Context Navigation

source: code/trunk/downstream.go@ 721

Last change on this file since 721 was 721, checked in by contact, 4 years ago

Abort SASL if in-progress while completing registration

Implements the following recommendation from the spec:

If the client completes registration (with CAP END, NICK, USER and any other
necessary messages) while the SASL authentication is still in progress, the
server SHOULD abort it and send a 906 numeric, then register the client
without authentication.

File size: 69.3 KB

Line
1	package soju
2
3	import (
4	"context"
5	"crypto/tls"
6	"encoding/base64"
7	"errors"
8	"fmt"
9	"io"
10	"net"
11	"strconv"
12	"strings"
13	"time"
14
15	"github.com/emersion/go-sasl"
16	"golang.org/x/crypto/bcrypt"
17	"gopkg.in/irc.v3"
18	)
19
20	type ircError struct {
21	Message *irc.Message
22	}
23
24	func (err ircError) Error() string {
25	return err.Message.String()
26	}
27
28	func newUnknownCommandError(cmd string) ircError {
29	return ircError{&irc.Message{
30	Command: irc.ERR_UNKNOWNCOMMAND,
31	Params: []string{
32	"*",
33	cmd,
34	"Unknown command",
35	},
36	}}
37	}
38
39	func newNeedMoreParamsError(cmd string) ircError {
40	return ircError{&irc.Message{
41	Command: irc.ERR_NEEDMOREPARAMS,
42	Params: []string{
43	"*",
44	cmd,
45	"Not enough parameters",
46	},
47	}}
48	}
49
50	func newChatHistoryError(subcommand string, target string) ircError {
51	return ircError{&irc.Message{
52	Command: "FAIL",
53	Params: []string{"CHATHISTORY", "MESSAGE_ERROR", subcommand, target, "Messages could not be retrieved"},
54	}}
55	}
56
57	var errAuthFailed = ircError{&irc.Message{
58	Command: irc.ERR_PASSWDMISMATCH,
59	Params: []string{"*", "Invalid username or password"},
60	}}
61
62	func parseBouncerNetID(subcommand, s string) (int64, error) {
63	id, err := strconv.ParseInt(s, 10, 64)
64	if err != nil {
65	return 0, ircError{&irc.Message{
66	Command: "FAIL",
67	Params: []string{"BOUNCER", "INVALID_NETID", subcommand, s, "Invalid network ID"},
68	}}
69	}
70	return id, nil
71	}
72
73	func fillNetworkAddrAttrs(attrs irc.Tags, network *Network) {
74	u, err := network.URL()
75	if err != nil {
76	return
77	}
78
79	hasHostPort := true
80	switch u.Scheme {
81	case "ircs":
82	attrs["tls"] = irc.TagValue("1")
83	case "irc+insecure":
84	attrs["tls"] = irc.TagValue("0")
85	default: // e.g. unix://
86	hasHostPort = false
87	}
88	if host, port, err := net.SplitHostPort(u.Host); err == nil && hasHostPort {
89	attrs["host"] = irc.TagValue(host)
90	attrs["port"] = irc.TagValue(port)
91	} else if hasHostPort {
92	attrs["host"] = irc.TagValue(u.Host)
93	}
94	}
95
96	func getNetworkAttrs(network *network) irc.Tags {
97	state := "disconnected"
98	if uc := network.conn; uc != nil {
99	state = "connected"
100	}
101
102	attrs := irc.Tags{
103	"name": irc.TagValue(network.GetName()),
104	"state": irc.TagValue(state),
105	"nickname": irc.TagValue(GetNick(&network.user.User, &network.Network)),
106	}
107
108	if network.Username != "" {
109	attrs["username"] = irc.TagValue(network.Username)
110	}
111	if realname := GetRealname(&network.user.User, &network.Network); realname != "" {
112	attrs["realname"] = irc.TagValue(realname)
113	}
114
115	fillNetworkAddrAttrs(attrs, &network.Network)
116
117	return attrs
118	}
119
120	func networkAddrFromAttrs(attrs irc.Tags) string {
121	host, ok := attrs.GetTag("host")
122	if !ok {
123	return ""
124	}
125
126	addr := host
127	if port, ok := attrs.GetTag("port"); ok {
128	addr += ":" + port
129	}
130
131	if tlsStr, ok := attrs.GetTag("tls"); ok && tlsStr == "0" {
132	addr = "irc+insecure://" + tlsStr
133	}
134
135	return addr
136	}
137
138	func updateNetworkAttrs(record *Network, attrs irc.Tags, subcommand string) error {
139	addrAttrs := irc.Tags{}
140	fillNetworkAddrAttrs(addrAttrs, record)
141
142	updateAddr := false
143	for k, v := range attrs {
144	s := string(v)
145	switch k {
146	case "host", "port", "tls":
147	updateAddr = true
148	addrAttrs[k] = v
149	case "name":
150	record.Name = s
151	case "nickname":
152	record.Nick = s
153	case "username":
154	record.Username = s
155	case "realname":
156	record.Realname = s
157	case "pass":
158	record.Pass = s
159	default:
160	return ircError{&irc.Message{
161	Command: "FAIL",
162	Params: []string{"BOUNCER", "UNKNOWN_ATTRIBUTE", subcommand, k, "Unknown attribute"},
163	}}
164	}
165	}
166
167	if updateAddr {
168	record.Addr = networkAddrFromAttrs(addrAttrs)
169	if record.Addr == "" {
170	return ircError{&irc.Message{
171	Command: "FAIL",
172	Params: []string{"BOUNCER", "NEED_ATTRIBUTE", subcommand, "host", "Missing required host attribute"},
173	}}
174	}
175	}
176
177	return nil
178	}
179
180	// ' ' and ':' break the IRC message wire format, '@' and '!' break prefixes,
181	// '*' and '?' break masks, '$' breaks server masks in PRIVMSG/NOTICE,
182	// "*" is the reserved nickname for registration
183	const illegalNickChars = " :@!*?$"
184
185	// permanentDownstreamCaps is the list of always-supported downstream
186	// capabilities.
187	var permanentDownstreamCaps = map[string]string{
188	"batch": "",
189	"cap-notify": "",
190	"echo-message": "",
191	"invite-notify": "",
192	"message-tags": "",
193	"sasl": "PLAIN",
194	"server-time": "",
195	"setname": "",
196
197	"soju.im/bouncer-networks": "",
198	"soju.im/bouncer-networks-notify": "",
199	}
200
201	// needAllDownstreamCaps is the list of downstream capabilities that
202	// require support from all upstreams to be enabled
203	var needAllDownstreamCaps = map[string]string{
204	"account-notify": "",
205	"account-tag": "",
206	"away-notify": "",
207	"extended-join": "",
208	"multi-prefix": "",
209
210	"draft/extended-monitor": "",
211	}
212
213	// passthroughIsupport is the set of ISUPPORT tokens that are directly passed
214	// through from the upstream server to downstream clients.
215	//
216	// This is only effective in single-upstream mode.
217	var passthroughIsupport = map[string]bool{
218	"AWAYLEN": true,
219	"BOT": true,
220	"CHANLIMIT": true,
221	"CHANMODES": true,
222	"CHANNELLEN": true,
223	"CHANTYPES": true,
224	"CLIENTTAGDENY": true,
225	"ELIST": true,
226	"EXCEPTS": true,
227	"EXTBAN": true,
228	"HOSTLEN": true,
229	"INVEX": true,
230	"KICKLEN": true,
231	"MAXLIST": true,
232	"MAXTARGETS": true,
233	"MODES": true,
234	"MONITOR": true,
235	"NAMELEN": true,
236	"NETWORK": true,
237	"NICKLEN": true,
238	"PREFIX": true,
239	"SAFELIST": true,
240	"TARGMAX": true,
241	"TOPICLEN": true,
242	"USERLEN": true,
243	"UTF8ONLY": true,
244	"WHOX": true,
245	}
246
247	type downstreamConn struct {
248	conn
249
250	id uint64
251
252	registered bool
253	user *user
254	nick string
255	nickCM string
256	rawUsername string
257	networkName string
258	clientName string
259	realname string
260	hostname string
261	password string // empty after authentication
262	network *network // can be nil
263	isMultiUpstream bool
264
265	negotiatingCaps bool
266	capVersion int
267	supportedCaps map[string]string
268	caps map[string]bool
269
270	lastBatchRef uint64
271
272	monitored casemapMap
273
274	saslServer sasl.Server
275	}
276
277	func newDownstreamConn(srv Server, ic ircConn, id uint64) downstreamConn {
278	remoteAddr := ic.RemoteAddr().String()
279	logger := &prefixLogger{srv.Logger, fmt.Sprintf("downstream %q: ", remoteAddr)}
280	options := connOptions{Logger: logger}
281	dc := &downstreamConn{
282	conn: *newConn(srv, ic, &options),
283	id: id,
284	nick: "*",
285	nickCM: "*",
286	supportedCaps: make(map[string]string),
287	caps: make(map[string]bool),
288	monitored: newCasemapMap(0),
289	}
290	dc.hostname = remoteAddr
291	if host, _, err := net.SplitHostPort(dc.hostname); err == nil {
292	dc.hostname = host
293	}
294	for k, v := range permanentDownstreamCaps {
295	dc.supportedCaps[k] = v
296	}
297	// TODO: this is racy, we should only enable chathistory after
298	// authentication and then check that user.msgStore implements
299	// chatHistoryMessageStore
300	if srv.Config().LogPath != "" {
301	dc.supportedCaps["draft/chathistory"] = ""
302	}
303	return dc
304	}
305
306	func (dc downstreamConn) prefix() irc.Prefix {
307	return &irc.Prefix{
308	Name: dc.nick,
309	User: dc.user.Username,
310	Host: dc.hostname,
311	}
312	}
313
314	func (dc downstreamConn) forEachNetwork(f func(network)) {
315	if dc.network != nil {
316	f(dc.network)
317	} else if dc.isMultiUpstream {
318	dc.user.forEachNetwork(f)
319	}
320	}
321
322	func (dc downstreamConn) forEachUpstream(f func(upstreamConn)) {
323	if dc.network == nil && !dc.isMultiUpstream {
324	return
325	}
326	dc.user.forEachUpstream(func(uc *upstreamConn) {
327	if dc.network != nil && uc.network != dc.network {
328	return
329	}
330	f(uc)
331	})
332	}
333
334	// upstream returns the upstream connection, if any. If there are zero or if
335	// there are multiple upstream connections, it returns nil.
336	func (dc downstreamConn) upstream() upstreamConn {
337	if dc.network == nil {
338	return nil
339	}
340	return dc.network.conn
341	}
342
343	func isOurNick(net *network, nick string) bool {
344	// TODO: this doesn't account for nick changes
345	if net.conn != nil {
346	return net.casemap(nick) == net.conn.nickCM
347	}
348	// We're not currently connected to the upstream connection, so we don't
349	// know whether this name is our nickname. Best-effort: use the network's
350	// configured nickname and hope it was the one being used when we were
351	// connected.
352	return net.casemap(nick) == net.casemap(GetNick(&net.user.User, &net.Network))
353	}
354
355	// marshalEntity converts an upstream entity name (ie. channel or nick) into a
356	// downstream entity name.
357	//
358	// This involves adding a "/<network>" suffix if the entity isn't the current
359	// user.
360	func (dc downstreamConn) marshalEntity(net network, name string) string {
361	if isOurNick(net, name) {
362	return dc.nick
363	}
364	name = partialCasemap(net.casemap, name)
365	if dc.network != nil {
366	if dc.network != net {
367	panic("soju: tried to marshal an entity for another network")
368	}
369	return name
370	}
371	return name + "/" + net.GetName()
372	}
373
374	func (dc downstreamConn) marshalUserPrefix(net network, prefix irc.Prefix) irc.Prefix {
375	if isOurNick(net, prefix.Name) {
376	return dc.prefix()
377	}
378	prefix.Name = partialCasemap(net.casemap, prefix.Name)
379	if dc.network != nil {
380	if dc.network != net {
381	panic("soju: tried to marshal a user prefix for another network")
382	}
383	return prefix
384	}
385	return &irc.Prefix{
386	Name: prefix.Name + "/" + net.GetName(),
387	User: prefix.User,
388	Host: prefix.Host,
389	}
390	}
391
392	// unmarshalEntityNetwork converts a downstream entity name (ie. channel or
393	// nick) into an upstream entity name.
394	//
395	// This involves removing the "/<network>" suffix.
396	func (dc downstreamConn) unmarshalEntityNetwork(name string) (network, string, error) {
397	if dc.network != nil {
398	return dc.network, name, nil
399	}
400
401	var net *network
402	if i := strings.LastIndexByte(name, '/'); i >= 0 {
403	network := name[i+1:]
404	name = name[:i]
405
406	for _, n := range dc.user.networks {
407	if network == n.GetName() {
408	net = n
409	break
410	}
411	}
412	}
413
414	if net == nil {
415	return nil, "", ircError{&irc.Message{
416	Command: irc.ERR_NOSUCHCHANNEL,
417	Params: []string{name, "Missing network suffix in name"},
418	}}
419	}
420
421	return net, name, nil
422	}
423
424	// unmarshalEntity is the same as unmarshalEntityNetwork, but returns the
425	// upstream connection and fails if the upstream is disconnected.
426	func (dc downstreamConn) unmarshalEntity(name string) (upstreamConn, string, error) {
427	net, name, err := dc.unmarshalEntityNetwork(name)
428	if err != nil {
429	return nil, "", err
430	}
431
432	if net.conn == nil {
433	return nil, "", ircError{&irc.Message{
434	Command: irc.ERR_NOSUCHCHANNEL,
435	Params: []string{name, "Disconnected from upstream network"},
436	}}
437	}
438
439	return net.conn, name, nil
440	}
441
442	func (dc downstreamConn) unmarshalText(uc upstreamConn, text string) string {
443	if dc.upstream() != nil {
444	return text
445	}
446	// TODO: smarter parsing that ignores URLs
447	return strings.ReplaceAll(text, "/"+uc.network.GetName(), "")
448	}
449
450	func (dc downstreamConn) ReadMessage() (irc.Message, error) {
451	msg, err := dc.conn.ReadMessage()
452	if err != nil {
453	return nil, err
454	}
455	dc.srv.metrics.downstreamInMessagesTotal.Inc()
456	return msg, nil
457	}
458
459	func (dc *downstreamConn) readMessages(ch chan<- event) error {
460	for {
461	msg, err := dc.ReadMessage()
462	if errors.Is(err, io.EOF) {
463	break
464	} else if err != nil {
465	return fmt.Errorf("failed to read IRC command: %v", err)
466	}
467
468	ch <- eventDownstreamMessage{msg, dc}
469	}
470
471	return nil
472	}
473
474	// SendMessage sends an outgoing message.
475	//
476	// This can only called from the user goroutine.
477	func (dc downstreamConn) SendMessage(msg irc.Message) {
478	if !dc.caps["message-tags"] {
479	if msg.Command == "TAGMSG" {
480	return
481	}
482	msg = msg.Copy()
483	for name := range msg.Tags {
484	supported := false
485	switch name {
486	case "time":
487	supported = dc.caps["server-time"]
488	case "account":
489	supported = dc.caps["account"]
490	}
491	if !supported {
492	delete(msg.Tags, name)
493	}
494	}
495	}
496	if !dc.caps["batch"] && msg.Tags["batch"] != "" {
497	msg = msg.Copy()
498	delete(msg.Tags, "batch")
499	}
500	if msg.Command == "JOIN" && !dc.caps["extended-join"] {
501	msg.Params = msg.Params[:1]
502	}
503	if msg.Command == "SETNAME" && !dc.caps["setname"] {
504	return
505	}
506	if msg.Command == "AWAY" && !dc.caps["away-notify"] {
507	return
508	}
509	if msg.Command == "ACCOUNT" && !dc.caps["account-notify"] {
510	return
511	}
512
513	dc.srv.metrics.downstreamOutMessagesTotal.Inc()
514	dc.conn.SendMessage(msg)
515	}
516
517	func (dc *downstreamConn) SendBatch(typ string, params []string, tags irc.Tags, f func(batchRef irc.TagValue)) {
518	dc.lastBatchRef++
519	ref := fmt.Sprintf("%v", dc.lastBatchRef)
520
521	if dc.caps["batch"] {
522	dc.SendMessage(&irc.Message{
523	Tags: tags,
524	Prefix: dc.srv.prefix(),
525	Command: "BATCH",
526	Params: append([]string{"+" + ref, typ}, params...),
527	})
528	}
529
530	f(irc.TagValue(ref))
531
532	if dc.caps["batch"] {
533	dc.SendMessage(&irc.Message{
534	Prefix: dc.srv.prefix(),
535	Command: "BATCH",
536	Params: []string{"-" + ref},
537	})
538	}
539	}
540
541	// sendMessageWithID sends an outgoing message with the specified internal ID.
542	func (dc downstreamConn) sendMessageWithID(msg irc.Message, id string) {
543	dc.SendMessage(msg)
544
545	if id == "" \|\| !dc.messageSupportsBacklog(msg) {
546	return
547	}
548
549	dc.sendPing(id)
550	}
551
552	// advanceMessageWithID advances history to the specified message ID without
553	// sending a message. This is useful e.g. for self-messages when echo-message
554	// isn't enabled.
555	func (dc downstreamConn) advanceMessageWithID(msg irc.Message, id string) {
556	if id == "" \|\| !dc.messageSupportsBacklog(msg) {
557	return
558	}
559
560	dc.sendPing(id)
561	}
562
563	// ackMsgID acknowledges that a message has been received.
564	func (dc *downstreamConn) ackMsgID(id string) {
565	netID, entity, err := parseMsgID(id, nil)
566	if err != nil {
567	dc.logger.Printf("failed to ACK message ID %q: %v", id, err)
568	return
569	}
570
571	network := dc.user.getNetworkByID(netID)
572	if network == nil {
573	return
574	}
575
576	network.delivered.StoreID(entity, dc.clientName, id)
577	}
578
579	func (dc *downstreamConn) sendPing(msgID string) {
580	token := "soju-msgid-" + msgID
581	dc.SendMessage(&irc.Message{
582	Command: "PING",
583	Params: []string{token},
584	})
585	}
586
587	func (dc *downstreamConn) handlePong(token string) {
588	if !strings.HasPrefix(token, "soju-msgid-") {
589	dc.logger.Printf("received unrecognized PONG token %q", token)
590	return
591	}
592	msgID := strings.TrimPrefix(token, "soju-msgid-")
593	dc.ackMsgID(msgID)
594	}
595
596	// marshalMessage re-formats a message coming from an upstream connection so
597	// that it's suitable for being sent on this downstream connection. Only
598	// messages that may appear in logs are supported, except MODE messages which
599	// may only appear in single-upstream mode.
600	func (dc downstreamConn) marshalMessage(msg irc.Message, net network) irc.Message {
601	msg = msg.Copy()
602	msg.Prefix = dc.marshalUserPrefix(net, msg.Prefix)
603
604	if dc.network != nil {
605	return msg
606	}
607
608	switch msg.Command {
609	case "PRIVMSG", "NOTICE", "TAGMSG":
610	msg.Params[0] = dc.marshalEntity(net, msg.Params[0])
611	case "NICK":
612	// Nick change for another user
613	msg.Params[0] = dc.marshalEntity(net, msg.Params[0])
614	case "JOIN", "PART":
615	msg.Params[0] = dc.marshalEntity(net, msg.Params[0])
616	case "KICK":
617	msg.Params[0] = dc.marshalEntity(net, msg.Params[0])
618	msg.Params[1] = dc.marshalEntity(net, msg.Params[1])
619	case "TOPIC":
620	msg.Params[0] = dc.marshalEntity(net, msg.Params[0])
621	case "QUIT", "SETNAME":
622	// This space is intentionally left blank
623	default:
624	panic(fmt.Sprintf("unexpected %q message", msg.Command))
625	}
626
627	return msg
628	}
629
630	func (dc downstreamConn) handleMessage(ctx context.Context, msg irc.Message) error {
631	ctx, cancel := dc.conn.NewContext(ctx)
632	defer cancel()
633
634	ctx, cancel = context.WithTimeout(ctx, handleDownstreamMessageTimeout)
635	defer cancel()
636
637	switch msg.Command {
638	case "QUIT":
639	return dc.Close()
640	default:
641	if dc.registered {
642	return dc.handleMessageRegistered(ctx, msg)
643	} else {
644	return dc.handleMessageUnregistered(ctx, msg)
645	}
646	}
647	}
648
649	func (dc downstreamConn) handleMessageUnregistered(ctx context.Context, msg irc.Message) error {
650	switch msg.Command {
651	case "NICK":
652	var nick string
653	if err := parseMessageParams(msg, &nick); err != nil {
654	return err
655	}
656	if nick == "" \|\| strings.ContainsAny(nick, illegalNickChars) {
657	return ircError{&irc.Message{
658	Command: irc.ERR_ERRONEUSNICKNAME,
659	Params: []string{dc.nick, nick, "contains illegal characters"},
660	}}
661	}
662	nickCM := casemapASCII(nick)
663	if nickCM == serviceNickCM {
664	return ircError{&irc.Message{
665	Command: irc.ERR_NICKNAMEINUSE,
666	Params: []string{dc.nick, nick, "Nickname reserved for bouncer service"},
667	}}
668	}
669	dc.nick = nick
670	dc.nickCM = nickCM
671	case "USER":
672	if err := parseMessageParams(msg, &dc.rawUsername, nil, nil, &dc.realname); err != nil {
673	return err
674	}
675	case "PASS":
676	if err := parseMessageParams(msg, &dc.password); err != nil {
677	return err
678	}
679	case "CAP":
680	var subCmd string
681	if err := parseMessageParams(msg, &subCmd); err != nil {
682	return err
683	}
684	if err := dc.handleCapCommand(subCmd, msg.Params[1:]); err != nil {
685	return err
686	}
687	case "AUTHENTICATE":
688	if !dc.caps["sasl"] {
689	return ircError{&irc.Message{
690	Prefix: dc.srv.prefix(),
691	Command: irc.ERR_SASLFAIL,
692	Params: []string{"*", "AUTHENTICATE requires the \"sasl\" capability to be enabled"},
693	}}
694	}
695	if len(msg.Params) == 0 {
696	return ircError{&irc.Message{
697	Prefix: dc.srv.prefix(),
698	Command: irc.ERR_SASLFAIL,
699	Params: []string{"*", "Missing AUTHENTICATE argument"},
700	}}
701	}
702
703	var resp []byte
704	if msg.Params[0] == "*" {
705	dc.saslServer = nil
706	return ircError{&irc.Message{
707	Prefix: dc.srv.prefix(),
708	Command: irc.ERR_SASLABORTED,
709	Params: []string{"*", "SASL authentication aborted"},
710	}}
711	} else if dc.saslServer == nil {
712	mech := strings.ToUpper(msg.Params[0])
713	switch mech {
714	case "PLAIN":
715	dc.saslServer = sasl.NewPlainServer(sasl.PlainAuthenticator(func(identity, username, password string) error {
716	// TODO: we can't use the command context here, because it
717	// gets cancelled once the command handler returns. SASL
718	// might take multiple AUTHENTICATE commands to complete.
719	return dc.authenticate(context.TODO(), username, password)
720	}))
721	default:
722	return ircError{&irc.Message{
723	Prefix: dc.srv.prefix(),
724	Command: irc.ERR_SASLFAIL,
725	Params: []string{"*", fmt.Sprintf("Unsupported SASL mechanism %q", mech)},
726	}}
727	}
728	} else if msg.Params[0] == "+" {
729	resp = nil
730	} else {
731	// TODO: multi-line messages
732	var err error
733	resp, err = base64.StdEncoding.DecodeString(msg.Params[0])
734	if err != nil {
735	dc.saslServer = nil
736	return ircError{&irc.Message{
737	Prefix: dc.srv.prefix(),
738	Command: irc.ERR_SASLFAIL,
739	Params: []string{"*", "Invalid base64-encoded response"},
740	}}
741	}
742	}
743
744	challenge, done, err := dc.saslServer.Next(resp)
745	if err != nil {
746	dc.saslServer = nil
747	if ircErr, ok := err.(ircError); ok && ircErr.Message.Command == irc.ERR_PASSWDMISMATCH {
748	return ircError{&irc.Message{
749	Prefix: dc.srv.prefix(),
750	Command: irc.ERR_SASLFAIL,
751	Params: []string{"*", ircErr.Message.Params[1]},
752	}}
753	}
754	dc.SendMessage(&irc.Message{
755	Prefix: dc.srv.prefix(),
756	Command: irc.ERR_SASLFAIL,
757	Params: []string{"*", "SASL error"},
758	})
759	return fmt.Errorf("SASL authentication failed: %v", err)
760	} else if done {
761	dc.saslServer = nil
762	dc.SendMessage(&irc.Message{
763	Prefix: dc.srv.prefix(),
764	Command: irc.RPL_LOGGEDIN,
765	Params: []string{dc.nick, dc.prefix().String(), dc.user.Username, "You are now logged in"},
766	})
767	dc.SendMessage(&irc.Message{
768	Prefix: dc.srv.prefix(),
769	Command: irc.RPL_SASLSUCCESS,
770	Params: []string{dc.nick, "SASL authentication successful"},
771	})
772	} else {
773	challengeStr := "+"
774	if len(challenge) > 0 {
775	challengeStr = base64.StdEncoding.EncodeToString(challenge)
776	}
777
778	// TODO: multi-line messages
779	dc.SendMessage(&irc.Message{
780	Prefix: dc.srv.prefix(),
781	Command: "AUTHENTICATE",
782	Params: []string{challengeStr},
783	})
784	}
785	case "BOUNCER":
786	var subcommand string
787	if err := parseMessageParams(msg, &subcommand); err != nil {
788	return err
789	}
790
791	switch strings.ToUpper(subcommand) {
792	case "BIND":
793	var idStr string
794	if err := parseMessageParams(msg, nil, &idStr); err != nil {
795	return err
796	}
797
798	if dc.user == nil {
799	return ircError{&irc.Message{
800	Command: "FAIL",
801	Params: []string{"BOUNCER", "ACCOUNT_REQUIRED", "BIND", "Authentication needed to bind to bouncer network"},
802	}}
803	}
804
805	id, err := parseBouncerNetID(subcommand, idStr)
806	if err != nil {
807	return err
808	}
809
810	var match *network
811	dc.user.forEachNetwork(func(net *network) {
812	if net.ID == id {
813	match = net
814	}
815	})
816	if match == nil {
817	return ircError{&irc.Message{
818	Command: "FAIL",
819	Params: []string{"BOUNCER", "INVALID_NETID", idStr, "Unknown network ID"},
820	}}
821	}
822
823	dc.networkName = match.GetName()
824	}
825	default:
826	dc.logger.Printf("unhandled message: %v", msg)
827	return newUnknownCommandError(msg.Command)
828	}
829	if dc.rawUsername != "" && dc.nick != "*" && !dc.negotiatingCaps {
830	return dc.register(ctx)
831	}
832	return nil
833	}
834
835	func (dc *downstreamConn) handleCapCommand(cmd string, args []string) error {
836	cmd = strings.ToUpper(cmd)
837
838	switch cmd {
839	case "LS":
840	if len(args) > 0 {
841	var err error
842	if dc.capVersion, err = strconv.Atoi(args[0]); err != nil {
843	return err
844	}
845	}
846	if !dc.registered && dc.capVersion >= 302 {
847	// Let downstream show everything it supports, and trim
848	// down the available capabilities when upstreams are
849	// known.
850	for k, v := range needAllDownstreamCaps {
851	dc.supportedCaps[k] = v
852	}
853	}
854
855	caps := make([]string, 0, len(dc.supportedCaps))
856	for k, v := range dc.supportedCaps {
857	if dc.capVersion >= 302 && v != "" {
858	caps = append(caps, k+"="+v)
859	} else {
860	caps = append(caps, k)
861	}
862	}
863
864	// TODO: multi-line replies
865	dc.SendMessage(&irc.Message{
866	Prefix: dc.srv.prefix(),
867	Command: "CAP",
868	Params: []string{dc.nick, "LS", strings.Join(caps, " ")},
869	})
870
871	if dc.capVersion >= 302 {
872	// CAP version 302 implicitly enables cap-notify
873	dc.caps["cap-notify"] = true
874	}
875
876	if !dc.registered {
877	dc.negotiatingCaps = true
878	}
879	case "LIST":
880	var caps []string
881	for name, enabled := range dc.caps {
882	if enabled {
883	caps = append(caps, name)
884	}
885	}
886
887	// TODO: multi-line replies
888	dc.SendMessage(&irc.Message{
889	Prefix: dc.srv.prefix(),
890	Command: "CAP",
891	Params: []string{dc.nick, "LIST", strings.Join(caps, " ")},
892	})
893	case "REQ":
894	if len(args) == 0 {
895	return ircError{&irc.Message{
896	Command: err_invalidcapcmd,
897	Params: []string{dc.nick, cmd, "Missing argument in CAP REQ command"},
898	}}
899	}
900
901	// TODO: atomically ack/nak the whole capability set
902	caps := strings.Fields(args[0])
903	ack := true
904	for _, name := range caps {
905	name = strings.ToLower(name)
906	enable := !strings.HasPrefix(name, "-")
907	if !enable {
908	name = strings.TrimPrefix(name, "-")
909	}
910
911	if enable == dc.caps[name] {
912	continue
913	}
914
915	_, ok := dc.supportedCaps[name]
916	if !ok {
917	ack = false
918	break
919	}
920
921	if name == "cap-notify" && dc.capVersion >= 302 && !enable {
922	// cap-notify cannot be disabled with CAP version 302
923	ack = false
924	break
925	}
926
927	dc.caps[name] = enable
928	}
929
930	reply := "NAK"
931	if ack {
932	reply = "ACK"
933	}
934	dc.SendMessage(&irc.Message{
935	Prefix: dc.srv.prefix(),
936	Command: "CAP",
937	Params: []string{dc.nick, reply, args[0]},
938	})
939
940	if !dc.registered {
941	dc.negotiatingCaps = true
942	}
943	case "END":
944	dc.negotiatingCaps = false
945	default:
946	return ircError{&irc.Message{
947	Command: err_invalidcapcmd,
948	Params: []string{dc.nick, cmd, "Unknown CAP command"},
949	}}
950	}
951	return nil
952	}
953
954	func (dc *downstreamConn) setSupportedCap(name, value string) {
955	prevValue, hasPrev := dc.supportedCaps[name]
956	changed := !hasPrev \|\| prevValue != value
957	dc.supportedCaps[name] = value
958
959	if !dc.caps["cap-notify"] \|\| !changed {
960	return
961	}
962
963	cap := name
964	if value != "" && dc.capVersion >= 302 {
965	cap = name + "=" + value
966	}
967
968	dc.SendMessage(&irc.Message{
969	Prefix: dc.srv.prefix(),
970	Command: "CAP",
971	Params: []string{dc.nick, "NEW", cap},
972	})
973	}
974
975	func (dc *downstreamConn) unsetSupportedCap(name string) {
976	_, hasPrev := dc.supportedCaps[name]
977	delete(dc.supportedCaps, name)
978	delete(dc.caps, name)
979
980	if !dc.caps["cap-notify"] \|\| !hasPrev {
981	return
982	}
983
984	dc.SendMessage(&irc.Message{
985	Prefix: dc.srv.prefix(),
986	Command: "CAP",
987	Params: []string{dc.nick, "DEL", name},
988	})
989	}
990
991	func (dc *downstreamConn) updateSupportedCaps() {
992	supportedCaps := make(map[string]bool)
993	for cap := range needAllDownstreamCaps {
994	supportedCaps[cap] = true
995	}
996	dc.forEachUpstream(func(uc *upstreamConn) {
997	for cap, supported := range supportedCaps {
998	supportedCaps[cap] = supported && uc.caps[cap]
999	}
1000	})
1001
1002	for cap, supported := range supportedCaps {
1003	if supported {
1004	dc.setSupportedCap(cap, needAllDownstreamCaps[cap])
1005	} else {
1006	dc.unsetSupportedCap(cap)
1007	}
1008	}
1009
1010	if _, ok := dc.user.msgStore.(chatHistoryMessageStore); ok && dc.network != nil {
1011	dc.setSupportedCap("draft/event-playback", "")
1012	} else {
1013	dc.unsetSupportedCap("draft/event-playback")
1014	}
1015	}
1016
1017	func (dc *downstreamConn) updateNick() {
1018	if uc := dc.upstream(); uc != nil && uc.nick != dc.nick {
1019	dc.SendMessage(&irc.Message{
1020	Prefix: dc.prefix(),
1021	Command: "NICK",
1022	Params: []string{uc.nick},
1023	})
1024	dc.nick = uc.nick
1025	dc.nickCM = casemapASCII(dc.nick)
1026	}
1027	}
1028
1029	func (dc *downstreamConn) updateRealname() {
1030	if uc := dc.upstream(); uc != nil && uc.realname != dc.realname && dc.caps["setname"] {
1031	dc.SendMessage(&irc.Message{
1032	Prefix: dc.prefix(),
1033	Command: "SETNAME",
1034	Params: []string{uc.realname},
1035	})
1036	dc.realname = uc.realname
1037	}
1038	}
1039
1040	func sanityCheckServer(ctx context.Context, addr string) error {
1041	ctx, cancel := context.WithTimeout(ctx, 15*time.Second)
1042	defer cancel()
1043
1044	conn, err := new(tls.Dialer).DialContext(ctx, "tcp", addr)
1045	if err != nil {
1046	return err
1047	}
1048
1049	return conn.Close()
1050	}
1051
1052	func unmarshalUsername(rawUsername string) (username, client, network string) {
1053	username = rawUsername
1054
1055	i := strings.IndexAny(username, "/@")
1056	j := strings.LastIndexAny(username, "/@")
1057	if i >= 0 {
1058	username = rawUsername[:i]
1059	}
1060	if j >= 0 {
1061	if rawUsername[j] == '@' {
1062	client = rawUsername[j+1:]
1063	} else {
1064	network = rawUsername[j+1:]
1065	}
1066	}
1067	if i >= 0 && j >= 0 && i < j {
1068	if rawUsername[i] == '@' {
1069	client = rawUsername[i+1 : j]
1070	} else {
1071	network = rawUsername[i+1 : j]
1072	}
1073	}
1074
1075	return username, client, network
1076	}
1077
1078	func (dc *downstreamConn) authenticate(ctx context.Context, username, password string) error {
1079	username, clientName, networkName := unmarshalUsername(username)
1080
1081	u, err := dc.srv.db.GetUser(ctx, username)
1082	if err != nil {
1083	dc.logger.Printf("failed authentication for %q: user not found: %v", username, err)
1084	return errAuthFailed
1085	}
1086
1087	// Password auth disabled
1088	if u.Password == "" {
1089	return errAuthFailed
1090	}
1091
1092	err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password))
1093	if err != nil {
1094	dc.logger.Printf("failed authentication for %q: wrong password: %v", username, err)
1095	return errAuthFailed
1096	}
1097
1098	dc.user = dc.srv.getUser(username)
1099	if dc.user == nil {
1100	dc.logger.Printf("failed authentication for %q: user not active", username)
1101	return errAuthFailed
1102	}
1103	dc.clientName = clientName
1104	dc.networkName = networkName
1105	return nil
1106	}
1107
1108	func (dc *downstreamConn) register(ctx context.Context) error {
1109	if dc.registered {
1110	return fmt.Errorf("tried to register twice")
1111	}
1112
1113	if dc.saslServer != nil {
1114	dc.saslServer = nil
1115	dc.SendMessage(&irc.Message{
1116	Prefix: dc.srv.prefix(),
1117	Command: irc.ERR_SASLABORTED,
1118	Params: []string{"*", "SASL authentication aborted"},
1119	})
1120	}
1121
1122	password := dc.password
1123	dc.password = ""
1124	if dc.user == nil {
1125	if err := dc.authenticate(ctx, dc.rawUsername, password); err != nil {
1126	return err
1127	}
1128	}
1129
1130	if dc.clientName == "" && dc.networkName == "" {
1131	_, dc.clientName, dc.networkName = unmarshalUsername(dc.rawUsername)
1132	}
1133
1134	dc.registered = true
1135	dc.logger.Printf("registration complete for user %q", dc.user.Username)
1136	return nil
1137	}
1138
1139	func (dc *downstreamConn) loadNetwork(ctx context.Context) error {
1140	if dc.networkName == "" {
1141	return nil
1142	}
1143
1144	network := dc.user.getNetwork(dc.networkName)
1145	if network == nil {
1146	addr := dc.networkName
1147	if !strings.ContainsRune(addr, ':') {
1148	addr = addr + ":6697"
1149	}
1150
1151	dc.logger.Printf("trying to connect to new network %q", addr)
1152	if err := sanityCheckServer(ctx, addr); err != nil {
1153	dc.logger.Printf("failed to connect to %q: %v", addr, err)
1154	return ircError{&irc.Message{
1155	Command: irc.ERR_PASSWDMISMATCH,
1156	Params: []string{"*", fmt.Sprintf("Failed to connect to %q", dc.networkName)},
1157	}}
1158	}
1159
1160	// Some clients only allow specifying the nickname (and use the
1161	// nickname as a username too). Strip the network name from the
1162	// nickname when auto-saving networks.
1163	nick, _, _ := unmarshalUsername(dc.nick)
1164
1165	dc.logger.Printf("auto-saving network %q", dc.networkName)
1166	var err error
1167	network, err = dc.user.createNetwork(ctx, &Network{
1168	Addr: dc.networkName,
1169	Nick: nick,
1170	Enabled: true,
1171	})
1172	if err != nil {
1173	return err
1174	}
1175	}
1176
1177	dc.network = network
1178	return nil
1179	}
1180
1181	func (dc *downstreamConn) welcome(ctx context.Context) error {
1182	if dc.user == nil \|\| !dc.registered {
1183	panic("tried to welcome an unregistered connection")
1184	}
1185
1186	// TODO: doing this might take some time. We should do it in dc.register
1187	// instead, but we'll potentially be adding a new network and this must be
1188	// done in the user goroutine.
1189	if err := dc.loadNetwork(ctx); err != nil {
1190	return err
1191	}
1192
1193	if dc.network == nil && !dc.caps["soju.im/bouncer-networks"] && dc.srv.Config().MultiUpstream {
1194	dc.isMultiUpstream = true
1195	}
1196
1197	dc.updateSupportedCaps()
1198
1199	isupport := []string{
1200	fmt.Sprintf("CHATHISTORY=%v", chatHistoryLimit),
1201	"CASEMAPPING=ascii",
1202	}
1203
1204	if dc.network != nil {
1205	isupport = append(isupport, fmt.Sprintf("BOUNCER_NETID=%v", dc.network.ID))
1206	}
1207	if title := dc.srv.Config().Title; dc.network == nil && title != "" {
1208	isupport = append(isupport, "NETWORK="+encodeISUPPORT(title))
1209	}
1210	if dc.network == nil && !dc.isMultiUpstream {
1211	isupport = append(isupport, "WHOX")
1212	}
1213
1214	if uc := dc.upstream(); uc != nil {
1215	for k := range passthroughIsupport {
1216	v, ok := uc.isupport[k]
1217	if !ok {
1218	continue
1219	}
1220	if v != nil {
1221	isupport = append(isupport, fmt.Sprintf("%v=%v", k, *v))
1222	} else {
1223	isupport = append(isupport, k)
1224	}
1225	}
1226	}
1227
1228	dc.SendMessage(&irc.Message{
1229	Prefix: dc.srv.prefix(),
1230	Command: irc.RPL_WELCOME,
1231	Params: []string{dc.nick, "Welcome to soju, " + dc.nick},
1232	})
1233	dc.SendMessage(&irc.Message{
1234	Prefix: dc.srv.prefix(),
1235	Command: irc.RPL_YOURHOST,
1236	Params: []string{dc.nick, "Your host is " + dc.srv.Config().Hostname},
1237	})
1238	dc.SendMessage(&irc.Message{
1239	Prefix: dc.srv.prefix(),
1240	Command: irc.RPL_MYINFO,
1241	Params: []string{dc.nick, dc.srv.Config().Hostname, "soju", "aiwroO", "OovaimnqpsrtklbeI"},
1242	})
1243	for _, msg := range generateIsupport(dc.srv.prefix(), dc.nick, isupport) {
1244	dc.SendMessage(msg)
1245	}
1246	if uc := dc.upstream(); uc != nil {
1247	dc.SendMessage(&irc.Message{
1248	Prefix: dc.srv.prefix(),
1249	Command: irc.RPL_UMODEIS,
1250	Params: []string{dc.nick, "+" + string(uc.modes)},
1251	})
1252	}
1253	if dc.network == nil && !dc.isMultiUpstream && dc.user.Admin {
1254	dc.SendMessage(&irc.Message{
1255	Prefix: dc.srv.prefix(),
1256	Command: irc.RPL_UMODEIS,
1257	Params: []string{dc.nick, "+o"},
1258	})
1259	}
1260
1261	dc.updateNick()
1262	dc.updateRealname()
1263
1264	if motd := dc.user.srv.Config().MOTD; motd != "" && dc.network == nil {
1265	for _, msg := range generateMOTD(dc.srv.prefix(), dc.nick, motd) {
1266	dc.SendMessage(msg)
1267	}
1268	} else {
1269	motdHint := "No MOTD"
1270	if dc.network != nil {
1271	motdHint = "Use /motd to read the message of the day"
1272	}
1273	dc.SendMessage(&irc.Message{
1274	Prefix: dc.srv.prefix(),
1275	Command: irc.ERR_NOMOTD,
1276	Params: []string{dc.nick, motdHint},
1277	})
1278	}
1279
1280	if dc.caps["soju.im/bouncer-networks-notify"] {
1281	dc.SendBatch("soju.im/bouncer-networks", nil, nil, func(batchRef irc.TagValue) {
1282	dc.user.forEachNetwork(func(network *network) {
1283	idStr := fmt.Sprintf("%v", network.ID)
1284	attrs := getNetworkAttrs(network)
1285	dc.SendMessage(&irc.Message{
1286	Tags: irc.Tags{"batch": batchRef},
1287	Prefix: dc.srv.prefix(),
1288	Command: "BOUNCER",
1289	Params: []string{"NETWORK", idStr, attrs.String()},
1290	})
1291	})
1292	})
1293	}
1294
1295	dc.forEachUpstream(func(uc *upstreamConn) {
1296	for _, entry := range uc.channels.innerMap {
1297	ch := entry.value.(*upstreamChannel)
1298	if !ch.complete {
1299	continue
1300	}
1301	record := uc.network.channels.Value(ch.Name)
1302	if record != nil && record.Detached {
1303	continue
1304	}
1305
1306	dc.SendMessage(&irc.Message{
1307	Prefix: dc.prefix(),
1308	Command: "JOIN",
1309	Params: []string{dc.marshalEntity(ch.conn.network, ch.Name)},
1310	})
1311
1312	forwardChannel(dc, ch)
1313	}
1314	})
1315
1316	dc.forEachNetwork(func(net *network) {
1317	if dc.caps["draft/chathistory"] \|\| dc.user.msgStore == nil {
1318	return
1319	}
1320
1321	// Only send history if we're the first connected client with that name
1322	// for the network
1323	firstClient := true
1324	dc.user.forEachDownstream(func(c *downstreamConn) {
1325	if c != dc && c.clientName == dc.clientName && c.network == dc.network {
1326	firstClient = false
1327	}
1328	})
1329	if firstClient {
1330	net.delivered.ForEachTarget(func(target string) {
1331	lastDelivered := net.delivered.LoadID(target, dc.clientName)
1332	if lastDelivered == "" {
1333	return
1334	}
1335
1336	dc.sendTargetBacklog(ctx, net, target, lastDelivered)
1337
1338	// Fast-forward history to last message
1339	targetCM := net.casemap(target)
1340	lastID, err := dc.user.msgStore.LastMsgID(&net.Network, targetCM, time.Now())
1341	if err != nil {
1342	dc.logger.Printf("failed to get last message ID: %v", err)
1343	return
1344	}
1345	net.delivered.StoreID(target, dc.clientName, lastID)
1346	})
1347	}
1348	})
1349
1350	return nil
1351	}
1352
1353	// messageSupportsBacklog checks whether the provided message can be sent as
1354	// part of an history batch.
1355	func (dc downstreamConn) messageSupportsBacklog(msg irc.Message) bool {
1356	// Don't replay all messages, because that would mess up client
1357	// state. For instance we just sent the list of users, sending
1358	// PART messages for one of these users would be incorrect.
1359	switch msg.Command {
1360	case "PRIVMSG", "NOTICE":
1361	return true
1362	}
1363	return false
1364	}
1365
1366	func (dc downstreamConn) sendTargetBacklog(ctx context.Context, net network, target, msgID string) {
1367	if dc.caps["draft/chathistory"] \|\| dc.user.msgStore == nil {
1368	return
1369	}
1370
1371	ch := net.channels.Value(target)
1372
1373	ctx, cancel := context.WithTimeout(ctx, backlogTimeout)
1374	defer cancel()
1375
1376	targetCM := net.casemap(target)
1377	history, err := dc.user.msgStore.LoadLatestID(ctx, &net.Network, targetCM, msgID, backlogLimit)
1378	if err != nil {
1379	dc.logger.Printf("failed to send backlog for %q: %v", target, err)
1380	return
1381	}
1382
1383	dc.SendBatch("chathistory", []string{dc.marshalEntity(net, target)}, nil, func(batchRef irc.TagValue) {
1384	for _, msg := range history {
1385	if ch != nil && ch.Detached {
1386	if net.detachedMessageNeedsRelay(ch, msg) {
1387	dc.relayDetachedMessage(net, msg)
1388	}
1389	} else {
1390	msg.Tags["batch"] = batchRef
1391	dc.SendMessage(dc.marshalMessage(msg, net))
1392	}
1393	}
1394	})
1395	}
1396
1397	func (dc downstreamConn) relayDetachedMessage(net network, msg *irc.Message) {
1398	if msg.Command != "PRIVMSG" && msg.Command != "NOTICE" {
1399	return
1400	}
1401
1402	sender := msg.Prefix.Name
1403	target, text := msg.Params[0], msg.Params[1]
1404	if net.isHighlight(msg) {
1405	sendServiceNOTICE(dc, fmt.Sprintf("highlight in %v: <%v> %v", dc.marshalEntity(net, target), sender, text))
1406	} else {
1407	sendServiceNOTICE(dc, fmt.Sprintf("message in %v: <%v> %v", dc.marshalEntity(net, target), sender, text))
1408	}
1409	}
1410
1411	func (dc *downstreamConn) runUntilRegistered() error {
1412	ctx, cancel := context.WithTimeout(context.TODO(), downstreamRegisterTimeout)
1413	defer cancel()
1414
1415	// Close the connection with an error if the deadline is exceeded
1416	go func() {
1417	<-ctx.Done()
1418	if err := ctx.Err(); err == context.DeadlineExceeded {
1419	dc.SendMessage(&irc.Message{
1420	Prefix: dc.srv.prefix(),
1421	Command: "ERROR",
1422	Params: []string{"Connection registration timed out"},
1423	})
1424	dc.Close()
1425	}
1426	}()
1427
1428	for !dc.registered {
1429	msg, err := dc.ReadMessage()
1430	if err != nil {
1431	return fmt.Errorf("failed to read IRC command: %w", err)
1432	}
1433
1434	err = dc.handleMessage(ctx, msg)
1435	if ircErr, ok := err.(ircError); ok {
1436	ircErr.Message.Prefix = dc.srv.prefix()
1437	dc.SendMessage(ircErr.Message)
1438	} else if err != nil {
1439	return fmt.Errorf("failed to handle IRC command %q: %v", msg, err)
1440	}
1441	}
1442
1443	return nil
1444	}
1445
1446	func (dc downstreamConn) handleMessageRegistered(ctx context.Context, msg irc.Message) error {
1447	switch msg.Command {
1448	case "CAP":
1449	var subCmd string
1450	if err := parseMessageParams(msg, &subCmd); err != nil {
1451	return err
1452	}
1453	if err := dc.handleCapCommand(subCmd, msg.Params[1:]); err != nil {
1454	return err
1455	}
1456	case "PING":
1457	var source, destination string
1458	if err := parseMessageParams(msg, &source); err != nil {
1459	return err
1460	}
1461	if len(msg.Params) > 1 {
1462	destination = msg.Params[1]
1463	}
1464	hostname := dc.srv.Config().Hostname
1465	if destination != "" && destination != hostname {
1466	return ircError{&irc.Message{
1467	Command: irc.ERR_NOSUCHSERVER,
1468	Params: []string{dc.nick, destination, "No such server"},
1469	}}
1470	}
1471	dc.SendMessage(&irc.Message{
1472	Prefix: dc.srv.prefix(),
1473	Command: "PONG",
1474	Params: []string{hostname, source},
1475	})
1476	return nil
1477	case "PONG":
1478	if len(msg.Params) == 0 {
1479	return newNeedMoreParamsError(msg.Command)
1480	}
1481	token := msg.Params[len(msg.Params)-1]
1482	dc.handlePong(token)
1483	case "USER":
1484	return ircError{&irc.Message{
1485	Command: irc.ERR_ALREADYREGISTERED,
1486	Params: []string{dc.nick, "You may not reregister"},
1487	}}
1488	case "NICK":
1489	var rawNick string
1490	if err := parseMessageParams(msg, &rawNick); err != nil {
1491	return err
1492	}
1493
1494	nick := rawNick
1495	var upstream *upstreamConn
1496	if dc.upstream() == nil {
1497	uc, unmarshaledNick, err := dc.unmarshalEntity(nick)
1498	if err == nil { // NICK nick/network: NICK only on a specific upstream
1499	upstream = uc
1500	nick = unmarshaledNick
1501	}
1502	}
1503
1504	if nick == "" \|\| strings.ContainsAny(nick, illegalNickChars) {
1505	return ircError{&irc.Message{
1506	Command: irc.ERR_ERRONEUSNICKNAME,
1507	Params: []string{dc.nick, rawNick, "contains illegal characters"},
1508	}}
1509	}
1510	if casemapASCII(nick) == serviceNickCM {
1511	return ircError{&irc.Message{
1512	Command: irc.ERR_NICKNAMEINUSE,
1513	Params: []string{dc.nick, rawNick, "Nickname reserved for bouncer service"},
1514	}}
1515	}
1516
1517	var err error
1518	dc.forEachNetwork(func(n *network) {
1519	if err != nil \|\| (upstream != nil && upstream.network != n) {
1520	return
1521	}
1522	n.Nick = nick
1523	err = dc.srv.db.StoreNetwork(ctx, dc.user.ID, &n.Network)
1524	})
1525	if err != nil {
1526	return err
1527	}
1528
1529	dc.forEachUpstream(func(uc *upstreamConn) {
1530	if upstream != nil && upstream != uc {
1531	return
1532	}
1533	uc.SendMessageLabeled(dc.id, &irc.Message{
1534	Command: "NICK",
1535	Params: []string{nick},
1536	})
1537	})
1538
1539	if dc.upstream() == nil && upstream == nil && dc.nick != nick {
1540	dc.SendMessage(&irc.Message{
1541	Prefix: dc.prefix(),
1542	Command: "NICK",
1543	Params: []string{nick},
1544	})
1545	dc.nick = nick
1546	dc.nickCM = casemapASCII(dc.nick)
1547	}
1548	case "SETNAME":
1549	var realname string
1550	if err := parseMessageParams(msg, &realname); err != nil {
1551	return err
1552	}
1553
1554	// If the client just resets to the default, just wipe the per-network
1555	// preference
1556	storeRealname := realname
1557	if realname == dc.user.Realname {
1558	storeRealname = ""
1559	}
1560
1561	var storeErr error
1562	var needUpdate []Network
1563	dc.forEachNetwork(func(n *network) {
1564	// We only need to call updateNetwork for upstreams that don't
1565	// support setname
1566	if uc := n.conn; uc != nil && uc.caps["setname"] {
1567	uc.SendMessageLabeled(dc.id, &irc.Message{
1568	Command: "SETNAME",
1569	Params: []string{realname},
1570	})
1571
1572	n.Realname = storeRealname
1573	if err := dc.srv.db.StoreNetwork(ctx, dc.user.ID, &n.Network); err != nil {
1574	dc.logger.Printf("failed to store network realname: %v", err)
1575	storeErr = err
1576	}
1577	return
1578	}
1579
1580	record := n.Network // copy network record because we'll mutate it
1581	record.Realname = storeRealname
1582	needUpdate = append(needUpdate, record)
1583	})
1584
1585	// Walk the network list as a second step, because updateNetwork
1586	// mutates the original list
1587	for _, record := range needUpdate {
1588	if _, err := dc.user.updateNetwork(ctx, &record); err != nil {
1589	dc.logger.Printf("failed to update network realname: %v", err)
1590	storeErr = err
1591	}
1592	}
1593	if storeErr != nil {
1594	return ircError{&irc.Message{
1595	Command: "FAIL",
1596	Params: []string{"SETNAME", "CANNOT_CHANGE_REALNAME", "Failed to update realname"},
1597	}}
1598	}
1599
1600	if dc.upstream() == nil {
1601	dc.SendMessage(&irc.Message{
1602	Prefix: dc.prefix(),
1603	Command: "SETNAME",
1604	Params: []string{realname},
1605	})
1606	}
1607	case "JOIN":
1608	var namesStr string
1609	if err := parseMessageParams(msg, &namesStr); err != nil {
1610	return err
1611	}
1612
1613	var keys []string
1614	if len(msg.Params) > 1 {
1615	keys = strings.Split(msg.Params[1], ",")
1616	}
1617
1618	for i, name := range strings.Split(namesStr, ",") {
1619	uc, upstreamName, err := dc.unmarshalEntity(name)
1620	if err != nil {
1621	return err
1622	}
1623
1624	var key string
1625	if len(keys) > i {
1626	key = keys[i]
1627	}
1628
1629	if !uc.isChannel(upstreamName) {
1630	dc.SendMessage(&irc.Message{
1631	Prefix: dc.srv.prefix(),
1632	Command: irc.ERR_NOSUCHCHANNEL,
1633	Params: []string{name, "Not a channel name"},
1634	})
1635	continue
1636	}
1637
1638	params := []string{upstreamName}
1639	if key != "" {
1640	params = append(params, key)
1641	}
1642	uc.SendMessageLabeled(dc.id, &irc.Message{
1643	Command: "JOIN",
1644	Params: params,
1645	})
1646
1647	ch := uc.network.channels.Value(upstreamName)
1648	if ch != nil {
1649	// Don't clear the channel key if there's one set
1650	// TODO: add a way to unset the channel key
1651	if key != "" {
1652	ch.Key = key
1653	}
1654	uc.network.attach(ch)
1655	} else {
1656	ch = &Channel{
1657	Name: upstreamName,
1658	Key: key,
1659	}
1660	uc.network.channels.SetValue(upstreamName, ch)
1661	}
1662	if err := dc.srv.db.StoreChannel(ctx, uc.network.ID, ch); err != nil {
1663	dc.logger.Printf("failed to create or update channel %q: %v", upstreamName, err)
1664	}
1665	}
1666	case "PART":
1667	var namesStr string
1668	if err := parseMessageParams(msg, &namesStr); err != nil {
1669	return err
1670	}
1671
1672	var reason string
1673	if len(msg.Params) > 1 {
1674	reason = msg.Params[1]
1675	}
1676
1677	for _, name := range strings.Split(namesStr, ",") {
1678	uc, upstreamName, err := dc.unmarshalEntity(name)
1679	if err != nil {
1680	return err
1681	}
1682
1683	if strings.EqualFold(reason, "detach") {
1684	ch := uc.network.channels.Value(upstreamName)
1685	if ch != nil {
1686	uc.network.detach(ch)
1687	} else {
1688	ch = &Channel{
1689	Name: name,
1690	Detached: true,
1691	}
1692	uc.network.channels.SetValue(upstreamName, ch)
1693	}
1694	if err := dc.srv.db.StoreChannel(ctx, uc.network.ID, ch); err != nil {
1695	dc.logger.Printf("failed to create or update channel %q: %v", upstreamName, err)
1696	}
1697	} else {
1698	params := []string{upstreamName}
1699	if reason != "" {
1700	params = append(params, reason)
1701	}
1702	uc.SendMessageLabeled(dc.id, &irc.Message{
1703	Command: "PART",
1704	Params: params,
1705	})
1706
1707	if err := uc.network.deleteChannel(ctx, upstreamName); err != nil {
1708	dc.logger.Printf("failed to delete channel %q: %v", upstreamName, err)
1709	}
1710	}
1711	}
1712	case "KICK":
1713	var channelStr, userStr string
1714	if err := parseMessageParams(msg, &channelStr, &userStr); err != nil {
1715	return err
1716	}
1717
1718	channels := strings.Split(channelStr, ",")
1719	users := strings.Split(userStr, ",")
1720
1721	var reason string
1722	if len(msg.Params) > 2 {
1723	reason = msg.Params[2]
1724	}
1725
1726	if len(channels) != 1 && len(channels) != len(users) {
1727	return ircError{&irc.Message{
1728	Command: irc.ERR_BADCHANMASK,
1729	Params: []string{dc.nick, channelStr, "Bad channel mask"},
1730	}}
1731	}
1732
1733	for i, user := range users {
1734	var channel string
1735	if len(channels) == 1 {
1736	channel = channels[0]
1737	} else {
1738	channel = channels[i]
1739	}
1740
1741	ucChannel, upstreamChannel, err := dc.unmarshalEntity(channel)
1742	if err != nil {
1743	return err
1744	}
1745
1746	ucUser, upstreamUser, err := dc.unmarshalEntity(user)
1747	if err != nil {
1748	return err
1749	}
1750
1751	if ucChannel != ucUser {
1752	return ircError{&irc.Message{
1753	Command: irc.ERR_USERNOTINCHANNEL,
1754	Params: []string{dc.nick, user, channel, "They are on another network"},
1755	}}
1756	}
1757	uc := ucChannel
1758
1759	params := []string{upstreamChannel, upstreamUser}
1760	if reason != "" {
1761	params = append(params, reason)
1762	}
1763	uc.SendMessageLabeled(dc.id, &irc.Message{
1764	Command: "KICK",
1765	Params: params,
1766	})
1767	}
1768	case "MODE":
1769	var name string
1770	if err := parseMessageParams(msg, &name); err != nil {
1771	return err
1772	}
1773
1774	var modeStr string
1775	if len(msg.Params) > 1 {
1776	modeStr = msg.Params[1]
1777	}
1778
1779	if casemapASCII(name) == dc.nickCM {
1780	if modeStr != "" {
1781	if uc := dc.upstream(); uc != nil {
1782	uc.SendMessageLabeled(dc.id, &irc.Message{
1783	Command: "MODE",
1784	Params: []string{uc.nick, modeStr},
1785	})
1786	} else {
1787	dc.SendMessage(&irc.Message{
1788	Prefix: dc.srv.prefix(),
1789	Command: irc.ERR_UMODEUNKNOWNFLAG,
1790	Params: []string{dc.nick, "Cannot change user mode in multi-upstream mode"},
1791	})
1792	}
1793	} else {
1794	var userMode string
1795	if uc := dc.upstream(); uc != nil {
1796	userMode = string(uc.modes)
1797	}
1798
1799	dc.SendMessage(&irc.Message{
1800	Prefix: dc.srv.prefix(),
1801	Command: irc.RPL_UMODEIS,
1802	Params: []string{dc.nick, "+" + userMode},
1803	})
1804	}
1805	return nil
1806	}
1807
1808	uc, upstreamName, err := dc.unmarshalEntity(name)
1809	if err != nil {
1810	return err
1811	}
1812
1813	if !uc.isChannel(upstreamName) {
1814	return ircError{&irc.Message{
1815	Command: irc.ERR_USERSDONTMATCH,
1816	Params: []string{dc.nick, "Cannot change mode for other users"},
1817	}}
1818	}
1819
1820	if modeStr != "" {
1821	params := []string{upstreamName, modeStr}
1822	params = append(params, msg.Params[2:]...)
1823	uc.SendMessageLabeled(dc.id, &irc.Message{
1824	Command: "MODE",
1825	Params: params,
1826	})
1827	} else {
1828	ch := uc.channels.Value(upstreamName)
1829	if ch == nil {
1830	return ircError{&irc.Message{
1831	Command: irc.ERR_NOSUCHCHANNEL,
1832	Params: []string{dc.nick, name, "No such channel"},
1833	}}
1834	}
1835
1836	if ch.modes == nil {
1837	// we haven't received the initial RPL_CHANNELMODEIS yet
1838	// ignore the request, we will broadcast the modes later when we receive RPL_CHANNELMODEIS
1839	return nil
1840	}
1841
1842	modeStr, modeParams := ch.modes.Format()
1843	params := []string{dc.nick, name, modeStr}
1844	params = append(params, modeParams...)
1845
1846	dc.SendMessage(&irc.Message{
1847	Prefix: dc.srv.prefix(),
1848	Command: irc.RPL_CHANNELMODEIS,
1849	Params: params,
1850	})
1851	if ch.creationTime != "" {
1852	dc.SendMessage(&irc.Message{
1853	Prefix: dc.srv.prefix(),
1854	Command: rpl_creationtime,
1855	Params: []string{dc.nick, name, ch.creationTime},
1856	})
1857	}
1858	}
1859	case "TOPIC":
1860	var channel string
1861	if err := parseMessageParams(msg, &channel); err != nil {
1862	return err
1863	}
1864
1865	uc, upstreamName, err := dc.unmarshalEntity(channel)
1866	if err != nil {
1867	return err
1868	}
1869
1870	if len(msg.Params) > 1 { // setting topic
1871	topic := msg.Params[1]
1872	uc.SendMessageLabeled(dc.id, &irc.Message{
1873	Command: "TOPIC",
1874	Params: []string{upstreamName, topic},
1875	})
1876	} else { // getting topic
1877	ch := uc.channels.Value(upstreamName)
1878	if ch == nil {
1879	return ircError{&irc.Message{
1880	Command: irc.ERR_NOSUCHCHANNEL,
1881	Params: []string{dc.nick, upstreamName, "No such channel"},
1882	}}
1883	}
1884	sendTopic(dc, ch)
1885	}
1886	case "LIST":
1887	network := dc.network
1888	if network == nil && len(msg.Params) > 0 {
1889	var err error
1890	network, msg.Params[0], err = dc.unmarshalEntityNetwork(msg.Params[0])
1891	if err != nil {
1892	return err
1893	}
1894	}
1895	if network == nil {
1896	dc.SendMessage(&irc.Message{
1897	Prefix: dc.srv.prefix(),
1898	Command: irc.RPL_LISTEND,
1899	Params: []string{dc.nick, "LIST without a network suffix is not supported in multi-upstream mode"},
1900	})
1901	return nil
1902	}
1903
1904	uc := network.conn
1905	if uc == nil {
1906	dc.SendMessage(&irc.Message{
1907	Prefix: dc.srv.prefix(),
1908	Command: irc.RPL_LISTEND,
1909	Params: []string{dc.nick, "Disconnected from upstream server"},
1910	})
1911	return nil
1912	}
1913
1914	uc.enqueueCommand(dc, msg)
1915	case "NAMES":
1916	if len(msg.Params) == 0 {
1917	dc.SendMessage(&irc.Message{
1918	Prefix: dc.srv.prefix(),
1919	Command: irc.RPL_ENDOFNAMES,
1920	Params: []string{dc.nick, "*", "End of /NAMES list"},
1921	})
1922	return nil
1923	}
1924
1925	channels := strings.Split(msg.Params[0], ",")
1926	for _, channel := range channels {
1927	uc, upstreamName, err := dc.unmarshalEntity(channel)
1928	if err != nil {
1929	return err
1930	}
1931
1932	ch := uc.channels.Value(upstreamName)
1933	if ch != nil {
1934	sendNames(dc, ch)
1935	} else {
1936	// NAMES on a channel we have not joined, ask upstream
1937	uc.SendMessageLabeled(dc.id, &irc.Message{
1938	Command: "NAMES",
1939	Params: []string{upstreamName},
1940	})
1941	}
1942	}
1943	// For WHOX docs, see:
1944	// - http://faerion.sourceforge.net/doc/irc/whox.var
1945	// - https://github.com/quakenet/snircd/blob/master/doc/readme.who
1946	// Note, many features aren't widely implemented, such as flags and mask2
1947	case "WHO":
1948	if len(msg.Params) == 0 {
1949	// TODO: support WHO without parameters
1950	dc.SendMessage(&irc.Message{
1951	Prefix: dc.srv.prefix(),
1952	Command: irc.RPL_ENDOFWHO,
1953	Params: []string{dc.nick, "*", "End of /WHO list"},
1954	})
1955	return nil
1956	}
1957
1958	// Clients will use the first mask to match RPL_ENDOFWHO
1959	endOfWhoToken := msg.Params[0]
1960
1961	// TODO: add support for WHOX mask2
1962	mask := msg.Params[0]
1963	var options string
1964	if len(msg.Params) > 1 {
1965	options = msg.Params[1]
1966	}
1967
1968	optionsParts := strings.SplitN(options, "%", 2)
1969	// TODO: add support for WHOX flags in optionsParts[0]
1970	var fields, whoxToken string
1971	if len(optionsParts) == 2 {
1972	optionsParts := strings.SplitN(optionsParts[1], ",", 2)
1973	fields = strings.ToLower(optionsParts[0])
1974	if len(optionsParts) == 2 && strings.Contains(fields, "t") {
1975	whoxToken = optionsParts[1]
1976	}
1977	}
1978
1979	// TODO: support mixed bouncer/upstream WHO queries
1980	maskCM := casemapASCII(mask)
1981	if dc.network == nil && maskCM == dc.nickCM {
1982	// TODO: support AWAY (H/G) in self WHO reply
1983	flags := "H"
1984	if dc.user.Admin {
1985	flags += "*"
1986	}
1987	info := whoxInfo{
1988	Token: whoxToken,
1989	Username: dc.user.Username,
1990	Hostname: dc.hostname,
1991	Server: dc.srv.Config().Hostname,
1992	Nickname: dc.nick,
1993	Flags: flags,
1994	Account: dc.user.Username,
1995	Realname: dc.realname,
1996	}
1997	dc.SendMessage(generateWHOXReply(dc.srv.prefix(), dc.nick, fields, &info))
1998	dc.SendMessage(&irc.Message{
1999	Prefix: dc.srv.prefix(),
2000	Command: irc.RPL_ENDOFWHO,
2001	Params: []string{dc.nick, endOfWhoToken, "End of /WHO list"},
2002	})
2003	return nil
2004	}
2005	if maskCM == serviceNickCM {
2006	info := whoxInfo{
2007	Token: whoxToken,
2008	Username: servicePrefix.User,
2009	Hostname: servicePrefix.Host,
2010	Server: dc.srv.Config().Hostname,
2011	Nickname: serviceNick,
2012	Flags: "H*",
2013	Account: serviceNick,
2014	Realname: serviceRealname,
2015	}
2016	dc.SendMessage(generateWHOXReply(dc.srv.prefix(), dc.nick, fields, &info))
2017	dc.SendMessage(&irc.Message{
2018	Prefix: dc.srv.prefix(),
2019	Command: irc.RPL_ENDOFWHO,
2020	Params: []string{dc.nick, endOfWhoToken, "End of /WHO list"},
2021	})
2022	return nil
2023	}
2024
2025	// TODO: properly support WHO masks
2026	uc, upstreamMask, err := dc.unmarshalEntity(mask)
2027	if err != nil {
2028	return err
2029	}
2030
2031	params := []string{upstreamMask}
2032	if options != "" {
2033	params = append(params, options)
2034	}
2035
2036	uc.enqueueCommand(dc, &irc.Message{
2037	Command: "WHO",
2038	Params: params,
2039	})
2040	case "WHOIS":
2041	if len(msg.Params) == 0 {
2042	return ircError{&irc.Message{
2043	Command: irc.ERR_NONICKNAMEGIVEN,
2044	Params: []string{dc.nick, "No nickname given"},
2045	}}
2046	}
2047
2048	var target, mask string
2049	if len(msg.Params) == 1 {
2050	target = ""
2051	mask = msg.Params[0]
2052	} else {
2053	target = msg.Params[0]
2054	mask = msg.Params[1]
2055	}
2056	// TODO: support multiple WHOIS users
2057	if i := strings.IndexByte(mask, ','); i >= 0 {
2058	mask = mask[:i]
2059	}
2060
2061	if dc.network == nil && casemapASCII(mask) == dc.nickCM {
2062	dc.SendMessage(&irc.Message{
2063	Prefix: dc.srv.prefix(),
2064	Command: irc.RPL_WHOISUSER,
2065	Params: []string{dc.nick, dc.nick, dc.user.Username, dc.hostname, "*", dc.realname},
2066	})
2067	dc.SendMessage(&irc.Message{
2068	Prefix: dc.srv.prefix(),
2069	Command: irc.RPL_WHOISSERVER,
2070	Params: []string{dc.nick, dc.nick, dc.srv.Config().Hostname, "soju"},
2071	})
2072	if dc.user.Admin {
2073	dc.SendMessage(&irc.Message{
2074	Prefix: dc.srv.prefix(),
2075	Command: irc.RPL_WHOISOPERATOR,
2076	Params: []string{dc.nick, dc.nick, "is a bouncer administrator"},
2077	})
2078	}
2079	dc.SendMessage(&irc.Message{
2080	Prefix: dc.srv.prefix(),
2081	Command: rpl_whoisaccount,
2082	Params: []string{dc.nick, dc.nick, dc.user.Username, "is logged in as"},
2083	})
2084	dc.SendMessage(&irc.Message{
2085	Prefix: dc.srv.prefix(),
2086	Command: irc.RPL_ENDOFWHOIS,
2087	Params: []string{dc.nick, dc.nick, "End of /WHOIS list"},
2088	})
2089	return nil
2090	}
2091	if casemapASCII(mask) == serviceNickCM {
2092	dc.SendMessage(&irc.Message{
2093	Prefix: dc.srv.prefix(),
2094	Command: irc.RPL_WHOISUSER,
2095	Params: []string{dc.nick, serviceNick, servicePrefix.User, servicePrefix.Host, "*", serviceRealname},
2096	})
2097	dc.SendMessage(&irc.Message{
2098	Prefix: dc.srv.prefix(),
2099	Command: irc.RPL_WHOISSERVER,
2100	Params: []string{dc.nick, serviceNick, dc.srv.Config().Hostname, "soju"},
2101	})
2102	dc.SendMessage(&irc.Message{
2103	Prefix: dc.srv.prefix(),
2104	Command: irc.RPL_WHOISOPERATOR,
2105	Params: []string{dc.nick, serviceNick, "is the bouncer service"},
2106	})
2107	dc.SendMessage(&irc.Message{
2108	Prefix: dc.srv.prefix(),
2109	Command: rpl_whoisaccount,
2110	Params: []string{dc.nick, serviceNick, serviceNick, "is logged in as"},
2111	})
2112	dc.SendMessage(&irc.Message{
2113	Prefix: dc.srv.prefix(),
2114	Command: irc.RPL_ENDOFWHOIS,
2115	Params: []string{dc.nick, serviceNick, "End of /WHOIS list"},
2116	})
2117	return nil
2118	}
2119
2120	// TODO: support WHOIS masks
2121	uc, upstreamNick, err := dc.unmarshalEntity(mask)
2122	if err != nil {
2123	return err
2124	}
2125
2126	var params []string
2127	if target != "" {
2128	if target == mask { // WHOIS nick nick
2129	params = []string{upstreamNick, upstreamNick}
2130	} else {
2131	params = []string{target, upstreamNick}
2132	}
2133	} else {
2134	params = []string{upstreamNick}
2135	}
2136
2137	uc.SendMessageLabeled(dc.id, &irc.Message{
2138	Command: "WHOIS",
2139	Params: params,
2140	})
2141	case "PRIVMSG", "NOTICE":
2142	var targetsStr, text string
2143	if err := parseMessageParams(msg, &targetsStr, &text); err != nil {
2144	return err
2145	}
2146	tags := copyClientTags(msg.Tags)
2147
2148	for _, name := range strings.Split(targetsStr, ",") {
2149	if name == "$"+dc.srv.Config().Hostname \|\| (name == "$*" && dc.network == nil) {
2150	// "$" means a server mask follows. If it's the bouncer's
2151	// hostname, broadcast the message to all bouncer users.
2152	if !dc.user.Admin {
2153	return ircError{&irc.Message{
2154	Prefix: dc.srv.prefix(),
2155	Command: irc.ERR_BADMASK,
2156	Params: []string{dc.nick, name, "Permission denied to broadcast message to all bouncer users"},
2157	}}
2158	}
2159
2160	dc.logger.Printf("broadcasting bouncer-wide %v: %v", msg.Command, text)
2161
2162	broadcastTags := tags.Copy()
2163	broadcastTags["time"] = irc.TagValue(time.Now().UTC().Format(serverTimeLayout))
2164	broadcastMsg := &irc.Message{
2165	Tags: broadcastTags,
2166	Prefix: servicePrefix,
2167	Command: msg.Command,
2168	Params: []string{name, text},
2169	}
2170	dc.srv.forEachUser(func(u *user) {
2171	u.events <- eventBroadcast{broadcastMsg}
2172	})
2173	continue
2174	}
2175
2176	if dc.network == nil && casemapASCII(name) == dc.nickCM {
2177	dc.SendMessage(&irc.Message{
2178	Tags: msg.Tags.Copy(),
2179	Prefix: dc.prefix(),
2180	Command: msg.Command,
2181	Params: []string{name, text},
2182	})
2183	continue
2184	}
2185
2186	if msg.Command == "PRIVMSG" && casemapASCII(name) == serviceNickCM {
2187	if dc.caps["echo-message"] {
2188	echoTags := tags.Copy()
2189	echoTags["time"] = irc.TagValue(time.Now().UTC().Format(serverTimeLayout))
2190	dc.SendMessage(&irc.Message{
2191	Tags: echoTags,
2192	Prefix: dc.prefix(),
2193	Command: msg.Command,
2194	Params: []string{name, text},
2195	})
2196	}
2197	handleServicePRIVMSG(ctx, dc, text)
2198	continue
2199	}
2200
2201	uc, upstreamName, err := dc.unmarshalEntity(name)
2202	if err != nil {
2203	return err
2204	}
2205
2206	if msg.Command == "PRIVMSG" && uc.network.casemap(upstreamName) == "nickserv" {
2207	dc.handleNickServPRIVMSG(ctx, uc, text)
2208	}
2209
2210	unmarshaledText := text
2211	if uc.isChannel(upstreamName) {
2212	unmarshaledText = dc.unmarshalText(uc, text)
2213	}
2214	uc.SendMessageLabeled(dc.id, &irc.Message{
2215	Tags: tags,
2216	Command: msg.Command,
2217	Params: []string{upstreamName, unmarshaledText},
2218	})
2219
2220	echoTags := tags.Copy()
2221	echoTags["time"] = irc.TagValue(time.Now().UTC().Format(serverTimeLayout))
2222	if uc.account != "" {
2223	echoTags["account"] = irc.TagValue(uc.account)
2224	}
2225	echoMsg := &irc.Message{
2226	Tags: echoTags,
2227	Prefix: &irc.Prefix{Name: uc.nick},
2228	Command: msg.Command,
2229	Params: []string{upstreamName, text},
2230	}
2231	uc.produce(upstreamName, echoMsg, dc)
2232
2233	uc.updateChannelAutoDetach(upstreamName)
2234	}
2235	case "TAGMSG":
2236	var targetsStr string
2237	if err := parseMessageParams(msg, &targetsStr); err != nil {
2238	return err
2239	}
2240	tags := copyClientTags(msg.Tags)
2241
2242	for _, name := range strings.Split(targetsStr, ",") {
2243	if dc.network == nil && casemapASCII(name) == dc.nickCM {
2244	dc.SendMessage(&irc.Message{
2245	Tags: msg.Tags.Copy(),
2246	Prefix: dc.prefix(),
2247	Command: "TAGMSG",
2248	Params: []string{name},
2249	})
2250	continue
2251	}
2252
2253	if casemapASCII(name) == serviceNickCM {
2254	continue
2255	}
2256
2257	uc, upstreamName, err := dc.unmarshalEntity(name)
2258	if err != nil {
2259	return err
2260	}
2261	if _, ok := uc.caps["message-tags"]; !ok {
2262	continue
2263	}
2264
2265	uc.SendMessageLabeled(dc.id, &irc.Message{
2266	Tags: tags,
2267	Command: "TAGMSG",
2268	Params: []string{upstreamName},
2269	})
2270
2271	uc.updateChannelAutoDetach(upstreamName)
2272	}
2273	case "INVITE":
2274	var user, channel string
2275	if err := parseMessageParams(msg, &user, &channel); err != nil {
2276	return err
2277	}
2278
2279	ucChannel, upstreamChannel, err := dc.unmarshalEntity(channel)
2280	if err != nil {
2281	return err
2282	}
2283
2284	ucUser, upstreamUser, err := dc.unmarshalEntity(user)
2285	if err != nil {
2286	return err
2287	}
2288
2289	if ucChannel != ucUser {
2290	return ircError{&irc.Message{
2291	Command: irc.ERR_USERNOTINCHANNEL,
2292	Params: []string{dc.nick, user, channel, "They are on another network"},
2293	}}
2294	}
2295	uc := ucChannel
2296
2297	uc.SendMessageLabeled(dc.id, &irc.Message{
2298	Command: "INVITE",
2299	Params: []string{upstreamUser, upstreamChannel},
2300	})
2301	case "MONITOR":
2302	// MONITOR is unsupported in multi-upstream mode
2303	uc := dc.upstream()
2304	if uc == nil {
2305	return newUnknownCommandError(msg.Command)
2306	}
2307
2308	var subcommand string
2309	if err := parseMessageParams(msg, &subcommand); err != nil {
2310	return err
2311	}
2312
2313	switch strings.ToUpper(subcommand) {
2314	case "+", "-":
2315	var targets string
2316	if err := parseMessageParams(msg, nil, &targets); err != nil {
2317	return err
2318	}
2319	for _, target := range strings.Split(targets, ",") {
2320	if subcommand == "+" {
2321	// Hard limit, just to avoid having downstreams fill our map
2322	if len(dc.monitored.innerMap) >= 1000 {
2323	dc.SendMessage(&irc.Message{
2324	Prefix: dc.srv.prefix(),
2325	Command: irc.ERR_MONLISTFULL,
2326	Params: []string{dc.nick, "1000", target, "Bouncer monitor list is full"},
2327	})
2328	continue
2329	}
2330
2331	dc.monitored.SetValue(target, nil)
2332
2333	if uc.monitored.Has(target) {
2334	cmd := irc.RPL_MONOFFLINE
2335	if online := uc.monitored.Value(target); online {
2336	cmd = irc.RPL_MONONLINE
2337	}
2338
2339	dc.SendMessage(&irc.Message{
2340	Prefix: dc.srv.prefix(),
2341	Command: cmd,
2342	Params: []string{dc.nick, target},
2343	})
2344	}
2345	} else {
2346	dc.monitored.Delete(target)
2347	}
2348	}
2349	uc.updateMonitor()
2350	case "C": // clear
2351	dc.monitored = newCasemapMap(0)
2352	uc.updateMonitor()
2353	case "L": // list
2354	// TODO: be less lazy and pack the list
2355	for _, entry := range dc.monitored.innerMap {
2356	dc.SendMessage(&irc.Message{
2357	Prefix: dc.srv.prefix(),
2358	Command: irc.RPL_MONLIST,
2359	Params: []string{dc.nick, entry.originalKey},
2360	})
2361	}
2362	dc.SendMessage(&irc.Message{
2363	Prefix: dc.srv.prefix(),
2364	Command: irc.RPL_ENDOFMONLIST,
2365	Params: []string{dc.nick, "End of MONITOR list"},
2366	})
2367	case "S": // status
2368	// TODO: be less lazy and pack the lists
2369	for _, entry := range dc.monitored.innerMap {
2370	target := entry.originalKey
2371
2372	cmd := irc.RPL_MONOFFLINE
2373	if online := uc.monitored.Value(target); online {
2374	cmd = irc.RPL_MONONLINE
2375	}
2376
2377	dc.SendMessage(&irc.Message{
2378	Prefix: dc.srv.prefix(),
2379	Command: cmd,
2380	Params: []string{dc.nick, target},
2381	})
2382	}
2383	}
2384	case "CHATHISTORY":
2385	var subcommand string
2386	if err := parseMessageParams(msg, &subcommand); err != nil {
2387	return err
2388	}
2389	var target, limitStr string
2390	var boundsStr [2]string
2391	switch subcommand {
2392	case "AFTER", "BEFORE", "LATEST":
2393	if err := parseMessageParams(msg, nil, &target, &boundsStr[0], &limitStr); err != nil {
2394	return err
2395	}
2396	case "BETWEEN":
2397	if err := parseMessageParams(msg, nil, &target, &boundsStr[0], &boundsStr[1], &limitStr); err != nil {
2398	return err
2399	}
2400	case "TARGETS":
2401	if dc.network == nil {
2402	// Either an unbound bouncer network, in which case we should return no targets,
2403	// or a multi-upstream downstream, but we don't support CHATHISTORY TARGETS for those yet.
2404	dc.SendBatch("draft/chathistory-targets", nil, nil, func(batchRef irc.TagValue) {})
2405	return nil
2406	}
2407	if err := parseMessageParams(msg, nil, &boundsStr[0], &boundsStr[1], &limitStr); err != nil {
2408	return err
2409	}
2410	default:
2411	// TODO: support AROUND
2412	return ircError{&irc.Message{
2413	Command: "FAIL",
2414	Params: []string{"CHATHISTORY", "INVALID_PARAMS", subcommand, "Unknown command"},
2415	}}
2416	}
2417
2418	// We don't save history for our service
2419	if casemapASCII(target) == serviceNickCM {
2420	dc.SendBatch("chathistory", []string{target}, nil, func(batchRef irc.TagValue) {})
2421	return nil
2422	}
2423
2424	store, ok := dc.user.msgStore.(chatHistoryMessageStore)
2425	if !ok {
2426	return ircError{&irc.Message{
2427	Command: irc.ERR_UNKNOWNCOMMAND,
2428	Params: []string{dc.nick, "CHATHISTORY", "Unknown command"},
2429	}}
2430	}
2431
2432	network, entity, err := dc.unmarshalEntityNetwork(target)
2433	if err != nil {
2434	return err
2435	}
2436	entity = network.casemap(entity)
2437
2438	// TODO: support msgid criteria
2439	var bounds [2]time.Time
2440	bounds[0] = parseChatHistoryBound(boundsStr[0])
2441	if subcommand == "LATEST" && boundsStr[0] == "*" {
2442	bounds[0] = time.Now()
2443	} else if bounds[0].IsZero() {
2444	return ircError{&irc.Message{
2445	Command: "FAIL",
2446	Params: []string{"CHATHISTORY", "INVALID_PARAMS", subcommand, boundsStr[0], "Invalid first bound"},
2447	}}
2448	}
2449
2450	if boundsStr[1] != "" {
2451	bounds[1] = parseChatHistoryBound(boundsStr[1])
2452	if bounds[1].IsZero() {
2453	return ircError{&irc.Message{
2454	Command: "FAIL",
2455	Params: []string{"CHATHISTORY", "INVALID_PARAMS", subcommand, boundsStr[1], "Invalid second bound"},
2456	}}
2457	}
2458	}
2459
2460	limit, err := strconv.Atoi(limitStr)
2461	if err != nil \|\| limit < 0 \|\| limit > chatHistoryLimit {
2462	return ircError{&irc.Message{
2463	Command: "FAIL",
2464	Params: []string{"CHATHISTORY", "INVALID_PARAMS", subcommand, limitStr, "Invalid limit"},
2465	}}
2466	}
2467
2468	eventPlayback := dc.caps["draft/event-playback"]
2469
2470	var history []*irc.Message
2471	switch subcommand {
2472	case "BEFORE", "LATEST":
2473	history, err = store.LoadBeforeTime(ctx, &network.Network, entity, bounds[0], time.Time{}, limit, eventPlayback)
2474	case "AFTER":
2475	history, err = store.LoadAfterTime(ctx, &network.Network, entity, bounds[0], time.Now(), limit, eventPlayback)
2476	case "BETWEEN":
2477	if bounds[0].Before(bounds[1]) {
2478	history, err = store.LoadAfterTime(ctx, &network.Network, entity, bounds[0], bounds[1], limit, eventPlayback)
2479	} else {
2480	history, err = store.LoadBeforeTime(ctx, &network.Network, entity, bounds[0], bounds[1], limit, eventPlayback)
2481	}
2482	case "TARGETS":
2483	// TODO: support TARGETS in multi-upstream mode
2484	targets, err := store.ListTargets(ctx, &network.Network, bounds[0], bounds[1], limit, eventPlayback)
2485	if err != nil {
2486	dc.logger.Printf("failed fetching targets for chathistory: %v", err)
2487	return ircError{&irc.Message{
2488	Command: "FAIL",
2489	Params: []string{"CHATHISTORY", "MESSAGE_ERROR", subcommand, "Failed to retrieve targets"},
2490	}}
2491	}
2492
2493	dc.SendBatch("draft/chathistory-targets", nil, nil, func(batchRef irc.TagValue) {
2494	for _, target := range targets {
2495	if ch := network.channels.Value(target.Name); ch != nil && ch.Detached {
2496	continue
2497	}
2498
2499	dc.SendMessage(&irc.Message{
2500	Tags: irc.Tags{"batch": batchRef},
2501	Prefix: dc.srv.prefix(),
2502	Command: "CHATHISTORY",
2503	Params: []string{"TARGETS", target.Name, target.LatestMessage.UTC().Format(serverTimeLayout)},
2504	})
2505	}
2506	})
2507
2508	return nil
2509	}
2510	if err != nil {
2511	dc.logger.Printf("failed fetching %q messages for chathistory: %v", target, err)
2512	return newChatHistoryError(subcommand, target)
2513	}
2514
2515	dc.SendBatch("chathistory", []string{target}, nil, func(batchRef irc.TagValue) {
2516	for _, msg := range history {
2517	msg.Tags["batch"] = batchRef
2518	dc.SendMessage(dc.marshalMessage(msg, network))
2519	}
2520	})
2521	case "BOUNCER":
2522	var subcommand string
2523	if err := parseMessageParams(msg, &subcommand); err != nil {
2524	return err
2525	}
2526
2527	switch strings.ToUpper(subcommand) {
2528	case "BIND":
2529	return ircError{&irc.Message{
2530	Command: "FAIL",
2531	Params: []string{"BOUNCER", "REGISTRATION_IS_COMPLETED", "BIND", "Cannot bind to a network after registration"},
2532	}}
2533	case "LISTNETWORKS":
2534	dc.SendBatch("soju.im/bouncer-networks", nil, nil, func(batchRef irc.TagValue) {
2535	dc.user.forEachNetwork(func(network *network) {
2536	idStr := fmt.Sprintf("%v", network.ID)
2537	attrs := getNetworkAttrs(network)
2538	dc.SendMessage(&irc.Message{
2539	Tags: irc.Tags{"batch": batchRef},
2540	Prefix: dc.srv.prefix(),
2541	Command: "BOUNCER",
2542	Params: []string{"NETWORK", idStr, attrs.String()},
2543	})
2544	})
2545	})
2546	case "ADDNETWORK":
2547	var attrsStr string
2548	if err := parseMessageParams(msg, nil, &attrsStr); err != nil {
2549	return err
2550	}
2551	attrs := irc.ParseTags(attrsStr)
2552
2553	record := &Network{Nick: dc.nick, Enabled: true}
2554	if err := updateNetworkAttrs(record, attrs, subcommand); err != nil {
2555	return err
2556	}
2557
2558	if record.Nick == dc.user.Username {
2559	record.Nick = ""
2560	}
2561	if record.Realname == dc.user.Realname {
2562	record.Realname = ""
2563	}
2564
2565	network, err := dc.user.createNetwork(ctx, record)
2566	if err != nil {
2567	return ircError{&irc.Message{
2568	Command: "FAIL",
2569	Params: []string{"BOUNCER", "UNKNOWN_ERROR", subcommand, fmt.Sprintf("Failed to create network: %v", err)},
2570	}}
2571	}
2572
2573	dc.SendMessage(&irc.Message{
2574	Prefix: dc.srv.prefix(),
2575	Command: "BOUNCER",
2576	Params: []string{"ADDNETWORK", fmt.Sprintf("%v", network.ID)},
2577	})
2578	case "CHANGENETWORK":
2579	var idStr, attrsStr string
2580	if err := parseMessageParams(msg, nil, &idStr, &attrsStr); err != nil {
2581	return err
2582	}
2583	id, err := parseBouncerNetID(subcommand, idStr)
2584	if err != nil {
2585	return err
2586	}
2587	attrs := irc.ParseTags(attrsStr)
2588
2589	net := dc.user.getNetworkByID(id)
2590	if net == nil {
2591	return ircError{&irc.Message{
2592	Command: "FAIL",
2593	Params: []string{"BOUNCER", "INVALID_NETID", subcommand, idStr, "Invalid network ID"},
2594	}}
2595	}
2596
2597	record := net.Network // copy network record because we'll mutate it
2598	if err := updateNetworkAttrs(&record, attrs, subcommand); err != nil {
2599	return err
2600	}
2601
2602	if record.Nick == dc.user.Username {
2603	record.Nick = ""
2604	}
2605	if record.Realname == dc.user.Realname {
2606	record.Realname = ""
2607	}
2608
2609	_, err = dc.user.updateNetwork(ctx, &record)
2610	if err != nil {
2611	return ircError{&irc.Message{
2612	Command: "FAIL",
2613	Params: []string{"BOUNCER", "UNKNOWN_ERROR", subcommand, fmt.Sprintf("Failed to update network: %v", err)},
2614	}}
2615	}
2616
2617	dc.SendMessage(&irc.Message{
2618	Prefix: dc.srv.prefix(),
2619	Command: "BOUNCER",
2620	Params: []string{"CHANGENETWORK", idStr},
2621	})
2622	case "DELNETWORK":
2623	var idStr string
2624	if err := parseMessageParams(msg, nil, &idStr); err != nil {
2625	return err
2626	}
2627	id, err := parseBouncerNetID(subcommand, idStr)
2628	if err != nil {
2629	return err
2630	}
2631
2632	net := dc.user.getNetworkByID(id)
2633	if net == nil {
2634	return ircError{&irc.Message{
2635	Command: "FAIL",
2636	Params: []string{"BOUNCER", "INVALID_NETID", subcommand, idStr, "Invalid network ID"},
2637	}}
2638	}
2639
2640	if err := dc.user.deleteNetwork(ctx, net.ID); err != nil {
2641	return err
2642	}
2643
2644	dc.SendMessage(&irc.Message{
2645	Prefix: dc.srv.prefix(),
2646	Command: "BOUNCER",
2647	Params: []string{"DELNETWORK", idStr},
2648	})
2649	default:
2650	return ircError{&irc.Message{
2651	Command: "FAIL",
2652	Params: []string{"BOUNCER", "UNKNOWN_COMMAND", subcommand, "Unknown subcommand"},
2653	}}
2654	}
2655	default:
2656	dc.logger.Printf("unhandled message: %v", msg)
2657
2658	// Only forward unknown commands in single-upstream mode
2659	uc := dc.upstream()
2660	if uc == nil {
2661	return newUnknownCommandError(msg.Command)
2662	}
2663
2664	uc.SendMessageLabeled(dc.id, msg)
2665	}
2666	return nil
2667	}
2668
2669	func (dc downstreamConn) handleNickServPRIVMSG(ctx context.Context, uc upstreamConn, text string) {
2670	username, password, ok := parseNickServCredentials(text, uc.nick)
2671	if !ok {
2672	return
2673	}
2674
2675	// User may have e.g. EXTERNAL mechanism configured. We do not want to
2676	// automatically erase the key pair or any other credentials.
2677	if uc.network.SASL.Mechanism != "" && uc.network.SASL.Mechanism != "PLAIN" {
2678	return
2679	}
2680
2681	dc.logger.Printf("auto-saving NickServ credentials with username %q", username)
2682	n := uc.network
2683	n.SASL.Mechanism = "PLAIN"
2684	n.SASL.Plain.Username = username
2685	n.SASL.Plain.Password = password
2686	if err := dc.srv.db.StoreNetwork(ctx, dc.user.ID, &n.Network); err != nil {
2687	dc.logger.Printf("failed to save NickServ credentials: %v", err)
2688	}
2689	}
2690
2691	func parseNickServCredentials(text, nick string) (username, password string, ok bool) {
2692	fields := strings.Fields(text)
2693	if len(fields) < 2 {
2694	return "", "", false
2695	}
2696	cmd := strings.ToUpper(fields[0])
2697	params := fields[1:]
2698	switch cmd {
2699	case "REGISTER":
2700	username = nick
2701	password = params[0]
2702	case "IDENTIFY":
2703	if len(params) == 1 {
2704	username = nick
2705	password = params[0]
2706	} else {
2707	username = params[0]
2708	password = params[1]
2709	}
2710	case "SET":
2711	if len(params) == 2 && strings.EqualFold(params[0], "PASSWORD") {
2712	username = nick
2713	password = params[1]
2714	}
2715	default:
2716	return "", "", false
2717	}
2718	return username, password, true
2719	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: