Global

Members

cache

Basic RAM-Based cache of links, so we don't have to re-pull things after we get them
Source:

(constant) channelBanSchema

DB Schema for Documents representing a user ban from a single channel
Source:

(constant) channelPermissionSchema

DB Schema for Sub-Document representing permission structure for a single channel
Source:

(constant) channelSchema

DB Schema for Documents containing de-hydrated representations of Canopy Stream/Chat Channels
Source:

(constant) chatSchema

DB Schema for documents representing a single chat message
Source:

(constant) daysToExpire

Email change token retention time
Source:

(constant) daysToExpire

Password reset token retention time
Source:

(constant) emailChangeSchema

DB Schema for Document representing a single email change request
Source:

(constant) emoteSchema

DB Schema for documents represnting site-wide emotes
Source:

(constant) failedAttempts

Create failed sign-in cache since it's easier and more preformant to implement it this way than adding extra burdon to the database Server restarts are far and few between. It would take multiple during a single bruteforce attempt for this to become an issue.
Source:

(constant) flairSchema

DB Schema for documents representing chat flair
Source:

(constant) lifetime

Captcha lifetime in minutes
Source:

(constant) maxAttempts

How many attempts to lock user account out for the day
Source:

(constant) mediaSchema

DB Schema representing a single piece of media
Source:

(constant) passwordResetSchema

DB Schema for documents containing a single expiring password reset token
Source:

(constant) permissionSchema

DB Schema for the singular site-wide permission document
Source:

(constant) playlistMediaProperties

DB Schema for documents represnting a piece of media held in a playlist
Source:

(constant) playlistSchema

DB Schema for Documents representing playlists full of media
Source:

(constant) queuedProperties

DB Schema for documents representing a queued media object
Source:

(constant) rankEnum

Rank Enum, lists all known permission ranks from lowest to highest. This originally belonged to the permissionSchema, but this avoids circular dependencies.
Source:

(constant) spent

Create empty array to hold cache of spent payloads to protect against replay attacks
Source:

(constant) statSchema

DB Schema for single document for keeping track of server stats
Source:

(constant) throttleAttempts

How many failed attempts required to throttle with altcha
Source:

(constant) tokeCommandSchema

Mongoose Schema representing a toke command
Source:

(constant) transporter

nodemailer transport object, generated from options specific in our config file
Source:

(constant) typeEnum

"Enum" for emote type property
Source:

(constant) userBanSchema

DB Schema for Documents representing a single user's ban
Source:

(constant) userSchema

Mongoose Schema for a document representing a single canopy user
Source:

Methods

authenticateSession(user, pass, req)

Sole and Singular Session Authentication method. All logins should happen through here, all other site-wide authentication should happen by sessions authenticated by this model. This is important, as reducing authentication endpoints reduces attack surface.
Parameters:
Name Type Description
user String Username to login as
pass String Password to authenticat session with
req express.Request Express request object w/ session to authenticate
Source:
Returns:
Username of authticated user upon success

comparePassword(pass, hash) → {Boolean}

Sitewide password for authenticating/comparing passwords agianst hashes
Parameters:
Name Type Description
pass String Plaintext Password
hash String Salty Hash
Source:
Returns:
True if authentication success
Type
Boolean

escapeRegex(string) → {String}

I won't lie this line was whole-sale ganked from stack overflow like a fucking skid In my defense I only did it because js-runtime-devs are taking fucking eons to implement RegExp.escape() This should be replaced once that function becomes available in mainline versions of node.js: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/RegExp/escape
Parameters:
Name Type Description
string String Regex string to escape
Source:
Returns:
The Escaped String
Type
String

fetchMetadata(fullID, title) → {Array}

Pulls metadate for a given archive.org item
Parameters:
Name Type Description
fullID String Full path of the requested upload
title String Title to add to media object
Source:
Returns:
Generated list of media objects from given upload path
Type
Array

(async) fetchVideoMetadata(link, title, type) → {Array}

Generic single video YTDLP function meant to be used by service-sepecific fetchers which will then be used to fetch video metadata
Parameters:
Name Type Description
link String Link to video in question
title String Title to add to the given media objects
type String Link type to attach to the resulting media object
Source:
Returns:
Array of Media objects containing relevant metadata
Type
Array

fetchYoutubeMetadata(id, title) → {Media}

Pulls metadata for a single youtube video via YT-DLP
Parameters:
Name Type Description
id String Youtube Video ID
title String Title to add to the given media object
Source:
Returns:
Media object containing relevant metadata
Type
Media

fetchYoutubePlaylistMetadata(id, title) → {Array}

Pulls metadata for a playlist of youtube videos via YT-DLP
Parameters:
Name Type Description
id String Youtube Playlist ID
title String Title to add to the given media objects
Source:
Returns:
Array of Media objects containing relevant metadata
Type
Array

genCaptcha(difficulty, uniqueSecret) → {String}

Generates captcha challenges to send down to the browser
Parameters:
Name Type Description
difficulty Number Challange Difficulty (x100K internally)
uniqueSecret String Secret to salt the challange hash with
Source:
Returns:
Altcha Challenge hash
Type
String

getLoginAttempts(user) → {Number}

Returns how many failed login attempts within the past day or so since the last login has occured for a given user
Parameters:
Name Type Description
user String User to check map against
Source:
Returns:
of failed login attempts
Type
Number

getMediaType(url) → {Object}

Detects media type by URL I'd be lying if this didn't take at least some inspiration/regex patterns from extractQueryParam() in cytube/forest's browser-side 'util.js' Still this has some improvements like url pre-checks and the fact that it's handled serverside, recuing possibility of bad requests. Some of the regex expressions for certain services have also been improved, such as youtube, and the fore.st-unique archive.org
Parameters:
Name Type Description
url String URL to determine media type of
Source:
Returns:
containing URL type and clipped ID string
Type
Object

hashIP(ip) → {String}

Site-wide IP hashing/salting function Provides a basic level of privacy by only logging salted hashes of IP's
Parameters:
Name Type Description
ip String IP to hash
Source:
Returns:
Hashed/Salted IP Adress
Type
String

hashPassword(pass) → {String}

Sitewide function for hashing passwords
Parameters:
Name Type Description
pass String Password to hash
Source:
Returns:
Hashed/Salted password
Type
String

kickoff()

Kicks off first run of scheduled functions before scheduling functions for regular callback
Source:

killSession(session)

Logs user out and destroys all server-side traces of a given session
Parameters:
Name Type Description
session express-session.session
Source:

mailem(to, subject, body, htmlBody) → {Object}

Sends an email as tokebot to the requested user w/ the requested body and signature
Parameters:
Name Type Description
to String String containing the email address to send to
subject String Subject line of the email to send
body String Body contents, either HTML or Plaintext
htmlBody Boolean Whether or not Body contents should be sent as HTML or Plaintext
Source:
Returns:
Sent mail info
Type
Object
Validates links and returns a marked link object that can be returned to the client to format/embed accordingly
Parameters:
Name Type Description
link String URL to Validate
Source:
Returns:
Marked link object
Type
Object

processExpiredAttempts()

Nightly Function Call which iterates through the failed login attempts map, removing any which haven't been attempted in over a da yeahy
Source:
Refreshes raw links on relevant media objects Useful for sources like youtube, who only provide expiring raw links
Parameters:
Name Type Description
mediaObj ScheduledMedia Media Object to refresh
Source:
Returns:
Refreshed media object
Type
ScheduledMedia

schedule()

Schedules all timed jobs accross the server
Source:

securityCheck()

Basic security check which runs on startup. Warns server admin against unsafe config options.
Source:

sendAddressVerification(requestDB, userDB, newEmail)

Sends address verification email
Parameters:
Name Type Description
requestDB Mongoose.Document DB Document Object for the current email change request token
userDB Mongoose.Document DB Document Object for the user we're verifying email against
newEmail String New email address to send to
Source:

verify(payload, uniqueSecret) → {boolean}

Verifies completed altcha challenges handed over from the user
Parameters:
Name Type Description
payload String Completed Altcha Payload
uniqueSecret String Server-side Unique Secret to verify payload came from server-generated challenge
Source:
Returns:
True if payload is a valid and unique altcha challenge which originated from this server
Type
boolean

yankMedia(url, title) → {Array}

Checks a given URL and runs the proper metadata fetching function to create a media object from any supported URL
Parameters:
Name Type Description
url String URL to yank media against
title String Title to apply to yanked media
Source:
Returns:
Returns list of yanked media objects on success
Type
Array

(async) ytdlpFetch(link, format) → {Object}

Basic async YT-DLP Fetch wrapper, ensuring config
Parameters:
Name Type Default Description
link String Link to fetch using YT-DLP
format String b Format string to hand YT-DLP, defaults to 'b'
Source:
Returns:
Metadata dump from YT-DLP
Type
Object