2016-07-19 01:35:02 +00:00
|
|
|
"use strict";
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
var _ = require("lodash");
|
2016-06-12 01:44:28 +00:00
|
|
|
var pkg = require("../package.json");
|
2014-08-14 16:35:37 +00:00
|
|
|
var Client = require("./client");
|
|
|
|
|
var ClientManager = require("./clientManager");
|
2014-09-26 22:12:53 +00:00
|
|
|
var express = require("express");
|
2014-08-14 16:35:37 +00:00
|
|
|
var fs = require("fs");
|
|
|
|
|
var io = require("socket.io");
|
2016-04-03 05:12:49 +00:00
|
|
|
var dns = require("dns");
|
2014-09-13 12:23:17 +00:00
|
|
|
var Helper = require("./helper");
|
2016-07-30 01:20:38 +00:00
|
|
|
var ldap = require("ldapjs");
|
2014-08-14 16:35:37 +00:00
|
|
|
|
2016-04-26 20:41:08 +00:00
|
|
|
var manager = null;
|
2016-07-30 01:20:38 +00:00
|
|
|
var authFunction = localAuth;
|
2014-08-14 16:35:37 +00:00
|
|
|
|
2016-06-08 09:26:24 +00:00
|
|
|
module.exports = function() {
|
2016-04-26 20:41:08 +00:00
|
|
|
manager = new ClientManager();
|
2014-08-14 16:35:37 +00:00
|
|
|
|
2014-09-26 22:12:53 +00:00
|
|
|
var app = express()
|
2016-05-01 17:27:10 +00:00
|
|
|
.use(allRequests)
|
2014-08-14 16:35:37 +00:00
|
|
|
.use(index)
|
2014-10-03 23:33:44 +00:00
|
|
|
.use(express.static("client"));
|
2014-11-01 20:06:01 +00:00
|
|
|
|
2016-06-08 09:26:24 +00:00
|
|
|
var config = Helper.config;
|
2014-09-26 23:26:21 +00:00
|
|
|
var server = null;
|
|
|
|
|
|
2016-07-30 01:20:38 +00:00
|
|
|
if (config.public && (config.ldap || {}).enable) {
|
2016-08-10 06:14:09 +00:00
|
|
|
log.warn("Server is public and set to use LDAP. Set to private mode if trying to use LDAP authentication.");
|
2016-07-30 01:20:38 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-08 09:26:24 +00:00
|
|
|
if (!config.https.enable) {
|
2014-09-26 23:26:21 +00:00
|
|
|
server = require("http");
|
2016-06-08 09:26:24 +00:00
|
|
|
server = server.createServer(app).listen(config.port, config.host);
|
2014-09-26 23:26:21 +00:00
|
|
|
} else {
|
2016-03-09 12:04:05 +00:00
|
|
|
server = require("spdy");
|
2016-10-04 22:35:04 +00:00
|
|
|
const keyPath = Helper.expandHome(config.https.key);
|
|
|
|
|
const certPath = Helper.expandHome(config.https.certificate);
|
|
|
|
|
if (!config.https.key.length || !fs.existsSync(keyPath)) {
|
|
|
|
|
log.error("Path to SSL key is invalid. Stopping server...");
|
|
|
|
|
process.exit();
|
|
|
|
|
}
|
|
|
|
|
if (!config.https.certificate.length || !fs.existsSync(certPath)) {
|
|
|
|
|
log.error("Path to SSL certificate is invalid. Stopping server...");
|
|
|
|
|
process.exit();
|
|
|
|
|
}
|
2014-09-26 23:26:21 +00:00
|
|
|
server = server.createServer({
|
2016-10-04 22:35:04 +00:00
|
|
|
key: fs.readFileSync(keyPath),
|
|
|
|
|
cert: fs.readFileSync(certPath)
|
2016-06-08 09:26:24 +00:00
|
|
|
}, app).listen(config.port, config.host);
|
2014-09-26 23:26:21 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-08 09:26:24 +00:00
|
|
|
if (config.identd.enable) {
|
2016-04-26 20:53:29 +00:00
|
|
|
if (manager.identHandler) {
|
|
|
|
|
log.warn("Using both identd and oidentd at the same time!");
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-11 17:33:28 +00:00
|
|
|
require("./identd").start(config.identd.port);
|
2014-10-11 10:09:27 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-10 06:14:09 +00:00
|
|
|
if (!config.public && (config.ldap || {}).enable) {
|
2016-07-30 01:20:38 +00:00
|
|
|
authFunction = ldapAuth;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-29 01:19:11 +00:00
|
|
|
var sockets = io(server, {
|
2016-06-08 09:26:24 +00:00
|
|
|
transports: config.transports
|
2014-11-01 20:06:01 +00:00
|
|
|
});
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
sockets.on("connect", function(socket) {
|
|
|
|
|
if (config.public) {
|
|
|
|
|
auth.call(socket);
|
|
|
|
|
} else {
|
|
|
|
|
init(socket);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2014-09-24 22:23:54 +00:00
|
|
|
manager.sockets = sockets;
|
|
|
|
|
|
2016-11-15 14:21:34 +00:00
|
|
|
const protocol = config.https.enable ? "https" : "http";
|
|
|
|
|
const host = config.host || "*";
|
2016-09-05 12:37:27 +00:00
|
|
|
log.info("The Lounge", Helper.getVersion(), "is now running");
|
2016-11-15 14:21:34 +00:00
|
|
|
log.info(`Configuration file: ${Helper.CONFIG_PATH}`);
|
2016-09-05 12:37:27 +00:00
|
|
|
log.info(`Available on: ${protocol}://${host}:${config.port}/ in ${config.public ? "public" : "private"} mode`);
|
2016-04-26 10:51:11 +00:00
|
|
|
log.info("Press ctrl-c to stop\n");
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
if (!config.public) {
|
2014-09-24 22:23:54 +00:00
|
|
|
manager.loadUsers();
|
|
|
|
|
if (config.autoload) {
|
|
|
|
|
manager.autoload();
|
|
|
|
|
}
|
2014-08-14 16:35:37 +00:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2016-04-03 05:12:49 +00:00
|
|
|
function getClientIp(req) {
|
2016-07-31 00:54:09 +00:00
|
|
|
var ip;
|
|
|
|
|
|
2016-06-08 09:26:24 +00:00
|
|
|
if (!Helper.config.reverseProxy) {
|
2016-07-31 00:54:09 +00:00
|
|
|
ip = req.connection.remoteAddress;
|
2016-04-03 05:12:49 +00:00
|
|
|
} else {
|
2016-07-31 00:54:09 +00:00
|
|
|
ip = req.headers["x-forwarded-for"] || req.connection.remoteAddress;
|
2016-04-03 05:12:49 +00:00
|
|
|
}
|
2016-07-31 00:54:09 +00:00
|
|
|
|
|
|
|
|
return ip.replace(/^::ffff:/, "");
|
2016-04-03 05:12:49 +00:00
|
|
|
}
|
|
|
|
|
|
2016-05-01 17:27:10 +00:00
|
|
|
function allRequests(req, res, next) {
|
|
|
|
|
res.setHeader("X-Content-Type-Options", "nosniff");
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
function index(req, res, next) {
|
2016-05-01 09:41:17 +00:00
|
|
|
if (req.url.split("?")[0] !== "/") {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
return fs.readFile("client/index.html", "utf-8", function(err, file) {
|
2016-10-09 08:54:44 +00:00
|
|
|
if (err) {
|
|
|
|
|
throw err;
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
var data = _.merge(
|
2016-06-12 01:44:28 +00:00
|
|
|
pkg,
|
2016-06-08 09:26:24 +00:00
|
|
|
Helper.config
|
2014-08-14 16:35:37 +00:00
|
|
|
);
|
2016-09-05 12:37:27 +00:00
|
|
|
data.gitCommit = Helper.getGitCommit();
|
2016-10-09 08:54:44 +00:00
|
|
|
data.themes = fs.readdirSync("client/themes/").filter(function(themeFile) {
|
|
|
|
|
return themeFile.endsWith(".css");
|
2016-08-17 05:52:29 +00:00
|
|
|
}).map(function(css) {
|
|
|
|
|
return css.slice(0, -4);
|
|
|
|
|
});
|
2016-02-14 17:09:51 +00:00
|
|
|
var template = _.template(file);
|
2016-10-09 09:29:17 +00:00
|
|
|
res.setHeader("Content-Security-Policy", "default-src *; connect-src 'self' ws: wss:; style-src * 'unsafe-inline'; script-src 'self'; child-src 'self'; object-src 'none'; form-action 'none'; referrer no-referrer;");
|
2014-09-13 04:54:17 +00:00
|
|
|
res.setHeader("Content-Type", "text/html");
|
|
|
|
|
res.writeHead(200);
|
2016-02-14 17:09:51 +00:00
|
|
|
res.end(template(data));
|
2014-08-14 16:35:37 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-31 21:28:31 +00:00
|
|
|
function init(socket, client) {
|
2014-08-14 16:35:37 +00:00
|
|
|
if (!client) {
|
2016-05-31 21:02:10 +00:00
|
|
|
socket.emit("auth", {success: true});
|
2014-08-14 16:35:37 +00:00
|
|
|
socket.on("auth", auth);
|
|
|
|
|
} else {
|
2016-09-25 06:52:16 +00:00
|
|
|
socket.emit("authorized");
|
|
|
|
|
|
2016-09-25 06:41:10 +00:00
|
|
|
socket.on("disconnect", function() {
|
|
|
|
|
client.clientDetach(socket.id);
|
|
|
|
|
});
|
|
|
|
|
client.clientAttach(socket.id);
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
socket.on(
|
|
|
|
|
"input",
|
|
|
|
|
function(data) {
|
2014-09-09 19:31:23 +00:00
|
|
|
client.input(data);
|
2014-08-14 16:35:37 +00:00
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
socket.on(
|
2014-09-10 19:23:56 +00:00
|
|
|
"more",
|
2014-08-14 16:35:37 +00:00
|
|
|
function(data) {
|
2014-09-10 19:23:56 +00:00
|
|
|
client.more(data);
|
2014-08-14 16:35:37 +00:00
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
socket.on(
|
|
|
|
|
"conn",
|
|
|
|
|
function(data) {
|
2016-04-03 05:12:49 +00:00
|
|
|
// prevent people from overriding webirc settings
|
|
|
|
|
data.ip = null;
|
|
|
|
|
data.hostname = null;
|
2014-08-14 16:35:37 +00:00
|
|
|
client.connect(data);
|
|
|
|
|
}
|
|
|
|
|
);
|
2016-07-30 01:20:38 +00:00
|
|
|
if (!Helper.config.public && !Helper.config.ldap.enable) {
|
2016-02-17 00:14:43 +00:00
|
|
|
socket.on(
|
|
|
|
|
"change-password",
|
|
|
|
|
function(data) {
|
|
|
|
|
var old = data.old_password;
|
|
|
|
|
var p1 = data.new_password;
|
|
|
|
|
var p2 = data.verify_password;
|
|
|
|
|
if (typeof p1 === "undefined" || p1 === "") {
|
|
|
|
|
socket.emit("change-password", {
|
|
|
|
|
error: "Please enter a new password"
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (p1 !== p2) {
|
|
|
|
|
socket.emit("change-password", {
|
|
|
|
|
error: "Both new password fields must match"
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
2016-10-21 19:00:43 +00:00
|
|
|
if (!Helper.password.compare(old || "", client.config.password)) {
|
2016-02-17 00:14:43 +00:00
|
|
|
socket.emit("change-password", {
|
|
|
|
|
error: "The current password field does not match your account password"
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
2016-05-31 21:28:31 +00:00
|
|
|
|
2016-10-21 19:00:43 +00:00
|
|
|
var hash = Helper.password.hash(p1);
|
2016-05-31 21:28:31 +00:00
|
|
|
|
|
|
|
|
client.setPassword(hash, function(success) {
|
|
|
|
|
var obj = {};
|
|
|
|
|
|
|
|
|
|
if (success) {
|
|
|
|
|
obj.success = "Successfully updated your password, all your other sessions were logged out";
|
|
|
|
|
obj.token = client.config.token;
|
|
|
|
|
} else {
|
|
|
|
|
obj.error = "Failed to update your password";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
socket.emit("change-password", obj);
|
2016-02-17 00:14:43 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
2014-09-21 16:46:43 +00:00
|
|
|
socket.on(
|
|
|
|
|
"open",
|
|
|
|
|
function(data) {
|
2016-09-25 06:41:10 +00:00
|
|
|
client.open(socket.id, data);
|
2014-09-21 16:46:43 +00:00
|
|
|
}
|
2014-09-24 19:42:36 +00:00
|
|
|
);
|
|
|
|
|
socket.on(
|
|
|
|
|
"sort",
|
|
|
|
|
function(data) {
|
|
|
|
|
client.sort(data);
|
|
|
|
|
}
|
|
|
|
|
);
|
2016-02-17 02:29:44 +00:00
|
|
|
socket.on(
|
|
|
|
|
"names",
|
|
|
|
|
function(data) {
|
|
|
|
|
client.names(data);
|
|
|
|
|
}
|
|
|
|
|
);
|
2014-08-14 16:35:37 +00:00
|
|
|
socket.join(client.id);
|
|
|
|
|
socket.emit("init", {
|
2016-09-25 06:41:10 +00:00
|
|
|
active: client.lastActiveChannel,
|
2014-09-15 21:13:03 +00:00
|
|
|
networks: client.networks,
|
2016-06-30 13:06:07 +00:00
|
|
|
token: client.config.token || null
|
2014-08-14 16:35:37 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-31 21:28:31 +00:00
|
|
|
function reverseDnsLookup(socket, client) {
|
2016-04-03 05:12:49 +00:00
|
|
|
client.ip = getClientIp(socket.request);
|
|
|
|
|
|
|
|
|
|
dns.reverse(client.ip, function(err, host) {
|
|
|
|
|
if (!err && host.length) {
|
|
|
|
|
client.hostname = host[0];
|
|
|
|
|
} else {
|
|
|
|
|
client.hostname = client.ip;
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-31 21:28:31 +00:00
|
|
|
init(socket, client);
|
2016-04-03 05:12:49 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-30 01:20:38 +00:00
|
|
|
function localAuth(client, user, password, callback) {
|
2016-10-21 19:00:43 +00:00
|
|
|
if (!client || !password) {
|
|
|
|
|
return callback(false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!client.config.password) {
|
|
|
|
|
log.error("User", user, "with no local password set tried to sign in. (Probably a LDAP user)");
|
|
|
|
|
return callback(false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var result = Helper.password.compare(password, client.config.password);
|
|
|
|
|
|
|
|
|
|
if (result && Helper.password.requiresUpdate(client.config.password)) {
|
|
|
|
|
var hash = Helper.password.hash(password);
|
|
|
|
|
|
|
|
|
|
client.setPassword(hash, function(success) {
|
|
|
|
|
if (!success) {
|
|
|
|
|
log.error("Failed to update password of", client.name, "to match new security requirements");
|
|
|
|
|
} else {
|
|
|
|
|
log.info("User", client.name, "logged in and their hashed password has been updated to match new security requirements");
|
|
|
|
|
}
|
|
|
|
|
});
|
2016-07-30 01:20:38 +00:00
|
|
|
}
|
2016-10-21 19:00:43 +00:00
|
|
|
|
|
|
|
|
return callback(result);
|
2016-07-30 01:20:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function ldapAuth(client, user, password, callback) {
|
|
|
|
|
var userDN = user.replace(/([,\\\/#+<>;"= ])/g, "\\$1");
|
|
|
|
|
var bindDN = Helper.config.ldap.primaryKey + "=" + userDN + "," + Helper.config.ldap.baseDN;
|
|
|
|
|
|
2016-10-16 06:47:30 +00:00
|
|
|
var ldapclient = ldap.createClient({
|
|
|
|
|
url: Helper.config.ldap.url
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
ldapclient.on("error", function(err) {
|
|
|
|
|
log.error("Unable to connect to LDAP server", err);
|
|
|
|
|
callback(!err);
|
|
|
|
|
});
|
|
|
|
|
|
2016-07-30 01:20:38 +00:00
|
|
|
ldapclient.bind(bindDN, password, function(err) {
|
|
|
|
|
if (!err && !client) {
|
|
|
|
|
if (!manager.addUser(user, null)) {
|
2016-08-10 06:14:09 +00:00
|
|
|
log.error("Unable to create new user", user);
|
2016-07-30 01:20:38 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-10-16 06:47:30 +00:00
|
|
|
ldapclient.unbind();
|
2016-07-30 01:20:38 +00:00
|
|
|
callback(!err);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
function auth(data) {
|
|
|
|
|
var socket = this;
|
2016-07-30 01:20:38 +00:00
|
|
|
var client;
|
2016-06-08 09:26:24 +00:00
|
|
|
if (Helper.config.public) {
|
2016-07-30 01:20:38 +00:00
|
|
|
client = new Client(manager);
|
2014-08-14 16:35:37 +00:00
|
|
|
manager.clients.push(client);
|
|
|
|
|
socket.on("disconnect", function() {
|
|
|
|
|
manager.clients = _.without(manager.clients, client);
|
|
|
|
|
client.quit();
|
|
|
|
|
});
|
2016-06-08 09:26:24 +00:00
|
|
|
if (Helper.config.webirc) {
|
2016-04-03 05:12:49 +00:00
|
|
|
reverseDnsLookup(socket, client);
|
|
|
|
|
} else {
|
|
|
|
|
init(socket, client);
|
|
|
|
|
}
|
2014-08-14 16:35:37 +00:00
|
|
|
} else {
|
2016-07-30 01:20:38 +00:00
|
|
|
client = manager.findClient(data.user, data.token);
|
2016-08-18 04:02:40 +00:00
|
|
|
var signedIn = data.token && client && data.token === client.config.token;
|
2016-07-30 01:20:38 +00:00
|
|
|
var token;
|
|
|
|
|
|
2016-08-18 04:02:40 +00:00
|
|
|
if (client && (data.remember || data.token)) {
|
2016-08-10 06:26:47 +00:00
|
|
|
token = client.config.token;
|
2016-07-30 01:20:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var authCallback = function(success) {
|
2014-09-15 21:13:03 +00:00
|
|
|
if (success) {
|
2016-07-30 01:20:38 +00:00
|
|
|
if (!client) {
|
|
|
|
|
// LDAP just created a user
|
|
|
|
|
manager.loadUser(data.user);
|
|
|
|
|
client = manager.findClient(data.user);
|
|
|
|
|
}
|
2016-10-09 08:54:44 +00:00
|
|
|
if (Helper.config.webirc !== null && !client.config.ip) {
|
2016-05-31 21:28:31 +00:00
|
|
|
reverseDnsLookup(socket, client);
|
2016-04-03 05:12:49 +00:00
|
|
|
} else {
|
2016-07-30 01:20:38 +00:00
|
|
|
init(socket, client, token);
|
2016-04-03 05:12:49 +00:00
|
|
|
}
|
2016-07-30 01:20:38 +00:00
|
|
|
} else {
|
|
|
|
|
socket.emit("auth", {success: success});
|
2014-09-15 21:13:03 +00:00
|
|
|
}
|
2016-07-30 01:20:38 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (signedIn) {
|
|
|
|
|
authCallback(true);
|
|
|
|
|
} else {
|
|
|
|
|
authFunction(client, data.user, data.password, authCallback);
|
2014-08-14 16:35:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
