Some security fixes
This commit is contained in:
parent
fe051afdb0
commit
ca6cffa67c
7 changed files with 33 additions and 14 deletions
|
@ -1,4 +1,4 @@
|
|||
// code provided by terradice/tzlil
|
||||
// code provided by tzlil
|
||||
|
||||
const os = require("os");
|
||||
const { Worker, isMainThread, parentPort } = require("worker_threads");
|
||||
|
@ -114,6 +114,7 @@ if (isMainThread) {
|
|||
log(`${job.uuid} is done`, job.threadNum);
|
||||
const server = net.createServer(function(socket) {
|
||||
socket.write(Buffer.concat([Buffer.from(type ? type : "image/png"), Buffer.from("\n"), data]));
|
||||
socket.end();
|
||||
});
|
||||
server.listen(job.port, job.addr);
|
||||
// handle address in use errors
|
||||
|
|
|
@ -14,7 +14,7 @@ exports.run = async (message, args) => {
|
|||
}
|
||||
} else if (args[0].match(/^<?[@#]?[&!]?\d+>?$/) && args[0] >= 21154535154122752) {
|
||||
try {
|
||||
const id = args[0].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", "");
|
||||
const id = args[0].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "");
|
||||
await message.channel.guild.banMember(id, 0, `Banned by ID, command used by @${message.author.username}#${message.author.discriminator}`);
|
||||
return `Successfully banned user with ID \`${id}\`.`;
|
||||
} catch (e) {
|
||||
|
|
|
@ -8,7 +8,7 @@ exports.run = async (message, args) => {
|
|||
const guildDB = await db.guilds.findOne({id: message.channel.guild.id});
|
||||
if (args[0].toLowerCase() === "disable") {
|
||||
if (args[1] && args[1].match(/^<?[@#]?[&!]?\d+>?$/) && args[1] >= 21154535154122752) {
|
||||
const id = args[1].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", "");
|
||||
const id = args[1].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "");
|
||||
if (guildDB.disabledChannels.includes(id)) return `${message.author.mention}, I'm already disabled in this channel!`;
|
||||
guildDB.disabledChannels.push(id);
|
||||
} else {
|
||||
|
@ -19,7 +19,7 @@ exports.run = async (message, args) => {
|
|||
return `${message.author.mention}, I have been disabled in this channel. To re-enable me, just run \`${guildDB.prefix}channel enable\`.`;
|
||||
} else if (args[0].toLowerCase() === "enable") {
|
||||
if (args[1] && args[1].match(/^<?[@#]?[&!]?\d+>?$/) && args[1] >= 21154535154122752) {
|
||||
const id = args[1].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", "");
|
||||
const id = args[1].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "");
|
||||
if (!guildDB.disabledChannels.includes(id)) return `${message.author.mention}, I'm not disabled in that channel!`;
|
||||
guildDB.disabledChannels = guildDB.disabledChannels.filter(item => item !== id);
|
||||
} else {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
exports.run = async (message, args) => {
|
||||
if (!args[0]) return `${message.author.mention}, you need to provide a snowflake ID!`;
|
||||
if (!args[0].match(/^<?[@#]?[&!]?\d+>?$/) && args[0] < 21154535154122752) return `${message.author.mention}, that's not a valid snowflake!`;
|
||||
return new Date((args[0].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", "") / 4194304) + 1420070400000).toUTCString();
|
||||
return new Date((args[0].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "") / 4194304) + 1420070400000).toUTCString();
|
||||
};
|
||||
|
||||
exports.aliases = ["timestamp", "snowstamp", "snow"];
|
||||
|
|
|
@ -10,11 +10,11 @@ exports.run = async (message, args) => {
|
|||
const result = await request.json();
|
||||
for (const [i, value] of result.items.entries()) {
|
||||
if (value.id.kind === "youtube#channel") {
|
||||
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace("*", "\\*")}**\nhttps://youtube.com/channel/${value.id.channelId}`);
|
||||
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace(/\*/g, "\\*")}**\nhttps://youtube.com/channel/${value.id.channelId}`);
|
||||
} else if (value.id.kind === "youtube#playlist") {
|
||||
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace("*", "\\*")}**\nCreated by **${decodeEntities(value.snippet.channelTitle).replace("*", "\\*")}**\nhttps://youtube.com/playlist?list=${value.id.playlistId}`);
|
||||
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace(/\*/g, "\\*")}**\nCreated by **${decodeEntities(value.snippet.channelTitle).replace(/\*/g, "\\*")}**\nhttps://youtube.com/playlist?list=${value.id.playlistId}`);
|
||||
} else {
|
||||
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace("*", "\\*")}**\nUploaded by **${decodeEntities(value.snippet.channelTitle).replace("*", "\\*")}** on **${value.snippet.publishedAt.split("T")[0]}**\nhttps://youtube.com/watch?v=${value.id.videoId}`);
|
||||
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace(/\*/g, "\\*")}**\nUploaded by **${decodeEntities(value.snippet.channelTitle).replace(/\*/g, "\\*")}** on **${value.snippet.publishedAt.split("T")[0]}**\nhttps://youtube.com/watch?v=${value.id.videoId}`);
|
||||
}
|
||||
}
|
||||
return paginator(message, messages);
|
||||
|
|
|
@ -41,9 +41,9 @@ exports.run = (object, fromAPI = false) => {
|
|||
const array = [];
|
||||
client.on("data", (rawData) => {
|
||||
array.push(rawData);
|
||||
if (rawData.length !== 32 * 1024) {
|
||||
/*if (rawData.length < 32 * 1024) {
|
||||
client.end();
|
||||
}
|
||||
}*/
|
||||
});
|
||||
client.once("end", () => {
|
||||
const data = Buffer.concat(array);
|
||||
|
@ -52,10 +52,12 @@ exports.run = (object, fromAPI = false) => {
|
|||
buffer: data.slice(format.dataStart + 1),
|
||||
type: format.buffer.toString().split("/")[1]
|
||||
};
|
||||
//console.log(payload);
|
||||
socket.close();
|
||||
resolve(payload);
|
||||
});
|
||||
client.on("error", (err) => {
|
||||
throw err;
|
||||
});
|
||||
} else if (opcode === 0x2) {
|
||||
reject(req);
|
||||
}
|
||||
|
|
|
@ -1,6 +1,21 @@
|
|||
const fetch = require("node-fetch");
|
||||
const url = require("url");
|
||||
const execPromise = require("util").promisify(require("child_process").exec);
|
||||
|
||||
const tenorURLs = [
|
||||
"tenor.com",
|
||||
"www.tenor.com"
|
||||
];
|
||||
const giphyURLs = [
|
||||
"giphy.com",
|
||||
"www.giphy.com"
|
||||
];
|
||||
const imgurURLs = [
|
||||
"imgur.com",
|
||||
"www.imgur.com",
|
||||
"i.imgur.com"
|
||||
];
|
||||
|
||||
// gets the proper image paths
|
||||
const getImage = async (image, image2, gifv = false) => {
|
||||
try {
|
||||
|
@ -9,7 +24,8 @@ const getImage = async (image, image2, gifv = false) => {
|
|||
path: image
|
||||
};
|
||||
if (gifv) {
|
||||
if (image2.includes("tenor.com")) {
|
||||
const host = url.parse(image2).host;
|
||||
if (tenorURLs.includes(host)) {
|
||||
if (process.env.TENOR !== "") {
|
||||
const data = await fetch(`https://api.tenor.com/v1/gifs?ids=${image2.split("-").pop()}&key=${process.env.TENOR}`);
|
||||
const json = await data.json();
|
||||
|
@ -18,9 +34,9 @@ const getImage = async (image, image2, gifv = false) => {
|
|||
const delay = (await execPromise(`ffprobe -v 0 -of csv=p=0 -select_streams v:0 -show_entries stream=r_frame_rate ${image}`)).stdout.replace("\n", "");
|
||||
payload.delay = (100 / delay.split("/")[0]) * delay.split("/")[1];
|
||||
}
|
||||
} else if (image2.includes("giphy.com")) {
|
||||
} else if (giphyURLs.includes(host)) {
|
||||
payload.path = `https://media0.giphy.com/media/${image2.split("-").pop()}/giphy.gif`;
|
||||
} else if (image2.includes("imgur.com")) {
|
||||
} else if (imgurURLs.includes(host)) {
|
||||
payload.path = image.replace(".mp4", ".gif");
|
||||
}
|
||||
payload.type = "image/gif";
|
||||
|
|
Loading…
Reference in a new issue