Switch to IP hash-based client ID system.

backend/websockets/chat.js

@@ -344,7 +344,7 @@ module.exports = async function(ws, data, send, broadcast, server, ctx) {
 				blocks.no_reg = true;
 				break;
 			default:
-				id = san_nbr(id);
+				id = san_nbr(parseInt(id, 16));
 				if (id < 0) return;
 
 				if ((blocks.id.length + blocks.user.length) >= chatBlockLimit)
@@ -365,7 +365,7 @@ module.exports = async function(ws, data, send, broadcast, server, ctx) {
 				}
 			}
 
-			serverChatResponse("Blocked chats from ID: " + id, location);
+			serverChatResponse("Blocked chats from ID: " + id.toString(16), location);
 		},
 		blockuser: function(username) {
 			var blocks = ws.sdata.chat_blocks;
@@ -403,7 +403,7 @@ module.exports = async function(ws, data, send, broadcast, server, ctx) {
 			case "reg":
 				blocks.no_reg = false;
 			default:
-				id = san_nbr(id);
+				id = san_nbr(parseInt(id, 16));
 				if(id < 0) return;
 
 				var idx = blocks.id.indexOf(id);
@@ -419,7 +419,7 @@ module.exports = async function(ws, data, send, broadcast, server, ctx) {
 				}
 			}
 
-			serverChatResponse("Unblocked chats from ID: " + id, location);
+			serverChatResponse("Unblocked chats from ID: " + id.toString(16), location);
 		},
 		unblockuser: function(username) {
 			var blocks = ws.sdata.chat_blocks;
@@ -467,7 +467,7 @@ module.exports = async function(ws, data, send, broadcast, server, ctx) {
 			if(!message) {
 				return serverChatResponse("No message given", location);
 			}
-			id = parseInt(id, 10);
+			id = parseInt(id, 16);
 			if(isNaN(id)) {
 				return serverChatResponse("Invalid ID format", location);
 			}
@@ -596,7 +596,7 @@ module.exports = async function(ws, data, send, broadcast, server, ctx) {
 		},
 		mute: function(id, time, flag) {
 			if(!is_owner && !user.staff) return;
-			id = san_nbr(id);
+			id = san_nbr(parseInt(id, 16));
 			time = san_nbr(time); // in seconds
 
 			var timeSuffixMap = {
@@ -674,7 +674,7 @@ module.exports = async function(ws, data, send, broadcast, server, ctx) {
 		},
 		delete: async function(id, timestamp) {
 			if(!is_owner && !user.staff) return;
-			id = san_nbr(id);
+			id = san_nbr(parseInt(id, 16));
 			timestamp = san_nbr(timestamp);
 			var wid = world.id;
 			if(location == "global") {

frontend/static/yw/javascript/chat.js

@@ -761,6 +761,7 @@ function buildChatElement(field, id, type, nickname, message, realUsername, op,
 	if(date) dateStr = convertToDate(date);
 	var pm = dataObj.privateMessage;
 	var isGreen = false;
+	var hexId = id.toString(16);
 
 	if(chatGreentext && message[0] == ">" && !(":;_-".includes(message[1]))) { // exception to some emoticons
 		message = message.substr(1);
@@ -792,7 +793,7 @@ function buildChatElement(field, id, type, nickname, message, realUsername, op,
 	}
 
 	if(type == "user" || type == "user_nick") {
-		nickTitle.push("ID " + id);
+		nickTitle.push("ID " + hexId);
 	}
 
 	if(hasTagDom) {
@@ -832,13 +833,13 @@ function buildChatElement(field, id, type, nickname, message, realUsername, op,
 			nickDom.style.fontWeight = "bold";
 		}
 		nickDom.style.pointerEvents = "default";
-		if(state.userModel.is_operator) idTag = "[" + id + "]";
+		if(state.userModel.is_operator) idTag = "[" + hexId + "]";
 	}
 	if(type == "anon_nick") {
-		idTag = "[*" + id + "]"
+		idTag = "[*" + hexId + "]"
 	}
 	if(type == "anon") {
-		idTag = "[" + id + "]"
+		idTag = "[" + hexId + "]"
 	}
 	if(type == "user_nick") {
 		nickDom.style.color = color;
@@ -847,7 +848,7 @@ function buildChatElement(field, id, type, nickname, message, realUsername, op,
 			impersonationWarning = " (Special chars)";
 		}
 		nickTitle.push("Username \"" + realUsername + "\"" + impersonationWarning);
-		if(state.userModel.is_operator) idTag = "[*" + id + "]";
+		if(state.userModel.is_operator) idTag = "[*" + hexId + "]";
 	}
 
 	if(state.userModel.is_operator) {

runserver.js

@@ -1462,33 +1462,17 @@ function getWorldData(worldId) {
 	if(worldData[worldId]) return worldData[worldId];
 
 	worldData[worldId] = {
-		id_overflow_int: 10000,
 		display_user_count: 0,
 		user_count: 0
 	};
 
 	return worldData[worldId];
 }
-function generateClientId(world_id) {
-	var worldObj = getWorldData(world_id);
 
-	var rand_ids = client_ips[world_id];
-	if(!rand_ids) rand_ids = {};
-
-	// attempt to get a random id
-	for(var i = 0; i < 64; i++) {
-		var inclusive_id = Math.floor(Math.random() * ((9999 - 1) + 1)) + 1;
-		if(!rand_ids[inclusive_id]) {
-			return inclusive_id;
-		}
-	}
-	// attempt to enumerate if it failed
-	for(var i = 1; i <= 9999; i++) {
-		if(!rand_ids[i]) {
-			return i;
-		}
-	}
-	return worldObj.id_overflow_int++;
+function generateClientId(ip_addr) {
+	var id = crypto.createHash("sha256").update(ip_addr).update(settings.id_pepper).digest().readUIntBE(0, 3);
+	if (id == 0) id = 1; // better safe than sorry right
+	return id;
 }
 
 function getUserCountFromWorld(worldId) {
@@ -2104,7 +2088,7 @@ async function manageWebsocketConnection(ws, req) {
 		initial_user_count = worldObj.user_count;
 	}
 
-	clientId = generateClientId(world.id);
+	clientId = generateClientId(ws.sdata.ipAddress);
 
 	if(!client_ips[world.id]) {
 		client_ips[world.id] = {};

settings_example.json

@@ -63,5 +63,6 @@
 		"display_email": "\"Our World of Text\" <[email protected]>"
 	},
 
+	"id_pepper": "REPLACE THIS WITH A SECRET HIGH-ENTROPY VALUE",
 	"activation_key_days_expire": 3
 }