olcxjas-softworks/LarpixServer
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

vulnerabilities, vulnerabilities, vulnerabilities...
All checks were successful
Server Build / publish (push) Successful in 30s
Details
Voice Build / publish (push) Successful in 26s
Details

Browse source
This commit is contained in:
olcxja 2026-05-29 08:19:12 +02:00
commit 8dafeb06a9
4 changed files with 110 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

18
LarpixServer/Account/Requests.cs
View file

@ -31,7 +31,7 @@ public class Requests
return; return;
} }
string id = Utils.GetIdFromUsernameWD(idQuery.ToString()); string id = Utils.GetValidIdOrZero(idQuery.ToString());
string password = await Utils.GetPassword(id); string password = await Utils.GetPassword(id);
secret = await Utils.NonceDecryptBody(id, password, secret); secret = await Utils.NonceDecryptBody(id, password, secret);
string auth = await Utils.Auth(id, password, secret); string auth = await Utils.Auth(id, password, secret);
@ -292,7 +292,7 @@ public class Requests
return; return;
} }
string id = Utils.GetIdFromUsernameWD(idQuery.ToString()); string id = Utils.GetValidIdOrZero(idQuery.ToString());
string password = await Utils.GetPassword(id); string password = await Utils.GetPassword(id);
secret = await Utils.NonceDecryptBody(id, password, secret); secret = await Utils.NonceDecryptBody(id, password, secret);
string auth = await Utils.Auth(id, password, secret); string auth = await Utils.Auth(id, password, secret);
@ -353,7 +353,7 @@ public class Requests
{ {
return; return;
} }
id = Utils.GetIdFromUsernameWD(id.ToString()); id = Utils.GetValidIdOrZero(id.ToString());
await context.Response.WriteAsync(await Utils.NameFromId(id) + $":{DOMAIN}"); await context.Response.WriteAsync(await Utils.NameFromId(id) + $":{DOMAIN}");
return; return;
@ -367,7 +367,7 @@ public class Requests
return; return;
} }
string id = Utils.GetIdFromUsernameWD(idQuery.ToString()); string id = Utils.GetValidIdOrZero(idQuery.ToString());
string plainPass = await Utils.GetPassword(id); string plainPass = await Utils.GetPassword(id);
foreach (var kvp in nonceHolder) //clearowanie nieuzytych nonce foreach (var kvp in nonceHolder) //clearowanie nieuzytych nonce
{ {
@ -403,7 +403,7 @@ public class Requests
return; return;
} }
string id = Utils.GetIdFromUsernameWD(idQuery.ToString()); string id = Utils.GetValidIdOrZero(idQuery.ToString());
string body = await LoadBody(bodyReader); string body = await LoadBody(bodyReader);
string password = await Utils.GetPassword(id); string password = await Utils.GetPassword(id);
string newPass = await Utils.NonceDecryptBody(id, password, body, false); string newPass = await Utils.NonceDecryptBody(id, password, body, false);
@ -451,7 +451,7 @@ public class Requests
return; return;
} }
string id = Utils.GetIdFromUsernameWD(idQuery.ToString()); string id = Utils.GetValidIdOrZero(idQuery.ToString());
string body = await LoadBody(bodyReader); string body = await LoadBody(bodyReader);
string password = await Utils.GetPassword(id); string password = await Utils.GetPassword(id);
@ -503,7 +503,7 @@ public class Requests
{ {
return; return;
} }
string id = Utils.GetIdFromUsernameWD(idQuery.ToString()); string id = Utils.GetValidIdOrZero(idQuery.ToString());
string keysRaw = await Utils.GetUserKeys(id); string keysRaw = await Utils.GetUserKeys(id);
if (string.IsNullOrEmpty(keysRaw)) if (string.IsNullOrEmpty(keysRaw))
{ {
@ -533,7 +533,7 @@ public class Requests
{ {
return; return;
} }
string id = Utils.GetIdFromUsernameWD(idQuery.ToString()); string id = Utils.GetValidIdOrZero(idQuery.ToString());
byte[] entryByte = await Utils.GetUserPublicStorageEntry(id, entry); byte[] entryByte = await Utils.GetUserPublicStorageEntry(id, entry);
@ -557,7 +557,7 @@ public class Requests
return; return;
} }
string id = Utils.GetIdFromUsernameWD(idQuery.ToString()); string id = Utils.GetValidIdOrZero(idQuery.ToString());
string body = await LoadBody(bodyReader); string body = await LoadBody(bodyReader);
string password = await Utils.GetPassword(id); string password = await Utils.GetPassword(id);
body = await Utils.NonceDecryptBody(id, password, body, false); body = await Utils.NonceDecryptBody(id, password, body, false);

44
LarpixServer/Account/Utils.cs
View file

@ -22,26 +22,38 @@ public class Utils
{ {
while (userLocks.Count >= LOCK_SIZE) while (userLocks.Count >= LOCK_SIZE)
{ {
if (!keyQueue.TryPeek(out var firstKey)) break; if (!keyQueue.TryDequeue(out var firstKey)) break;
var sem = userLocks[firstKey]; if (userLocks.TryGetValue(firstKey, out var sem))
if (sem.Wait(0))
{ {
try if (sem.Wait(0))
{ {
if (userLocks.TryRemove(firstKey, out _)) try
keyQueue.TryDequeue(out _); {
userLocks.TryRemove(firstKey, out _);
}
finally { sem.Release(); }
}
else
{
keyQueue.Enqueue(firstKey);
break;
} }
finally { sem.Release(); }
}
else
{
break;
} }
} }
var semLock = userLocks.GetOrAdd(id, _ => new SemaphoreSlim(1, 1)); if (!userLocks.TryGetValue(id, out var semLock))
keyQueue.Enqueue(id); {
semLock = new SemaphoreSlim(1, 1);
if (userLocks.TryAdd(id, semLock))
{
keyQueue.Enqueue(id);
}
else
{
semLock = userLocks[id];
}
}
return semLock; return semLock;
} }
@ -51,6 +63,12 @@ public class Utils
return colonIndex == -1 ? usernameWD : usernameWD.Substring(0, colonIndex); return colonIndex == -1 ? usernameWD : usernameWD.Substring(0, colonIndex);
} }
public static string GetValidIdOrZero(string input)
{
string idPart = GetIdFromUsernameWD(input);
return ulong.TryParse(idPart, out _) ? idPart : "0";
}
public static string GetDmId(string id1, string domain1, string id2, string domain2) public static string GetDmId(string id1, string domain1, string id2, string domain2)
{ {
string u1 = $"{id1};{domain1}"; string u1 = $"{id1};{domain1}";

95
LarpixServer/Federation/Receiver.cs
View file

@ -28,7 +28,20 @@ public class Receiver
await context.Response.WriteAsync( await Account.Utils.IdFromName(serializedBody.string2) ); await context.Response.WriteAsync( await Account.Utils.IdFromName(serializedBody.string2) );
return; return;
case "dm/invite/send": case "dm/invite/send":
{
string[] ids = serializedBody.string2.Split(','); //0=receiver, 1=sender string[] ids = serializedBody.string2.Split(','); //0=receiver, 1=sender
if (ids.Length != 2 || string.IsNullOrEmpty(ids[0]) || !ulong.TryParse(ids[0], out _) || !Fs.Exists($"{ACCOUNTS_DATA_DIR}/{ids[0]}"))
{
await context.Response.WriteAsync("error:user.not.found");
return;
}
string dmIdCheck = Account.Utils.GetDmId(ids[0], DOMAIN, ids[1], domain);
if (Fs.Exists($"{ROOMS_DIR}/dms/{DOMAIN}/{dmIdCheck}"))
{
await context.Response.WriteAsync("error:dm.already.exists");
return;
}
if (!await Sender.HasSentDmInvite(ids[1], domain, ids[0])) if (!await Sender.HasSentDmInvite(ids[1], domain, ids[0]))
{ {
@ -50,17 +63,22 @@ public class Receiver
} }
finally finally
{ {
userLock.Release(); userLock.Release();
} }
await context.Response.WriteAsync("success:user.invited"); await context.Response.WriteAsync("success:user.invited");
return; return;
}
case "dm/invite/revoke": case "dm/invite/revoke":
ids = serializedBody.string2.Split(','); //0=receiver, 1=sender {
string[] ids = serializedBody.string2.Split(','); //0=receiver, 1=sender
if (ids.Length != 2 || string.IsNullOrEmpty(ids[0]) || !ulong.TryParse(ids[0], out _) || !Fs.Exists($"{ACCOUNTS_DATA_DIR}/{ids[0]}"))
{
await context.Response.WriteAsync("error:user.not.found");
return;
}
userLock = Account.Utils.GetUserLock(ids[0]); SemaphoreSlim userLock = Account.Utils.GetUserLock(ids[0]);
await userLock.WaitAsync(); await userLock.WaitAsync();
try try
{ {
@ -77,19 +95,42 @@ public class Receiver
await context.Response.WriteAsync("success:invite.revoked"); await context.Response.WriteAsync("success:invite.revoked");
return; return;
}
case "dm/invite/decline": case "dm/invite/decline":
ids = serializedBody.string2.Split(','); //0=sender, 1=receiver {
string[] ids = serializedBody.string2.Split(','); //0=sender, 1=receiver
string inviteSentFileDecline = ACCOUNTS_DATA_DIR + $"/{ids[0]}/dminvites/sent/{ids[1]};{domain}"; if (ids.Length != 2 || string.IsNullOrEmpty(ids[0]) || !ulong.TryParse(ids[0], out _) || !Fs.Exists($"{ACCOUNTS_DATA_DIR}/{ids[0]}"))
if (Fs.Exists(inviteSentFileDecline))
{ {
Fs.DeleteFile(inviteSentFileDecline); await context.Response.WriteAsync("error:user.not.found");
return;
}
SemaphoreSlim userLock = Account.Utils.GetUserLock(ids[0]);
await userLock.WaitAsync();
try
{
string inviteSentFileDecline = ACCOUNTS_DATA_DIR + $"/{ids[0]}/dminvites/sent/{ids[1]};{domain}";
if (Fs.Exists(inviteSentFileDecline))
{
Fs.DeleteFile(inviteSentFileDecline);
}
}
finally
{
userLock.Release();
} }
await context.Response.WriteAsync("success:invite.declined"); await context.Response.WriteAsync("success:invite.declined");
return; return;
}
case "dm/invite/hassent": case "dm/invite/hassent":
ids = serializedBody.string2.Split(','); //0=sender, 1=receiver {
string[] ids = serializedBody.string2.Split(','); //0=sender, 1=receiver
if (ids.Length != 2 || string.IsNullOrEmpty(ids[0]) || !ulong.TryParse(ids[0], out _) || !Fs.Exists($"{ACCOUNTS_DATA_DIR}/{ids[0]}"))
{
await context.Response.WriteAsync("false");
return;
}
string inviteSentFile = ACCOUNTS_DATA_DIR + $"/{ids[0]}/dminvites/sent/{ids[1]};{domain}"; string inviteSentFile = ACCOUNTS_DATA_DIR + $"/{ids[0]}/dminvites/sent/{ids[1]};{domain}";
if (!Fs.Exists(inviteSentFile)) if (!Fs.Exists(inviteSentFile))
@ -100,43 +141,45 @@ public class Receiver
await context.Response.WriteAsync( "true" ); await context.Response.WriteAsync( "true" );
return; return;
}
case "dm/add": case "dm/add":
ids = serializedBody.string2.Split(','); //0=creator (inv receiver), 1=inviter {
string[] ids = serializedBody.string2.Split(','); //0=creator (inv receiver), 1=inviter
if (ids.Length != 2 || string.IsNullOrEmpty(ids[0]) || !ulong.TryParse(ids[0], out _) || !Fs.Exists($"{ACCOUNTS_DATA_DIR}/{ids[0]}"))
//did i really sent an invite to this user???? idkkk maybeeeee yeahhh i did this
inviteSentFile = ACCOUNTS_DATA_DIR + $"/{ids[0]}/dminvites/sent/{ids[1]};{domain}";
if (!Fs.Exists(inviteSentFile))
{ {
await context.Response.WriteAsync( "error:no.invite.found" ); await context.Response.WriteAsync("error:user.not.found");
return; return;
} }
Fs.DeleteFile(inviteSentFile);
//now full invite is deleted :333333333333333333333333333
//we need to add to dm :33333333333333333333
SemaphoreSlim userLock = Account.Utils.GetUserLock(ids[0]);
userLock = Account.Utils.GetUserLock(ids[0]);
await userLock.WaitAsync(); await userLock.WaitAsync();
try try
{ {
//did i really sent an invite to this user???? idkkk maybeeeee yeahhh i did this
string inviteSentFile = ACCOUNTS_DATA_DIR + $"/{ids[0]}/dminvites/sent/{ids[1]};{domain}";
if (!Fs.Exists(inviteSentFile))
{
await context.Response.WriteAsync( "error:no.invite.found" );
return;
}
Fs.DeleteFile(inviteSentFile);
//now full invite is deleted :333333333333333333333333333
//we need to add to dm :33333333333333333333
//best dmId creation ever //best dmId creation ever
string dmId = Account.Utils.GetDmId(ids[0], DOMAIN, ids[1], domain); string dmId = Account.Utils.GetDmId(ids[0], DOMAIN, ids[1], domain);
await Account.Utils.UpdateUserDm(ids[0], dmId, "false", await Account.Utils.UpdateUserDm(ids[0], dmId, "false",
DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString()); DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString());
await context.Response.WriteAsync("success:dm.accepted"); await context.Response.WriteAsync("success:dm.accepted");
return; return;
} }
finally finally
{ {
userLock.Release(); userLock.Release();
} }
return; }
} }
return; return;

8
LarpixServer/Room/Requests.cs
View file

@ -66,7 +66,7 @@ public class Requests
public static async Task<string> DmInvite(string id, string targetId) public static async Task<string> DmInvite(string id, string targetId)
{ {
bool isLocal = Account.Utils.IsUserLocal(targetId, out string domain); bool isLocal = Account.Utils.IsUserLocal(targetId, out string domain);
string tId = Account.Utils.GetIdFromUsernameWD(targetId); string tId = Account.Utils.GetValidIdOrZero(targetId);
string checkDmId = Account.Utils.GetDmId(id, DOMAIN, tId, domain); string checkDmId = Account.Utils.GetDmId(id, DOMAIN, tId, domain);
if (Fs.Exists($"{ROOMS_DIR}/dms/{DOMAIN}/{checkDmId}")) if (Fs.Exists($"{ROOMS_DIR}/dms/{DOMAIN}/{checkDmId}"))
@ -116,7 +116,7 @@ public class Requests
public static async Task<string> DmInviteRevoke(string id, string targetId) public static async Task<string> DmInviteRevoke(string id, string targetId)
{ {
bool isLocal = Account.Utils.IsUserLocal(targetId, out string domain); bool isLocal = Account.Utils.IsUserLocal(targetId, out string domain);
string tId = Account.Utils.GetIdFromUsernameWD(targetId); string tId = Account.Utils.GetValidIdOrZero(targetId);
if (!isLocal) //federation if (!isLocal) //federation
{ {
@ -145,7 +145,7 @@ public class Requests
public static async Task<string> DmInviteDecline(string id, string targetId) public static async Task<string> DmInviteDecline(string id, string targetId)
{ {
bool isLocal = Account.Utils.IsUserLocal(targetId, out string domain); bool isLocal = Account.Utils.IsUserLocal(targetId, out string domain);
string tId = Account.Utils.GetIdFromUsernameWD(targetId); string tId = Account.Utils.GetValidIdOrZero(targetId);
if (!isLocal) //federation if (!isLocal) //federation
{ {
@ -183,7 +183,7 @@ public class Requests
string targetId = serializedBody.string1; string targetId = serializedBody.string1;
bool isUserLocal = Account.Utils.IsUserLocal(targetId, out string domain); bool isUserLocal = Account.Utils.IsUserLocal(targetId, out string domain);
string id2 = Account.Utils.GetIdFromUsernameWD(targetId); string id2 = Account.Utils.GetValidIdOrZero(targetId);
if (id2 == "0" || string.IsNullOrEmpty(id2)) if (id2 == "0" || string.IsNullOrEmpty(id2))
{ {