krh/muuhd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stuffAndThings

Browse Source
This commit is contained in:
Kim Ravn Hansen
2025-09-09 12:55:50 +02:00
parent c8c7259574
commit 5d0cc61cf9
23 changed files with 823 additions and 358 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/.vscode/launch.json vendored
View File

@@ -7,14 +7,19 @@
{
"type": "node",
"request": "launch",
"name": "Launch Program",
"skipFiles": [
"<node_internals>/**"
"name": "Launch with Nodemon",
"runtimeExecutable": "nodemon",
"runtimeArgs": [
"--inspect=9229",
"server.js"
],
"env": {
"NODE_ENV": "dev",
},
"program": "${workspaceFolder}/server.js"
"restart": true,
"skipFiles": [
"<node_internals>/**"
]
}
]
}

58
server/config.js
View File

@@ -1,5 +1,53 @@
export const ENV = process.env.NODE_ENV || "prod";
export const DEV = ENV === "dev";
export const PROD =!DEV;
export const PORT = process.env.PORT || 3000;
export const PARTY_MAX_SIZE = 4;
const dev = process.env.NODE_ENV === "dev";
const env = process.env.PROD || (dev ? "dev" : "prod");
export const Config = {
/** @readonly @type {string} the name of the environment we're running in */
"env": env,
/** @readonly @type {boolean} are we running in development-mode? */
"dev": dev,
/**
* Port we're running the server on.
*
* @readonly
* @const {number}
*/
port: process.env.PORT || 3000,
/**
* Maximum number of players allowed on the server.
*
* @readonly
* @const {number}
*/
maxPlayers: dev ? 3 : 40,
/**
* Max number of characters in a party.
* By default, a player can only have a single party.
* Multiple parties may happen some day.
*/
maxPartySize: 4,
/**
* Number of failed logins allowed before user is locked out.
* Also known as Account lockout threshold
*
* @readonly
* @const {number}
*/
maxFailedLogins: 5,
/**
* When a user has entered a wrong password too many times,
* block them for this long before they can try again.
*
* @readonly
* @const {number}
*/
accountLockoutDurationMs: 15 * 60 * 1000, // 15 minutes.
};

77
server/models/game.js
View File

@@ -7,7 +7,7 @@
* Serializing this object effectively saves the game.
*/
import WebSocket from "ws";
import { miniUid } from "../utils/id.js";
import { Character } from "./character.js";
import { ItemTemplate } from "./item.js";
import { Player } from "./player.js";
@@ -28,43 +28,74 @@ export class Game {
*/
_characters = new Map();
/**
* All players ever registered, mapped by name => player.
*
* _____ _
* | ___(_)_ ___ __ ___ ___
* | |_ | \ \/ / '_ ` _ \ / _ \
* | _| | |> <| | | | | | __/
* |_| |_/_/\_\_| |_| |_|\___|
*
* 1. Add mutex on the players table to avoid race conditions during
* insert/delete/check_available_username
* 1.a ) add an "atomicInsert" that inserts a new player if the giver username
* is available.
* 2. Prune "dead" players (players with 0 logins) after a short while
*
*
/*
* @protected
* @type {Map<string,Player>} Map of users in the game username->Player
*/
_players = new Map();
hasPlayer(username) {
return this._players.has(username);
}
getPlayer(username) {
return this._players.get(username);
}
createPlayer(username, passwordHash=null) {
/**
* Atomic player creation.
*
* @param {string} username
* @param {string?} passwordHash
* @param {string?} salt
*
* @returns {Player|null} Returns the player if username wasn't already taken, or null otherwise.
*/
createPlayer(username, passwordHash = undefined, salt = undefined) {
if (this._players.has(username)) {
return false;
}
const player = new Player(username, passwordHash);
const player = new Player(
username,
typeof passwordHash === "string" ? passwordHash : "",
typeof salt === "string" && salt.length > 0 ? salt : miniUid()
);
this._players.set(username, player);
return player;
}
/**
* Create an ItemTemplate with a given ID
*
* @param {string} id
* @param {object} attributes
*
* @returns {ItemTemplate|false}
*/
createItemTemplate(id, attributes) {
if (typeof id !== "string" || !id) {
throw new Error("Invalid id!");
}
if (this._itemTemplates.has(id)) {
return false;
}
/** @type {ItemTemplate} */
const result = new ItemTemplate(id, attributes.name, attributes.itemSlots);
for (const key of Object.keys(result)) {
if (key === "id") {
continue;
}
if (key in attributes) {
result[key] = attributes[key];
}
}
this._itemTemplates.set(id, result);
return result;
}
}

103
server/models/item.js
View File

@@ -1,5 +1,3 @@
import { cleanName } from "../utils/id.js";
/**
* Item templates are the built-in basic items of the game.
* A character cannot directly own one of these items,
@@ -7,74 +5,69 @@ import { cleanName } from "../utils/id.js";
* generate these CharacterItems.
*/
export class ItemTemplate {
_id;
_name;
_description;
_itemSlots;
/** @constant @readonly @type {string} Item's machine-friendly name */
id;
/** @type {string} Item's machine-friendly name */
get id() {
return this._id;
}
/** @constant @readonly @type {string} Item's human-friendly name */
name;
/** @type {string} Item's human-friendly name */
get name() {
return this._name;
}
/** @constant @readonly @type {string} Item's Description */
description;
/** @type {string} Item's Description */
get description() {
return this._description;
}
/** @constant @readonly @type {number} Number of Item Slots taken up by this item. */
itemSlots;
/** @type {number} Number of Item Slots taken up by this item. */
get itemSlots() {
return this._itemSlots;
}
/** @constant @readonly @type {number?} How much damage (if any) does this item deal */
damage;
/** @constant @readonly @type {string?} Which special effect is triggered when successfull attacking with this item? */
specialEffect;
/** @constant @readonly @type {boolean?} Can this item be used as a melee weapon? */
melee;
/** @constant @readonly @type {boolean?} Can this item be used as a ranged weapon? */
ranged;
/** @constant @readonly @type {string?} Type of ammo that this item is, or that this item uses */
ammoType;
/**
* Constructor
*
* @param {string=null} id Item's machine-friendly name.
* @param {string} name. The Item's Name.
* @param {number} itemSlots number of item slots the item takes up in a character's inventory.
* @param {string} description Item's detailed description.
* @param {string=} id Item's machine-friendly name.
*/
constructor(name, itemSlots, description, id) {
if (typeof name !== "string") {
throw new Error("Name must be a string, but " + typeof name + " given.");
}
if (typeof description === "undefined") {
description = "";
}
if (typeof description !== "string") {
throw new Error("Name must be a string, but " + typeof name + " given.");
}
if (!Number.isFinite(itemSlots)) {
throw new Error("itemSlots must be a finite number!");
}
if (typeof id === "undefined") {
id = cleanName(name);
}
if (typeof id !== "string") {
constructor(id, name, itemSlots) {
if (typeof id !== "string" || id.length < 1) {
throw new Error("id must be a string!");
}
this._name = name;
this._id = id;
this._itemSlots = Number(itemSlots);
this._description = "";
if (typeof name !== "string" || name.length < 1) {
throw new Error("Name must be a string, but " + typeof name + " given.");
}
if (!Number.isFinite(itemSlots)) {
throw new Error("itemSlots must be a finite number!");
}
this.name = name;
this.id = id;
this.itemSlots = Number(itemSlots);
}
//
// Spawn a new item!
/** @returns {Item} */
createItem() {
return new ChracterItem(this._id, this._name, this._description, this._itemSlots);
}
static getOrCreate(id, name, description, itemSlots) {
}
static seed() {
this
return new ChracterItem(
this.id,
this.name,
this.description,
this.itemSlots,
);
}
}
@@ -98,8 +91,8 @@ export class ItemTemplate {
* Another bonus is, that the game can spawn custom items that arent even in the ItemTemplate Set.
*/
export class CharacterItem {
/** @type {string?} The unique name if the ItemTemplate this item is based on. May be null. */
templateItemId; // We use the id instead of a pointer, could make garbage collection better.
/** @type {ItemTemplate|null} The template that created this item. Null if no such template exists [anymore]. */
itemTemplate; // We use the id instead of a pointer, could make garbage collection better.
/** @type {string} The player's name for this item. */
name;

33
server/models/player.js
View File

@@ -7,26 +7,34 @@ import { Character } from "./character.js";
* Contain persistent player account info.
*/
export class Player {
/**
* @protected
* @type {string} unique username
*/
/** @protected @type {string} unique username */
_username;
get username() {
return this._username;
}
/**
* @protected
* @type {string}
*/
/** @protected @type {string} */
_passwordHash;
get passwordHash() {
return this._passwordHash;
}
/** @type {Date} */
/** @protected @type {string} random salt used for hashing */
_salt;
get salt() {
return this._salt;
}
/** @protected @type {Date} */
_createdAt = new Date();
get createdAt() {
return this._createdAt;
}
/** @type {Date} */
blockedUntil;
/** @type {Date|null} Date of the player's last websocket message. */
lastActivityAt = null;
@@ -41,7 +49,7 @@ export class Player {
failedPasswordsSinceLastLogin = 0;
/** @protected @type {Set<Character>} */
_characters = new Set();
_characters = new Set(); // should this be a WeakSet? After all if the player is removed, their items might remain in the system, right?
get characters() {
return this._characters;
}
@@ -49,11 +57,12 @@ export class Player {
/**
* @param {string} username
* @param {string} passwordHash
* @param {string} salt
*/
constructor(username, passwordHash) {
constructor(username, passwordHash, salt) {
this._username = username;
this._passwordHash = passwordHash;
this._salt = salt;
this._createdAt = new Date();
}

54
server/models/session.js
View File

@@ -1,7 +1,7 @@
import WebSocket from 'ws';
import { Game } from './game.js';
import { Player } from './player.js';
import { StateInterface } from './states/interface.js';
import { StateInterface } from '../states/interface.js';
import * as msg from '../utils/messages.js';
import figlet from 'figlet';
@@ -20,20 +20,46 @@ export class Session {
}
/** @type {Player} */
player;
_player;
get player() {
return this._player;
}
/** @param {Player} player */
set player(player) {
if (player instanceof Player) {
this._player = player;
return;
}
if (player === null) {
this._player = null;
return;
}
throw Error(`Can only set player to null or instance of Player, but received ${typeof player}`);
}
/** @type {WebSocket} */
websocket;
_websocket;
/**
* @param {WebSocket} websocket
* @param {Game} game
*/
constructor(websocket, game) {
this.websocket = websocket;
this._websocket = websocket;
this._game = game;
}
/** Close the session and websocket */
close() {
this._websocket.close();
this._player = null;
}
/**
* Send a message via our websocket.
*
@@ -41,7 +67,7 @@ export class Session {
* @param {...any} args
*/
send(messageType, ...args) {
this.websocket.send(JSON.stringify([messageType, ...args]));
this._websocket.send(JSON.stringify([messageType, ...args]));
}
sendFigletMessage(message) {
@@ -62,26 +88,32 @@ export class Session {
/**
* @param {string} type prompt type (username, password, character name, etc.)
* @param {string} message The prompting message (please enter your character's name)
* @param {string|string[]} message The prompting message (please enter your character's name)
* @param {string} tag helps with message routing and handling.
*/
sendPrompt(type, message,...args) {
sendPrompt(type, message, tag="default", ...args) {
if (Array.isArray(message)) {
message = message.join("\n");
}
this.send(msg.PROMPT, type, message,...args);
this.send(msg.PROMPT, type, message, tag, ...args);
}
/** @param {string} message The error message to display to player */
sendError(message,...args) {
sendError(message, ...args) {
this.send(msg.ERROR, message, ...args);
}
/** @param {string} message The error message to display to player */
sendDebug(message, ...args) {
this.send(msg.DEBUG, message, ...args);
}
/** @param {string} message The calamitous error to display to player */
sendCalamity(message,...args) {
sendCalamity(message, ...args) {
this.send(msg.CALAMITY, message, ...args);
}
sendSystemMessage(arg0,...rest) {
sendSystemMessage(arg0, ...rest) {
this.send(msg.SYSTEM, arg0, ...rest);
}

462
server/public/client.js
View File

@@ -1,37 +1,55 @@
class MUDClient {
//
// Constructor
constructor() {
/** @type {WebSocket} ws */
/** @type {WebSocket} Our WebSocket */
this.websocket = null;
/** @type {boolean} Are we in development mode (decided by the server);
this.dev = false;
/**
* The last thing we were asked.
* @type {string|null}
*/
this.serverExpects = null;
/** @type {string|null} The message type of the last thing we were asked. */
this.replyType = null;
/** @type {string|null} The #tag of the last thing we were asked. */
this.replyTag = null;
/** @type {HTMLElement} The output "monitor" */
this.output = document.getElementById("output");
/** @type {HTMLElement} The input element */
this.input = document.getElementById("input");
/** @type {HTMLElement} The send/submit button */
this.sendButton = document.getElementById("send");
/** @type {HTMLElement} Status indicator */
this.status = document.getElementById("status");
// Passwords are crypted and salted before being sent to the server
// This means that if ANY of these three parameters below change,
// The server can no longer accept the passwords.
/** @type {string} Hashing method to use for client-side password hashing */
this.digest = "SHA-256";
this.salt = "V1_Kims_Krappy_Krypto";
/** @type {string} Salt string to use for client-side password hashing */
this.salt = "No salt, no shorts, no service";
/** @type {string} Number of times the hashing should be done */
this.rounds = 1000;
this.username = ""; // the username also salts the password, so the username must never change.
/** @type {string} the username also salts the password, so the username must never change. */
this.username = "";
this.setupEventListeners();
this.connect();
}
/** @param {string} password the password to be hashed */
async hashPassword(password) {
const encoder = new TextEncoder();
let data = encoder.encode(password + this.salt + this.username);
let data = encoder.encode(password + this.salt);
for (let i = 0; i < this.rounds; i++) {
const hashBuffer = await crypto.subtle.digest(this.digest, data);
@@ -41,7 +59,7 @@ class MUDClient {
// Convert final hash to hex
const rawHash = Array.from(data).map(b => b.toString(16).padStart(2, '0')).join('');
return `${this.salt}:${this.rounds}:${this.digest}:${rawHash}`;
return `KimsKrappyKryptoV1:${this.salt}:${this.rounds}:${this.digest}:${rawHash}`;
}
connect() {
@@ -62,7 +80,7 @@ class MUDClient {
};
this.websocket.onmessage = (event) => {
console.log(event);
console.debug(event);
const data = JSON.parse(event.data);
this.onMessage(data);
this.input.focus();
@@ -79,7 +97,7 @@ class MUDClient {
this.websocket.onerror = (error) => {
this.updateStatus("Connection Error", "error");
this.appendOutput("Connection error occurred. Retrying...", { class: "error" });
this.writeToOutput("Connection error occurred. Retrying...", { class: "error" });
};
} catch (error) {
console.error(error);
@@ -89,14 +107,19 @@ class MUDClient {
}
setupEventListeners() {
document.addEventListener("keypress", (e) => {
if (e.key.length === 1 && !e.ctrlKey && !e.altKey && !e.metaKey) {
this.input.focus();
}
});
this.input.addEventListener("keypress", (e) => {
if (e.key === "Enter") {
this.sendMessage();
this.onUserCommand();
}
});
this.sendButton.addEventListener("click", () => {
this.sendMessage();
this.onUserCommand();
});
// Command history
@@ -123,8 +146,69 @@ class MUDClient {
});
}
sendMessage() {
const message = this.input.value.trim();
/**
* Send a json-encoded message to the server via websocket.
*
* @param {messageType} string
* @param {...any} rest
*/
send(messageType, ...args) {
if (args.length === 0) {
this.websocket.send(JSON.stringify([messageType]));
return;
}
this.websocket.send(JSON.stringify([messageType, ...args]));
}
//
// Add a command to history so we can go back to previous commands with arrow keys.
_addCommandToHistory(command) {
//
// we do not add usernames or passwords to history.
if (this.replyType === "password" || this.replyType === "username") {
return;
}
//
// Adding empty commands makes no sense.
// Why would the user navigate back through their history to
// find and empty command when they can just press enter.
if (command === "") {
return;
}
//
// Add to command our history
// But not if the command was a password.
this.historyIndex = -1;
//
// We do not add the same commands many times in a row.
if (this.commandHistory[this.commandHistory.length - 1] === command) {
return;
}
//
// Add the command to the history stack
this.commandHistory.push(command);
if (this.commandHistory.length > 50) {
this.commandHistory.shift();
}
}
/**
* User has entered a command
*/
onUserCommand() {
//
// Trim user's input.
const command = this.input.value.trim();
this.input.value = "";
this.input.type = "text";
this._addCommandToHistory(command);
// -- This is a sneaky command that should not be in production?
//
@@ -132,77 +216,91 @@ class MUDClient {
// :clear would be sent to the server, and we ask if it's okay
// to clear the screen right now, and only on a positive answer would we
// allow the screen to be cleared. Maybe.....
if (message === "/clear") {
if (command === "/clear") {
this.output.innerHTML = "";
this.input.value = "";
return;
}
if (message && this.websocket && this.websocket.readyState === WebSocket.OPEN) {
// Add to command history
if (this.commandHistory[this.commandHistory.length - 1] !== message) {
this.commandHistory.push(message);
if (this.commandHistory.length > 50) {
this.commandHistory.shift();
}
}
this.historyIndex = -1;
this.input.value = "";
this.input.type = "text";
if (this.serverExpects === "password") {
//--------------------------------------------------
// The server asked us for a password, so we send it.
// But we hash it first, so we don't send our stuff
// in the clear.
//--------------------------------------------------
this.hashPassword(message).then((pwHash) => {
this.websocket.send(JSON.stringify(["reply", "password", pwHash]))
this.serverExpects = null;
});
return;
}
this.appendOutput("> " + message, { class: "input" });
if (message === ":quit") {
this.websocket.send(JSON.stringify(["quit"]));
return;
}
if (message === ":help") {
this.websocket.send(JSON.stringify(["help"]));
return;
}
if (this.serverExpects === "username") {
//--------------------------------------------------
// The server asked us for a user, so we send it.
// We also store the username for later
//--------------------------------------------------
this.username = message;
this.websocket.send(JSON.stringify(["reply", "username", message]))
this.serverExpects = null;
return;
}
if (this.serverExpects) {
//--------------------------------------------------
// The server asked the player a question,
// so we send the answer the way the server wants.
//--------------------------------------------------
this.websocket.send(JSON.stringify(["reply", this.serverExpects, message]))
this.serverExpects = null;
return;
}
//
//-----------------------------------------------------
// The player sends a text-based command to the server
//-----------------------------------------------------
this.websocket.send(JSON.stringify(["c", message]));
//
// Don't allow sending messages (for now)
// Later on, prompts may give us the option to simply "press enter";
if (!command) {
console.debug("Cannot send empty message - YET");
return;
}
//
// Can't send a message without a websocket
if (!(this.websocket && this.websocket.readyState === WebSocket.OPEN)) {
return;
}
//
// The server asked us for a password, so we send it.
// But we hash it first, so we don't send our stuff
// in the clear.
if (this.replyType === "password") {
this.hashPassword(command).then((pwHash) => {
this.send("reply", "password", pwHash, this.replyTag);
this.replyType = null;
this.replyTag = null;
});
return;
}
//
// When the player enters their username during the auth-phase,
// keep the username in the pocket for later.
if (this.replyType === "username") {
this.username = command;
}
//
// We add our own command to the output stream so the
// player can see what they typed.
this.writeToOutput("> " + command, { class: "input" });
//
// Handle certain-commands differently.
const specialCommands = { ":quit": "quit", ":help": "help" };
if (specialCommands[command]) {
this.send(specialCommands[command]);
return;
}
//
// Handle replies
// We want to be in a place where ALL messages are replies.
// The game loop should always ask you for your next command,
// even if it does so silently
if (this.replyType) {
//--------------------------------------------------
// The server asked the player a question,
// so we send the answer the way the server wants.
//--------------------------------------------------
this.send("reply", this.replyType, command, this.replyTag);
this.replyType = null;
this.replyTag = null;
return;
}
//
//-----------------------------------------------------
// The player sends a text-based command to the server
//-----------------------------------------------------
// ___ _ _ _
// |_ _|_ __ ___ _ __ ___ _ __| |_ __ _ _ __ | |_| |
// | || '_ ` _ \| '_ \ / _ \| '__| __/ _` | '_ \| __| |
// | || | | | | | |_) | (_) | | | || (_| | | | | |_|_|
// |___|_| |_| |_| .__/ \___/|_| \__\__,_|_| |_|\__(_)
// |_|
//
// Aside from :help", ":quit", etc. we should not send
// unsolicited messages to the server without being
// prompted to do so.
this.send("c", command);
}
// ___ __ __
@@ -210,50 +308,142 @@ class MUDClient {
// | | | | '_ \| |\/| |/ _ \/ __/ __|/ _` |/ _` |/ _ \
// | |_| | | | | | | | __/\__ \__ \ (_| | (_| | __/
// \___/|_| |_|_| |_|\___||___/___/\__,_|\__, |\___|
//
//
/** @param {any[]} data*/
onMessage(data) {
console.log(data);
switch (data[0]) {
case "prompt":
this.serverExpects = data[1];
this.appendOutput(data[2], { class: "prompt" });
if (this.serverExpects === "password") {
this.input.type = "password";
}
break;
case "e": // error
this.appendOutput(data[1], { class: "error" });
break;
case "calamity":
this.appendOutput(data[1], { class: "error" });
break;
case "_": // system messages, not to be displayed
if (data.length === 3 && data[1] === "dev") {
this.dev = data[2];
}
if (this.dev) {
this.appendOutput(`system message: ${data[1]} = ${JSON.stringify(data[2])}`, { class: "debug" });
}
break;
case "m":
// normal text message to be shown to the player
// formatting magic is allowed.
//
// TODO: styling, font size, etc.
const args = typeof (data[2] === "object") ? data[2] : {};
this.appendOutput(data[1], args);
break;
this.appendOutput(data[1], {preformatted:true})
default:
if (this.dev) {
msgType = data.shift();
this.appendOutput(`unknown message type: ${msgType}: ${JSON.stringify(data)}`, "debug");
}
console.log("unknown message type", data);
if (this.dev) {
console.debug(data);
}
const messageType = data.shift();
if (messageType === "dbg") {
return this.handleDebugMessages(data);
}
if (messageType === "prompt") {
return this.handlePromptMessage(data);
}
if (messageType === "e") {
return this.handleErrorMessage(data);
}
if (messageType === "calamity") {
return this.handleCalamityMessage(data);
}
if (messageType === "_") {
return this.handleSystemMessages(data);
}
if (messageType === "m") {
return this.handleTextMessages(data);
}
if (this.dev) {
this.writeToOutput(`unknown message type: ${messageType}: ${JSON.stringify(data)}`, "debug");
}
console.debug("unknown message type", data);
}
//
// "m" => normal/standard message to be displayed to the user
handleTextMessages(data) {
const options = { ...data[1] }; // coerce options into an object.
// normal text message to be shown to the player
this.writeToOutput(data[0], options);
return;
}
//
// Debug messages let the server send data to be displayed on the player's screen
// and also logged to the players browser's log.
handleDebugMessages(data) {
if (!this.dev) {
return; // debug messages are thrown away if we're not in dev mode.
}
this.writeToOutput(data, { class: "debug", preformatted: true });
console.debug("DBG", data);
}
//
// "_" => system messages, not to be displayed
handleSystemMessages(data) {
if (data.length < 2) {
console.debug("malformed system message", data);
return;
}
console.debug("Incoming system message", data);
/** @type {string} */
const messageType = data.shift();
switch (messageType) {
case "dev":
// This is a message that tells us that the server is in
// "dev" mode, and that we should do the same.
this.dev = data[0];
this.status.textContent = "[DEV] " + this.status.textContent;
break;
case "salt":
this.salt = data[0];
console.debug("updating crypto salt", data[0]);
break;
default:
console.debug("unknown system message", messageType, data);
}
// If we're in dev mode, we should output all system messages (in a shaded/faint fashion).
if (this.dev) {
this.writeToOutput(`system message: ${messageType} = ${JSON.stringify(data)}`, { class: "debug" });
}
return;
}
//
// "calamity" => lethal error. Close connection.
// Consider hard refresh of page to reset all variables
handleCalamityMessage(data) {
//
// We assume that calamity errors are pre-formatted, and we do not allow
// any of our own formatting-shenanigans to interfere with the error message
const options = { ...{ class: "error", "preformatted": true }, ...data[1] };
this.writeToOutput(data[0], options);
return;
}
//
// "e" => non-lethal errors
handleErrorMessage(data) {
const options = { ...{ class: "error" }, ...data[1] };
this.writeToOutput(data[0], options);
return;
}
//
// The prompt is the most important message type,
// it prompts us send a message back. We should not
// send messages back to the server without being
// prompted.
// In fact, we should ALWAYS be in a state of just-having-been-prompted.
handlePromptMessage(data) {
let [replyType, promptText, replyTag, options = {}] = data;
this.replyType = replyType;
this.replyTag = replyTag;
this.writeToOutput(promptText, { ...{ class: "prompt" }, ...options });
// The server has asked for a password, so we set the
// input type to password for safety reasons.
if (replyType === "password") {
this.input.type = "password";
}
return;
}
/**
@@ -261,27 +451,20 @@ class MUDClient {
* @param {string} text
* @param {object} options
*/
appendOutput(text, options = {}) {
writeToOutput(text, options = {}) {
const el = document.createElement("span");
if (typeof options.class === "string") {
el.className = options.class;
}
// Enter prompt answers on the same line as the prompt?
// if (className !== "prompt") {
// el.textContent = text + "\n";
// } else {
// el.textContent = text + " ";
// }
// add end of line character "\n" unless
// options.addEol = false is set explicitly
const eol = options.addEol === false ? "" : "\n";
if (options.preformatted) {
el.textContent = text + eol;
el.className += " " + "preformatted";
} else {
el.innerHTML = parseCrackdown(text) + eol;
}
@@ -289,8 +472,16 @@ class MUDClient {
this.output.scrollTop = this.output.scrollHeight;
}
/**
* Update the status banner.
*
* @param {string} message
* @param {string} className
*/
updateStatus(message, className) {
this.status.textContent = `Status: ${message}`;
this.status.textContent = this.dev
? `[DEV] Status: ${message}`
: `Status: ${message}`;
this.status.className = className;
}
}
@@ -301,8 +492,8 @@ document.addEventListener("DOMContentLoaded", () => {
});
function parseCrackdown(text) {
console.log("starting crack parsing");
console.log(text);
console.debug("starting crack parsing");
console.debug(text);
return text.replace(/[&<>"'`]/g, (c) => {
switch (c) {
case '&': return '&amp;';
@@ -323,8 +514,7 @@ function parseCrackdown(text) {
.replace(/\({2}(([a-zA-Z0-9:].*?[a-zA-Z0-9:])|[a-zA-Z0-9:])\){2}/g, '<span class="faint">$1</span>') // faint with parentheses
;
console.log("crack output", text);
console.debug("crack output", text);
return text;
}

37
server/seed.js
View File

@@ -1,37 +0,0 @@
import { Game } from "./models/game.js";
import { Player } from "./models/player.js";
// ____ _____ _____ ____ _____ ____
// / ___|| ____| ____| _ \| ____| _ \
// \___ \| _| | _| | | | | _| | |_) |
// ___) | |___| |___| |_| | |___| _ <
// |____/|_____|_____|____/|_____|_| \_\
//
/** @param {Game} game */
export class Seeder {
seed(game) {
/** @protected @type {Game} */
this.game = game;
this.createPlayers();
}
/** @protected */
createPlayers() {
// "pass" encrypted by client is:
// "V1_Kims_Krappy_Krypto:1000:SHA-256:8bdff92251f55df078f7a12446748fbeeb308991008096bf2eed3fd8926d0301"
// "pass" encrypted by client and then by server is:
// "1000:833d63b13a187a0d8950c83ad6d955b9:4bdc9981dd245e7c77949e0166094264f98c62ae9f4f5ebbcda50728bbb8b080"
//
// Since the server-side hashes have random salts, the hashes themselves can change for the same password.
// The client side hash must not have a random salt, otherwise, it must change every time.
//
// The hash below is just one has that represents the password "pass" sent via V1 of the "Kims Krappy Krypto" scheme.
//
const passwordHash = "1000:bdaa0d7436caeaa4d278e7591870b68c:151b8f7e73a97a01af190a51b45ee389c2f4590a6449ddae6f25b9eab49cac0d";
const player = new Player("user", passwordHash);
this.game.createPlayer("user", passwordHash);
// const char = new Character(player.username, "Sir Debug The Strong", true);
}
}

15
server/seeders/characerSeeder.js Normal file
View File

@@ -0,0 +1,15 @@
// ____ _ _
// / ___| |__ __ _ _ __ __ _ ___| |_ ___ _ __
// | | | '_ \ / _` | '__/ _` |/ __| __/ _ \ '__|
// | |___| | | | (_| | | | (_| | (__| || __/ |
// \____|_| |_|\__,_|_| \__,_|\___|\__\___|_|
//
// ____ _
// / ___| ___ ___ __| | ___ _ __
// \___ \ / _ \/ _ \/ _` |/ _ \ '__|
// ___) | __/ __/ (_| | __/ |
// |____/ \___|\___|\__,_|\___|_|
//
export class CharacterSeeder {
}

36
server/seeders/gameSeeder.js Normal file
View File

@@ -0,0 +1,36 @@
import { Game } from "../models/game.js";
import { ItemSeeder } from "./itemSeeder.js";
import { PlayerSeeder } from "./playerSeeder.js";
/**
* Create and populate a Game object.
*
* This seeder creates all models necessary to play the game.
*
* If dev mode, we create some known debug logins. (username = user, password = pass) as well as a few others
*/
export class GameSeeder {
/** @returns {Game} */
createGame() {
/** @type {Game} */
this.game = new Game();
this.work(); // Seeding may take a bit, so let's defer it so we can return early.
return this.game;
}
work() {
console.info("seeding...");
//
(new PlayerSeeder(this.game)).seed(); // Create debug players
(new ItemSeeder(this.game)).seed(); // Create items, etc.
//
// Done
console.info("seeding done");
}
}

71
server/seeders/itemSeeder.js Executable file
View File

@@ -0,0 +1,71 @@
import { Game } from "../models/game.js";
import { ItemTemplate } from "../models/item.js";
//
// ___ _ _____ _ _
// |_ _| |_ ___ _ __ ___ |_ _|__ _ __ ___ _ __ | | __ _| |_ ___ ___
// | || __/ _ \ '_ ` _ \ | |/ _ \ '_ ` _ \| '_ \| |/ _` | __/ _ \/ __|
// | || || __/ | | | | | | | __/ | | | | | |_) | | (_| | || __/\__ \
// |___|\__\___|_| |_| |_| |_|\___|_| |_| |_| .__/|_|\__,_|\__\___||___/
// |_|
//
// Seed the Game.itemTemplate store
export class ItemSeeder {
/** @param {Game} game */
constructor(game) {
this.game = game;
}
seed() {
// __ __
// \ \ / /__ __ _ _ __ ___ _ __ ___
// \ \ /\ / / _ \/ _` | '_ \ / _ \| '_ \/ __|
// \ V V / __/ (_| | |_) | (_) | | | \__ \
// \_/\_/ \___|\__,_| .__/ \___/|_| |_|___/
// |_|
//-------------------------------------------------------
this.game.createItemTemplate("weapons.light.dagger", {
name: "Dagger",
description: "Small shady blady",
itemSlots: 0.5,
damage: 3,
melee: true,
ranged: true,
specialEffect: "effects.weapons.fast",
});
this.game.createItemTemplate("weapons.light.sickle", {
name: "Sickle",
description: "For cutting nuts, and branches",
itemSlots: 1,
damage: 4,
specialEffect: "effects.weapons.sickle",
});
this.game.createItemTemplate("weapons.light.spiked_gauntlets", {
name: "Spiked Gauntlets",
description: "Spikes with gauntlets on them!",
itemSlots: 1,
damage: 5,
specialEffect: "TBD",
});
// _
// / \ _ __ _ __ ___ ___ _ __ ___
// / _ \ | '__| '_ ` _ \ / _ \| '__/ __|
// / ___ \| | | | | | | | (_) | | \__ \
// /_/ \_\_| |_| |_| |_|\___/|_| |___/
// ---------------------------------------
//
this.game.createItemTemplate("armors.light.studded_leather", {
name: "Studded Leather",
description: "Padded and hardened leather with metal stud reinforcement",
itemSlots: 3,
specialEffect: "TBD",
});
console.log(this.game._itemTemplates);
}
}

35
server/seeders/playerSeeder.js Executable file
View File

@@ -0,0 +1,35 @@
import { Game } from "../models/game.js";
import { Player } from "../models/player.js";
export class PlayerSeeder {
/** @param {Game} game */
constructor(game) {
/** @type {Game} */
this.game = game;
}
seed() {
// Examples of the word "pass" hashed by the client and then the server:
// Note that the word "pass" has gajillions of hashed representations, all depending on the salts used to hash them.
// "pass" hashed by client: KimsKrappyKryptoV1:userSalt:1000:SHA-256:b106e097f92ff7c288ac5048efb15f1a39a15e5d64261bbbe3f7eacee24b0ef4
// "pass" hashed by server: 1000:15d79316f95ff6c89276308e4b9eb64d:2178d5ded9174c667fe0624690180012f13264a52900fe7067a13f235f4528ef
//
// Since the server-side hashes have random salts, the hashes themselves can change for the same password.
// The client side hash must not have a random salt, otherwise, it must change every time.
//
// The hash below is just one has that represents the password "pass" sent via V1 of the "Kims Krappy Krypto" scheme.
this.game.createPlayer(
"user",
"1000:15d79316f95ff6c89276308e4b9eb64d:2178d5ded9174c667fe0624690180012f13264a52900fe7067a13f235f4528ef",
"userSalt",
);
this.game.createPlayer(
"admin",
"1000:a84760824d28a9b420ee5f175a04d1e3:a6694e5c9fd41d8ee59f0a6e34c822ee2ce337c187e2d5bb5ba8612d6145aa8e",
"adminSalt",
);
}
}

20
server/server.js
View File

@@ -4,19 +4,16 @@ import path from "path";
import fs from "fs";
import { Game } from "./models/game.js";
import * as msg from "./utils/messages.js";
import * as cfg from "./utils/config.js";
import { Session } from "./models/session.js";
import { Seeder } from "./seed.js";
import { AuthState } from "./models/states/AuthState.js";
import { AuthState } from "./states/Auth.js";
import { GameSeeder } from "./seeders/gameSeeder.js";
import { Config } from "./config.js";
class MudServer {
constructor() {
/** @type {Game} */
this.game = new Game();
if (cfg.DEV) {
(new Seeder()).seed(this.game);
}
this.game = (new GameSeeder()).createGame();
}
// ____ ___ _ _ _ _ _____ ____ _____ _____ ____
@@ -165,9 +162,9 @@ class MudServer {
this.onConnectionEstabished(ws);
});
console.info(`running in ${cfg.ENV} mode`);
httpServer.listen(cfg.PORT, () => {
console.log(`NUUHD server running on port ${cfg.PORT}`);
console.info(`running environment: ${Config.env}`);
httpServer.listen(Config.port, () => {
console.log(`NUUHD server running on port ${Config.port}`);
console.log(`WebSocket server ready for connections`);
});
}
@@ -181,4 +178,5 @@ class MudServer {
//---------------------------
// Code entry point
//-----------------
(new MudServer()).start();
const mudserver = new MudServer();
mudserver.start();

60
server/models/states/auth.js → server/states/Auth.js
View File

@@ -1,14 +1,14 @@
import * as msg from "../../utils/messages.js";
import * as security from "../../utils/security.js";
import * as msg from "../utils/messages.js";
import * as security from "../utils/security.js";
import { CreatePlayerState } from "./createPlayer.js";
import { JustLoggedInState } from "./justLoggedIn.js";
import { Session } from "../session.js";
import { Session } from "../models/session.js";
import { Config } from "../config.js";
const STATE_EXPECT_USERNAME = "promptUsername";
const STATE_EXPECT_PASSWORD = "promptPassword";
const USERNAME_PROMPT = [
"Please enter your username",
"((type *:help* for help))",
"Please enter your _username_:",
"((type *:create* if you want to create a new user))",
];
const PASSWORD_PROMPT = "Please enter your password";
@@ -57,6 +57,7 @@ export class AuthState {
//
// handle invalid message types
if (!message.isUsernameResponse()) {
console.debug("what?!", message);
this.session.sendError("Incorrect message type!");
this.session.sendPrompt("username", USERNAME_PROMPT);
return;
@@ -68,7 +69,7 @@ export class AuthState {
// TODO:
// Set gamestate = CreateNewPlayer
//
// Also check if player creation is allowed in cfg/env
// Also check if player creation is allowed in config/env
this.session.setState(new CreatePlayerState(this.session));
return;
}
@@ -81,11 +82,11 @@ export class AuthState {
return;
}
const player = this.session.game.getPlayer(message.username);
this.player = this.session.game.getPlayer(message.username);
//
// handle invalid username
if (!player) {
if (!this.player) {
//
// This is a security risk. In the perfect world we would allow the player to enter both
@@ -104,8 +105,8 @@ export class AuthState {
//
// username was correct, proceed to next step
this.session.player = player;
this.subState = STATE_EXPECT_PASSWORD;
this.session.sendSystemMessage("salt", this.player.salt);
this.session.sendPrompt("password", PASSWORD_PROMPT);
}
@@ -133,21 +134,46 @@ export class AuthState {
return;
}
//
// Verify the password against the hash we've stored.
if (!security.verifyPassword(message.password, this.session.player.passwordHash)) {
this.session.sendError("Incorrect password!");
this.session.sendPrompt("password", PASSWORD_PROMPT);
this.session.player.failedPasswordsSinceLastLogin++;
// Block users who enter bad passwords too many times.
if (this.player.failedPasswordsSinceLastLogin > Config.maxFailedLogins) {
this.blockedUntil = new Date() + Config.maxFailedLogins,
this.session.sendCalamity("You have been locked out for too many failed password attempts, come back later");
this.session.close();
return;
}
this.session.player.lastSucessfulLoginAt = new Date();
this.session.player.failedPasswordsSinceLastLogin = 0;
//
// Handle blocked users.
// They don't even get to have their password verified.
if (this.player.blockedUntil > (new Date())) {
this.session.sendCalamity("You have been locked out for too many failed password attempts, come back later");
this.session.close();
return;
}
//
// Verify the password against the hash we've stored.
if (!security.verifyPassword(message.password, this.player.passwordHash)) {
this.session.sendError("Incorrect password!");
this.session.sendPrompt("password", PASSWORD_PROMPT);
this.player.failedPasswordsSinceLastLogin++;
this.session.sendDebug(`Failed login attempt #${this.player.failedPasswordsSinceLastLogin}`);
return;
}
this.player.lastSucessfulLoginAt = new Date();
this.player.failedPasswordsSinceLastLogin = 0;
this.session.player = this.player;
//
// Password correct, check if player is an admin
if (this.session.player.isAdmin) {
if (this.player.isAdmin) {
// set state AdminJustLoggedIn
}

6
server/models/states/awaitCommands.js → server/states/awaitCommands.js
View File

@@ -1,5 +1,5 @@
import * as msg from "../../utils/messages.js";
import { Session } from "../session.js";
import * as msg from "../utils/messages.js";
import { Session } from "../models/session.js";
/**
* Main game state
@@ -41,7 +41,7 @@ export class AwaitCommandsState {
break;
case "quit":
this.session.sendMessage("The quitting quitter quits, typical... Cya");
this.session.websocket.close();
this.session._websocket.close();
break;
default:
this.session.sendMessage(`Unknown command: ${message.command}`);

30
server/models/states/characterCreation.js → server/states/characterCreation.js
View File

@@ -1,8 +1,8 @@
import figlet from "figlet";
import { Session } from "../session.js";
import { ClientMessage } from "../../utils/messages.js";
import { PARTY_MAX_SIZE } from "../../config.js";
import { frameText } from "../../utils/tui.js";
import { Session } from "../models/session.js";
import { ClientMessage } from "../utils/messages.js";
import { frameText } from "../utils/tui.js";
import { Config } from "../config.js";
export class CharacterCreationState {
@@ -28,35 +28,40 @@ export class CharacterCreationState {
onAttach() {
const charCount = this.session.player.characters.size;
//NOTE: could use async to optimize performance
const createPartyLogo = frameText(
figlet.textSync("Create Your Party"),
{ hPadding: 2, vPadding: 1, hMargin: 2, vMargin: 1 },
{ vPadding: 0, frameChars: "§=§§§§§§" },
);
this.session.sendMessage(createPartyLogo, {preformatted:true});
this.session.sendMessage(createPartyLogo, { preformatted: true });
this.session.sendMessage([
"",
`Current party size: ${charCount}`,
`Max party size: ${PARTY_MAX_SIZE}`,
`Max party size: ${Config.maxPartySize}`,
]);
const min = 1;
const max = PARTY_MAX_SIZE - charCount;
const prompt = `Please enter an integer between ${min} - ${max} (or type :help to get more info about party size)`;
const max = Config.maxPartySize - charCount;
const prompt = [
`Please enter an integer between ${min} - ${max}`,
"((type *:help* to get more info about party size))",
];
this.session.sendMessage(`You can create a party with ${min} - ${max} characters, how big should your party be?`);
this.session.sendPrompt("integer", prompt);
/** @param {ClientMessage} message */
this._dynamicMessageHandler = (message) => {
const n = PARTY_MAX_SIZE;
if (message.isHelpCommand()) {
const mps = Config.maxPartySize; // short var name for easy doctype writing.
this.session.sendMessage([
`Your party can consist of 1 to ${n} characters.`,
`Your party can consist of 1 to ${mps} characters.`,
"",
"* Large parties tend live longer",
`* If you have fewer than ${n} characters, you can`,
`* If you have fewer than ${mps} characters, you can`,
" hire extra characters in your local inn.",
"* large parties level slower because there are more",
" characters to share the Experience Points",
@@ -67,6 +72,7 @@ export class CharacterCreationState {
]);
return;
}
if (!message.isIntegerResponse()) {
this.session.sendError("You didn't enter a number");
this.session.sendPrompt("integer", prompt);

20
server/models/states/createPlayer.js → server/states/createPlayer.js
View File

@@ -1,8 +1,9 @@
import { Session } from "../session.js";
import * as msg from "../../utils/messages.js";
import * as security from "../../utils/security.js";
import { AuthState } from "./auth.js";
import { Player } from "../player.js";
import { Session } from "../models/session.js";
import * as msg from "../utils/messages.js";
import * as security from "../utils/security.js";
import { Player } from "../models/player.js";
import { AuthState } from "./Auth.js";
import { Config } from "../config.js";
const USERNAME_PROMPT = "Enter a valid username (4-20 characters, [a-z], [A-Z], [0-9], and underscore)";
const PASSWORD_PROMPT = "Enter a valid password";
@@ -37,6 +38,13 @@ export class CreatePlayerState {
}
onAttach() {
//
// If there are too many players, stop allowing new players in.
if (this.session.game._players.size >= Config.maxPlayers) {
this.session.sendCalamity("Server is full, no more players can be created");
this.session.close();
}
this.session.sendFigletMessage("New Player");
this.session.sendPrompt("username", USERNAME_PROMPT);
@@ -93,7 +101,7 @@ export class CreatePlayerState {
this._player = player;
this.session.sendMessage("Username available 👌");
this.session.sendSystemMessage("salt", player.salt);
this.session.sendMessage(`Username _*${message.username}*_ is available, and I've reserved it for you :)`);
this.session.sendPrompt("password", PASSWORD_PROMPT);
this.setMessageHandler(this.receivePassword);

4
server/models/states/interface.js → server/states/interface.js
View File

@@ -1,5 +1,5 @@
import { ClientMessage } from "../../utils/messages.js";
import { Session } from "../session.js";
import { ClientMessage } from "../utils/messages.js";
import { Session } from "../models/session.js";
/** @interface */
export class StateInterface {

5
server/models/states/justLoggedIn.js → server/states/justLoggedIn.js
View File

@@ -1,5 +1,4 @@
import { Session } from "../session.js";
import { ClientMessage } from "../../utils/messages.js";
import { Session } from "../models/session.js";
import { CharacterCreationState } from "./characterCreation.js";
import { AwaitCommandsState } from "./awaitCommands.js";
@@ -21,8 +20,6 @@ export class JustLoggedInState {
"",
]);
//
// Check if we need to create characters for the player
if (this.session.player.characters.size === 0) {

4
server/utils/config.js
View File

@@ -1,4 +0,0 @@
export const ENV = process.env.NODE_ENV || "prod";
export const DEV = ENV === "dev";
export const PROD =!DEV;
export const PORT = process.env.PORT || 3000;

12
server/utils/messages.js
View File

@@ -122,7 +122,7 @@ export class ClientMessage {
/** Does this message contain a username-response from the client? */
isUsernameResponse() {
return this._attr.length === 3
return this._attr.length === 4
&& this._attr[0] === REPLY
&& this._attr[1] === "username"
&& typeof this._attr[2] === "string";
@@ -130,7 +130,7 @@ export class ClientMessage {
/** Does this message contain a password-response from the client? */
isPasswordResponse() {
return this._attr.length === 3
return this._attr.length === 4
&& this._attr[0] === REPLY
&& this._attr[1] === "password"
&& typeof this._attr[2] === "string";
@@ -147,11 +147,11 @@ export class ClientMessage {
/** @returns {boolean} is this a debug message? */
isDebug() {
return this._attr.length == 2 && this._attr[0] === DEBUG;
return this._attr.length === 2 && this._attr[0] === DEBUG;
}
isIntegerResponse() {
return this._attr.length === 3
return this._attr.length === 4
&& this._attr[0] === REPLY
&& this._attr[1] === "integer"
&& (typeof this._attr[2] === "string" || typeof this._attr[2] === "number")
@@ -167,10 +167,6 @@ export class ClientMessage {
return Number.parseInt(this._attr[2]);
}
get debugInfo() {
return this.isDebug() ? this._attr[1] : undefined;
}
/** @returns {string|false} Get the username stored in this message */
get username() {
return this.isUsernameResponse() ? this._attr[2] : false;

16
server/utils/security.js
View File

@@ -1,10 +1,12 @@
import { randomBytes, pbkdf2Sync } from "node:crypto";
import { DEV } from "./config.js";
import { Config } from "../config.js";
// Settings (tune as needed)
const ITERATIONS = 1000;
const KEYLEN = 32; // 32-bit hash
const DIGEST = "sha256";
const DEV = process.env.NODE_ENV === "dev";
/**
* Generate a hash from a plaintext password.
@@ -28,14 +30,14 @@ export function verifyPassword(password_candidate, stored_password_hash) {
const [iterations, salt, hash] = stored_password_hash.split(":");
const derived = pbkdf2Sync(password_candidate, salt, Number(iterations), KEYLEN, DIGEST).toString("hex");
const success = hash === derived;
if (DEV) {
if (Config.dev || true) {
console.debug(
"Verifying password:\n" +
" Input : %s\n" +
" Stored : %s\n" +
" Given : %s\n" +
" Derived : %s\n" +
" Success : %s",
" Input : %s (the password as it was sent to us by the client)\n" +
" Given : %s (the input password hashed by us (not necessary for validation))\n" +
" Stored : %s (the password hash we have on file for the player)\n" +
" Derived : %s (the hashed version of the input password)\n" +
" Verified : %s (was the password valid)",
password_candidate,
generateHash(password_candidate),
stored_password_hash,

10
server/utils/tui.js
View File

@@ -182,7 +182,7 @@ export function frameText(text, options) {
+ options.hMargin * 2;
// get the frame characters from the frameType.
const [
let [
fNorth, // horizontal frame top lines
fSouth, // horizontal frame bottom lines
fWest, // vertical frame lines on the left side
@@ -192,6 +192,14 @@ export function frameText(text, options) {
fSouthWest, // lower left frame corner
fSouthEast, // lower right frame corner
] = options.frameChars.split("");
if (fNorth === "§") { fNorth = ""; }
if (fSouth === "§") { fSouth = ""; }
if (fEast === "§") { fEast = ""; }
if (fWest === "§") { fWest = ""; }
if (fNorthEast === "§") { fNorthEast = ""; }
if (fSouthEast === "§") { fSouthEast = ""; }
if (fNorthWest === "§") { fNorthWest = ""; }
if (fSouthWest === "§") { fSouthWest = ""; }
let output = "";