diff --git a/server/.vscode/launch.json b/server/.vscode/launch.json index d23e5e9..80298df 100755 --- a/server/.vscode/launch.json +++ b/server/.vscode/launch.json @@ -7,14 +7,19 @@ { "type": "node", "request": "launch", - "name": "Launch Program", - "skipFiles": [ - "/**" + "name": "Launch with Nodemon", + "runtimeExecutable": "nodemon", + "runtimeArgs": [ + "--inspect=9229", + "server.js" ], "env": { "NODE_ENV": "dev", }, - "program": "${workspaceFolder}/server.js" + "restart": true, + "skipFiles": [ + "/**" + ] } ] } \ No newline at end of file diff --git a/server/config.js b/server/config.js index d581287..738b412 100755 --- a/server/config.js +++ b/server/config.js @@ -1,5 +1,53 @@ -export const ENV = process.env.NODE_ENV || "prod"; -export const DEV = ENV === "dev"; -export const PROD =!DEV; -export const PORT = process.env.PORT || 3000; -export const PARTY_MAX_SIZE = 4; +const dev = process.env.NODE_ENV === "dev"; +const env = process.env.PROD || (dev ? "dev" : "prod"); + +export const Config = { + /** @readonly @type {string} the name of the environment we're running in */ + "env": env, + + /** @readonly @type {boolean} are we running in development-mode? */ + "dev": dev, + + /** + * Port we're running the server on. + * + * @readonly + * @const {number} + */ + port: process.env.PORT || 3000, + + /** + * Maximum number of players allowed on the server. + * + * @readonly + * @const {number} + */ + maxPlayers: dev ? 3 : 40, + + /** + * Max number of characters in a party. + * By default, a player can only have a single party. + * Multiple parties may happen some day. + */ + maxPartySize: 4, + + /** + * Number of failed logins allowed before user is locked out. + * Also known as Account lockout threshold + * + * @readonly + * @const {number} + */ + maxFailedLogins: 5, + + /** + * When a user has entered a wrong password too many times, + * block them for this long before they can try again. + * + * @readonly + * @const {number} + */ + accountLockoutDurationMs: 15 * 60 * 1000, // 15 minutes. +}; + + diff --git a/server/models/game.js b/server/models/game.js index 1702fe3..c28b1c4 100755 --- a/server/models/game.js +++ b/server/models/game.js @@ -7,7 +7,7 @@ * Serializing this object effectively saves the game. */ -import WebSocket from "ws"; +import { miniUid } from "../utils/id.js"; import { Character } from "./character.js"; import { ItemTemplate } from "./item.js"; import { Player } from "./player.js"; @@ -28,43 +28,74 @@ export class Game { */ _characters = new Map(); - /** - * All players ever registered, mapped by name => player. - * - * _____ _ - * | ___(_)_ ___ __ ___ ___ - * | |_ | \ \/ / '_ ` _ \ / _ \ - * | _| | |> <| | | | | | __/ - * |_| |_/_/\_\_| |_| |_|\___| - * - * 1. Add mutex on the players table to avoid race conditions during - * insert/delete/check_available_username - * 1.a ) add an "atomicInsert" that inserts a new player if the giver username - * is available. - * 2. Prune "dead" players (players with 0 logins) after a short while - * - * + /* * @protected * @type {Map} Map of users in the game username->Player */ _players = new Map(); - hasPlayer(username) { - return this._players.has(username); - } - getPlayer(username) { return this._players.get(username); } - createPlayer(username, passwordHash=null) { + /** + * Atomic player creation. + * + * @param {string} username + * @param {string?} passwordHash + * @param {string?} salt + * + * @returns {Player|null} Returns the player if username wasn't already taken, or null otherwise. + */ + createPlayer(username, passwordHash = undefined, salt = undefined) { if (this._players.has(username)) { return false; } - const player = new Player(username, passwordHash); + const player = new Player( + username, + typeof passwordHash === "string" ? passwordHash : "", + typeof salt === "string" && salt.length > 0 ? salt : miniUid() + ); + this._players.set(username, player); return player; } + + /** + * Create an ItemTemplate with a given ID + * + * @param {string} id + * @param {object} attributes + * + * @returns {ItemTemplate|false} + */ + createItemTemplate(id, attributes) { + + if (typeof id !== "string" || !id) { + throw new Error("Invalid id!"); + } + + if (this._itemTemplates.has(id)) { + return false; + } + + /** @type {ItemTemplate} */ + const result = new ItemTemplate(id, attributes.name, attributes.itemSlots); + + for (const key of Object.keys(result)) { + if (key === "id") { + continue; + } + if (key in attributes) { + result[key] = attributes[key]; + } + } + + + this._itemTemplates.set(id, result); + + return result; + } } diff --git a/server/models/item.js b/server/models/item.js index 89aceed..5576de7 100755 --- a/server/models/item.js +++ b/server/models/item.js @@ -1,5 +1,3 @@ -import { cleanName } from "../utils/id.js"; - /** * Item templates are the built-in basic items of the game. * A character cannot directly own one of these items, @@ -7,74 +5,69 @@ import { cleanName } from "../utils/id.js"; * generate these CharacterItems. */ export class ItemTemplate { - _id; - _name; - _description; - _itemSlots; + /** @constant @readonly @type {string} Item's machine-friendly name */ + id; - /** @type {string} Item's machine-friendly name */ - get id() { - return this._id; - } + /** @constant @readonly @type {string} Item's human-friendly name */ + name; - /** @type {string} Item's human-friendly name */ - get name() { - return this._name; - } + /** @constant @readonly @type {string} Item's Description */ + description; - /** @type {string} Item's Description */ - get description() { - return this._description; - } + /** @constant @readonly @type {number} Number of Item Slots taken up by this item. */ + itemSlots; - /** @type {number} Number of Item Slots taken up by this item. */ - get itemSlots() { - return this._itemSlots; - } + /** @constant @readonly @type {number?} How much damage (if any) does this item deal */ + damage; + + /** @constant @readonly @type {string?} Which special effect is triggered when successfull attacking with this item? */ + specialEffect; + + /** @constant @readonly @type {boolean?} Can this item be used as a melee weapon? */ + melee; + + /** @constant @readonly @type {boolean?} Can this item be used as a ranged weapon? */ + ranged; + + /** @constant @readonly @type {string?} Type of ammo that this item is, or that this item uses */ + ammoType; /** * Constructor * + * @param {string=null} id Item's machine-friendly name. * @param {string} name. The Item's Name. * @param {number} itemSlots number of item slots the item takes up in a character's inventory. - * @param {string} description Item's detailed description. - * @param {string=} id Item's machine-friendly name. */ - constructor(name, itemSlots, description, id) { - if (typeof name !== "string") { - throw new Error("Name must be a string, but " + typeof name + " given."); - } - if (typeof description === "undefined") { - description = ""; - } - if (typeof description !== "string") { - throw new Error("Name must be a string, but " + typeof name + " given."); - } - if (!Number.isFinite(itemSlots)) { - throw new Error("itemSlots must be a finite number!"); - } - if (typeof id === "undefined") { - id = cleanName(name); - } - if (typeof id !== "string") { + constructor(id, name, itemSlots) { + + if (typeof id !== "string" || id.length < 1) { throw new Error("id must be a string!"); } - this._name = name; - this._id = id; - this._itemSlots = Number(itemSlots); - this._description = ""; + if (typeof name !== "string" || name.length < 1) { + throw new Error("Name must be a string, but " + typeof name + " given."); + } + + if (!Number.isFinite(itemSlots)) { + throw new Error("itemSlots must be a finite number!"); + } + + this.name = name; + this.id = id; + this.itemSlots = Number(itemSlots); } + // + // Spawn a new item! + /** @returns {Item} */ createItem() { - return new ChracterItem(this._id, this._name, this._description, this._itemSlots); - } - - static getOrCreate(id, name, description, itemSlots) { - } - - static seed() { - this + return new ChracterItem( + this.id, + this.name, + this.description, + this.itemSlots, + ); } } @@ -98,8 +91,8 @@ export class ItemTemplate { * Another bonus is, that the game can spawn custom items that arent even in the ItemTemplate Set. */ export class CharacterItem { - /** @type {string?} The unique name if the ItemTemplate this item is based on. May be null. */ - templateItemId; // We use the id instead of a pointer, could make garbage collection better. + /** @type {ItemTemplate|null} The template that created this item. Null if no such template exists [anymore]. */ + itemTemplate; // We use the id instead of a pointer, could make garbage collection better. /** @type {string} The player's name for this item. */ name; diff --git a/server/models/player.js b/server/models/player.js index c70b79c..09f0845 100755 --- a/server/models/player.js +++ b/server/models/player.js @@ -7,26 +7,34 @@ import { Character } from "./character.js"; * Contain persistent player account info. */ export class Player { - /** - * @protected - * @type {string} unique username - */ + + /** @protected @type {string} unique username */ _username; get username() { return this._username; } - /** - * @protected - * @type {string} - */ + /** @protected @type {string} */ _passwordHash; get passwordHash() { return this._passwordHash; } - /** @type {Date} */ + /** @protected @type {string} random salt used for hashing */ + _salt; + get salt() { + return this._salt; + } + + /** @protected @type {Date} */ _createdAt = new Date(); + get createdAt() { + return this._createdAt; + } + + /** @type {Date} */ + blockedUntil; + /** @type {Date|null} Date of the player's last websocket message. */ lastActivityAt = null; @@ -41,7 +49,7 @@ export class Player { failedPasswordsSinceLastLogin = 0; /** @protected @type {Set} */ - _characters = new Set(); + _characters = new Set(); // should this be a WeakSet? After all if the player is removed, their items might remain in the system, right? get characters() { return this._characters; } @@ -49,11 +57,12 @@ export class Player { /** * @param {string} username * @param {string} passwordHash + * @param {string} salt */ - constructor(username, passwordHash) { + constructor(username, passwordHash, salt) { this._username = username; this._passwordHash = passwordHash; - + this._salt = salt; this._createdAt = new Date(); } diff --git a/server/models/session.js b/server/models/session.js index 802ff11..a8f8e7c 100755 --- a/server/models/session.js +++ b/server/models/session.js @@ -1,7 +1,7 @@ import WebSocket from 'ws'; import { Game } from './game.js'; import { Player } from './player.js'; -import { StateInterface } from './states/interface.js'; +import { StateInterface } from '../states/interface.js'; import * as msg from '../utils/messages.js'; import figlet from 'figlet'; @@ -20,20 +20,46 @@ export class Session { } /** @type {Player} */ - player; + _player; + get player() { + return this._player; + } + + /** @param {Player} player */ + set player(player) { + + if (player instanceof Player) { + this._player = player; + return; + } + + if (player === null) { + this._player = null; + return; + } + + throw Error(`Can only set player to null or instance of Player, but received ${typeof player}`); + } + /** @type {WebSocket} */ - websocket; + _websocket; /** * @param {WebSocket} websocket * @param {Game} game */ constructor(websocket, game) { - this.websocket = websocket; + this._websocket = websocket; this._game = game; } + /** Close the session and websocket */ + close() { + this._websocket.close(); + this._player = null; + } + /** * Send a message via our websocket. * @@ -41,7 +67,7 @@ export class Session { * @param {...any} args */ send(messageType, ...args) { - this.websocket.send(JSON.stringify([messageType, ...args])); + this._websocket.send(JSON.stringify([messageType, ...args])); } sendFigletMessage(message) { @@ -62,26 +88,32 @@ export class Session { /** * @param {string} type prompt type (username, password, character name, etc.) - * @param {string} message The prompting message (please enter your character's name) + * @param {string|string[]} message The prompting message (please enter your character's name) + * @param {string} tag helps with message routing and handling. */ - sendPrompt(type, message,...args) { + sendPrompt(type, message, tag="default", ...args) { if (Array.isArray(message)) { message = message.join("\n"); } - this.send(msg.PROMPT, type, message,...args); + this.send(msg.PROMPT, type, message, tag, ...args); } /** @param {string} message The error message to display to player */ - sendError(message,...args) { + sendError(message, ...args) { this.send(msg.ERROR, message, ...args); } + /** @param {string} message The error message to display to player */ + sendDebug(message, ...args) { + this.send(msg.DEBUG, message, ...args); + } + /** @param {string} message The calamitous error to display to player */ - sendCalamity(message,...args) { + sendCalamity(message, ...args) { this.send(msg.CALAMITY, message, ...args); } - sendSystemMessage(arg0,...rest) { + sendSystemMessage(arg0, ...rest) { this.send(msg.SYSTEM, arg0, ...rest); } diff --git a/server/public/client.js b/server/public/client.js index 02f74bb..e08826a 100755 --- a/server/public/client.js +++ b/server/public/client.js @@ -1,37 +1,55 @@ class MUDClient { + // + // Constructor constructor() { - /** @type {WebSocket} ws */ + /** @type {WebSocket} Our WebSocket */ this.websocket = null; /** @type {boolean} Are we in development mode (decided by the server); this.dev = false; - /** - * The last thing we were asked. - * @type {string|null} - */ - this.serverExpects = null; + /** @type {string|null} The message type of the last thing we were asked. */ + this.replyType = null; + + /** @type {string|null} The #tag of the last thing we were asked. */ + this.replyTag = null; + + /** @type {HTMLElement} The output "monitor" */ this.output = document.getElementById("output"); + + /** @type {HTMLElement} The input element */ this.input = document.getElementById("input"); + + /** @type {HTMLElement} The send/submit button */ this.sendButton = document.getElementById("send"); + + /** @type {HTMLElement} Status indicator */ this.status = document.getElementById("status"); // Passwords are crypted and salted before being sent to the server // This means that if ANY of these three parameters below change, // The server can no longer accept the passwords. + /** @type {string} Hashing method to use for client-side password hashing */ this.digest = "SHA-256"; - this.salt = "V1_Kims_Krappy_Krypto"; + + /** @type {string} Salt string to use for client-side password hashing */ + this.salt = "No salt, no shorts, no service"; + + /** @type {string} Number of times the hashing should be done */ this.rounds = 1000; - this.username = ""; // the username also salts the password, so the username must never change. + /** @type {string} the username also salts the password, so the username must never change. */ + this.username = ""; this.setupEventListeners(); this.connect(); } + + /** @param {string} password the password to be hashed */ async hashPassword(password) { const encoder = new TextEncoder(); - let data = encoder.encode(password + this.salt + this.username); + let data = encoder.encode(password + this.salt); for (let i = 0; i < this.rounds; i++) { const hashBuffer = await crypto.subtle.digest(this.digest, data); @@ -41,7 +59,7 @@ class MUDClient { // Convert final hash to hex const rawHash = Array.from(data).map(b => b.toString(16).padStart(2, '0')).join(''); - return `${this.salt}:${this.rounds}:${this.digest}:${rawHash}`; + return `KimsKrappyKryptoV1:${this.salt}:${this.rounds}:${this.digest}:${rawHash}`; } connect() { @@ -62,7 +80,7 @@ class MUDClient { }; this.websocket.onmessage = (event) => { - console.log(event); + console.debug(event); const data = JSON.parse(event.data); this.onMessage(data); this.input.focus(); @@ -79,7 +97,7 @@ class MUDClient { this.websocket.onerror = (error) => { this.updateStatus("Connection Error", "error"); - this.appendOutput("Connection error occurred. Retrying...", { class: "error" }); + this.writeToOutput("Connection error occurred. Retrying...", { class: "error" }); }; } catch (error) { console.error(error); @@ -89,14 +107,19 @@ class MUDClient { } setupEventListeners() { + document.addEventListener("keypress", (e) => { + if (e.key.length === 1 && !e.ctrlKey && !e.altKey && !e.metaKey) { + this.input.focus(); + } + }); this.input.addEventListener("keypress", (e) => { if (e.key === "Enter") { - this.sendMessage(); + this.onUserCommand(); } }); this.sendButton.addEventListener("click", () => { - this.sendMessage(); + this.onUserCommand(); }); // Command history @@ -123,8 +146,69 @@ class MUDClient { }); } - sendMessage() { - const message = this.input.value.trim(); + /** + * Send a json-encoded message to the server via websocket. + * + * @param {messageType} string + * @param {...any} rest + */ + send(messageType, ...args) { + if (args.length === 0) { + this.websocket.send(JSON.stringify([messageType])); + return; + } + + this.websocket.send(JSON.stringify([messageType, ...args])); + } + + // + // Add a command to history so we can go back to previous commands with arrow keys. + _addCommandToHistory(command) { + // + // we do not add usernames or passwords to history. + if (this.replyType === "password" || this.replyType === "username") { + return; + } + + // + // Adding empty commands makes no sense. + // Why would the user navigate back through their history to + // find and empty command when they can just press enter. + if (command === "") { + return; + } + + // + // Add to command our history + // But not if the command was a password. + this.historyIndex = -1; + + // + // We do not add the same commands many times in a row. + if (this.commandHistory[this.commandHistory.length - 1] === command) { + return; + } + + // + // Add the command to the history stack + this.commandHistory.push(command); + if (this.commandHistory.length > 50) { + this.commandHistory.shift(); + } + } + + /** + * User has entered a command + */ + onUserCommand() { + // + // Trim user's input. + const command = this.input.value.trim(); + this.input.value = ""; + this.input.type = "text"; + + this._addCommandToHistory(command); + // -- This is a sneaky command that should not be in production? // @@ -132,77 +216,91 @@ class MUDClient { // :clear would be sent to the server, and we ask if it's okay // to clear the screen right now, and only on a positive answer would we // allow the screen to be cleared. Maybe..... - if (message === "/clear") { + if (command === "/clear") { this.output.innerHTML = ""; this.input.value = ""; return; } - if (message && this.websocket && this.websocket.readyState === WebSocket.OPEN) { - // Add to command history - if (this.commandHistory[this.commandHistory.length - 1] !== message) { - this.commandHistory.push(message); - if (this.commandHistory.length > 50) { - this.commandHistory.shift(); - } - } - this.historyIndex = -1; - this.input.value = ""; - this.input.type = "text"; - - if (this.serverExpects === "password") { - //-------------------------------------------------- - // The server asked us for a password, so we send it. - // But we hash it first, so we don't send our stuff - // in the clear. - //-------------------------------------------------- - this.hashPassword(message).then((pwHash) => { - this.websocket.send(JSON.stringify(["reply", "password", pwHash])) - this.serverExpects = null; - }); - return; - } - - this.appendOutput("> " + message, { class: "input" }); - - if (message === ":quit") { - this.websocket.send(JSON.stringify(["quit"])); - return; - } - if (message === ":help") { - this.websocket.send(JSON.stringify(["help"])); - return; - } - - if (this.serverExpects === "username") { - //-------------------------------------------------- - // The server asked us for a user, so we send it. - // We also store the username for later - //-------------------------------------------------- - this.username = message; - this.websocket.send(JSON.stringify(["reply", "username", message])) - this.serverExpects = null; - return; - - } - - if (this.serverExpects) { - //-------------------------------------------------- - // The server asked the player a question, - // so we send the answer the way the server wants. - //-------------------------------------------------- - this.websocket.send(JSON.stringify(["reply", this.serverExpects, message])) - this.serverExpects = null; - return; - } - - // - //----------------------------------------------------- - // The player sends a text-based command to the server - //----------------------------------------------------- - this.websocket.send(JSON.stringify(["c", message])); - + // + // Don't allow sending messages (for now) + // Later on, prompts may give us the option to simply "press enter"; + if (!command) { + console.debug("Cannot send empty message - YET"); + return; } + + // + // Can't send a message without a websocket + if (!(this.websocket && this.websocket.readyState === WebSocket.OPEN)) { + return; + } + + // + // The server asked us for a password, so we send it. + // But we hash it first, so we don't send our stuff + // in the clear. + if (this.replyType === "password") { + this.hashPassword(command).then((pwHash) => { + this.send("reply", "password", pwHash, this.replyTag); + this.replyType = null; + this.replyTag = null; + }); + return; + } + + // + // When the player enters their username during the auth-phase, + // keep the username in the pocket for later. + if (this.replyType === "username") { + this.username = command; + } + + // + // We add our own command to the output stream so the + // player can see what they typed. + this.writeToOutput("> " + command, { class: "input" }); + + // + // Handle certain-commands differently. + const specialCommands = { ":quit": "quit", ":help": "help" }; + if (specialCommands[command]) { + this.send(specialCommands[command]); + return; + } + + // + // Handle replies + // We want to be in a place where ALL messages are replies. + // The game loop should always ask you for your next command, + // even if it does so silently + if (this.replyType) { + //-------------------------------------------------- + // The server asked the player a question, + // so we send the answer the way the server wants. + //-------------------------------------------------- + this.send("reply", this.replyType, command, this.replyTag); + this.replyType = null; + this.replyTag = null; + return; + } + + // + //----------------------------------------------------- + // The player sends a text-based command to the server + //----------------------------------------------------- + // ___ _ _ _ + // |_ _|_ __ ___ _ __ ___ _ __| |_ __ _ _ __ | |_| | + // | || '_ ` _ \| '_ \ / _ \| '__| __/ _` | '_ \| __| | + // | || | | | | | |_) | (_) | | | || (_| | | | | |_|_| + // |___|_| |_| |_| .__/ \___/|_| \__\__,_|_| |_|\__(_) + // |_| + // + // Aside from :help", ":quit", etc. we should not send + // unsolicited messages to the server without being + // prompted to do so. + this.send("c", command); + } // ___ __ __ @@ -210,50 +308,142 @@ class MUDClient { // | | | | '_ \| |\/| |/ _ \/ __/ __|/ _` |/ _` |/ _ \ // | |_| | | | | | | | __/\__ \__ \ (_| | (_| | __/ // \___/|_| |_|_| |_|\___||___/___/\__,_|\__, |\___| - // + // /** @param {any[]} data*/ onMessage(data) { - console.log(data); - switch (data[0]) { - case "prompt": - this.serverExpects = data[1]; - this.appendOutput(data[2], { class: "prompt" }); - if (this.serverExpects === "password") { - this.input.type = "password"; - } - break; - case "e": // error - this.appendOutput(data[1], { class: "error" }); - break; - case "calamity": - this.appendOutput(data[1], { class: "error" }); - break; - case "_": // system messages, not to be displayed - if (data.length === 3 && data[1] === "dev") { - this.dev = data[2]; - } - - if (this.dev) { - this.appendOutput(`system message: ${data[1]} = ${JSON.stringify(data[2])}`, { class: "debug" }); - } - break; - case "m": - // normal text message to be shown to the player - // formatting magic is allowed. - // - // TODO: styling, font size, etc. - const args = typeof (data[2] === "object") ? data[2] : {}; - this.appendOutput(data[1], args); - break; - - this.appendOutput(data[1], {preformatted:true}) - default: - if (this.dev) { - msgType = data.shift(); - this.appendOutput(`unknown message type: ${msgType}: ${JSON.stringify(data)}`, "debug"); - } - console.log("unknown message type", data); + if (this.dev) { + console.debug(data); } + const messageType = data.shift(); + + if (messageType === "dbg") { + return this.handleDebugMessages(data); + } + + if (messageType === "prompt") { + return this.handlePromptMessage(data); + } + + if (messageType === "e") { + return this.handleErrorMessage(data); + } + + if (messageType === "calamity") { + return this.handleCalamityMessage(data); + } + + if (messageType === "_") { + return this.handleSystemMessages(data); + } + + if (messageType === "m") { + return this.handleTextMessages(data); + } + + if (this.dev) { + this.writeToOutput(`unknown message type: ${messageType}: ${JSON.stringify(data)}`, "debug"); + } + console.debug("unknown message type", data); + } + + // + // "m" => normal/standard message to be displayed to the user + handleTextMessages(data) { + const options = { ...data[1] }; // coerce options into an object. + + + // normal text message to be shown to the player + this.writeToOutput(data[0], options); + return; + } + + // + // Debug messages let the server send data to be displayed on the player's screen + // and also logged to the players browser's log. + handleDebugMessages(data) { + if (!this.dev) { + return; // debug messages are thrown away if we're not in dev mode. + } + this.writeToOutput(data, { class: "debug", preformatted: true }); + console.debug("DBG", data); + } + + // + // "_" => system messages, not to be displayed + handleSystemMessages(data) { + + if (data.length < 2) { + console.debug("malformed system message", data); + return; + } + + console.debug("Incoming system message", data); + + /** @type {string} */ + const messageType = data.shift(); + + switch (messageType) { + case "dev": + // This is a message that tells us that the server is in + // "dev" mode, and that we should do the same. + this.dev = data[0]; + this.status.textContent = "[DEV] " + this.status.textContent; + break; + case "salt": + this.salt = data[0]; + console.debug("updating crypto salt", data[0]); + break; + default: + console.debug("unknown system message", messageType, data); + } + + // If we're in dev mode, we should output all system messages (in a shaded/faint fashion). + if (this.dev) { + this.writeToOutput(`system message: ${messageType} = ${JSON.stringify(data)}`, { class: "debug" }); + } + return; + } + + // + // "calamity" => lethal error. Close connection. + // Consider hard refresh of page to reset all variables + handleCalamityMessage(data) { + // + // We assume that calamity errors are pre-formatted, and we do not allow + // any of our own formatting-shenanigans to interfere with the error message + const options = { ...{ class: "error", "preformatted": true }, ...data[1] }; + this.writeToOutput(data[0], options); + return; + } + + // + // "e" => non-lethal errors + handleErrorMessage(data) { + const options = { ...{ class: "error" }, ...data[1] }; + this.writeToOutput(data[0], options); + return; + } + + // + // The prompt is the most important message type, + // it prompts us send a message back. We should not + // send messages back to the server without being + // prompted. + // In fact, we should ALWAYS be in a state of just-having-been-prompted. + handlePromptMessage(data) { + let [replyType, promptText, replyTag, options = {}] = data; + + this.replyType = replyType; + this.replyTag = replyTag; + this.writeToOutput(promptText, { ...{ class: "prompt" }, ...options }); + + // The server has asked for a password, so we set the + // input type to password for safety reasons. + if (replyType === "password") { + this.input.type = "password"; + } + + return; } /** @@ -261,27 +451,20 @@ class MUDClient { * @param {string} text * @param {object} options */ - appendOutput(text, options = {}) { + writeToOutput(text, options = {}) { const el = document.createElement("span"); if (typeof options.class === "string") { el.className = options.class; } - - // Enter prompt answers on the same line as the prompt? - // if (className !== "prompt") { - // el.textContent = text + "\n"; - // } else { - // el.textContent = text + " "; - // } - // add end of line character "\n" unless // options.addEol = false is set explicitly const eol = options.addEol === false ? "" : "\n"; if (options.preformatted) { el.textContent = text + eol; + el.className += " " + "preformatted"; } else { el.innerHTML = parseCrackdown(text) + eol; } @@ -289,8 +472,16 @@ class MUDClient { this.output.scrollTop = this.output.scrollHeight; } + /** + * Update the status banner. + * + * @param {string} message + * @param {string} className + */ updateStatus(message, className) { - this.status.textContent = `Status: ${message}`; + this.status.textContent = this.dev + ? `[DEV] Status: ${message}` + : `Status: ${message}`; this.status.className = className; } } @@ -301,8 +492,8 @@ document.addEventListener("DOMContentLoaded", () => { }); function parseCrackdown(text) { - console.log("starting crack parsing"); - console.log(text); + console.debug("starting crack parsing"); + console.debug(text); return text.replace(/[&<>"'`]/g, (c) => { switch (c) { case '&': return '&'; @@ -323,8 +514,7 @@ function parseCrackdown(text) { .replace(/\({2}(([a-zA-Z0-9:].*?[a-zA-Z0-9:])|[a-zA-Z0-9:])\){2}/g, '$1') // faint with parentheses ; - console.log("crack output", text); + console.debug("crack output", text); return text; - } diff --git a/server/seed.js b/server/seed.js deleted file mode 100755 index 248276e..0000000 --- a/server/seed.js +++ /dev/null @@ -1,37 +0,0 @@ -import { Game } from "./models/game.js"; -import { Player } from "./models/player.js"; - -// ____ _____ _____ ____ _____ ____ -// / ___|| ____| ____| _ \| ____| _ \ -// \___ \| _| | _| | | | | _| | |_) | -// ___) | |___| |___| |_| | |___| _ < -// |____/|_____|_____|____/|_____|_| \_\ -// -/** @param {Game} game */ -export class Seeder { - seed(game) { - /** @protected @type {Game} */ - this.game = game; - - this.createPlayers(); - } - - /** @protected */ - createPlayers() { - // "pass" encrypted by client is: - // "V1_Kims_Krappy_Krypto:1000:SHA-256:8bdff92251f55df078f7a12446748fbeeb308991008096bf2eed3fd8926d0301" - // "pass" encrypted by client and then by server is: - // "1000:833d63b13a187a0d8950c83ad6d955b9:4bdc9981dd245e7c77949e0166094264f98c62ae9f4f5ebbcda50728bbb8b080" - // - // Since the server-side hashes have random salts, the hashes themselves can change for the same password. - // The client side hash must not have a random salt, otherwise, it must change every time. - // - // The hash below is just one has that represents the password "pass" sent via V1 of the "Kims Krappy Krypto" scheme. - // - const passwordHash = "1000:bdaa0d7436caeaa4d278e7591870b68c:151b8f7e73a97a01af190a51b45ee389c2f4590a6449ddae6f25b9eab49cac0d"; - const player = new Player("user", passwordHash); - this.game.createPlayer("user", passwordHash); - - // const char = new Character(player.username, "Sir Debug The Strong", true); - } -} diff --git a/server/seeders/characerSeeder.js b/server/seeders/characerSeeder.js new file mode 100644 index 0000000..3573b61 --- /dev/null +++ b/server/seeders/characerSeeder.js @@ -0,0 +1,15 @@ +// ____ _ _ +// / ___| |__ __ _ _ __ __ _ ___| |_ ___ _ __ +// | | | '_ \ / _` | '__/ _` |/ __| __/ _ \ '__| +// | |___| | | | (_| | | | (_| | (__| || __/ | +// \____|_| |_|\__,_|_| \__,_|\___|\__\___|_| +// +// ____ _ +// / ___| ___ ___ __| | ___ _ __ +// \___ \ / _ \/ _ \/ _` |/ _ \ '__| +// ___) | __/ __/ (_| | __/ | +// |____/ \___|\___|\__,_|\___|_| +// +export class CharacterSeeder { +} + diff --git a/server/seeders/gameSeeder.js b/server/seeders/gameSeeder.js new file mode 100644 index 0000000..3e8be48 --- /dev/null +++ b/server/seeders/gameSeeder.js @@ -0,0 +1,36 @@ +import { Game } from "../models/game.js"; +import { ItemSeeder } from "./itemSeeder.js"; +import { PlayerSeeder } from "./playerSeeder.js"; + +/** + * Create and populate a Game object. + * + * This seeder creates all models necessary to play the game. + * + * If dev mode, we create some known debug logins. (username = user, password = pass) as well as a few others + */ +export class GameSeeder { + + /** @returns {Game} */ + createGame() { + + /** @type {Game} */ + this.game = new Game(); + + this.work(); // Seeding may take a bit, so let's defer it so we can return early. + + return this.game; + } + + work() { + console.info("seeding..."); + + // + (new PlayerSeeder(this.game)).seed(); // Create debug players + (new ItemSeeder(this.game)).seed(); // Create items, etc. + + // + // Done + console.info("seeding done"); + } +} diff --git a/server/seeders/itemSeeder.js b/server/seeders/itemSeeder.js new file mode 100755 index 0000000..39f56a3 --- /dev/null +++ b/server/seeders/itemSeeder.js @@ -0,0 +1,71 @@ +import { Game } from "../models/game.js"; +import { ItemTemplate } from "../models/item.js"; + +// +// ___ _ _____ _ _ +// |_ _| |_ ___ _ __ ___ |_ _|__ _ __ ___ _ __ | | __ _| |_ ___ ___ +// | || __/ _ \ '_ ` _ \ | |/ _ \ '_ ` _ \| '_ \| |/ _` | __/ _ \/ __| +// | || || __/ | | | | | | | __/ | | | | | |_) | | (_| | || __/\__ \ +// |___|\__\___|_| |_| |_| |_|\___|_| |_| |_| .__/|_|\__,_|\__\___||___/ +// |_| +// +// Seed the Game.itemTemplate store +export class ItemSeeder { + + /** @param {Game} game */ + constructor(game) { + this.game = game; + } + + seed() { + + // __ __ + // \ \ / /__ __ _ _ __ ___ _ __ ___ + // \ \ /\ / / _ \/ _` | '_ \ / _ \| '_ \/ __| + // \ V V / __/ (_| | |_) | (_) | | | \__ \ + // \_/\_/ \___|\__,_| .__/ \___/|_| |_|___/ + // |_| + //------------------------------------------------------- + this.game.createItemTemplate("weapons.light.dagger", { + name: "Dagger", + description: "Small shady blady", + itemSlots: 0.5, + damage: 3, + melee: true, + ranged: true, + specialEffect: "effects.weapons.fast", + }); + this.game.createItemTemplate("weapons.light.sickle", { + name: "Sickle", + description: "For cutting nuts, and branches", + itemSlots: 1, + damage: 4, + specialEffect: "effects.weapons.sickle", + }); + this.game.createItemTemplate("weapons.light.spiked_gauntlets", { + name: "Spiked Gauntlets", + description: "Spikes with gauntlets on them!", + itemSlots: 1, + damage: 5, + specialEffect: "TBD", + }); + + + // _ + // / \ _ __ _ __ ___ ___ _ __ ___ + // / _ \ | '__| '_ ` _ \ / _ \| '__/ __| + // / ___ \| | | | | | | | (_) | | \__ \ + // /_/ \_\_| |_| |_| |_|\___/|_| |___/ + // --------------------------------------- + // + this.game.createItemTemplate("armors.light.studded_leather", { + name: "Studded Leather", + description: "Padded and hardened leather with metal stud reinforcement", + itemSlots: 3, + specialEffect: "TBD", + }); + + console.log(this.game._itemTemplates); + } +} + diff --git a/server/seeders/playerSeeder.js b/server/seeders/playerSeeder.js new file mode 100755 index 0000000..114ce47 --- /dev/null +++ b/server/seeders/playerSeeder.js @@ -0,0 +1,35 @@ +import { Game } from "../models/game.js"; +import { Player } from "../models/player.js"; + +export class PlayerSeeder { + /** @param {Game} game */ + constructor(game) { + + /** @type {Game} */ + this.game = game; + } + + seed() { + // Examples of the word "pass" hashed by the client and then the server: + // Note that the word "pass" has gajillions of hashed representations, all depending on the salts used to hash them. + // "pass" hashed by client: KimsKrappyKryptoV1:userSalt:1000:SHA-256:b106e097f92ff7c288ac5048efb15f1a39a15e5d64261bbbe3f7eacee24b0ef4 + // "pass" hashed by server: 1000:15d79316f95ff6c89276308e4b9eb64d:2178d5ded9174c667fe0624690180012f13264a52900fe7067a13f235f4528ef + // + // Since the server-side hashes have random salts, the hashes themselves can change for the same password. + // The client side hash must not have a random salt, otherwise, it must change every time. + // + // The hash below is just one has that represents the password "pass" sent via V1 of the "Kims Krappy Krypto" scheme. + + this.game.createPlayer( + "user", + "1000:15d79316f95ff6c89276308e4b9eb64d:2178d5ded9174c667fe0624690180012f13264a52900fe7067a13f235f4528ef", + "userSalt", + ); + + this.game.createPlayer( + "admin", + "1000:a84760824d28a9b420ee5f175a04d1e3:a6694e5c9fd41d8ee59f0a6e34c822ee2ce337c187e2d5bb5ba8612d6145aa8e", + "adminSalt", + ); + } +} diff --git a/server/server.js b/server/server.js index 056a441..4b9330e 100755 --- a/server/server.js +++ b/server/server.js @@ -4,19 +4,16 @@ import path from "path"; import fs from "fs"; import { Game } from "./models/game.js"; import * as msg from "./utils/messages.js"; -import * as cfg from "./utils/config.js"; import { Session } from "./models/session.js"; -import { Seeder } from "./seed.js"; -import { AuthState } from "./models/states/AuthState.js"; +import { AuthState } from "./states/Auth.js"; +import { GameSeeder } from "./seeders/gameSeeder.js"; +import { Config } from "./config.js"; class MudServer { constructor() { /** @type {Game} */ - this.game = new Game(); - if (cfg.DEV) { - (new Seeder()).seed(this.game); - } + this.game = (new GameSeeder()).createGame(); } // ____ ___ _ _ _ _ _____ ____ _____ _____ ____ @@ -165,9 +162,9 @@ class MudServer { this.onConnectionEstabished(ws); }); - console.info(`running in ${cfg.ENV} mode`); - httpServer.listen(cfg.PORT, () => { - console.log(`NUUHD server running on port ${cfg.PORT}`); + console.info(`running environment: ${Config.env}`); + httpServer.listen(Config.port, () => { + console.log(`NUUHD server running on port ${Config.port}`); console.log(`WebSocket server ready for connections`); }); } @@ -181,4 +178,5 @@ class MudServer { //--------------------------- // Code entry point //----------------- -(new MudServer()).start(); +const mudserver = new MudServer(); +mudserver.start(); diff --git a/server/models/states/auth.js b/server/states/Auth.js similarity index 73% rename from server/models/states/auth.js rename to server/states/Auth.js index 87bc1fe..7d77700 100755 --- a/server/models/states/auth.js +++ b/server/states/Auth.js @@ -1,14 +1,14 @@ -import * as msg from "../../utils/messages.js"; -import * as security from "../../utils/security.js"; +import * as msg from "../utils/messages.js"; +import * as security from "../utils/security.js"; import { CreatePlayerState } from "./createPlayer.js"; import { JustLoggedInState } from "./justLoggedIn.js"; -import { Session } from "../session.js"; +import { Session } from "../models/session.js"; +import { Config } from "../config.js"; const STATE_EXPECT_USERNAME = "promptUsername"; const STATE_EXPECT_PASSWORD = "promptPassword"; const USERNAME_PROMPT = [ - "Please enter your username", - "((type *:help* for help))", + "Please enter your _username_:", "((type *:create* if you want to create a new user))", ]; const PASSWORD_PROMPT = "Please enter your password"; @@ -57,6 +57,7 @@ export class AuthState { // // handle invalid message types if (!message.isUsernameResponse()) { + console.debug("what?!", message); this.session.sendError("Incorrect message type!"); this.session.sendPrompt("username", USERNAME_PROMPT); return; @@ -68,7 +69,7 @@ export class AuthState { // TODO: // Set gamestate = CreateNewPlayer // - // Also check if player creation is allowed in cfg/env + // Also check if player creation is allowed in config/env this.session.setState(new CreatePlayerState(this.session)); return; } @@ -81,11 +82,11 @@ export class AuthState { return; } - const player = this.session.game.getPlayer(message.username); + this.player = this.session.game.getPlayer(message.username); // // handle invalid username - if (!player) { + if (!this.player) { // // This is a security risk. In the perfect world we would allow the player to enter both @@ -104,8 +105,8 @@ export class AuthState { // // username was correct, proceed to next step - this.session.player = player; this.subState = STATE_EXPECT_PASSWORD; + this.session.sendSystemMessage("salt", this.player.salt); this.session.sendPrompt("password", PASSWORD_PROMPT); } @@ -133,21 +134,46 @@ export class AuthState { return; } + // - // Verify the password against the hash we've stored. - if (!security.verifyPassword(message.password, this.session.player.passwordHash)) { - this.session.sendError("Incorrect password!"); - this.session.sendPrompt("password", PASSWORD_PROMPT); - this.session.player.failedPasswordsSinceLastLogin++; + // Block users who enter bad passwords too many times. + if (this.player.failedPasswordsSinceLastLogin > Config.maxFailedLogins) { + this.blockedUntil = new Date() + Config.maxFailedLogins, + this.session.sendCalamity("You have been locked out for too many failed password attempts, come back later"); + this.session.close(); return; } - this.session.player.lastSucessfulLoginAt = new Date(); - this.session.player.failedPasswordsSinceLastLogin = 0; + // + // Handle blocked users. + // They don't even get to have their password verified. + if (this.player.blockedUntil > (new Date())) { + this.session.sendCalamity("You have been locked out for too many failed password attempts, come back later"); + this.session.close(); + return; + } + // + // Verify the password against the hash we've stored. + if (!security.verifyPassword(message.password, this.player.passwordHash)) { + this.session.sendError("Incorrect password!"); + this.session.sendPrompt("password", PASSWORD_PROMPT); + this.player.failedPasswordsSinceLastLogin++; + + this.session.sendDebug(`Failed login attempt #${this.player.failedPasswordsSinceLastLogin}`); + + return; + } + + + + this.player.lastSucessfulLoginAt = new Date(); + this.player.failedPasswordsSinceLastLogin = 0; + + this.session.player = this.player; // // Password correct, check if player is an admin - if (this.session.player.isAdmin) { + if (this.player.isAdmin) { // set state AdminJustLoggedIn } diff --git a/server/models/states/awaitCommands.js b/server/states/awaitCommands.js similarity index 90% rename from server/models/states/awaitCommands.js rename to server/states/awaitCommands.js index 896a6d1..5d7db55 100755 --- a/server/models/states/awaitCommands.js +++ b/server/states/awaitCommands.js @@ -1,5 +1,5 @@ -import * as msg from "../../utils/messages.js"; -import { Session } from "../session.js"; +import * as msg from "../utils/messages.js"; +import { Session } from "../models/session.js"; /** * Main game state @@ -41,7 +41,7 @@ export class AwaitCommandsState { break; case "quit": this.session.sendMessage("The quitting quitter quits, typical... Cya"); - this.session.websocket.close(); + this.session._websocket.close(); break; default: this.session.sendMessage(`Unknown command: ${message.command}`); diff --git a/server/models/states/characterCreation.js b/server/states/characterCreation.js similarity index 75% rename from server/models/states/characterCreation.js rename to server/states/characterCreation.js index 12e45c5..e296f19 100755 --- a/server/models/states/characterCreation.js +++ b/server/states/characterCreation.js @@ -1,8 +1,8 @@ import figlet from "figlet"; -import { Session } from "../session.js"; -import { ClientMessage } from "../../utils/messages.js"; -import { PARTY_MAX_SIZE } from "../../config.js"; -import { frameText } from "../../utils/tui.js"; +import { Session } from "../models/session.js"; +import { ClientMessage } from "../utils/messages.js"; +import { frameText } from "../utils/tui.js"; +import { Config } from "../config.js"; export class CharacterCreationState { @@ -28,35 +28,40 @@ export class CharacterCreationState { onAttach() { const charCount = this.session.player.characters.size; + //NOTE: could use async to optimize performance const createPartyLogo = frameText( figlet.textSync("Create Your Party"), - { hPadding: 2, vPadding: 1, hMargin: 2, vMargin: 1 }, + { vPadding: 0, frameChars: "§=§§§§§§" }, ); - this.session.sendMessage(createPartyLogo, {preformatted:true}); + this.session.sendMessage(createPartyLogo, { preformatted: true }); this.session.sendMessage([ "", `Current party size: ${charCount}`, - `Max party size: ${PARTY_MAX_SIZE}`, + `Max party size: ${Config.maxPartySize}`, ]); const min = 1; - const max = PARTY_MAX_SIZE - charCount; - const prompt = `Please enter an integer between ${min} - ${max} (or type :help to get more info about party size)`; + const max = Config.maxPartySize - charCount; + const prompt = [ + `Please enter an integer between ${min} - ${max}`, + "((type *:help* to get more info about party size))", + ]; this.session.sendMessage(`You can create a party with ${min} - ${max} characters, how big should your party be?`); + this.session.sendPrompt("integer", prompt); /** @param {ClientMessage} message */ this._dynamicMessageHandler = (message) => { - const n = PARTY_MAX_SIZE; if (message.isHelpCommand()) { + const mps = Config.maxPartySize; // short var name for easy doctype writing. this.session.sendMessage([ - `Your party can consist of 1 to ${n} characters.`, + `Your party can consist of 1 to ${mps} characters.`, "", "* Large parties tend live longer", - `* If you have fewer than ${n} characters, you can`, + `* If you have fewer than ${mps} characters, you can`, " hire extra characters in your local inn.", "* large parties level slower because there are more", " characters to share the Experience Points", @@ -67,6 +72,7 @@ export class CharacterCreationState { ]); return; } + if (!message.isIntegerResponse()) { this.session.sendError("You didn't enter a number"); this.session.sendPrompt("integer", prompt); diff --git a/server/models/states/createPlayer.js b/server/states/createPlayer.js similarity index 89% rename from server/models/states/createPlayer.js rename to server/states/createPlayer.js index b49f44b..4a8d578 100755 --- a/server/models/states/createPlayer.js +++ b/server/states/createPlayer.js @@ -1,8 +1,9 @@ -import { Session } from "../session.js"; -import * as msg from "../../utils/messages.js"; -import * as security from "../../utils/security.js"; -import { AuthState } from "./auth.js"; -import { Player } from "../player.js"; +import { Session } from "../models/session.js"; +import * as msg from "../utils/messages.js"; +import * as security from "../utils/security.js"; +import { Player } from "../models/player.js"; +import { AuthState } from "./Auth.js"; +import { Config } from "../config.js"; const USERNAME_PROMPT = "Enter a valid username (4-20 characters, [a-z], [A-Z], [0-9], and underscore)"; const PASSWORD_PROMPT = "Enter a valid password"; @@ -37,6 +38,13 @@ export class CreatePlayerState { } onAttach() { + // + // If there are too many players, stop allowing new players in. + if (this.session.game._players.size >= Config.maxPlayers) { + this.session.sendCalamity("Server is full, no more players can be created"); + this.session.close(); + } + this.session.sendFigletMessage("New Player"); this.session.sendPrompt("username", USERNAME_PROMPT); @@ -93,7 +101,7 @@ export class CreatePlayerState { this._player = player; - this.session.sendMessage("Username available 👌"); + this.session.sendSystemMessage("salt", player.salt); this.session.sendMessage(`Username _*${message.username}*_ is available, and I've reserved it for you :)`); this.session.sendPrompt("password", PASSWORD_PROMPT); this.setMessageHandler(this.receivePassword); diff --git a/server/models/states/interface.js b/server/states/interface.js similarity index 66% rename from server/models/states/interface.js rename to server/states/interface.js index 5f976bc..692cb10 100755 --- a/server/models/states/interface.js +++ b/server/states/interface.js @@ -1,5 +1,5 @@ -import { ClientMessage } from "../../utils/messages.js"; -import { Session } from "../session.js"; +import { ClientMessage } from "../utils/messages.js"; +import { Session } from "../models/session.js"; /** @interface */ export class StateInterface { diff --git a/server/models/states/justLoggedIn.js b/server/states/justLoggedIn.js similarity index 90% rename from server/models/states/justLoggedIn.js rename to server/states/justLoggedIn.js index 3b69696..cc1f903 100755 --- a/server/models/states/justLoggedIn.js +++ b/server/states/justLoggedIn.js @@ -1,5 +1,4 @@ -import { Session } from "../session.js"; -import { ClientMessage } from "../../utils/messages.js"; +import { Session } from "../models/session.js"; import { CharacterCreationState } from "./characterCreation.js"; import { AwaitCommandsState } from "./awaitCommands.js"; @@ -21,8 +20,6 @@ export class JustLoggedInState { "", ]); - - // // Check if we need to create characters for the player if (this.session.player.characters.size === 0) { diff --git a/server/utils/config.js b/server/utils/config.js deleted file mode 100644 index 07a492f..0000000 --- a/server/utils/config.js +++ /dev/null @@ -1,4 +0,0 @@ -export const ENV = process.env.NODE_ENV || "prod"; -export const DEV = ENV === "dev"; -export const PROD =!DEV; -export const PORT = process.env.PORT || 3000; diff --git a/server/utils/messages.js b/server/utils/messages.js index 6818a97..3d08f67 100755 --- a/server/utils/messages.js +++ b/server/utils/messages.js @@ -122,7 +122,7 @@ export class ClientMessage { /** Does this message contain a username-response from the client? */ isUsernameResponse() { - return this._attr.length === 3 + return this._attr.length === 4 && this._attr[0] === REPLY && this._attr[1] === "username" && typeof this._attr[2] === "string"; @@ -130,7 +130,7 @@ export class ClientMessage { /** Does this message contain a password-response from the client? */ isPasswordResponse() { - return this._attr.length === 3 + return this._attr.length === 4 && this._attr[0] === REPLY && this._attr[1] === "password" && typeof this._attr[2] === "string"; @@ -147,11 +147,11 @@ export class ClientMessage { /** @returns {boolean} is this a debug message? */ isDebug() { - return this._attr.length == 2 && this._attr[0] === DEBUG; + return this._attr.length === 2 && this._attr[0] === DEBUG; } isIntegerResponse() { - return this._attr.length === 3 + return this._attr.length === 4 && this._attr[0] === REPLY && this._attr[1] === "integer" && (typeof this._attr[2] === "string" || typeof this._attr[2] === "number") @@ -167,10 +167,6 @@ export class ClientMessage { return Number.parseInt(this._attr[2]); } - get debugInfo() { - return this.isDebug() ? this._attr[1] : undefined; - } - /** @returns {string|false} Get the username stored in this message */ get username() { return this.isUsernameResponse() ? this._attr[2] : false; diff --git a/server/utils/security.js b/server/utils/security.js index 0377e12..2fdc76f 100755 --- a/server/utils/security.js +++ b/server/utils/security.js @@ -1,10 +1,12 @@ import { randomBytes, pbkdf2Sync } from "node:crypto"; -import { DEV } from "./config.js"; +import { Config } from "../config.js"; + // Settings (tune as needed) const ITERATIONS = 1000; const KEYLEN = 32; // 32-bit hash const DIGEST = "sha256"; +const DEV = process.env.NODE_ENV === "dev"; /** * Generate a hash from a plaintext password. @@ -28,14 +30,14 @@ export function verifyPassword(password_candidate, stored_password_hash) { const [iterations, salt, hash] = stored_password_hash.split(":"); const derived = pbkdf2Sync(password_candidate, salt, Number(iterations), KEYLEN, DIGEST).toString("hex"); const success = hash === derived; - if (DEV) { + if (Config.dev || true) { console.debug( "Verifying password:\n" + - " Input : %s\n" + - " Stored : %s\n" + - " Given : %s\n" + - " Derived : %s\n" + - " Success : %s", + " Input : %s (the password as it was sent to us by the client)\n" + + " Given : %s (the input password hashed by us (not necessary for validation))\n" + + " Stored : %s (the password hash we have on file for the player)\n" + + " Derived : %s (the hashed version of the input password)\n" + + " Verified : %s (was the password valid)", password_candidate, generateHash(password_candidate), stored_password_hash, diff --git a/server/utils/tui.js b/server/utils/tui.js index d985372..8057ab9 100755 --- a/server/utils/tui.js +++ b/server/utils/tui.js @@ -182,7 +182,7 @@ export function frameText(text, options) { + options.hMargin * 2; // get the frame characters from the frameType. - const [ + let [ fNorth, // horizontal frame top lines fSouth, // horizontal frame bottom lines fWest, // vertical frame lines on the left side @@ -192,6 +192,14 @@ export function frameText(text, options) { fSouthWest, // lower left frame corner fSouthEast, // lower right frame corner ] = options.frameChars.split(""); + if (fNorth === "§") { fNorth = ""; } + if (fSouth === "§") { fSouth = ""; } + if (fEast === "§") { fEast = ""; } + if (fWest === "§") { fWest = ""; } + if (fNorthEast === "§") { fNorthEast = ""; } + if (fSouthEast === "§") { fSouthEast = ""; } + if (fNorthWest === "§") { fNorthWest = ""; } + if (fSouthWest === "§") { fSouthWest = ""; } let output = "";