mad_chatter 0.1.3 → 0.2.0

data/CHANGELOG.txt

@@ -1,6 +1,13 @@
 Mad Chatter
 
-Version 0.1.1
+Version 0.2.0
+ - Added a '/clear' command to client-side javascript to be able to clear all chat messages
+ - Fixed HTML injection vulnerability by adding markdown parsing and escaping all incoming html
+ - Created a MacRuby application as a GUI wrapper (still need to add a link to the github repo)
+ - Disabled extensions directory for now since example is no longer working.
+ - Finally added /youtube example mentioned in the readme
+
+Version 0.1.1-3
  - Added a 'preview' command to CLI to run both a web server and web socket server
  - Fixed bug where user leaving chatroom didn't notify other users
 

data/Gemfile.lock

@@ -1,9 +1,10 @@
 PATH
   remote: .
   specs:
-    mad_chatter (0.1.1)
+    mad_chatter (0.2.0)
       em-websocket
       eventmachine
+      redcarpet
       thor
 
 GEM
@@ -11,10 +12,11 @@ GEM
   specs:
     addressable (2.2.6)
     diff-lcs (1.1.3)
-    em-websocket (0.3.5)
+    em-websocket (0.3.6)
       addressable (>= 2.1.1)
       eventmachine (>= 0.12.9)
     eventmachine (0.12.10)
+    redcarpet (2.0.1)
     rspec (2.7.0)
       rspec-core (~> 2.7.0)
       rspec-expectations (~> 2.7.0)

data/README.md

@@ -16,7 +16,7 @@ This command will generate the following structure:
 
     mychatroom/
         config.rb
-        extensions/
+        extensions.rb
         web/
             index.html
             javascript.js
@@ -58,7 +58,7 @@ If you want to customize the html/css of your chatroom, you'll find them in the
 
 There is an example config file that shows a few examples of things you can customize.
 
-The extensions directory is for you to create your own chat actions. You can add your custom extensions by specifying them in the config file.
+The extensions.rb file is for you to create your own chat extensions. You will find an example in that file.
 
 
 ##Contributing

data/TODO.txt

@@ -1,5 +1,10 @@
 Goal: to become an open-source version of https://www.hipchat.com/
 
 TODO:
-Fix 'leave chatroom' functionality
-Fix 'HTML injection' security vulnerability
+
+	FEATURES:
+		...
+
+	BUGS:
+		...
+

data/bin/mad_chatter

@@ -15,11 +15,10 @@ module MadChatter
     def new(name)
       copy_file "templates/config.yml", "#{name}/config.yml"
       copy_file "templates/extensions.rb", "#{name}/extensions.rb"
-      empty_directory "#{name}/extensions"
+      # empty_directory "#{name}/extensions"
       copy_file "templates/web/index.html", "#{name}/web/index.html"
       copy_file "templates/web/javascript.js", "#{name}/web/javascript.js"
-      copy_file "templates/web/stylesheets/reset.css", "#{name}/web/stylesheets/reset.css"
-      copy_file "templates/web/stylesheets/styles.css", "#{name}/web/stylesheets/styles.css"
+      copy_file "templates/web/styles.css", "#{name}/web/styles.css"
     end
     
     desc 'preview', 'Starts both a web server and the Mad Chatter chat server'

data/lib/mad_chatter/config.rb

@@ -39,9 +39,9 @@ module MadChatter
           MadChatter::Extensions.load_simple_extensions(file_contents)
         end
         
-        Dir[Dir.pwd + '/extensions/*.rb'].each do |file|
-          require file
-        end
+        # Dir[Dir.pwd + '/extensions/*.rb'].each do |file|
+        #   require file
+        # end
       end
       
     end

data/lib/mad_chatter/server.rb

@@ -52,7 +52,7 @@ module MadChatter
     def message_received(json)
       msg = JSON.parse(json)
       username = MadChatter::Users.find_username_by_token(msg['token'])
-      message = MadChatter::Message.new(msg['type'], msg['message'], msg['token'], username)
+      message = MadChatter::Message.new(msg['type'], filter_message(msg['message']), msg['token'], username)
       
       if message.token.nil?
         return # Token is required to send messages
@@ -78,6 +78,19 @@ module MadChatter
       end
     end
     
+    def filter_message(text)
+      @markdown ||= Redcarpet::Markdown.new(
+        Redcarpet::Render::HTML.new(
+          :filter_html => true, 
+          :hard_wrap => true
+        ), 
+        :autolink => true, 
+        :no_intra_emphasis => true
+      )
+      filtered_text = @markdown.render(text)
+      filtered_text = /^<p>(.*)<\/p>$/.match(filtered_text)[1] # remove the <p> tags that markdown wraps by default
+    end
+    
     def self.send_json(json)
       MadChatter::Server.main_channel.push(json)
     end

data/lib/mad_chatter/version.rb

@@ -1,5 +1,5 @@
 module MadChatter
   
-  VERSION = '0.1.3'
+  VERSION = '0.2.0'
 
 end

data/lib/mad_chatter.rb

@@ -2,6 +2,7 @@ lib_dir = File.expand_path('..', __FILE__)
 $:.unshift( lib_dir ) unless $:.include?( lib_dir )
 
 require 'eventmachine'
+require 'redcarpet'
 require 'yaml'
 require 'json'
 require 'digest/sha1'

data/mad_chatter.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "thor"
   s.add_runtime_dependency "eventmachine"
   s.add_runtime_dependency "em-websocket"
-  # s.add_runtime_dependency "sinatra"
+  s.add_runtime_dependency "redcarpet"
   
   s.add_development_dependency "rspec"
   s.add_development_dependency "shoulda"

data/templates/extensions/example.rb

@@ -1,5 +1,6 @@
+# I dont think this works anymore
+
 class Example
-  
   # include MadChatter::Extension
   
   def handle(message)

data/templates/extensions.rb

@@ -7,7 +7,12 @@
 #
 # Example:
 #
-#   on_message /hey andrew: (.+)/ do |msg|
+#   on_message /hey andrew: (.+)/ do |regex_capture|
 #     send_status_message 'Someone is talking to andrew'
 #   end
-#
+#
+
+on_message %r{/youtube http://youtu.be/(.*)} do |youtube_id|
+  send_message "<iframe width='560' height='315' src='http://www.youtube.com/embed/#{youtube_id}' frameborder='0' allowfullscreen></iframe>"
+  stop_message_handling
+end

data/templates/web/index.html

@@ -2,8 +2,7 @@
 <html>
   <head>
 	<title>Mad Chatter</title>
-	<link rel="stylesheet" href="stylesheets/reset.css">
-	<link rel="stylesheet" href="stylesheets/styles.css">
+	<link rel="stylesheet" href="styles.css">
     <script src='http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js'></script>
 	<script src='http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.min.js'></script>
 	<script src='javascript.js'></script>

data/templates/web/javascript.js

@@ -1,15 +1,3 @@
-function get_current_time(){
-	var time = new Date();
-	var hours = time.getHours();
-	var minutes = time.getMinutes();
-	var ampm = 'am';
-	if (hours > 11) { ampm = 'pm'; }
-	if (minutes < 10) { minutes = "0" + minutes; }
-	if (hours == 0) { hours = 12; }
-	if (hours > 12) { hours = hours - 12; }
-	return hours + ':' + minutes + ampm;
-}
-
 var MadChatter = {
 	
 	init: function(ws_host){
@@ -52,7 +40,7 @@ var MadChatter = {
 		var keyboard = $("#keyboard input");
 	    keyboard.keyup(function (event) {
 	      if (event.keyCode == 13) { // The enter key.
-			MadChatter.send_message(keyboard.val());
+					MadChatter.send_message(keyboard.val());
 	        keyboard.val('');
 	      }
 	    });
@@ -109,11 +97,11 @@ var MadChatter = {
 	},
 			
 	display_status: function(message){
-		$("#messages").append("<p class='status'>" + message + "<time>" + get_current_time() + "</time></p>");
+		$("#messages").append("<p class='status'>" + message + "<time>" + MadChatter.get_current_time() + "</time></p>");
 	},
 	
 	display_message: function(username, message){
-		$("#messages").append("<p class='message'><span class='username'>" + username + ":</span> " + message + "<time>" + get_current_time() + "</time></p>");
+		$("#messages").append("<p class='message'><span class='username'>" + username + ":</span> " + message + "<time>" + MadChatter.get_current_time() + "</time></p>");
 	},
 	
 	scroll_to_bottom_of_chat: function(){
@@ -121,11 +109,31 @@ var MadChatter = {
 	},
 	
 	send_message: function(message){
-		MadChatter.send_json('message', message);
+		if (message == '/clear') {
+			MadChatter.clear_messages();
+		} else {
+			MadChatter.send_json('message', message);
+		}
 	},
 	
 	send_json: function(type, msg){
 		var json = { type: type, token: MadChatter.client_token, message: msg };
 		MadChatter.ws.send(JSON.stringify(json));
+	},
+	
+	clear_messages: function(){
+		$('#messages').empty();
+	},
+	
+	get_current_time: function(){
+		var time = new Date();
+		var hours = time.getHours();
+		var minutes = time.getMinutes();
+		var ampm = 'am';
+		if (hours > 11) { ampm = 'pm'; }
+		if (minutes < 10) { minutes = "0" + minutes; }
+		if (hours == 0) { hours = 12; }
+		if (hours > 12) { hours = hours - 12; }
+		return hours + ':' + minutes + ampm;
 	}
 };

data/templates/web/{stylesheets/styles.css → styles.css}

@@ -1,3 +1,57 @@
+/*
+ * CSS Reset Styles
+ * http://meyerweb.com/eric/tools/css/reset/ 
+ * v2.0 | 20110126
+ * License: none (public domain)
+ */
+html, body, div, span, applet, object, iframe,
+h1, h2, h3, h4, h5, h6, p, blockquote, pre,
+a, abbr, acronym, address, big, cite, code,
+del, dfn, em, img, ins, kbd, q, s, samp,
+small, strike, strong, sub, sup, tt, var,
+b, u, i, center,
+dl, dt, dd, ol, ul, li,
+fieldset, form, label, legend,
+table, caption, tbody, tfoot, thead, tr, th, td,
+article, aside, canvas, details, embed, 
+figure, figcaption, footer, header, hgroup, 
+menu, nav, output, ruby, section, summary,
+time, mark, audio, video {
+	margin: 0;
+	padding: 0;
+	border: 0;
+	font-size: 100%;
+	font: inherit;
+	vertical-align: baseline;
+}
+/* HTML5 display-role reset for older browsers */
+article, aside, details, figcaption, figure, 
+footer, header, hgroup, menu, nav, section {
+	display: block;
+}
+body {
+	line-height: 1;
+}
+ol, ul {
+	list-style: none;
+}
+blockquote, q {
+	quotes: none;
+}
+blockquote:before, blockquote:after,
+q:before, q:after {
+	content: '';
+	content: none;
+}
+table {
+	border-collapse: collapse;
+	border-spacing: 0;
+}
+
+/*
+ * Mad Chatter Styles
+ */
+
 #login_screen header {
 	padding: 150px 0 20px;
 	color: #fff;
@@ -70,8 +124,7 @@
 	color: #999;
 }
 
-#keyboard{
-/*	position:absolute;*/
+#keyboard {
 	bottom:0;
 	left:220px;
 	width:400%;
@@ -101,4 +154,12 @@
 * html div#messages{
 	height:100%;
 	overflow:auto;
+}
+
+/* Message Markdown Styles */
+.message pre, .message code {
+	font: 12px 'Bitstream Vera Sans Mono','Courier',monospace;
+	padding: 0!important;
+	background-color: #EEE!important;
+	border: 1px solid #DDD;
 }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mad_chatter
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-12-22 00:00:00.000000000 Z
+date: 2012-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
-  requirement: &2153285260 !ruby/object:Gem::Requirement
+  requirement: &2169116300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2153285260
+  version_requirements: *2169116300
 - !ruby/object:Gem::Dependency
   name: eventmachine
-  requirement: &2153284840 !ruby/object:Gem::Requirement
+  requirement: &2156007600 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2153284840
+  version_requirements: *2156007600
 - !ruby/object:Gem::Dependency
   name: em-websocket
-  requirement: &2153284420 !ruby/object:Gem::Requirement
+  requirement: &2156002260 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,21 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2153284420
+  version_requirements: *2156002260
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: &2164626100 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *2164626100
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2153284000 !ruby/object:Gem::Requirement
+  requirement: &2164625680 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,10 +65,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2153284000
+  version_requirements: *2164625680
 - !ruby/object:Gem::Dependency
   name: shoulda
-  requirement: &2153283580 !ruby/object:Gem::Requirement
+  requirement: &2164625260 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,7 +76,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2153283580
+  version_requirements: *2164625260
 description: Mad Chatter is a fun, easy to customize chat server, utilizing HTML 5
   Web Sockets
 email:
@@ -104,8 +115,7 @@ files:
 - templates/extensions/example.rb
 - templates/web/index.html
 - templates/web/javascript.js
-- templates/web/stylesheets/reset.css
-- templates/web/stylesheets/styles.css
+- templates/web/styles.css
 - test/helper.rb
 - test/test_mad_chatter.rb
 homepage: http://github.com/andrewhavens/mad_chatter

data/templates/web/stylesheets/reset.css

@@ -1,48 +0,0 @@
-/* http://meyerweb.com/eric/tools/css/reset/ 
-   v2.0 | 20110126
-   License: none (public domain)
-*/
-
-html, body, div, span, applet, object, iframe,
-h1, h2, h3, h4, h5, h6, p, blockquote, pre,
-a, abbr, acronym, address, big, cite, code,
-del, dfn, em, img, ins, kbd, q, s, samp,
-small, strike, strong, sub, sup, tt, var,
-b, u, i, center,
-dl, dt, dd, ol, ul, li,
-fieldset, form, label, legend,
-table, caption, tbody, tfoot, thead, tr, th, td,
-article, aside, canvas, details, embed, 
-figure, figcaption, footer, header, hgroup, 
-menu, nav, output, ruby, section, summary,
-time, mark, audio, video {
-	margin: 0;
-	padding: 0;
-	border: 0;
-	font-size: 100%;
-	font: inherit;
-	vertical-align: baseline;
-}
-/* HTML5 display-role reset for older browsers */
-article, aside, details, figcaption, figure, 
-footer, header, hgroup, menu, nav, section {
-	display: block;
-}
-body {
-	line-height: 1;
-}
-ol, ul {
-	list-style: none;
-}
-blockquote, q {
-	quotes: none;
-}
-blockquote:before, blockquote:after,
-q:before, q:after {
-	content: '';
-	content: none;
-}
-table {
-	border-collapse: collapse;
-	border-spacing: 0;
-}