A complete API that can be used to retrieve things like:

• Checking if a server is verified
• and more

The code of Strawberry Chat is gigantic (1700 lines!!).
Because of this we decided to rework the code. Make more modular parts, and clearer/cleaner.
The code is in a rather unstable state, and this will (hopefully!) change from version 1.8.0 (including beta and alpha builds).

Description

A User Settings command to manage user flags more easily without having countless commands to do so. E.g.: /set dms enabled

Why should this feature be added?

To manage user flags more easily

Before submitting a suggestion

• This feature does not exist in the latest version of Strawberry Chat

• This feature was not already suggested

• This feature is not on our todo-list (Check our GitHub project page!!!)

Tracking issue for:

• https://github.com/Strawberry-Foundations/strawberry-chat/security/code-scanning/2154

Tracking issue for:

• https://github.com/Strawberry-Foundations/strawberry-chat/security/code-scanning/2164

We're probably should switch to SHA-2 or argon2.

Recommendation

Ensure that you use a strong, modern cryptographic hash function:

• such as Argon2, scrypt, bcrypt, or PBKDF2 for passwords and other data with limited input space.
• such as SHA-2, or SHA-3 in other cases.

Example

The following example shows two functions for hashing passwords. The first function uses SHA-256 to hash passwords. Although SHA-256 is a strong cryptographic hash function, it is not suitable for password hashing since it is not computationally expensive.

import hashlib

def get_password_hash(password: str, salt: str):
    return hashlib.sha256(password + salt).hexdigest() # BAD

The second function uses Argon2 (through the argon2-cffi PyPI package), which is a strong password hashing algorithm (and includes a per-password salt by default).

from argon2 import PasswordHasher

def get_initial_hash(password: str):
    ph = PasswordHasher()
    return ph.hash(password) # GOOD

def check_password(password: str, known_hash):
    ph = PasswordHasher()
    return ph.verify(known_hash, password) # GOOD

An admin command to add a badge to a user and to change the main badge from a user

Tracking issue for:

• https://github.com/Strawberry-Foundations/strawberry-chat/security/code-scanning/2162
• https://github.com/Strawberry-Foundations/strawberry-chat/security/code-scanning/2161

As the title says, if you use Ctrl + C in the client, the server crashes with the BrokenPipe error message. Occurs with v1.7.0 Beta 2 and 3

Description

So basicially the title explains everything. The passwords should be encrypted for more security. The transfer & encrypting should still take place in a secure way

Why should this feature be added?

For more security

Before submitting a suggestion

• This feature does not exist in the latest version of Strawberry Chat

• This feature was not already suggested

• This feature is not on our todo-list (Check our GitHub project page!!!)

Describe the bug

No rules have been setup for the workflow which results in "invalid" reports

Steps to reproduce

Set up Codacy without any rules

The Error Text/Stacktrace

No response

Chat Program

Client

The version of Strawberry Chat you used

Python Version

Operating System

other

Operating System Version

No response

Used Operating System (Only fill when selected "other")

No response

Before submitting a bug report

• This bug wasn't already reported (I have searched bug reports on GitHub).

• This bug isn't fixed in the latest version of Strawberry Chat (including git)

Describe the bug

When you mention a user, it will no longer be highlighted, because of the ansi stripping in the broadcast command

Steps to reproduce

Just mention a user and you'll see it is not highlighted

The Error Text/Stacktrace

No response

Chat Program

Server

The version of Strawberry Chat you used

v1.8.0b3+u1

Python Version

3.11.x

Operating System

Debian

Operating System Version

12

Used Operating System (Only fill when selected "other")

No response

Before submitting a bug report

• This bug wasn't already reported (I have searched bug reports on GitHub).

• This bug isn't fixed in the latest version of Strawberry Chat (including git)

Fix using illegal ansi escape codes and \n in messages and direct messages

We are currently working on a new Bot API wrapper for Strawberry Chat.

A protection that you can only send messages that are UTF-8 compliant. If not, the user should be kicked

Describe the bug

Steps to reproduce

Join the server

The Error Text/Stacktrace

No response

Chat Program

Server

The version of Strawberry Chat you used

master

Python Version

3.11

Operating System

macOS

Operating System Version

No response

Used Operating System (Only fill when selected "other")

No response

Before submitting a bug report

• This bug wasn't already reported (I have searched bug reports on GitHub).

• This bug isn't fixed in the latest version of Strawberry Chat (including git)

Title is self-explaining

Tracking issue for:

• https://github.com/Strawberry-Foundations/strawberry-chat/security/code-scanning/11

Description

Strawbery ID/Network (Stawberry Network is comming soon) Connection/Link for user profile with real authentication

Why should this feature be added?

So other users can see your user tag

Before submitting a suggestion

• This feature does not exist in the latest version of Strawberry Chat

• This feature was not already suggested

• This feature is not on our todo-list (Check our GitHub project page!!!)

So basically you should be able to include color when broadcasting messages to all users, for red for example #(red)

Description

Arrows up and down retrieve latest messages

This Feature already "exists" under Windows 10+ (PowerShell), but not in Linux/macOS

Why should this feature be added?

to get the last message you've written

Before submitting a suggestion

• This feature does not exist in the latest version of Strawberry Chat

• This feature was not already suggested

• This feature is not on our todo-list (Check our GitHub project page!!!)

Using message:

Using username

Tracking issue for:

• https://github.com/Strawberry-Foundations/strawberry-chat/security/code-scanning/2160

I am not sure why CodeQL reported this. Under SecureCloud there were no problems with SHAKE256. I will have a look for it

A documentation for developers how to work on Strawberry Chat or how to develop your own bot

If you are a relatively active user, you start with SBC+ Basic. The more activity, the higher the chance to get the "normal" SBC+.
It will be a kind of level system, which counts and evaluates the messages of users, with random points. Sometimes less, sometimes more.
Also, spamming is useless because you can only get points every 30s or so. How I do that I still have to think about.
The introduction starts with v1.8.0, so the next version after v1.7.0.

Deutsch

Kommunizierung über das Format JSON

Die Idee dahinter ist relativ einfach. Aktuell werden Nachrichten mit dem Usernamen zusammen als eine feste Nachricht gesendet. Dem aktuellen Standard gemäß sieht das so aus:

Die Überlegung hinter @json-communication ist das der Server die Nachrichten nun nicht mehr so als feste Nachrichten sendet, sondern als JSON. Dies könnte folgendermaßen aufgebaut sein:

{
  "username": "julian",
  "nickname": "Yiülian",
  "badge": "👑",
  "role_color": "red"
  "message": {
    "content": "Hallo"
  }
}

Der jeweilige Client empfängt diese JSON Daten und baut damit eine Nachricht auf.
Diese könnte, wie das obere gezeigte Normalstandard aussehen, aber auch komplett anders, wie z.B.

# Beispielformat 1
[👑] Julian (@julian) Today at 00:37
  Hallo

# Beispielformat 2
Mo, 00:37: Julian (@julian) -> Hallo

# Beispielformat 3
[👑] @julian (00:37)
  Hallo

Dadurch würde es eine enorme Möglichkeit geben das Anzeigen der Nachrichten zu personalisieren. Dies könnte ein Vorteil gegenüber kleineren Bildschirmen haben, wenn man ein passendes Format dafür nutzt. wie z.B. Beispielformat 3

Allerdings weiß ich bezüglich Sicherheit nicht, ob dies das richtige ist. Damit alte Clients weiterhin funktionieren könnten bräuchte ich ein Versionscheck den wir aktuell überlegen.

Self explained, a command to read old news from older versions

Description

More modularity for better Code readability and command decorators for better Command Management

See Branch strawberry-chat@commands-decorators and Pull Request #29 (Less modularity (rewrite command system))

Why should this feature be added?

More modularity for better Code readability and command decorators for better Command Management

Before submitting a suggestion

• This feature does not exist in the latest version of Strawberry Chat

• This feature was not already suggested

• This feature is not on our todo-list (Check our GitHub project page!!!)

An admin command to change nicknames from other users

Description

Direct/Private messages with a user

Why should this feature be added?

Before submitting a suggestion

• This feature does not exist in the latest version of Strawberry Chat

• This feature was not already suggested

• This feature is not on our todo-list (Check our GitHub project page!!!)

Tracking issue for:

• https://github.com/Strawberry-Foundations/strawberry-chat/security/code-scanning/2006