diff --git a/client/components/NetworkForm.vue b/client/components/NetworkForm.vue
index 1edaef2a..cbc47dd3 100644
--- a/client/components/NetworkForm.vue
+++ b/client/components/NetworkForm.vue
@@ -187,10 +187,10 @@
>
diff --git a/package.json b/package.json
index 3deab891..f34378d6 100644
--- a/package.json
+++ b/package.json
@@ -64,7 +64,7 @@
"file-type": "16.5.4",
"filenamify": "4.3.0",
"got": "11.8.5",
- "irc-framework": "4.13.1",
+ "irc-framework": "https://github.com/revspace/nodejs-irc-framework",
"is-utf8": "0.2.1",
"ldapjs": "2.3.1",
"linkify-it": "3.0.3",
diff --git a/server/client.ts b/server/client.ts
index f2f12594..876eada1 100644
--- a/server/client.ts
+++ b/server/client.ts
@@ -313,6 +313,7 @@ class Client {
host: String(args.host || ""),
port: parseInt(String(args.port), 10),
tls: !!args.tls,
+ caCert: args.caCert,
userDisconnected: !!args.userDisconnected,
rejectUnauthorized: !!args.rejectUnauthorized,
password: String(args.password || ""),
diff --git a/server/config.ts b/server/config.ts
index 32bb5f79..538b295f 100644
--- a/server/config.ts
+++ b/server/config.ts
@@ -80,11 +80,22 @@ type StoragePolicy = {
deletionPolicy: "statusOnly" | "everything";
};
-type NetworkTemplate = {
+type TemplateNetwork = {
+ name: string,
host: string,
port: number,
tls: boolean,
- rejectUnauthorized: boolean // if TLS certificates are validated
+ rejectUnauthorized: boolean,
+ caCert?: Buffer
+};
+
+type NetworkInConfig = {
+ name: string,
+ host: string,
+ port: number,
+ tls: boolean,
+ rejectUnauthorized?: boolean,
+ caCert?: string
};
export type ConfigType = {
@@ -107,7 +118,7 @@ export type ConfigType = {
leaveMessage: string;
defaults: Defaults;
lockNetwork: boolean;
- networks: {[name: string]: NetworkTemplate};
+ networks: {[name: string]: NetworkInConfig};
messageStorage: string[];
storagePolicy: StoragePolicy;
useHexIp: boolean;
@@ -124,9 +135,7 @@ class Config {
path.join(__dirname, "..", "defaults", "config.js")
)) as ConfigType;
#homePath = "";
- networks = Object.fromEntries(Object.entries(this.values.networks).map(([name, network]) => {
- return [name, {...network, name}];
- }));
+ networks: {[name: string]: TemplateNetwork} = this.parseNetworks();
getHomePath() {
return this.#homePath;
@@ -179,8 +188,30 @@ class Config {
);
}
+ getNetworks() {
+ return this.networks;
+ }
+
+ getNetworkNames() {
+ return Object.keys(this.networks);
+ }
+
+ parseNetworks() {
+ return Object.fromEntries(Object.entries(this.values.networks).map(([name, network]) => {
+ return [name, {
+ name,
+ host: network.host,
+ port: network.port,
+ tls: network.tls !== undefined ? network.tls : true,
+ rejectUnauthorized: network.rejectUnauthorized !== undefined ? network.rejectUnauthorized : true,
+ caCert: network.caCert ? fs.readFileSync(network.caCert) : undefined
+ }];
+ }));
+ }
+
merge(newConfig: ConfigType) {
this._merge_config_objects(this.values, newConfig);
+ this.networks = this.parseNetworks();
}
_merge_config_objects(oldConfig: ConfigType, newConfig: ConfigType) {
diff --git a/server/models/network.ts b/server/models/network.ts
index 1724cc3b..d698163e 100644
--- a/server/models/network.ts
+++ b/server/models/network.ts
@@ -21,6 +21,7 @@ type NetworkIrcOptions = {
username: string;
gecos: string;
tls: boolean;
+ ca_certificate?: Buffer;
rejectUnauthorized: boolean;
webirc: WebIRC | null;
client_certificate: ClientCertificateType | null;
@@ -94,6 +95,7 @@ class Network {
host!: string;
port!: number;
tls!: boolean;
+ caCert!: Buffer;
userDisconnected!: boolean;
rejectUnauthorized!: boolean;
password!: string;
@@ -247,7 +249,7 @@ class Network {
if (Config.values.lockNetwork) {
// This check is needed to prevent invalid user configurations
- const allowedNetwork = Object.values(Config.networks).find((network) => {
+ const allowedNetwork = Object.values(Config.getNetworks()).find((network) => {
return (this.name === network.name || this.host === network.host);
});
@@ -261,6 +263,10 @@ class Network {
this.port = allowedNetwork.port;
this.tls = allowedNetwork.tls;
this.rejectUnauthorized = allowedNetwork.rejectUnauthorized;
+
+ if (allowedNetwork.caCert !== undefined) {
+ this.caCert = allowedNetwork.caCert;
+ }
}
if (this.host.length === 0) {
@@ -319,6 +325,7 @@ class Network {
this.irc.options.gecos = this.realname;
this.irc.options.tls = this.tls;
this.irc.options.rejectUnauthorized = this.rejectUnauthorized;
+ this.irc.options.ca_certificate = this.caCert;
this.irc.options.webirc = this.createWebIrc(client);
this.irc.options.client_certificate = null;
diff --git a/server/server.ts b/server/server.ts
index 6961aa11..364c5846 100644
--- a/server/server.ts
+++ b/server/server.ts
@@ -873,7 +873,7 @@ function getClientConfiguration(data: AuthPerformData): SharedConfiguration | Lo
useHexIp: Config.values.useHexIp,
prefetch: Config.values.prefetch,
fileUploadMaxFileSize: Uploader ? Uploader.getMaxFileSize() : undefined, // TODO can't be undefined?
- networks: Config.networks
+ networks: Config.getNetworkNames()
};
const defaultsOverride = {
@@ -891,9 +891,17 @@ function getClientConfiguration(data: AuthPerformData): SharedConfiguration | Lo
if (!Config.values.lockNetwork) {
const defaultNetwork = Config.values.networks[Config.values.defaults.name];
+
+ if (defaultNetwork.rejectUnauthorized === undefined) {
+ defaultNetwork.rejectUnauthorized = true;
+ }
+
const defaults: ConfigNetDefaults = {
..._.clone(Config.values.defaults),
- ..._.clone(defaultNetwork),
+ host: defaultNetwork.host,
+ port: defaultNetwork.port,
+ tls: defaultNetwork.tls,
+ rejectUnauthorized: defaultNetwork.rejectUnauthorized,
...defaultsOverride,
};
const result: SharedConfiguration = {
diff --git a/shared/types/config.ts b/shared/types/config.ts
index 6f9d53ff..a7486a49 100644
--- a/shared/types/config.ts
+++ b/shared/types/config.ts
@@ -24,7 +24,7 @@ type SharedConfigurationBase = {
themes: ConfigTheme[];
defaultTheme: string;
fileUploadMaxFileSize?: number;
- networks: {[name: string]: NetworkTemplate};
+ networks: string[];
};
export type ConfigNetDefaults = {
diff --git a/yarn.lock b/yarn.lock
index 33a05e5b..6a1b8f94 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3151,7 +3151,7 @@ core-js-compat@^3.21.0, core-js-compat@^3.22.1:
dependencies:
browserslist "^4.23.3"
-core-js@^3.27.2:
+core-js@^3.38.1:
version "3.38.1"
resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.38.1.tgz#aa375b79a286a670388a1a363363d53677c0383e"
integrity sha512-OP35aUorbU3Zvlx7pjsFdu1rGNnD4pgw/CWoYzRY3t2EzoVT7shKHY1dlAy3f41cGIO7ZDPQimhGFTlEYkG/Hw==
@@ -4022,7 +4022,7 @@ eventemitter3@^4.0.4:
resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f"
integrity sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==
-eventemitter3@^5.0.0:
+eventemitter3@^5.0.1:
version "5.0.1"
resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-5.0.1.tgz#53f5ffd0a492ac800721bb42c66b841de96423c4"
integrity sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==
@@ -4943,21 +4943,20 @@ ipaddr.js@1.9.1:
resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz#bff38543eeb8984825079ff3a2a8e6cbd46781b3"
integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==
-irc-framework@4.13.1:
- version "4.13.1"
- resolved "https://registry.yarnpkg.com/irc-framework/-/irc-framework-4.13.1.tgz#9850ffd220c6ddded960f8b95d0612d646f9a1b7"
- integrity sha512-oUdNyc5CLwYjsp5AP479EgdMMTepwYK9kury7sWzMV6IeMyKc6fExk6tnhN/jTWpiDKsYtbPAb01wE7yVtLcsQ==
+"irc-framework@https://github.com/revspace/nodejs-irc-framework":
+ version "4.14.0"
+ resolved "https://github.com/revspace/nodejs-irc-framework#7444a1f3e7509342a26b909b2bfd5a9e955db6c8"
dependencies:
buffer "^6.0.3"
- core-js "^3.27.2"
- eventemitter3 "^5.0.0"
+ core-js "^3.38.1"
+ eventemitter3 "^5.0.1"
grapheme-splitter "^1.0.4"
iconv-lite "^0.6.3"
isomorphic-textencoder "^1.0.1"
lodash "^4.17.21"
middleware-handler "^0.2.0"
- regenerator-runtime "^0.13.11"
- socks "^2.7.1"
+ regenerator-runtime "^0.14.1"
+ socks "^2.8.3"
stream-browserify "^3.0.0"
util "^0.12.5"
@@ -7336,12 +7335,7 @@ regenerate@^1.4.2:
resolved "https://registry.yarnpkg.com/regenerate/-/regenerate-1.4.2.tgz#b9346d8827e8f5a32f7ba29637d398b69014848a"
integrity sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==
-regenerator-runtime@^0.13.11:
- version "0.13.11"
- resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz#f6dca3e7ceec20590d07ada785636a90cdca17f9"
- integrity sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg==
-
-regenerator-runtime@^0.14.0:
+regenerator-runtime@^0.14.0, regenerator-runtime@^0.14.1:
version "0.14.1"
resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.14.1.tgz#356ade10263f685dda125100cd862c1db895327f"
integrity sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==
@@ -7877,7 +7871,7 @@ socks-proxy-agent@^6.0.0:
debug "^4.3.3"
socks "^2.6.2"
-socks@^2.6.2, socks@^2.7.1:
+socks@^2.6.2, socks@^2.8.3:
version "2.8.3"
resolved "https://registry.yarnpkg.com/socks/-/socks-2.8.3.tgz#1ebd0f09c52ba95a09750afe3f3f9f724a800cb5"
integrity sha512-l5x7VUUWbjVFbafGLxPWkYsHIhEvmF85tbIeFZWc8ZPtoMyybuEhL7Jye/ooC4/d48FgOjSJXgsF/AJPYCW8Zw==