Merge branch 'master' of https://github.com/discord-open-source/discord-server

2021-02-04 09:55:06 +01:00 · 2021-02-04 09:55:06 +01:00 · 14ba698369
commit 14ba698369
parent 251b23e321 d886213349
9 changed files with 184534 additions and 21 deletions
--- a/.github/ISSUE_TEMPLATE/-feature--.md
+++ b/.github/ISSUE_TEMPLATE/-feature--.md
@ -0,0 +1,20 @@
+---
+name: "[Feature] "
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
--- a/README.md
+++ b/README.md
@ -1,16 +1,11 @@
-# Discord Open Source Server
-This repository contains the HTTP API Server and the WebSocket Gateway Server
+# Discord Open Source API Server
+This repository contains the HTTP API Server

 ## Bug Tracker
 [Project Board](https://github.com/discord-open-source/discord-server/projects/4)

 ## API
-[Project Board](https://github.com/discord-open-source/discord-server/projects/6)
-
-For the WebSocket we use [ws](https://www.npmjs.com/package/ws) and we'll write our own packet handler for the individual opcodes and events.
-
-## Gateway
-[Project Board](https://github.com/discord-open-source/discord-server/projects/3)
+[Project Board](https://github.com/discord-open-source/discord-server/projects/2)

 We use [express](https://expressjs.com/) for the HTTP Server and 
 [lambert-server](https://www.npmjs.com/package/lambert-server) for route handling and body validation (customized).
@ -22,7 +17,7 @@ You should be familiar with:
 - [TypeScript](https://www.typescriptlang.org/)
 - [Lambert-DB](https://www.npmjs.com/package/lambert-db) (easy database abstraction wrapper)

-and the technologies we use for Gateway/API
+and the other technologies we use 

 ### Getting Started
 Clone the Repository:
--- a/assets/passwords.txt
+++ b/assets/passwords.txt
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -20,33 +20,25 @@
 	},
 	"homepage": "https://github.com/Trenite/discord-server-opensource#readme",
 	"dependencies": {
-		"@types/express": "^4.17.9",
-		"@types/node-fetch": "^2.5.7",
 		"bcrypt": "^5.0.0",
 		"body-parser": "^1.19.0",
 		"express": "^4.17.1",
-		"express-cache-middleware": "^1.0.1",
 		"express-validator": "^6.9.2",
-		"faker": "^5.1.0",
 		"i18next": "^19.8.5",
 		"i18next-http-middleware": "^3.1.0",
 		"i18next-node-fs-backend": "^2.1.3",
 		"jsonwebtoken": "^8.5.1",
-		"jwa": "^2.0.0",
-		"jws": "^4.0.0",
 		"lambert-db": "^1.1.3",
 		"lambert-server": "^1.0.10",
 		"missing-native-js-functions": "^1.2.0",
-		"mongoose": "^5.11.14",
-		"node-fetch": "^2.6.1",
-		"rethinkdb-ts": "^2.4.5"
+		"node-fetch": "^2.6.1"
 	},
 	"devDependencies": {
+		"@types/express": "^4.17.9",
+		"@types/node-fetch": "^2.5.7",
 		"@types/bcrypt": "^3.0.0",
-		"@types/faker": "^5.1.5",
 		"@types/i18next-node-fs-backend": "^2.1.0",
 		"@types/jsonwebtoken": "^8.5.0",
-		"@types/jws": "^3.2.3",
 		"@types/node": "^14.14.22",
 		"ts-node": "^9.1.1",
 		"typescript": "^4.1.2"
--- a/src/models/Invite.ts
+++ b/src/models/Invite.ts
@ -0,0 +1,31 @@
+export interface Invite {
+    code: string,
+    guild: {  
+        id: bigint,
+        name: string,
+        splash: string,
+        description: string,
+        icon: string,
+        features: Object,
+        verification_level: number
+    },
+    channel: {
+        id: bigint,
+        name: string,
+        type: number
+    },
+
+    inviter: {
+        id: bigint,
+        username: string,
+        avatar: string,
+        discriminator: number,
+    },
+    target_user: {
+        id: bigint,
+        username: string,
+        avatar: string,
+        discriminator: number
+    },
+    target_user_type: number
+}
--- a/src/test/password_test.ts
+++ b/src/test/password_test.ts
@ -0,0 +1,12 @@
+import { check } from "./../util/passwordStrength";
+
+console.log(check("123456789012345"));
+// -> 0.25
+console.log(check("ABCDEFGHIJKLMOPQ"));
+// -> 0.25
+console.log(check("ABC123___...123"));
+// ->
+console.log(check(""));
+// ->
+// console.log(check(""));
+// // ->
--- a/src/util/Constants.ts
+++ b/src/util/Constants.ts
@ -71,6 +71,13 @@ export interface DefaultOptions {
 		requireInvite: boolean;
 		allowNewRegistration: boolean;
 		allowMultipleAccounts: boolean;
+		password: {
+			minLength: number;
+			minNumbers: number;
+			minUpperCase: number;
+			minSymbols: number;
+			blockInsecureCommonPasswords: boolean; // TODO: efficiently save password blocklist in database
+		};
 	};
 }

@ -123,7 +130,7 @@ export const DefaultOptions: DefaultOptions = {
 			required: true,
 			allowlist: false,
 			blocklist: true,
-			domains: [], // TODO: efficicently save domain blocklist in database
+			domains: [], // TODO: efficiently save domain blocklist in database
 			// domains: fs.readFileSync(__dirname + "/blockedEmailDomains.txt", { encoding: "utf8" }).split("\n"),
 		},
 		dateOfBirth: {
@ -134,6 +141,13 @@ export const DefaultOptions: DefaultOptions = {
 		requireCaptcha: true,
 		allowNewRegistration: true,
 		allowMultipleAccounts: true,
+		password: {
+			minLength: 8,
+			minNumbers: 2,
+			minUpperCase: 2,
+			minSymbols: 0,
+			blockInsecureCommonPasswords: false,
+		},
 	},
 };

--- a/src/util/passwordStrength.ts
+++ b/src/util/passwordStrength.ts
@ -0,0 +1,60 @@
+import "missing-native-js-functions";
+import Config from "./Config";
+
+const reNUMBER = /[0-9]/g;
+const reUPPERCASELETTER = /[A-Z]/g;
+const reSYMBOLS = /[A-Z,a-z,0-9]/g;
+
+const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored in db
+/*
+ * https://en.wikipedia.org/wiki/Password_policy
+ * password must meet following criteria, to be perfect:
+ *  - min <n> chars
+ *  - min <n> numbers
+ *  - min <n> symbols
+ *  - min <n> uppercase chars
+ *
+ * Returns: 0 > pw > 1
+ */
+export function check(password: string): number {
+	const {
+		minLength,
+		minNumbers,
+		minUpperCase,
+		minSymbols,
+		blockInsecureCommonPasswords,
+	} = Config.get().register.password;
+	var strength = 0;
+
+	// checks for total password len
+	if (password.length >= minLength - 1) {
+		strength += 0.25;
+	}
+
+	// checks for amount of Numbers
+	if (password.count(reNUMBER) >= minNumbers - 1) {
+		strength += 0.25;
+	}
+
+	// checks for amount of Uppercase Letters
+	if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) {
+		strength += 0.25;
+	}
+
+	// checks for amount of symbols
+	if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) {
+		strength += 0.25;
+	}
+
+	// checks if password only consists of numbers or only consists of chars
+	if (password.length == password.count(reNUMBER) || password.length === password.count(reUPPERCASELETTER)) {
+		strength = 0;
+	}
+
+	if (blockInsecureCommonPasswords) {
+		if (blocklist.includes(password)) {
+			strength = 0;
+		}
+	}
+	return strength;
+}