@lordbex/thelounge 4.4.3-blowfish → 4.5.0-blowfish-pre

package/dist/server/plugins/auth/ldap.js

@@ -1,102 +1,153 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const ldapjs_1 = __importDefault(require("ldapjs"));
-const chalk_1 = __importDefault(require("chalk"));
-const log_1 = __importDefault(require("../../log"));
-const config_1 = __importDefault(require("../../config"));
-function ldapAuthCommon(user, bindDN, password, callback) {
-    const config = config_1.default.values;
-    const ldapclient = ldapjs_1.default.createClient({
+import { Client, InvalidCredentialsError } from "ldapts";
+import colors from "chalk";
+import log from "../../log.js";
+import Config from "../../config.js";
+const CONNECTION_ERROR_CODES = new Set([
+    "ECONNREFUSED",
+    "ECONNRESET",
+    "ENOTFOUND",
+    "ETIMEDOUT",
+    "EHOSTUNREACH",
+    "EAI_AGAIN",
+]);
+function errorToString(err) {
+    if (err instanceof Error) {
+        return err.toString();
+    }
+    return String(err);
+}
+function isConnectionError(err) {
+    if (!err || typeof err !== "object") {
+        return false;
+    }
+    const code = err.code;
+    if (code && CONNECTION_ERROR_CODES.has(code)) {
+        return true;
+    }
+    if (typeof err.message === "string") {
+        const message = err.message;
+        for (const possibleCode of CONNECTION_ERROR_CODES) {
+            if (message.includes(possibleCode)) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+async function safeUnbind(client) {
+    try {
+        await client.unbind();
+    }
+    catch {
+        // Ignore unbind errors
+    }
+}
+async function ldapAuthCommon(user, bindDN, password, callback) {
+    const config = Config.values;
+    const ldapclient = new Client({
         url: config.ldap.url,
         tlsOptions: config.ldap.tlsOptions,
     });
-    ldapclient.on("error", function (err) {
-        log_1.default.error(`Unable to connect to LDAP server: ${err.toString()}`);
-        callback(false);
-    });
-    ldapclient.bind(bindDN, password, function (err) {
-        ldapclient.unbind();
-        if (err) {
-            log_1.default.error(`LDAP bind failed: ${err.toString()}`);
-            callback(false);
+    let success = false;
+    let caughtError;
+    try {
+        await ldapclient.bind(bindDN, password);
+        success = true;
+    }
+    catch (err) {
+        caughtError = err;
+    }
+    await safeUnbind(ldapclient);
+    if (success) {
+        callback(true);
+        return;
+    }
+    if (caughtError) {
+        if (isConnectionError(caughtError)) {
+            log.error(`Unable to connect to LDAP server: ${errorToString(caughtError)}`);
         }
         else {
-            callback(true);
+            log.error(`LDAP bind failed: ${errorToString(caughtError)}`);
         }
-    });
+    }
+    else {
+        log.error("LDAP bind failed");
+    }
+    callback(false);
 }
 function simpleLdapAuth(user, password, callback) {
     if (!user || !password) {
         return callback(false);
     }
-    const config = config_1.default.values;
+    const config = Config.values;
     const userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1");
     const bindDN = `${config.ldap.primaryKey}=${userDN},${config.ldap.baseDN || ""}`;
-    log_1.default.info(`Auth against LDAP ${config.ldap.url} with provided bindDN ${bindDN}`);
-    ldapAuthCommon(user, bindDN, password, callback);
+    log.info(`Auth against LDAP ${config.ldap.url} with provided bindDN ${bindDN}`);
+    void ldapAuthCommon(user, bindDN, password, callback);
 }
 /**
  * LDAP auth using initial DN search (see config comment for ldap.searchDN)
  */
 function advancedLdapAuth(user, password, callback) {
     if (!user || !password) {
-        return callback(false);
+        callback(false);
+        return;
     }
-    const config = config_1.default.values;
+    const config = Config.values;
     const userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1");
-    const ldapclient = ldapjs_1.default.createClient({
-        url: config.ldap.url,
-        tlsOptions: config.ldap.tlsOptions,
-    });
-    const base = config.ldap.searchDN.base;
-    const searchOptions = {
-        scope: config.ldap.searchDN.scope,
-        filter: `(&(${config.ldap.primaryKey}=${userDN})${config.ldap.searchDN.filter})`,
-        attributes: ["dn"],
-    };
-    ldapclient.on("error", function (err) {
-        log_1.default.error(`Unable to connect to LDAP server: ${err.toString()}`);
-        callback(false);
-    });
-    ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword, function (err) {
-        if (err) {
-            log_1.default.error("Invalid LDAP root credentials");
-            ldapclient.unbind();
+    void (async () => {
+        const ldapclient = new Client({
+            url: config.ldap.url,
+            tlsOptions: config.ldap.tlsOptions,
+        });
+        const base = config.ldap.searchDN.base;
+        const searchOptions = {
+            scope: config.ldap.searchDN.scope,
+            filter: `(&(${config.ldap.primaryKey}=${userDN})${config.ldap.searchDN.filter})`,
+            attributes: ["dn"],
+        };
+        try {
+            await ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword);
+        }
+        catch (err) {
+            if (err instanceof InvalidCredentialsError) {
+                log.error("Invalid LDAP root credentials");
+            }
+            else if (isConnectionError(err)) {
+                log.error(`Unable to connect to LDAP server: ${errorToString(err)}`);
+            }
+            else {
+                log.error(`LDAP error: ${errorToString(err)}`);
+            }
+            await safeUnbind(ldapclient);
             callback(false);
             return;
         }
-        ldapclient.search(base, searchOptions, function (err2, res) {
-            if (err2) {
-                log_1.default.warn(`LDAP User not found: ${userDN}`);
-                ldapclient.unbind();
-                callback(false);
-                return;
+        let searchResult;
+        try {
+            searchResult = await ldapclient.search(base, searchOptions);
+        }
+        catch (err) {
+            if (isConnectionError(err)) {
+                log.error(`Unable to connect to LDAP server: ${errorToString(err)}`);
             }
-            let found = false;
-            res.on("searchEntry", function (entry) {
-                found = true;
-                const bindDN = entry.objectName;
-                log_1.default.info(`Auth against LDAP ${config.ldap.url} with found bindDN ${bindDN || ""}`);
-                ldapclient.unbind();
-                // TODO: Fix type !
-                ldapAuthCommon(user, bindDN, password, callback);
-            });
-            res.on("error", function (err3) {
-                log_1.default.error(`LDAP error: ${err3.toString()}`);
-                callback(false);
-            });
-            res.on("end", function (result) {
-                ldapclient.unbind();
-                if (!found) {
-                    log_1.default.warn(`LDAP Search did not find anything for: ${userDN} (${result?.status.toString() || "unknown"})`);
-                    callback(false);
-                }
-            });
-        });
-    });
+            else {
+                log.warn(`LDAP User not found: ${userDN}`);
+            }
+            await safeUnbind(ldapclient);
+            callback(false);
+            return;
+        }
+        await safeUnbind(ldapclient);
+        if (!searchResult.searchEntries.length) {
+            log.warn(`LDAP Search did not find anything for: ${userDN}`);
+            callback(false);
+            return;
+        }
+        const bindDN = searchResult.searchEntries[0].dn;
+        log.info(`Auth against LDAP ${config.ldap.url} with found bindDN ${bindDN}`);
+        void ldapAuthCommon(user, bindDN, password, callback);
+    })();
 }
 const ldapAuth = (manager, client, user, password, callback) => {
     // TODO: Enable the use of starttls() as an alternative to ldaps
@@ -109,7 +160,7 @@ const ldapAuth = (manager, client, user, password, callback) => {
         callback(valid);
     }
     let auth;
-    if ("baseDN" in config_1.default.values.ldap) {
+    if ("baseDN" in Config.values.ldap) {
         auth = simpleLdapAuth;
     }
     else {
@@ -122,54 +173,68 @@ const ldapAuth = (manager, client, user, password, callback) => {
  * via the supplied callback function.
  */
 function advancedLdapLoadUsers(users, callbackLoadUser) {
-    const config = config_1.default.values;
-    const ldapclient = ldapjs_1.default.createClient({
-        url: config.ldap.url,
-        tlsOptions: config.ldap.tlsOptions,
-    });
-    const base = config.ldap.searchDN.base;
-    ldapclient.on("error", function (err) {
-        log_1.default.error(`Unable to connect to LDAP server: ${err.toString()}`);
-    });
-    ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword, function (err) {
-        if (err) {
-            log_1.default.error("Invalid LDAP root credentials");
-            return true;
+    const config = Config.values;
+    void (async () => {
+        const ldapclient = new Client({
+            url: config.ldap.url,
+            tlsOptions: config.ldap.tlsOptions,
+        });
+        try {
+            await ldapclient.bind(config.ldap.searchDN.rootDN, config.ldap.searchDN.rootPassword);
+        }
+        catch (err) {
+            if (err instanceof InvalidCredentialsError) {
+                log.error("Invalid LDAP root credentials");
+            }
+            else if (isConnectionError(err)) {
+                log.error(`Unable to connect to LDAP server: ${errorToString(err)}`);
+            }
+            else {
+                log.error(`LDAP error: ${errorToString(err)}`);
+            }
+            await safeUnbind(ldapclient);
+            return;
         }
         const remainingUsers = new Set(users);
+        const base = config.ldap.searchDN.base;
         const searchOptions = {
             scope: config.ldap.searchDN.scope,
             filter: `${config.ldap.searchDN.filter}`,
             attributes: [config.ldap.primaryKey],
             paged: true,
         };
-        ldapclient.search(base, searchOptions, function (err2, res) {
-            if (err2) {
-                log_1.default.error(`LDAP search error: ${err2?.toString()}`);
-                return true;
+        let searchResult;
+        try {
+            searchResult = await ldapclient.search(base, searchOptions);
+        }
+        catch (err) {
+            if (isConnectionError(err)) {
+                log.error(`Unable to connect to LDAP server: ${errorToString(err)}`);
+            }
+            else {
+                log.error(`LDAP search error: ${errorToString(err)}`);
+            }
+            await safeUnbind(ldapclient);
+            return;
+        }
+        await safeUnbind(ldapclient);
+        for (const entry of searchResult.searchEntries) {
+            const userAttr = entry[config.ldap.primaryKey];
+            const user = Array.isArray(userAttr) ? userAttr[0] : userAttr;
+            const userStr = typeof user === "string" ? user : String(user);
+            if (remainingUsers.has(userStr)) {
+                remainingUsers.delete(userStr);
+                callbackLoadUser(userStr);
             }
-            res.on("searchEntry", function (entry) {
-                const user = entry.attributes[0].vals[0].toString();
-                if (remainingUsers.has(user)) {
-                    remainingUsers.delete(user);
-                    callbackLoadUser(user);
-                }
-            });
-            res.on("error", function (err3) {
-                log_1.default.error(`LDAP error: ${err3.toString()}`);
-            });
-            res.on("end", function () {
-                remainingUsers.forEach((user) => {
-                    log_1.default.warn(`No account info in LDAP for ${chalk_1.default.bold(user)} but user config file exists`);
-                });
-            });
+        }
+        remainingUsers.forEach((user) => {
+            log.warn(`No account info in LDAP for ${colors.bold(user)} but user config file exists`);
         });
-        ldapclient.unbind();
-    });
+    })();
     return true;
 }
 function ldapLoadUsers(users, callbackLoadUser) {
-    if ("baseDN" in config_1.default.values.ldap) {
+    if ("baseDN" in Config.values.ldap) {
         // simple LDAP case can't test for user existence without access to the
         // user's unhashed password, so indicate need to fallback to default
         // loadUser behaviour by returning false
@@ -178,9 +243,9 @@ function ldapLoadUsers(users, callbackLoadUser) {
     return advancedLdapLoadUsers(users, callbackLoadUser);
 }
 function isLdapEnabled() {
-    return !config_1.default.values.public && config_1.default.values.ldap.enable;
+    return !Config.values.public && Config.values.ldap.enable;
 }
-exports.default = {
+export default {
     moduleName: "ldap",
     auth: ldapAuth,
     isEnabled: isLdapEnabled,

package/dist/server/plugins/auth/local.js

@@ -1,11 +1,6 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const chalk_1 = __importDefault(require("chalk"));
-const log_1 = __importDefault(require("../../log"));
-const helper_1 = __importDefault(require("../../helper"));
+import colors from "chalk";
+import log from "../../log.js";
+import Helper from "../../helper.js";
 const localAuth = (_manager, client, user, password, callback) => {
     // If no user is found, or if the client has not provided a password,
     // fail the authentication straight away
@@ -14,27 +9,27 @@ const localAuth = (_manager, client, user, password, callback) => {
     }
     // If this user has no password set, fail the authentication
     if (!client.config.password) {
-        log_1.default.error(`User ${chalk_1.default.bold(user)} with no local password set tried to sign in. (Probably a LDAP user)`);
+        log.error(`User ${colors.bold(user)} with no local password set tried to sign in. (Probably a LDAP user)`);
         return callback(false);
     }
-    helper_1.default.password
+    Helper.password
         .compare(password, client.config.password)
         .then((matching) => {
-        if (matching && helper_1.default.password.requiresUpdate(client.config.password)) {
-            const hash = helper_1.default.password.hash(password);
+        if (matching && Helper.password.requiresUpdate(client.config.password)) {
+            const hash = Helper.password.hash(password);
             client.setPassword(hash, (success) => {
                 if (success) {
-                    log_1.default.info(`User ${chalk_1.default.bold(client.name)} logged in and their hashed password has been updated to match new security requirements`);
+                    log.info(`User ${colors.bold(client.name)} logged in and their hashed password has been updated to match new security requirements`);
                 }
             });
         }
         callback(matching);
     })
         .catch((error) => {
-        log_1.default.error(`Error while checking users password. Error: ${error}`);
+        log.error(`Error while checking users password. Error: ${error}`);
     });
 };
-exports.default = {
+export default {
     moduleName: "local",
     auth: localAuth,
     isEnabled: () => true,

package/dist/server/plugins/auth.js

@@ -1,36 +1,8 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const chalk_1 = __importDefault(require("chalk"));
-const log_1 = __importDefault(require("../log"));
+import colors from "chalk";
+import log from "../log.js";
 // The order defines priority: the first available plugin is used.
 // Always keep 'local' auth plugin at the end of the list; it should always be enabled.
-const plugins = [Promise.resolve().then(() => __importStar(require("./auth/ldap"))), Promise.resolve().then(() => __importStar(require("./auth/local")))];
+const plugins = [import("./auth/ldap.js"), import("./auth/local.js")];
 const toExport = {
     moduleName: "<module with no name>",
     // Must override: implements authentication mechanism
@@ -42,7 +14,6 @@ const toExport = {
     loadUsers: () => false,
     // local auth should always be enabled, but check here to verify
     initialized: false,
-    // TODO: fix typing
     async initialize() {
         if (toExport.initialized) {
             return;
@@ -59,12 +30,12 @@ const toExport = {
             }
         }
         if (!toExport.initialized) {
-            log_1.default.error("None of the auth plugins is enabled");
+            log.error("None of the auth plugins is enabled");
         }
     },
 };
 function unimplemented(funcName) {
-    log_1.default.debug(`Auth module ${chalk_1.default.bold(toExport.moduleName)} doesn't implement function ${chalk_1.default.bold(funcName)}`);
+    log.debug(`Auth module ${colors.bold(toExport.moduleName)} doesn't implement function ${colors.bold(funcName)}`);
 }
 // Default API implementations
-exports.default = toExport;
+export default toExport;

package/dist/server/plugins/changelog.js

@@ -1,23 +1,19 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const got_1 = __importDefault(require("got"));
-const chalk_1 = __importDefault(require("chalk"));
-const log_1 = __importDefault(require("../log"));
-const package_json_1 = __importDefault(require("../../package.json"));
-const config_1 = __importDefault(require("../config"));
+import colors from "chalk";
+import log from "../log.js";
+import pkg from "../../package.json" with { type: "json" };
 const TIME_TO_LIVE = 15 * 60 * 1000; // 15 minutes, in milliseconds
-exports.default = {
+let updateCheckTimeout = null;
+const changelog = {
     isUpdateAvailable: false,
     fetch,
     checkForUpdates,
+    stopUpdateChecks,
 };
+export default changelog;
 const versions = {
     current: {
         prerelease: false,
-        version: `v${package_json_1.default.version}`,
+        version: `v${pkg.version}`,
         changelog: undefined,
         url: "", // TODO: properly init
     },
@@ -32,31 +28,32 @@ async function fetch() {
         return versions;
     }
     try {
-        const response = await (0, got_1.default)("https://api.github.com/repos/thelounge/thelounge/releases", {
+        const fetchOptions = {
             headers: {
                 Accept: "application/vnd.github.v3.html", // Request rendered markdown
-                "User-Agent": package_json_1.default.name + "; +" + package_json_1.default.repository.url, // Identify the client
+                "User-Agent": pkg.name + "; +" + pkg.repository.url, // Identify the client
             },
-            localAddress: config_1.default.values.bind,
-        });
-        if (response.statusCode !== 200) {
+        };
+        const response = await globalThis.fetch("https://api.github.com/repos/lordbex/thelounge/releases", fetchOptions);
+        if (response.status !== 200) {
             return versions;
         }
-        updateVersions(response);
-        // Add expiration date to the data to send to the client for later refresh
+        const body = await response.text();
+        updateVersions(body);
+        // Add the expiration date to the data to send to the client for later refresh
         versions.expiresAt = time + TIME_TO_LIVE;
     }
     catch (error) {
         // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
-        log_1.default.error(`Failed to fetch changelog: ${error}`);
+        log.error(`Failed to fetch changelog: ${error}`);
     }
     return versions;
 }
-function updateVersions(response) {
+function updateVersions(responseBody) {
     let i;
     let release;
     let prerelease = false;
-    const body = JSON.parse(response.body);
+    const body = JSON.parse(responseBody);
     // Find the current release among releases on GitHub
     for (i = 0; i < body.length; i++) {
         release = body[i];
@@ -72,7 +69,7 @@ function updateVersions(response) {
             release = body[j];
             // Find latest release or pre-release if current version is also a pre-release
             if (!release.prerelease || release.prerelease === prerelease) {
-                module.exports.isUpdateAvailable = true;
+                changelog.isUpdateAvailable = true;
                 versions.latest = {
                     prerelease: release.prerelease,
                     version: release.tag_name,
@@ -86,18 +83,24 @@ function updateVersions(response) {
 function checkForUpdates(manager) {
     fetch()
         .then((versionData) => {
-        if (!module.exports.isUpdateAvailable) {
+        if (!changelog.isUpdateAvailable) {
             // Check for updates every 24 hours + random jitter of <3 hours
-            setTimeout(() => checkForUpdates(manager), 24 * 3600 * 1000 + Math.floor(Math.random() * 10000000));
+            updateCheckTimeout = setTimeout(() => checkForUpdates(manager), 24 * 3600 * 1000 + Math.floor(Math.random() * 10000000));
         }
         if (!versionData.latest) {
             return;
         }
-        log_1.default.info(`The Lounge ${chalk_1.default.green(versionData.latest.version)} is available. Read more on GitHub: ${versionData.latest.url}`);
+        log.info(`The Lounge ${colors.green(versionData.latest.version)} is available. Read more on GitHub: ${versionData.latest.url}`);
         // Notify all connected clients about the new version
         manager.clients.forEach((client) => client.emit("changelog:newversion"));
     })
         .catch((error) => {
-        log_1.default.error(`Failed to check for updates: ${error.message}`);
+        log.error(`Failed to check for updates: ${error.message}`);
     });
 }
+function stopUpdateChecks() {
+    if (updateCheckTimeout) {
+        clearTimeout(updateCheckTimeout);
+        updateCheckTimeout = null;
+    }
+}