mirror
/
oragono
mirror of https://github.com/oragono/oragono
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 67 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3420 Commits
19 Branches
Branch: labeled-response-all
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'labeled-response-all'
${ noResults }
oragono/irc/hostserv.go

hostserv.go 15KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459 
  1. // Copyright (c) 2018 Shivaram Lingamneni <slingamn@cs.stanford.edu>

  2. // released under the MIT license

  3. 

  4. package irc

  5. 

  6. import (

  7. 	"errors"

  8. 	"fmt"

  9. 	"regexp"

  10. 	"time"

  11. 

  12. 	"github.com/goshuirc/irc-go/ircfmt"

  13. 

  14. 	"github.com/oragono/oragono/irc/sno"

  15. 	"github.com/oragono/oragono/irc/utils"

  16. )

  17. 

  18. const (

  19. 	hostservHelp = `HostServ lets you manage your vhost (i.e., the string displayed

  20. in place of your client's hostname/IP).`

  21. 	hsNickMask = "HostServ!HostServ@localhost"

  22. )

  23. 

  24. var (

  25. 	errVHostBadCharacters = errors.New("Vhost contains prohibited characters")

  26. 	errVHostTooLong       = errors.New("Vhost is too long")

  27. 	// ascii only for now

  28. 	defaultValidVhostRegex = regexp.MustCompile(`^[0-9A-Za-z.\-_/]+$`)

  29. )

  30. 

  31. func hostservEnabled(config *Config) bool {

  32. 	return config.Accounts.VHosts.Enabled

  33. }

  34. 

  35. func hostservRequestsEnabled(config *Config) bool {

  36. 	return config.Accounts.VHosts.Enabled && config.Accounts.VHosts.UserRequests.Enabled

  37. }

  38. 

  39. var (

  40. 	hostservCommands = map[string]*serviceCommand{

  41. 		"on": {

  42. 			handler: hsOnOffHandler,

  43. 			help: `Syntax: $bON$b

  44. 

  45. ON enables your vhost, if you have one approved.`,

  46. 			helpShort:    `$bON$b enables your vhost, if you have one approved.`,

  47. 			authRequired: true,

  48. 			enabled:      hostservEnabled,

  49. 		},

  50. 		"off": {

  51. 			handler: hsOnOffHandler,

  52. 			help: `Syntax: $bOFF$b

  53. 

  54. OFF disables your vhost, if you have one approved.`,

  55. 			helpShort:    `$bOFF$b disables your vhost, if you have one approved.`,

  56. 			authRequired: true,

  57. 			enabled:      hostservEnabled,

  58. 		},

  59. 		"request": {

  60. 			handler: hsRequestHandler,

  61. 			help: `Syntax: $bREQUEST <vhost>$b

  62. 

  63. REQUEST requests that a new vhost by assigned to your account. The request must

  64. then be approved by a server operator.`,

  65. 			helpShort:    `$bREQUEST$b requests a new vhost, pending operator approval.`,

  66. 			authRequired: true,

  67. 			enabled:      hostservRequestsEnabled,

  68. 			minParams:    1,

  69. 		},

  70. 		"status": {

  71. 			handler: hsStatusHandler,

  72. 			help: `Syntax: $bSTATUS [user]$b

  73. 

  74. STATUS displays your current vhost, if any, and the status of your most recent

  75. request for a new one. A server operator can view someone else's status.`,

  76. 			helpShort: `$bSTATUS$b shows your vhost and request status.`,

  77. 			enabled:   hostservEnabled,

  78. 		},

  79. 		"set": {

  80. 			handler: hsSetHandler,

  81. 			help: `Syntax: $bSET <user> <vhost>$b

  82. 

  83. SET sets a user's vhost, bypassing the request system.`,

  84. 			helpShort: `$bSET$b sets a user's vhost.`,

  85. 			capabs:    []string{"vhosts"},

  86. 			enabled:   hostservEnabled,

  87. 			minParams: 2,

  88. 		},

  89. 		"del": {

  90. 			handler: hsSetHandler,

  91. 			help: `Syntax: $bDEL <user>$b

  92. 

  93. DEL deletes a user's vhost.`,

  94. 			helpShort: `$bDEL$b deletes a user's vhost.`,

  95. 			capabs:    []string{"vhosts"},

  96. 			enabled:   hostservEnabled,

  97. 			minParams: 1,

  98. 		},

  99. 		"waiting": {

  100. 			handler: hsWaitingHandler,

  101. 			help: `Syntax: $bWAITING$b

  102. 

  103. WAITING shows a list of pending vhost requests, which can then be approved

  104. or rejected.`,

  105. 			helpShort: `$bWAITING$b shows a list of pending vhost requests.`,

  106. 			capabs:    []string{"vhosts"},

  107. 			enabled:   hostservEnabled,

  108. 		},

  109. 		"approve": {

  110. 			handler: hsApproveHandler,

  111. 			help: `Syntax: $bAPPROVE <user>$b

  112. 

  113. APPROVE approves a user's vhost request.`,

  114. 			helpShort: `$bAPPROVE$b approves a user's vhost request.`,

  115. 			capabs:    []string{"vhosts"},

  116. 			enabled:   hostservEnabled,

  117. 			minParams: 1,

  118. 		},

  119. 		"reject": {

  120. 			handler: hsRejectHandler,

  121. 			help: `Syntax: $bREJECT <user> [<reason>]$b

  122. 

  123. REJECT rejects a user's vhost request, optionally giving them a reason

  124. for the rejection.`,

  125. 			helpShort:         `$bREJECT$b rejects a user's vhost request.`,

  126. 			capabs:            []string{"vhosts"},

  127. 			enabled:           hostservEnabled,

  128. 			minParams:         1,

  129. 			maxParams:         2,

  130. 			unsplitFinalParam: true,

  131. 		},

  132. 		"forbid": {

  133. 			handler: hsForbidHandler,

  134. 			help: `Syntax: $bFORBID <user>$b

  135. 

  136. FORBID prevents a user from using any vhost, including ones on the offer list.`,

  137. 			helpShort: `$bFORBID$b prevents a user from using vhosts.`,

  138. 			capabs:    []string{"vhosts"},

  139. 			enabled:   hostservEnabled,

  140. 			minParams: 1,

  141. 			maxParams: 1,

  142. 		},

  143. 		"permit": {

  144. 			handler: hsForbidHandler,

  145. 			help: `Syntax: $bPERMIT <user>$b

  146. 

  147. PERMIT undoes FORBID, allowing the user to TAKE vhosts again.`,

  148. 			helpShort: `$bPERMIT$b allows a user to use vhosts again.`,

  149. 			capabs:    []string{"vhosts"},

  150. 			enabled:   hostservEnabled,

  151. 			minParams: 1,

  152. 			maxParams: 1,

  153. 		},

  154. 		"offerlist": {

  155. 			handler: hsOfferListHandler,

  156. 			help: `Syntax: $bOFFERLIST$b

  157. 

  158. OFFERLIST lists vhosts that can be chosen without requiring operator approval;

  159. to use one of the listed vhosts, take it with /HOSTSERV TAKE.`,

  160. 			helpShort: `$bOFFERLIST$b lists vhosts that can be taken without operator approval.`,

  161. 			enabled:   hostservEnabled,

  162. 			minParams: 0,

  163. 			maxParams: 0,

  164. 		},

  165. 		"take": {

  166. 			handler: hsTakeHandler,

  167. 			help: `Syntax: $bTAKE$b <vhost>

  168. 

  169. TAKE sets your vhost to one of the vhosts in the server's offer list; to see

  170. the offered vhosts, use /HOSTSERV OFFERLIST.`,

  171. 			helpShort:    `$bTAKE$b sets your vhost to one of the options from the offer list.`,

  172. 			enabled:      hostservEnabled,

  173. 			authRequired: true,

  174. 			minParams:    1,

  175. 			maxParams:    1,

  176. 		},

  177. 		"setcloaksecret": {

  178. 			handler: hsSetCloakSecretHandler,

  179. 			help: `Syntax: $bSETCLOAKSECRET$b <secret> [code]

  180. 

  181. SETCLOAKSECRET can be used to set or rotate the cloak secret. You should use

  182. a cryptographically strong secret. To prevent accidental modification, a

  183. verification code is required; invoking the command without a code will

  184. display the necessary code.`,

  185. 			helpShort: `$bSETCLOAKSECRET$b modifies the IP cloaking secret.`,

  186. 			capabs:    []string{"vhosts", "rehash"},

  187. 			minParams: 1,

  188. 			maxParams: 2,

  189. 		},

  190. 	}

  191. )

  192. 

  193. // hsNotice sends the client a notice from HostServ

  194. func hsNotice(rb *ResponseBuffer, text string) {

  195. 	rb.Add(nil, hsNickMask, "NOTICE", rb.target.Nick(), text)

  196. }

  197. 

  198. // hsNotifyChannel notifies the designated channel of new vhost activity

  199. func hsNotifyChannel(server *Server, message string) {

  200. 	chname := server.Config().Accounts.VHosts.UserRequests.Channel

  201. 	channel := server.channels.Get(chname)

  202. 	if channel == nil {

  203. 		return

  204. 	}

  205. 	chname = channel.Name()

  206. 	for _, client := range channel.Members() {

  207. 		client.Send(nil, hsNickMask, "PRIVMSG", chname, message)

  208. 	}

  209. }

  210. 

  211. func hsOnOffHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  212. 	enable := false

  213. 	if command == "on" {

  214. 		enable = true

  215. 	}

  216. 

  217. 	_, err := server.accounts.VHostSetEnabled(client, enable)

  218. 	if err == errNoVhost {

  219. 		hsNotice(rb, client.t(err.Error()))

  220. 	} else if err != nil {

  221. 		hsNotice(rb, client.t("An error occurred"))

  222. 	} else if enable {

  223. 		hsNotice(rb, client.t("Successfully enabled your vhost"))

  224. 	} else {

  225. 		hsNotice(rb, client.t("Successfully disabled your vhost"))

  226. 	}

  227. }

  228. 

  229. func hsRequestHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  230. 	vhost := params[0]

  231. 	if validateVhost(server, vhost, false) != nil {

  232. 		hsNotice(rb, client.t("Invalid vhost"))

  233. 		return

  234. 	}

  235. 

  236. 	accountName := client.Account()

  237. 	_, err := server.accounts.VHostRequest(accountName, vhost, time.Duration(server.Config().Accounts.VHosts.UserRequests.Cooldown))

  238. 	if err != nil {

  239. 		if throttled, ok := err.(*vhostThrottleExceeded); ok {

  240. 			hsNotice(rb, fmt.Sprintf(client.t("You must wait an additional %v before making another request"), throttled.timeRemaining))

  241. 		} else if err == errVhostsForbidden {

  242. 			hsNotice(rb, client.t("An administrator has denied you the ability to use vhosts"))

  243. 		} else {

  244. 			hsNotice(rb, client.t("An error occurred"))

  245. 		}

  246. 	} else {

  247. 		hsNotice(rb, client.t("Your vhost request will be reviewed by an administrator"))

  248. 		chanMsg := fmt.Sprintf("Account %s requests vhost %s", accountName, vhost)

  249. 		hsNotifyChannel(server, chanMsg)

  250. 		server.snomasks.Send(sno.LocalVhosts, chanMsg)

  251. 	}

  252. }

  253. 

  254. func hsStatusHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  255. 	var accountName string

  256. 	if len(params) > 0 {

  257. 		if !client.HasRoleCapabs("vhosts") {

  258. 			hsNotice(rb, client.t("Command restricted"))

  259. 			return

  260. 		}

  261. 		accountName = params[0]

  262. 	} else {

  263. 		accountName = client.Account()

  264. 		if accountName == "" {

  265. 			hsNotice(rb, client.t("You're not logged into an account"))

  266. 			return

  267. 		}

  268. 	}

  269. 

  270. 	account, err := server.accounts.LoadAccount(accountName)

  271. 	if err != nil {

  272. 		if err != errAccountDoesNotExist {

  273. 			server.logger.Warning("internal", "error loading account info", accountName, err.Error())

  274. 		}

  275. 		hsNotice(rb, client.t("No such account"))

  276. 		return

  277. 	}

  278. 

  279. 	if account.VHost.Forbidden {

  280. 		hsNotice(rb, client.t("An administrator has denied you the ability to use vhosts"))

  281. 		return

  282. 	}

  283. 

  284. 	if account.VHost.ApprovedVHost != "" {

  285. 		hsNotice(rb, fmt.Sprintf(client.t("Account %[1]s has vhost: %[2]s"), accountName, account.VHost.ApprovedVHost))

  286. 		if !account.VHost.Enabled {

  287. 			hsNotice(rb, client.t("This vhost is currently disabled, but can be enabled with /HS ON"))

  288. 		}

  289. 	} else {

  290. 		hsNotice(rb, fmt.Sprintf(client.t("Account %s has no vhost"), accountName))

  291. 	}

  292. 	if account.VHost.RequestedVHost != "" {

  293. 		hsNotice(rb, fmt.Sprintf(client.t("A request is pending for vhost: %s"), account.VHost.RequestedVHost))

  294. 	}

  295. 	if account.VHost.RejectedVHost != "" {

  296. 		hsNotice(rb, fmt.Sprintf(client.t("A request was previously made for vhost: %s"), account.VHost.RejectedVHost))

  297. 		hsNotice(rb, fmt.Sprintf(client.t("It was rejected for reason: %s"), account.VHost.RejectionReason))

  298. 	}

  299. }

  300. 

  301. func validateVhost(server *Server, vhost string, oper bool) error {

  302. 	config := server.Config()

  303. 	if len(vhost) > config.Accounts.VHosts.MaxLength {

  304. 		return errVHostTooLong

  305. 	}

  306. 	if !config.Accounts.VHosts.ValidRegexp.MatchString(vhost) {

  307. 		return errVHostBadCharacters

  308. 	}

  309. 	return nil

  310. }

  311. 

  312. func hsSetHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  313. 	user := params[0]

  314. 	var vhost string

  315. 

  316. 	if command == "set" {

  317. 		vhost = params[1]

  318. 		if validateVhost(server, vhost, true) != nil {

  319. 			hsNotice(rb, client.t("Invalid vhost"))

  320. 			return

  321. 		}

  322. 	}

  323. 	// else: command == "del", vhost == ""

  324. 

  325. 	_, err := server.accounts.VHostSet(user, vhost)

  326. 	if err != nil {

  327. 		hsNotice(rb, client.t("An error occurred"))

  328. 	} else if vhost != "" {

  329. 		hsNotice(rb, client.t("Successfully set vhost"))

  330. 	} else {

  331. 		hsNotice(rb, client.t("Successfully cleared vhost"))

  332. 	}

  333. }

  334. 

  335. func hsWaitingHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  336. 	requests, total := server.accounts.VHostListRequests(10)

  337. 	hsNotice(rb, fmt.Sprintf(client.t("There are %[1]d pending requests for vhosts (%[2]d displayed)"), total, len(requests)))

  338. 	for i, request := range requests {

  339. 		hsNotice(rb, fmt.Sprintf(client.t("%[1]d. User %[2]s requests vhost: %[3]s"), i+1, request.Account, request.RequestedVHost))

  340. 	}

  341. }

  342. 

  343. func hsApproveHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  344. 	user := params[0]

  345. 

  346. 	vhostInfo, err := server.accounts.VHostApprove(user)

  347. 	if err != nil {

  348. 		hsNotice(rb, client.t("An error occurred"))

  349. 	} else {

  350. 		hsNotice(rb, fmt.Sprintf(client.t("Successfully approved vhost request for %s"), user))

  351. 		chanMsg := fmt.Sprintf("Oper %[1]s approved vhost %[2]s for account %[3]s", client.Nick(), vhostInfo.ApprovedVHost, user)

  352. 		hsNotifyChannel(server, chanMsg)

  353. 		server.snomasks.Send(sno.LocalVhosts, chanMsg)

  354. 		for _, client := range server.accounts.AccountToClients(user) {

  355. 			client.Send(nil, hsNickMask, "NOTICE", client.Nick(), client.t("Your vhost request was approved by an administrator"))

  356. 		}

  357. 	}

  358. }

  359. 

  360. func hsRejectHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  361. 	var reason string

  362. 	user := params[0]

  363. 	if len(params) > 1 {

  364. 		reason = params[1]

  365. 	}

  366. 

  367. 	vhostInfo, err := server.accounts.VHostReject(user, reason)

  368. 	if err != nil {

  369. 		hsNotice(rb, client.t("An error occurred"))

  370. 	} else {

  371. 		hsNotice(rb, fmt.Sprintf(client.t("Successfully rejected vhost request for %s"), user))

  372. 		chanMsg := fmt.Sprintf("Oper %s rejected vhost %s for account %s, with the reason: %v", client.Nick(), vhostInfo.RejectedVHost, user, reason)

  373. 		hsNotifyChannel(server, chanMsg)

  374. 		server.snomasks.Send(sno.LocalVhosts, chanMsg)

  375. 		for _, client := range server.accounts.AccountToClients(user) {

  376. 			if reason == "" {

  377. 				client.Send(nil, hsNickMask, "NOTICE", client.Nick(), client.t("Your vhost request was rejected by an administrator"))

  378. 			} else {

  379. 				client.Send(nil, hsNickMask, "NOTICE", client.Nick(), fmt.Sprintf(client.t("Your vhost request was rejected by an administrator. The reason given was: %s"), reason))

  380. 			}

  381. 		}

  382. 	}

  383. }

  384. 

  385. func hsForbidHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  386. 	user := params[0]

  387. 	forbidden := command == "forbid"

  388. 

  389. 	_, err := server.accounts.VHostForbid(user, forbidden)

  390. 	if err == errAccountDoesNotExist {

  391. 		hsNotice(rb, client.t("No such account"))

  392. 	} else if err != nil {

  393. 		hsNotice(rb, client.t("An error occurred"))

  394. 	} else {

  395. 		if forbidden {

  396. 			hsNotice(rb, fmt.Sprintf(client.t("User %s is no longer allowed to use vhosts"), user))

  397. 		} else {

  398. 			hsNotice(rb, fmt.Sprintf(client.t("User %s is now allowed to use vhosts"), user))

  399. 		}

  400. 	}

  401. }

  402. 

  403. func hsOfferListHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  404. 	vhostConfig := server.Config().Accounts.VHosts

  405. 	if len(vhostConfig.OfferList) == 0 {

  406. 		if vhostConfig.UserRequests.Enabled {

  407. 			hsNotice(rb, client.t("The server does not offer any vhosts, but you can request one with /HOSTSERV REQUEST"))

  408. 		} else {

  409. 			hsNotice(rb, client.t("The server does not offer any vhosts"))

  410. 		}

  411. 	} else {

  412. 		hsNotice(rb, client.t("The following vhosts are available and can be chosen with /HOSTSERV TAKE:"))

  413. 		for _, vhost := range vhostConfig.OfferList {

  414. 			hsNotice(rb, vhost)

  415. 		}

  416. 	}

  417. }

  418. 

  419. func hsTakeHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  420. 	config := server.Config()

  421. 	vhost := params[0]

  422. 	found := false

  423. 	for _, offered := range config.Accounts.VHosts.OfferList {

  424. 		if offered == vhost {

  425. 			found = true

  426. 		}

  427. 	}

  428. 	if !found {

  429. 		hsNotice(rb, client.t("That vhost isn't being offered by the server"))

  430. 		return

  431. 	}

  432. 

  433. 	account := client.Account()

  434. 	_, err := server.accounts.VHostTake(account, vhost, time.Duration(config.Accounts.VHosts.UserRequests.Cooldown))

  435. 	if err != nil {

  436. 		if throttled, ok := err.(*vhostThrottleExceeded); ok {

  437. 			hsNotice(rb, fmt.Sprintf(client.t("You must wait an additional %v before taking a vhost"), throttled.timeRemaining))

  438. 		} else if err == errVhostsForbidden {

  439. 			hsNotice(rb, client.t("An administrator has denied you the ability to use vhosts"))

  440. 		} else {

  441. 			hsNotice(rb, client.t("An error occurred"))

  442. 		}

  443. 	} else {

  444. 		hsNotice(rb, client.t("Successfully set vhost"))

  445. 		server.snomasks.Send(sno.LocalVhosts, fmt.Sprintf("Client %s (account %s) took vhost %s", client.Nick(), account, vhost))

  446. 	}

  447. }

  448. 

  449. func hsSetCloakSecretHandler(server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  450. 	secret := params[0]

  451. 	expectedCode := utils.ConfirmationCode(secret, server.ctime)

  452. 	if len(params) == 1 || params[1] != expectedCode {

  453. 		hsNotice(rb, ircfmt.Unescape(client.t("$bWarning: changing the cloak secret will invalidate stored ban/invite/exception lists.$b")))

  454. 		hsNotice(rb, fmt.Sprintf(client.t("To confirm, run this command: %s"), fmt.Sprintf("/HS SETCLOAKSECRET %s %s", secret, expectedCode)))

  455. 		return

  456. 	}

  457. 	StoreCloakSecret(server.store, secret)

  458. 	hsNotice(rb, client.t("Rotated the cloak secret; you must rehash or restart the server for it to take effect"))

  459. }