fix: unable to connect on servers with self-signed certificates

Author: JiPaix

CHANGELOG.md

@@ -1,7 +1,20 @@
 # Changelog
-## [Unreleased](https://github.com/jipaix/xdccjs/tree/main)
-### Chore(dev-deps)
-* updating dev-dependencies to their latest version
+## [v4.5.0](https://github.com/jipaix/xdccjs/tree/v4.5.0)
+### Fix(lib+cli)
+* add option to allow/reject connection on TLS enabled server with self-signed certificates
+* CLI user can use the `--no-insecure` option to enable this feature.
+### BREAKING CHANGES (cli)
+* remove parameter `--no-secure` that allowed downloads if the bot's name did not match the requested
+* add parameter `--bot-name-match` to block downloads if bot's name does not match the requested
+### BREAKING CHANGES (lib)
+* renamed parameter `secure` to `botNameMatch` to avoid confusion with `tls`
+* optional parameter **`tls` is no longer a boolean**
+```js
+ params.tls = { 
+   enable: false, // required
+   rejectUnauthorized: false // optional - default false
+ }
+```
 ---
 ## [v4.4.21](https://github.com/jipaix/xdccjs/tree/v4.4.21)
 ### Feat(lib)

README.md

@@ -73,7 +73,10 @@ Every parameter is optional, except for `host`.
 const opts = {
   host: 'irc.server.net', // IRC hostname                                                   - required
   port: 6660, // IRC port                                                                   - default: 6667
-  tls: false, // Enable SSL/TLS Support                                                     - default false
+  tls: {
+    enable: true, // Enable TLS Support                                                     - default: false
+    rejectUnauthorized: true, // Reject self-signed certificates                            - default: false
+  }, 
   nickname: 'ItsMeJiPaix', // Nickname                                                      - default: xdccJS + random
   chan: ['#candy', '#fruits'], // Array of channels                                         - default : [ ]
   path: 'downloads', // Download path or 'false'                                            - default: false (which enables piping)
@@ -82,7 +85,7 @@ const opts = {
   verbose: true, // Display download progress and jobs status                               - default: false
   randomizeNick: false, // Add random numbers at end of nickname                            - default: true
   passivePort: [5000, 5001, 5002], // Array of port(s) to use with Passive DCC              - default: [5001]
-  secure: false, // Allow/Deny files sent by bot with different name than the one requested - default: true
+  botNameMatch: false, // Block downloads if the bot's name does not match the request      - default: true
 }
 ```
 ### Download
@@ -290,26 +293,27 @@ npm install xdccjs -g
 ## Options
 ```
 Options:
-  -V, --version              output the version number
+  -V, --version              Output the version number
   -h, --host <server>        IRC server hostname
   --port <number>            IRC server port
   --tls                      Enable SSL/TLS Support
-  -b, --bot <botname>        xdcc bot nickname
-  -d, --download <packs...>  pack number(s) to download
-  -p, --path <path>          download path
-  -n, --nickname <nickname>  Your IRC nickname
-  -c, --channel [chan...]    channel(s) to join (without #)
-  -r, --retry <number>       number of attempts before skipping pack
-  -q, --quiet                disable console output
-  --passive-port <number>    port used for passive dccs
+  --allow-insecure           Allow self-signed certificate (tls needs to be enabled)
+  -b, --bot <botname>        XDCC bot nickname
+  -d, --download <packs...>  Pack number(s) to download
+  -p, --path <path>          Download path
+  -n, --nickname <nickname>  Your nickname
+  -c, --channel [chan...]    Channel(s) to join (without #)
+  -r, --retry <number>       Number of attempts before skipping pack
+  -q, --quiet                Disable console output
+  --passive-port <number>    Port used for passive dccs
   --no-randomize             Disable nickname randomization
-  -w, --wait [number]        wait time (in seconds) in channel(s) before sending download request (default: 0)
-  --no-secure                Allow files sent by bot with different name than the one requested
-  --save-profile [string]    save current options as a profile
-  --delete-profile [string]  delete profile
-  --set-profile [string]     set profile as default
-  --list-profile             list all available profiles
-  --help                     display help for command
+  -w, --wait [number]        Wait time (in seconds) in channel(s) before sending download request (default: 0)
+  --botNameMatch             Block downloads if the bot's name does not match the request
+  --save-profile [string]    Save current options as a profile
+  --delete-profile [string]  Delete profile
+  --set-profile [string]     Set profile as default
+  --list-profile             List all available profiles
+  --help                     Display help for command
 ```
 ## Usage
 ```bash

docs/assets/search.js

@@ -1,6 +1,6 @@
 {
   "name": "xdccjs",
-  "version": "4.4.21",
+  "version": "4.5.0",
   "description": "download files from XDCC bots on IRC, complete implementation of the XDCC protocol",
   "engines": {
     "node": ">=14.0.0"

docs/classes/Job.html

@@ -14,6 +14,7 @@ export interface InterfaceCLI extends commander.Command {
   host?: string
   port?: number
   tls?: boolean
+  noInsecure?: boolean
   bot?: string
   download?: string[]
   path?: string
@@ -22,7 +23,7 @@ export interface InterfaceCLI extends commander.Command {
   retry?: number
   passivePort?: number
   randomize?: boolean
-  secure?: boolean
+  botNameMatch?: boolean
   wait?: number
   quiet?: boolean
   saveProfile?: string
@@ -45,8 +46,9 @@ export class BaseCommander {
       .name('xdccJS')
       .version(version)
       .option('-h, --host <server>', 'IRC server hostname')
-      .option('--port <number>', 'IRC server port')
+      .option('--port <number>', 'IRC server port', BaseCommander.parseIfNotInt)
       .option('--tls', 'enable SSL/TLS')
+      .option('--no-insecure', 'Reject self-signed SSL/TLS certificates')
       .option('-b, --bot <botname>', 'xdcc bot nickname')
       .option('-d, --download <packs...>', 'pack number(s) to download')
       .option('-p, --path <path>', 'download path', path.normalize)
@@ -62,7 +64,7 @@ export class BaseCommander {
         BaseCommander.parseIfNotInt,
         0,
       )
-      .option('--no-secure', 'Allow files sent by bot with different name than the one requested')
+      .option('--bot-name-match', 'Block downloads if bot name does not match')
       .option('--save-profile <string>', 'save current options as a profile')
       .option('--delete-profile <string>', 'delete profile')
       .option('--set-profile <string>', 'set profile as default')
@@ -88,15 +90,18 @@ export class BaseCommander {
     return {
       host: this.program.host,
       port: this.program.port,
-      tls: this.program.tls,
+      tls: {
+        enable: this.program.tls || false,
+        rejectUnauthorized: this.program.noInsecure || false,
+      },
       nickname: this.program.nickname,
       chan: this.program.channel,
       path: this.program.path,
       retry: this.program.retry,
       randomizeNick: this.program.randomize,
       passivePort: [this.program.passivePort || 5001],
       verbose: !this.program.quiet,
-      secure: this.program.secure,
+      botNameMatch: this.program.botNameMatch,
     };
   }
 

docs/classes/default.html

@@ -148,6 +148,6 @@ export default class Profiles extends BaseCommander {
     if (this.program.bot) this.defaultProfile[1].bot = this.program.bot;
     this.defaultProfile[0].randomizeNick = this.program.randomize;
     this.defaultProfile[1].wait = this.program.wait;
-    this.defaultProfile[0].secure = this.program.secure;
+    this.defaultProfile[0].botNameMatch = this.program.botNameMatch;
   }
 }

docs/index.html

@@ -1,3 +1,4 @@
+/* eslint-disable no-param-reassign */
 /* eslint-disable @typescript-eslint/member-delimiter-style */
 /* eslint-disable @typescript-eslint/no-this-alias */
 /* eslint-disable @typescript-eslint/triple-slash-reference */
@@ -64,14 +65,28 @@ export type ParamsIRC = {
    */
   verbose?: boolean
   /**
-   * Enable TLS/SSL
-   * @default `false`
-   * @example
-   * ```js
-   * params.tls = true
-   * ```
+   * TLS/SSL
    */
-   tls?: boolean
+   tls?: {
+     /**
+      * Enable TLS/SSL
+      * @default `false`
+      * @example
+      * ```js
+      * params.tls = { enable: true }
+      * ```
+      */
+     enable: boolean,
+     /**
+      * (optional) Reject self-signed certificates
+      * @default `false`
+      * @example
+      * ```js
+      * params.tls = { enable: true, rejectUnauthorized: true }
+      * ```
+      */
+     rejectUnauthorized?: boolean
+   }
 }
 
 export default class Connect extends Client {
@@ -87,7 +102,10 @@ export default class Connect extends Client {
 
   protected connectionTimeout!:ReturnType<typeof setTimeout>;
 
-  protected tls: boolean;
+  protected tls: {
+    enable: boolean,
+    rejectUnauthorized?: boolean
+  };
 
   constructor(params: ParamsIRC) {
     super();
@@ -99,7 +117,13 @@ export default class Connect extends Client {
     this.port = Connect.is('port', params.port, 'number', 6667);
     this.verbose = Connect.is('verbose', params.verbose, 'boolean', false);
     this.chan = Connect.chanCheck(params.chan);
-    this.tls = Connect.is('tls', params.tls, 'boolean', false);
+    if (params.tls) {
+      params.tls.enable = Connect.is('tls.enable', params.tls.enable, 'boolean', false);
+      params.tls.rejectUnauthorized = Connect.is('tls.rejectUnauthorized', params.tls.rejectUnauthorized, 'boolean', true);
+    } else {
+      params.tls = { enable: false, rejectUnauthorized: true };
+    }
+    this.tls = params.tls;
     this.onConnect();
     this.connect({
       host: this.host,
@@ -108,7 +132,8 @@ export default class Connect extends Client {
       username: params.nickname || 'xdccJS',
       auto_reconnect_max_wait: 0,
       auto_reconnect_max_retries: 0,
-      ssl: this.tls,
+      ssl: this.tls.enable,
+      rejectUnauthorized: this.tls.rejectUnauthorized,
       debug: true,
     });
     this.on('debug', (msg) => {

docs/interfaces/Candidate.html

@@ -35,27 +35,27 @@ export type ParamsCTCP = ParamsTimeout & {
    * */
   path?: string | false
   /**
-   * Allow/Deny files sent by bot with different name than the one requested.
+   * Block downloads if the bot's name does not match the request
    * @example
    * ```js
-   * // with secure = true
-   * xdccJS.download('XDCC|SECURE', 1)
-   * //=> Only accept files comming from 'XDCC|SECURE'
+   * // with botNameMatch = true
+   * xdccJS.download('BOT-A', 1)
+   * //=> Only accept files comming from 'BOT-A'
    * ```js
    *
    */
-  secure?: boolean
+   botNameMatch?: boolean
 }
 export class CtcpParser extends AddJob {
   path: string | boolean;
 
-  secure: boolean;
+  botNameMatch: boolean;
 
   protected resumequeue: ResumeQueue[] = [];
 
   constructor(params: ParamsCTCP) {
     super(params);
-    this.secure = CtcpParser.is('secure', params.secure, 'boolean', true);
+    this.botNameMatch = CtcpParser.is('botNameMatch', params.botNameMatch, 'boolean', true);
     this.path = CtcpParser.pathCheck(params.path);
     this.on('ctcp request', (resp: { [prop: string]: string }): void => {
       const isDownloadRequest = this.checkBeforeDL(resp, this.candidates[0]);
@@ -91,7 +91,7 @@ export class CtcpParser extends AddJob {
       nick = nick.toLowerCase();
       candidate.nick = candidate.nick.toLowerCase();
       candidate.cancelNick = nick;
-      if (this.secure) {
+      if (this.botNameMatch) {
         if (nick === candidate.nick) {
           return true;
         }