X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/0197c3f5f7ac92d83711d28739670cba2e018701..d1cd666473e5d9097b34bad3388c8c0595612089:/hotline/transaction_handlers.go diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go index 745cb40..4a86831 100644 --- a/hotline/transaction_handlers.go +++ b/hotline/transaction_handlers.go @@ -50,8 +50,7 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleTranAgreed, }, tranChatSend: { - Access: accessSendChat, - DenyMsg: "You are not allowed to participate in chat.", + Access: accessAlwaysAllow, Handler: HandleChatSend, Name: "tranChatSend", RequiredFields: []requiredField{ @@ -80,8 +79,7 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleDeleteFile, }, tranDeleteUser: { - Access: accessDeleteUser, - DenyMsg: "You are not allowed to delete accounts.", + Access: accessAlwaysAllow, Name: "tranDeleteUser", Handler: HandleDeleteUser, }, @@ -92,8 +90,7 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleDisconnectUser, }, tranDownloadFile: { - Access: accessDownloadFile, - DenyMsg: "You are not allowed to download files.", + Access: accessAlwaysAllow, Name: "tranDownloadFile", Handler: HandleDownloadFile, }, @@ -120,8 +117,7 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleGetFileNameList, }, tranGetMsgs: { - Access: accessNewsReadArt, - DenyMsg: "You are not allowed to read news.", + Access: accessAlwaysAllow, Name: "tranGetMsgs", Handler: HandleGetMsgs, }, @@ -144,8 +140,7 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleGetNewsCatNameList, }, tranGetUser: { - Access: accessOpenUser, - DenyMsg: "You are not allowed to view accounts.", + Access: accessAlwaysAllow, Name: "tranGetUser", Handler: HandleGetUser, }, @@ -181,10 +176,8 @@ var TransactionHandlers = map[uint16]TransactionType{ Name: "tranJoinChat", Handler: HandleLeaveChat, }, - tranListUsers: { - Access: accessOpenUser, - DenyMsg: "You are not allowed to view accounts.", + Access: accessAlwaysAllow, Name: "tranListUsers", Handler: HandleListUsers, }, @@ -213,11 +206,15 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleNewNewsFldr, }, tranNewUser: { - Access: accessCreateUser, - DenyMsg: "You are not allowed to create new accounts.", + Access: accessAlwaysAllow, Name: "tranNewUser", Handler: HandleNewUser, }, + tranUpdateUser: { + Access: accessAlwaysAllow, + Name: "tranUpdateUser", + Handler: HandleUpdateUser, + }, tranOldPostNews: { Access: accessNewsPostArt, DenyMsg: "You are not allowed to post news.", @@ -327,8 +324,10 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro chatInt := binary.BigEndian.Uint32(chatID) privChat := cc.Server.PrivateChats[chatInt] + clients := sortedClients(privChat.ClientConn) + // send the message to all connected clients of the private chat - for _, c := range privChat.ClientConn { + for _, c := range clients { res = append(res, *NewTransaction( tranChatMsg, c.ID, @@ -366,21 +365,25 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) { msg := t.GetField(fieldData) ID := t.GetField(fieldUserID) - // TODO: Implement reply quoting - // options := transaction.GetField(hotline.fieldOptions) - res = append(res, - *NewTransaction( - tranServerMsg, - &ID.Data, - NewField(fieldData, msg.Data), - NewField(fieldUserName, cc.UserName), - NewField(fieldUserID, *cc.ID), - NewField(fieldOptions, []byte{0, 1}), - ), + reply := *NewTransaction( + tranServerMsg, + &ID.Data, + NewField(fieldData, msg.Data), + NewField(fieldUserName, cc.UserName), + NewField(fieldUserID, *cc.ID), + NewField(fieldOptions, []byte{0, 1}), ) - id, _ := byteToInt(ID.Data) + // Later versions of Hotline include the original message in the fieldQuotingMsg field so + // the receiving client can display both the received message and what it is in reply to + if t.GetField(fieldQuotingMsg).Data != nil { + reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data)) + } + + res = append(res, reply) + + id, _ := byteToInt(ID.Data) otherClient := cc.Server.Clients[uint16(id)] if otherClient == nil { return res, errors.New("ohno") @@ -409,7 +412,7 @@ func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e fileName := t.GetField(fieldFileName).Data filePath := t.GetField(fieldFilePath).Data - ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName) + ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, 0) if err != nil { return res, err } @@ -617,12 +620,11 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error account.Password = hashAndSalt(t.GetField(fieldUserPassword).Data) } - file := cc.Server.ConfigDir + "Users/" + login + ".yaml" out, err := yaml.Marshal(&account) if err != nil { return res, err } - if err := ioutil.WriteFile(file, out, 0666); err != nil { + if err := os.WriteFile(cc.Server.ConfigDir+"Users/"+login+".yaml", out, 0666); err != nil { return res, err } @@ -665,8 +667,7 @@ func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)] if account == nil { - errorT := cc.NewErrReply(t, "Account does not exist.") - res = append(res, errorT) + res = append(res, cc.NewErrReply(t, "Account does not exist.")) return res, err } @@ -680,8 +681,12 @@ func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error } func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessOpenUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts.")) + return res, err + } + var userFields []Field - // TODO: make order deterministic for _, acc := range cc.Server.Accounts { userField := acc.MarshalBinary() userFields = append(userFields, NewField(fieldData, userField)) @@ -691,12 +696,104 @@ func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err err return res, err } +// HandleUpdateUser is used by the v1.5+ multi-user editor to perform account editing for multiple users at a time. +// An update can be a mix of these actions: +// * Create user +// * Delete user +// * Modify user (including renaming the account login) +// +// The Transaction sent by the client includes one data field per user that was modified. This data field in turn +// contains another data field encoded in its payload with a varying number of sub fields depending on which action is +// performed. This seems to be the only place in the Hotline protocol where a data field contains another data field. +func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + for _, field := range t.Fields { + subFields, err := ReadFields(field.Data[0:2], field.Data[2:]) + if err != nil { + return res, err + } + + if len(subFields) == 1 { + login := DecodeUserString(getField(fieldData, &subFields).Data) + cc.Server.Logger.Infow("DeleteUser", "login", login) + + if !authorize(cc.Account.Access, accessDeleteUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) + return res, err + } + + if err := cc.Server.DeleteUser(login); err != nil { + return res, err + } + continue + } + + login := DecodeUserString(getField(fieldUserLogin, &subFields).Data) + + // check if the login exists; if so, we know we are updating an existing user + if acc, ok := cc.Server.Accounts[login]; ok { + cc.Server.Logger.Infow("UpdateUser", "login", login) + + // account exists, so this is an update action + if !authorize(cc.Account.Access, accessModifyUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts.")) + return res, err + } + + if getField(fieldUserPassword, &subFields) != nil { + newPass := getField(fieldUserPassword, &subFields).Data + acc.Password = hashAndSalt(newPass) + } else { + acc.Password = hashAndSalt([]byte("")) + } + + if getField(fieldUserAccess, &subFields) != nil { + acc.Access = &getField(fieldUserAccess, &subFields).Data + } + + err = cc.Server.UpdateUser( + DecodeUserString(getField(fieldData, &subFields).Data), + DecodeUserString(getField(fieldUserLogin, &subFields).Data), + string(getField(fieldUserName, &subFields).Data), + acc.Password, + *acc.Access, + ) + if err != nil { + return res, err + } + } else { + cc.Server.Logger.Infow("CreateUser", "login", login) + + if !authorize(cc.Account.Access, accessCreateUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts.")) + return res, err + } + + err := cc.Server.NewUser( + login, + string(getField(fieldUserName, &subFields).Data), + string(getField(fieldUserPassword, &subFields).Data), + getField(fieldUserAccess, &subFields).Data, + ) + if err != nil { + return []Transaction{}, err + } + } + } + + res = append(res, cc.NewReply(t)) + return res, err +} + // HandleNewUser creates a new user account func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessCreateUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts.")) + return res, err + } + login := DecodeUserString(t.GetField(fieldUserLogin).Data) // If the account already exists, reply with an error - // TODO: make order deterministic if _, ok := cc.Server.Accounts[login]; ok { res = append(res, cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login.")) return res, err @@ -1197,22 +1294,43 @@ func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err e // HandleGetMsgs returns the flat news data func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessNewsReadArt) { + res = append(res, cc.NewErrReply(t, "You are not allowed to read news.")) + return res, err + } + res = append(res, cc.NewReply(t, NewField(fieldData, cc.Server.FlatNews))) return res, err } func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessDownloadFile) { + res = append(res, cc.NewErrReply(t, "You are not allowed to download files.")) + return res, err + } + fileName := t.GetField(fieldFileName).Data filePath := t.GetField(fieldFilePath).Data + resumeData := t.GetField(fieldFileResumeData).Data + + var dataOffset int64 + var frd FileResumeData + if resumeData != nil { + if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil { + return res, err + } + dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:])) + } + var fp FilePath err = fp.UnmarshalBinary(filePath) if err != nil { return res, err } - ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName) + ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, dataOffset) if err != nil { return res, err } @@ -1227,13 +1345,32 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err Type: FileDownload, } + if resumeData != nil { + var frd FileResumeData + frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data) + ft.fileResumeData = &frd + } + + xferSize := ffo.TransferSize() + + // Optional field for when a HL v1.5+ client requests file preview + // Used only for TEXT, JPEG, GIFF, BMP or PICT files + // The value will always be 2 + if t.GetField(fieldFileTransferOptions).Data != nil { + ft.options = t.GetField(fieldFileTransferOptions).Data + xferSize = ffo.FlatFileDataForkHeader.DataSize[:] + } + + cc.Server.mux.Lock() + defer cc.Server.mux.Unlock() cc.Server.FileTransfers[data] = ft + cc.Transfers[FileDownload] = append(cc.Transfers[FileDownload], ft) res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef), NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count - NewField(fieldTransferSize, ffo.TransferSize()), + NewField(fieldTransferSize, xferSize), NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]), )) @@ -1346,8 +1483,12 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err } // HandleUploadFile -// Special cases: -// * If the target directory contains "uploads" (case insensitive) +// Fields used in the request: +// 201 File name +// 202 File path +// 204 File transfer options "Optional +// Used only to resume download, currently has value 2" +// 108 File transfer size "Optional used if download is not resumed" func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !authorize(cc.Account.Access, accessUploadFile) { res = append(res, cc.NewErrReply(t, "You are not allowed to upload files.")) @@ -1357,6 +1498,11 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er fileName := t.GetField(fieldFileName).Data filePath := t.GetField(fieldFilePath).Data + transferOptions := t.GetField(fieldFileTransferOptions).Data + + // TODO: is this field useful for anything? + // transferSize := t.GetField(fieldTransferSize).Data + var fp FilePath if filePath != nil { if err = fp.UnmarshalBinary(filePath); err != nil { @@ -1382,7 +1528,33 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er Type: FileUpload, } - res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef))) + replyT := cc.NewReply(t, NewField(fieldRefNum, transactionRef)) + + // client has requested to resume a partially transfered file + if transferOptions != nil { + fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) + if err != nil { + return res, err + } + + fileInfo, err := FS.Stat(fullFilePath + incompleteFileSuffix) + if err != nil { + return res, err + } + + offset := make([]byte, 4) + binary.BigEndian.PutUint32(offset, uint32(fileInfo.Size())) + + fileResumeData := NewFileResumeData([]ForkInfoList{ + *NewForkInfoList(offset), + }) + + b, _ := fileResumeData.BinaryMarshal() + + replyT.Fields = append(replyT.Fields, NewField(fieldFileResumeData, b)) + } + + res = append(res, replyT) return res, err }