npm - @arnaudw38/nodebb-plugin-spam-be-gone - Versions diffs - 1.0.8 → 1.0.10 - Mend

@arnaudw38/nodebb-plugin-spam-be-gone 1.0.8 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/library.js CHANGED Viewed

@@ -4,6 +4,7 @@ const util = require('util');
 const https = require('https');
 const querystring = require('querystring');
 const Honeypot = require('project-honeypot');
+const stopforumspam = require('stopforumspam');
 const winston = require.main.require('winston');
 const nconf = require.main.require('nconf');
@@ -99,6 +100,9 @@ Plugin.load = async function (params) {
 	if (!settings.akismetMinReputationHam) {
 		settings.akismetMinReputationHam = 10;
 	}
+	if (settings.stopforumspamApiKey) {
+		stopforumspam.Key(settings.stopforumspamApiKey);
+	}
 	pluginSettings = settings;
@@ -133,7 +137,7 @@ Plugin.report = async function (req, res, next) {
 		if (isAdmin) {
 			return res.status(403).send({ message: '[[spam-be-gone:cant-report-admin]]' });
 		}
-		await stopForumSpamSubmit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
+		await stopforumspam.submit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}`);
@@ -148,7 +152,7 @@ Plugin.reportFromQueue = async (req, res) => {
 	}
 	const submitData = { ip: data.ip, email: data.email, username: data.username };
 	try {
-		await stopForumSpamSubmit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
+		await stopforumspam.submit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}\n${JSON.stringify(submitData, null, 4)}`);
@@ -279,7 +283,7 @@ Plugin.getRegistrationQueue = async function (data) {
 async function augmentWitSpamData(user) {
 	try {
 		user.ip = user.ip.replace('::ffff:', '');
-		let body = await stopForumSpamLookup({ ip: user.ip, email: user.email, username: user.username });
+		let body = await stopforumspam.isSpammer({ ip: user.ip, email: user.email, username: user.username, f: 'json' });
 		if (!body) {
 			body = { success: 1, username: { frequency: 0, appears: 0 }, email: { frequency: 0, appears: 0 }, ip: { frequency: 0, appears: 0, asn: null } };
 		}
@@ -392,71 +396,6 @@ Plugin._turnstileCheck = async function (req) {
 	});
 };
-async function stopForumSpamLookup({ ip, email, username }) {
-	const params = new URLSearchParams();
-	params.set('f', 'json');
-	if (ip) params.set('ip', ip);
-	if (email) params.set('email', email);
-	if (username) params.set('username', username);
-	const res = await fetch(`https://api.stopforumspam.org/api?${params.toString()}`, {
-		headers: {
-			accept: 'application/json',
-			'user-agent': pluginData.id,
-		},
-	});
-	if (!res.ok) {
-		throw new Error(`StopForumSpam lookup failed (${res.status})`);
-	}
-	return await res.json();
-}
-async function stopForumSpamSubmit({ ip, email, username }, evidence) {
-	if (!pluginSettings.stopforumspamApiKey) {
-		throw new Error('[[spam-be-gone:sfs-api-key-not-set]]');
-	}
-	const body = new URLSearchParams();
-	body.set('api_key', pluginSettings.stopforumspamApiKey);
-	body.set('api', 'json');
-	if (ip) body.set('ip_addr', ip);
-	if (email) body.set('email', email);
-	if (username) body.set('username', username);
-	if (evidence) body.set('evidence', evidence);
-	const res = await fetch('https://www.stopforumspam.com/add.php', {
-		method: 'POST',
-		headers: {
-			'content-type': 'application/x-www-form-urlencoded',
-			accept: 'application/json, text/plain;q=0.9, */*;q=0.8',
-			'user-agent': pluginData.id,
-		},
-		body: body.toString(),
-	});
-	const text = await res.text();
-	if (!res.ok) {
-		throw new Error(`StopForumSpam submit failed (${res.status})`);
-	}
-	try {
-		const parsed = JSON.parse(text);
-		if (parsed.success === 0 || parsed.error) {
-			throw new Error(parsed.error || 'StopForumSpam submit failed');
-		}
-		return parsed;
-	} catch (err) {
-		// Some SFS responses can be plain text; consider HTTP 200 success as accepted.
-		if (/error/i.test(text)) {
-			throw err instanceof Error ? err : new Error('StopForumSpam submit failed');
-		}
-		return { success: 1, raw: text };
-	}
-}
 Plugin.admin = {
 	menu: function (custom_header, callback) {
 		custom_header.plugins.push({ route: `/plugins/${pluginData.nbbId}`, icon: pluginData.faIcon, name: pluginData.name });

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@arnaudw38/nodebb-plugin-spam-be-gone",
-  "version": "1.0.8",
-  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam API, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
+  "version": "1.0.10",
+  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
   "main": "library.js",
   "scripts": {},
   "repository": {
@@ -33,7 +33,8 @@
   },
   "dependencies": {
     "async": "^3.2.0",
-    "project-honeypot": "~0.0.0"
+    "project-honeypot": "~0.0.0",
+    "stopforumspam": "^1.3.8"
   },
   "nbbpm": {
     "compatibility": "^4.0.0"
@@ -49,8 +50,7 @@
     "upgrades/",
     "plugin.json",
     "README.md",
-    "LICENSE",
-    "CHANGELOG.md"
+    "LICENSE"
   ],
   "publishConfig": {
     "access": "public"

package/public/js/scripts.js CHANGED Viewed

@@ -5,19 +5,22 @@
 $(function () {
 	var pluginName = 'spam-be-gone';
 	var turnstileScriptUrl = 'https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit';
-	var turnstileState = {
-		widgets: {},
-		loginBindingsAttached: false,
-		loginResetTimers: [],
-		loginErrorObserver: null,
-		loginAttemptArmed: false,
-		navigatingAway: false,
+	var loginTurnstile = {
+		widgetId: null,
+		observer: null,
+		watchTimer: null,
+		isWatching: false,
 	};
 	function getTurnstileArgs() {
 		return ajaxify.data && ajaxify.data.turnstileArgs;
 	}
+	function isLoginPage() {
+		return !!(ajaxify.data && ajaxify.data.template && ajaxify.data.template.name === 'login') ||
+			(window.location.pathname && window.location.pathname.indexOf('/login') !== -1);
+	}
 	function injectScriptOnce(src) {
 		if (document.querySelector('script[src*="turnstile/v0/api.js"]')) {
 			return Promise.resolve();
@@ -33,182 +36,140 @@ $(function () {
 		});
 	}
-	function getCurrentTurnstileResponse() {
-		var input = document.querySelector('input[name="cf-turnstile-response"]');
-		return input && input.value;
+	function hasLoginErrorVisible() {
+		if (!isLoginPage()) {
+			return false;
+		}
+		var selectors = [
+			'.alert.alert-danger',
+			'.alert-danger',
+			'[component="alerts"] .alert-danger',
+			'[component="login"] .alert-danger',
+			'[component="login/login"] .alert-danger',
+		];
+		return selectors.some(function (sel) {
+			var nodes = document.querySelectorAll(sel);
+			return Array.prototype.some.call(nodes, function (node) {
+				return !!(node && node.offsetParent !== null && node.textContent && node.textContent.trim());
+			});
+		});
 	}
-	function getCurrentLoginTurnstileTargetId() {
-		var args = getTurnstileArgs();
-		return args && args.targetId;
+	function clearLoginErrorWatch() {
+		if (loginTurnstile.observer) {
+			loginTurnstile.observer.disconnect();
+			loginTurnstile.observer = null;
+		}
+		if (loginTurnstile.watchTimer) {
+			clearTimeout(loginTurnstile.watchTimer);
+			loginTurnstile.watchTimer = null;
+		}
+		loginTurnstile.isWatching = false;
 	}
-	function resetTurnstileWidget(targetId) {
-		if (typeof turnstile === 'undefined') {
-			return false;
-		}
-		targetId = targetId || getCurrentLoginTurnstileTargetId();
-		if (!targetId) {
-			return false;
+	function resetLoginTurnstile() {
+		if (!isLoginPage() || typeof turnstile === 'undefined' || !turnstile || typeof turnstile.reset !== 'function') {
+			return;
 		}
-		var widgetId = turnstileState.widgets[targetId];
-		if (widgetId === undefined || widgetId === null) {
-			return false;
+		var args = getTurnstileArgs();
+		var target = args && args.targetId ? document.getElementById(args.targetId) : null;
+		if (!target) {
+			return;
 		}
 		try {
-			turnstile.reset(widgetId);
-			return true;
+			if (loginTurnstile.widgetId !== null && loginTurnstile.widgetId !== undefined) {
+				turnstile.reset(loginTurnstile.widgetId);
+			} else {
+				turnstile.reset(target);
+			}
 		} catch (err) {
-			// Ignore reset errors when the widget is already destroyed by navigation.
-			return false;
+			// ignore reset errors to avoid blocking login UX
 		}
 	}
-	function onLoginPageNow() {
-		return !ajaxify.data || !ajaxify.data.tpl_url || ajaxify.data.tpl_url === 'login';
-	}
+	function watchForLoginFailureAndReset() {
+		if (!isLoginPage() || loginTurnstile.isWatching) {
+			return;
+		}
+		if (typeof turnstile === 'undefined' || !turnstile) {
+			return;
+		}
-	function hasLoginErrorVisible() {
-		var selectors = [
-			'.alert-danger',
-			'.alert-error',
-			'[component="alerts"] .alert.alert-danger',
-			'[component="alerts/error"]',
-			'.login-error',
-			'.text-danger',
-		];
-		for (var i = 0; i < selectors.length; i += 1) {
-			var nodes = document.querySelectorAll(selectors[i]);
-			for (var j = 0; j < nodes.length; j += 1) {
-				var n = nodes[j];
-				if (n && (n.offsetParent !== null || (n.textContent && n.textContent.trim()))) {
-					return true;
+		loginTurnstile.isWatching = true;
+		// Fast path in case an error is already present
+		if (hasLoginErrorVisible()) {
+			resetLoginTurnstile();
+			clearLoginErrorWatch();
+			return;
+		}
+		var body = document.body;
+		if (body && typeof MutationObserver !== 'undefined') {
+			loginTurnstile.observer = new MutationObserver(function () {
+				if (hasLoginErrorVisible()) {
+					resetLoginTurnstile();
+					clearLoginErrorWatch();
 				}
-			}
+			});
+			loginTurnstile.observer.observe(body, { childList: true, subtree: true, attributes: true });
 		}
-		return false;
-	}
-	function clearLoginResetTimers() {
-		turnstileState.loginResetTimers.forEach(function (timerId) {
-			window.clearTimeout(timerId);
-		});
-		turnstileState.loginResetTimers = [];
+		// Auto-cleanup if success navigation happens or no error is shown
+		loginTurnstile.watchTimer = window.setTimeout(function () {
+			clearLoginErrorWatch();
+		}, 5000);
 	}
-	function disarmLoginAttemptWatch() {
-		turnstileState.loginAttemptArmed = false;
-		clearLoginResetTimers();
-		if (turnstileState.loginErrorObserver) {
-			try {
-				turnstileState.loginErrorObserver.disconnect();
-			} catch (err) {
-				// noop
-			}
-			turnstileState.loginErrorObserver = null;
-		}
+	function bindLoginRetryResetHandlers() {
+		document.removeEventListener('click', onLoginIntentCapture, true);
+		document.removeEventListener('keydown', onLoginKeydownCapture, true);
+		window.removeEventListener('beforeunload', clearLoginErrorWatch);
+		window.removeEventListener('pagehide', clearLoginErrorWatch);
+		document.addEventListener('click', onLoginIntentCapture, true);
+		document.addEventListener('keydown', onLoginKeydownCapture, true);
+		window.addEventListener('beforeunload', clearLoginErrorWatch);
+		window.addEventListener('pagehide', clearLoginErrorWatch);
 	}
-	function resetLoginTurnstileOnDetectedError() {
-		if (!turnstileState.loginAttemptArmed) {
+	function onLoginIntentCapture(ev) {
+		if (!isLoginPage()) {
 			return;
 		}
-		if (turnstileState.navigatingAway || !onLoginPageNow()) {
-			disarmLoginAttemptWatch();
+		var el = ev.target && ev.target.closest ? ev.target.closest('button, input[type="submit"], a') : null;
+		if (!el) {
 			return;
 		}
-		if (!hasLoginErrorVisible()) {
+		var text = ((el.textContent || '') + ' ' + (el.value || '')).toLowerCase();
+		var component = (el.getAttribute && (el.getAttribute('component') || '')) || '';
+		var action = (el.getAttribute && (el.getAttribute('data-action') || '')) || '';
+		var type = (el.getAttribute && (el.getAttribute('type') || '')) || '';
+		var maybeLogin = component.indexOf('login') !== -1 || action.toLowerCase().indexOf('login') !== -1 || text.indexOf('log in') !== -1 || text.indexOf('login') !== -1 || type === 'submit';
+		if (!maybeLogin) {
 			return;
 		}
-		var targetId = getCurrentLoginTurnstileTargetId();
-		if (targetId && document.getElementById(targetId)) {
-			resetTurnstileWidget(targetId);
-		}
-		disarmLoginAttemptWatch();
+		window.setTimeout(watchForLoginFailureAndReset, 0);
 	}
-	function scheduleLoginTurnstileReset() {
-		// Arm a short-lived watcher and reset only when an actual login error is rendered.
-		turnstileState.navigatingAway = false;
-		disarmLoginAttemptWatch();
-		turnstileState.loginAttemptArmed = true;
-		if (window.MutationObserver) {
-			turnstileState.loginErrorObserver = new MutationObserver(function () {
-				resetLoginTurnstileOnDetectedError();
-			});
-			turnstileState.loginErrorObserver.observe(document.body, { childList: true, subtree: true, characterData: true });
+	function onLoginKeydownCapture(ev) {
+		if (!isLoginPage() || ev.key !== 'Enter') {
+			return;
 		}
-		// Poll briefly as a fallback for themes that toggle classes/text without obvious DOM insertions.
-		[250, 600, 1000, 1600, 2400, 3400].forEach(function (delay) {
-			var timerId = window.setTimeout(function () {
-				resetLoginTurnstileOnDetectedError();
-			}, delay);
-			turnstileState.loginResetTimers.push(timerId);
-		});
-		// Stop watching after a while to avoid stale observers.
-		var cleanupTimerId = window.setTimeout(function () {
-			if (!turnstileState.navigatingAway && onLoginPageNow()) {
-				// no-op: just let the user try again manually if no explicit error was detected
-			}
-			disarmLoginAttemptWatch();
-		}, 6000);
-		turnstileState.loginResetTimers.push(cleanupTimerId);
-	}
-	window.addEventListener('beforeunload', function () {
-		turnstileState.navigatingAway = true;
-		disarmLoginAttemptWatch();
-	});
-	window.addEventListener('pagehide', function () {
-		turnstileState.navigatingAway = true;
-		disarmLoginAttemptWatch();
-	});
-	function bindLoginRetryReset() {
-		if (turnstileState.loginBindingsAttached) {
+		var input = ev.target;
+		if (!input || input.tagName !== 'INPUT') {
 			return;
 		}
-		turnstileState.loginBindingsAttached = true;
-		function loginSubmitTrigger() {
-			scheduleLoginTurnstileReset();
+		var type = (input.type || '').toLowerCase();
+		var name = (input.name || '').toLowerCase();
+		if (type === 'password' || name === 'password' || name === 'username' || name === 'email') {
+			window.setTimeout(watchForLoginFailureAndReset, 0);
 		}
-		// Native capture listeners only (avoid duplicate handlers/race conditions with jQuery delegates).
-		document.addEventListener('click', function (ev) {
-			var btn = ev.target && ev.target.closest ? ev.target.closest('[component="login/submit"], #login [type="submit"], form[action*="/login"] [type="submit"], form[data-action="login"] [type="submit"], button[type="submit"]') : null;
-			if (!btn) {
-				return;
-			}
-			var inLogin = btn.closest && btn.closest('#login, form[action*="/login"], form[data-action="login"], [component="login"]');
-			if (inLogin || (ajaxify.data && ajaxify.data.tpl_url === 'login')) {
-				loginSubmitTrigger();
-			}
-		}, true);
-		// Enter key in login fields for themes that trigger login without a click event.
-		document.addEventListener('keydown', function (ev) {
-			if (ev.key !== 'Enter') {
-				return;
-			}
-			var el = ev.target;
-			if (!el || !el.closest) {
-				return;
-			}
-			var inLogin = el.closest('#login, form[action*="/login"], form[data-action="login"], [component="login"]');
-			if (inLogin || (ajaxify.data && ajaxify.data.tpl_url === 'login')) {
-				loginSubmitTrigger();
-			}
-		}, true);
 	}
-function renderTurnstileIfNeeded(isLoginPage) {
+	function renderTurnstileIfNeeded(isLoginTpl) {
 		var args = getTurnstileArgs();
-		if (!args || (isLoginPage && !args.addLoginTurnstile)) {
+		if (!args || (isLoginTpl && !args.addLoginTurnstile)) {
 			return;
 		}
@@ -218,17 +179,9 @@ function renderTurnstileIfNeeded(isLoginPage) {
 					return;
 				}
 				var target = document.getElementById(args.targetId);
-				if (!target) {
-					return;
-				}
-				if (target.dataset.turnstileRendered === '1') {
-					if (isLoginPage) {
-						bindLoginRetryReset();
-					}
+				if (!target || target.dataset.turnstileRendered === '1') {
 					return;
 				}
 				var widgetId = turnstile.render('#' + args.targetId, {
 					sitekey: args.siteKey,
 					theme: args.theme || 'auto',
@@ -245,16 +198,20 @@ function renderTurnstileIfNeeded(isLoginPage) {
 						require(['alerts'], function (alerts) { alerts.error('[[spam-be-gone:captcha-not-verified]]'); });
 					},
 					'expired-callback': function () {
-						resetTurnstileWidget(args.targetId);
+						if (isLoginTpl) {
+							clearLoginErrorWatch();
+						}
 					},
 					'timeout-callback': function () {
-						resetTurnstileWidget(args.targetId);
+						if (isLoginTpl) {
+							clearLoginErrorWatch();
+						}
 					},
 				});
 				target.dataset.turnstileRendered = '1';
-				turnstileState.widgets[args.targetId] = widgetId;
-				if (isLoginPage) {
-					bindLoginRetryReset();
+				if (isLoginTpl) {
+					loginTurnstile.widgetId = widgetId;
+					bindLoginRetryResetHandlers();
 				}
 			})
 			.catch(function () {
@@ -293,6 +250,7 @@ function renderTurnstileIfNeeded(isLoginPage) {
 	}
 	$(window).on('action:ajaxify.end', function (evt, data) {
+		clearLoginErrorWatch();
 		switch (data.tpl_url) {
 			case 'register':
 				renderTurnstileIfNeeded(false);

package/CHANGELOG.md DELETED Viewed

@@ -1,78 +0,0 @@
-# Changelog
-All notable changes to this project will be documented in this file.
-## [1.0.9] - 2026-02-25
-### Fixed
-- Fixed login success flow causing an unnecessary Turnstile refresh shortly before redirect.
-- Login retry reset now triggers only when a login error is actually detected on the page.
-### Improved
-- Added navigation-aware cleanup (`beforeunload`/`pagehide`) to avoid reset races during successful login redirects.
-- Reworked login retry watcher to use short-lived DOM error detection + fallback polling instead of blind timed resets.
-## [1.0.8] - 2026-02-25
-### Fixed
-- Fixed Turnstile login retry reset in themes/login flows where previous click/enter hooks did not reliably trigger the widget reset.
-- Made login retry reset logic target the current Turnstile container dynamically instead of relying on a stale target id.
-- Added a fallback reset trigger when login error alerts are rendered on the login page.
-## [1.0.7] - 2026-02-25
-### Fixed
-- Login retry Turnstile reset now uses native event listeners only (removed jQuery delegated login listeners).
-- Prevented duplicate retry-reset triggers caused by mixed jQuery + native listeners on some NodeBB themes.
-### Changed
-- Simplified login retry detection to click + Enter key flows (removed submit listener).
-## [1.0.6] - 2026-02-25
-### Fixed
-- Fixed login retry Turnstile reset trigger on NodeBB login flows that do not emit the expected jQuery submit/click events.
-- Prevented missing reset after failed login without page reload by adding capture-phase submit/click/Enter listeners.
-## [1.0.5] - 2026-02-25
-### Fixed
-- Fixed Turnstile not resetting after a failed login attempt when retrying on the same page.
-- Reset is now triggered after login submit if the user remains on the login page, even if the hidden Turnstile token input has already been cleared by client-side login logic.
-## [1.0.4] - 2026-02-25
-### Fixed
-- Fixed login UX regression where the Turnstile widget was resetting while typing in the username/password fields.
-- Turnstile now resets only after a login submission retry flow (failed login without page reload), not on every keystroke.
-## [1.0.3] - 2026-02-25
-### Fixed
-- Fixed Cloudflare Turnstile failure on login retry without page reload.
-- Reset Turnstile widget automatically after a failed login attempt (Turnstile tokens are single-use).
-- Improved login flow reliability when users retry authentication on the same page.
-### Improved
-- Added safer Turnstile widget state handling on the login form.
-- Added callbacks handling for expired/timeout token states.
-- Better UX during repeated login attempts without manual refresh.
-- Removed deprecated `stopforumspam` npm dependency and replaced it with direct StopForumSpam API requests using native `fetch` (eliminates `q` / `node-domexception` install warnings).
-## [1.0.2] - 2026-02-25
-### UI
-- Replaced visible 'Turnstile' label with a more user-friendly label:
-  - French: `Vérification de sécurité`
-## [1.0.1] - 2026-02-25
-### Changed
-- Refactored plugin for NodeBB 4.x compatibility.
-- Removed legacy reCAPTCHA and hCaptcha integrations.
-- Added Cloudflare Turnstile support (register + optional login protection).
-- Simplified package/tooling for a minimal runtime-focused plugin setup.
-### Docs
-- Rewrote README in English (Turnstile-only, no images).
-- Added npm-ready/publish-ready package metadata and documentation.