injectobot

0.3.0 • Public • Published

Inject-o-bot Documentation

This developer-friendly IRC bot provides an API to inject code as plugins so that teams of developers can add their own functionality. Each plugin runs as an unprivileged user in its own chroot sandbox and communicates via sockets with a master process that allows it to interact with the IRC server, channels and users. The plugins themselves are run in a context which provides some commonly used modules and a nice API to interact with the master process. This means you can:

  • Generate messages for users and channels
  • Call out to web APIs via request
  • Access the chrooted filesystem with fs
  • Access built-in modules like crypto, fs, http, net, path
  • Access common modules like _, async, cheerio, coffee, glob, marked, moment, npm, q

Because of the chroot, you cannot call shell scripts or any typical system-installed libraries or commands, nor can you modify other scripts or modules.

Installation & Usage

The bot can be installed via npm (may require sudo):

npm install -g injectobot

Examples throughout this document use HTTPie, which you can install via pip install httpie.

Once installed, it can be run via the injectobot command, which requires sudo in order to create the plugin chroot jails. Unless a --host is passed, it will not connect to an IRC channel and instead will dump all messages to the terminal, which is useful for testing plugins locally.

# Run the bot, connecting to IRC 
sudo injectobot --host chat.freenode.org --name 'mybot'
 
# Start the bot for testing locally (no IRC) 
sudo injectobot --name 'mybot' --listen 8000
 
# Simulate an incoming IRC message 
http localhost:8000/test message=='mybot: help'

Basic Plugin Example

A very basic plugin which listens to a command echo and replies back to the sender or room any text that follows the command would look like this (both CoffeeScript and Javascript are supported):

bot.command 'echo'(from, to, args) ->
    bot.reply fromtoargs

Displaying Help

You can listen to the help command to display information about your plugin. For example:

bot.command 'help'(from, to, args) ->
    switch args
        when ''
            bot.reply fromto'echo [message]: say a message back to you'
        when 'echo'
            bot.reply fromto'Echo a message back to the sender or channel'
 

Bot Plugin API

The bot's plugin API provides a layer above the interprocess communication mechanism to make interacting with the master process more like typical programming. The API is accessed via the bot variable.

Attributes

Attribute Description
name The bot's IRC nickname

Methods

bot.use (handler)

Register a handler (from, to, message) that gets invoked each time a message is received, including any message sent to any channel that the bot is in. It is up to you to filter out the messages you care about.

bot.use (from, to, message) ->
    # Do stuff here! 

bot.command (cmd, handler)

Register a handler (from, to, args) that gets invoked each time a command is sent to the bot, either via a private message or via the bot's name in a channel (e.g. botname command ...). args will contain all text after the command as a single string.

bot.command 'help'(from, to, args) ->
    # Do stuff here! 

bot.interval (milliseconds, handler)

Run a function at an interval in milliseconds. This is a shortcut for setInterval that flips the parameter order to make it easier to use with CoffeeScript.

bot.interval 5000->
    # Do stuff here every five seconds! 

bot.say (to, message)

Say a message to a user or channel. Channels must include the # character.

bot.say '#mychannel''Hello, world!'

bot.reply (from, to, message)

Reply to a message. This is like say, except contains logic to either reply to a private message or reply into the channel, which is why you need to pass both from and to into it.

bot.reply fromto'Hello, world!'

Uploading a Plugin

You can upload a plugin by doing an HTTP PUT to this server. You must set a Content-Type header and the body of the request must be the plugin text as utf-8. Warning: there are currently zero access controls. It may be a good idea to prefix your plugins with a unique name to prevent clashes with other team members.

If a plugin requires a secret such as an API token then it should be set in a variable that ends in TOKEN or SECRET, for example MY_TOKEN = 'some-secret-string'. When reading plugins this string will be replaced to prevent leaking of secrets.

PUT http://localhost:3000/plugins/:name HTTP/1.1
Content-Type: application/coffeescript
 
 
bot.command 'echo', (from, to, args) ->
    bot.reply from, to, args

Parameters

Name Description
name The plugin name (in the URL)

Headers

Name Description
Content-Type Either application/javascript or application/coffeescript

HTTPie Example

http put localhost:3000/plugins/test Content-Type:application/javascript <myscript.js

Listing All Plugins

You can list all installed plugin names (including extension type) with an HTTP GET call to the server. A list of strings is returned.

GET http://localhost:3000/plugins HTTP/1.1

HTTPie Example

http localhost:3000/plugins

Reading a Plugin

You can read a plugin's source code, minus any secrets, with an HTTP GET call to the server.

GET http://localhost:3000/plugins/:name HTTP/1.1

Parameters

Name Description
name The plugin name (in the URL)

HTTPie Example

http localhost:3000/plugins/test

Deleting a Plugin

You can delete a plugin by doing an HTTP DELETE to this server. Warning: there are currently zero access controls, so please be responsible.

DELETE http://localhost:3000/plugins/:name HTTP/1.1

HTTPie Example

http delete localhost:3000/plugins/test

Advanced Usage

The following sections describe advanced behavior.

Basic Security

This bot has very little security built-in, and is intended for small teams of developers who want to allow members to quickly write fun little plugins for the team. Some ideas for locking it down:

  • Limit who can PUT/DELETE via iptables whitelists
  • Require a password as an argument to plugin commands
  • Modify commands to require channel op status

Custom Dependencies

Built-in modules are described at the top of this document, but sometimes there may be a module you wish to use that isn't included. You can install custom dependencies for your script programmatically via the npm module. Note: only pure javascript modules are supported. C/C++ extensions are prohibited because they could contain inline assembly and potentially wreak havoc. Here is an example:

npm.load {}(err) ->
    if err then # ... 
 
    npm.commands.install ['module1''module2'](err) ->
        if err then # ... 
 
        # Now you can load your modules! 
        module1 = require 'module1'
        module2 = reuqire 'module2'

License

Copyright © 2013 Daniel G. Taylor

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Dependencies (18)

Dev Dependencies (0)

    Package Sidebar

    Install

    npm i injectobot

    Weekly Downloads

    2

    Version

    0.3.0

    License

    MIT

    Last publish

    Collaborators

    • danielgtaylor