Commit Graph

1070 Commits

Author SHA1 Message Date
Simon Ser
24cae474db Add support for PAM authentication 2023-01-30 11:55:43 +01:00
Simon Ser
ca2d666056 Auto-create users after external auth when enable-user-on-auth is on 2023-01-30 11:53:01 +01:00
Simon Ser
c79fc0c19e Add support for SASL OAUTHBEARER 2023-01-30 11:53:01 +01:00
Simon Ser
22a88079c2 Add support for external OAuth 2.0 authentication 2023-01-30 11:53:01 +01:00
Simon Ser
63ca247354 Add infrastructure for external authentication 2023-01-30 11:53:01 +01:00
Simon Ser
d67e59658d Use database.User.SetPassword in server tests 2023-01-30 11:20:27 +01:00
Simon Ser
979fb319fe service: add -disable-password
This can be used to disable password authentication for a user.
This is useful to prevent a disabled user account from being
auto-enabled when enable-user-on-auth is on.
2023-01-26 20:03:37 +01:00
Simon Ser
db49bc120f Add enable-user-on-auth config directive 2023-01-26 19:51:35 +01:00
Simon Ser
9df9880301 Add disable-inactive-user config option
This can be used to automatically disable users if they don't
actively use the bouncer for a while.
2023-01-26 19:42:29 +01:00
Simon Ser
57f5ee8d6f Add user downstream interaction time 2023-01-26 19:42:29 +01:00
Simon Ser
05d7813835 service: indicate which users are disabled in "user status" 2023-01-26 19:42:13 +01:00
Simon Ser
d7d9d45b45 Add a flag to disable users
Add a new flag to disable users. This can be useful to temporarily
deactivate an account without erasing data.

The user goroutine is kept alive for simplicity's sake. Most of the
infrastructure assumes that each user always has a running goroutine.
A disabled user's goroutine is responsible for sending back an error
to downstream connections, and listening for potential events to
re-enable the account.
2023-01-26 18:33:55 +01:00
Simon Ser
bbf234d441 user: take context in user.stop 2023-01-26 17:12:58 +01:00
Simon Ser
5a9dced249 database: store user creation date
This is useful to figure out which users were created recently.
2023-01-26 17:12:58 +01:00
Simon Ser
2abe231eef database/sqlite: introduce sqliteTime type
This implements sql.Scanner and sql/driver.Valuer, so that we can
load/store time values into SQLite with the format we want, and
properly handle NULL (which the go-sqlite3 package doesn't do
correctly).
2023-01-26 14:38:28 +01:00
Enterprisey
d74b66f240 contrib/clients: Warn about Hexchat password limit
Hexchat truncates passwords, so add a warning about that and a
workaround for Sourcehut users.
2023-01-25 00:06:40 +01:00
delthas
8b558e39b7 xirc: Fix sending hostnames starting with ':' in WHO replies
Some IPv6 hostnames can start with a colon (eg '::1'). This breaks
the IRC line format.

To work around this issue, prefix the hostname with a '0'. This
changes the representation of the IP but not its value.

References: https://todo.sr.ht/~taiite/senpai/109
Co-authored-by: Simon Ser <contact@emersion.fr>
2023-01-25 00:02:26 +01:00
delthas
959baa964f service: add user status
This lists all the users of the instances, along with the number
of networks they have.

Limited to 50 users to avoid flooding with thousands of messages
on large instances.
2023-01-18 16:24:12 +01:00
Simon Ser
1ad2ee7ef5 service: drop unnecessary admin check in handleUserRun
The command is marked as admin-only already.
2023-01-18 16:05:41 +01:00
Simon Ser
bdb470484f doc: add "user run" to man page 2023-01-18 16:04:54 +01:00
delthas
b29c9ef09a service: add user run
This enables to run commands as other users, like sudo.

This is useful for eg fixing a user networks on their behalf.
2023-01-18 15:12:33 +01:00
delthas
e7a06fe208 service: refactor downstreamConn to serviceContext
This will enable running service commands from other contexts.
2023-01-18 15:12:33 +01:00
Simon Ser
59dfa05d13 downstream: set empty CHANTYPES for bouncer connection 2023-01-16 16:46:46 +01:00
delthas
e71cdbf6e3 service: reject commands with unexpected arguments
This avoids issues where a user misstypes the following message:

     network update foobar enabled -false

This is obviously a typo of:

     network update foobar -enabled false

But we currently accept it without failing, and ignore the trailing
parameter "false".

This fixes this behavior by failing on unexpected arguments.
2023-01-15 16:52:37 +01:00
Simon Ser
6734c5f8f0 doc: document command parsing rules for the service 2023-01-09 18:31:19 +01:00
Simon Ser
bd4aee3f31 service: fix typo in network -cerfp flag name
Reported-by: rj1 <rj1@riseup.net>
Fixes: be185fba33 ("Implement TLS fingerprint pinning")
2022-12-18 17:55:31 +01:00
rj1
be185fba33 Implement TLS fingerprint pinning
Closes: https://todo.sr.ht/~emersion/soju/56
2022-12-16 17:44:14 +01:00
delthas
2604a14b7f Store only select TAGMSG types in message stores
We only want to store TAGMSG that should be persistent. +typing TAGMSG
should be dropped, but +react messages should be kept.

This introduces a whitelist for TAGMSG labels. We only store TAGMSG
having a least one tag in that whitelist.
2022-12-16 13:08:44 +01:00
Simon Ser
6ddfc943f5 service: send PART in channel delete 2022-12-08 16:04:01 +01:00
Simon Ser
0edf3a40c2 service: add channel delete command 2022-12-08 16:00:00 +01:00
Simon Ser
f44e922c42 downstream: use ERR_BADCHANMASK for invalid channel name
It's more appropriate than ERR_NOSUCHCHANNEL.
2022-12-08 15:27:02 +01:00
Simon Ser
6d64c164a7 downstream: check channel name validity on JOIN
Avoid storing garbage in the DB.
2022-12-08 15:25:39 +01:00
delthas
58ee475265 Avoid sending push notifications for all channel context messages
...Instead, send them only when their text content contains the user
nick, as if they were regular channel messages.
2022-12-01 18:18:04 +01:00
Simon Ser
ec2c0685dd Add WHO cache
This adds a new field to upstreams, members, which is a casemapped map
of upstream users known to the soju. The upstream users known to soju
are: self, any monitored user, and any user with whom we share a
channel.

The information stored for each upstream user corresponds to the info
that can be returned by a WHO/WHOX command.

We build the upstream user information both incrementally, capturing
information contained in JOIN and AWAY messages; and with the bulk user
information contained in WHO replies we receive.

This lets us build a user cache that can then be used to return
synthetic WHO responses to later WHO requests by downstreams.

This is useful because some networks (eg Libera) heavily throttle WHO
commands, and without this cache, any downstream connecting would send 1
WHO command per channel, so possibly more than a dozen WHO commands,
which soju then forwarded to the upstream as WHO commands.

With this cache most WHO commands can be cached and avoid sending
WHO commands to the upstream.

In order to cache the "flags" field, we synthetize the field from user
info we get from incremental messages: away status (H/G) and bot status
(B). This could result in incorrect values for proprietary user fields.
Support for the server-operator status (*) is also not supported.

Of note is that it is difficult to obtain a user "connected server"
field incrementally, so clients that want to maximize their WHO cache
hit ratio can use WHOX to only request fields they need, and in
particular not include the server field flag.

Co-authored-by: delthas <delthas@dille.cc>
2022-12-01 15:50:33 +01:00
delthas
ac578823dc Fix clearing webpush targets after any MARKREAD
Previously, we would clear webpush targets after any MARKREAD.

Consider the following scenario (ignore any typos, this is crafted by
hand):

    <<< @time=2020-01-01T00:00:00Z PRIVMSG #foo :hi mark!
    <<< @time=2020-01-02T00:00:00Z PRIVMSG #foo :hi again mark!
    >>> MARKREAD #foo timestamp=2020-01-01T00:00:00Z
    >>> MARKREAD #foo timestamp=2020-01-02T00:00:00Z

The push target was previously cleared on the first MARKREAD, which
means that the second MARKREAD was never broadcast to Firebase, and all
devices would keep the "hi again mark!" notification indefinitely.

This changes the webpush target map so that we store a timestamp of the
last highlight we sent. We only clear the push target when sending a
MARKREAD that is at or after the last message.
2022-11-28 17:55:19 +01:00
delthas
897c21dbb4 Truncate message times to the second when using the FS message store
The FS message store truncates message times to the second.

This means that a message sent out as 2020-01-01T00:00:00.123Z could be
sent later as part of a CHATHISTORY batch as 2020-01-01T00:00:00.000Z,
which could cause issues in clients.

One such issue is a client sending a MARKREAD for
2020-01-01T00:00:00.000Z, with another client considering the
2020-01-01T00:00:00.123Z message it has as unread.

This fixes the issue by truncating all message times to the second when
using the FS message store.
2022-11-28 17:54:13 +01:00
Sandra Snan
87b2d32682 Be more clear that -connect-command needs quotes 2022-11-28 15:10:39 +01:00
Simon Ser
330d5d794c Upgrade dependencies 2022-11-22 14:55:52 +01:00
Simon Ser
106d40dcd4 Upgrade to gopkg.in/irc.v4 2022-11-14 12:06:58 +01:00
Simon Ser
a0e9c10bc4 contrib/clients: reference read_marker.py for Weechat 2022-11-11 11:52:24 +01:00
Simon Ser
ea97b1a9bd Use ratified extended-monitor cap name for needAllDownstreamCaps
Fixes: 6ad3dcc396 ("Use ratified extended-monitor cap name")
2022-11-06 20:39:04 +01:00
Simon Ser
6ad3dcc396 Use ratified extended-monitor cap name
References: https://github.com/ircv3/ircv3-specifications/pull/508
2022-11-06 20:36:33 +01:00
Simon Ser
90be9a8ab9 downstream: stop sending HTTP OPTIONS request on WEBPUSH REGISTER
We were sending a test notification later anyways. Let's just do
that to check that the endpoint accepts our messages.
2022-09-30 12:20:07 +02:00
zsrv
926dcb37ac Make the auto-away functionality configurable 2022-09-26 19:52:07 +02:00
Łukasz Margiela
d605d64d1d Add build tag for modernc/sqlite driver 2022-09-26 19:31:43 +02:00
Simon Ser
c3ab11de4e downstream: drop downstreamConn.unmarshalEntity{,Network} 2022-09-26 16:57:05 +02:00
Simon Ser
dde4ee9518 config: drop multi-upstream-mode 2022-09-26 16:57:05 +02:00
Simon Ser
085f5c17a4 doc: drop multi-upstream mode bits 2022-09-26 16:57:05 +02:00
Simon Ser
f646dc9ff2 irc: drop needMarshaling from applyChannelModes return values
Not used anymore.
2022-09-26 16:57:05 +02:00
Simon Ser
a02a06de0d upstream: use forEachDownstreamByID to forward RPL_AWAY
It's a reply to a command. If possible, avoid broadcasting it to
all connected clients.
2022-09-26 16:57:05 +02:00