murm
/
mrmBot-Matrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Some security fixes

This commit is contained in:
TheEssem 2020-11-20 15:16:52 -06:00
parent fe051afdb0
commit ca6cffa67c
7 changed files with 33 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/index.js
View File

@ -1,4 +1,4 @@
// code provided by terradice/tzlil
// code provided by tzlil
const os = require("os");
const { Worker, isMainThread, parentPort } = require("worker_threads");
@ -114,6 +114,7 @@ if (isMainThread) {
log(`${job.uuid} is done`, job.threadNum);
const server = net.createServer(function(socket) {
socket.write(Buffer.concat([Buffer.from(type ? type : "image/png"), Buffer.from("\n"), data]));
socket.end();
});
server.listen(job.port, job.addr);
// handle address in use errors

2
commands/ban.js
View File

@ -14,7 +14,7 @@ exports.run = async (message, args) => {
}
} else if (args[0].match(/^<?[@#]?[&!]?\d+>?$/) && args[0] >= 21154535154122752) {
try {
const id = args[0].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", "");
const id = args[0].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "");
await message.channel.guild.banMember(id, 0, `Banned by ID, command used by @${message.author.username}#${message.author.discriminator}`);
return `Successfully banned user with ID \`${id}\`.`;
} catch (e) {

4
commands/channel.js
View File

@ -8,7 +8,7 @@ exports.run = async (message, args) => {
const guildDB = await db.guilds.findOne({id: message.channel.guild.id});
if (args[0].toLowerCase() === "disable") {
if (args[1] && args[1].match(/^<?[@#]?[&!]?\d+>?$/) && args[1] >= 21154535154122752) {
const id = args[1].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", "");
const id = args[1].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "");
if (guildDB.disabledChannels.includes(id)) return `${message.author.mention}, I'm already disabled in this channel!`;
guildDB.disabledChannels.push(id);
} else {
@ -19,7 +19,7 @@ exports.run = async (message, args) => {
return `${message.author.mention}, I have been disabled in this channel. To re-enable me, just run \`${guildDB.prefix}channel enable\`.`;
} else if (args[0].toLowerCase() === "enable") {
if (args[1] && args[1].match(/^<?[@#]?[&!]?\d+>?$/) && args[1] >= 21154535154122752) {
const id = args[1].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", "");
const id = args[1].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "");
if (!guildDB.disabledChannels.includes(id)) return `${message.author.mention}, I'm not disabled in that channel!`;
guildDB.disabledChannels = guildDB.disabledChannels.filter(item => item !== id);
} else {

2
commands/snowflake.js
View File

@ -1,7 +1,7 @@
exports.run = async (message, args) => {
if (!args[0]) return `${message.author.mention}, you need to provide a snowflake ID!`;
if (!args[0].match(/^<?[@#]?[&!]?\d+>?$/) && args[0] < 21154535154122752) return `${message.author.mention}, that's not a valid snowflake!`;
return new Date((args[0].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", "") / 4194304) + 1420070400000).toUTCString();
return new Date((args[0].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "") / 4194304) + 1420070400000).toUTCString();
};
exports.aliases = ["timestamp", "snowstamp", "snow"];

6
commands/youtube.js
View File

@ -10,11 +10,11 @@ exports.run = async (message, args) => {
const result = await request.json();
for (const [i, value] of result.items.entries()) {
if (value.id.kind === "youtube#channel") {
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace("*", "\\*")}**\nhttps://youtube.com/channel/${value.id.channelId}`);
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace(/\*/g, "\\*")}**\nhttps://youtube.com/channel/${value.id.channelId}`);
} else if (value.id.kind === "youtube#playlist") {
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace("*", "\\*")}**\nCreated by **${decodeEntities(value.snippet.channelTitle).replace("*", "\\*")}**\nhttps://youtube.com/playlist?list=${value.id.playlistId}`);
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace(/\*/g, "\\*")}**\nCreated by **${decodeEntities(value.snippet.channelTitle).replace(/\*/g, "\\*")}**\nhttps://youtube.com/playlist?list=${value.id.playlistId}`);
} else {
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace("*", "\\*")}**\nUploaded by **${decodeEntities(value.snippet.channelTitle).replace("*", "\\*")}** on **${value.snippet.publishedAt.split("T")[0]}**\nhttps://youtube.com/watch?v=${value.id.videoId}`);
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace(/\*/g, "\\*")}**\nUploaded by **${decodeEntities(value.snippet.channelTitle).replace(/\*/g, "\\*")}** on **${value.snippet.publishedAt.split("T")[0]}**\nhttps://youtube.com/watch?v=${value.id.videoId}`);
}
}
return paginator(message, messages);

8
utils/image.js
View File

@ -41,9 +41,9 @@ exports.run = (object, fromAPI = false) => {
const array = [];
client.on("data", (rawData) => {
array.push(rawData);
if (rawData.length !== 32 * 1024) {
/*if (rawData.length < 32 * 1024) {
client.end();
}
}*/
});
client.once("end", () => {
const data = Buffer.concat(array);
@ -52,10 +52,12 @@ exports.run = (object, fromAPI = false) => {
buffer: data.slice(format.dataStart + 1),
type: format.buffer.toString().split("/")[1]
};
//console.log(payload);
socket.close();
resolve(payload);
});
client.on("error", (err) => {
throw err;
});
} else if (opcode === 0x2) {
reject(req);
}

22
utils/imagedetect.js
View File

@ -1,6 +1,21 @@
const fetch = require("node-fetch");
const url = require("url");
const execPromise = require("util").promisify(require("child_process").exec);
const tenorURLs = [
"tenor.com",
"www.tenor.com"
];
const giphyURLs = [
"giphy.com",
"www.giphy.com"
];
const imgurURLs = [
"imgur.com",
"www.imgur.com",
"i.imgur.com"
];
// gets the proper image paths
const getImage = async (image, image2, gifv = false) => {
try {
@ -9,7 +24,8 @@ const getImage = async (image, image2, gifv = false) => {
path: image
};
if (gifv) {
if (image2.includes("tenor.com")) {
const host = url.parse(image2).host;
if (tenorURLs.includes(host)) {
if (process.env.TENOR !== "") {
const data = await fetch(`https://api.tenor.com/v1/gifs?ids=${image2.split("-").pop()}&key=${process.env.TENOR}`);
const json = await data.json();
@ -18,9 +34,9 @@ const getImage = async (image, image2, gifv = false) => {
const delay = (await execPromise(`ffprobe -v 0 -of csv=p=0 -select_streams v:0 -show_entries stream=r_frame_rate ${image}`)).stdout.replace("\n", "");
payload.delay = (100 / delay.split("/")[0]) * delay.split("/")[1];
}
} else if (image2.includes("giphy.com")) {
} else if (giphyURLs.includes(host)) {
payload.path = `https://media0.giphy.com/media/${image2.split("-").pop()}/giphy.gif`;
} else if (image2.includes("imgur.com")) {
} else if (imgurURLs.includes(host)) {
payload.path = image.replace(".mp4", ".gif");
}
payload.type = "image/gif";