Global

Members

cache

Basic RAM-Based cache of links, so we don't have to re-pull things after we get them
Source:

(constant) channelBanSchema

DB Schema for Documents representing a user ban from a single channel
Source:

(constant) channelPermissionSchema

DB Schema for Sub-Document representing permission structure for a single channel
Source:

(constant) channelSchema

DB Schema for Documents containing de-hydrated representations of Canopy Stream/Chat Channels
Source:

(constant) chatSchema

DB Schema for documents representing a single chat message
Source:

(constant) daysToExpire

Email change token retention time
Source:

(constant) daysToExpire

Password reset token retention time
Source:

(constant) emailChangeSchema

DB Schema for Document representing a single email change request
Source:

(constant) emoteSchema

DB Schema for documents represnting site-wide emotes
Source:

(constant) failedAttempts

Create failed sign-in cache since it's easier and more preformant to implement it this way than adding extra burdon to the database Server restarts are far and few between. It would take multiple during a single bruteforce attempt for this to become an issue.
Source:

(constant) flairSchema

DB Schema for documents representing chat flair
Source:

(constant) lifetime

Captcha lifetime in minutes
Source:

(constant) maxAttempts

How many attempts to lock user account out for the day
Source:

(constant) mediaSchema

DB Schema representing a single piece of media
Source:

(constant) passwordResetSchema

DB Schema for documents containing a single expiring password reset token
Source:

(constant) permissionSchema

DB Schema for the singular site-wide permission document
Source:

(constant) playlistMediaProperties

DB Schema for documents represnting a piece of media held in a playlist
Source:

(constant) playlistSchema

DB Schema for Documents representing playlists full of media
Source:

(constant) queuedProperties

DB Schema for documents representing a queued media object
Source:

(constant) rankEnum

Rank Enum, lists all known permission ranks from lowest to highest. This originally belonged to the permissionSchema, but this avoids circular dependencies.
Source:

(constant) spent

Create empty array to hold cache of spent payloads to protect against replay attacks
Source:

(constant) statSchema

DB Schema for single document for keeping track of server stats
Source:

(constant) throttleAttempts

How many failed attempts required to throttle with altcha
Source:

(constant) tokeCommandSchema

Mongoose Schema representing a toke command
Source:

(constant) transporter

nodemailer transport object, generated from options specific in our config file
Source:

(constant) typeEnum

"Enum" for emote type property
Source:

(constant) userBanSchema

DB Schema for Documents representing a single user's ban
Source:

(constant) userSchema

Mongoose Schema for a document representing a single canopy user
Source:

Methods

authenticateSession(user, pass, req)

Sole and Singular Session Authentication method. All logins should happen through here, all other site-wide authentication should happen by sessions authenticated by this model. This is important, as reducing authentication endpoints reduces attack surface.
Parameters:
Name Type Description
user String Username to login as
pass String Password to authenticat session with
req express.Request Express request object w/ session to authenticate
Source:
Returns:
Username of authticated user upon success

comparePassword(pass, hash) → {Boolean}

Sitewide password for authenticating/comparing passwords agianst hashes
Parameters:
Name Type Description
pass String Plaintext Password
hash String Salty Hash
Source:
Returns:
True if authentication success
Type
Boolean

consoleWarn(string)

Prints warning text to server console
Parameters:
Name Type Description
string String String to print to console
Source:

dumpError(err, date)

Dumps unexpected server crashes to dedicated log files
Parameters:
Name Type Description
err Error error to dump to file
date Date Date of error, defaults to now
Source:

errorHandler(res, msg, type, status) → {Express.Response}

Main error handling function
Parameters:
Name Type Description
res Express.Response Response being sent out to the client who caused the issue
msg String Error message to send the client
type String Error type to send back to the client
status Number HTTP(s) Status Code to send back to the client
Source:
Returns:
If we have a usable Express Response object, return it back after it's been cashed
Type
Express.Response

errorMiddleware(err, req, res, next)

Basic error-handling middleware to ensure we're not dumping stack traces to the client, as that would be insecure
Parameters:
Name Type Description
err Error Error to handle
req Express.Request Express Request
res Express.Response Express Response
next function Next function in the Express middleware chain (Not that it's getting called XP)
Source:

escapeRegex(string) → {String}

I won't lie this line was whole-sale ganked from stack overflow like a fucking skid In my defense I only did it because js-runtime-devs are taking fucking eons to implement RegExp.escape() This should be replaced once that function becomes available in mainline versions of node.js: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/RegExp/escape
Parameters:
Name Type Description
string String Regex string to escape
Source:
Returns:
The Escaped String
Type
String

exceptionHandler(res, err)

Handles exceptions which where directly the fault of user action >:(
Parameters:
Name Type Description
res Express.Response Express Response object to bitch at
err Error Error created by the jerk in question
Source:

exceptionSmith(msg, type) → {Error}

Creates and returns a custom exception, tagged as a 'custom' exception, using the 'custom' boolean property. This is used to denote that this error was generated on purpose, with a human readable message, that can be securely sent to the client. Unexpected exceptions should only be logged internally, however, as they may contain sensitive data.
Parameters:
Name Type Description
msg String Error message to send the client
type String Error type to send back to the client
Source:
Returns:
The exception to smith
Type
Error

fetchMetadata(fullID, title) → {Array}

Pulls metadate for a given archive.org item
Parameters:
Name Type Description
fullID String Full path of the requested upload
title String Title to add to media object
Source:
Returns:
Generated list of media objects from given upload path
Type
Array

(async) fetchVideoMetadata(link, title, type) → {Array}

Generic single video YTDLP function meant to be used by service-sepecific fetchers which will then be used to fetch video metadata
Parameters:
Name Type Description
link String Link to video in question
title String Title to add to the given media objects
type String Link type to attach to the resulting media object
Source:
Returns:
Array of Media objects containing relevant metadata
Type
Array

fetchYoutubeMetadata(id, title) → {Media}

Pulls metadata for a single youtube video via YT-DLP
Parameters:
Name Type Description
id String Youtube Video ID
title String Title to add to the given media object
Source:
Returns:
Media object containing relevant metadata
Type
Media

fetchYoutubePlaylistMetadata(id, title) → {Array}

Pulls metadata for a playlist of youtube videos via YT-DLP
Parameters:
Name Type Description
id String Youtube Playlist ID
title String Title to add to the given media objects
Source:
Returns:
Array of Media objects containing relevant metadata
Type
Array

genCaptcha(difficulty, uniqueSecret) → {String}

Generates captcha challenges to send down to the browser
Parameters:
Name Type Description
difficulty Number Challange Difficulty (x100K internally)
uniqueSecret String Secret to salt the challange hash with
Source:
Returns:
Altcha Challenge hash
Type
String

getLoginAttempts(user) → {Number}

Returns how many failed login attempts within the past day or so since the last login has occured for a given user
Parameters:
Name Type Description
user String User to check map against
Source:
Returns:
of failed login attempts
Type
Number

getMediaType(url) → {Object}

Detects media type by URL I'd be lying if this didn't take at least some inspiration/regex patterns from extractQueryParam() in cytube/forest's browser-side 'util.js' Still this has some improvements like url pre-checks and the fact that it's handled serverside, recuing possibility of bad requests. Some of the regex expressions for certain services have also been improved, such as youtube, and the fore.st-unique archive.org
Parameters:
Name Type Description
url String URL to determine media type of
Source:
Returns:
containing URL type and clipped ID string
Type
Object

hashIP(ip) → {String}

Site-wide IP hashing/salting function Provides a basic level of privacy by only logging salted hashes of IP's
Parameters:
Name Type Description
ip String IP to hash
Source:
Returns:
Hashed/Salted IP Adress
Type
String

hashPassword(pass) → {String}

Sitewide function for hashing passwords
Parameters:
Name Type Description
pass String Password to hash
Source:
Returns:
Hashed/Salted password
Type
String

kickoff()

Kicks off first run of scheduled functions before scheduling functions for regular callback
Source:

killSession(session)

Logs user out and destroys all server-side traces of a given session
Parameters:
Name Type Description
session express-session.session
Source:

localExceptionHandler(err)

Handles local exceptions which where not directly created by user interaction
Parameters:
Name Type Description
err Error Exception to handle
Source:

mailem(to, subject, body, htmlBody) → {Object}

Sends an email as tokebot to the requested user w/ the requested body and signature
Parameters:
Name Type Description
to String String containing the email address to send to
subject String Subject line of the email to send
body String Body contents, either HTML or Plaintext
htmlBody Boolean Whether or not Body contents should be sent as HTML or Plaintext
Source:
Returns:
Sent mail info
Type
Object
Validates links and returns a marked link object that can be returned to the client to format/embed accordingly
Parameters:
Name Type Description
link String URL to Validate
Source:
Returns:
Marked link object
Type
Object

processExpiredAttempts()

Nightly Function Call which iterates through the failed login attempts map, removing any which haven't been attempted in over a da yeahy
Source:
Refreshes raw links on relevant media objects Useful for sources like youtube, who only provide expiring raw links
Parameters:
Name Type Description
mediaObj ScheduledMedia Media Object to refresh
Source:
Returns:
Refreshed media object
Type
ScheduledMedia

schedule()

Schedules all timed jobs accross the server
Source:

securityCheck()

Basic security check which runs on startup. Warns server admin against unsafe config options.
Source:

sendAddressVerification(requestDB, userDB, newEmail)

Sends address verification email
Parameters:
Name Type Description
requestDB Mongoose.Document DB Document Object for the current email change request token
userDB Mongoose.Document DB Document Object for the user we're verifying email against
newEmail String New email address to send to
Source:

socketCriticalExceptionHandler(socket, err) → {Boolean}

Generates error messages and drops connection for critical errors caused by socket.io interaction
Parameters:
Name Type Description
socket Socket Socket error originated from
err Error Error created by the jerk in question
Source:
Returns:
- Passthrough from socket.disconnect
Type
Boolean

socketErrorHandler(socket, msg, type) → {Boolean}

Basic error-handling for socket.io so we don't just silently swallow errors.
Parameters:
Name Type Description
socket Socket Socket error originated from
msg String Error message to send the client
type String Error type to send back to the client
Source:
Returns:
- Passthrough from socket.emit
Type
Boolean

socketExceptionHandler(socket, err) → {Boolean}

Generates error messages for simple errors generated by socket.io interaction
Parameters:
Name Type Description
socket Socket Socket error originated from
err Error Error created by the jerk in question
Source:
Returns:
- Passthrough from socket.emit
Type
Boolean

verify(payload, uniqueSecret) → {boolean}

Verifies completed altcha challenges handed over from the user
Parameters:
Name Type Description
payload String Completed Altcha Payload
uniqueSecret String Server-side Unique Secret to verify payload came from server-generated challenge
Source:
Returns:
True if payload is a valid and unique altcha challenge which originated from this server
Type
boolean

yankMedia(url, title) → {Array}

Checks a given URL and runs the proper metadata fetching function to create a media object from any supported URL
Parameters:
Name Type Description
url String URL to yank media against
title String Title to apply to yanked media
Source:
Returns:
Returns list of yanked media objects on success
Type
Array

(async) ytdlpFetch(link, format) → {Object}

Basic async YT-DLP Fetch wrapper, ensuring config
Parameters:
Name Type Default Description
link String Link to fetch using YT-DLP
format String b Format string to hand YT-DLP, defaults to 'b'
Source:
Returns:
Metadata dump from YT-DLP
Type
Object