Commit graph

148 commits

Author SHA1 Message Date
Reto Brunner
0d9c184f19 server: fix time handling
The framework may emit messages which do not have a time stamp.
We tried to unconditionally convert the time field, fix that.

The Msg constructor replaces falsey time fields with the current
date so we can also remove the duplication from that codepath.
2024-05-16 22:15:39 +02:00
Reto Brunner
0955d9df06 Identd: fix various issues
There's a bunch of sub optimal behavior from our ident server.
For one, it allows user enumeration which we don't really want and it doesn't clean up connections that don't send any data.

Fix that
2024-05-12 11:51:18 +02:00
Reto Brunner
29fcc2da05 ident: close connections if they don't send data 2024-05-09 19:01:10 +02:00
Reto Brunner
12679081c8 ident: fix write after connection end
We only respond once to data, then half-close the connection.
Hence, we should only listen to a single data event as well,
else if the remote doesn't stop sending data we keep trying to
write to the closed write end of the pipe.
2024-05-09 19:01:10 +02:00
Reto Brunner
0e48014d5a ident: only respond if the ip,port tuples match
Per RFC 1413, The uniquely identifying tuple includes not only the ports,
but also both addresses.

If multiple connections happen to use the same local port number
(which is possible if the addresses differ), the username of the first
is returned for all, resulting in the wrong ident for all but the
first.

By not checking the connection address, the information becomes
public. Because there is only relatively small number of local ports,
and the remote ports are likely to be either 6667 or 6697, it becomes
trivial to enumerate all the users.

Co-Authored-By: Juerd Waalboer <juerd@tnx.nl>
2024-05-09 19:01:10 +02:00
Reto Brunner
4819406af5 ident: order imports 2024-05-09 17:24:53 +02:00
Max Leiter
74563effa7
Merge pull request #4869 from thelounge/tsUpdate
Ts update
2024-05-04 21:49:58 -07:00
Reto Brunner
4dfeb899b4 remove unused .d.ts file 2024-05-04 13:45:40 +02:00
Reto Brunner
3259ac596d client: fix all new linter errros 2024-05-04 12:29:57 +02:00
Reto Brunner
8eb398c5cc server: don't throw in async callback from index requests
This was flagged as an issue by codeQL

> Server crash [High]
> The server of this route handler will terminate when an
> uncaught exception from this location escapes an
> asynchronous callback.
2024-04-21 15:49:51 +02:00
Reto Brunner
fc9805545b sharedMsg: remove userAway
userAway is purely server side and we don't send it to the client
2024-04-21 15:11:52 +02:00
Reto Brunner
82e4150cc8 server: remove type cast from change pw 2024-04-21 15:11:52 +02:00
Reto Brunner
e61e356f1e server: somewhat type fix auth related functions
The auth functions are a bloody mess and need to be cleaned up.
using various callback functions and using variables as pointers makes the logic
hard to follow and hence idiotic to type too, as multiple orthogonal logic paths
are mixed up into one function.

This really needs to be untangled
2024-04-21 15:11:52 +02:00
Reto Brunner
5001d607b1 server: mark req params as unused 2024-04-21 15:11:52 +02:00
Reto Brunner
8c41356ae9 publicClient: type fix 2024-04-21 15:11:52 +02:00
Reto Brunner
e2b56cf16b irc-events/message: fix types 2024-04-21 15:11:52 +02:00
Reto Brunner
92a0affba1 kick: use the user object 2024-04-21 15:11:52 +02:00
Reto Brunner
edb96f683b cap: type the boolean 2024-04-21 15:11:52 +02:00
Reto Brunner
5c8951ffc3 fix extractTargetGroup typing 2024-04-21 15:11:52 +02:00
Reto Brunner
c3fc54e158 ignorelist: shut up the linter 2024-04-21 15:11:52 +02:00
Reto Brunner
917fdb2a0a ignore: remove dead import 2024-04-21 15:11:52 +02:00
Reto Brunner
b8400a3a46 ignore: clean up the types and conditionals
Now that ignorelist doesn't muddy the waters, we can clean up
all the funny conditional types and enforce `when`
2024-04-21 15:11:52 +02:00
Reto Brunner
071a5afda6 ignore: move ignorelist to its own command
ignorelist shares no logic with /ignore or /unignore so it shouldn't
share a file. That just makes typing awkward.
2024-04-21 15:11:52 +02:00
Reto Brunner
5274fdc21a ignore: keep happy path on the left
It is much easier to follow the control flow if error checks
are done on the indented path, immediately returning.
2024-04-21 15:11:52 +02:00
Reto Brunner
b8a9fe08ab clientCertificate: remove unsafe casts 2024-04-21 15:11:52 +02:00
Reto Brunner
a4afa08add ldap: type SearchOptions scope 2024-04-21 15:11:52 +02:00
Reto Brunner
4614c35486 chan: type untyped method params 2024-04-21 15:11:52 +02:00
Reto Brunner
540144c417 chan: remove cast in pushMessage 2024-04-21 15:11:52 +02:00
Reto Brunner
c20cd6bda1 publicClient: add FIXME and ignore the type mismatch
The publicClient interface is utterly horrific.
It allows any client to inject arbitrary events into the socket.io
event stream.
This should get wrapped into a "plugin" event so that it can get properly
typed, better yet, this should get removed completely.
2024-04-21 15:11:51 +02:00
Reto Brunner
1c4ce5d4a5 fix sync_sort:channels emitter 2024-04-21 15:11:51 +02:00
Reto Brunner
35e38d13c4 client: properly type the emit method
This breaks the world -.-
2024-04-21 15:11:51 +02:00
Reto Brunner
bf7eb0e727 network event: remove unused array
All the network events only ever emit a single copy
There's no point in wrapping it into an array
2024-04-21 15:11:51 +02:00
Reto Brunner
5ee9c2b338 type Server 2024-04-21 15:11:51 +02:00
Reto Brunner
e15b121080 remove obsolete error override 2024-04-21 15:11:51 +02:00
Reto Brunner
60486bf5e3 server: fix init client 2024-04-21 15:11:51 +02:00
Reto Brunner
46f3fd9682 server: fix push subscription 2024-04-21 15:11:51 +02:00
Reto Brunner
56215382a3 server: remove static props which are currently unused 2024-04-21 15:11:51 +02:00
Reto Brunner
0660a8772c server: fix getFilteredClone of chan 2024-04-21 15:11:51 +02:00
Reto Brunner
f5c691f37b wip: unbork init progress 2024-04-21 15:11:51 +02:00
Reto Brunner
0067c30273 Split sort event
The sort event bundled networks and channels for no reason at all.
They share none of the actual logic, so combining them just makes
the typing poor but serves no benefit.
2024-04-21 15:11:51 +02:00
Reto Brunner
843db1727b server: actually type the socket 2024-04-21 15:11:51 +02:00
Reto Brunner
b89b0cad53 client: id is always a string, not a number 2024-04-21 15:11:51 +02:00
Reto Brunner
9aee3e3e98 Some whitespace is good mkey 2024-04-21 15:11:51 +02:00
Reto Brunner
636b5c5b04 models/network: unfuck client export 2024-04-21 15:11:51 +02:00
Reto Brunner
e57e547b74 further chan fixes 2024-04-21 15:11:51 +02:00
Reto Brunner
3217536245 searchresponse 2024-04-21 15:11:51 +02:00
Reto Brunner
8e6920af1d configuration 2024-04-21 15:11:51 +02:00
Reto Brunner
7bc184b252 changelog data type 2024-04-21 15:11:51 +02:00
Reto Brunner
4d237600d5 changelog: don't type assert to a broken type
The mandatory fields are unset, stop lying to the compiler
2024-04-21 15:11:51 +02:00
Reto Brunner
12a0b0b6f9 network 2024-04-21 15:10:45 +02:00