nodebb-plugin-anti-account-sharing 1.0.0

package/.gitattributes

@@ -0,0 +1,22 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs     diff=csharp
+*.sln    merge=union
+*.csproj merge=union
+*.vbproj merge=union
+*.fsproj merge=union
+*.dbproj merge=union
+
+# Standard to msysgit
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain

package/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 NodeBB Inc. <sales@nodebb.org>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

package/README.md

@@ -0,0 +1,17 @@
+# Quickstart Plugin for NodeBB
+
+A starter kit for quickly creating NodeBB plugins. Comes with a pre-setup SCSS file, server side JS script with an `static:app.load` hook, and a client-side script. Most plugins need at least one of the above, so this ought to save you some time. For a full list of hooks have a look at our [wiki page](https://github.com/NodeBB/NodeBB/wiki/Hooks), and for more information about creating plugins please visit our [documentation portal](https://docs.nodebb.org/).
+
+Fork this or copy it, and using your favourite text editor find and replace all instances of `nodebb-plugin-quickstart` with `nodebb-plugin-your-plugins-name`. Change the author's name in the LICENSE and package.json files.
+
+## Hello World
+
+Really simple, just edit `public/lib/main.js` and paste in `console.log('hello world');`, and that's it!
+
+## Installation
+
+    npm install nodebb-plugin-quickstart
+
+## Screenshots
+
+Don't forget to add screenshots!

package/commitlint.config.js

@@ -0,0 +1,26 @@
+'use strict';
+
+module.exports = {
+	extends: ['@commitlint/config-angular'],
+	rules: {
+		'header-max-length': [1, 'always', 72],
+		'type-enum': [
+			2,
+			'always',
+			[
+				'breaking',
+				'build',
+				'chore',
+				'ci',
+				'docs',
+				'feat',
+				'fix',
+				'perf',
+				'refactor',
+				'revert',
+				'style',
+				'test',
+			],
+		],
+	},
+};

package/eslint.config.mjs

@@ -0,0 +1,10 @@
+'use strict';
+
+import serverConfig from 'eslint-config-nodebb';
+import publicConfig from 'eslint-config-nodebb/public';
+
+export default [
+	...publicConfig,
+	...serverConfig,
+];
+

package/languages/de/quickstart.json

@@ -0,0 +1,3 @@
+{
+	"info": "Dies ist eine Übersetzungszeichenkette, sie wird in die Sprache des Benutzers übersetzt. Siehe den Ordner 'languages' im Stammverzeichnis dieses Plugins."
+}

package/languages/en-GB/quickstart.json

@@ -0,0 +1,3 @@
+{
+	"info": "This is a translation string, it gets translated to the users language. See the languages folder in the root of this plugin."
+}

package/languages/en-US/quickstart.json

@@ -0,0 +1,3 @@
+{
+	"info": "This is a translation string, it gets translated to the users language. See the languages folder in the root of this plugin."
+}

package/lib/controllers.js

@@ -0,0 +1,20 @@
+'use strict';
+
+const Controllers = module.exports;
+
+Controllers.renderAdminPage = function (req, res/* , next */) {
+	/*
+		Make sure the route matches your path to template exactly.
+
+		If your route was:
+			myforum.com/some/complex/route
+		your template should be:
+			templates/some/complex/route.tpl
+		and you would render it like so:
+			res.render('some/complex/route');
+	*/
+
+	res.render('admin/plugins/quickstart', {
+		title: 'Quick Start',
+	});
+};

package/library.js

@@ -0,0 +1,83 @@
+'use strict';
+
+const db = require.main.require('./src/database');
+const user = require.main.require('./src/user');
+
+const Plugin = {};
+
+// --- AYARLAR ---
+const MAX_DEVICES = 1; // Kaç bilgisayara izin verilsin?
+
+// Cihazın Mobil olup olmadığını anlayan fonksiyon
+function isMobile(req) {
+    const ua = req.headers['user-agent'];
+    return /Mobile|Android|iPhone|iPad|iPod/i.test(ua);
+}
+
+Plugin.init = async function (params) {
+    console.log(`[Anti-Share] Güvenlik Aktif (Limit: ${MAX_DEVICES} Bilgisayar) 🛡️`);
+};
+
+// 1. GİRİŞ YAPILDIĞINDA (Listeye Ekle)
+Plugin.recordSession = async function (data) {
+    // Sadece Bilgisayar girişlerini takip ediyoruz
+    if (!isMobile(data.req)) {
+        if (data.uid && data.req.sessionID) {
+            const key = `antishare:sessions:${data.uid}`;
+            
+            // 1. Yeni oturumu listenin SONUNA ekle
+            await db.listAppend(key, data.req.sessionID);
+            
+            // 2. Listeyi kırp (Sadece son 5 taneyi tut)
+            // (Eğer 6. kişi girerse, listenin başındaki 1. kişi silinir)
+            await db.listTrim(key, -MAX_DEVICES, -1);
+        }
+    }
+};
+
+// 2. HER SAYFA GEZİNTİSİNDE (Kontrol Et)
+Plugin.checkSession = async function (data) {
+    const req = data.req;
+    const res = data.res;
+
+    // Giriş yapmamışsa veya Mobilden giriyorsa KARIŞMA
+    if (!req.uid || req.uid <= 0 || isMobile(req)) {
+        return data;
+    }
+
+    const isAdmin = await user.isAdministrator(req.uid);
+    if (isAdmin) return data;
+
+    // --- BİLGİSAYAR KONTROLÜ ---
+    const key = `antishare:sessions:${req.uid}`;
+    
+    // Veritabanındaki "Geçerli Oturum Listesi"ni çek
+    const validSessions = await db.getListRange(key, 0, -1);
+
+    // Eğer şu anki oturum ID'si, izin verilenler listesinde YOKSA -> AT!
+    if (validSessions && !validSessions.includes(req.sessionID)) {
+        
+        // Oturumu Öldür
+        req.logout(); 
+        if (req.session) req.session.destroy();
+
+        if (req.xhr || (req.headers.accept && req.headers.accept.indexOf('json') > -1)) {
+            return res.status(401).json({ 
+                error: 'session_terminated', 
+                message: 'Maksimum cihaz sınırına ulaşıldı.' 
+            });
+        } else {
+            return res.redirect('/login?error=session-conflict');
+        }
+    }
+
+    return data;
+};
+
+// Client scriptini ekle
+Plugin.addScripts = async function (scripts) {
+    scripts.push('plugins/nodebb-plugin-anti-account-sharing/static/security.js');
+    return scripts;
+};
+
+module.exports = Plugin;

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "nodebb-plugin-anti-account-sharing",
+  "version": "1.0.0",
+  "description": "Prevents account sharing by enforcing a single active session policy for desktop devices.",
+  "main": "library.js",
+  "keywords": [
+    "nodebb",
+    "plugin",
+    "security",
+    "anti-share",
+    "session-limit",
+    "account-protection"
+  ],
+  "author": {
+    "name": "IEU Forum Team",
+    "email": "forum@ieu.app"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/sucreistaken/nodebb-plugin-anti-account-sharing"
+  },
+  "bugs": {
+    "url": "https://github.com/sucreistaken/nodebb-plugin-anti-account-sharing/issues"
+  },
+  "nbbpm": {
+    "compatibility": "^4.0.0"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "eslint": "9.39.2",
+    "eslint-config-nodebb": "1.1.11"
+  },
+  "scripts": {
+    "lint": "eslint ."
+  }
+}

package/plugin.json

@@ -0,0 +1,19 @@
+{
+    "id": "nodebb-plugin-niki-antishare",
+    "name": "Niki Anti-Share Security",
+    "description": "Bilgisayar oturumlarını tekilleştirerek hesap paylaşımını engeller (Mobil hariç).",
+    "url": "https://forum.ieu.app",
+    "library": "./library.js",
+    "hooks": [
+        { "hook": "static:app.load", "method": "init" },
+        { "hook": "action:user.loggedIn", "method": "recordSession" },
+        { "hook": "filter:router.page", "method": "checkSession" },
+        { "hook": "filter:scripts.get", "method": "addScripts" }
+    ],
+    "scripts": [
+        "static/security.js"
+    ],
+    "staticDirs": {
+        "static": "./static"
+    }
+}

package/public/lib/acp-main.js

@@ -0,0 +1,18 @@
+'use strict';
+
+$(document).ready(function () {
+	/*
+		This file shows how admin page client-side javascript can be included via a plugin.
+		If you check `plugin.json`, you'll see that this file is listed under "acpScripts".
+		That array tells NodeBB which files to bundle into the minified javascript
+		that is served to the end user.
+
+		Some events you can elect to listen for:
+
+		$(document).ready(); Fired when the DOM is ready
+		$(window).on('action:ajaxify.end', function(data) { ... }); "data" contains "url"
+	*/
+
+	console.log('nodebb-plugin-quickstart: acp-loaded');
+	// Note how this is shown in the console on the first load of every page in the ACP
+});

package/public/lib/admin.js

@@ -0,0 +1,55 @@
+'use strict';
+
+/*
+	This file is located in the "modules" block of plugin.json
+	It is only loaded when the user navigates to /admin/plugins/quickstart page
+	It is not bundled into the min file that is served on the first load of the page.
+*/
+
+import { save, load } from 'settings';
+import * as uploader from 'uploader';
+
+export function init() {
+	handleSettingsForm();
+	setupUploader();
+};
+
+function handleSettingsForm() {
+	load('quickstart', $('.quickstart-settings'), function () {
+		setupColorInputs();
+	});
+
+	$('#save').on('click', () => {
+		save('quickstart', $('.quickstart-settings')); // pass in a function in the 3rd parameter to override the default success/failure handler
+	});
+}
+
+function setupColorInputs() {
+	var colorInputs = $('[data-settings="colorpicker"]');
+	colorInputs.on('change', updateColors);
+	updateColors();
+}
+
+function updateColors() {
+	$('#preview').css({
+		color: $('#color').val(),
+		'background-color': $('#bgColor').val(),
+	});
+}
+
+function setupUploader() {
+	$('#content input[data-action="upload"]').each(function () {
+		var uploadBtn = $(this);
+		uploadBtn.on('click', function () {
+			uploader.show({
+				route: config.relative_path + '/api/admin/upload/file',
+				params: {
+					folder: 'quickstart',
+				},
+				accept: 'image/*',
+			}, function (image) {
+				$('#' + uploadBtn.attr('data-target')).val(image);
+			});
+		});
+	});
+}

package/public/lib/main.js

@@ -0,0 +1,32 @@
+'use strict';
+
+/**
+ * This file shows how client-side javascript can be included via a plugin.
+ * If you check `plugin.json`, you'll see that this file is listed under "scripts".
+ * That array tells NodeBB which files to bundle into the minified javascript
+ * that is served to the end user.
+ *
+ * There are two (standard) ways to wait for when NodeBB is ready.
+ * This one below executes when NodeBB reports it is ready...
+ */
+
+(async () => {
+	const hooks = await app.require('hooks');
+
+	hooks.on('action:app.load', () => {
+		// called once when nbb has loaded
+	});
+
+	hooks.on('action:ajaxify.end', (/* data */) => {
+		// called everytime user navigates between pages including first load
+	});
+})();
+
+/**
+ * ... and this one reports when the DOM is loaded (but NodeBB might not be fully ready yet).
+ * For most cases, you'll want the one above.
+ */
+
+$(document).ready(function () {
+	// ...
+});

package/public/lib/quickstart.js

@@ -0,0 +1,15 @@
+'use strict';
+
+/*
+	This file is located in the "modules" block of plugin.json
+	It is only loaded when the user navigates to /quickstart page
+	It is not bundled into the min file that is served on the first load of the page.
+*/
+
+define('forum/quickstart', function () {
+	var module = {};
+	module.init = function () {
+		$('#last-p').text('quickstart.js loaded!');
+	};
+	return module;
+});

package/renovate.json

@@ -0,0 +1,5 @@
+{
+  "extends": [
+    "config:recommended"
+  ]
+}

package/scss/quickstart.scss

@@ -0,0 +1 @@
+/* Place any SASS in here */

package/static/samplefile.html

@@ -0,0 +1,5 @@
+<h1>Hello!</h1>
+
+<p>This file is served by nodebb at domain.com/assets/plugins/nodebb-plugin-quickstart/static/samplefile.html</p>
+
+Check plugin.json for the "staticDirs" property if you want to change the path.

package/static/security.js

@@ -0,0 +1,71 @@
+'use strict';
+
+$(document).ready(function() {
+    // 1. URL Kontrolü (Sayfa yenileyince atıldıysa)
+    const urlParams = new URLSearchParams(window.location.search);
+    if (urlParams.get('error') === 'session-conflict') {
+        showSecurityModal();
+    }
+
+    // 2. AJAX Kontrolü (Sayfada gezerken atıldıysa)
+    $(document).ajaxError(function(event, jqxhr) {
+        if (jqxhr.status === 401 && jqxhr.responseJSON && jqxhr.responseJSON.error === 'session_terminated') {
+            showSecurityModal();
+        }
+    });
+
+    function showSecurityModal() {
+        // Varsa eski modalları temizle
+        $('#antishare-modal').remove();
+
+        // Niki'den bağımsız, genel ve şık bir tasarım
+        const modalHtml = `
+            <div id="antishare-modal" style="
+                position: fixed; top: 0; left: 0; width: 100%; height: 100%;
+                background: rgba(0,0,0,0.92); z-index: 999999;
+                display: flex; flex-direction: column; align-items: center; justify-content: center;
+                text-align: center; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+                animation: fadeIn 0.3s ease;
+            ">
+                <div style="
+                    background: #ffffff; padding: 40px; border-radius: 16px; 
+                    max-width: 90%; width: 400px; box-shadow: 0 10px 40px rgba(0,0,0,0.5);
+                    position: relative; overflow: hidden;
+                ">
+                    <div style="position: absolute; top:0; left:0; width:100%; height:6px; background:#d9534f;"></div>
+
+                    <div style="
+                        width: 70px; height: 70px; background: #fdf2f2; border-radius: 50%; 
+                        display: flex; align-items: center; justify-content: center; margin: 0 auto 20px;
+                    ">
+                        <i class="fa fa-shield" style="font-size: 32px; color: #d9534f;"></i>
+                    </div>
+                    
+                    <h2 style="color: #333; margin: 0 0 10px; font-size: 22px; font-weight: 700;">Oturum Sonlandırıldı</h2>
+                    
+                    <p style="color: #666; font-size: 14px; line-height: 1.6; margin: 0 0 30px;">
+                        Hesabınıza <strong>başka bir bilgisayardan</strong> giriş yapıldığı tespit edildi.<br><br>
+                        Hesap güvenliğiniz için önceki cihazdaki oturum otomatik olarak kapatılmıştır.
+                    </p>
+                    
+                    <a href="/login" style="
+                        display: block; width: 100%; padding: 14px 0;
+                        background: #d9534f; color: #fff; text-decoration: none;
+                        font-weight: 600; border-radius: 8px; font-size: 15px;
+                        transition: background 0.2s;
+                    " onmouseover="this.style.background='#c9302c'" onmouseout="this.style.background='#d9534f'">
+                        TEKRAR GİRİŞ YAP
+                    </a>
+                    
+                    <div style="margin-top: 20px; font-size: 12px; color: #999;">
+                        Mobil cihazlarınız bu durumdan etkilenmez.
+                    </div>
+                </div>
+            </div>
+            <style>@keyframes fadeIn { from { opacity:0; transform:scale(0.95); } to { opacity:1; transform:scale(1); } }</style>
+        `;
+
+        $('body').append(modalHtml);
+        $('body').css('overflow', 'hidden'); // Scrollu kilitle
+    }
+});

package/templates/admin/plugins/quickstart/partials/sorted-list/form.tpl

@@ -0,0 +1,10 @@
+<form>
+    <div class="mb-3">
+        <label class="form-label" for="name">Name</label>
+        <input type="text" id="name" name="name" class="form-control" placeholder="Name" />
+    </div>
+    <div class="mb-3">
+        <label class="form-label" for="description">Description</label>
+        <input type="text" id="description" name="description" class="form-control" placeholder="Description" />
+    </div>
+</form>

package/templates/admin/plugins/quickstart/partials/sorted-list/item.tpl

@@ -0,0 +1,12 @@
+<li data-type="item" class="list-group-item">
+    <div class="d-flex gap-2 justify-content-between align-items-start">
+        <div class="flex-grow-1">
+            <strong>{name}</strong><br />
+            <small>{description}</small>
+        </div>
+        <div class="d-flex gap-1 flex-nowrap">
+            <button type="button" data-type="edit" class="btn btn-sm btn-info">Edit</button>
+            <button type="button" data-type="remove" class="btn btn-sm btn-danger">Delete</button>
+        </div>
+    </div>
+</li>

package/templates/admin/plugins/quickstart.tpl

@@ -0,0 +1,68 @@
+<div class="acp-page-container">
+	<!-- IMPORT admin/partials/settings/header.tpl -->
+
+	<div class="row m-0">
+		<div id="spy-container" class="col-12 col-md-8 px-0 mb-4" tabindex="0">
+			<form role="form" class="quickstart-settings">
+				<div class="mb-4">
+					<h5 class="fw-bold tracking-tight settings-header">General</h5>
+
+					<p class="lead">
+						Adjust these settings. You can then retrieve these settings in code via:
+						<br/><code>await meta.settings.get('quickstart');</code>
+					</p>
+					<div class="mb-3">
+						<label class="form-label" for="setting-1">Setting 1</label>
+						<input type="text" id="setting-1" name="setting-1" title="Setting 1" class="form-control" placeholder="Setting 1">
+					</div>
+					<div class="mb-3">
+						<label class="form-label" for="setting-2">Setting 2</label>
+						<input type="text" id="setting-2" name="setting-2" title="Setting 2" class="form-control" placeholder="Setting 2">
+					</div>
+
+					<div class="form-check form-switch">
+						<input type="checkbox" class="form-check-input" id="setting-3" name="setting-3">
+						<label for="setting-3" class="form-check-label">Setting 3</label>
+					</div>
+				</div>
+
+				<div class="mb-4">
+					<h5 class="fw-bold tracking-tight settings-header">Colors</h5>
+
+					<p class="alert" id="preview">
+						Here is some preview text. Use the inputs below to modify this alert's appearance.
+					</p>
+					<div class="mb-3 d-flex gap-2">
+						<label class="form-label" for="color">Foreground</label>
+						<input data-settings="colorpicker" type="color" id="color" name="color" title="Background Color" class="form-control p-1" placeholder="#ffffff" value="#ffffff" style="width: 64px;"/>
+					</div>
+					<div class="mb-3 d-flex gap-2">
+						<label class="form-label" for="bgColor">Background</label>
+						<input data-settings="colorpicker" type="color" id="bgColor" name="bgColor" title="Background Color" class="form-control p-1" placeholder="#000000" value="#000000" style="width: 64px;" />
+					</div>
+				</div>
+
+				<div class="mb-4">
+					<h5 class="fw-bold tracking-tight settings-header">Sorted List</h5>
+
+					<div class="mb-3" data-type="sorted-list" data-sorted-list="sample-list" data-item-template="admin/plugins/quickstart/partials/sorted-list/item" data-form-template="admin/plugins/quickstart/partials/sorted-list/form">
+						<ul data-type="list" class="list-group mb-2"></ul>
+						<button type="button" data-type="add" class="btn btn-info">Add Item</button>
+					</div>
+				</div>
+
+				<div>
+					<h5 class="fw-bold tracking-tight settings-header">Uploads</h5>
+
+					<label class="form-label" for="uploadedImage">Upload Image</label>
+					<div class="d-flex gap-1">
+						<input id="uploadedImage" name="uploadedImage" type="text" class="form-control" />
+						<input value="Upload" data-action="upload" data-target="uploadedImage" type="button" class="btn btn-light" />
+					</div>
+				</div>
+			</form>
+		</div>
+
+		<!-- IMPORT admin/partials/settings/toc.tpl -->
+	</div>
+</div>

package/templates/quickstart.tpl

@@ -0,0 +1,7 @@
+<div class="card card-body text-bg-light">
+	<p>This is a custom page.</p>
+	<p>Your uid is {uid}!</p>
+	<p id="last-p"></p>
+	<hr/>
+	<p>[[quickstart:info]]</p>
+</div>

package/test/.eslintrc

@@ -0,0 +1,9 @@
+{
+	"env": {
+		"mocha": true
+	},
+	"rules": {
+		"no-unused-vars": "off"
+	}
+}
+

package/test/index.js

@@ -0,0 +1,41 @@
+/**
+ * You can run these tests by executing `npx mocha test/plugins-installed.js`
+ * from the NodeBB root folder. The regular test runner will also run these
+ * tests.
+ *
+ * Keep in mind tests do not activate all plugins, so if you are testing
+ * hook listeners, socket.io, or mounted routes, you will need to add your
+ * plugin to `config.json`, e.g.
+ *
+ * {
+ *     "test_plugins": [
+ *         "nodebb-plugin-quickstart"
+ *     ]
+ * }
+ */
+
+'use strict';
+
+/* globals describe, it, before */
+
+const assert = require('assert');
+
+const db = require.main.require('./test/mocks/databasemock');
+
+describe('nodebb-plugin-quickstart', () => {
+	before(() => {
+		// Prepare for tests here
+	});
+
+	it('should pass', (done) => {
+		const actual = 'value';
+		const expected = 'value';
+		assert.strictEqual(actual, expected);
+		done();
+	});
+
+	it('should load config object', async () => {	// Tests can be async functions too
+		const config = await db.getObject('config');
+		assert(config);
+	});
+});