X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/187d6dc500784760654b740a278fef59072ca5a8..75e4191b32b72ab4ac8e267c274f37769f95c995:/hotline/transaction_handlers.go diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go index 23ac68a..7f8cbef 100644 --- a/hotline/transaction_handlers.go +++ b/hotline/transaction_handlers.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "gopkg.in/yaml.v3" - "io/ioutil" "math/big" "os" "path" @@ -249,14 +248,16 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro // By holding the option key, Hotline chat allows users to send /me formatted messages like: // *** Halcyon does stuff - // This is indicated by the presence of the optional field fieldChatOptions in the transaction payload - if t.GetField(fieldChatOptions).Data != nil { + // This is indicated by the presence of the optional field fieldChatOptions set to a value of 1. + // Most clients do not send this option for normal chat messages. + if t.GetField(fieldChatOptions).Data != nil && bytes.Equal(t.GetField(fieldChatOptions).Data, []byte{0, 1}) { formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(fieldData).Data) } + // The ChatID field is used to identify messages as belonging to a private chat. + // All clients *except* Frogblast omit this field for public chat, but Frogblast sends a value of 00 00 00 00. chatID := t.GetField(fieldChatID).Data - // a non-nil chatID indicates the message belongs to a private chat - if chatID != nil { + if chatID != nil && !bytes.Equal([]byte{0, 0, 0, 0}, chatID) { chatInt := binary.BigEndian.Uint32(chatID) privChat := cc.Server.PrivateChats[chatInt] @@ -322,14 +323,29 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data)) } - res = append(res, *reply) - id, _ := byteToInt(ID.Data) otherClient, ok := cc.Server.Clients[uint16(id)] if !ok { return res, errors.New("invalid client ID") } + // Check if target user has "Refuse private messages" flag + flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags))) + if flagBitmap.Bit(userFLagRefusePChat) == 1 { + res = append(res, + *NewTransaction( + tranServerMsg, + cc.ID, + NewField(fieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")), + NewField(fieldUserName, otherClient.UserName), + NewField(fieldUserID, *otherClient.ID), + NewField(fieldOptions, []byte{0, 2}), + ), + ) + } else { + res = append(res, *reply) + } + // Respond with auto reply if other client has it enabled if len(otherClient.AutoReply) > 0 { res = append(res, @@ -463,7 +479,7 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e return res, err } if err != nil { - panic(err) + return res, err } } } @@ -582,7 +598,7 @@ func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err err // fieldFilePath is only present for nested paths if t.GetField(fieldFilePath).Data != nil { var newFp FilePath - err := newFp.UnmarshalBinary(t.GetField(fieldFilePath).Data) + _, err := newFp.Write(t.GetField(fieldFilePath).Data) if err != nil { return nil, err } @@ -651,7 +667,7 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error res = append(res, *newT) flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(c.Flags))) - if cc.Authorize(accessDisconUser) { + if c.Authorize(accessDisconUser) { flagBitmap.SetBit(flagBitmap, userFlagAdmin, 1) } else { flagBitmap.SetBit(flagBitmap, userFlagAdmin, 0) @@ -791,6 +807,15 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er newAccess := accessBitmap{} copy(newAccess[:], getField(fieldUserAccess, &subFields).Data[:]) + // Prevent account from creating new account with greater permission + for i := 0; i < 64; i++ { + if newAccess.IsSet(i) { + if !cc.Authorize(i) { + return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), err + } + } + } + err := cc.Server.NewUser(login, string(getField(fieldUserName, &subFields).Data), string(getField(fieldUserPassword, &subFields).Data), newAccess) if err != nil { return []Transaction{}, err @@ -820,6 +845,16 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error newAccess := accessBitmap{} copy(newAccess[:], t.GetField(fieldUserAccess).Data[:]) + // Prevent account from creating new account with greater permission + for i := 0; i < 64; i++ { + if newAccess.IsSet(i) { + if !cc.Authorize(i) { + res = append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")) + return res, err + } + } + } + if err := cc.Server.NewUser(login, string(t.GetField(fieldUserName).Data), string(t.GetField(fieldUserPassword).Data), newAccess); err != nil { return []Transaction{}, err } @@ -921,7 +956,7 @@ func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err er cc.Icon = t.GetField(fieldUserIconID).Data cc.logger = cc.logger.With("name", string(cc.UserName)) - cc.logger.Infow("Login successful", "clientVersion", fmt.Sprintf("%x", cc.Version)) + cc.logger.Infow("Login successful", "clientVersion", fmt.Sprintf("%v", func() int { i, _ := byteToInt(cc.Version); return i }())) options := t.GetField(fieldOptions).Data optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options))) @@ -1005,7 +1040,7 @@ func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, e cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...) // update news on disk - if err := ioutil.WriteFile(cc.Server.ConfigDir+"MessageBoard.txt", cc.Server.FlatNews, 0644); err != nil { + if err := cc.Server.FS.WriteFile(filepath.Join(cc.Server.ConfigDir, "MessageBoard.txt"), cc.Server.FlatNews, 0644); err != nil { return res, err } @@ -1244,18 +1279,15 @@ func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, er return res, err } +// HandleDelNewsItem deletes an existing threaded news folder or category from the server. +// Fields used in the request: +// 325 News path +// Fields used in the reply: +// None func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - // Has multiple access flags: News Delete Folder (37) or News Delete Category (35) - // TODO: Implement - pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data) - // TODO: determine if path is a Folder (Bundle) or Category and check for permission - - cc.logger.Infof("DelNewsItem %v", pathStrs) - cats := cc.Server.ThreadedNews.Categories - delName := pathStrs[len(pathStrs)-1] if len(pathStrs) > 1 { for _, fp := range pathStrs[0 : len(pathStrs)-1] { @@ -1263,17 +1295,23 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e } } + if bytes.Equal(cats[delName].Type, []byte{0, 3}) { + if !cc.Authorize(accessNewsDeleteCat) { + return append(res, cc.NewErrReply(t, "You are not allowed to delete news categories.")), nil + } + } else { + if !cc.Authorize(accessNewsDeleteFldr) { + return append(res, cc.NewErrReply(t, "You are not allowed to delete news folders.")), nil + } + } + delete(cats, delName) - err = cc.Server.writeThreadedNews() - if err != nil { + if err := cc.Server.writeThreadedNews(); err != nil { return res, err } - // Reply params: none - res = append(res, cc.NewReply(t)) - - return res, err + return append(res, cc.NewReply(t)), nil } func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) { @@ -1472,7 +1510,7 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er fileTransfer := cc.newFileTransfer(FolderDownload, t.GetField(fieldFileName).Data, t.GetField(fieldFilePath).Data, transferSize) var fp FilePath - err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data) + _, err = fp.Write(t.GetField(fieldFilePath).Data) if err != nil { return res, err } @@ -1496,7 +1534,7 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) { var fp FilePath if t.GetField(fieldFilePath).Data != nil { - if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil { + if _, err = fp.Write(t.GetField(fieldFilePath).Data); err != nil { return res, err } } @@ -1541,7 +1579,7 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er var fp FilePath if filePath != nil { - if err = fp.UnmarshalBinary(filePath); err != nil { + if _, err = fp.Write(filePath); err != nil { return res, err } } @@ -1658,7 +1696,7 @@ func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, e var fp FilePath if t.GetField(fieldFilePath).Data != nil { - if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil { + if _, err = fp.Write(t.GetField(fieldFilePath).Data); err != nil { return res, err } } @@ -1702,15 +1740,33 @@ func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err targetID := t.GetField(fieldUserID).Data newChatID := cc.Server.NewPrivateChat(cc) - res = append(res, - *NewTransaction( - tranInviteToChat, - &targetID, - NewField(fieldChatID, newChatID), - NewField(fieldUserName, cc.UserName), - NewField(fieldUserID, *cc.ID), - ), - ) + // Check if target user has "Refuse private chat" flag + binary.BigEndian.Uint16(targetID) + targetClient := cc.Server.Clients[binary.BigEndian.Uint16(targetID)] + + flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(targetClient.Flags))) + if flagBitmap.Bit(userFLagRefusePChat) == 1 { + res = append(res, + *NewTransaction( + tranServerMsg, + cc.ID, + NewField(fieldData, []byte(string(targetClient.UserName)+" does not accept private chats.")), + NewField(fieldUserName, targetClient.UserName), + NewField(fieldUserID, *targetClient.ID), + NewField(fieldOptions, []byte{0, 2}), + ), + ) + } else { + res = append(res, + *NewTransaction( + tranInviteToChat, + &targetID, + NewField(fieldChatID, newChatID), + NewField(fieldUserName, cc.UserName), + NewField(fieldUserID, *cc.ID), + ), + ) + } res = append(res, cc.NewReply(t, @@ -1918,6 +1974,12 @@ func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err err return res, err } +// HandleDownloadBanner handles requests for a new banner from the server +// Fields used in the request: +// None +// Fields used in the reply: +// 107 fieldRefNum Used later for transfer +// 108 fieldTransferSize Size of data to be downloaded func HandleDownloadBanner(cc *ClientConn, t *Transaction) (res []Transaction, err error) { fi, err := cc.Server.FS.Stat(filepath.Join(cc.Server.ConfigDir, cc.Server.Config.BannerFile)) if err != nil {