@arnaudw38/nodebb-plugin-spam-be-gone 1.0.2 → 1.0.4

package/CHANGELOG.md

@@ -0,0 +1,40 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [1.0.4] - 2026-02-25
+
+### Fixed
+- Fixed login UX regression where the Turnstile widget was resetting while typing in the username/password fields.
+- Turnstile now resets only after a login submission retry flow (failed login without page reload), not on every keystroke.
+
+## [1.0.3] - 2026-02-25
+
+### Fixed
+- Fixed Cloudflare Turnstile failure on login retry without page reload.
+- Reset Turnstile widget automatically after a failed login attempt (Turnstile tokens are single-use).
+- Improved login flow reliability when users retry authentication on the same page.
+
+### Improved
+- Added safer Turnstile widget state handling on the login form.
+- Added callbacks handling for expired/timeout token states.
+- Better UX during repeated login attempts without manual refresh.
+- Removed deprecated `stopforumspam` npm dependency and replaced it with direct StopForumSpam API requests using native `fetch` (eliminates `q` / `node-domexception` install warnings).
+
+## [1.0.2] - 2026-02-25
+
+### UI
+- Replaced visible 'Turnstile' label with a more user-friendly label:
+  - French: `Vérification de sécurité`
+
+## [1.0.1] - 2026-02-25
+
+### Changed
+- Refactored plugin for NodeBB 4.x compatibility.
+- Removed legacy reCAPTCHA and hCaptcha integrations.
+- Added Cloudflare Turnstile support (register + optional login protection).
+- Simplified package/tooling for a minimal runtime-focused plugin setup.
+
+### Docs
+- Rewrote README in English (Turnstile-only, no images).
+- Added npm-ready/publish-ready package metadata and documentation.

package/library.js

@@ -4,7 +4,6 @@ const util = require('util');
 const https = require('https');
 const querystring = require('querystring');
 const Honeypot = require('project-honeypot');
-const stopforumspam = require('stopforumspam');
 
 const winston = require.main.require('winston');
 const nconf = require.main.require('nconf');
@@ -100,9 +99,6 @@ Plugin.load = async function (params) {
 	if (!settings.akismetMinReputationHam) {
 		settings.akismetMinReputationHam = 10;
 	}
-	if (settings.stopforumspamApiKey) {
-		stopforumspam.Key(settings.stopforumspamApiKey);
-	}
 
 	pluginSettings = settings;
 
@@ -137,7 +133,7 @@ Plugin.report = async function (req, res, next) {
 		if (isAdmin) {
 			return res.status(403).send({ message: '[[spam-be-gone:cant-report-admin]]' });
 		}
-		await stopforumspam.submit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
+		await stopForumSpamSubmit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}`);
@@ -152,7 +148,7 @@ Plugin.reportFromQueue = async (req, res) => {
 	}
 	const submitData = { ip: data.ip, email: data.email, username: data.username };
 	try {
-		await stopforumspam.submit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
+		await stopForumSpamSubmit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}\n${JSON.stringify(submitData, null, 4)}`);
@@ -283,7 +279,7 @@ Plugin.getRegistrationQueue = async function (data) {
 async function augmentWitSpamData(user) {
 	try {
 		user.ip = user.ip.replace('::ffff:', '');
-		let body = await stopforumspam.isSpammer({ ip: user.ip, email: user.email, username: user.username, f: 'json' });
+		let body = await stopForumSpamLookup({ ip: user.ip, email: user.email, username: user.username });
 		if (!body) {
 			body = { success: 1, username: { frequency: 0, appears: 0 }, email: { frequency: 0, appears: 0 }, ip: { frequency: 0, appears: 0, asn: null } };
 		}
@@ -396,6 +392,71 @@ Plugin._turnstileCheck = async function (req) {
 	});
 };
 
+
+async function stopForumSpamLookup({ ip, email, username }) {
+	const params = new URLSearchParams();
+	params.set('f', 'json');
+	if (ip) params.set('ip', ip);
+	if (email) params.set('email', email);
+	if (username) params.set('username', username);
+
+	const res = await fetch(`https://api.stopforumspam.org/api?${params.toString()}`, {
+		headers: {
+			accept: 'application/json',
+			'user-agent': pluginData.id,
+		},
+	});
+
+	if (!res.ok) {
+		throw new Error(`StopForumSpam lookup failed (${res.status})`);
+	}
+
+	return await res.json();
+}
+
+async function stopForumSpamSubmit({ ip, email, username }, evidence) {
+	if (!pluginSettings.stopforumspamApiKey) {
+		throw new Error('[[spam-be-gone:sfs-api-key-not-set]]');
+	}
+
+	const body = new URLSearchParams();
+	body.set('api_key', pluginSettings.stopforumspamApiKey);
+	body.set('api', 'json');
+	if (ip) body.set('ip_addr', ip);
+	if (email) body.set('email', email);
+	if (username) body.set('username', username);
+	if (evidence) body.set('evidence', evidence);
+
+	const res = await fetch('https://www.stopforumspam.com/add.php', {
+		method: 'POST',
+		headers: {
+			'content-type': 'application/x-www-form-urlencoded',
+			accept: 'application/json, text/plain;q=0.9, */*;q=0.8',
+			'user-agent': pluginData.id,
+		},
+		body: body.toString(),
+	});
+
+	const text = await res.text();
+	if (!res.ok) {
+		throw new Error(`StopForumSpam submit failed (${res.status})`);
+	}
+
+	try {
+		const parsed = JSON.parse(text);
+		if (parsed.success === 0 || parsed.error) {
+			throw new Error(parsed.error || 'StopForumSpam submit failed');
+		}
+		return parsed;
+	} catch (err) {
+		// Some SFS responses can be plain text; consider HTTP 200 success as accepted.
+		if (/error/i.test(text)) {
+			throw err instanceof Error ? err : new Error('StopForumSpam submit failed');
+		}
+		return { success: 1, raw: text };
+	}
+}
+
 Plugin.admin = {
 	menu: function (custom_header, callback) {
 		custom_header.plugins.push({ route: `/plugins/${pluginData.nbbId}`, icon: pluginData.faIcon, name: pluginData.name });

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@arnaudw38/nodebb-plugin-spam-be-gone",
-  "version": "1.0.2",
-  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
+  "version": "1.0.4",
+  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam API, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
   "main": "library.js",
   "scripts": {},
   "repository": {
@@ -33,8 +33,7 @@
   },
   "dependencies": {
     "async": "^3.2.0",
-    "project-honeypot": "~0.0.0",
-    "stopforumspam": "^1.3.8"
+    "project-honeypot": "~0.0.0"
   },
   "nbbpm": {
     "compatibility": "^4.0.0"
@@ -50,7 +49,8 @@
     "upgrades/",
     "plugin.json",
     "README.md",
-    "LICENSE"
+    "LICENSE",
+    "CHANGELOG.md"
   ],
   "publishConfig": {
     "access": "public"

package/public/js/scripts.js

@@ -82,12 +82,7 @@ $(function () {
 			.on('click.spamBeGoneTurnstileLogin', '[component="login/submit"]', function () {
 				scheduleLoginTurnstileReset(targetId);
 			})
-			.off('input.spamBeGoneTurnstileLogin change.spamBeGoneTurnstileLogin')
-			.on('input.spamBeGoneTurnstileLogin change.spamBeGoneTurnstileLogin', 'input[name="username"], input[name="password"]', function () {
-				if (document.getElementById(targetId) && getCurrentTurnstileResponse()) {
-					resetTurnstileWidget(targetId);
-				}
-			});
+			.off('input.spamBeGoneTurnstileLogin change.spamBeGoneTurnstileLogin');
 	}
 
 	function renderTurnstileIfNeeded(isLoginPage) {