moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #314 from calzoneman/dev 

Dev
This commit is contained in:
Calvin Montgomery 2013-12-05 19:32:56 -08:00
parent d0544a8eb8 3ced278bd0
commit 1a44d7ca31
5 changed files with 176 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
lib/api.js
View File

@ -183,9 +183,9 @@ module.exports = function (Server) {
app.post("/api/login", function (req, res) {
res.type("application/jsonp");
res.setHeader("Access-Control-Allow-Origin", "*");
var name = req.body.name;
var pw = req.body.pw;
var session = req.body.session;
var name = req.body.name || "";
var pw = req.body.pw || "";
var session = req.body.session || "";
// for some reason CyTube previously allowed guest logins
// over the API...wat
@ -226,6 +226,15 @@ module.exports = function (Server) {
res.setHeader("Access-Control-Allow-Origin", "*");
var name = req.body.name;
var pw = req.body.pw;
if (typeof name !== "string" ||
typeof pw !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
var ip = getIP(req);
// Limit registrations per IP within a certain time period
@ -300,6 +309,17 @@ module.exports = function (Server) {
var oldpw = req.body.oldpw;
var newpw = req.body.newpw;
if (typeof name !== "string" ||
typeof oldpw !== "string" ||
typeof newpw !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
if(!oldpw || !newpw) {
res.jsonp({
success: false,
@ -340,6 +360,15 @@ module.exports = function (Server) {
res.setHeader("Access-Control-Allow-Origin", "*");
var name = req.body.name;
var email = req.body.email;
if (typeof name !== "string" ||
typeof email !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
var ip = getIP(req);
var hash = false;
@ -407,6 +436,14 @@ module.exports = function (Server) {
app.get("/api/account/passwordrecover", function (req, res) {
res.type("application/jsonp");
var hash = req.query.hash;
if (typeof hash !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
var ip = getIP(req);
db.recoverUserPassword(hash, function (err, auth) {
@ -457,6 +494,25 @@ module.exports = function (Server) {
var session = req.body.session;
var img = req.body.profile_image;
var text = req.body.profile_text;
if (typeof name !== "string" ||
typeof session !== "string" ||
typeof img !== "string" ||
typeof text !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
if (img.length > 255) {
img = img.substring(0, 255);
}
if (text.length > 255) {
text = text.substring(0, 255);
}
db.userLoginSession(name, session, function (err, row) {
if(err) {
@ -507,6 +563,18 @@ module.exports = function (Server) {
var pw = req.body.pw;
var email = req.body.email;
if (typeof name !== "string" ||
typeof pw !== "string" ||
typeof email !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
if(!email.match(/^[\w_\.]+@[\w_\.]+[a-z]+$/i)) {
res.jsonp({
success: false,
@ -555,6 +623,16 @@ module.exports = function (Server) {
var name = req.query.name;
var session = req.query.session;
if (typeof name !== "string" ||
typeof session !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
db.userLoginSession(name, session, function (err, row) {
if(err) {
res.jsonp({
@ -593,6 +671,17 @@ module.exports = function (Server) {
var session = req.query.session;
var types = req.query.actions;
if (typeof name !== "string" ||
typeof session !== "string" ||
typeof types !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
db.userLoginSession(name, session, function (err, row) {
if(err) {
if(err !== "Invalid session" &&
@ -644,6 +733,16 @@ module.exports = function (Server) {
var name = req.query.name;
var session = req.query.session;
if (typeof name !== "string" ||
typeof session !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
db.userLoginSession(name, session, function (err, row) {
if(err) {
if(err !== "Invalid session" &&
@ -671,6 +770,16 @@ module.exports = function (Server) {
var name = req.query.name;
var session = req.query.session;
if (typeof name !== "string" ||
typeof session !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
db.userLoginSession(name, session, function (err, row) {
if(err) {
if(err !== "Invalid session" &&
@ -698,6 +807,16 @@ module.exports = function (Server) {
var name = req.query.name;
var session = req.query.session;
if (typeof name !== "string" ||
typeof session !== "string") {
res.status(400);
res.jsonp({
success: false,
error: "Invalid request"
});
return;
}
db.userLoginSession(name, session, function (err, row) {
if(err) {
if(err !== "Invalid session" &&

60
lib/channel.js
View File

@ -826,6 +826,9 @@ Channel.prototype.handlePendingJoins = function () {
};
Channel.prototype.userJoin = function(user, password) {
if (typeof password === "string" && password.length > 100) {
password = password.substring(0, 100);
}
var self = this;
if (!self.ready) {
self.addPendingJoin(user, password);
@ -1869,12 +1872,13 @@ Channel.prototype.tryUpdate = function(user, data) {
return;
}
if(this.playlist.current.media.id != data.id) {
if (this.playlist.current.media.id !== data.id ||
isNaN(+data.currentTime)) {
return;
}
this.playlist.current.media.currentTime = data.currentTime;
this.playlist.current.media.paused = data.paused;
this.playlist.current.media.currentTime = +data.currentTime;
this.playlist.current.media.paused = Boolean(data.paused);
this.sendAll("mediaUpdate", this.playlist.current.media.timeupdate());
}
@ -1928,6 +1932,10 @@ Channel.prototype.tryOpenPoll = function(user, data) {
return;
}
for (var i = 0; i < data.opts.length; i++) {
data.opts[i] = ""+data.opts[i];
}
var obscured = (data.obscured === true);
var poll = new Poll(user.name, data.title, data.opts, obscured);
this.poll = poll;
@ -2013,10 +2021,7 @@ Channel.prototype.trySetLock = function(user, data) {
return;
}
if(data.locked == undefined) {
return;
}
data.locked = Boolean(data.locked);
this.logger.log("*** " + user.name + " set playlist lock to " + data.locked);
this.setLock(data.locked);
}
@ -2036,6 +2041,11 @@ Channel.prototype.tryRemoveFilter = function(user, f) {
return;
}
// Don't care about the other parameters since we're just removing
if (typeof f.name !== "string") {
return;
}
this.logger.log("%%% " + user.name + " removed filter: " + f.name);
this.removeFilter(f);
}
@ -2079,6 +2089,14 @@ Channel.prototype.tryUpdateFilter = function(user, f) {
return;
}
if (f.replace.length > 1000) {
f.replace = f.replace.substring(0, 1000);
}
if (f.flags.length > 4) {
f.flags = f.flags.substring(0, 4);
}
var re = f.source;
var flags = f.flags;
// Temporary fix
@ -2304,7 +2322,10 @@ Channel.prototype.tryUpdateMotd = function(user, data) {
return;
}
data.motd = data.motd || "";
if (data.motd.length > 20000) {
data.motd = data.motd.substring(0, 20000);
}
this.updateMotd(data.motd);
this.logger.log("%%% " + user.name + " set the MOTD");
}
@ -2432,29 +2453,6 @@ Channel.prototype.sendMessage = function (user, msg, meta, filter) {
}
};
Channel.prototype.sendMessageOld = function(username, msg, msgclass, data) {
// I don't want HTML from strangers
msg = sanitize(msg).escape();
msg = this.filterMessage(msg);
var msgobj = {
username: username,
msg: msg,
msgclass: msgclass,
time: Date.now()
};
if(data) {
for(var key in data) {
msgobj[key] = data[key];
}
}
this.sendAll("chatMsg", msgobj);
this.chatbuffer.push(msgobj);
if(this.chatbuffer.length > 15)
this.chatbuffer.shift();
var unescaped = sanitize(msg).entityDecode();
this.logger.log("<" + username + "." + msgclass + "> " + unescaped);
};
/* REGION Rank stuff */
Channel.prototype.trySetRank = function(user, data) {

10
lib/poll.js
View File

@ -8,11 +8,19 @@ The above copyright notice and this permission notice shall be included in all c
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
const link = /(\w+:\/\/(?:[^:\/\[\]\s]+|\[[0-9a-f:]+\])(?::\d+)?(?:\/[^\/\s]*)*)/ig;
var XSS = require("./xss");
var Poll = function(initiator, title, options, obscured) {
this.initiator = initiator;
this.title = title;
title = XSS.sanitizeText(title);
this.title = title.replace(link, "<a href=\"$1\" target=\"_blank\">$1</a>");
this.options = options;
for (var i = 0; i < this.options.length; i++) {
this.options[i] = XSS.sanitizeText(this.options[i]);
this.options[i] = this.options[i].replace(link, "<a href=\"$1\" target=\"_blank\">$1</a>");
}
this.obscured = obscured || false;
this.counts = new Array(options.length);
for(var i = 0; i < this.counts.length; i++) {

48
lib/user.js
View File

@ -34,8 +34,6 @@ var User = function (socket) {
afk: false,
icon: false
};
this.throttle = {};
this.flooded = {};
this.queueLimiter = $util.newRateLimiter();
this.chatLimiter = $util.newRateLimiter();
this.profile = {
@ -59,38 +57,6 @@ User.prototype.inPendingChannel = function () {
return this.pendingChannel != null && !this.pendingChannel.dead;
};
// Throttling/cooldown
User.prototype.noflood = function (name, hz) {
var time = new Date().getTime();
if (!(name in this.throttle)) {
this.throttle[name] = [time];
return false;
} else if (name in this.flooded && time < this.flooded[name]) {
this.socket.emit("noflood", {
action: name,
msg: "You're still on cooldown!"
});
return true;
} else {
this.throttle[name].push(time);
var diff = (time - this.throttle[name][0]) / 1000.0;
// Twice might be an accident, more than that is probably spam
if (this.throttle[name].length > 2) {
var rate = this.throttle[name].length / diff;
this.throttle[name] = [time];
if (rate > hz) {
this.flooded[name] = time + 5000;
this.socket.emit("noflood", {
action: name,
msg: "Stop doing that so fast! Cooldown: 5s"
});
return true;
}
return false;
}
}
};
User.prototype.setAFK = function (afk) {
if (!this.inChannel())
return;
@ -149,8 +115,9 @@ User.prototype.initCallbacks = function () {
self.socket.on("joinChannel", function (data) {
data = (typeof data !== "object") ? {} : data;
if (self.inChannel() || self.inPendingChannel())
if (self.inChannel() || self.inPendingChannel()) {
return;
}
if (typeof data.name != "string") {
return;
}
@ -166,6 +133,7 @@ User.prototype.initCallbacks = function () {
self.pendingChannel = self.server.getChannel(data.name);
if (self.loggedIn) {
// TODO fix
// I'm not sure what I meant by "fix", but I suppose I'll find out soon
self.pendingChannel.getRank(self.name, function (err, rank) {
if (!err && rank > self.rank)
self.rank = rank;
@ -187,6 +155,8 @@ User.prototype.initCallbacks = function () {
var session = (typeof data.session === "string") ? data.session : "";
if (pw.length > 100)
pw = pw.substring(0, 100);
if (session.length > 64)
session = session.substring(0, 64);
if (self.loggedIn)
return;
@ -342,6 +312,10 @@ User.prototype.initCallbacks = function () {
if (typeof data.query !== "string") {
return;
}
// Soft limit to prevent someone from making a massive query
if (data.query.length > 255) {
data.query = data.query.substring(0, 255);
}
if (data.source === "yt") {
var searchfn = InfoGetter.Getters.ytSearch;
searchfn(data.query.split(" "), function (e, vids) {
@ -526,6 +500,10 @@ User.prototype.initCallbacks = function () {
if (typeof data.name !== "string") {
return;
}
// Soft limit to prevent someone from saving a list with a massive name
if (data.name.length > 200) {
data.name = data.name.substring(0, 200);
}
if (self.rank < 1) {
self.socket.emit("savePlaylist", {
success: false,

6
www/assets/js/callbacks.js
View File

@ -1100,7 +1100,7 @@ Callbacks = {
newPoll: function(data) {
Callbacks.closePoll();
var pollMsg = $("<div/>").addClass("poll-notify")
.text(data.initiator + " opened a poll: \"" + data.title + "\"")
.html(data.initiator + " opened a poll: \"" + data.title + "\"")
.appendTo($("#messagebuffer"));
scrollChat();
@ -1116,7 +1116,7 @@ Callbacks = {
});
}
$("<h3/>").text(data.title).appendTo(poll);
$("<h3/>").html(data.title).appendTo(poll);
for(var i = 0; i < data.options.length; i++) {
(function(i) {
var callback = function () {
@ -1129,7 +1129,7 @@ Callbacks = {
$(this).parent().addClass("option-selected");
}
$("<button/>").addClass("btn").text(data.counts[i])
.prependTo($("<div/>").addClass("option").text(data.options[i])
.prependTo($("<div/>").addClass("option").html(data.options[i])
.appendTo(poll))
.click(callback);
})(i);