mirror
/
oragono
mirror of https://github.com/oragono/oragono
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 66 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5277 Commits
19 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
oragono/irc/hostserv.go

hostserv.go 6.1KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198 
  1. // Copyright (c) 2018 Shivaram Lingamneni <slingamn@cs.stanford.edu>

  2. // released under the MIT license

  3. 

  4. package irc

  5. 

  6. import (

  7. 	"errors"

  8. 	"fmt"

  9. 	"regexp"

  10. 

  11. 	"github.com/ergochat/irc-go/ircfmt"

  12. 

  13. 	"github.com/ergochat/ergo/irc/sno"

  14. 	"github.com/ergochat/ergo/irc/utils"

  15. )

  16. 

  17. const (

  18. 	hostservHelp = `HostServ lets you manage your vhost (i.e., the string displayed

  19. in place of your client's hostname/IP).`

  20. )

  21. 

  22. var (

  23. 	errVHostBadCharacters = errors.New("Vhost contains prohibited characters")

  24. 	errVHostTooLong       = errors.New("Vhost is too long")

  25. 	// ascii only for now

  26. 	defaultValidVhostRegex = regexp.MustCompile(`^[0-9A-Za-z.\-_/]+$`)

  27. )

  28. 

  29. func hostservEnabled(config *Config) bool {

  30. 	return config.Accounts.VHosts.Enabled

  31. }

  32. 

  33. var (

  34. 	hostservCommands = map[string]*serviceCommand{

  35. 		"on": {

  36. 			handler: hsOnOffHandler,

  37. 			help: `Syntax: $bON$b

  38. 

  39. ON enables your vhost, if you have one approved.`,

  40. 			helpShort:    `$bON$b enables your vhost, if you have one approved.`,

  41. 			authRequired: true,

  42. 			enabled:      hostservEnabled,

  43. 		},

  44. 		"off": {

  45. 			handler: hsOnOffHandler,

  46. 			help: `Syntax: $bOFF$b

  47. 

  48. OFF disables your vhost, if you have one approved.`,

  49. 			helpShort:    `$bOFF$b disables your vhost, if you have one approved.`,

  50. 			authRequired: true,

  51. 			enabled:      hostservEnabled,

  52. 		},

  53. 		"status": {

  54. 			handler: hsStatusHandler,

  55. 			help: `Syntax: $bSTATUS [user]$b

  56. 

  57. STATUS displays your current vhost, if any, and whether it is enabled or

  58. disabled. A server operator can view someone else's status.`,

  59. 			helpShort: `$bSTATUS$b shows your vhost status.`,

  60. 			enabled:   hostservEnabled,

  61. 		},

  62. 		"set": {

  63. 			handler: hsSetHandler,

  64. 			help: `Syntax: $bSET <user> <vhost>$b

  65. 

  66. SET sets a user's vhost.`,

  67. 			helpShort: `$bSET$b sets a user's vhost.`,

  68. 			capabs:    []string{"vhosts"},

  69. 			enabled:   hostservEnabled,

  70. 			minParams: 2,

  71. 		},

  72. 		"del": {

  73. 			handler: hsSetHandler,

  74. 			help: `Syntax: $bDEL <user>$b

  75. 

  76. DEL deletes a user's vhost.`,

  77. 			helpShort: `$bDEL$b deletes a user's vhost.`,

  78. 			capabs:    []string{"vhosts"},

  79. 			enabled:   hostservEnabled,

  80. 			minParams: 1,

  81. 		},

  82. 		"setcloaksecret": {

  83. 			handler: hsSetCloakSecretHandler,

  84. 			help: `Syntax: $bSETCLOAKSECRET$b <secret> [code]

  85. 

  86. SETCLOAKSECRET can be used to set or rotate the cloak secret. You should use

  87. a cryptographically strong secret. To prevent accidental modification, a

  88. verification code is required; invoking the command without a code will

  89. display the necessary code.`,

  90. 			helpShort: `$bSETCLOAKSECRET$b modifies the IP cloaking secret.`,

  91. 			capabs:    []string{"vhosts", "rehash"},

  92. 			minParams: 1,

  93. 			maxParams: 2,

  94. 		},

  95. 	}

  96. )

  97. 

  98. func hsOnOffHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  99. 	enable := false

  100. 	if command == "on" {

  101. 		enable = true

  102. 	}

  103. 

  104. 	_, err := server.accounts.VHostSetEnabled(client, enable)

  105. 	if err == errNoVhost {

  106. 		service.Notice(rb, client.t(err.Error()))

  107. 	} else if err != nil {

  108. 		service.Notice(rb, client.t("An error occurred"))

  109. 	} else if enable {

  110. 		service.Notice(rb, client.t("Successfully enabled your vhost"))

  111. 	} else {

  112. 		service.Notice(rb, client.t("Successfully disabled your vhost"))

  113. 	}

  114. }

  115. 

  116. func hsStatusHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  117. 	var accountName string

  118. 	if len(params) > 0 {

  119. 		if !client.HasRoleCapabs("vhosts") {

  120. 			service.Notice(rb, client.t("Command restricted"))

  121. 			return

  122. 		}

  123. 		accountName = params[0]

  124. 	} else {

  125. 		accountName = client.Account()

  126. 		if accountName == "" {

  127. 			service.Notice(rb, client.t("You're not logged into an account"))

  128. 			return

  129. 		}

  130. 	}

  131. 

  132. 	account, err := server.accounts.LoadAccount(accountName)

  133. 	if err != nil {

  134. 		if err != errAccountDoesNotExist {

  135. 			server.logger.Warning("internal", "error loading account info", accountName, err.Error())

  136. 		}

  137. 		service.Notice(rb, client.t("No such account"))

  138. 		return

  139. 	}

  140. 

  141. 	if account.VHost.ApprovedVHost != "" {

  142. 		service.Notice(rb, fmt.Sprintf(client.t("Account %[1]s has vhost: %[2]s"), accountName, account.VHost.ApprovedVHost))

  143. 		if !account.VHost.Enabled {

  144. 			service.Notice(rb, client.t("This vhost is currently disabled, but can be enabled with /HS ON"))

  145. 		}

  146. 	} else {

  147. 		service.Notice(rb, fmt.Sprintf(client.t("Account %s has no vhost"), accountName))

  148. 	}

  149. }

  150. 

  151. func validateVhost(server *Server, vhost string, oper bool) error {

  152. 	config := server.Config()

  153. 	if len(vhost) > config.Accounts.VHosts.MaxLength {

  154. 		return errVHostTooLong

  155. 	}

  156. 	if !config.Accounts.VHosts.validRegexp.MatchString(vhost) {

  157. 		return errVHostBadCharacters

  158. 	}

  159. 	return nil

  160. }

  161. 

  162. func hsSetHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  163. 	oper := client.Oper()

  164. 	user := params[0]

  165. 	var vhost string

  166. 

  167. 	if command == "set" {

  168. 		vhost = params[1]

  169. 		if validateVhost(server, vhost, true) != nil {

  170. 			service.Notice(rb, client.t("Invalid vhost"))

  171. 			return

  172. 		}

  173. 	}

  174. 	// else: command == "del", vhost == ""

  175. 

  176. 	_, err := server.accounts.VHostSet(user, vhost)

  177. 	if err != nil {

  178. 		service.Notice(rb, client.t("An error occurred"))

  179. 	} else if vhost != "" {

  180. 		service.Notice(rb, client.t("Successfully set vhost"))

  181. 		server.snomasks.Send(sno.LocalVhosts, fmt.Sprintf("Operator %[1]s set vhost %[2]s on account %[3]s", oper.Name, vhost, user))

  182. 	} else {

  183. 		service.Notice(rb, client.t("Successfully cleared vhost"))

  184. 		server.snomasks.Send(sno.LocalVhosts, fmt.Sprintf("Operator %[1]s cleared vhost on account %[2]s", oper.Name, user))

  185. 	}

  186. }

  187. 

  188. func hsSetCloakSecretHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {

  189. 	secret := params[0]

  190. 	expectedCode := utils.ConfirmationCode(secret, server.ctime)

  191. 	if len(params) == 1 || params[1] != expectedCode {

  192. 		service.Notice(rb, ircfmt.Unescape(client.t("$bWarning: changing the cloak secret will invalidate stored ban/invite/exception lists.$b")))

  193. 		service.Notice(rb, fmt.Sprintf(client.t("To confirm, run this command: %s"), fmt.Sprintf("/HS SETCLOAKSECRET %s %s", secret, expectedCode)))

  194. 		return

  195. 	}

  196. 	StoreCloakSecret(server.dstore, secret)

  197. 	service.Notice(rb, client.t("Rotated the cloak secret; you must rehash or restart the server for it to take effect"))

  198. }