Commit Graph

1162 Commits

Author SHA1 Message Date
Simon Ser
94dbfff11d Add max-user-networks config option 2021-10-07 20:43:10 +02:00
Simon Ser
9f021ba9a9 doc/soju.1: mention that accept-proxy-ip affects PROXY proto 2021-10-07 20:04:20 +02:00
Alex Karle
8951760733 chathistory: Fix truncated backlog due to timezones
Because msgstore_fs writes logs in localtime, the CHATHISTORY timestamps
(UTC) must be converted to localtime prior to filtering ranges ensure
the right range is sent back to the client.

Prior to this patch, the iteration back from the BEFORE time failed to
load the hours between midnight UTC and midnight localtime in each day's
logged messages. This is because the final time to be considered in a
day's log file (the "start" time) reuses the previous start time's
locale:

    start = time.Date(year, month, day, 0, 0, 0, 0, start.Location()).Add(-1)

By converting the original start and end from the CHATHISTORY commands
to localtime in Load*Time and ListTargets, we ensure we read through
midnight each day.
2021-10-07 11:57:42 +02:00
Simon Ser
1d56ef19e7 Add WHOIS reply for BouncerServ 2021-10-06 11:50:12 +02:00
Simon Ser
2814512da7 msgstore_fs: add limit on number of opened files 2021-10-06 11:41:39 +02:00
Simon Ser
e177977c30 Add DB stats 2021-10-05 19:31:06 +02:00
Simon Ser
5405923aa2 Add limit for RSA bits 2021-10-05 19:21:43 +02:00
Simon Ser
f93616fb41 Add "server status" command
Right now, it prints the number of active users and number of
downstream connections.
2021-10-05 19:13:53 +02:00
Simon Ser
0d2829c180 test: get rid of testUpstream
No need for this complexity.
2021-10-05 14:26:10 +02:00
Simon Ser
c672763068 test: add NOTICE broadcast 2021-10-05 14:14:31 +02:00
Simon Ser
74297d607b test: add upstream 2021-10-05 14:03:17 +02:00
Simon Ser
1626ffb97b Use isErrClosed in Server.Serve 2021-10-05 14:02:59 +02:00
Simon Ser
e4f22a8f40 Add basic server test 2021-10-05 12:11:40 +02:00
Simon Ser
410ba47277 Close DB on shutdown 2021-10-05 11:53:38 +02:00
Simon Ser
1b8d8d08c9 db_sqlite: fix realname not fetched in ListUsers
This fixes per-user realname not being used on bouncer startup.
2021-10-05 11:10:48 +02:00
Simon Ser
5bedcd24e2 Add support for IRCv3 WebSocket text subprotocol
Technically we aren't spec-compliant since we don't serve
binary.ircv3.net. Any complaints will be redirected to /dev/null.
2021-09-28 21:25:06 +02:00
Simon Ser
fce86b0f0d db_sqlite: switch to sql.Named
This allows us to avoid mixing up arguments.
2021-09-27 16:54:06 +02:00
Hubert Hirtz
6b9c99821a Fix DeliveryReceipt not being cleaned up 2021-09-21 18:19:05 +02:00
Simon Ser
872ed736b4 Workaround lack of net.ErrClosed in WebSocket library 2021-09-21 11:49:48 +02:00
Simon Ser
27ea855ea2 readme: add note to use system libsqlite3 2021-09-21 11:44:08 +02:00
Chris Smith
c607fd5a58 Set a higher timeout for proxyproto listeners
go-proxyproto added support for a read timeout in 0.6.0[1] and
defaulted it to 200ms. After this time if no data is read on
the socket, it is closed.

This is _really_ low if the underlying connection is a TLS
one as no data pops out the other end until the handshake is
done. It effectively limits you to TLS connections within
a 50ms RTT of your bouncer with clients that are fast enough
at responding.

It appears that HexChat on Arch is somehow slow enough at
TLS connections thant it consistently takes longer than
200ms even over localhost, meaning it outright can't connect
to soju any longer.

To make this a lot less painful, have soju pass in a read
timeout of 5 seconds. This feels like a reasonable tradeoff
between keeping (possibly malicious) connections open and
accepting the realities of network connections.

[1]: https://github.com/pires/go-proxyproto/issues/65
2021-09-19 17:00:40 +02:00
Hubert Hirtz
ba19d44cf9 msgstore_fs: escape "." and ".." 2021-09-19 16:55:12 +02:00
Hubert Hirtz
2554c92df7 Allow CAP negotiation to happen with CAP REQ
See https://ircv3.net/specs/extensions/capability-negotiation

> Upon receiving either a CAP LS or CAP REQ command during connection
> registration, the server MUST not complete registration until the
> client sends a CAP END command to indicate that capability negotiation
> has ended.

This commit should prevent soju from trying to authenticate the user
prior to having received AUTHENTICATE messages, when the client eagerly
requests capabilities with CAP REQ seeing available capabilities
beforehand with CAP LS.
2021-09-19 16:50:47 +02:00
Hubert Hirtz
bc83d3a3ba Use NULL-tolerant comparison for DeliveryReceipts
Since NULL = NULL is always FALSE, this query needs to use IS instead.
This should fix the flood of DeliveryReceipts in the DB.

See https://www.sqlite.org/lang_expr.html

> The IS and IS NOT operators work like = and != except when one or both
> of the operands are NULL. In this case, if both operands are NULL,
> then the IS operator evaluates to 1 (true) and the IS NOT operator
> evaluates to 0 (false). If one operand is NULL and the other is not,
> then the IS operator evaluates to 0 (false) and the IS NOT operator is
> 1 (true). It is not possible for an IS or IS NOT expression to
> evaluate to NULL.
2021-09-14 18:38:58 +02:00
Hubert Hirtz
4dce5a91c9 Explicitly close connection to SQLite on failed upgrade 2021-09-13 17:14:04 +02:00
Simon Ser
8adf65ade2 Upgrade dependencies 2021-09-13 14:23:33 +02:00
Simon Ser
0f2f4de275 Send empty history for service
Fixes error when fetching chat history for BouncerServ.
2021-09-13 11:36:25 +02:00
Simon Ser
fba1fdb31e Don't require upstream to be connected for CHATHISTORY
Closes: https://todo.sr.ht/~emersion/soju/127
2021-09-13 11:25:38 +02:00
Simon Ser
cd64a7ffda Split unmarshalEntity into two functions
Some command handlers need to unmarshal without requiring the
upstream to be connected.
2021-09-13 11:14:47 +02:00
Simon Ser
79b0fe5de5 Don't send network notification when removed
Closes: https://todo.sr.ht/~emersion/soju/123
2021-09-13 10:33:46 +02:00
Simon Ser
a4a9b7e934 go fmt: add go:build tags
This is the new style for build tags. The old +build format is
deprecated.
2021-09-09 10:07:37 +02:00
Rafael Castillo
d1181b3e7a Check for TLS config in wss listeners
Previously http.Server.ListenAndServeTLS would return a not very helpful
error about a failed open. This adds a check similar to the one in the
ircs case that should make it clearer to operators what the error is.
2021-09-09 10:06:31 +02:00
Simon Ser
c5d5259243 Pass-through CLIENTTAGDENY in ISUPPORT 2021-07-09 22:48:58 +02:00
Simon Ser
51df11a55f contrib/clients: sort alphabetically and wrap lines 2021-07-07 10:37:18 +02:00
delthas
9814901f56 contrib/clients: Mention Hexchat 2021-07-07 10:36:02 +02:00
delthas
896caebfcf service: Introduce network quote
This command enables sending a raw line to a specific network.
2021-07-07 10:34:46 +02:00
Hubert Hirtz
f4562a7534 Add a C compiler to the list of dependencies
It's needed to build sqlite3.
2021-07-07 10:32:16 +02:00
Alexey Yerin
12545c07ef service: show SHA-512 fingerprint
Closes: https://todo.sr.ht/~emersion/soju/130
2021-07-06 16:34:15 +02:00
Simon Ser
9f2e0595b7 ci: add gofmt check 2021-06-29 22:24:44 +02:00
Jake Nelson
fc841b0ba2 Sort channel status channels by name 2021-06-29 22:19:19 +02:00
Simon Ser
acde97ca37 Introduce user.updateUser
Unify updatePassword and updateRealname into a single function. This
allows "user update" to be atomic.
2021-06-28 18:05:03 +02:00
Simon Ser
00538e7028 doc/soju.1: improve "user create" docs 2021-06-28 16:55:49 +02:00
Simon Ser
09b04792b9 Merge "change-password" into "user update"
Add a -password flag to the "user update" command.
2021-06-28 16:55:44 +02:00
Simon Ser
f8e853fab1 Only update realname if specified in "user udpate"
This will allow adding more flags.
2021-06-28 16:40:49 +02:00
Simon Ser
a14f646135 Add per-user realname setting
This allows users to set a default realname used if the per-network
realname isn't set.

A new "user update" command is introduced and can be extended to edit
other user properties and other users in the future.
2021-06-25 20:33:13 +02:00
Simon Ser
9a53d4cd08 readme: list dependencies 2021-06-24 21:32:54 +02:00
Hubert Hirtz
a21585ac41 Hand-made word splitter for BouncerServ
Remove the (direct) dependency on shlex (go-scfg still depends on it).

Co-authored-by: Simon Ser <contact@emersion.fr>
2021-06-24 19:33:46 +02:00
Simon Ser
f3f864dddc Disallow '$' in nicks 2021-06-23 19:54:22 +02:00
Simon Ser
089608409e doc/soju.1: document bouncer-wide broadcasts 2021-06-23 19:30:47 +02:00
Simon Ser
d7b1c5a9a2 Allow admins to broadcast message to all bouncer users
Typically done via:

    /notice $<bouncer> <message>

Or, for a connection not bound to a specific network:

    /notice $* <message>

The message is broadcast as BouncerServ, because that's the only
user that can be trusted to belong to the bouncer by users. Any
other prefix would conflict with the upstream network.
2021-06-23 19:23:09 +02:00