Compare commits
12 Commits
fix/1423
...
fix/1542-a
| Author | SHA1 | Date | |
|---|---|---|---|
|
d2903d646d | ||
| 324cdb0d26 | |||
| b4473267e0 | |||
| ed733d4eea | |||
| 7c9f4310d0 | |||
| 2016a7e076 | |||
| b6ee9ba01b | |||
| 15b9a4398c | |||
| 3f7277d920 | |||
| cb944be172 | |||
|
|
ec2ed3c62f | ||
|
|
11175e72c0 |
3
app.js
3
app.js
@@ -734,6 +734,9 @@ async function init() {
|
||||
const response = await fetch('./portals.json');
|
||||
const portalData = await response.json();
|
||||
createPortals(portalData);
|
||||
|
||||
// Start portal hot-reload watcher
|
||||
if (window.PortalHotReload) PortalHotReload.start(5000);
|
||||
} catch (e) {
|
||||
console.error('Failed to load portals.json:', e);
|
||||
addChatMessage('error', 'Portal registry offline. Check logs.');
|
||||
|
||||
13
avatar-customization.css
Normal file
13
avatar-customization.css
Normal file
@@ -0,0 +1,13 @@
|
||||
.avatar-name-tag{position:fixed;transform:translate(-50%,-100%);background:rgba(0,0,0,0.7);color:#00ffcc;font-family:'JetBrains Mono',monospace;font-size:12px;padding:2px 8px;border-radius:4px;border:1px solid rgba(0,255,204,0.3);pointer-events:none;z-index:100;white-space:nowrap;text-shadow:0 0 6px rgba(0,255,204,0.5)}
|
||||
.avatar-color-picker{position:fixed;top:60px;right:16px;background:rgba(10,15,26,0.95);border:1px solid rgba(0,255,204,0.3);border-radius:8px;padding:12px;z-index:1000;min-width:200px;font-family:'JetBrains Mono',monospace;color:#e0e0e0}
|
||||
.avatar-color-picker.hidden{display:none}
|
||||
.avatar-picker-header{display:flex;justify-content:space-between;align-items:center;margin-bottom:12px;font-size:14px;color:#00ffcc}
|
||||
.avatar-picker-close{background:none;border:none;color:#666;font-size:18px;cursor:pointer}
|
||||
.avatar-picker-name{margin-bottom:12px}
|
||||
.avatar-picker-name label{display:block;font-size:10px;color:#666;text-transform:uppercase;margin-bottom:4px}
|
||||
.avatar-picker-name input{width:100%;background:rgba(255,255,255,0.05);border:1px solid rgba(0,255,204,0.2);border-radius:4px;color:#e0e0e0;padding:6px 8px;font-family:inherit;font-size:13px;outline:none}
|
||||
.avatar-picker-colors label{display:block;font-size:10px;color:#666;text-transform:uppercase;margin-bottom:6px}
|
||||
.avatar-color-grid{display:grid;grid-template-columns:repeat(4,1fr);gap:6px}
|
||||
.avatar-color-swatch{width:36px;height:36px;border-radius:50%;border:2px solid transparent;cursor:pointer;transition:border-color 0.15s,transform 0.15s}
|
||||
.avatar-color-swatch:hover{transform:scale(1.15)}
|
||||
.avatar-color-swatch.active{border-color:white;box-shadow:0 0 8px currentColor}
|
||||
38
avatar-customization.js
Normal file
38
avatar-customization.js
Normal file
@@ -0,0 +1,38 @@
|
||||
const AvatarCustomization = (() => {
|
||||
let avatarMesh = null, nameTagDiv = null, colorPickerPanel = null;
|
||||
let currentColor = '#00ffcc', currentName = 'Visitor', _scene = null, _camera = null;
|
||||
const STORAGE_KEY = 'nexus-avatar-prefs';
|
||||
const PRESET_COLORS = [
|
||||
{name:'Teal',hex:'#00ffcc'},{name:'Cyan',hex:'#00ccff'},{name:'Purple',hex:'#9966ff'},
|
||||
{name:'Pink',hex:'#ff66aa'},{name:'Orange',hex:'#ff8833'},{name:'Gold',hex:'#ffcc00'},
|
||||
{name:'Red',hex:'#ff3333'},{name:'Green',hex:'#33ff66'},
|
||||
];
|
||||
function loadPrefs(){try{const r=localStorage.getItem(STORAGE_KEY);if(r){const p=JSON.parse(r);if(p.color)currentColor=p.color;if(p.name)currentName=p.name;}}catch(e){}}
|
||||
function savePrefs(){try{localStorage.setItem(STORAGE_KEY,JSON.stringify({color:currentColor,name:currentName}));}catch(e){}}
|
||||
function createAvatarMesh(color){
|
||||
const geo=new THREE.CapsuleGeometry(0.3,0.8,8,16);
|
||||
const mat=new THREE.MeshStandardMaterial({color:new THREE.Color(color),emissive:new THREE.Color(color).multiplyScalar(0.3),metalness:0.3,roughness:0.5});
|
||||
const mesh=new THREE.Mesh(geo,mat);mesh.position.set(0,1.2,0);mesh.castShadow=true;return mesh;
|
||||
}
|
||||
function updateAvatarColor(hex){
|
||||
currentColor=hex;if(avatarMesh){avatarMesh.material.color.set(hex);avatarMesh.material.emissive.set(new THREE.Color(hex).multiplyScalar(0.3));}
|
||||
document.querySelectorAll('.avatar-color-swatch').forEach(el=>el.classList.toggle('active',el.dataset.color===hex));savePrefs();
|
||||
}
|
||||
function createNameTag(name){const d=document.createElement('div');d.className='avatar-name-tag';d.textContent=name;document.body.appendChild(d);return d;}
|
||||
function updateNameTagPosition(){if(!nameTagDiv||!_camera)return;const pos=new THREE.Vector3(0,2.4,0);if(avatarMesh&&avatarMesh.parent)pos.add(avatarMesh.parent.position);pos.project(_camera);const x=(pos.x*0.5+0.5)*window.innerWidth;const y=(-pos.y*0.5+0.5)*window.innerHeight;nameTagDiv.style.left=x+'px';nameTagDiv.style.top=y+'px';nameTagDiv.style.display=pos.z<1?'block':'none';}
|
||||
function updateNameTagText(name){currentName=name;if(nameTagDiv)nameTagDiv.textContent=name;savePrefs();}
|
||||
function createColorPicker(){
|
||||
const panel=document.createElement('div');panel.id='avatar-color-picker';panel.className='avatar-color-picker hidden';
|
||||
panel.innerHTML='<div class="avatar-picker-header"><span>Avatar</span><button class="avatar-picker-close">×</button></div><div class="avatar-picker-name"><label>Name</label><input type="text" id="avatar-name-input" maxlength="20" placeholder="Your name" /></div><div class="avatar-picker-colors"><label>Color</label><div class="avatar-color-grid">'+PRESET_COLORS.map(c=>'<button class="avatar-color-swatch '+(c.hex===currentColor?'active':'')+'" data-color="'+c.hex+'" style="background:'+c.hex+'" title="'+c.name+'"></button>').join('')+'</div></div>';
|
||||
document.body.appendChild(panel);
|
||||
panel.querySelector('.avatar-picker-close').addEventListener('click',()=>panel.classList.add('hidden'));
|
||||
panel.querySelectorAll('.avatar-color-swatch').forEach(el=>el.addEventListener('click',()=>updateAvatarColor(el.dataset.color)));
|
||||
const ni=panel.querySelector('#avatar-name-input');ni.value=currentName;ni.addEventListener('input',(e)=>updateNameTagText(e.target.value||'Visitor'));
|
||||
return panel;
|
||||
}
|
||||
function toggleColorPicker(){if(!colorPickerPanel)return;colorPickerPanel.classList.toggle('hidden');const ni=colorPickerPanel.querySelector('#avatar-name-input');if(ni&&!colorPickerPanel.classList.contains('hidden')){ni.value=currentName;ni.focus();}}
|
||||
function update(playerPos){if(!avatarMesh)return;avatarMesh.position.set(playerPos.x,playerPos.y-0.8,playerPos.z);updateNameTagPosition();}
|
||||
function init(sceneRef,cameraRef){_scene=sceneRef;_camera=cameraRef;loadPrefs();avatarMesh=createAvatarMesh(currentColor);_scene.add(avatarMesh);nameTagDiv=createNameTag(currentName);colorPickerPanel=createColorPicker();const h=document.querySelector('.hud-top-right');if(h){const b=document.createElement('button');b.id='avatar-customize-btn';b.className='hud-icon-btn';b.title='Customize Avatar';b.innerHTML='<span class="hud-icon">🎨</span>';b.addEventListener('click',toggleColorPicker);h.insertBefore(b,h.firstChild);}console.log('[AvatarCustomization] Initialized —',currentColor,currentName);}
|
||||
return{init,update,setColor:updateAvatarColor,setName:updateNameTagText,toggleColorPicker};
|
||||
})();
|
||||
window.AvatarCustomization=AvatarCustomization;
|
||||
@@ -1,54 +0,0 @@
|
||||
const { app, BrowserWindow } = require('electron');
|
||||
const path = require('path');
|
||||
|
||||
// Import the secure MemPalace bridge
|
||||
const { setupSecureMemPalaceIPC } = require('./electron-mempalace-bridge');
|
||||
|
||||
let mainWindow;
|
||||
|
||||
function createWindow() {
|
||||
mainWindow = new BrowserWindow({
|
||||
width: 1200,
|
||||
height: 800,
|
||||
webPreferences: {
|
||||
nodeIntegration: false,
|
||||
contextIsolation: true,
|
||||
preload: path.join(__dirname, 'preload.js')
|
||||
}
|
||||
});
|
||||
|
||||
mainWindow.loadFile('index.html');
|
||||
|
||||
// Open DevTools in development
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
mainWindow.webContents.openDevTools();
|
||||
}
|
||||
}
|
||||
|
||||
app.whenReady().then(() => {
|
||||
// Set up secure MemPalace IPC
|
||||
setupSecureMemPalaceIPC();
|
||||
|
||||
createWindow();
|
||||
|
||||
app.on('activate', () => {
|
||||
if (BrowserWindow.getAllWindows().length === 0) {
|
||||
createWindow();
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
app.on('window-all-closed', () => {
|
||||
if (process.platform !== 'darwin') {
|
||||
app.quit();
|
||||
}
|
||||
});
|
||||
|
||||
// Handle any uncaught exceptions
|
||||
process.on('uncaughtException', (error) => {
|
||||
console.error('Uncaught exception:', error);
|
||||
});
|
||||
|
||||
process.on('unhandledRejection', (reason, promise) => {
|
||||
console.error('Unhandled rejection at:', promise, 'reason:', reason);
|
||||
});
|
||||
@@ -1,290 +0,0 @@
|
||||
/**
|
||||
* Secure MemPalace IPC Bridge
|
||||
* Issue #1423: [SECURITY] Electron MemPalace bridge allows arbitrary command execution
|
||||
*
|
||||
* Replaces raw command execution with typed, validated IPC actions.
|
||||
*/
|
||||
|
||||
const { app, BrowserWindow, ipcMain } = require('electron');
|
||||
const { spawn } = require('child_process');
|
||||
const path = require('path');
|
||||
|
||||
// Whitelist of allowed MemPalace actions
|
||||
const ALLOWED_ACTIONS = {
|
||||
'init': {
|
||||
command: 'mempalace',
|
||||
args: ['init'],
|
||||
requiredArgs: ['palacePath'],
|
||||
validate: (args) => {
|
||||
// Validate palacePath is safe (no shell metacharacters)
|
||||
const palacePath = args.palacePath;
|
||||
if (!palacePath || typeof palacePath !== 'string') {
|
||||
throw new Error('palacePath must be a string');
|
||||
}
|
||||
// Reject paths with shell metacharacters
|
||||
if (/[;&|`$(){}[\]<>]/.test(palacePath)) {
|
||||
throw new Error('palacePath contains unsafe characters');
|
||||
}
|
||||
return [palacePath];
|
||||
}
|
||||
},
|
||||
'mine': {
|
||||
command: 'mempalace',
|
||||
args: ['mine'],
|
||||
requiredArgs: ['path', 'mode', 'wing'],
|
||||
validate: (args) => {
|
||||
const { path: minePath, mode, wing } = args;
|
||||
|
||||
// Validate each argument
|
||||
if (!minePath || typeof minePath !== 'string') {
|
||||
throw new Error('path must be a string');
|
||||
}
|
||||
if (!mode || typeof mode !== 'string') {
|
||||
throw new Error('mode must be a string');
|
||||
}
|
||||
if (!wing || typeof wing !== 'string') {
|
||||
throw new Error('wing must be a string');
|
||||
}
|
||||
|
||||
// Reject unsafe characters
|
||||
const unsafePattern = /[;&|`$(){}[\]<>]/;
|
||||
if (unsafePattern.test(minePath) || unsafePattern.test(mode) || unsafePattern.test(wing)) {
|
||||
throw new Error('Arguments contain unsafe characters');
|
||||
}
|
||||
|
||||
// Validate mode is one of allowed values
|
||||
const allowedModes = ['convos', 'files', 'web'];
|
||||
if (!allowedModes.includes(mode)) {
|
||||
throw new Error(`Mode must be one of: ${allowedModes.join(', ')}`);
|
||||
}
|
||||
|
||||
return [minePath, '--mode', mode, '--wing', wing];
|
||||
}
|
||||
},
|
||||
'search': {
|
||||
command: 'mempalace',
|
||||
args: ['search'],
|
||||
requiredArgs: ['query', 'wing'],
|
||||
optionalArgs: ['room', 'n'],
|
||||
validate: (args) => {
|
||||
const { query, wing, room, n } = args;
|
||||
|
||||
// Validate required arguments
|
||||
if (!query || typeof query !== 'string') {
|
||||
throw new Error('query must be a string');
|
||||
}
|
||||
if (!wing || typeof wing !== 'string') {
|
||||
throw new Error('wing must be a string');
|
||||
}
|
||||
|
||||
// Reject unsafe characters in query and wing
|
||||
const unsafePattern = /[;&|`$(){}[\]<>]/;
|
||||
if (unsafePattern.test(query) || unsafePattern.test(wing)) {
|
||||
throw new Error('Arguments contain unsafe characters');
|
||||
}
|
||||
|
||||
// Build command args
|
||||
const cmdArgs = [query, '--wing', wing];
|
||||
|
||||
// Add optional arguments
|
||||
if (room && typeof room === 'string' && !unsafePattern.test(room)) {
|
||||
cmdArgs.push('--room', room);
|
||||
}
|
||||
if (n && typeof n === 'number' && n > 0 && n <= 100) {
|
||||
cmdArgs.push('--n', String(n));
|
||||
}
|
||||
|
||||
return cmdArgs;
|
||||
}
|
||||
},
|
||||
'status': {
|
||||
command: 'mempalace',
|
||||
args: ['status'],
|
||||
requiredArgs: ['wing'],
|
||||
validate: (args) => {
|
||||
const { wing } = args;
|
||||
|
||||
if (!wing || typeof wing !== 'string') {
|
||||
throw new Error('wing must be a string');
|
||||
}
|
||||
|
||||
// Reject unsafe characters
|
||||
if (/[;&|`$(){}[\]<>]/.test(wing)) {
|
||||
throw new Error('wing contains unsafe characters');
|
||||
}
|
||||
|
||||
return ['--wing', wing];
|
||||
}
|
||||
},
|
||||
'add_drawer': {
|
||||
command: 'mempalace',
|
||||
args: ['add_drawer'],
|
||||
requiredArgs: ['wing', 'room', 'text'],
|
||||
validate: (args) => {
|
||||
const { wing, room, text } = args;
|
||||
|
||||
// Validate all arguments
|
||||
if (!wing || typeof wing !== 'string') {
|
||||
throw new Error('wing must be a string');
|
||||
}
|
||||
if (!room || typeof room !== 'string') {
|
||||
throw new Error('room must be a string');
|
||||
}
|
||||
if (!text || typeof text !== 'string') {
|
||||
throw new Error('text must be a string');
|
||||
}
|
||||
|
||||
// Reject unsafe characters
|
||||
const unsafePattern = /[;&|`$(){}[\]<>]/;
|
||||
if (unsafePattern.test(wing) || unsafePattern.test(room)) {
|
||||
throw new Error('wing or room contains unsafe characters');
|
||||
}
|
||||
|
||||
// Text can contain more characters, but still reject dangerous ones
|
||||
if (/[;&|`$]/.test(text)) {
|
||||
throw new Error('text contains unsafe characters');
|
||||
}
|
||||
|
||||
return [wing, room, text];
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Validate and execute a MemPalace action
|
||||
*/
|
||||
async function executeMemPalaceAction(action, args = {}) {
|
||||
// Check if action is allowed
|
||||
if (!ALLOWED_ACTIONS[action]) {
|
||||
throw new Error(`Unknown action: ${action}. Allowed actions: ${Object.keys(ALLOWED_ACTIONS).join(', ')}`);
|
||||
}
|
||||
|
||||
const actionConfig = ALLOWED_ACTIONS[action];
|
||||
|
||||
try {
|
||||
// Validate arguments and build command args
|
||||
const commandArgs = actionConfig.validate(args);
|
||||
|
||||
// Build full command
|
||||
const command = actionConfig.command;
|
||||
const fullArgs = [...actionConfig.args, ...commandArgs];
|
||||
|
||||
console.log(`[MemPalace] Executing: ${command} ${fullArgs.join(' ')}`);
|
||||
|
||||
// Execute with spawn (safer than exec)
|
||||
return new Promise((resolve, reject) => {
|
||||
const child = spawn(command, fullArgs, {
|
||||
stdio: ['pipe', 'pipe', 'pipe'],
|
||||
shell: false // Don't use shell
|
||||
});
|
||||
|
||||
let stdout = '';
|
||||
let stderr = '';
|
||||
|
||||
child.stdout.on('data', (data) => {
|
||||
stdout += data.toString();
|
||||
});
|
||||
|
||||
child.stderr.on('data', (data) => {
|
||||
stderr += data.toString();
|
||||
});
|
||||
|
||||
child.on('close', (code) => {
|
||||
if (code === 0) {
|
||||
resolve({ stdout, stderr, code });
|
||||
} else {
|
||||
reject(new Error(`Command failed with code ${code}: ${stderr}`));
|
||||
}
|
||||
});
|
||||
|
||||
child.on('error', (error) => {
|
||||
reject(error);
|
||||
});
|
||||
});
|
||||
|
||||
} catch (error) {
|
||||
console.error(`[MemPalace] Validation error for ${action}:`, error.message);
|
||||
throw error;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Set up secure IPC handlers
|
||||
*/
|
||||
function setupSecureMemPalaceIPC() {
|
||||
// Remove any existing handlers
|
||||
ipcMain.removeHandler('exec-python');
|
||||
|
||||
// Set up typed action handlers
|
||||
ipcMain.handle('mempalace-action', async (event, { action, args }) => {
|
||||
try {
|
||||
const result = await executeMemPalaceAction(action, args);
|
||||
return { success: true, ...result };
|
||||
} catch (error) {
|
||||
console.error(`[MemPalace] Action ${action} failed:`, error.message);
|
||||
return { success: false, error: error.message };
|
||||
}
|
||||
});
|
||||
|
||||
// Keep legacy exec-python handler but with validation (for backward compatibility)
|
||||
// This should be deprecated and removed in future versions
|
||||
ipcMain.handle('exec-python', async (event, command) => {
|
||||
console.warn('[MemPalace] DEPRECATED: exec-python called. Use mempalace-action instead.');
|
||||
|
||||
// Parse the command to extract action and args
|
||||
const parts = command.trim().split(/\s+/);
|
||||
if (parts.length < 2 || parts[0] !== 'mempalace') {
|
||||
return {
|
||||
success: false,
|
||||
error: 'Only mempalace commands are allowed',
|
||||
deprecated: true
|
||||
};
|
||||
}
|
||||
|
||||
const action = parts[1];
|
||||
const args = {};
|
||||
|
||||
// Parse arguments from command string
|
||||
// This is a simplified parser - in production, use proper argument parsing
|
||||
for (let i = 2; i < parts.length; i++) {
|
||||
const part = parts[i];
|
||||
if (part.startsWith('--')) {
|
||||
const key = part.slice(2);
|
||||
const value = parts[i + 1];
|
||||
if (value && !value.startsWith('--')) {
|
||||
args[key] = value;
|
||||
i++; // Skip next part
|
||||
}
|
||||
} else if (!args.path && !args.wing && !args.query) {
|
||||
// Positional arguments
|
||||
if (!args.path) args.path = part;
|
||||
else if (!args.wing) args.wing = part;
|
||||
else if (!args.query) args.query = part;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
const result = await executeMemPalaceAction(action, args);
|
||||
return {
|
||||
success: true,
|
||||
...result,
|
||||
deprecated: true,
|
||||
warning: 'This endpoint is deprecated. Use mempalace-action instead.'
|
||||
};
|
||||
} catch (error) {
|
||||
return {
|
||||
success: false,
|
||||
error: error.message,
|
||||
deprecated: true
|
||||
};
|
||||
}
|
||||
});
|
||||
|
||||
console.log('[MemPalace] Secure IPC handlers registered');
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
setupSecureMemPalaceIPC,
|
||||
executeMemPalaceAction,
|
||||
ALLOWED_ACTIONS
|
||||
};
|
||||
@@ -23,6 +23,7 @@
|
||||
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
||||
<link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@300;400;500;600;700&family=Orbitron:wght@400;500;600;700;800;900&display=swap" rel="stylesheet">
|
||||
<link rel="stylesheet" href="./style.css">
|
||||
<link rel="stylesheet" href="./avatar-customization.css">
|
||||
<link rel="manifest" href="./manifest.json">
|
||||
<script type="importmap">
|
||||
{
|
||||
@@ -397,6 +398,7 @@
|
||||
<script src="./boot.js"></script>
|
||||
<script src="./avatar-customization.js"></script>
|
||||
<script src="./lod-system.js"></script>
|
||||
<script src="./portal-hot-reload.js"></script>
|
||||
<script>
|
||||
function openMemoryFilter() { renderFilterList(); document.getElementById('memory-filter').style.display = 'flex'; }
|
||||
function closeMemoryFilter() { document.getElementById('memory-filter').style.display = 'none'; }
|
||||
|
||||
@@ -29,7 +29,7 @@ from typing import Any, Callable, Optional
|
||||
|
||||
import websockets
|
||||
|
||||
from bannerlord_trace import BannerlordTraceLogger
|
||||
from nexus.bannerlord_trace import BannerlordTraceLogger
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# CONFIGURATION
|
||||
|
||||
@@ -304,6 +304,43 @@ async def inject_event(event_type: str, ws_url: str, **kwargs):
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
def clean_lines(text: str) -> str:
|
||||
"""Remove ANSI codes and collapse whitespace from log text."""
|
||||
import re
|
||||
text = strip_ansi(text)
|
||||
text = re.sub(r'\s+', ' ', text).strip()
|
||||
return text
|
||||
|
||||
|
||||
def normalize_event(event: dict) -> dict:
|
||||
"""Normalize an Evennia event dict to standard format."""
|
||||
return {
|
||||
"type": event.get("type", "unknown"),
|
||||
"actor": event.get("actor", event.get("name", "")),
|
||||
"room": event.get("room", event.get("location", "")),
|
||||
"message": event.get("message", event.get("text", "")),
|
||||
"timestamp": event.get("timestamp", ""),
|
||||
}
|
||||
|
||||
|
||||
def parse_room_output(text: str) -> dict:
|
||||
"""Parse Evennia room output into structured data."""
|
||||
import re
|
||||
lines = text.strip().split("\n")
|
||||
result = {"name": "", "description": "", "exits": [], "objects": []}
|
||||
if lines:
|
||||
result["name"] = strip_ansi(lines[0]).strip()
|
||||
if len(lines) > 1:
|
||||
result["description"] = strip_ansi(lines[1]).strip()
|
||||
for line in lines[2:]:
|
||||
line = strip_ansi(line).strip()
|
||||
if line.startswith("Exits:"):
|
||||
result["exits"] = [e.strip() for e in line[6:].split(",") if e.strip()]
|
||||
elif line.startswith("You see:"):
|
||||
result["objects"] = [o.strip() for o in line[8:].split(",") if o.strip()]
|
||||
return result
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="Evennia -> Nexus WebSocket Bridge")
|
||||
sub = parser.add_subparsers(dest="mode")
|
||||
|
||||
105
portal-hot-reload.js
Normal file
105
portal-hot-reload.js
Normal file
@@ -0,0 +1,105 @@
|
||||
/**
|
||||
* Portal Hot-Reload for The Nexus
|
||||
*
|
||||
* Watches portals.json for changes and hot-reloads portal list
|
||||
* without server restart. Existing connections unaffected.
|
||||
*
|
||||
* Usage:
|
||||
* PortalHotReload.start(intervalMs);
|
||||
* PortalHotReload.stop();
|
||||
* PortalHotReload.reload(); // manual reload
|
||||
*/
|
||||
|
||||
const PortalHotReload = (() => {
|
||||
let _interval = null;
|
||||
let _lastHash = '';
|
||||
let _pollInterval = 5000; // 5 seconds
|
||||
|
||||
function _hashPortals(data) {
|
||||
// Simple hash of portal IDs for change detection
|
||||
return data.map(p => p.id || p.name).sort().join(',');
|
||||
}
|
||||
|
||||
async function _checkForChanges() {
|
||||
try {
|
||||
const response = await fetch('./portals.json?t=' + Date.now());
|
||||
if (!response.ok) return;
|
||||
|
||||
const data = await response.json();
|
||||
const hash = _hashPortals(data);
|
||||
|
||||
if (hash !== _lastHash) {
|
||||
console.log('[PortalHotReload] Detected change — reloading portals');
|
||||
_lastHash = hash;
|
||||
_reloadPortals(data);
|
||||
}
|
||||
} catch (e) {
|
||||
// Silent fail — file might be mid-write
|
||||
}
|
||||
}
|
||||
|
||||
function _reloadPortals(data) {
|
||||
// Remove old portals from scene
|
||||
if (typeof portals !== 'undefined' && Array.isArray(portals)) {
|
||||
portals.forEach(p => {
|
||||
if (p.group && typeof scene !== 'undefined' && scene) {
|
||||
scene.remove(p.group);
|
||||
}
|
||||
});
|
||||
portals.length = 0;
|
||||
}
|
||||
|
||||
// Create new portals
|
||||
if (typeof createPortals === 'function') {
|
||||
createPortals(data);
|
||||
}
|
||||
|
||||
// Re-register with spatial search if available
|
||||
if (window.SpatialSearch && typeof portals !== 'undefined') {
|
||||
portals.forEach(p => {
|
||||
if (p.config && p.config.name && p.group) {
|
||||
SpatialSearch.register('portal', p, p.config.name);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// Notify
|
||||
if (typeof addChatMessage === 'function') {
|
||||
addChatMessage('system', `Portals reloaded: ${data.length} portals active`);
|
||||
}
|
||||
|
||||
console.log(`[PortalHotReload] Reloaded ${data.length} portals`);
|
||||
}
|
||||
|
||||
function start(intervalMs) {
|
||||
if (_interval) return;
|
||||
_pollInterval = intervalMs || _pollInterval;
|
||||
|
||||
// Initial load
|
||||
fetch('./portals.json').then(r => r.json()).then(data => {
|
||||
_lastHash = _hashPortals(data);
|
||||
}).catch(() => {});
|
||||
|
||||
_interval = setInterval(_checkForChanges, _pollInterval);
|
||||
console.log(`[PortalHotReload] Watching portals.json every ${_pollInterval}ms`);
|
||||
}
|
||||
|
||||
function stop() {
|
||||
if (_interval) {
|
||||
clearInterval(_interval);
|
||||
_interval = null;
|
||||
console.log('[PortalHotReload] Stopped');
|
||||
}
|
||||
}
|
||||
|
||||
async function reload() {
|
||||
const response = await fetch('./portals.json?t=' + Date.now());
|
||||
const data = await response.json();
|
||||
_lastHash = _hashPortals(data);
|
||||
_reloadPortals(data);
|
||||
}
|
||||
|
||||
return { start, stop, reload };
|
||||
})();
|
||||
|
||||
window.PortalHotReload = PortalHotReload;
|
||||
24
preload.js
24
preload.js
@@ -1,24 +0,0 @@
|
||||
/**
|
||||
* Preload script for Electron
|
||||
* Exposes secure MemPalace API to renderer
|
||||
*/
|
||||
|
||||
const { contextBridge, ipcRenderer } = require('electron');
|
||||
|
||||
// Expose secure MemPalace API to renderer
|
||||
contextBridge.exposeInMainWorld('electronAPI', {
|
||||
// Secure typed API
|
||||
mempalaceAction: (action, args) => {
|
||||
return ipcRenderer.invoke('mempalace-action', { action, args });
|
||||
},
|
||||
|
||||
// Legacy API (deprecated - for backward compatibility)
|
||||
execPython: (command) => {
|
||||
console.warn('[MemPalace] execPython is deprecated. Use mempalaceAction instead.');
|
||||
return ipcRenderer.invoke('exec-python', command);
|
||||
},
|
||||
|
||||
// Utility functions
|
||||
platform: process.platform,
|
||||
versions: process.versions
|
||||
});
|
||||
@@ -1,177 +0,0 @@
|
||||
/**
|
||||
* Tests for secure MemPalace IPC bridge
|
||||
* Issue #1423: [SECURITY] Electron MemPalace bridge allows arbitrary command execution
|
||||
*/
|
||||
|
||||
const test = require('node:test');
|
||||
const assert = require('node:assert/strict');
|
||||
const { setupSecureMemPalaceIPC, executeMemPalaceAction, ALLOWED_ACTIONS } = require('./electron-mempalace-bridge');
|
||||
|
||||
// Mock Electron IPC
|
||||
const mockIpcMain = {
|
||||
handlers: {},
|
||||
handle: function(channel, handler) {
|
||||
this.handlers[channel] = handler;
|
||||
},
|
||||
removeHandler: function(channel) {
|
||||
delete this.handlers[channel];
|
||||
}
|
||||
};
|
||||
|
||||
// Mock child_process.spawn
|
||||
const mockSpawn = jest.fn();
|
||||
|
||||
// Setup before tests
|
||||
test.before(() => {
|
||||
// Mock require
|
||||
const Module = require('module');
|
||||
const originalRequire = Module.prototype.require;
|
||||
|
||||
Module.prototype.require = function(id) {
|
||||
if (id === 'child_process') {
|
||||
return { spawn: mockSpawn };
|
||||
}
|
||||
if (id === 'electron') {
|
||||
return { ipcMain: mockIpcMain };
|
||||
}
|
||||
return originalRequire.apply(this, arguments);
|
||||
};
|
||||
});
|
||||
|
||||
test('ALLOWED_ACTIONS contains expected actions', () => {
|
||||
const expectedActions = ['init', 'mine', 'search', 'status', 'add_drawer'];
|
||||
expectedActions.forEach(action => {
|
||||
assert.ok(ALLOWED_ACTIONS[action], `Should have ${action} action`);
|
||||
assert.ok(ALLOWED_ACTIONS[action].command, `${action} should have command`);
|
||||
assert.ok(ALLOWED_ACTIONS[action].args, `${action} should have args`);
|
||||
assert.ok(ALLOWED_ACTIONS[action].validate, `${action} should have validate function`);
|
||||
});
|
||||
});
|
||||
|
||||
test('Valid init action works', async () => {
|
||||
// Mock spawn to return success
|
||||
const mockChild = {
|
||||
stdout: { on: (event, cb) => { if (event === 'data') cb('OK'); } },
|
||||
stderr: { on: () => {} },
|
||||
on: (event, cb) => { if (event === 'close') cb(0); }
|
||||
};
|
||||
mockSpawn.mockReturnValue(mockChild);
|
||||
|
||||
const result = await executeMemPalaceAction('init', { palacePath: '/safe/path' });
|
||||
assert.equal(result.stdout, 'OK');
|
||||
assert.equal(result.stderr, '');
|
||||
assert.equal(result.code, 0);
|
||||
});
|
||||
|
||||
test('Valid mine action works', async () => {
|
||||
const mockChild = {
|
||||
stdout: { on: (event, cb) => { if (event === 'data') cb('Mined'); } },
|
||||
stderr: { on: () => {} },
|
||||
on: (event, cb) => { if (event === 'close') cb(0); }
|
||||
};
|
||||
mockSpawn.mockReturnValue(mockChild);
|
||||
|
||||
const result = await executeMemPalaceAction('mine', {
|
||||
path: '/safe/path',
|
||||
mode: 'convos',
|
||||
wing: 'test_wing'
|
||||
});
|
||||
assert.equal(result.stdout, 'Mined');
|
||||
});
|
||||
|
||||
test('Rejects unsafe characters in init', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('init', { palacePath: '/path; rm -rf /' }),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects unsafe characters in mine', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('mine', {
|
||||
path: '/path; rm -rf /',
|
||||
mode: 'convos',
|
||||
wing: 'test'
|
||||
}),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects unsafe characters in search', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('search', {
|
||||
query: 'test; rm -rf /',
|
||||
wing: 'test'
|
||||
}),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects unknown actions', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('unknown', {}),
|
||||
{ message: /Unknown action/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects invalid mine mode', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('mine', {
|
||||
path: '/safe/path',
|
||||
mode: 'invalid_mode',
|
||||
wing: 'test'
|
||||
}),
|
||||
{ message: /Mode must be one of/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects missing required arguments', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('mine', {
|
||||
path: '/safe/path',
|
||||
// Missing mode and wing
|
||||
}),
|
||||
{ message: /must be a string/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Search with optional arguments works', async () => {
|
||||
const mockChild = {
|
||||
stdout: { on: (event, cb) => { if (event === 'data') cb('Results'); } },
|
||||
stderr: { on: () => {} },
|
||||
on: (event, cb) => { if (event === 'close') cb(0); }
|
||||
};
|
||||
mockSpawn.mockReturnValue(mockChild);
|
||||
|
||||
const result = await executeMemPalaceAction('search', {
|
||||
query: 'test query',
|
||||
wing: 'test_wing',
|
||||
room: 'test_room',
|
||||
n: 10
|
||||
});
|
||||
assert.equal(result.stdout, 'Results');
|
||||
});
|
||||
|
||||
test('Rejects unsafe room in search', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('search', {
|
||||
query: 'safe query',
|
||||
wing: 'safe_wing',
|
||||
room: 'room; rm -rf /'
|
||||
}),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects unsafe text in add_drawer', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('add_drawer', {
|
||||
wing: 'safe_wing',
|
||||
room: 'safe_room',
|
||||
text: 'text; rm -rf /'
|
||||
}),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
console.log('All secure MemPalace IPC tests passed!');
|
||||
Reference in New Issue
Block a user