
342 lines
10 KiB

import { createReader, createWriter, Endian } from "bufferstuff";
import { WebSocketServer } from "ws";
import Fastify from "fastify";
import FastifyFormBody from "@fastify/formbody";
import FastifyCookie from "@fastify/cookie";
import FastifyView from "@fastify/view";
import EJS from "ejs";
import Config from "./objects/Config";
import FunkyArray from "./objects/FunkyArray";
import RemoteUser from "./objects/RemoteUser";
import { MessageType } from "./enums/MessageType";
import Database from "./objects/Database";
import { Console } from "hsconsole";
import UserService from "./services/UserService";
import UsernameData from "./interfaces/UsernameData";
import { randomBytes } from "crypto";
import SessionUser from "./objects/SessionUser";
import PasswordUtility from "./utilities/PasswordUtility";
import CreateEditPartyData from "./interfaces/CreateEditPartyData";
Console.customHeader(`MultiProbe server started at ${new Date()}`);
const users = new FunkyArray<string, RemoteUser>();
new Database(Config.database.address, Config.database.port, Config.database.username, Config.database.password, Config.database.name);
// Web stuff
const sessions = new FunkyArray<string, SessionUser>();
const sessionExpiryInterval = setInterval(() => {
const currentTime = Date.now();
for (const key of sessions.keys) {
const session = sessions.get(key);
if (!session || (session && currentTime >= session.validityPeriod.getTime())) {
}, 3600000);
const fastify = Fastify({
logger: false
fastify.register(FastifyView, {
engine: {
ejs: EJS
fastify.register(FastifyCookie, {
secret: Config.session.secret,
parseOptions: {
path: "/",
secure: true
fastify.setNotFoundHandler(async (req, res) => {
return res.status(404).view("templates/404.ejs", { });
function validateSession(cookies:{ [cookieName: string]: string | undefined }) {
if ("MP_SESSION" in cookies && typeof(cookies["MP_SESSION"]) === "string") {
const key = FastifyCookie.unsign(cookies["MP_SESSION"], Config.session.secret);
if (key.valid && sessions.has(key.value ?? "badkey")) {
return sessions.get(key.value ?? "badkey");
return undefined;
// Get Methods
fastify.get("/", async (req, res) => {
let session:SessionUser | undefined;
if (session = validateSession(req.cookies)) {
const user = await UserService.GetUser(session.userId);
const parties = await UserService.GetUserParties(session.userId);
if (user) {
return res.view("templates/home.ejs", { user, parties });
return res.view("templates/index.ejs", { });
return res.view("templates/index.ejs", { });
fastify.get("/account", async (req, res) => {
return "TODO";
fastify.get("/account/login", async (req, res) => {
return res.view("templates/account/login.ejs", { });
fastify.get("/account/register", async (req, res) => {
return res.view("templates/account/register.ejs", { });
fastify.get("/party/create", async (req, res) => {
let session:SessionUser | undefined;
if (!(session = validateSession(req.cookies))) {
return res.redirect(302, "/");
return res.view("templates/party/createedit.ejs", { });
fastify.get("/party/join", async (req, res) => {
let session:SessionUser | undefined;
if (!(session = validateSession(req.cookies))) {
return res.redirect(302, "/");
return res.view("templates/party/join.ejs", { });
// Post Methods
fastify.post("/account/register", async (req, res) => {
const data = req.body as UsernameData;
if (typeof(data.username) !== "string" || typeof(data.password) !== "string" || data.username.length > 32 || data.password.length < 8) {
return res.view("templates/account/register.ejs", { });
const username = data.username.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
await UserService.CreateUser(0, username, data.password);
const user = await UserService.GetUserByUsername(username);
if (!user) {
return res.view("templates/account/register.ejs", { });
const validPeriod = new Date();
validPeriod.setTime(validPeriod.getTime() + Config.session.validity);
const key = randomBytes(Config.session.length).toString("hex");
sessions.set(key, new SessionUser(user.Id, validPeriod));
res.setCookie("MP_SESSION", key, {
path: "/",
signed: true
return res.redirect(302, "/");
fastify.post("/account/login", async (req, res) => {
const data = req.body as UsernameData;
if (typeof(data.username) !== "string" || typeof(data.password) !== "string" || data.username.length > 32 || data.password.length < 8) {
return res.view("templates/account/login.ejs", { });
const user = await UserService.GetUserByUsername(data.username);
if (!user) {
return res.view("templates/account/login.ejs", { });
if (await PasswordUtility.ValidatePassword(user.PasswordHash, user.PasswordSalt, data.password)) {
const validPeriod = new Date();
validPeriod.setTime(validPeriod.getTime() + Config.session.validity);
const key = randomBytes(Config.session.length).toString("hex");
sessions.set(key, new SessionUser(user.Id, validPeriod));
res.setCookie("MP_SESSION", key, {
path: "/",
signed: true
return res.redirect(302, "/");
return res.view("templates/account/login.ejs", { });
fastify.post("/party/create", async (req, res) => {
try {
let session:SessionUser | undefined;
if (!(session = validateSession(req.cookies))) {
return res.redirect(302, "/");
const data = req.body as CreateEditPartyData;
if (typeof(data.partyName) !== "string" || typeof(data.partyRef) !== "string" || data.partyName.length === 0 || data.partyRef.length === 0) {
return res.view("templates/party/createedit.ejs", { partyName: data.partyName ?? "", partyRef: data.partyRef ?? "" });
const party = await UserService.GetPartyByPartyRef(data.partyRef)
if (party != null) {
return res.view("templates/party/createedit.ejs", { partyName: data.partyName ?? "", partyRef: data.partyRef ?? "", error: "A group with that Party ID already exists" });
await UserService.CreateParty(session.userId, data.partyName, data.partyRef);
return res.redirect(302, "/");
} catch (e) {
// Websocket stuff
const websocketServer = new WebSocketServer({
port: Config.ports.ws
}, () => {
Console.printInfo(`WebsocketServer listening at ws://localhost:${Config.ports.ws}`);
fastify.listen({ port: Config.ports.http }, (err, address) => {
if (err) {
Console.printError(`Error occured while spinning up fastify:\n${err}`);
Console.printInfo(`Fastify listening at ${address.replace("[::1]", "localhost")}`);
Console.printInfo("MultiProbe is ready to go!");
function sendToAllButSelf(user:RemoteUser, data:Buffer) {
users.forEach(otherUser => {
if (otherUser.id !== user.id && otherUser.currentURL === user.currentURL) {
function sendToAll(user:RemoteUser, data:Buffer) {
users.forEach(otherUser => {
if (otherUser.currentURL === user.currentURL) {
websocketServer.on("connection", (socket) => {
const myUUID = crypto.randomUUID();
let user:RemoteUser;
function closeOrError() {
if (users.has(myUUID)) {
const userLeftPacket = createWriter(Endian.LE, 5).writeByte(MessageType.ClientLeft).writeUInt(user.id).toBuffer();
users.forEach(otherUser => otherUser.send(userLeftPacket));
socket.on("close", closeOrError);
socket.on("error", closeOrError);
socket.on("message", async (data) => {
const reader = createReader(Endian.LE, data as Buffer);
// There is absolutely no reason we should ever get
// more than 50 bytes legit.
if (reader.length > 0 && reader.length < 50) {
switch (reader.readUByte()) {
case MessageType.ClientDetails:
if (user !== undefined) {
const username = reader.readShortString();
const rawURL = reader.readString();
let page = rawURL.toLowerCase().replace(".htm", "").replace(".html", "");
if (page === "index") {
page = "";
let lengthOfUsernames = 0;
const usersOnPage = new Array<RemoteUser>();
await users.forEach(otherUser => {
if (otherUser.currentURL === page) {
lengthOfUsernames += otherUser.username.length + 1; // + 1 for length byte
const usersToSend = createWriter(Endian.LE, 3 + (usersOnPage.length * 12) + lengthOfUsernames).writeByte(MessageType.Clients).writeUShort(usersOnPage.length);
for (const otherUser of usersOnPage) {
user = users.set(myUUID, new RemoteUser(socket, username, page, rawURL));
sendToAllButSelf(user, createWriter(Endian.LE, 6 + username.length).writeByte(MessageType.ClientJoined).writeUInt(user.id).writeShortString(username).toBuffer());
case MessageType.CursorPos:
if (user === undefined) {
user.cursorX = reader.readFloat();
user.cursorY = reader.readInt();
sendToAllButSelf(user, createWriter(Endian.LE, 13).writeByte(MessageType.CursorPos).writeUInt(user.id).writeFloat(user.cursorX).writeInt(user.cursorY).toBuffer());
case MessageType.Ping:
if (user === undefined) {
if ((performance.now() - user.lastPingReset) >= 1000) {
user.allowedPings = 10;
user.lastPingReset = performance.now();
if (user.allowedPings > 0) {
const cursorX = reader.readFloat();
const cursorY = reader.readInt();
const packet = createWriter(Endian.LE, 9).writeByte(MessageType.Ping).writeFloat(cursorX).writeInt(cursorY).toBuffer();
sendToAll(user, packet);
let isShuttingDown = false;
function shutdown() {
if (isShuttingDown) {
isShuttingDown = true;
Console.printInfo("Shutting down...");
websocketServer.close(async () => {
await fastify.close();
process.on("SIGQUIT", shutdown);
process.on("SIGINT", shutdown);
//process.on("SIGUSR2", shutdown);