npm - @arnaudw38/nodebb-plugin-spam-be-gone - Versions diffs - 1.0.9 → 1.0.11 - Mend

@arnaudw38/nodebb-plugin-spam-be-gone 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/library.js CHANGED Viewed

@@ -4,7 +4,6 @@ const util = require('util');
 const https = require('https');
 const querystring = require('querystring');
 const Honeypot = require('project-honeypot');
-const stopforumspam = require('stopforumspam');
 const winston = require.main.require('winston');
 const nconf = require.main.require('nconf');
@@ -50,6 +49,71 @@ function getTurnstileConfigFromSettings(settings) {
 	};
 }
+function sfsRequest(path, method = 'GET', payload = null) {
+	return new Promise((resolve, reject) => {
+		const body = payload ? querystring.stringify(payload) : null;
+		const options = {
+			hostname: 'api.stopforumspam.org',
+			path,
+			method,
+			headers: {
+				'Accept': 'application/json',
+				'User-Agent': pluginData.id,
+			},
+		};
+		if (body) {
+			options.headers['Content-Type'] = 'application/x-www-form-urlencoded';
+			options.headers['Content-Length'] = Buffer.byteLength(body);
+		}
+		const req = https.request(options, (res) => {
+			let responseData = '';
+			res.on('data', (chunk) => { responseData += chunk; });
+			res.on('end', () => {
+				if (res.statusCode < 200 || res.statusCode >= 300) {
+					return reject(new Error(`StopForumSpam request failed (${res.statusCode})`));
+				}
+				try {
+					resolve(JSON.parse(responseData || '{}'));
+				} catch (err) {
+					reject(new Error('Invalid StopForumSpam response'));
+				}
+			});
+		});
+		req.on('error', reject);
+		if (body) {
+			req.write(body);
+		}
+		req.end();
+	});
+}
+async function sfsIsSpammer({ ip, email, username }) {
+	const params = { f: 'json' };
+	if (ip) { params.ip = ip; }
+	if (email) { params.email = email; }
+	if (username) { params.username = username; }
+	return await sfsRequest(`/api?${querystring.stringify(params)}`);
+}
+async function sfsSubmit({ ip, email, username }, evidence) {
+	if (!pluginSettings.stopforumspamApiKey) {
+		throw new Error('[[spam-be-gone:sfs-api-key-not-set]]');
+	}
+	const payload = {
+		api_key: pluginSettings.stopforumspamApiKey,
+		ip_addr: ip || '',
+		email: email || '',
+		username: username || '',
+		evidence: evidence || '',
+	};
+	const result = await sfsRequest('/add', 'POST', payload);
+	if (result && (result.success === 1 || result.success === true)) {
+		return result;
+	}
+	throw new Error((result && (result.error || result.message)) || 'StopForumSpam submit failed');
+}
 Plugin.middleware.isAdminOrGlobalMod = function (req, res, next) {
 	User.isAdminOrGlobalMod(req.uid, (err, isAdminOrGlobalMod) => {
 		if (err) {
@@ -100,9 +164,6 @@ Plugin.load = async function (params) {
 	if (!settings.akismetMinReputationHam) {
 		settings.akismetMinReputationHam = 10;
 	}
-	if (settings.stopforumspamApiKey) {
-		stopforumspam.Key(settings.stopforumspamApiKey);
-	}
 	pluginSettings = settings;
@@ -137,7 +198,7 @@ Plugin.report = async function (req, res, next) {
 		if (isAdmin) {
 			return res.status(403).send({ message: '[[spam-be-gone:cant-report-admin]]' });
 		}
-		await stopforumspam.submit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
+		await sfsSubmit({ ip: ips[0], email: fields.email, username: fields.username }, `Manual submission from user: ${req.uid} to user: ${fields.uid} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}`);
@@ -152,7 +213,7 @@ Plugin.reportFromQueue = async (req, res) => {
 	}
 	const submitData = { ip: data.ip, email: data.email, username: data.username };
 	try {
-		await stopforumspam.submit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
+		await sfsSubmit(submitData, `Manual submission from user: ${req.uid} to user: ${data.username} via ${pluginData.id}`);
 		res.status(200).json({ message: '[[spam-be-gone:user-reported]]' });
 	} catch (err) {
 		winston.error(`[plugins/${pluginData.nbbId}][report-error] ${err.message}\n${JSON.stringify(submitData, null, 4)}`);
@@ -283,7 +344,7 @@ Plugin.getRegistrationQueue = async function (data) {
 async function augmentWitSpamData(user) {
 	try {
 		user.ip = user.ip.replace('::ffff:', '');
-		let body = await stopforumspam.isSpammer({ ip: user.ip, email: user.email, username: user.username, f: 'json' });
+		let body = await sfsIsSpammer({ ip: user.ip, email: user.email, username: user.username });
 		if (!body) {
 			body = { success: 1, username: { frequency: 0, appears: 0 }, email: { frequency: 0, appears: 0 }, ip: { frequency: 0, appears: 0, asn: null } };
 		}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@arnaudw38/nodebb-plugin-spam-be-gone",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "description": "Anti-spam plugin for NodeBB 4.x using Akismet, StopForumSpam, ProjectHoneyPot, and Cloudflare Turnstile (Turnstile-only fork)",
   "main": "library.js",
   "scripts": {},
@@ -33,8 +33,7 @@
   },
   "dependencies": {
     "async": "^3.2.0",
-    "project-honeypot": "~0.0.0",
-    "stopforumspam": "^1.3.8"
+    "project-honeypot": "~0.0.0"
   },
   "nbbpm": {
     "compatibility": "^4.0.0"

package/public/js/scripts.js CHANGED Viewed

@@ -5,11 +5,22 @@
 $(function () {
 	var pluginName = 'spam-be-gone';
 	var turnstileScriptUrl = 'https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit';
+	var loginTurnstile = {
+		widgetId: null,
+		observer: null,
+		watchTimer: null,
+		isWatching: false,
+	};
 	function getTurnstileArgs() {
 		return ajaxify.data && ajaxify.data.turnstileArgs;
 	}
+	function isLoginPage() {
+		return !!(ajaxify.data && ajaxify.data.template && ajaxify.data.template.name === 'login') ||
+			(window.location.pathname && window.location.pathname.indexOf('/login') !== -1);
+	}
 	function injectScriptOnce(src) {
 		if (document.querySelector('script[src*="turnstile/v0/api.js"]')) {
 			return Promise.resolve();
@@ -25,9 +36,140 @@ $(function () {
 		});
 	}
-	function renderTurnstileIfNeeded(isLoginPage) {
+	function hasLoginErrorVisible() {
+		if (!isLoginPage()) {
+			return false;
+		}
+		var selectors = [
+			'.alert.alert-danger',
+			'.alert-danger',
+			'[component="alerts"] .alert-danger',
+			'[component="login"] .alert-danger',
+			'[component="login/login"] .alert-danger',
+		];
+		return selectors.some(function (sel) {
+			var nodes = document.querySelectorAll(sel);
+			return Array.prototype.some.call(nodes, function (node) {
+				return !!(node && node.offsetParent !== null && node.textContent && node.textContent.trim());
+			});
+		});
+	}
+	function clearLoginErrorWatch() {
+		if (loginTurnstile.observer) {
+			loginTurnstile.observer.disconnect();
+			loginTurnstile.observer = null;
+		}
+		if (loginTurnstile.watchTimer) {
+			clearTimeout(loginTurnstile.watchTimer);
+			loginTurnstile.watchTimer = null;
+		}
+		loginTurnstile.isWatching = false;
+	}
+	function resetLoginTurnstile() {
+		if (!isLoginPage() || typeof turnstile === 'undefined' || !turnstile || typeof turnstile.reset !== 'function') {
+			return;
+		}
 		var args = getTurnstileArgs();
-		if (!args || (isLoginPage && !args.addLoginTurnstile)) {
+		var target = args && args.targetId ? document.getElementById(args.targetId) : null;
+		if (!target) {
+			return;
+		}
+		try {
+			if (loginTurnstile.widgetId !== null && loginTurnstile.widgetId !== undefined) {
+				turnstile.reset(loginTurnstile.widgetId);
+			} else {
+				turnstile.reset(target);
+			}
+		} catch (err) {
+			// ignore reset errors to avoid blocking login UX
+		}
+	}
+	function watchForLoginFailureAndReset() {
+		if (!isLoginPage() || loginTurnstile.isWatching) {
+			return;
+		}
+		if (typeof turnstile === 'undefined' || !turnstile) {
+			return;
+		}
+		loginTurnstile.isWatching = true;
+		// Fast path in case an error is already present
+		if (hasLoginErrorVisible()) {
+			resetLoginTurnstile();
+			clearLoginErrorWatch();
+			return;
+		}
+		var body = document.body;
+		if (body && typeof MutationObserver !== 'undefined') {
+			loginTurnstile.observer = new MutationObserver(function () {
+				if (hasLoginErrorVisible()) {
+					resetLoginTurnstile();
+					clearLoginErrorWatch();
+				}
+			});
+			loginTurnstile.observer.observe(body, { childList: true, subtree: true, attributes: true });
+		}
+		// Auto-cleanup if success navigation happens or no error is shown
+		loginTurnstile.watchTimer = window.setTimeout(function () {
+			clearLoginErrorWatch();
+		}, 5000);
+	}
+	function bindLoginRetryResetHandlers() {
+		document.removeEventListener('click', onLoginIntentCapture, true);
+		document.removeEventListener('keydown', onLoginKeydownCapture, true);
+		window.removeEventListener('beforeunload', clearLoginErrorWatch);
+		window.removeEventListener('pagehide', clearLoginErrorWatch);
+		document.addEventListener('click', onLoginIntentCapture, true);
+		document.addEventListener('keydown', onLoginKeydownCapture, true);
+		window.addEventListener('beforeunload', clearLoginErrorWatch);
+		window.addEventListener('pagehide', clearLoginErrorWatch);
+	}
+	function onLoginIntentCapture(ev) {
+		if (!isLoginPage()) {
+			return;
+		}
+		var el = ev.target && ev.target.closest ? ev.target.closest('button, input[type="submit"], a') : null;
+		if (!el) {
+			return;
+		}
+		var text = ((el.textContent || '') + ' ' + (el.value || '')).toLowerCase();
+		var component = (el.getAttribute && (el.getAttribute('component') || '')) || '';
+		var action = (el.getAttribute && (el.getAttribute('data-action') || '')) || '';
+		var type = (el.getAttribute && (el.getAttribute('type') || '')) || '';
+		var maybeLogin = component.indexOf('login') !== -1 || action.toLowerCase().indexOf('login') !== -1 || text.indexOf('log in') !== -1 || text.indexOf('login') !== -1 || type === 'submit';
+		if (!maybeLogin) {
+			return;
+		}
+		window.setTimeout(watchForLoginFailureAndReset, 0);
+	}
+	function onLoginKeydownCapture(ev) {
+		if (!isLoginPage() || ev.key !== 'Enter') {
+			return;
+		}
+		var input = ev.target;
+		if (!input || input.tagName !== 'INPUT') {
+			return;
+		}
+		var type = (input.type || '').toLowerCase();
+		var name = (input.name || '').toLowerCase();
+		if (type === 'password' || name === 'password' || name === 'username' || name === 'email') {
+			window.setTimeout(watchForLoginFailureAndReset, 0);
+		}
+	}
+	function renderTurnstileIfNeeded(isLoginTpl) {
+		var args = getTurnstileArgs();
+		if (!args || (isLoginTpl && !args.addLoginTurnstile)) {
 			return;
 		}
@@ -40,7 +182,7 @@ $(function () {
 				if (!target || target.dataset.turnstileRendered === '1') {
 					return;
 				}
-				turnstile.render('#' + args.targetId, {
+				var widgetId = turnstile.render('#' + args.targetId, {
 					sitekey: args.siteKey,
 					theme: args.theme || 'auto',
 					size: args.size || 'normal',
@@ -55,8 +197,22 @@ $(function () {
 					'error-callback': function () {
 						require(['alerts'], function (alerts) { alerts.error('[[spam-be-gone:captcha-not-verified]]'); });
 					},
+					'expired-callback': function () {
+						if (isLoginTpl) {
+							clearLoginErrorWatch();
+						}
+					},
+					'timeout-callback': function () {
+						if (isLoginTpl) {
+							clearLoginErrorWatch();
+						}
+					},
 				});
 				target.dataset.turnstileRendered = '1';
+				if (isLoginTpl) {
+					loginTurnstile.widgetId = widgetId;
+					bindLoginRetryResetHandlers();
+				}
 			})
 			.catch(function () {
 				require(['alerts'], function (alerts) { alerts.error('Failed to load Cloudflare Turnstile'); });
@@ -94,6 +250,7 @@ $(function () {
 	}
 	$(window).on('action:ajaxify.end', function (evt, data) {
+		clearLoginErrorWatch();
 		switch (data.tpl_url) {
 			case 'register':
 				renderTurnstileIfNeeded(false);