
-
res = append(res, cc.NewReply(t,
- NewField(fieldNewsArtTitle, []byte(art.Title)),
- NewField(fieldNewsArtPoster, []byte(art.Poster)),
- NewField(fieldNewsArtDate, art.Date),
- NewField(fieldNewsArtPrevArt, art.PrevArt),
- NewField(fieldNewsArtNextArt, art.NextArt),
- NewField(fieldNewsArtParentArt, art.ParentArt),
- NewField(fieldNewsArt1stChildArt, art.FirstChildArt),
- NewField(fieldNewsArtDataFlav, []byte("text/plain")),
- NewField(fieldNewsArtData, []byte(art.Data)),
+ NewField(FieldNewsArtTitle, []byte(art.Title)),
+ NewField(FieldNewsArtPoster, []byte(art.Poster)),
+ NewField(FieldNewsArtDate, art.Date),
+ NewField(FieldNewsArtPrevArt, art.PrevArt),
+ NewField(FieldNewsArtNextArt, art.NextArt),
+ NewField(FieldNewsArtParentArt, art.ParentArt),
+ NewField(FieldNewsArt1stChildArt, art.FirstChildArt),
+ NewField(FieldNewsArtDataFlav, []byte("text/plain")),
+ NewField(FieldNewsArtData, []byte(art.Data)),
))
return res, err
}
+// HandleDelNewsItem deletes an existing threaded news folder or category from the server.
+// Fields used in the request:
+// 325 News path
+// Fields used in the reply:
+// None
func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- // Access: News Delete Folder (37) or News Delete Category (35)
-
- pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
-
- // TODO: determine if path is a Folder (Bundle) or Category and check for permission
-
- cc.Server.Logger.Infof("DelNewsItem %v", pathStrs)
+ pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
cats := cc.Server.ThreadedNews.Categories
-
delName := pathStrs[len(pathStrs)-1]
if len(pathStrs) > 1 {
for _, fp := range pathStrs[0 : len(pathStrs)-1] {
}
}
+ if cats[delName].Type == [2]byte{0, 3} {
+ if !cc.Authorize(accessNewsDeleteCat) {
+ return append(res, cc.NewErrReply(t, "You are not allowed to delete news categories.")), nil
+ }
+ } else {
+ if !cc.Authorize(accessNewsDeleteFldr) {
+ return append(res, cc.NewErrReply(t, "You are not allowed to delete news folders.")), nil
+ }
+ }
+
delete(cats, delName)
- err = cc.Server.writeThreadedNews()
- if err != nil {
+ if err := cc.Server.writeThreadedNews(); err != nil {
return res, err
}
- // Reply params: none
- res = append(res, cc.NewReply(t))
-
- return res, err
+ return append(res, cc.NewReply(t)), nil
}
func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !cc.Authorize(accessNewsDeleteArt) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to delete news articles."))
+ return res, err
+ }
+
// Request Fields
// 325 News path
// 326 News article ID
// 337 News article – recursive delete Delete child articles (1) or not (0)
- pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
- ID := binary.BigEndian.Uint16(t.GetField(fieldNewsArtID).Data)
+ pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
+ ID, err := byteToInt(t.GetField(FieldNewsArtID).Data)
+ if err != nil {
+ return res, err
+ }
// TODO: Delete recursive
cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
return res, err
}
+// Request fields
+// 325 News path
+// 326 News article ID ID of the parent article?
+// 328 News article title
+// 334 News article flags
+// 327 News article data flavor Currently “text/plain”
+// 333 News article data
func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- // Request fields
- // 325 News path
- // 326 News article ID ID of the parent article?
- // 328 News article title
- // 334 News article flags
- // 327 News article data flavor Currently “text/plain”
- // 333 News article data
+ if !cc.Authorize(accessNewsPostArt) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to post news articles."))
+ return res, err
+ }
- pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+ pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
catName := pathStrs[len(pathStrs)-1]
cat := cats[catName]
+ artID, err := byteToInt(t.GetField(FieldNewsArtID).Data)
+ if err != nil {
+ return res, err
+ }
+ convertedArtID := uint32(artID)
+ bs := make([]byte, 4)
+ binary.BigEndian.PutUint32(bs, convertedArtID)
+
newArt := NewsArtData{
- Title: string(t.GetField(fieldNewsArtTitle).Data),
+ Title: string(t.GetField(FieldNewsArtTitle).Data),
Poster: string(cc.UserName),
Date: toHotlineTime(time.Now()),
PrevArt: []byte{0, 0, 0, 0},
NextArt: []byte{0, 0, 0, 0},
- ParentArt: append([]byte{0, 0}, t.GetField(fieldNewsArtID).Data...),
+ ParentArt: bs,
FirstChildArt: []byte{0, 0, 0, 0},
DataFlav: []byte("text/plain"),
- Data: string(t.GetField(fieldNewsArtData).Data),
+ Data: string(t.GetField(FieldNewsArtData).Data),
}
var keys []int
}
// Update parent article with first child reply
- parentID := binary.BigEndian.Uint16(t.GetField(fieldNewsArtID).Data)
+ parentID := convertedArtID
if parentID != 0 {
- parentArt := cat.Articles[uint32(parentID)]
+ parentArt := cat.Articles[parentID]
if bytes.Equal(parentArt.FirstChildArt, []byte{0, 0, 0, 0}) {
binary.BigEndian.PutUint32(parentArt.FirstChildArt, nextID)
// HandleGetMsgs returns the flat news data
func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- res = append(res, cc.NewReply(t, NewField(fieldData, cc.Server.FlatNews)))
+ if !cc.Authorize(accessNewsReadArt) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
+ return res, err
+ }
+
+ res = append(res, cc.NewReply(t, NewField(FieldData, cc.Server.FlatNews)))
return res, err
}
func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- fileName := t.GetField(fieldFileName).Data
- filePath := t.GetField(fieldFilePath).Data
+ if !cc.Authorize(accessDownloadFile) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to download files."))
+ return res, err
+ }
- var fp FilePath
- err = fp.UnmarshalBinary(filePath)
+ fileName := t.GetField(FieldFileName).Data
+ filePath := t.GetField(FieldFilePath).Data
+ resumeData := t.GetField(FieldFileResumeData).Data
+
+ var dataOffset int64
+ var frd FileResumeData
+ if resumeData != nil {
+ if err := frd.UnmarshalBinary(t.GetField(FieldFileResumeData).Data); err != nil {
+ return res, err
+ }
+ // TODO: handle rsrc fork offset
+ dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:]))
+ }
+
+ fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
if err != nil {
return res, err
}
- ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
+ hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, dataOffset)
if err != nil {
return res, err
}
- transactionRef := cc.Server.NewTransactionRef()
- data := binary.BigEndian.Uint32(transactionRef)
+ xferSize := hlFile.ffo.TransferSize(0)
- ft := &FileTransfer{
- FileName: fileName,
- FilePath: filePath,
- ReferenceNumber: transactionRef,
- Type: FileDownload,
+ ft := cc.newFileTransfer(FileDownload, fileName, filePath, xferSize)
+
+ // TODO: refactor to remove this
+ if resumeData != nil {
+ var frd FileResumeData
+ if err := frd.UnmarshalBinary(t.GetField(FieldFileResumeData).Data); err != nil {
+ return res, err
+ }
+ ft.fileResumeData = &frd
}
- cc.Server.FileTransfers[data] = ft
- cc.Transfers[FileDownload] = append(cc.Transfers[FileDownload], ft)
+ // Optional field for when a HL v1.5+ client requests file preview
+ // Used only for TEXT, JPEG, GIFF, BMP or PICT files
+ // The value will always be 2
+ if t.GetField(FieldFileTransferOptions).Data != nil {
+ ft.options = t.GetField(FieldFileTransferOptions).Data
+ xferSize = hlFile.ffo.FlatFileDataForkHeader.DataSize[:]
+ }
res = append(res, cc.NewReply(t,
- NewField(fieldRefNum, transactionRef),
- NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
- NewField(fieldTransferSize, ffo.TransferSize()),
- NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]),
+ NewField(FieldRefNum, ft.refNum[:]),
+ NewField(FieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
+ NewField(FieldTransferSize, xferSize),
+ NewField(FieldFileSize, hlFile.ffo.FlatFileDataForkHeader.DataSize[:]),
))
return res, err
}
// Download all files from the specified folder and sub-folders
-// response example
-//
-// 00
-// 01
-// 00 00
-// 00 00 00 11
-// 00 00 00 00
-// 00 00 00 18
-// 00 00 00 18
-//
-// 00 03
-//
-// 00 6c // transfer size
-// 00 04 // len
-// 00 0f d5 ae
-//
-// 00 dc // field Folder item count
-// 00 02 // len
-// 00 02
-//
-// 00 6b // ref number
-// 00 04 // len
-// 00 03 64 b1
func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- transactionRef := cc.Server.NewTransactionRef()
- data := binary.BigEndian.Uint32(transactionRef)
-
- fileTransfer := &FileTransfer{
- FileName: t.GetField(fieldFileName).Data,
- FilePath: t.GetField(fieldFilePath).Data,
- ReferenceNumber: transactionRef,
- Type: FolderDownload,
- }
- cc.Server.FileTransfers[data] = fileTransfer
- cc.Transfers[FolderDownload] = append(cc.Transfers[FolderDownload], fileTransfer)
-
- var fp FilePath
- err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
- if err != nil {
+ if !cc.Authorize(accessDownloadFile) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to download folders."))
return res, err
}
- fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data)
+ fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFilePath).Data, t.GetField(FieldFileName).Data)
if err != nil {
return res, err
}
if err != nil {
return res, err
}
+
+ fileTransfer := cc.newFileTransfer(FolderDownload, t.GetField(FieldFileName).Data, t.GetField(FieldFilePath).Data, transferSize)
+
+ var fp FilePath
+ _, err = fp.Write(t.GetField(FieldFilePath).Data)
+ if err != nil {
+ return res, err
+ }
+
res = append(res, cc.NewReply(t,
- NewField(fieldRefNum, transactionRef),
- NewField(fieldTransferSize, transferSize),
- NewField(fieldFolderItemCount, itemCount),
- NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
+ NewField(FieldRefNum, fileTransfer.ReferenceNumber),
+ NewField(FieldTransferSize, transferSize),
+ NewField(FieldFolderItemCount, itemCount),
+ NewField(FieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
))
return res, err
}
// 220 Folder item count
// 204 File transfer options "Optional Currently set to 1" (TODO: ??)
func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- transactionRef := cc.Server.NewTransactionRef()
- data := binary.BigEndian.Uint32(transactionRef)
-
var fp FilePath
- if t.GetField(fieldFilePath).Data != nil {
- if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+ if t.GetField(FieldFilePath).Data != nil {
+ if _, err = fp.Write(t.GetField(FieldFilePath).Data); err != nil {
return res, err
}
}
// Handle special cases for Upload and Drop Box folders
- if !authorize(cc.Account.Access, accessUploadAnywhere) {
+ if !cc.Authorize(accessUploadAnywhere) {
if !fp.IsUploadDir() && !fp.IsDropbox() {
- res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(fieldFileName).Data))))
+ res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(FieldFileName).Data))))
return res, err
}
}
- fileTransfer := &FileTransfer{
- FileName: t.GetField(fieldFileName).Data,
- FilePath: t.GetField(fieldFilePath).Data,
- ReferenceNumber: transactionRef,
- Type: FolderUpload,
- FolderItemCount: t.GetField(fieldFolderItemCount).Data,
- TransferSize: t.GetField(fieldTransferSize).Data,
- }
- cc.Server.FileTransfers[data] = fileTransfer
+ fileTransfer := cc.newFileTransfer(FolderUpload,
+ t.GetField(FieldFileName).Data,
+ t.GetField(FieldFilePath).Data,
+ t.GetField(FieldTransferSize).Data,
+ )
- res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef)))
+ fileTransfer.FolderItemCount = t.GetField(FieldFolderItemCount).Data
+
+ res = append(res, cc.NewReply(t, NewField(FieldRefNum, fileTransfer.ReferenceNumber)))
return res, err
}
// HandleUploadFile
-// Special cases:
-// * If the target directory contains "uploads" (case insensitive)
+// Fields used in the request:
+// 201 File name
+// 202 File path
+// 204 File transfer options "Optional
+// Used only to resume download, currently has value 2"
+// 108 File transfer size "Optional used if download is not resumed"
func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- if !authorize(cc.Account.Access, accessUploadFile) {
+ if !cc.Authorize(accessUploadFile) {
res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
return res, err
}
- fileName := t.GetField(fieldFileName).Data
- filePath := t.GetField(fieldFilePath).Data
+ fileName := t.GetField(FieldFileName).Data
+ filePath := t.GetField(FieldFilePath).Data
+ transferOptions := t.GetField(FieldFileTransferOptions).Data
+ transferSize := t.GetField(FieldTransferSize).Data // not sent for resume
var fp FilePath
if filePath != nil {
- if err = fp.UnmarshalBinary(filePath); err != nil {
+ if _, err = fp.Write(filePath); err != nil {
return res, err
}
}
// Handle special cases for Upload and Drop Box folders
- if !authorize(cc.Account.Access, accessUploadAnywhere) {
+ if !cc.Authorize(accessUploadAnywhere) {
if !fp.IsUploadDir() && !fp.IsDropbox() {
res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName))))
return res, err
}
}
+ fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+ if err != nil {
+ return res, err
+ }
+
+ if _, err := cc.Server.FS.Stat(fullFilePath); err == nil {
+ res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload because there is already a file named \"%v\". Try choosing a different name.", string(fileName))))
+ return res, err
+ }
- transactionRef := cc.Server.NewTransactionRef()
- data := binary.BigEndian.Uint32(transactionRef)
+ ft := cc.newFileTransfer(FileUpload, fileName, filePath, transferSize)
- cc.Server.FileTransfers[data] = &FileTransfer{
- FileName: fileName,
- FilePath: filePath,
- ReferenceNumber: transactionRef,
- Type: FileUpload,
+ replyT := cc.NewReply(t, NewField(FieldRefNum, ft.ReferenceNumber))
+
+ // client has requested to resume a partially transferred file
+ if transferOptions != nil {
+ fileInfo, err := cc.Server.FS.Stat(fullFilePath + incompleteFileSuffix)
+ if err != nil {
+ return res, err
+ }
+
+ offset := make([]byte, 4)
+ binary.BigEndian.PutUint32(offset, uint32(fileInfo.Size()))
+
+ fileResumeData := NewFileResumeData([]ForkInfoList{
+ *NewForkInfoList(offset),
+ })
+
+ b, _ := fileResumeData.BinaryMarshal()
+
+ ft.TransferSize = offset
+
+ replyT.Fields = append(replyT.Fields, NewField(FieldFileResumeData, b))
}
- res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef)))
+ res = append(res, replyT)
return res, err
}
func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- var icon []byte
- if len(t.GetField(fieldUserIconID).Data) == 4 {
- icon = t.GetField(fieldUserIconID).Data[2:]
+ if len(t.GetField(FieldUserIconID).Data) == 4 {
+ cc.Icon = t.GetField(FieldUserIconID).Data[2:]
} else {
- icon = t.GetField(fieldUserIconID).Data
+ cc.Icon = t.GetField(FieldUserIconID).Data
+ }
+ if cc.Authorize(accessAnyName) {
+ cc.UserName = t.GetField(FieldUserName).Data
}
- *cc.Icon = icon
- cc.UserName = t.GetField(fieldUserName).Data
// the options field is only passed by the client versions > 1.2.3.
- options := t.GetField(fieldOptions).Data
-
+ options := t.GetField(FieldOptions).Data
if options != nil {
optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
- flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags)))
+ flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags)))
- flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM))
- binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
+ flagBitmap.SetBit(flagBitmap, UserFlagRefusePM, optBitmap.Bit(refusePM))
+ binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
- flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat))
- binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
+ flagBitmap.SetBit(flagBitmap, UserFlagRefusePChat, optBitmap.Bit(refuseChat))
+ binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
// Check auto response
if optBitmap.Bit(autoResponse) == 1 {
- cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+ cc.AutoReply = t.GetField(FieldAutomaticResponse).Data
} else {
cc.AutoReply = []byte{}
}
}
- // Notify all clients of updated user info
- cc.sendAll(
- tranNotifyChangeUser,
- NewField(fieldUserID, *cc.ID),
- NewField(fieldUserIconID, *cc.Icon),
- NewField(fieldUserFlags, *cc.Flags),
- NewField(fieldUserName, cc.UserName),
- )
+ for _, c := range sortedClients(cc.Server.Clients) {
+ res = append(res, *NewTransaction(
+ TranNotifyChangeUser,
+ c.ID,
+ NewField(FieldUserID, *cc.ID),
+ NewField(FieldUserIconID, cc.Icon),
+ NewField(FieldUserFlags, cc.Flags),
+ NewField(FieldUserName, cc.UserName),
+ ))
+ }
return res, err
}
func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
fullPath, err := readPath(
cc.Server.Config.FileRoot,
- t.GetField(fieldFilePath).Data,
+ t.GetField(FieldFilePath).Data,
nil,
)
if err != nil {
}
var fp FilePath
- if t.GetField(fieldFilePath).Data != nil {
- if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+ if t.GetField(FieldFilePath).Data != nil {
+ if _, err = fp.Write(t.GetField(FieldFilePath).Data); err != nil {
return res, err
}
}
// Handle special case for drop box folders
- if fp.IsDropbox() && !authorize(cc.Account.Access, accessViewDropBoxes) {
- res = append(res, cc.NewReply(t))
+ if fp.IsDropbox() && !cc.Authorize(accessViewDropBoxes) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to view drop boxes."))
return res, err
}
- fileNames, err := getFileNameList(fullPath)
+ fileNames, err := getFileNameList(fullPath, cc.Server.Config.IgnoreFiles)
if err != nil {
return res, err
}
// =================================
// Hotline private chat flow
// =================================
-// 1. ClientA sends tranInviteNewChat to server with user ID to invite
+// 1. ClientA sends TranInviteNewChat to server with user ID to invite
// 2. Server creates new ChatID
-// 3. Server sends tranInviteToChat to invitee
+// 3. Server sends TranInviteToChat to invitee
// 4. Server replies to ClientA with new Chat ID
//
// A dialog box pops up in the invitee client with options to accept or decline the invitation.
// If Accepted is clicked:
-// 1. ClientB sends tranJoinChat with fieldChatID
+// 1. ClientB sends TranJoinChat with FieldChatID
// HandleInviteNewChat invites users to new private chat
func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !cc.Authorize(accessOpenChat) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat."))
+ return res, err
+ }
+
// Client to Invite
- targetID := t.GetField(fieldUserID).Data
+ targetID := t.GetField(FieldUserID).Data
newChatID := cc.Server.NewPrivateChat(cc)
- res = append(res,
- *NewTransaction(
- tranInviteToChat,
- &targetID,
- NewField(fieldChatID, newChatID),
- NewField(fieldUserName, cc.UserName),
- NewField(fieldUserID, *cc.ID),
- ),
- )
+ // Check if target user has "Refuse private chat" flag
+ binary.BigEndian.Uint16(targetID)
+ targetClient := cc.Server.Clients[binary.BigEndian.Uint16(targetID)]
+
+ flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(targetClient.Flags)))
+ if flagBitmap.Bit(UserFlagRefusePChat) == 1 {
+ res = append(res,
+ *NewTransaction(
+ TranServerMsg,
+ cc.ID,
+ NewField(FieldData, []byte(string(targetClient.UserName)+" does not accept private chats.")),
+ NewField(FieldUserName, targetClient.UserName),
+ NewField(FieldUserID, *targetClient.ID),
+ NewField(FieldOptions, []byte{0, 2}),
+ ),
+ )
+ } else {
+ res = append(res,
+ *NewTransaction(
+ TranInviteToChat,
+ &targetID,
+ NewField(FieldChatID, newChatID),
+ NewField(FieldUserName, cc.UserName),
+ NewField(FieldUserID, *cc.ID),
+ ),
+ )
+ }
res = append(res,
cc.NewReply(t,
- NewField(fieldChatID, newChatID),
- NewField(fieldUserName, cc.UserName),
- NewField(fieldUserID, *cc.ID),
- NewField(fieldUserIconID, *cc.Icon),
- NewField(fieldUserFlags, *cc.Flags),
+ NewField(FieldChatID, newChatID),
+ NewField(FieldUserName, cc.UserName),
+ NewField(FieldUserID, *cc.ID),
+ NewField(FieldUserIconID, cc.Icon),
+ NewField(FieldUserFlags, cc.Flags),
),
)
}
func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !cc.Authorize(accessOpenChat) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat."))
+ return res, err
+ }
+
// Client to Invite
- targetID := t.GetField(fieldUserID).Data
- chatID := t.GetField(fieldChatID).Data
+ targetID := t.GetField(FieldUserID).Data
+ chatID := t.GetField(FieldChatID).Data
res = append(res,
*NewTransaction(
- tranInviteToChat,
+ TranInviteToChat,
&targetID,
- NewField(fieldChatID, chatID),
- NewField(fieldUserName, cc.UserName),
- NewField(fieldUserID, *cc.ID),
+ NewField(FieldChatID, chatID),
+ NewField(FieldUserName, cc.UserName),
+ NewField(FieldUserID, *cc.ID),
),
)
res = append(res,
cc.NewReply(
t,
- NewField(fieldChatID, chatID),
- NewField(fieldUserName, cc.UserName),
- NewField(fieldUserID, *cc.ID),
- NewField(fieldUserIconID, *cc.Icon),
- NewField(fieldUserFlags, *cc.Flags),
+ NewField(FieldChatID, chatID),
+ NewField(FieldUserName, cc.UserName),
+ NewField(FieldUserID, *cc.ID),
+ NewField(FieldUserIconID, cc.Icon),
+ NewField(FieldUserFlags, cc.Flags),
),
)
}
func HandleRejectChatInvite(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- chatID := t.GetField(fieldChatID).Data
+ chatID := t.GetField(FieldChatID).Data
chatInt := binary.BigEndian.Uint32(chatID)
privChat := cc.Server.PrivateChats[chatInt]
for _, c := range sortedClients(privChat.ClientConn) {
res = append(res,
*NewTransaction(
- tranChatMsg,
+ TranChatMsg,
c.ID,
- NewField(fieldChatID, chatID),
- NewField(fieldData, resMsg),
+ NewField(FieldChatID, chatID),
+ NewField(FieldData, resMsg),
),
)
}
// * 300 User name with info (Optional)
// * 300 (more user names with info)
func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- chatID := t.GetField(fieldChatID).Data
+ chatID := t.GetField(FieldChatID).Data
chatInt := binary.BigEndian.Uint32(chatID)
privChat := cc.Server.PrivateChats[chatInt]
- // Send tranNotifyChatChangeUser to current members of the chat to inform of new user
+ // Send TranNotifyChatChangeUser to current members of the chat to inform of new user
for _, c := range sortedClients(privChat.ClientConn) {
res = append(res,
*NewTransaction(
- tranNotifyChatChangeUser,
+ TranNotifyChatChangeUser,
c.ID,
- NewField(fieldChatID, chatID),
- NewField(fieldUserName, cc.UserName),
- NewField(fieldUserID, *cc.ID),
- NewField(fieldUserIconID, *cc.Icon),
- NewField(fieldUserFlags, *cc.Flags),
+ NewField(FieldChatID, chatID),
+ NewField(FieldUserName, cc.UserName),
+ NewField(FieldUserID, *cc.ID),
+ NewField(FieldUserIconID, cc.Icon),
+ NewField(FieldUserFlags, cc.Flags),
),
)
}
privChat.ClientConn[cc.uint16ID()] = cc
- replyFields := []Field{NewField(fieldChatSubject, []byte(privChat.Subject))}
+ replyFields := []Field{NewField(FieldChatSubject, []byte(privChat.Subject))}
for _, c := range sortedClients(privChat.ClientConn) {
- user := User{
+
+ b, err := io.ReadAll(&User{
ID: *c.ID,
- Icon: *c.Icon,
- Flags: *c.Flags,
+ Icon: c.Icon,
+ Flags: c.Flags,
Name: string(c.UserName),
+ })
+ if err != nil {
+ return res, nil
}
-
- replyFields = append(replyFields, NewField(fieldUsernameWithInfo, user.Payload()))
+ replyFields = append(replyFields, NewField(FieldUsernameWithInfo, b))
}
res = append(res, cc.NewReply(t, replyFields...))
// HandleLeaveChat is sent from a v1.8+ Hotline client when the user exits a private chat
// Fields used in the request:
-// * 114 fieldChatID
+// - 114 FieldChatID
+//
// Reply is not expected.
func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- chatID := t.GetField(fieldChatID).Data
+ chatID := t.GetField(FieldChatID).Data
chatInt := binary.BigEndian.Uint32(chatID)
- privChat := cc.Server.PrivateChats[chatInt]
+ privChat, ok := cc.Server.PrivateChats[chatInt]
+ if !ok {
+ return res, nil
+ }
delete(privChat.ClientConn, cc.uint16ID())
for _, c := range sortedClients(privChat.ClientConn) {
res = append(res,
*NewTransaction(
- tranNotifyChatDeleteUser,
+ TranNotifyChatDeleteUser,
c.ID,
- NewField(fieldChatID, chatID),
- NewField(fieldUserID, *cc.ID),
+ NewField(FieldChatID, chatID),
+ NewField(FieldUserID, *cc.ID),
),
)
}
// HandleSetChatSubject is sent from a v1.8+ Hotline client when the user sets a private chat subject
// Fields used in the request:
// * 114 Chat ID
-// * 115 Chat subject Chat subject string
+// * 115 Chat subject
// Reply is not expected.
func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- chatID := t.GetField(fieldChatID).Data
+ chatID := t.GetField(FieldChatID).Data
chatInt := binary.BigEndian.Uint32(chatID)
privChat := cc.Server.PrivateChats[chatInt]
- privChat.Subject = string(t.GetField(fieldChatSubject).Data)
+ privChat.Subject = string(t.GetField(FieldChatSubject).Data)
for _, c := range sortedClients(privChat.ClientConn) {
res = append(res,
*NewTransaction(
- tranNotifyChatSubject,
+ TranNotifyChatSubject,
c.ID,
- NewField(fieldChatID, chatID),
- NewField(fieldChatSubject, t.GetField(fieldChatSubject).Data),
+ NewField(FieldChatID, chatID),
+ NewField(FieldChatSubject, t.GetField(FieldChatSubject).Data),
),
)
}
// Fields used in the reply:
// None
func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- if !authorize(cc.Account.Access, accessMakeAlias) {
+ if !cc.Authorize(accessMakeAlias) {
res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases."))
return res, err
}
- fileName := t.GetField(fieldFileName).Data
- filePath := t.GetField(fieldFilePath).Data
- fileNewPath := t.GetField(fieldFileNewPath).Data
+ fileName := t.GetField(FieldFileName).Data
+ filePath := t.GetField(FieldFilePath).Data
+ fileNewPath := t.GetField(FieldFileNewPath).Data
fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
if err != nil {
return res, err
}
- cc.Server.Logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
+ cc.logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
- if err := FS.Symlink(fullFilePath, fullNewFilePath); err != nil {
+ if err := cc.Server.FS.Symlink(fullFilePath, fullNewFilePath); err != nil {
res = append(res, cc.NewErrReply(t, "Error creating alias"))
return res, nil
}
res = append(res, cc.NewReply(t))
return res, err
}
+
+// HandleDownloadBanner handles requests for a new banner from the server
+// Fields used in the request:
+// None
+// Fields used in the reply:
+// 107 FieldRefNum Used later for transfer
+// 108 FieldTransferSize Size of data to be downloaded
+func HandleDownloadBanner(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ fi, err := cc.Server.FS.Stat(filepath.Join(cc.Server.ConfigDir, cc.Server.Config.BannerFile))
+ if err != nil {
+ return res, err
+ }
+
+ ft := cc.newFileTransfer(bannerDownload, []byte{}, []byte{}, make([]byte, 4))
+
+ binary.BigEndian.PutUint32(ft.TransferSize, uint32(fi.Size()))
+
+ res = append(res, cc.NewReply(t,
+ NewField(FieldRefNum, ft.refNum[:]),
+ NewField(FieldTransferSize, ft.TransferSize),
+ ))
+
+ return res, err
+}
git.r.bdr.sh / rbdr / mobius / blobdiff