@arnaudw38/nodebb-plugin-spam-be-gone 1.0.8 → 1.0.9

package/library.js

@@ -4,6 +4,7 @@ const util = require('util');
 const https = require('https');
 const querystring = require('querystring');
 const Honeypot = require('project-honeypot');
+const stopforumspam = require('stopforumspam');
 
 const winston = require.main.require('winston');
 const nconf = require.main.require('nconf');
@@ -99,6 +100,9 @@ Plugin.load = async function (params) {
 	if (!settings.akismetMinReputationHam) {
 		settings.akismetMinReputationHam = 10;
 	}
+	if (settings.stopforumspamApiKey) {
+		stopforumspam.Key(settings.stopforumspamApiKey);
+	}
 
 	pluginSettings = settings;
 
@@ -133,7 +137,7 @@ Plugin.report = async function (req, res, next) {
 		if (isAdmin) {
 			return res.status(403).send({ message: '[[spam-be-gone:cant-report-admin]]' });
 		}
-		await stopForumSpamSubmit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
+		await stopforumspam.submit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}`);
@@ -148,7 +152,7 @@ Plugin.reportFromQueue = async (req, res) => {
 	}
 	const submitData = { ip: data.ip, email: data.email, username: data.username };
 	try {
-		await stopForumSpamSubmit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
+		await stopforumspam.submit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}\n${JSON.stringify(submitData, null, 4)}`);
@@ -279,7 +283,7 @@ Plugin.getRegistrationQueue = async function (data) {
 async function augmentWitSpamData(user) {
 	try {
 		user.ip = user.ip.replace('::ffff:', '');
-		let body = await stopForumSpamLookup({ ip: user.ip, email: user.email, username: user.username });
+		let body = await stopforumspam.isSpammer({ ip: user.ip, email: user.email, username: user.username, f: 'json' });
 		if (!body) {
 			body = { success: 1, username: { frequency: 0, appears: 0 }, email: { frequency: 0, appears: 0 }, ip: { frequency: 0, appears: 0, asn: null } };
 		}
@@ -392,71 +396,6 @@ Plugin._turnstileCheck = async function (req) {
 	});
 };
 
-
-async function stopForumSpamLookup({ ip, email, username }) {
-	const params = new URLSearchParams();
-	params.set('f', 'json');
-	if (ip) params.set('ip', ip);
-	if (email) params.set('email', email);
-	if (username) params.set('username', username);
-
-	const res = await fetch(`https://api.stopforumspam.org/api?${params.toString()}`, {
-		headers: {
-			accept: 'application/json',
-			'user-agent': pluginData.id,
-		},
-	});
-
-	if (!res.ok) {
-		throw new Error(`StopForumSpam lookup failed (${res.status})`);
-	}
-
-	return await res.json();
-}
-
-async function stopForumSpamSubmit({ ip, email, username }, evidence) {
-	if (!pluginSettings.stopforumspamApiKey) {
-		throw new Error('[[spam-be-gone:sfs-api-key-not-set]]');
-	}
-
-	const body = new URLSearchParams();
-	body.set('api_key', pluginSettings.stopforumspamApiKey);
-	body.set('api', 'json');
-	if (ip) body.set('ip_addr', ip);
-	if (email) body.set('email', email);
-	if (username) body.set('username', username);
-	if (evidence) body.set('evidence', evidence);
-
-	const res = await fetch('https://www.stopforumspam.com/add.php', {
-		method: 'POST',
-		headers: {
-			'content-type': 'application/x-www-form-urlencoded',
-			accept: 'application/json, text/plain;q=0.9, */*;q=0.8',
-			'user-agent': pluginData.id,
-		},
-		body: body.toString(),
-	});
-
-	const text = await res.text();
-	if (!res.ok) {
-		throw new Error(`StopForumSpam submit failed (${res.status})`);
-	}
-
-	try {
-		const parsed = JSON.parse(text);
-		if (parsed.success === 0 || parsed.error) {
-			throw new Error(parsed.error || 'StopForumSpam submit failed');
-		}
-		return parsed;
-	} catch (err) {
-		// Some SFS responses can be plain text; consider HTTP 200 success as accepted.
-		if (/error/i.test(text)) {
-			throw err instanceof Error ? err : new Error('StopForumSpam submit failed');
-		}
-		return { success: 1, raw: text };
-	}
-}
-
 Plugin.admin = {
 	menu: function (custom_header, callback) {
 		custom_header.plugins.push({ route: `/plugins/${pluginData.nbbId}`, icon: pluginData.faIcon, name: pluginData.name });

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@arnaudw38/nodebb-plugin-spam-be-gone",
-  "version": "1.0.8",
-  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam API, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
+  "version": "1.0.9",
+  "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
   "main": "library.js",
   "scripts": {},
   "repository": {
@@ -33,7 +33,8 @@
   },
   "dependencies": {
     "async": "^3.2.0",
-    "project-honeypot": "~0.0.0"
+    "project-honeypot": "~0.0.0",
+    "stopforumspam": "^1.3.8"
   },
   "nbbpm": {
     "compatibility": "^4.0.0"
@@ -49,8 +50,7 @@
     "upgrades/",
     "plugin.json",
     "README.md",
-    "LICENSE",
-    "CHANGELOG.md"
+    "LICENSE"
   ],
   "publishConfig": {
     "access": "public"

package/public/js/scripts.js

@@ -5,14 +5,6 @@
 $(function () {
 	var pluginName = 'spam-be-gone';
 	var turnstileScriptUrl = 'https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit';
-	var turnstileState = {
-		widgets: {},
-		loginBindingsAttached: false,
-		loginResetTimers: [],
-		loginErrorObserver: null,
-		loginAttemptArmed: false,
-		navigatingAway: false,
-	};
 
 	function getTurnstileArgs() {
 		return ajaxify.data && ajaxify.data.turnstileArgs;
@@ -33,180 +25,7 @@ $(function () {
 		});
 	}
 
-	function getCurrentTurnstileResponse() {
-		var input = document.querySelector('input[name="cf-turnstile-response"]');
-		return input && input.value;
-	}
-
-	function getCurrentLoginTurnstileTargetId() {
-		var args = getTurnstileArgs();
-		return args && args.targetId;
-	}
-
-	function resetTurnstileWidget(targetId) {
-		if (typeof turnstile === 'undefined') {
-			return false;
-		}
-		targetId = targetId || getCurrentLoginTurnstileTargetId();
-		if (!targetId) {
-			return false;
-		}
-		var widgetId = turnstileState.widgets[targetId];
-		if (widgetId === undefined || widgetId === null) {
-			return false;
-		}
-		try {
-			turnstile.reset(widgetId);
-			return true;
-		} catch (err) {
-			// Ignore reset errors when the widget is already destroyed by navigation.
-			return false;
-		}
-	}
-
-	function onLoginPageNow() {
-		return !ajaxify.data || !ajaxify.data.tpl_url || ajaxify.data.tpl_url === 'login';
-	}
-
-	function hasLoginErrorVisible() {
-		var selectors = [
-			'.alert-danger',
-			'.alert-error',
-			'[component="alerts"] .alert.alert-danger',
-			'[component="alerts/error"]',
-			'.login-error',
-			'.text-danger',
-		];
-		for (var i = 0; i < selectors.length; i += 1) {
-			var nodes = document.querySelectorAll(selectors[i]);
-			for (var j = 0; j < nodes.length; j += 1) {
-				var n = nodes[j];
-				if (n && (n.offsetParent !== null || (n.textContent && n.textContent.trim()))) {
-					return true;
-				}
-			}
-		}
-		return false;
-	}
-
-	function clearLoginResetTimers() {
-		turnstileState.loginResetTimers.forEach(function (timerId) {
-			window.clearTimeout(timerId);
-		});
-		turnstileState.loginResetTimers = [];
-	}
-
-	function disarmLoginAttemptWatch() {
-		turnstileState.loginAttemptArmed = false;
-		clearLoginResetTimers();
-		if (turnstileState.loginErrorObserver) {
-			try {
-				turnstileState.loginErrorObserver.disconnect();
-			} catch (err) {
-				// noop
-			}
-			turnstileState.loginErrorObserver = null;
-		}
-	}
-
-	function resetLoginTurnstileOnDetectedError() {
-		if (!turnstileState.loginAttemptArmed) {
-			return;
-		}
-		if (turnstileState.navigatingAway || !onLoginPageNow()) {
-			disarmLoginAttemptWatch();
-			return;
-		}
-		if (!hasLoginErrorVisible()) {
-			return;
-		}
-		var targetId = getCurrentLoginTurnstileTargetId();
-		if (targetId && document.getElementById(targetId)) {
-			resetTurnstileWidget(targetId);
-		}
-		disarmLoginAttemptWatch();
-	}
-
-	function scheduleLoginTurnstileReset() {
-		// Arm a short-lived watcher and reset only when an actual login error is rendered.
-		turnstileState.navigatingAway = false;
-		disarmLoginAttemptWatch();
-		turnstileState.loginAttemptArmed = true;
-
-		if (window.MutationObserver) {
-			turnstileState.loginErrorObserver = new MutationObserver(function () {
-				resetLoginTurnstileOnDetectedError();
-			});
-			turnstileState.loginErrorObserver.observe(document.body, { childList: true, subtree: true, characterData: true });
-		}
-
-		// Poll briefly as a fallback for themes that toggle classes/text without obvious DOM insertions.
-		[250, 600, 1000, 1600, 2400, 3400].forEach(function (delay) {
-			var timerId = window.setTimeout(function () {
-				resetLoginTurnstileOnDetectedError();
-			}, delay);
-			turnstileState.loginResetTimers.push(timerId);
-		});
-
-		// Stop watching after a while to avoid stale observers.
-		var cleanupTimerId = window.setTimeout(function () {
-			if (!turnstileState.navigatingAway && onLoginPageNow()) {
-				// no-op: just let the user try again manually if no explicit error was detected
-			}
-			disarmLoginAttemptWatch();
-		}, 6000);
-		turnstileState.loginResetTimers.push(cleanupTimerId);
-	}
-
-	window.addEventListener('beforeunload', function () {
-		turnstileState.navigatingAway = true;
-		disarmLoginAttemptWatch();
-	});
-	window.addEventListener('pagehide', function () {
-		turnstileState.navigatingAway = true;
-		disarmLoginAttemptWatch();
-	});
-
-	function bindLoginRetryReset() {
-		if (turnstileState.loginBindingsAttached) {
-			return;
-		}
-		turnstileState.loginBindingsAttached = true;
-
-		function loginSubmitTrigger() {
-			scheduleLoginTurnstileReset();
-		}
-
-		// Native capture listeners only (avoid duplicate handlers/race conditions with jQuery delegates).
-		document.addEventListener('click', function (ev) {
-			var btn = ev.target && ev.target.closest ? ev.target.closest('[component="login/submit"], #login [type="submit"], form[action*="/login"] [type="submit"], form[data-action="login"] [type="submit"], button[type="submit"]') : null;
-			if (!btn) {
-				return;
-			}
-			var inLogin = btn.closest && btn.closest('#login, form[action*="/login"], form[data-action="login"], [component="login"]');
-			if (inLogin || (ajaxify.data && ajaxify.data.tpl_url === 'login')) {
-				loginSubmitTrigger();
-			}
-		}, true);
-
-		// Enter key in login fields for themes that trigger login without a click event.
-		document.addEventListener('keydown', function (ev) {
-			if (ev.key !== 'Enter') {
-				return;
-			}
-			var el = ev.target;
-			if (!el || !el.closest) {
-				return;
-			}
-			var inLogin = el.closest('#login, form[action*="/login"], form[data-action="login"], [component="login"]');
-			if (inLogin || (ajaxify.data && ajaxify.data.tpl_url === 'login')) {
-				loginSubmitTrigger();
-			}
-		}, true);
-
-	}
-
-function renderTurnstileIfNeeded(isLoginPage) {
+	function renderTurnstileIfNeeded(isLoginPage) {
 		var args = getTurnstileArgs();
 		if (!args || (isLoginPage && !args.addLoginTurnstile)) {
 			return;
@@ -218,18 +37,10 @@ function renderTurnstileIfNeeded(isLoginPage) {
 					return;
 				}
 				var target = document.getElementById(args.targetId);
-				if (!target) {
-					return;
-				}
-
-				if (target.dataset.turnstileRendered === '1') {
-					if (isLoginPage) {
-						bindLoginRetryReset();
-					}
+				if (!target || target.dataset.turnstileRendered === '1') {
 					return;
 				}
-
-				var widgetId = turnstile.render('#' + args.targetId, {
+				turnstile.render('#' + args.targetId, {
 					sitekey: args.siteKey,
 					theme: args.theme || 'auto',
 					size: args.size || 'normal',
@@ -244,18 +55,8 @@ function renderTurnstileIfNeeded(isLoginPage) {
 					'error-callback': function () {
 						require(['alerts'], function (alerts) { alerts.error('[[spam-be-gone:captcha-not-verified]]'); });
 					},
-					'expired-callback': function () {
-						resetTurnstileWidget(args.targetId);
-					},
-					'timeout-callback': function () {
-						resetTurnstileWidget(args.targetId);
-					},
 				});
 				target.dataset.turnstileRendered = '1';
-				turnstileState.widgets[args.targetId] = widgetId;
-				if (isLoginPage) {
-					bindLoginRetryReset();
-				}
 			})
 			.catch(function () {
 				require(['alerts'], function (alerts) { alerts.error('Failed to load Cloudflare Turnstile'); });

package/CHANGELOG.md

@@ -1,78 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-## [1.0.9] - 2026-02-25
-
-### Fixed
-- Fixed login success flow causing an unnecessary Turnstile refresh shortly before redirect.
-- Login retry reset now triggers only when a login error is actually detected on the page.
-
-### Improved
-- Added navigation-aware cleanup (`beforeunload`/`pagehide`) to avoid reset races during successful login redirects.
-- Reworked login retry watcher to use short-lived DOM error detection + fallback polling instead of blind timed resets.
-
-## [1.0.8] - 2026-02-25
-
-### Fixed
-- Fixed Turnstile login retry reset in themes/login flows where previous click/enter hooks did not reliably trigger the widget reset.
-- Made login retry reset logic target the current Turnstile container dynamically instead of relying on a stale target id.
-- Added a fallback reset trigger when login error alerts are rendered on the login page.
-
-## [1.0.7] - 2026-02-25
-
-### Fixed
-- Login retry Turnstile reset now uses native event listeners only (removed jQuery delegated login listeners).
-- Prevented duplicate retry-reset triggers caused by mixed jQuery + native listeners on some NodeBB themes.
-
-### Changed
-- Simplified login retry detection to click + Enter key flows (removed submit listener).
-
-## [1.0.6] - 2026-02-25
-
-### Fixed
-- Fixed login retry Turnstile reset trigger on NodeBB login flows that do not emit the expected jQuery submit/click events.
-- Prevented missing reset after failed login without page reload by adding capture-phase submit/click/Enter listeners.
-
-## [1.0.5] - 2026-02-25
-
-### Fixed
-- Fixed Turnstile not resetting after a failed login attempt when retrying on the same page.
-- Reset is now triggered after login submit if the user remains on the login page, even if the hidden Turnstile token input has already been cleared by client-side login logic.
-
-## [1.0.4] - 2026-02-25
-
-### Fixed
-- Fixed login UX regression where the Turnstile widget was resetting while typing in the username/password fields.
-- Turnstile now resets only after a login submission retry flow (failed login without page reload), not on every keystroke.
-
-## [1.0.3] - 2026-02-25
-
-### Fixed
-- Fixed Cloudflare Turnstile failure on login retry without page reload.
-- Reset Turnstile widget automatically after a failed login attempt (Turnstile tokens are single-use).
-- Improved login flow reliability when users retry authentication on the same page.
-
-### Improved
-- Added safer Turnstile widget state handling on the login form.
-- Added callbacks handling for expired/timeout token states.
-- Better UX during repeated login attempts without manual refresh.
-- Removed deprecated `stopforumspam` npm dependency and replaced it with direct StopForumSpam API requests using native `fetch` (eliminates `q` / `node-domexception` install warnings).
-
-## [1.0.2] - 2026-02-25
-
-### UI
-- Replaced visible 'Turnstile' label with a more user-friendly label:
-  - French: `Vérification de sécurité`
-
-## [1.0.1] - 2026-02-25
-
-### Changed
-- Refactored plugin for NodeBB 4.x compatibility.
-- Removed legacy reCAPTCHA and hCaptcha integrations.
-- Added Cloudflare Turnstile support (register + optional login protection).
-- Simplified package/tooling for a minimal runtime-focused plugin setup.
-
-### Docs
-- Rewrote README in English (Turnstile-only, no images).
-- Added npm-ready/publish-ready package metadata and documentation.