oftc
diff --git a/‎LICENSE
+19 b/‎LICENSE
+19
diff --git a/‎connectstream.js
+29 b/‎connectstream.js
+29
diff --git a/‎dnsbl.js
+117 b/‎dnsbl.js
+117
diff --git a/‎dnsfilter.js
+75 b/‎dnsfilter.js
+75
diff --git a/‎index.js
+59 b/‎index.js
+59
diff --git a/‎ircproxy.js
+73 b/‎ircproxy.js
+73
@@ -0,0 +1,19 @@
+Copyright (c) 2015 Timothy J Fontaine <[email protected]>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
@@ -0,0 +1,29 @@
+"use strict";
+
+var stream = require('stream');
+var util = require('util');
+
+function ConnectStream(socket, options) {
+  if (!(this instanceof ConnectStream))
+    return new ConnectStream(socket, options);
+
+  stream.Readable.call(this, {
+    objectMode: true,
+  });
+
+  this.cs_socket = socket;
+
+  var self = this;
+
+  socket.on('connection', function socketOnConnect(client) {
+    self.push(client);
+  });
+}
+util.inherits(ConnectStream, stream.Readable);
+
+// One day Node.js will allow me to accept here, for now we have no
+// listen backpressure controls
+ConnectStream.prototype._read = function connectStreamRead() {
+}
+
+module.exports = ConnectStream;
@@ -0,0 +1,117 @@
+"use strict";
+
+var dns = require('dns');
+var EE = require('events').EventEmitter;
+var util = require('util');
+
+var vasync = require('vasync');
+
+
+/*
+{
+  ip: '192.168.1.1',
+  timeout: 4000,
+  servers: {
+    'dnsbl.example.com': {
+      zone: 'dnsbl.example.com',
+      defaultScore: 1,
+      defaultCloak: 'exdnsbl.oftc.net',
+      records: {
+        '127.0.0.1': {
+          score: 1,
+          cloak: 'robot.exdnsbl.oftc.net',
+          stop: true,
+        },
+      },
+    },
+  },
+}
+*/
+
+function DNSBLQuery(options, cb) {
+  if (!(this instanceof DNSBLQuery))
+    return new DNSBLQuery(options, cb);
+
+  if (cb)
+    this.once('end', cb);
+
+  this.score = {
+    total: 0,
+    results: {},
+    errors: {},
+  };
+
+  var q = this.dnsbl_parallel = vasync.queue(dnsblQuery, options.parallel || 4);
+
+  // TODO IPv6
+  var revip = options.ip.split('.').reverse().join('.');
+
+  var servers = Object.keys(options.servers);
+
+  for (var s in servers) {
+    q.push({
+      revip: revip,
+      server: options.servers[servers[s]],
+      timeout: options.timeout || 4000,
+      query: this,
+    });
+  }
+
+  q.close();
+
+  var self = this;
+
+  q.on('end', function onQueueEnd() {
+    self.emit('end', null, self.score);
+  });
+}
+util.inherits(DNSBLQuery, EE);
+
+
+function dnsblQuery(args, cb) {
+  var server = args.server;
+  var query = args.query;
+  var name =  args.revip + '.' + server.zone;
+
+  var timeout = setTimeout(endSingleQuery, args.timeout);
+
+  function endSingleQuery() {
+    clearTimeout(timeout);
+    cb();
+  }
+
+  // TODO use native-dns
+  dns.resolve(name, function dnsResult(err, hosts) {
+    if (err) {
+      query.score.errors[server.zone] = err;
+    } else {
+      var ret = query.score.results[server.zone] = {};
+      var anyScore = false;
+      var anyCloak = false;
+
+      for (var h in hosts) {
+        var entry = server.records[h];
+        if (entry) {
+          anyScore = true;
+          ret[h] = query.score.total;
+          query.score.total += entry.score;
+
+
+          if (entry.cloak) {
+            anyCloak = true;
+            query.score.cloak = entry.cloak;
+          }
+        }
+      }
+
+      if (!anyScore)
+        query.score.total += server.defaultScore;
+
+      if (!anyCloak && server.defaultCloak)
+        query.score.cloak = server.defaultCloak;
+    }
+    endSingleQuery();
+  });
+}
+
+module.exports = DNSBLQuery;
@@ -0,0 +1,75 @@
+"use strict";
+
+var dns = require('dns');
+var stream = require('stream');
+var util = require('util');
+
+var vasync = require('vasync');
+
+var DNSBLQuery = require('./dnsbl');
+
+function DNSFilter(config) {
+  if (!(this instanceof DNSFilter))
+    return new DNSFilter(config);
+
+  stream.Transform.call(this, {
+    objectMode: true,
+    highWaterMark: 0,
+  });
+
+  this.dnsfltr_config = config.dnsbl;
+}
+util.inherits(DNSFilter, stream.Transform);
+
+
+DNSFilter.prototype._transform = function dnsfltrTransform(client, enc, cb) {
+  var self = this;
+
+  var work = vasync.parallel({
+    funcs: [
+      function reverseDns(next) {
+        dns.resolve(client.remoteAddress, 'PTR', function dnsResult(err,
+          hostnames) {
+          console.error('reverse dns result', err, hostnames);
+          next(err, hostnames);
+        });
+      },
+      function dnsblQuery(next) {
+        DNSBLQuery({
+          ip: client.remoteAddress,
+          servers: self.dnsfltr_config.servers,
+        }, next);
+      },
+    ],
+  }, function (err, results) {
+    var reverse = results.operations[0].result;
+
+    if (reverse && reverse.length)
+      client.hostname = reverse[0];
+    else
+      client.hostname = client.remoteAddress;
+
+    var score = results.operations[1].result;
+
+    console.error('dnsbl results', score);
+
+    if (score) {
+      client.score = score;
+
+      if (score.total > self.dnsfltr_config.maxScore) {
+        // TODO log
+        client.end('Administratively refused');
+        return client.destroy();
+      }
+
+      if (score.cloak)
+        client.cloak = score.cloak;
+    }
+
+    self.push(client);
+  });
+
+  return cb();
+};
+
+module.exports = DNSFilter;
@@ -0,0 +1,59 @@
+#!/usr/bin/env node
+
+"use strict";
+
+var net = require('net');
+var tls = require('tls');
+
+var ConnectStream = require('./connectstream');
+var DNSFilter = require('./dnsfilter');
+var IRCProxy = require('./ircproxy');
+var Throttle = require('./throttle');
+var config = require('./config');
+
+var throttle = new Throttle(config);
+
+Object.keys(config.listeners).forEach(function eachListener(ip) {
+  var listener = config.listeners[ip];
+  var proto = undefined;
+
+  var options = {
+    host: ip,
+    port: listener.port,
+  };
+
+  switch (listener.type) {
+    case 'plain':
+      proto = net;
+      break;
+    case 'ssl':
+      proto = tls;
+      break;
+    case 'websocket':
+    case 'socketio':
+      throw new Exception('Not Implemented Yet');
+      break;
+    default:
+      throw new Exception(
+        'Must define listener type: [plain, ssl, websocket, socketio]'
+      );
+      break;
+  }
+
+  var server = proto.createServer();
+
+  server.listen(options);
+
+  server.on('listening', function serverListening() {
+    ConnectStream(server)
+      .pipe(throttle)
+      .pipe(DNSFilter(config))
+      .pipe(IRCProxy(config))
+      .resume(); // Don't stop accepting new clients
+  });
+
+  server.on('error', function serverError(err) {
+    console.error('listener failed', err);
+    // TODO restart listener?
+  });
+});
@@ -0,0 +1,73 @@
+"use strict";
+
+var net = require('net');
+var stream = require('stream');
+var tls = require('tls');
+var util = require('util');
+
+var lstream = require('lstream');
+
+var WebIRC = require('./webirc');
+
+function IRCProxy(config) {
+  if (!(this instanceof IRCProxy))
+    return new IRCProxy(config);
+
+  stream.Transform.call(this, {
+    objectMode: true,
+    highWaterMark: 0,
+  });
+
+  this.ircp_config = config;
+
+  switch (config.destination.type) {
+    case 'plain':
+      this.ircp_proto = net;
+      break;
+    case 'ssl':
+      this.ircp_proto = tls;
+      break;
+  }
+
+  this.ircp_options = {
+    host: config.destination.host,
+    port: config.destination.port,
+    //TODO TLS
+  };
+}
+util.inherits(IRCProxy, stream.Transform);
+
+IRCProxy.prototype._transform = function ircProxyTransform(client, enc, cb) {
+  var outbound = this.ircp_proto.connect(this.ircp_options);
+
+  var self = this;
+
+  outbound.on('connect', function outboundConnected() {
+    client
+      .pipe(WebIRC(client, self.ircp_config))
+      .pipe(outbound)
+      .pipe(client);
+  });
+
+  client.on('close', function clientClosed() {
+    outbound.destroy();
+  });
+
+  outbound.on('close', function outboundClosed() {
+    client.destroy();
+  });
+
+  outbound.on('error', function outboundError(err) {
+    // TODO relay error
+    console.error('outbound connection error', client, err);
+  });
+
+  client.on('error', function clientError(err) {
+    // TODO relay error
+    console.error('client connection error', client, err);
+  });
+
+  cb();
+};
+
+module.exports = IRCProxy;