X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/72dd37f1abb2b550aaaac48eac677403d5664797..003a743e6767b3041c3a8321566c3586d73b399a:/hotline/transaction_handlers.go?ds=sidebyside

diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go
index 46f96eb..270f73e 100644
--- a/hotline/transaction_handlers.go
+++ b/hotline/transaction_handlers.go
@@ -9,6 +9,7 @@ import (
 	"io/ioutil"
 	"math/big"
 	"os"
+	"path"
 	"sort"
 	"strings"
 	"time"
@@ -44,13 +45,10 @@ var TransactionHandlers = map[uint16]TransactionType{
 		Name: "tranNotifyDeleteUser",
 	},
 	tranAgreed: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranAgreed",
 		Handler: HandleTranAgreed,
 	},
 	tranChatSend: {
-		Access:  accessSendChat,
-		DenyMsg: "You are not allowed to participate in chat.",
 		Handler: HandleChatSend,
 		Name:    "tranChatSend",
 		RequiredFields: []requiredField{
@@ -67,20 +65,16 @@ var TransactionHandlers = map[uint16]TransactionType{
 		Handler: HandleDelNewsArt,
 	},
 	tranDelNewsItem: {
-		Access: accessAlwaysAllow, // Granular access enforced inside the handler
 		// Has multiple access flags: News Delete Folder (37) or News Delete Category (35)
 		// TODO: Implement inside the handler
 		Name:    "tranDelNewsItem",
 		Handler: HandleDelNewsItem,
 	},
 	tranDeleteFile: {
-		Access:  accessAlwaysAllow, // Granular access enforced inside the handler
 		Name:    "tranDeleteFile",
 		Handler: HandleDeleteFile,
 	},
 	tranDeleteUser: {
-		Access:  accessDeleteUser,
-		DenyMsg: "You are not allowed to delete accounts.",
 		Name:    "tranDeleteUser",
 		Handler: HandleDeleteUser,
 	},
@@ -109,12 +103,10 @@ var TransactionHandlers = map[uint16]TransactionType{
 		Handler: HandleGetClientConnInfoText,
 	},
 	tranGetFileInfo: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranGetFileInfo",
 		Handler: HandleGetFileInfo,
 	},
 	tranGetFileNameList: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranGetFileNameList",
 		Handler: HandleGetFileNameList,
 	},
@@ -143,13 +135,11 @@ var TransactionHandlers = map[uint16]TransactionType{
 		Handler: HandleGetNewsCatNameList,
 	},
 	tranGetUser: {
-		Access:  accessOpenUser,
 		DenyMsg: "You are not allowed to view accounts.",
 		Name:    "tranGetUser",
 		Handler: HandleGetUser,
 	},
 	tranGetUserNameList: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranHandleGetUserNameList",
 		Handler: HandleGetUserNameList,
 	},
@@ -166,17 +156,14 @@ var TransactionHandlers = map[uint16]TransactionType{
 		Handler: HandleInviteToChat,
 	},
 	tranJoinChat: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranJoinChat",
 		Handler: HandleJoinChat,
 	},
 	tranKeepAlive: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranKeepAlive",
 		Handler: HandleKeepAlive,
 	},
 	tranLeaveChat: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranJoinChat",
 		Handler: HandleLeaveChat,
 	},
@@ -230,14 +217,13 @@ var TransactionHandlers = map[uint16]TransactionType{
 		Handler: HandlePostNewsArt,
 	},
 	tranRejectChatInvite: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranRejectChatInvite",
 		Handler: HandleRejectChatInvite,
 	},
 	tranSendInstantMsg: {
 		Access: accessAlwaysAllow,
-		//Access: accessSendPrivMsg,
-		//DenyMsg: "You are not allowed to send private messages",
+		// Access: accessSendPrivMsg,
+		// DenyMsg: "You are not allowed to send private messages",
 		Name:    "tranSendInstantMsg",
 		Handler: HandleSendInstantMsg,
 		RequiredFields: []requiredField{
@@ -251,17 +237,23 @@ var TransactionHandlers = map[uint16]TransactionType{
 		},
 	},
 	tranSetChatSubject: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranSetChatSubject",
 		Handler: HandleSetChatSubject,
 	},
+	tranMakeFileAlias: {
+		Name:    "tranMakeFileAlias",
+		Handler: HandleMakeAlias,
+		RequiredFields: []requiredField{
+			{ID: fieldFileName, minLen: 1},
+			{ID: fieldFilePath, minLen: 1},
+			{ID: fieldFileNewPath, minLen: 1},
+		},
+	},
 	tranSetClientUserInfo: {
-		Access:  accessAlwaysAllow,
 		Name:    "tranSetClientUserInfo",
 		Handler: HandleSetClientUserInfo,
 	},
 	tranSetFileInfo: {
-		Access:  accessAlwaysAllow, // granular access is in the handler
 		Name:    "tranSetFileInfo",
 		Handler: HandleSetFileInfo,
 	},
@@ -272,13 +264,10 @@ var TransactionHandlers = map[uint16]TransactionType{
 		Handler: HandleSetUser,
 	},
 	tranUploadFile: {
-		Access:  accessUploadFile,
-		DenyMsg: "You are not allowed to upload files.",
 		Name:    "tranUploadFile",
 		Handler: HandleUploadFile,
 	},
 	tranUploadFldr: {
-		Access:  accessAlwaysAllow, // TODO: what should this be?
 		Name:    "tranUploadFldr",
 		Handler: HandleUploadFolder,
 	},
@@ -291,6 +280,11 @@ var TransactionHandlers = map[uint16]TransactionType{
 }
 
 func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+	if !authorize(cc.Account.Access, accessSendChat) {
+		res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat."))
+		return res, err
+	}
+
 	// Truncate long usernames
 	trunc := fmt.Sprintf("%13s", cc.UserName)
 	formattedMsg := fmt.Sprintf("\r%.14s:  %s", trunc, t.GetField(fieldData).Data)
@@ -346,13 +340,13 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro
 //	101	Data	Optional
 //	214	Quoting message	Optional
 //
-//Fields used in the reply:
+// Fields used in the reply:
 // None
 func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	msg := t.GetField(fieldData)
 	ID := t.GetField(fieldUserID)
 	// TODO: Implement reply quoting
-	//options := transaction.GetField(hotline.fieldOptions)
+	// options := transaction.GetField(hotline.fieldOptions)
 
 	res = append(res,
 		*NewTransaction(
@@ -366,23 +360,18 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er
 	)
 	id, _ := byteToInt(ID.Data)
 
-	//keys := make([]uint16, 0, len(cc.Server.Clients))
-	//for k := range cc.Server.Clients {
-	//	keys = append(keys, k)
-	//}
-
 	otherClient := cc.Server.Clients[uint16(id)]
 	if otherClient == nil {
 		return res, errors.New("ohno")
 	}
 
 	// Respond with auto reply if other client has it enabled
-	if len(*otherClient.AutoReply) > 0 {
+	if len(otherClient.AutoReply) > 0 {
 		res = append(res,
 			*NewTransaction(
 				tranServerMsg,
 				cc.ID,
-				NewField(fieldData, *otherClient.AutoReply),
+				NewField(fieldData, otherClient.AutoReply),
 				NewField(fieldUserName, otherClient.UserName),
 				NewField(fieldUserID, *otherClient.ID),
 				NewField(fieldOptions, []byte{0, 1}),
@@ -396,16 +385,16 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er
 }
 
 func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-	fileName := string(t.GetField(fieldFileName).Data)
-	filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
+	fileName := t.GetField(fieldFileName).Data
+	filePath := t.GetField(fieldFilePath).Data
 
-	ffo, err := NewFlattenedFileObject(filePath, fileName)
+	ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
 	if err != nil {
 		return res, err
 	}
 
 	res = append(res, cc.NewReply(t,
-		NewField(fieldFileName, []byte(fileName)),
+		NewField(fieldFileName, fileName),
 		NewField(fieldFileTypeString, ffo.FlatFileInformationFork.TypeSignature),
 		NewField(fieldFileCreatorString, ffo.FlatFileInformationFork.CreatorSignature),
 		NewField(fieldFileComment, ffo.FlatFileInformationFork.Comment),
@@ -426,14 +415,24 @@ func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
 // * 210	File comment	Optional
 // Fields used in the reply:	None
 func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-	fileName := string(t.GetField(fieldFileName).Data)
-	filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
-	//fileComment := t.GetField(fieldFileComment).Data
+	fileName := t.GetField(fieldFileName).Data
+	filePath := t.GetField(fieldFilePath).Data
+
+	fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+	if err != nil {
+		return res, err
+	}
+
+	fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(fieldFileNewName).Data)
+	if err != nil {
+		return nil, err
+	}
+
+	// fileComment := t.GetField(fieldFileComment).Data
 	fileNewName := t.GetField(fieldFileNewName).Data
 
 	if fileNewName != nil {
-		path := filePath + "/" + fileName
-		fi, err := os.Stat(path)
+		fi, err := FS.Stat(fullFilePath)
 		if err != nil {
 			return res, err
 		}
@@ -450,9 +449,9 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
 			}
 		}
 
-		err = os.Rename(filePath+"/"+fileName, filePath+"/"+string(fileNewName))
+		err = os.Rename(fullFilePath, fullNewFilePath)
 		if os.IsNotExist(err) {
-			res = append(res, cc.NewErrReply(t, "Cannot rename file "+fileName+" because it does not exist or cannot be found."))
+			res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found."))
 			return res, err
 		}
 	}
@@ -467,16 +466,19 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
 // * 202	File path
 // Fields used in the reply: none
 func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-	fileName := string(t.GetField(fieldFileName).Data)
-	filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
+	fileName := t.GetField(fieldFileName).Data
+	filePath := t.GetField(fieldFilePath).Data
 
-	path := filePath + fileName
+	fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+	if err != nil {
+		return res, err
+	}
 
-	cc.Server.Logger.Debugw("Delete file", "src", path)
+	cc.Server.Logger.Debugw("Delete file", "src", fullFilePath)
 
-	fi, err := os.Stat(path)
+	fi, err := os.Stat(fullFilePath)
 	if err != nil {
-		res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found."))
+		res = append(res, cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found."))
 		return res, nil
 	}
 	switch mode := fi.Mode(); {
@@ -492,7 +494,7 @@ func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
 		}
 	}
 
-	if err := os.RemoveAll(path); err != nil {
+	if err := os.RemoveAll(fullFilePath); err != nil {
 		return res, err
 	}
 
@@ -503,13 +505,13 @@ func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
 // HandleMoveFile moves files or folders. Note: seemingly not documented
 func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	fileName := string(t.GetField(fieldFileName).Data)
-	filePath :=  cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
-	fileNewPath :=  cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFileNewPath).Data)
+	filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
+	fileNewPath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFileNewPath).Data)
 
 	cc.Server.Logger.Debugw("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
 
-	path := filePath + "/" + fileName
-	fi, err := os.Stat(path)
+	fp := filePath + "/" + fileName
+	fi, err := os.Stat(fp)
 	if err != nil {
 		return res, err
 	}
@@ -542,18 +544,33 @@ func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err erro
 
 func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	newFolderPath := cc.Server.Config.FileRoot
+	folderName := string(t.GetField(fieldFileName).Data)
+
+	folderName = path.Join("/", folderName)
 
 	// fieldFilePath is only present for nested paths
 	if t.GetField(fieldFilePath).Data != nil {
 		var newFp FilePath
-		newFp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
+		err := newFp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
+		if err != nil {
+			return nil, err
+		}
 		newFolderPath += newFp.String()
 	}
-	newFolderPath += "/" + string(t.GetField(fieldFileName).Data)
+	newFolderPath = path.Join(newFolderPath, folderName)
 
-	if err := os.Mkdir(newFolderPath, 0777); err != nil {
-		// TODO: Send error response to client
-		return []Transaction{}, err
+	// TODO: check path and folder name lengths
+
+	if _, err := FS.Stat(newFolderPath); !os.IsNotExist(err) {
+		msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that name.", folderName)
+		return []Transaction{cc.NewErrReply(t, msg)}, nil
+	}
+
+	// TODO: check for disallowed characters to maintain compatibility for original client
+
+	if err := FS.Mkdir(newFolderPath, 0777); err != nil {
+		msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName)
+		return []Transaction{cc.NewErrReply(t, msg)}, nil
 	}
 
 	res = append(res, cc.NewReply(t))
@@ -615,16 +632,17 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
 		}
 	}
 
-	// TODO: If we have just promoted a connected user to admin, notify
-	// connected clients to turn the user red
-
 	res = append(res, cc.NewReply(t))
 	return res, err
 }
 
 func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-	userLogin := string(t.GetField(fieldUserLogin).Data)
-	account := cc.Server.Accounts[userLogin]
+	if !authorize(cc.Account.Access, accessOpenUser) {
+		res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
+		return res, err
+	}
+
+	account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)]
 	if account == nil {
 		errorT := cc.NewErrReply(t, "Account does not exist.")
 		res = append(res, errorT)
@@ -644,7 +662,7 @@ func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err err
 	var userFields []Field
 	// TODO: make order deterministic
 	for _, acc := range cc.Server.Accounts {
-		userField := acc.Payload()
+		userField := acc.MarshalBinary()
 		userFields = append(userFields, NewField(fieldData, userField))
 	}
 
@@ -677,6 +695,11 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
 }
 
 func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+	if !authorize(cc.Account.Access, accessDeleteUser) {
+		res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
+		return res, err
+	}
+
 	// TODO: Handle case where account doesn't exist; e.g. delete race condition
 	login := DecodeUserString(t.GetField(fieldUserLogin).Data)
 
@@ -776,27 +799,9 @@ func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, e
 	return res, err
 }
 
-func (cc *ClientConn) notifyNewUserHasJoined() (res []Transaction, err error) {
-	// Notify other ccs that a new user has connected
-	cc.NotifyOthers(
-		*NewTransaction(
-			tranNotifyChangeUser, nil,
-			NewField(fieldUserName, cc.UserName),
-			NewField(fieldUserID, *cc.ID),
-			NewField(fieldUserIconID, *cc.Icon),
-			NewField(fieldUserFlags, *cc.Flags),
-		),
-	)
-
-	return res, nil
-}
-
 func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-	bs := make([]byte, 2)
-	binary.BigEndian.PutUint16(bs, *cc.Server.NextGuestID)
-
+	cc.Agreed = true
 	cc.UserName = t.GetField(fieldUserName).Data
-	*cc.ID = bs
 	*cc.Icon = t.GetField(fieldUserIconID).Data
 
 	options := t.GetField(fieldOptions).Data
@@ -818,12 +823,20 @@ func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err er
 
 	// Check auto response
 	if optBitmap.Bit(autoResponse) == 1 {
-		*cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+		cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
 	} else {
-		*cc.AutoReply = []byte{}
+		cc.AutoReply = []byte{}
 	}
 
-	_, _ = cc.notifyNewUserHasJoined()
+	cc.notifyOthers(
+		*NewTransaction(
+			tranNotifyChangeUser, nil,
+			NewField(fieldUserName, cc.UserName),
+			NewField(fieldUserID, *cc.ID),
+			NewField(fieldUserIconID, *cc.Icon),
+			NewField(fieldUserFlags, *cc.Flags),
+		),
+	)
 
 	res = append(res, cc.NewReply(t))
 
@@ -979,9 +992,9 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction
 	var cat NewsCategoryListData15
 	cats := cc.Server.ThreadedNews.Categories
 
-	for _, path := range pathStrs {
-		cat = cats[path]
-		cats = cats[path].SubCats
+	for _, fp := range pathStrs {
+		cat = cats[fp]
+		cats = cats[fp].SubCats
 	}
 
 	nald := cat.GetNewsArtListData()
@@ -992,7 +1005,7 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction
 
 func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	// Request fields
-	// 325	News path
+	// 325	News fp
 	// 326	News article ID
 	// 327	News article data flavor
 
@@ -1001,9 +1014,9 @@ func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, er
 	var cat NewsCategoryListData15
 	cats := cc.Server.ThreadedNews.Categories
 
-	for _, path := range pathStrs {
-		cat = cats[path]
-		cats = cats[path].SubCats
+	for _, fp := range pathStrs {
+		cat = cats[fp]
+		cats = cats[fp].SubCats
 	}
 	newsArtID := t.GetField(fieldNewsArtID).Data
 
@@ -1114,7 +1127,7 @@ func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err e
 	newArt := NewsArtData{
 		Title:         string(t.GetField(fieldNewsArtTitle).Data),
 		Poster:        string(cc.UserName),
-		Date:          NewsDate(),
+		Date:          toHotlineTime(time.Now()),
 		PrevArt:       []byte{0, 0, 0, 0},
 		NextArt:       []byte{0, 0, 0, 0},
 		ParentArt:     append([]byte{0, 0}, t.GetField(fieldNewsArtID).Data...),
@@ -1170,9 +1183,15 @@ func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error
 
 func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	fileName := t.GetField(fieldFileName).Data
-	filePath := ReadFilePath(t.GetField(fieldFilePath).Data)
+	filePath := t.GetField(fieldFilePath).Data
+
+	var fp FilePath
+	err = fp.UnmarshalBinary(filePath)
+	if err != nil {
+		return res, err
+	}
 
-	ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot+filePath, string(fileName))
+	ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
 	if err != nil {
 		return res, err
 	}
@@ -1180,11 +1199,9 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err
 	transactionRef := cc.Server.NewTransactionRef()
 	data := binary.BigEndian.Uint32(transactionRef)
 
-	cc.Server.Logger.Infow("File download", "path", filePath)
-
 	ft := &FileTransfer{
 		FileName:        fileName,
-		FilePath:        []byte(filePath),
+		FilePath:        filePath,
 		ReferenceNumber: transactionRef,
 		Type:            FileDownload,
 	}
@@ -1240,9 +1257,16 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er
 	cc.Transfers[FolderDownload] = append(cc.Transfers[FolderDownload], fileTransfer)
 
 	var fp FilePath
-	fp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
+	err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
+	if err != nil {
+		return res, err
+	}
+
+	fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data)
+	if err != nil {
+		return res, err
+	}
 
-	fullFilePath := fmt.Sprintf("%v%v", cc.Server.Config.FileRoot+fp.String(), string(fileTransfer.FileName))
 	transferSize, err := CalcTotalSize(fullFilePath)
 	if err != nil {
 		return res, err
@@ -1286,32 +1310,29 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err
 }
 
 func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+	// TODO: add permission handing for upload folders and drop boxes
+	if !authorize(cc.Account.Access, accessUploadFile) {
+		res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
+		return res, err
+	}
+
 	fileName := t.GetField(fieldFileName).Data
 	filePath := t.GetField(fieldFilePath).Data
 
 	transactionRef := cc.Server.NewTransactionRef()
 	data := binary.BigEndian.Uint32(transactionRef)
 
-	fileTransfer := &FileTransfer{
+	cc.Server.FileTransfers[data] = &FileTransfer{
 		FileName:        fileName,
 		FilePath:        filePath,
 		ReferenceNumber: transactionRef,
 		Type:            FileUpload,
 	}
 
-	cc.Server.FileTransfers[data] = fileTransfer
-
 	res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef)))
 	return res, err
 }
 
-// User options
-const (
-	refusePM     = 0
-	refuseChat   = 1
-	autoResponse = 2
-)
-
 func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	var icon []byte
 	if len(t.GetField(fieldUserIconID).Data) == 4 {
@@ -1329,23 +1350,17 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction,
 		optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
 		flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags)))
 
-		// Check refuse private PM option
-		if optBitmap.Bit(refusePM) == 1 {
-			flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1)
-			binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
-		}
+		flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM))
+		binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
 
-		// Check refuse private chat option
-		if optBitmap.Bit(refuseChat) == 1 {
-			flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1)
-			binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
-		}
+		flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat))
+		binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
 
 		// Check auto response
 		if optBitmap.Bit(autoResponse) == 1 {
-			*cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+			cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
 		} else {
-			*cc.AutoReply = []byte{}
+			cc.AutoReply = []byte{}
 		}
 	}
 
@@ -1361,9 +1376,9 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction,
 	return res, err
 }
 
-// HandleKeepAlive response to keepalive transactions with an empty reply
-// HL 1.9.2 Client sends keepalive msg every 3 minutes
-// HL 1.2.3 Client doesn't send keepalives
+// HandleKeepAlive responds to keepalive transactions with an empty reply
+// * HL 1.9.2 Client sends keepalive msg every 3 minutes
+// * HL 1.2.3 Client doesn't send keepalives
 func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	res = append(res, cc.NewReply(t))
 
@@ -1371,14 +1386,16 @@ func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err err
 }
 
 func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-	filePath := cc.Server.Config.FileRoot
-
-	path := t.GetField(fieldFilePath).Data
-	if len(path) > 0 {
-		filePath = cc.Server.Config.FileRoot + ReadFilePath(path)
+	fullPath, err := readPath(
+		cc.Server.Config.FileRoot,
+		t.GetField(fieldFilePath).Data,
+		nil,
+	)
+	if err != nil {
+		return res, err
 	}
 
-	fileNames, err := getFileNameList(filePath)
+	fileNames, err := getFileNameList(fullPath)
 	if err != nil {
 		return res, err
 	}
@@ -1575,3 +1592,41 @@ func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, er
 
 	return res, err
 }
+
+// HandleMakeAlias makes a file alias using the specified path.
+// Fields used in the request:
+// 201	File name
+// 202	File path
+// 212	File new path	Destination path
+//
+// Fields used in the reply:
+// None
+func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+	if !authorize(cc.Account.Access, accessMakeAlias) {
+		res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases."))
+		return res, err
+	}
+	fileName := t.GetField(fieldFileName).Data
+	filePath := t.GetField(fieldFilePath).Data
+	fileNewPath := t.GetField(fieldFileNewPath).Data
+
+	fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+	if err != nil {
+		return res, err
+	}
+
+	fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, fileNewPath, fileName)
+	if err != nil {
+		return res, err
+	}
+
+	cc.Server.Logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
+
+	if err := FS.Symlink(fullFilePath, fullNewFilePath); err != nil {
+		res = append(res, cc.NewErrReply(t, "Error creating alias"))
+		return res, nil
+	}
+
+	res = append(res, cc.NewReply(t))
+	return res, err
+}