GitHub/ergo
3
0
Fork 0
mirror of https://github.com/ergochat/ergo.git synced 2025-04-03 22:38:16 +02:00
Code Issues Projects Releases Wiki Activity
5,376 Commits 15 Branches 72 Tags
Commit Graph

2307 Commits

Author SHA1 Message Date
Shivaram Lingamneni
a6df370bd9
block HTTP DoS attacks (#2239) 
Block uses of the JS Fetch API to send HTTP message bodies that are also valid
IRC. The constraint on such messages is that they must begin with a valid HTTP
verb; we can detect this and reject them immediately.
 2025-03-30 21:33:06 -04:00
Shivaram Lingamneni
9791606f62
allow customizing the NPC and SCENE nickmasks (#2237) 
See #2229
 2025-03-30 21:32:55 -04:00
Shivaram Lingamneni
7256d83ff0
implement command aliases (#2236) 
See #2229
 2025-03-30 21:32:37 -04:00
Shivaram Lingamneni
19dbe10c99
fix panic on KILL (#2234) 
Introduced by #2218, reported by knolle
 2025-03-26 21:21:05 -04:00
Shivaram Lingamneni
467df24914
fix #2228 (#2233) 
If the server is UTF8ONLY, validate that the MOTD is UTF8
 2025-03-22 23:13:31 -04:00
Shivaram Lingamneni
ea81ec86e1
MVP for HTTP API (#2231) 
Co-authored-by: Klaas Tammling <klaas@tammling.hamburg>
 2025-03-18 23:13:03 -04:00
Shivaram Lingamneni
4bcd008416
fix CHATHISTORY TARGETS from MySQL backend using server local TZ (#2224) 
time.Unix() returns a time.Time with the Location populated to the server's
timezone. Such times will format incorrectly with IRCv3TimestampFormat unless
they are manually converted to UTC.
 2025-03-17 02:22:25 -04:00
Shivaram Lingamneni
23b65e225b add SAFERATE to 005 
See discussion at https://github.com/ircv3/ircv3-specifications/pull/556
 2025-03-06 13:30:17 -05:00
Shivaram Lingamneni
ec3417be79 fix #2218 
The client's own QUIT line should respect server-time
 2025-02-16 01:33:24 -05:00
Shivaram Lingamneni
7e18362d35
upgrade to go 1.24 (#2217) 2025-02-12 21:15:21 -05:00
Shivaram Lingamneni
d50f1471eb fix #2215 
Hide the message-redaction capability if allow-individual-delete is disabled.
(Technically REDACT can still be used, but only by ircops, so advertising it
is misleading in the most common case).
 2025-02-06 01:36:02 -05:00
Shivaram Lingamneni
e1b5a05c27 refactor service help sorting 2025-02-05 00:47:23 -05:00
Shivaram Lingamneni
a850602bcc refactor 005 token generation 2025-02-05 00:47:23 -05:00
Shivaram Lingamneni
d1126b53eb return constant strings in 004/005 2025-02-05 00:47:23 -05:00
Shivaram Lingamneni
4851825d4f use slices.SortFunc for modes 2025-02-05 00:47:23 -05:00
Shivaram Lingamneni
8fa6e19c2e fix #2213 
We intended to suppress 324 and 329 when there is no valid mode change, only
unknown modes. Fix these checks.
 2025-02-03 21:35:51 -05:00
Shivaram Lingamneni
07669f9eb4 remove hashset from mode parsing 2025-02-03 21:29:34 -05:00
Shivaram Lingamneni
4dfb7cc7ae use slices.Contains in irc/modes 2025-02-03 21:29:34 -05:00
Shivaram Lingamneni
b6a8cc20c2 add conn ID to SASL auth logline 2025-02-03 21:29:34 -05:00
Shivaram Lingamneni
e60afda556 set up new development version 2025-01-26 00:55:31 -05:00
Shivaram Lingamneni
c92f23b0cb bump version and changelog for v2.15.0 2025-01-25 22:55:19 -05:00
Shivaram Lingamneni
7b71839615 fix buggy persistence of push timestamps 
getPushSubscriptions() could have a stale view of the latest subscription
renewal and successful push times. We don't want to rebuild on every renewal
or every push, so add a boolean refresh argument that controls rebuilding.
 2025-01-16 00:06:11 -05:00
Shivaram Lingamneni
799e1b14f4 delete services debug line 2025-01-15 22:12:40 -05:00
Shivaram Lingamneni
2163d96348 add connID to another logline 2025-01-15 22:12:40 -05:00
Shivaram Lingamneni
e520ba7e0e list push subscription times as well 2025-01-15 22:12:40 -05:00
Shivaram Lingamneni
92e2aa987e move debug log ID within NS CLIENTS LIST output 2025-01-15 22:12:40 -05:00
Shivaram Lingamneni
ab2d842b27
changelog and version updates for v2.15.0-rc1 (#2209) 2025-01-13 22:57:04 -05:00
Shivaram Lingamneni
21ee867ebb
fix #2198 (#2199) 
Add require-sasl support to KLINE / UBAN on NUH masks
 2025-01-13 22:20:47 -05:00
Shivaram Lingamneni
36e5451aa5
implement draft/webpush (#2205) 2025-01-13 21:47:21 -05:00
Shivaram Lingamneni
efd3764337
add unique connection ID to debug logs (#2207) 
Fixes #2206
 2025-01-11 23:07:04 -05:00
Shivaram Lingamneni
eddd4cc723
fix incorrect batch parameter in draft/extended-isupport (#2197) 2024-10-26 22:11:20 -04:00
Shivaram Lingamneni
726d997d07
advertise SAFELIST (#2196) 
LIST is implemented via blocking (*ResponseBuffer).Send, so it can never
exceed the sendq limit.
 2024-10-06 12:11:34 -04:00
Shivaram Lingamneni
7586520032
implement draft/extended-isupport (#2184) 2024-09-27 00:40:56 -04:00
Shivaram Lingamneni
f68d32b4ee
remove GCStats.Pause initialization (#2189) 
It's too small anyway so the runtime has to reallocate it.
 2024-09-08 01:48:47 -04:00
Shivaram Lingamneni
df6aa4c34b
enable building for solaris (#2183) 2024-08-02 15:09:28 -04:00
Shivaram Lingamneni
ce41f501c9 set up new development version 2024-07-01 01:07:21 -04:00
Shivaram Lingamneni
d25fc2a758 bump version and changelog for v2.14.0 2024-06-30 23:36:28 -04:00
Shivaram Lingamneni
958eb43393 bump version and changelog for v2.14.0-rc2 2024-06-16 04:40:00 -04:00
Shivaram Lingamneni
0b333c7e72 fix truncation check 
* The message target was not being counted :-(
* The additional character added to the target by STATUSMSG was not counted
 2024-06-11 01:42:57 -04:00
Shivaram Lingamneni
654381071b
update version and changelog for v2.14.0-rc1 (#2164) 
* changelog for v2.14.0-rc1

* bump version string for rc1

* bump irctest
 2024-06-09 03:11:33 -04:00
Shivaram Lingamneni
0517b5571d fix #2081 
Increase default/recommended mask list size limit to 150;
SAMODE overrides enforcement of the limit.
 2024-06-03 23:39:08 -04:00
Shivaram Lingamneni
1117680fdd
clean up RPL_CHANNELMODEIS logic (#2163) 
Don't send RPL_CHANNELMODEIS for no-op changes to channel-user modes
 2024-06-03 23:28:08 -04:00
Shivaram Lingamneni
7318e48629 fix #2043 
Add human-readable description parameters to multiline fail messages,
since they are technically required by the standard-replies spec
(although the utility of showing them to users is dubious)
 2024-06-02 03:34:11 -04:00
Shivaram Lingamneni
289b78d2fd fix #2141 
Log errors from attempting to delete a unix domain socket path
 2024-05-29 02:24:08 -04:00
Shivaram Lingamneni
d81494ac09
Merge pull request #2159 from ergochat/casefolding.2 
fix #2099
 2024-05-29 08:04:14 +02:00
Shivaram Lingamneni
794b4a2483 allow null bytes in bearer tokens 
(Haven't decided what to do at the spec level yet)
 2024-05-29 01:54:12 -04:00
Shivaram Lingamneni
7772b55cab fix #2099 
Add optional support for rfc1459 and rfc1459-strict casemappings
 2024-05-27 22:16:20 -04:00
Shivaram Lingamneni
ed683bff79 remove draft/bearer in favor of IRCV3BEARER 2024-05-27 20:40:04 -04:00
Shivaram Lingamneni
218f6f2454 fix login throttle handling 
We were checking the login throttle at the beginning of every SASL
conversation. This had several problems:

1. Pidgin (on Windows?) tries every mechanism in order, regardless of
the CAP advertisement. It would use up the default throttle allowance
trying unsupported mechanisms like CRAM-MD5.
2. The throttle was actually checked twice for AUTHENTICATE PLAIN
(once at the start of the conversation and once in AuthenticateByPassphrase).

The general pattern here is that we should check the throttle every time we
do something "expensive" (bcrypt verification, send a reset email) or
"dangerous" (anything that could lead to a bruteforce attack on passwords).
Therefore, delete the check from the AUTHENTICATE handler, and add one at
the beginning of the SCRAM conversation to replace it.
 2024-05-26 05:19:41 -04:00
Shivaram Lingamneni
6abb291290 fix deadlock on channel state mutex 2024-05-06 02:32:40 -04:00