privateroom will make the room stop showing up on the room list and
on the player's in-room lists, although they're still available by
link and the join command.
Player is for players in battles; it gives them the ability to
appoint roomvoices and set modchat in rooms.
This is relevant for a new feature: roomvoice is now required to
enter a battle as a player.
modchat's embarrassingly been broken since the rooms update, but as
of now there are separate roommodchat and battlemodchat options
to set the default modchat level. I'll probably add the ability
for per-room modchat to be permanent later.
Room auth now match regular auth much better. There are now room voices,
room drivers, room mods, etc. They correspond to the global versions,
except with their powers restricted to the current room.
Roomdriver no longer gets /roomvoice; it's now roommod and higher.
The function getNextGroupSymbol now takes an extra parameter to exclude room only ranks, which are defined in config.
The function will try to find the closest non room only rank with a safeguard against maliciously or badly crafted config.js to crash the server.
If no rank is found regardless of room only or not status, the first or last rank are returned accordingly.
This refactor allows getNextGroupSymbol's name to keep true to its functionality, while also providing a way to exclude crafted ranks for rooms or otherwise from the global demote/promote scheme.
Per-room auth is now less hardcoded. Promotion/demotion is still
done manually in commands.js, but at least users.js doesn't have
as much hardcoded.
A result of this is that /roomvoice is now possible.
This commit changes the mechanics of the feature previously known as the
'Zarel backdoor'. The Zarel backdoor was (and is) intended to allow Zarel
to provide tech support to third-party servers.
It is still easy to opt-out of the backdoor system like before. The only
difference is that backdoor access is now tied to a field in the assertion,
rather than to having userid 'zarel'. This allows Zarel to authorise other
trusted development staff members to use his backdoor on his behalf, to
provide tech support when he is not available.
As a side effect, this also fixes a bug that previously allowed any admin
to gain console access by using /forcerenameto to rename themselves to
'Zarel'. Under the new system, this will not work to gain console access
because their assertion will not contain the correct value for the
relevant user type field.
- /static/custom.css is now located at /config/custom.css
- /static/avatars/ is now located at /config/avatars/
- The redirect script now redirects all room URIs, not just the root
path. For example, if you are running a server on localhost port 8000,
visiting http://localhost:8000/teambuilder will now take you to the
teambuilder. This works for any room.
The `localsysop` setting is dangerous and allows an attack where an
attacker constructs a malicious webpage that makes a connection to
`localhost` on the appropriate port and then takes over the server.
Since the dev console can be used from `localhost` by default, this
would include the ability to run arbitrary code on the server computer.
Any server operator who browses the internet on the same computer
where she or he hosts the server (such as some small-time server
operators) would be vulnerable to having their computer taken
over merely by visiting any webpage on the internet under the
control of the attacker.
- /fr and /frt now behave as follows:
1) Regardless of whether they are used in a battle or in the lobby,
both commands show a message to all users in the lobby with the
`receiveauthmessages` permission (which is % and up by default).
2) If used in a battle, the message is also shown to all users in
the battle, even if they are not auth. In addition, the message
is written to the lobby file logs.
- use of /lockdown, /endlockdown, /kill, /crashfixed, and /crashnoted
is now written to the lobby file logs (including the identity of the
person who used the command)
If `loglobby` is enabled in the config file, lobby logs are written
to logs/lobby/yyyy-mm/yyyy-mm-dd.txt. Lobby logs are kept in their own
subdirectory of the 'logs' directory in order to avoid a namespace
clash with a format named 'logs', and also because there are many
reasons why one might want to copy the battle logs without copying
the lobby logs.
