highperfocused/bostr
1
0
Fork 0
mirror of https://github.com/Yonle/bostr.git synced 2025-09-26 12:56:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

The unwelcoming way to respond unauthorized users.

Browse Source 
Signed-off-by: Yonle <yonle@lecturify.net>
This commit is contained in:
Yonle
2023-11-17 14:36:13 +07:00
parent e08d64782e
commit ad08c005ae
2 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bouncer/bouncer1.js
View File

@@ -49,17 +49,17 @@ module.exports = (ws, req) => {
switch (data[0]) { switch (data[0]) {
case "EVENT": case "EVENT":
if (!authorized) return;
if (!validateEvent(data[1])) return ws.send(JSON.stringify(["NOTICE", "error: invalid event"])); if (!validateEvent(data[1])) return ws.send(JSON.stringify(["NOTICE", "error: invalid event"]));
if (data[1].kind == 22242) return ws.send(JSON.stringify(["OK", data[1]?.id, false, "rejected: kind 22242"])); if (data[1].kind == 22242) return ws.send(JSON.stringify(["OK", data[1]?.id, false, "rejected: kind 22242"]));
if (!authorized) return ws.send(JSON.stringify(["OK", data[1]?.id, false, "unauthorized."]));
sess.prepare("INSERT INTO recentEvents VALUES (?, ?);").run(ws.id, JSON.stringify(data)); sess.prepare("INSERT INTO recentEvents VALUES (?, ?);").run(ws.id, JSON.stringify(data));
bc(data); bc(data);
ws.send(JSON.stringify(["OK", data[1]?.id, true, ""])); ws.send(JSON.stringify(["OK", data[1]?.id, true, ""]));
break; break;
case "REQ": case "REQ":
if (!authorized) return;
if (data.length < 3) return ws.send(JSON.stringify(["NOTICE", "error: bad request."])); if (data.length < 3) return ws.send(JSON.stringify(["NOTICE", "error: bad request."]));
if (typeof(data[2]) !== "object") return ws.send(JSON.stringify(["NOTICE", "expected filter to be obj, instead gives the otherwise."])); if (typeof(data[2]) !== "object") return ws.send(JSON.stringify(["NOTICE", "expected filter to be obj, instead gives the otherwise."]));
if (!authorized) return ws.send(JSON.stringify(["NOTICE", "unauthorized."]));
data[1] = ws.id + ":" + data[1]; data[1] = ws.id + ":" + data[1];
// eventname -> 1_eventname // eventname -> 1_eventname
bc(data); bc(data);
@@ -70,8 +70,8 @@ module.exports = (ws, req) => {
reqLimit.set(data[1], data[2]?.limit); reqLimit.set(data[1], data[2]?.limit);
break; break;
case "CLOSE": case "CLOSE":
if (!authorized) return;
if (typeof(data[1]) !== "string") return ws.send(JSON.stringify(["NOTICE", "error: bad request."])); if (typeof(data[1]) !== "string") return ws.send(JSON.stringify(["NOTICE", "error: bad request."]));
if (!authorized) return ws.send(JSON.stringify(["NOTICE", "unauthorized."]));
data[1] = ws.id + ":" + data[1]; data[1] = ws.id + ":" + data[1];
bc(data); bc(data);
pendingEOSE.delete(data[1]); pendingEOSE.delete(data[1]);
@@ -97,6 +97,8 @@ module.exports = (ws, req) => {
ws.on('close', _ => { ws.on('close', _ => {
console.log(process.pid, "---", "Sock", ws.id, "has disconnected."); console.log(process.pid, "---", "Sock", ws.id, "has disconnected.");
csess.delete(ws.id); csess.delete(ws.id);
if (!authorized) return;
for (i of sess.prepare("SELECT subID FROM sess WHERE cID = ?").iterate(ws.id)) { for (i of sess.prepare("SELECT subID FROM sess WHERE cID = ?").iterate(ws.id)) {
bc(["CLOSE", i.subID]); bc(["CLOSE", i.subID]);
pendingEOSE.delete(i.subID); pendingEOSE.delete(i.subID);

7
bouncer/bouncer2.js
View File

@@ -49,17 +49,17 @@ module.exports = (ws, req) => {
switch (data[0]) { switch (data[0]) {
case "EVENT": case "EVENT":
if (!authorized) return;
if (!validateEvent(data[1])) return ws.send(JSON.stringify(["NOTICE", "error: invalid event"])); if (!validateEvent(data[1])) return ws.send(JSON.stringify(["NOTICE", "error: invalid event"]));
if (data[1].kind == 22242) return ws.send(JSON.stringify(["OK", data[1]?.id, false, "rejected: kind 22242"])); if (data[1].kind == 22242) return ws.send(JSON.stringify(["OK", data[1]?.id, false, "rejected: kind 22242"]));
if (!authorized) return ws.send(JSON.stringify(["OK", data[1]?.id, false, "unauthorized."]));
sess.prepare("INSERT INTO recentEvents VALUES (?, ?);").run(ws.id, JSON.stringify(data)); sess.prepare("INSERT INTO recentEvents VALUES (?, ?);").run(ws.id, JSON.stringify(data));
bc(data, ws.id); bc(data, ws.id);
ws.send(JSON.stringify(["OK", data[1]?.id, true, ""])); ws.send(JSON.stringify(["OK", data[1]?.id, true, ""]));
break; break;
case "REQ": case "REQ":
if (!authorized) return;
if (data.length < 3) return ws.send(JSON.stringify(["NOTICE", "error: bad request."])); if (data.length < 3) return ws.send(JSON.stringify(["NOTICE", "error: bad request."]));
if (typeof(data[2]) !== "object") return ws.send(JSON.stringify(["NOTICE", "expected filter to be obj, instead gives the otherwise."])); if (typeof(data[2]) !== "object") return ws.send(JSON.stringify(["NOTICE", "expected filter to be obj, instead gives the otherwise."]));
if (!authorized) return ws.send(JSON.stringify(["NOTICE", "unauthorized."]));
// eventname -> 1_eventname // eventname -> 1_eventname
bc(data, ws.id); bc(data, ws.id);
sess.prepare("INSERT INTO sess VALUES (?, ?, ?);").run(ws.id, data[1], JSON.stringify(data[2])); sess.prepare("INSERT INTO sess VALUES (?, ?, ?);").run(ws.id, data[1], JSON.stringify(data[2]));
@@ -69,8 +69,8 @@ module.exports = (ws, req) => {
reqLimit.set(ws.id + ":" + data[1], data[2]?.limit); reqLimit.set(ws.id + ":" + data[1], data[2]?.limit);
break; break;
case "CLOSE": case "CLOSE":
if (!authorized) return;
if (typeof(data[1]) !== "string") return ws.send(JSON.stringify(["NOTICE", "error: bad request."])); if (typeof(data[1]) !== "string") return ws.send(JSON.stringify(["NOTICE", "error: bad request."]));
if (!authorized) return ws.send(JSON.stringify(["NOTICE", "unauthorized."]));
bc(data, ws.id); bc(data, ws.id);
pendingEOSE.delete(ws.id + ":" + data[1]); pendingEOSE.delete(ws.id + ":" + data[1]);
reqLimit.delete(ws.id + ":" + data[1]); reqLimit.delete(ws.id + ":" + data[1]);
@@ -97,6 +97,7 @@ module.exports = (ws, req) => {
console.log(process.pid, "---", "Sock", ws.id, "has disconnected."); console.log(process.pid, "---", "Sock", ws.id, "has disconnected.");
csess.delete(ws.id); csess.delete(ws.id);
if (!authorized) return;
sess.prepare("DELETE FROM sess WHERE cID = ?;").run(ws.id); sess.prepare("DELETE FROM sess WHERE cID = ?;").run(ws.id);
sess.prepare("DELETE FROM events WHERE cID = ?;").run(ws.id); sess.prepare("DELETE FROM events WHERE cID = ?;").run(ws.id);
sess.prepare("DELETE FROM recentEvents WHERE cID = ?;").run(ws.id); sess.prepare("DELETE FROM recentEvents WHERE cID = ?;").run(ws.id);