matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reverting usage of RE2 (WIP):

Browse Source 
**Breaking changes**

The livechat v13 introduced a new library to handle regular expressions in forbidden words, to avoid
[ReDOS](https://en.wikipedia.org/wiki/ReDoS) attacks.
Unfortunately, this library was not able to install itself properly on some systems, and some admins were not able
to install the livechat plugin.

That's why we have disabled this library in v14, and introduce a new settings to enable regexp in forbidden words.
By default this settings is disabled, and your users won't be able to use regexp in their forbidden words.

The risk by enabling this feature is that a malicious user could cause a denial of service for the chat bot, by using a
special crafted regular expression in their channel options, and sending a special crafter message in one of their
rooms. If you trust your users (those who have rights to livestream), you can enable the settings. Otherwise it is not
recommanded. See the documentation for more informations.

**Minor changes and fixes**

* Channel's forbidden words: new "enable" column.
* New settings to enable regular expressions for channel forbidden words.
* "Channel advanced configuration" settings: removing the "experimental feature" label.
This commit is contained in:
John Livingston
2025-06-19 12:07:39 +02:00
parent e41529b61f
commit 3624dd5c3c
65 changed files with 343 additions and 2145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
server/main.ts
View File

@ -20,6 +20,7 @@ import { ExternalAuthOIDC } from './lib/external-auth/oidc'
import { migrateMUCAffiliations } from './lib/prosody/migration/migrateV10'
import { updateProsodyChannelEmojisRegex } from './lib/prosody/migration/migrateV12'
import { updateForbidSpecialCharsHandler } from './lib/prosody/migration/migrateV13'
import { mustMigrateV14 } from './lib/prosody/migration/migratev14'
import { Emojis } from './lib/emojis'
import { LivechatProsodyAuth } from './lib/prosody/auth'
import decache from 'decache'
@ -52,8 +53,10 @@ async function register (options: RegisterServerOptions): Promise<any> {
await BotConfiguration.initSingleton(options)
// Then load the RoomChannel singleton
const roomChannelSingleton = await RoomChannel.initSingleton(options)
// roomChannelNeedsDataInit: if true, means that the data file does not exist (or is invalid), so we must initiate it
const roomChannelNeedsDataInit = !await roomChannelSingleton.readData()
// roomChannelNeedsDataInit: if true, means that we must rebuild the data file
// (for example because it does not exist (or is invalid), so we must initiate it)
let roomChannelNeedsDataRebuild = !await roomChannelSingleton.readData()
if (await mustMigrateV14(options)) { roomChannelNeedsDataRebuild = true }
// BotsCtl.initSingleton() will force reload the bots conf files, so must be done before generating Prosody Conf.
await BotsCtl.initSingleton(options)
@ -76,8 +79,8 @@ async function register (options: RegisterServerOptions): Promise<any> {
await ensureProsodyRunning(options)
let preBotPromise: Promise<void>
if (roomChannelNeedsDataInit) {
logger.info('The RoomChannel singleton has not found any data, we must rebuild')
if (roomChannelNeedsDataRebuild) {
logger.info('The RoomChannel singleton must rebuild data')
// no need to wait here, can be done without await.
preBotPromise = roomChannelSingleton.rebuildData().then(
() => { logger.info('RoomChannel singleton rebuild done') },