npm - @arnaudw38/nodebb-plugin-spam-be-gone - Versions diffs - 1.0.1 → 1.0.3 - Mend

@arnaudw38/nodebb-plugin-spam-be-gone 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,34 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+## [1.0.3] - 2026-02-25
+### Fixed
+- Fixed Cloudflare Turnstile failure on login retry without page reload.
+- Reset Turnstile widget automatically after a failed login attempt (Turnstile tokens are single-use).
+- Improved login flow reliability when users retry authentication on the same page.
+### Improved
+- Added safer Turnstile widget state handling on the login form.
+- Added callbacks handling for expired/timeout token states.
+- Better UX during repeated login attempts without manual refresh.
+- Removed deprecated `stopforumspam` npm dependency and replaced it with direct StopForumSpam API requests using native `fetch` (eliminates `q` / `node-domexception` install warnings).
+## [1.0.2] - 2026-02-25
+### UI
+- Replaced visible 'Turnstile' label with a more user-friendly label:
+  - French: `Vérification de sécurité`
+## [1.0.1] - 2026-02-25
+### Changed
+- Refactored plugin for NodeBB 4.x compatibility.
+- Removed legacy reCAPTCHA and hCaptcha integrations.
+- Added Cloudflare Turnstile support (register + optional login protection).
+- Simplified package/tooling for a minimal runtime-focused plugin setup.
+### Docs
+- Rewrote README in English (Turnstile-only, no images).
+- Added npm-ready/publish-ready package metadata and documentation.

package/library.js CHANGED Viewed

@@ -4,7 +4,6 @@ const util = require('util');
 const https = require('https');
 const querystring = require('querystring');
 const Honeypot = require('project-honeypot');
-const stopforumspam = require('stopforumspam');
 const winston = require.main.require('winston');
 const nconf = require.main.require('nconf');
@@ -100,9 +99,6 @@ Plugin.load = async function (params) {
 	if (!settings.akismetMinReputationHam) {
 		settings.akismetMinReputationHam = 10;
 	}
-	if (settings.stopforumspamApiKey) {
-		stopforumspam.Key(settings.stopforumspamApiKey);
-	}
 	pluginSettings = settings;
@@ -137,7 +133,7 @@ Plugin.report = async function (req, res, next) {
 		if (isAdmin) {
 			return res.status(403).send({ message: '[[spam-be-gone:cant-report-admin]]' });
 		}
-		await stopforumspam.submit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
+		await stopForumSpamSubmit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}`);
@@ -152,7 +148,7 @@ Plugin.reportFromQueue = async (req, res) => {
 	}
 	const submitData = { ip: data.ip, email: data.email, username: data.username };
 	try {
-		await stopforumspam.submit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
+		await stopForumSpamSubmit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}\n${JSON.stringify(submitData, null, 4)}`);
@@ -283,7 +279,7 @@ Plugin.getRegistrationQueue = async function (data) {
 async function augmentWitSpamData(user) {
 	try {
 		user.ip = user.ip.replace('::ffff:', '');
-		let body = await stopforumspam.isSpammer({ ip: user.ip, email: user.email, username: user.username, f: 'json' });
+		let body = await stopForumSpamLookup({ ip: user.ip, email: user.email, username: user.username });
 		if (!body) {
 			body = { success: 1, username: { frequency: 0, appears: 0 }, email: { frequency: 0, appears: 0 }, ip: { frequency: 0, appears: 0, asn: null } };
 		}
@@ -396,6 +392,71 @@ Plugin._turnstileCheck = async function (req) {
 	});
 };
+async function stopForumSpamLookup({ ip, email, username }) {
+	const params = new URLSearchParams();
+	params.set('f', 'json');
+	if (ip) params.set('ip', ip);
+	if (email) params.set('email', email);
+	if (username) params.set('username', username);
+	const res = await fetch(`https://api.stopforumspam.org/api?${params.toString()}`, {
+		headers: {
+			accept: 'application/json',
+			'user-agent': pluginData.id,
+		},
+	});
+	if (!res.ok) {
+		throw new Error(`StopForumSpam lookup failed (${res.status})`);
+	}
+	return await res.json();
+}
+async function stopForumSpamSubmit({ ip, email, username }, evidence) {
+	if (!pluginSettings.stopforumspamApiKey) {
+		throw new Error('[[spam-be-gone:sfs-api-key-not-set]]');
+	}
+	const body = new URLSearchParams();
+	body.set('api_key', pluginSettings.stopforumspamApiKey);
+	body.set('api', 'json');
+	if (ip) body.set('ip_addr', ip);
+	if (email) body.set('email', email);
+	if (username) body.set('username', username);
+	if (evidence) body.set('evidence', evidence);
+	const res = await fetch('https://www.stopforumspam.com/add.php', {
+		method: 'POST',
+		headers: {
+			'content-type': 'application/x-www-form-urlencoded',
+			accept: 'application/json, text/plain;q=0.9, */*;q=0.8',
+			'user-agent': pluginData.id,
+		},
+		body: body.toString(),
+	});
+	const text = await res.text();
+	if (!res.ok) {
+		throw new Error(`StopForumSpam submit failed (${res.status})`);
+	}
+	try {
+		const parsed = JSON.parse(text);
+		if (parsed.success === 0 || parsed.error) {
+			throw new Error(parsed.error || 'StopForumSpam submit failed');
+		}
+		return parsed;
+	} catch (err) {
+		// Some SFS responses can be plain text; consider HTTP 200 success as accepted.
+		if (/error/i.test(text)) {
+			throw err instanceof Error ? err : new Error('StopForumSpam submit failed');
+		}
+		return { success: 1, raw: text };
+	}
+}
 Plugin.admin = {
 	menu: function (custom_header, callback) {
 		custom_header.plugins.push({ route: `/plugins/${pluginData.nbbId}`, icon: pluginData.faIcon, name: pluginData.name });

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@arnaudw38/nodebb-plugin-spam-be-gone",
-  "version": "1.0.1",
-  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
+  "version": "1.0.3",
+  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam API, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
   "main": "library.js",
   "scripts": {},
   "repository": {
@@ -33,8 +33,7 @@
   },
   "dependencies": {
     "async": "^3.2.0",
-    "project-honeypot": "~0.0.0",
-    "stopforumspam": "^1.3.8"
+    "project-honeypot": "~0.0.0"
   },
   "nbbpm": {
     "compatibility": "^4.0.0"
@@ -50,7 +49,8 @@
     "upgrades/",
     "plugin.json",
     "README.md",
-    "LICENSE"
+    "LICENSE",
+    "CHANGELOG.md"
   ],
   "publishConfig": {
     "access": "public"

package/plugin.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "id": "nodebb-plugin-spam-be-gone",
   "name": "Spam Be Gone",
   "description": "Anti-spam using Akismet.com, StopForumSpam.com, ProjectHoneyPot.org and Cloudflare Turnstile",
-  "url": "https://github.com/aworobel/nodebb-plugin-spam-be-gone",
+  "url": "https://github.com/akhoury/nodebb-plugin-spam-be-gone",
   "scss": [
     "public/scss/styles.scss"
   ],

package/public/js/scripts.js CHANGED Viewed

@@ -5,6 +5,10 @@
 $(function () {
 	var pluginName = 'spam-be-gone';
 	var turnstileScriptUrl = 'https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit';
+	var turnstileState = {
+		widgets: {},
+		loginBindingsAttached: false,
+	};
 	function getTurnstileArgs() {
 		return ajaxify.data && ajaxify.data.turnstileArgs;
@@ -25,6 +29,67 @@ $(function () {
 		});
 	}
+	function getCurrentTurnstileResponse() {
+		var input = document.querySelector('input[name="cf-turnstile-response"]');
+		return input && input.value;
+	}
+	function resetTurnstileWidget(targetId) {
+		if (typeof turnstile === 'undefined') {
+			return;
+		}
+		var widgetId = turnstileState.widgets[targetId];
+		if (widgetId === undefined || widgetId === null) {
+			return;
+		}
+		try {
+			turnstile.reset(widgetId);
+		} catch (err) {
+			// Ignore reset errors when the widget is already destroyed by navigation.
+		}
+	}
+	function scheduleLoginTurnstileReset(targetId) {
+		// Turnstile tokens are single-use. On failed login, NodeBB keeps the user on the
+		// same page, so we refresh the widget shortly after submit to allow a retry.
+		[1200, 3000].forEach(function (delay) {
+			window.setTimeout(function () {
+				if (ajaxify.data && ajaxify.data.template && ajaxify.data.template.name && ajaxify.data.template.name !== 'login') {
+					return;
+				}
+				if (!document.getElementById(targetId)) {
+					return;
+				}
+				if (getCurrentTurnstileResponse()) {
+					resetTurnstileWidget(targetId);
+				}
+			}, delay);
+		});
+	}
+	function bindLoginRetryReset(targetId) {
+		if (turnstileState.loginBindingsAttached) {
+			return;
+		}
+		turnstileState.loginBindingsAttached = true;
+		$(document)
+			.off('submit.spamBeGoneTurnstileLogin')
+			.on('submit.spamBeGoneTurnstileLogin', 'form[action="/login"], form[data-action="login"], #login', function () {
+				scheduleLoginTurnstileReset(targetId);
+			})
+			.off('click.spamBeGoneTurnstileLogin')
+			.on('click.spamBeGoneTurnstileLogin', '[component="login/submit"]', function () {
+				scheduleLoginTurnstileReset(targetId);
+			})
+			.off('input.spamBeGoneTurnstileLogin change.spamBeGoneTurnstileLogin')
+			.on('input.spamBeGoneTurnstileLogin change.spamBeGoneTurnstileLogin', 'input[name="username"], input[name="password"]', function () {
+				if (document.getElementById(targetId) && getCurrentTurnstileResponse()) {
+					resetTurnstileWidget(targetId);
+				}
+			});
+	}
 	function renderTurnstileIfNeeded(isLoginPage) {
 		var args = getTurnstileArgs();
 		if (!args || (isLoginPage && !args.addLoginTurnstile)) {
@@ -37,10 +102,18 @@ $(function () {
 					return;
 				}
 				var target = document.getElementById(args.targetId);
-				if (!target || target.dataset.turnstileRendered === '1') {
+				if (!target) {
+					return;
+				}
+				if (target.dataset.turnstileRendered === '1') {
+					if (isLoginPage) {
+						bindLoginRetryReset(args.targetId);
+					}
 					return;
 				}
-				turnstile.render('#' + args.targetId, {
+				var widgetId = turnstile.render('#' + args.targetId, {
 					sitekey: args.siteKey,
 					theme: args.theme || 'auto',
 					size: args.size || 'normal',
@@ -55,8 +128,18 @@ $(function () {
 					'error-callback': function () {
 						require(['alerts'], function (alerts) { alerts.error('[[spam-be-gone:captcha-not-verified]]'); });
 					},
+					'expired-callback': function () {
+						resetTurnstileWidget(args.targetId);
+					},
+					'timeout-callback': function () {
+						resetTurnstileWidget(args.targetId);
+					},
 				});
 				target.dataset.turnstileRendered = '1';
+				turnstileState.widgets[args.targetId] = widgetId;
+				if (isLoginPage) {
+					bindLoginRetryReset(args.targetId);
+				}
 			})
 			.catch(function () {
 				require(['alerts'], function (alerts) { alerts.error('Failed to load Cloudflare Turnstile'); });