npm - @arnaudw38/nodebb-plugin-spam-be-gone - Versions diffs - 1.0.7 → 1.0.9 - Mend

@arnaudw38/nodebb-plugin-spam-be-gone 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/library.js CHANGED Viewed

@@ -4,6 +4,7 @@ const util = require('util');
 const https = require('https');
 const querystring = require('querystring');
 const Honeypot = require('project-honeypot');
+const stopforumspam = require('stopforumspam');
 const winston = require.main.require('winston');
 const nconf = require.main.require('nconf');
@@ -99,6 +100,9 @@ Plugin.load = async function (params) {
 	if (!settings.akismetMinReputationHam) {
 		settings.akismetMinReputationHam = 10;
 	}
+	if (settings.stopforumspamApiKey) {
+		stopforumspam.Key(settings.stopforumspamApiKey);
+	}
 	pluginSettings = settings;
@@ -133,7 +137,7 @@ Plugin.report = async function (req, res, next) {
 		if (isAdmin) {
 			return res.status(403).send({ message: '[[spam-be-gone:cant-report-admin]]' });
 		}
-		await stopForumSpamSubmit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
+		await stopforumspam.submit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}`);
@@ -148,7 +152,7 @@ Plugin.reportFromQueue = async (req, res) => {
 	}
 	const submitData = { ip: data.ip, email: data.email, username: data.username };
 	try {
-		await stopForumSpamSubmit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
+		await stopforumspam.submit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}\n${JSON.stringify(submitData, null, 4)}`);
@@ -279,7 +283,7 @@ Plugin.getRegistrationQueue = async function (data) {
 async function augmentWitSpamData(user) {
 	try {
 		user.ip = user.ip.replace('::ffff:', '');
-		let body = await stopForumSpamLookup({ ip: user.ip, email: user.email, username: user.username });
+		let body = await stopforumspam.isSpammer({ ip: user.ip, email: user.email, username: user.username, f: 'json' });
 		if (!body) {
 			body = { success: 1, username: { frequency: 0, appears: 0 }, email: { frequency: 0, appears: 0 }, ip: { frequency: 0, appears: 0, asn: null } };
 		}
@@ -392,71 +396,6 @@ Plugin._turnstileCheck = async function (req) {
 	});
 };
-async function stopForumSpamLookup({ ip, email, username }) {
-	const params = new URLSearchParams();
-	params.set('f', 'json');
-	if (ip) params.set('ip', ip);
-	if (email) params.set('email', email);
-	if (username) params.set('username', username);
-	const res = await fetch(`https://api.stopforumspam.org/api?${params.toString()}`, {
-		headers: {
-			accept: 'application/json',
-			'user-agent': pluginData.id,
-		},
-	});
-	if (!res.ok) {
-		throw new Error(`StopForumSpam lookup failed (${res.status})`);
-	}
-	return await res.json();
-}
-async function stopForumSpamSubmit({ ip, email, username }, evidence) {
-	if (!pluginSettings.stopforumspamApiKey) {
-		throw new Error('[[spam-be-gone:sfs-api-key-not-set]]');
-	}
-	const body = new URLSearchParams();
-	body.set('api_key', pluginSettings.stopforumspamApiKey);
-	body.set('api', 'json');
-	if (ip) body.set('ip_addr', ip);
-	if (email) body.set('email', email);
-	if (username) body.set('username', username);
-	if (evidence) body.set('evidence', evidence);
-	const res = await fetch('https://www.stopforumspam.com/add.php', {
-		method: 'POST',
-		headers: {
-			'content-type': 'application/x-www-form-urlencoded',
-			accept: 'application/json, text/plain;q=0.9, */*;q=0.8',
-			'user-agent': pluginData.id,
-		},
-		body: body.toString(),
-	});
-	const text = await res.text();
-	if (!res.ok) {
-		throw new Error(`StopForumSpam submit failed (${res.status})`);
-	}
-	try {
-		const parsed = JSON.parse(text);
-		if (parsed.success === 0 || parsed.error) {
-			throw new Error(parsed.error || 'StopForumSpam submit failed');
-		}
-		return parsed;
-	} catch (err) {
-		// Some SFS responses can be plain text; consider HTTP 200 success as accepted.
-		if (/error/i.test(text)) {
-			throw err instanceof Error ? err : new Error('StopForumSpam submit failed');
-		}
-		return { success: 1, raw: text };
-	}
-}
 Plugin.admin = {
 	menu: function (custom_header, callback) {
 		custom_header.plugins.push({ route: `/plugins/${pluginData.nbbId}`, icon: pluginData.faIcon, name: pluginData.name });

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@arnaudw38/nodebb-plugin-spam-be-gone",
-  "version": "1.0.7",
-  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam API, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
+  "version": "1.0.9",
+  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
   "main": "library.js",
   "scripts": {},
   "repository": {
@@ -33,7 +33,8 @@
   },
   "dependencies": {
     "async": "^3.2.0",
-    "project-honeypot": "~0.0.0"
+    "project-honeypot": "~0.0.0",
+    "stopforumspam": "^1.3.8"
   },
   "nbbpm": {
     "compatibility": "^4.0.0"
@@ -49,8 +50,7 @@
     "upgrades/",
     "plugin.json",
     "README.md",
-    "LICENSE",
-    "CHANGELOG.md"
+    "LICENSE"
   ],
   "publishConfig": {
     "access": "public"

package/public/js/scripts.js CHANGED Viewed

@@ -5,11 +5,6 @@
 $(function () {
 	var pluginName = 'spam-be-gone';
 	var turnstileScriptUrl = 'https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit';
-	var turnstileState = {
-		widgets: {},
-		loginBindingsAttached: false,
-		loginResetTimers: [],
-	};
 	function getTurnstileArgs() {
 		return ajaxify.data && ajaxify.data.turnstileArgs;
@@ -30,126 +25,7 @@ $(function () {
 		});
 	}
-	function getCurrentTurnstileResponse() {
-		var input = document.querySelector('input[name="cf-turnstile-response"]');
-		return input && input.value;
-	}
-	function getCurrentLoginTurnstileTargetId() {
-		var args = getTurnstileArgs();
-		return args && args.targetId;
-	}
-	function resetTurnstileWidget(targetId) {
-		if (typeof turnstile === 'undefined') {
-			return false;
-		}
-		targetId = targetId || getCurrentLoginTurnstileTargetId();
-		if (!targetId) {
-			return false;
-		}
-		var widgetId = turnstileState.widgets[targetId];
-		if (widgetId === undefined || widgetId === null) {
-			return false;
-		}
-		try {
-			turnstile.reset(widgetId);
-			return true;
-		} catch (err) {
-			// Ignore reset errors when the widget is already destroyed by navigation.
-			return false;
-		}
-	}
-	function scheduleLoginTurnstileReset() {
-		// Turnstile tokens are single-use. On failed login, NodeBB often keeps the user on the
-		// same page and may handle submission via AJAX/click handlers. We try multiple delayed resets.
-		turnstileState.loginResetTimers.forEach(function (timerId) {
-			window.clearTimeout(timerId);
-		});
-		turnstileState.loginResetTimers = [];
-		[700, 1400, 2600, 4200].forEach(function (delay) {
-			var timerId = window.setTimeout(function () {
-				var onLoginPage = !ajaxify.data || !ajaxify.data.tpl_url || ajaxify.data.tpl_url === 'login';
-				if (!onLoginPage) {
-					return;
-				}
-				var targetId = getCurrentLoginTurnstileTargetId();
-				if (!targetId || !document.getElementById(targetId)) {
-					return;
-				}
-				resetTurnstileWidget(targetId);
-			}, delay);
-			turnstileState.loginResetTimers.push(timerId);
-		});
-	}
-	function bindLoginRetryReset() {
-		if (turnstileState.loginBindingsAttached) {
-			return;
-		}
-		turnstileState.loginBindingsAttached = true;
-		function loginSubmitTrigger() {
-			scheduleLoginTurnstileReset();
-		}
-		// Native capture listeners only (avoid duplicate handlers/race conditions with jQuery delegates).
-		document.addEventListener('click', function (ev) {
-			var btn = ev.target && ev.target.closest ? ev.target.closest('[component="login/submit"], #login [type="submit"], form[action*="/login"] [type="submit"], form[data-action="login"] [type="submit"], button[type="submit"]') : null;
-			if (!btn) {
-				return;
-			}
-			var inLogin = btn.closest && btn.closest('#login, form[action*="/login"], form[data-action="login"], [component="login"]');
-			if (inLogin || (ajaxify.data && ajaxify.data.tpl_url === 'login')) {
-				loginSubmitTrigger();
-			}
-		}, true);
-		// Enter key in login fields for themes that trigger login without a click event.
-		document.addEventListener('keydown', function (ev) {
-			if (ev.key !== 'Enter') {
-				return;
-			}
-			var el = ev.target;
-			if (!el || !el.closest) {
-				return;
-			}
-			var inLogin = el.closest('#login, form[action*="/login"], form[data-action="login"], [component="login"]');
-			if (inLogin || (ajaxify.data && ajaxify.data.tpl_url === 'login')) {
-				loginSubmitTrigger();
-			}
-		}, true);
-		// Extra safety: reset again when a login error alert appears (covers AJAX flows that do not
-		// reliably trigger the expected submit/click path in some themes).
-		if (window.MutationObserver) {
-			var observer = new MutationObserver(function (mutations) {
-				var onLoginPage = !ajaxify.data || !ajaxify.data.tpl_url || ajaxify.data.tpl_url === 'login';
-				if (!onLoginPage) {
-					return;
-				}
-				for (var i = 0; i < mutations.length; i += 1) {
-					for (var j = 0; j < mutations[i].addedNodes.length; j += 1) {
-						var n = mutations[i].addedNodes[j];
-						if (!n || n.nodeType !== 1) {
-							continue;
-						}
-						var hasError = (n.matches && n.matches('.alert-danger, .alert-error, .text-danger, [component="alerts/error"]')) ||
-							(n.querySelector && n.querySelector('.alert-danger, .alert-error, .text-danger, [component="alerts/error"]'));
-						if (hasError) {
-							scheduleLoginTurnstileReset();
-							return;
-						}
-					}
-				}
-			});
-			observer.observe(document.body, { childList: true, subtree: true });
-		}
-	}
-function renderTurnstileIfNeeded(isLoginPage) {
+	function renderTurnstileIfNeeded(isLoginPage) {
 		var args = getTurnstileArgs();
 		if (!args || (isLoginPage && !args.addLoginTurnstile)) {
 			return;
@@ -161,18 +37,10 @@ function renderTurnstileIfNeeded(isLoginPage) {
 					return;
 				}
 				var target = document.getElementById(args.targetId);
-				if (!target) {
+				if (!target || target.dataset.turnstileRendered === '1') {
 					return;
 				}
-				if (target.dataset.turnstileRendered === '1') {
-					if (isLoginPage) {
-						bindLoginRetryReset();
-					}
-					return;
-				}
-				var widgetId = turnstile.render('#' + args.targetId, {
+				turnstile.render('#' + args.targetId, {
 					sitekey: args.siteKey,
 					theme: args.theme || 'auto',
 					size: args.size || 'normal',
@@ -187,18 +55,8 @@ function renderTurnstileIfNeeded(isLoginPage) {
 					'error-callback': function () {
 						require(['alerts'], function (alerts) { alerts.error('[[spam-be-gone:captcha-not-verified]]'); });
 					},
-					'expired-callback': function () {
-						resetTurnstileWidget(args.targetId);
-					},
-					'timeout-callback': function () {
-						resetTurnstileWidget(args.targetId);
-					},
 				});
 				target.dataset.turnstileRendered = '1';
-				turnstileState.widgets[args.targetId] = widgetId;
-				if (isLoginPage) {
-					bindLoginRetryReset();
-				}
 			})
 			.catch(function () {
 				require(['alerts'], function (alerts) { alerts.error('Failed to load Cloudflare Turnstile'); });

package/CHANGELOG.md DELETED Viewed

@@ -1,68 +0,0 @@
-# Changelog
-All notable changes to this project will be documented in this file.
-## [1.0.8] - 2026-02-25
-### Fixed
-- Fixed Turnstile login retry reset in themes/login flows where previous click/enter hooks did not reliably trigger the widget reset.
-- Made login retry reset logic target the current Turnstile container dynamically instead of relying on a stale target id.
-- Added a fallback reset trigger when login error alerts are rendered on the login page.
-## [1.0.7] - 2026-02-25
-### Fixed
-- Login retry Turnstile reset now uses native event listeners only (removed jQuery delegated login listeners).
-- Prevented duplicate retry-reset triggers caused by mixed jQuery + native listeners on some NodeBB themes.
-### Changed
-- Simplified login retry detection to click + Enter key flows (removed submit listener).
-## [1.0.6] - 2026-02-25
-### Fixed
-- Fixed login retry Turnstile reset trigger on NodeBB login flows that do not emit the expected jQuery submit/click events.
-- Prevented missing reset after failed login without page reload by adding capture-phase submit/click/Enter listeners.
-## [1.0.5] - 2026-02-25
-### Fixed
-- Fixed Turnstile not resetting after a failed login attempt when retrying on the same page.
-- Reset is now triggered after login submit if the user remains on the login page, even if the hidden Turnstile token input has already been cleared by client-side login logic.
-## [1.0.4] - 2026-02-25
-### Fixed
-- Fixed login UX regression where the Turnstile widget was resetting while typing in the username/password fields.
-- Turnstile now resets only after a login submission retry flow (failed login without page reload), not on every keystroke.
-## [1.0.3] - 2026-02-25
-### Fixed
-- Fixed Cloudflare Turnstile failure on login retry without page reload.
-- Reset Turnstile widget automatically after a failed login attempt (Turnstile tokens are single-use).
-- Improved login flow reliability when users retry authentication on the same page.
-### Improved
-- Added safer Turnstile widget state handling on the login form.
-- Added callbacks handling for expired/timeout token states.
-- Better UX during repeated login attempts without manual refresh.
-- Removed deprecated `stopforumspam` npm dependency and replaced it with direct StopForumSpam API requests using native `fetch` (eliminates `q` / `node-domexception` install warnings).
-## [1.0.2] - 2026-02-25
-### UI
-- Replaced visible 'Turnstile' label with a more user-friendly label:
-  - French: `Vérification de sécurité`
-## [1.0.1] - 2026-02-25
-### Changed
-- Refactored plugin for NodeBB 4.x compatibility.
-- Removed legacy reCAPTCHA and hCaptcha integrations.
-- Added Cloudflare Turnstile support (register + optional login protection).
-- Simplified package/tooling for a minimal runtime-focused plugin setup.
-### Docs
-- Rewrote README in English (Turnstile-only, no images).
-- Added npm-ready/publish-ready package metadata and documentation.