rainbownapkin/canopy
1
0
Fork 0
Code Issues 2 Pull requests Actions Packages Projects Releases Wiki Activity

High-level rank changes and bad attempts and good Remember-Me tokens now logged.

Browse source
This commit is contained in:
rainbow napkin 2025-10-22 21:53:41 -04:00
parent a34ece4374
commit 1bd9fcdc80
5 changed files with 53 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.gitignore vendored
View file

@ -1,9 +1,6 @@
node_modules/
log/crash/*
!log/crash
log/*
www/doc/*/*
!www/doc/client
!www/doc/server
package-lock.json
config.json
config.json.old

7
src/schemas/user/rememberMeSchema.js
View file

@ -128,14 +128,15 @@ rememberMeToken.statics.authenticate = async function(id, token, failLine = "Bad
badLogin();
}
//Populate the user field
await tokenDB.populate('user');
//Check our password is correct
if(await tokenDB.checkToken(token)){
//Populate the user field
await tokenDB.populate('user');
//Return the user doc
return tokenDB.user;
}else{
loggerUtils.dumpSecurityLog(`Failed attempt at ${tokenDB.user.user}'s Remember-Me token {${tokenDB.id}}... Nuking token!`);
//Nuke the token for security
await tokenDB.deleteOne();
//if not scream and shout

5
src/schemas/user/userSchema.js
View file

@ -186,6 +186,11 @@ userSchema.pre('save', async function (next){
//If rank was changed
if(this.isModified("rank")){
//If this rank change is above 2 (Mod or above)
if(permissionModel.rankToNum(this.rank) > 2){
loggerUtils.dumpSecurityLog(`${this.user}'s rank was set to ${this.rank}.`);
}
//force a full log-out
await this.killAllSessions("Your site-wide rank has changed. Sign-in required.");
}

57
src/utils/loggerUtils.js
View file

@ -16,6 +16,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//Node
const fs = require('node:fs/promises');
const crypto = require('node:crypto');
//Config
const config = require('../../config.json');
@ -172,42 +173,68 @@ module.exports.errorMiddleware = function(err, req, res, next){
* Dumps unexpected server crashes to dedicated log files
* @param {Error} err - error to dump to file
* @param {Date} date - Date of error, defaults to now
* @param {String} subDir - subdirectory inside the log folder we want to dump to
* @param {Boolean} muzzle - Tells the function to STFU
*/
module.exports.dumpError = async function(err, date = new Date(), subDir = ''){
module.exports.dumpError = async function(err, date = new Date(), subDir = 'crash/', muzzle = false){
//Generate content from error
const content = `Error Date: ${date.toLocaleString()} (UTC-${date.getTimezoneOffset()/60})\nError Type: ${err.name}\nError Msg:${err.message}\nStack Trace:\n\n${err.stack}`;
//Dump text to file
module.exports.dumpLog(content, date.getTime(), subDir, muzzle);
}
module.exports.dumpSecurityLog = async function(content, date = new Date()){
module.exports.dumpLog(content, `Incident-{${crypto.randomUUID()}}-${date.getTime()}`, 'security/', true);
}
/**
* Dumps log file to log folder
* @param {String} content - Text to dump to file
* @param {String} name - file name to save to
* @param {String} subDir - subdirectory inside the log folder we want to dump to
* @param {Boolean} muzzle - Tells the function to STFU
*/
module.exports.dumpLog = async function(content, name, subDir = '/', muzzle = false){
try{
//Crash directory
const dir = `./log/crash/${subDir}`
const dir = `./log/${subDir}`
//Double check crash folder exists
try{
await fs.stat(dir);
//If we caught an error (most likely it's missing)
}catch(err){
//Shout about it
module.exports.consoleWarn("Log folder missing, mking dir!")
if(!muzzle){
//Shout about it
module.exports.consoleWarn("Log folder missing, mking dir!")
}
//Make it if doesn't
await fs.mkdir(dir, {recursive: true});
}
//Assemble log file path
const path = `${dir}${date.getTime()}.log`;
//Generate error file content
const content = `Error Date: ${date.toLocaleString()} (UTC-${date.getTimezoneOffset()/60})\nError Type: ${err.name}\nError Msg:${err.message}\nStack Trace:\n\n${err.stack}`;
const path = `${dir}${name}.log`;
//Write content to file
fs.writeFile(path, content);
//Whine about the error
module.exports.consoleWarn(`Warning: Unexpected Server Crash gracefully dumped to '${path}'... SOMETHING MAY BE VERY BROKEN!!!!`);
if(!muzzle){
//Whine about the error
module.exports.consoleWarn(`Warning: Unexpected Server Crash gracefully dumped to '${path}'... SOMETHING MAY BE VERY BROKEN!!!!`);
}
//If somethine went really really wrong
}catch(doubleErr){
//Use humor to cope with the pain
module.exports.consoleWarn("Yo Dawg, I herd you like errors, so I put an error in your error dump, so you can dump while you dump:");
//Dump the original error to console
module.exports.consoleWarn(err);
//Dump the error we had saving that error to file to console
module.exports.consoleWarn(doubleErr);
if(!muzzle){
//Use humor to cope with the pain
module.exports.consoleWarn("Yo Dawg, I herd you like errors, so I put an error in your error dump, so you can dump while you dump:");
//Dump the original error to console
module.exports.consoleWarn(err);
//Dump the error we had saving that error to file to console
module.exports.consoleWarn(doubleErr);
}
}
}

2
src/utils/mailUtils.js
View file

@ -78,7 +78,7 @@ module.exports.mailem = async function(to, subject, body, htmlBody = false){
//return the mail info
return sentMail;
}catch(err){
loggerUtils.dumpError(err, new Date(), 'mail/');
loggerUtils.dumpError(err, new Date(), 'crash/mail/');
}
}