0.6.40: commands - fix direct writes to sockets

Several commands* had direct writes to sockets instead of using the
command_access helper that, amongst other things, sanitizes what is
written and takes care of the color codes and relevant escapes.

We should do something to force a stricter access (or restriction)
from commands to the sockets (see #20) but for now we're just fixing
all the commands that where using those writes, and turning them into
sendData calls.

As an extra, some of the commands' output has been 'sanitized' by
adding an ~RS at the end of the message (avoiding color leaks).

This fixes some of the comments in 135#issuecomment-1030891270 .

* demote, emote, go, promote, say, sayto, semote, shout, shoutto, tell

commands/demote.js

@@ -15,17 +15,17 @@ exports.command = {
 		var w = null;
 		// check if we got an whom
 		if (typeof whom === 'undefined' || whom.length < 1) {
-			return me.write("Demote whom?\r\n");
+			return command_access.sendData(me, "Demote whom?\r\n");
 		} else { // check if it's an user
 			var wArr = command_access.getAproxUser(whom);
-			if (wArr.length === 0) return me.write("Demote whom?\r\n");
+			if (wArr.length === 0) return command_access.sendData(me, "Demote whom?\r\n");
 			if (wArr.length > 1) {
 				var possibilities = "";
 				for (var p = 0; p < wArr.length - 1; p++) {
 					possibilities += wArr[p] + ", ";
 				}
 				possibilities += wArr[wArr.length - 1];
-				return me.write("Be more explicit: whom do you want to demote ("+possibilities+")?\r\n");
+				return command_access.sendData(me, "Be more explicit: whom do you want to demote ("+possibilities+")?\r\n");
 			}
 			whom = wArr[0];
 			w = command_access.getUser(whom);
@@ -48,10 +48,10 @@ exports.command = {
 			whom = whom.toLowerCase().charAt(0).toUpperCase() + whom.toLowerCase().slice(1);
 			var sentence = chalk.red(":: ") + chalk.white(me.username) + chalk.red(" has demoted ") +
 					chalk.yellow(whom) + chalk.red(" to the rank of ") + chalk.green(rankName) + chalk.red("! ::\r\n");
-			command_access.allButMe(socket,function(me,to){to.write(sentence);});
+			command_access.allButMe(socket,function(me,to){command_access.sendData(to, sentence);});
 			command_access.sendData(socket, "You " + chalk.red("demoted ") + chalk.yellow(whom) + " to the rank of " + chalk.green(rankName) + "!\r\n");
 		} else {
-			me.write("You cannot demote someone with the same or an higher rank than yours!\r\n");
+			command_access.sendData(me, "You cannot demote someone with the same or an higher rank than yours!\r\n");
 		}
 	}
 }

commands/emote.js

@@ -13,8 +13,8 @@ exports.command = {
 		var chalk = require('chalk');
 		if (command === 'undefined' || command.length < 1)
 			return command_access.sendData(socket, chalk.red(":: What are you trying to do?\r\n"));
-		var send = socket.username + " " + command + "\r\n";
-		command_access.allHereButMe(socket,function(me,to){to.write(send);}); 
+		var send = socket.username + " " + command + " ~RS\r\n";
+		command_access.allHereButMe(socket,function(me,to){command_access.sendData(to,send);});
 		command_access.sendData(socket, send);
 	}
 }

commands/go.js

@@ -47,13 +47,13 @@ exports.command = {
 		if (movement[0] > 0) direction += "west";
 		if (movement[0] < 0) direction += "east";
 
-		command_access.allHereButMe(socket,function(me,t){t.write(chalk.bold(":: " + chalk.yellow(me.username) + " starts walking to " + chalk.green(direction) + " towards " + chalk.cyan(neighbours[toId].name) + "...\r\n"));});
+		command_access.allHereButMe(socket,function(me,t){command_access.sendData(t, chalk.bold(":: " + chalk.yellow(me.username) + " starts walking to " + chalk.green(direction) + " towards " + chalk.cyan(neighbours[toId].name) + "...\r\n"));});
 		command_access.sendData(socket, chalk.bold(":: You start walking to " + chalk.green(direction) + " towards " + chalk.cyan(neighbours[toId].name) + "...\r\n"));
 		socket.db.where = neighbours[toId].coords;
 		var tmp = command_access.getUser(socket.username);
 		tmp.where = socket.db.where;
 		command_access.updateUser(socket.username, tmp);
-		command_access.allHereButMe(socket,function(me,to){to.write(chalk.bold(":: " + chalk.yellow(me.username) + " walks in.\r\n"));});
+		command_access.allHereButMe(socket,function(me,to){command_access.sendData(to, chalk.bold(":: " + chalk.yellow(me.username) + " walks in.\r\n"));});
 		command_access.sendData(socket, chalk.green(":: You arrive.\r\n"));
 	}
 }

commands/promote.js

@@ -15,17 +15,17 @@ exports.command = {
 		var w = null;
 		// check if we got an whom
 		if (typeof whom === 'undefined' || whom.length < 1) {
-			return me.write(chalk.yellow(":: ") + "Promote whom?\r\n");
+			return command_access.sendData(me, chalk.yellow(":: ") + "Promote whom?\r\n");
 		} else { // check if it's an user
 			var wArr = command_access.getAproxUser(whom);
-			if (wArr.length === 0) return me.write(chalk.yellow(":: ") + "Promote whom?\r\n");
+			if (wArr.length === 0) return command_access.sendData(me, chalk.yellow(":: ") + "Promote whom?\r\n");
 			if (wArr.length > 1) {
 				var possibilities = "";
 				for (var p = 0; p < wArr.length - 1; p++) {
 					possibilities += chalk.bold(wArr[p]) + ", ";
 				}
 				possibilities += chalk.bold(wArr[wArr.length - 1]);
-				return me.write(chalk.yellow(":: ") + "Be more explicit: whom do you want to promote ("+possibilities+")?\r\n");
+				return command_access.sendData(me, chalk.yellow(":: ") + "Be more explicit: whom do you want to promote ("+possibilities+")?\r\n");
 			}
 		}
 		whom = wArr[0];
@@ -45,10 +45,10 @@ exports.command = {
 			}
 			whom = whom.toLowerCase().charAt(0).toUpperCase() + whom.toLowerCase().slice(1);
 			var sentence = chalk.green(":: ") + chalk.cyan(me.username) + " has promoted " + chalk.bold(whom) + " to the rank of " + chalk.magenta(rankName) + "! " + chalk.green("::\r\n");
-			command_access.allButMe(socket,function(me,to){to.write(sentence);});
+			command_access.allButMe(socket,function(me,to){command_access.sendData(to, sentence);});
 			command_access.sendData(socket, chalk.green(":: ") + "You promoted " + chalk.bold(whom) + " to the rank of " + chalk.green(rankName) + "!\r\n");
 		} else {
-			me.write(chalk.red(":: ") + "You cannot promote someone to a higher level than yours!\r\n");
+			command_access.sendData(me, chalk.red(":: ") + "You cannot promote someone to a higher level than yours!\r\n");
 		}
 	}
 }

commands/say.js

@@ -28,7 +28,7 @@ exports.command = {
  		if (command === 'undefined' || command.length < 1)
 			return command_access.sendData(socket, chalk.red(":: ") + "Say what? ~RS\r\n");
 		command_access.allHereButMe(socket, function(me,to){
-			to.write(me.username + chalk.bold(" says: ") + command + " ~RS\r\n");
+			command_access.sendData(to, me.username + chalk.bold(" says: ") + command + " ~RS\r\n");
 		});
 		command_access.sendData(socket, chalk.bold("You said: ") + command + " ~RS\r\n");
 	}

commands/sayto.js

@@ -53,9 +53,9 @@ exports.command = {
 				return command_access.sendData(socket, chalk.red(":: ") + "Talking to yourself is the first sign of madness.\r\n");
 			}
 			command_access.allHereButMe(socket, function(me,to){
-				to.write(`${chalk.bold(me.username + ' says')} (to ${possibleUsers[0].username}): ${message}\r\n`);
+				command_access.sendData(to, `${chalk.bold(me.username + ' says')} (to ${possibleUsers[0].username}): ${message} ~RS\r\n`);
 			});
-			command_access.sendData(socket, `${chalk.green('You say')} (to ${possibleUsers[0].username}): ${message}\r\n`);
+			command_access.sendData(socket, `${chalk.green('You say')} (to ${possibleUsers[0].username}): ${message} ~RS\r\n`);
 		} else {
 			let possibilities = "";
 			for (let p = 0; p < possibleUsers.length - 1; p++) {

commands/semote.js

@@ -12,8 +12,8 @@ exports.command = {
 		var chalk = require('chalk');
 		if (command === 'undefined' || command.length < 1)
 			return command_access.sendData(socket, chalk.yellow(":: ") + "What are you trying to do?\r\n");
-		var send = chalk.bold("! ") + socket.username + " " + command + "\r\n";
-		command_access.allButMe(socket,function(me,to){to.write(send);}); 
+		var send = chalk.bold("! ") + socket.username + " " + command + " ~RS\r\n";
+		command_access.allButMe(socket,function(me,to){command_access.sendData(to, send);});
 		command_access.sendData(socket, send);
 	}
 }

commands/shout.js

@@ -13,8 +13,8 @@ exports.command = {
 		if (command === 'undefined' || command.length < 1)
 			return command_access.sendData(socket, chalk.red(":: ") + "Shout what?\r\n");
 		command_access.allButMe(socket,function(me,to){
-			to.write(chalk.bold("! ") + me.username + chalk.bold(" shouts: ") + command + "\r\n");
+			command_access.sendData(to, chalk.bold("! ") + me.username + chalk.bold(" shouts: ") + command + " ~RS\r\n");
 		});
-		command_access.sendData(socket, chalk.bold("! You shout: ") + command + "\r\n");
+		command_access.sendData(socket, chalk.bold("! You shout: ") + command + " ~RS\r\n");
 	}
 }

commands/shoutto.js

@@ -27,9 +27,9 @@ exports.command = {
 				return command_access.sendData(socket, chalk.red(":: ") + "Talking to yourself is the first sign of madness.\r\n");
 			}
 			command_access.allButMe(socket,function(me, to) {
-				to.write(`${chalk.bold('!')} ${me.username} ${chalk.bold('shouts')} to ${chalk.bold(possibleUsers[0].username)}: ${message}\r\n`);
+				command_access.sendData(to, `${chalk.bold('!')} ${me.username} ${chalk.bold('shouts')} to ${chalk.bold(possibleUsers[0].username)}: ${message} ~RS\r\n`);
 			});
-			command_access.sendData(socket, `${chalk.bold('!')} You ${chalk.bold('shout')} to ${chalk.bold(possibleUsers[0].username)}: ${message}\r\n`);
+			command_access.sendData(socket, `${chalk.bold('!')} You ${chalk.bold('shout')} to ${chalk.bold(possibleUsers[0].username)}: ${message} ~RS\r\n`);
 		} else {
 			let possibilities = "";
 			for (let p = 0; p < possibleUsers.length - 1; p++) {

commands/tell.js

@@ -21,8 +21,8 @@ exports.command = {
 				if (socket.username.toLowerCase() === s[0].username.toLowerCase()) {
 					return command_access.sendData(socket, chalk.red(":: ") + "Talking to yourself is the first sign of madness.\r\n");
 				}
-				command_access.sendData(socket, chalk.green("You tell ") + s[0].username + chalk.green(": ") + message + "\r\n");
-				s[0].write(socket.username + chalk.green(" tells you: ") + message + "\r\n");
+				command_access.sendData(socket, chalk.green("You tell ") + s[0].username + chalk.green(": ") + message + " ~RS\r\n");
+				command_access.sendData(s[0], socket.username + chalk.green(" tells you: ") + message + " ~RS\r\n");
 			} else if (s.length === 0) {
 				command_access.sendData(socket, chalk.red(":: ") + "There is no one of that name logged on.\r\n");
 			} else {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "TalkerNode",
-  "version": "0.6.39",
+  "version": "0.6.40",
   "description": "TalkerNode is a Talker base, written in Node.js.",
   "main": "TalkerNode.js",
   "repository": {