Improved web authentication module now supports 3 different modes:
General auth with no special permissions (as before)
General auth with special ESI permissions requested from group applicant. Creates separate auth button on web server.
Preliminary auth with special ESI permissions requested from group applicant. Creates separate auth button on web server.
Renewed auth logic now allows you to control which permissions to request from which auth groups, i.e. which data EVE Online characters will share with you upon authentication. If you fill ESICustomAuthRoles param (mode 2) then bot will get a refresh token from character during auth process. This refresh token will be stored in a database and will be used to fetch all required data about registered characters.
You can also set PreliminaryAuthMode (mode 3) to force applicants to wait for an approval
making it possible to inspect them using “JackKnife” utility named HRM before they’re allowed into your corporation or alliance.
NOTE: Refresh token can be invalidated by user at any time in their EVE Online account settings NOTE: You have to add all required ESI permissions to your CCP app before you can use them in auth process
Considering the above you can build your own “JackKnife” recruitment process for selected group as following:
Create auth group with PreliminaryAuthMode set to true. This will force group to accept all auth requests and enable refresh token extraction. All appllicants will be put on hold for consequent actions.
An applicant should confirm his registration in Discord using !auth confirm CODE command displayed during their auth process. This is needed to bind their registration to Discord account.
Now the data from the applicants will be available for review in the HRM Module web page.
Decision:
If you decide to accept member then just invite him to your corporation and the bot will automatically auth applicant in Discord based on CorpIDList and AllianceIDList params. Make sure to set correct MemberRoles param to apply Discord roles upon successful registration.
If you decide to decline application you can set AppInvalidationInHours param which will delete applications when specified amount of hours has passed, decline them manually in HRM module or by using !auth decline CODE/ID command.
Highlights - JackKnife utility
New HRM module allows you to inspect characters both registered and awaiting auth. Features available for inspection will be expanded with following releases. For now it is limited by SP, corp history, mail, ISK transactions/journal, contracts, contacts and last year stats.
Improved web auth module to process authentication for groups with special ESI permission list
Added new HRM module - human resource management with JackKnife feats, able to display complete data for members authed with special permissions
Added startup check if settings.json file is present
Do not generate buttons on the main web page if corresponding module is disabled
Added optional params to webAuthModule settings group: UseCustomAuthRoles and ESICustomAuthRoles
Added optional DefaultAuthGroup param to webAuthModule
Added optional ShowGroupName param to liveKillFeedModule and radiusKillFeedModule
Added new !authurl command which will return default web auth url based on DefaultAuthGroup param or first auth group found. !authurl groupName will return auth url for specified group name (by default known to admin only).
Added new KM template param {NewLine} - inserts line break
Added message filtering to TED_ChatRelay app
Improved denied access handling for web modules
Improved ZKill feeder to don’t feed kills if none of the other modules demands them
Improved logging
Fixed discord user names in TelegramRelay module
Highlights - Advanced Web Auth
Improved web authentication module now supports 3 different modes:
General auth with no special permissions (as before)
General auth with special ESI permissions requested from group applicant. Creates separate auth button on web server.
Preliminary auth with special ESI permissions requested from group applicant. Creates separate auth button on web server.
Renewed auth logic now allows you to control which permissions to request from which auth groups, i.e. which data EVE Online characters will share with you upon authentication.
By default this feature is disabled and new users will only pass basic auth as before. But if you fill ESICustomAuthRoles param (mode 2) then bot will get a refresh token from character during auth process.
This refresh token will be stored in a database and will be used to fetch all required data about registered characters. You can also set PreliminaryAuthMode (mode 3) to force applicants to wait for an approval
making it possible to inspect them using “JackKnife” utility named HRM before they’re allowed into your corporation or alliance.
NOTE: Refresh token can be invalidated by user at any time in their EVE Online account settings
NOTE: You have to add all required ESI permissions to your CCP app before you can use them in auth process
Considering the above you can build your own “JackKnife” recruitment process for selected group as following:
Create auth group with PreliminaryAuthMode set to true. This will force group to accept all auth requests and enable refresh token extraction. All appllicants will be put on hold for consequent actions.
An applicant should confirm his registration in Discord using !auth confirm CODE command displayed during their auth process. This is needed to bind their registration to Discord account.
Now the data from the applicants will be available for review in the HRM Module web page.
Decision:
If you decide to accept member then just invite him to your corporation and the bot will automatically auth applicant in Discord based on CorpIDList and AllianceIDList params. Make sure to set correct MemberRoles param to apply Discord roles upon successful registration.
If you decide to decline application you can set AppInvalidationInHours param which will delete applications when specified amount of hours has passed, decline them manually in HRM module or by using !auth decline CODE/ID command.
Breaking changes
Templates/main.html template file changed
Templates/auth2.html template file changed
Templates/accessDenied.html template file added
Auth group CorpID property renamed to CorpIDList and is now an array of integer values
Auth group AllianceID property renamed to AllianceIDList and is now an array of integer values
Notes
Web templates for HRM are not optimal yet. They use Bootstrap4 + JQuery so any help tuning them to look nice will be highly appreciated.
Now we support SQLite and MySQL databases with possible extension to other DB sources.
V1.2.16
Added AllowedCharacters param group to authentication block which allows individual chars auth the same way as corps and alliances
Added new settings section: Database
Added support for mysql DB provider
Added admin command rngroup to be able to rename auth groups in DB after its name has been changed in config file
Added soft lock for a DB upgrade if DB version is below required minimum (for future cleanups)
Added customizable text fields to auth web page
Fixed possible DiscordAPI deadlock
Fixed !char command to display actual Last Seen data for character
Fixed timers auth using discord admin roles
Fixed standings auth taking initiative above other groups in some cases
Fixed timers login error for admins in some cases
Fixed standings auth error when standings were not yet loaded for feed character
Improved and optimized internal database handling
Improved HR module char list loading time
Improved console logs display
Improved auth backend
Refactored database to use identical table name casing
Updated DiscordAPI library to version 2.0.1
NOTABLE CHANGES
This release features some internal DB upgrades. DB backup is created automatically but please do backup before the first launch to be able to rollback just in case.
Duplicated user Discord IDs will be purged from DB leaving only one user registration per Discord account (dupes were been possible before)
Added AllowedCharacters param group to authentication block
It is now possible to use MySQL database
Set: “databaseProvider”: “mysql”
Create database using SQL: create database thundered;
Import MySQL dump file mysql.dump into created database
Specify “DatabaseName”: “thundered” and other connection settings in Database config section
Standings auth now use group names during auth process to avoid confusion with other groups when validation criteria overlaps between those groups
Added localization string authPageHeaderText which you can erase or change (displayed on auth page)
BREAKING CHANGES
Added new Database settings section for detailed DB setup for different providers
Moved databaseProvider and databaseFile params to new Database section
Added warning messages for modules when feeder character is not authed or has outdated token
Added ability to open posted contracts from Discord message right into the game client (read notes section below)
Added LanguageFilesFolder param to be able to store customized language files in a separate folder
Added error message when trying to inspect user in HRM with invalid token
Added character location and ship info into HR module
Added new HR users group display named Dump for users who left but hasn;t been cleaned up yet
Improved auth cleanup (read notes section)
Improved HR mail readability
Improved bandwidth and CPU usage for contracts, mail, notifications and null campaigns modules using 304 http response
Improved auth check module performance
Fixed notifications feed bug introduced in one of the prev releases
Fixed excessive renaming attempts when character has very long name
Fixed new installation upgrade issue
NOTES
Added new parameter for contract filters ShowIngameOpen - display url in contract message body which will open contract in game client.
When clicked, user will be prompted to pass simple SSO auth to get one-time access to running game client of selected character. Auth data and permissions for this case will not be saved anywhere.
Note that you will not be able to open contracts which are unavailable to you.
CCP application should have esi-ui.open_window.v1 scope allowed.
Added new Config section param LanguageFilesFolder. Will be handy for bot owners who has customized language files.
Bot will search for language files in the specified folder. Leave empty to search in default location.
Improved auth cleanup. Now bot validates auth not only for present Discord users but also for all users in DB.
This approach provides faster and better membership management. In addition all users which no longer passes auth will be moved in a temporary “Dump” group.
This group can be browsed in HR module if user has any ESI permissions and is a subject to cleanup according to AppInvalidationInHours param.
ThunderED v1.3.0 is now under development. This version will feature significant improvements to HR module alongside with several configuration and deployment improvements.
It will probably be a major release and will include some new modules. No ETA at the moment. Stay tuned!
o7
i have read kinda most everything here… and then i saw this message so was wondering…
will the update be a file we need to overwrite over the old one or is it gonna be a total new one…
I ask because i don’t wanna set this all up and then when new update comes i need to do it all over…
The updates are always prepared with the previous versions in mind so you can easily update your existing bot to the latest version with minimal efforts. Make sure you read breaking changes section in release notes to update your settings and templates correctly if needed.
Added new UseStrictAuthenticationMode param to auth group (read explanation below)
Added new week(w), lastweek(lw), lastday(ld), rating® command parameters for !stats command
Added new ExcludeFromOneButtonMode param to auth group to avoid being search when UseOneAuthButton is enabled
Added new dateFormat param to Config section
Added new RatingModeChannelId param to StatsModule and IncludeInRating param to Stats groups to autopost rating message
Added optional SkipDiscordAuthPage param to auth groups to be able to store ESI token and skip Discord auth
Added unit tests project
Added means to counter Linux data location problems (explanation below)
Added delete member buttons to HRM main page
Added filters for member lists on main HRM page
Added UseDumpForMembers and DumpInvalidationInHours params to HRM module config
Added new Spies list for HR members. Dumped members can be marked as Spies to avoid being recycled.
Added new SovTrackerModule (read highlight section below)
Added new clist command to list contracts for specified group
Added new simplified auth management file (read highlight section below)
Added new auth param to use only one button for authentication UseOneAuthButton
Added support for BR web compression
Added SpiesMailFeedChannelId to be able to feed new mail for characters marked as spies
Improved HTML templating and unified CSS+JS includes
Improved auth process checks to go in the following order: char -> corp -> alliance
Improved auth process checks to search criterias through several filters within one group (read explanation below)
Improved auth checks to delete applying members with invalidated tokens
Improved ZKB sockets cleanup and restart
Fixed !stats d command to not include losses to npc
Fixed type filtering for contracts feeder
Fixed simplified auth empty line handling
Fixed incorrect solar systems table name in some queries
Simplified web server settings (read breaking changes below)
Moved Templates/Messages templates to Data directory under Linux (read breaking changed below)
Enhanced HRM module access options and security (explanation below)
Removed Discord mention from language file entry mailMsgTitle
Removed default text for authPageHeaderText language string
Changed default MySQL collation to utf8mb4_general_ci
Updated SQLite to work in WAL mode
HIGHLIGHTS
One auth button mode can be enabled by setting UseOneAuthButton param to true. In this case the bot will search for first group which satisfies member corp/alliance condition.
There is also a change in auth process wotkflow which force users to authenticate twice if found auth group contains ESI permissions.
In this case automatic redrects are used so user logs in once and select character twice.
Added new SovTrackerModule which now allows to track sov space holder changes and ADM index falls beyond the threshold in the filtered sets of solar systems.
Systems can be filtered by ID, holder alliance, region ID and constellation ID. All filters are ADDITIVE.
!!!WARNING - this module can be very resourse consuming so please read folowing recommendations.
Specifying HolderAlliances param will search through 5k+ entries for holder changes on each check (up to 8-10 sec processing on good PC if not prefiltered by Systems).
Specifying Regions or Constellations will force bot to fetch system data for each entry which
Recommended CheckIntervalInMinutes is 30+ minutes to avoid exscessive stress
Additive filter hierarchy: Systems -> HolderAlliances -> Regions -> Constellations. The most efficient way to setup this module is to specify Systems only.
Added an ability to read and inject authentication data from standalone file named _simplifiedAuth.txt.
This file holds auth data in a compact CSV-like manner which can be helpful for less IT skilled admins or people who manage access right quite often.
In this file all entities are identified by names instead of numeric IDs which are then looked up on ESI during the bot startup.
Specified auth data will be injected into auth groups during runtime. You can even end up with empty predefined auth groups in settings.json file.
All fields are | delimeted, Discord roles are comma delimited.
Format: Exact Alliance or Corp or Character name|exact auth group name from config file|Discord role1,Discord role2
Example1: Starlane Limited|PrelimAlly|Members,[UF]
Example2: Goonswarm Federation|GuestAuthGroup|GuestRole,TempRole
You can edit this file and use !rehash command to apply changes right away
NOTES
helpStat language entry has been updated
BREAKING CHANGES
Auth process checks will now search criterias through several filters within one group by default. This means that the process will now gather all roles that match characters ID, corp ID and alliance ID in AllowedCharacters, AllowedCorporations and AllowedAlliances filters.
New UseStrictAuthenticationMode param has been introduced which is false by default. When enabled it will force auth process to act as before and stop after the first matching criteria is found.
Removed WebListenIP and WebListenPort params from WebServerModule config section. Internal port will now always be similar to WebExternalPort and internal IP address will now always be 0.0.0.0. This IP will force app under Linux and Windows to listen all local interfaces.
The bot will now search for Templates/Messages templates in Data/Templates/Messages directory under Linux
To counter multiple problems with config and logs location under Linux we now search all sensitive data under folder named Data in bot root directory.
Sensitive data is represented by config file, db file and log files. Linux users now should use Docker mount and Linux link commands to mount Data folder into the app directory.
In the following example we mount /opt/thunder directory to Data folder.
EXAMPLE:
** mkdir /opt/thunder**
copy settings.json into newly created folder
** docker run -p 8080:8080 -v /opt/thunder:/app/ThunderED/Data thundered:latest**
WARNING!!! Param named Database.DatabaseFile should now contain only DB filename without a path to avoid errors
Introduced AccessLists param for HRMModule which now allows advanced access distribution.
Now you can:
Limit access and display of specific user groups for certain roles and characters
Limit access for certain roles and characters to members authed under specific group
Limit access for certain roles and characters to members of specific corps and alliances
Added new BindToMainCharacter param to AuthGroups (read explanation below)
Added new IsAltUsersVisible, CanInspectAltUsers and CanRestoreDumped params to HR module access list
Added ability to restore members from dump in HR module
Added new experimental !caps command to display capital skills stats throughout the members database
Fixed corp and alliance data update in HR lists when users changes them
Fixed contracts type filter
Refactored authentication code to be more consistent with the modules
Updated HR module to include Alt Characters information into general lists and char inspection page
NOTES
Added new mode for the authentication process called: Alt Characters Authentication! In this mode you can bind alt characters with custom ESI permissions to the already authed main characters. Alt characters are dependant from the main character i.e. will be deleted if main character auth is deleted. They can be inspected in HR module and will be a subject for a subset of some new Discord commands.
When this mode is enabled it will always be treated as if ExcludeFromOneButtonMode and SkipDiscordAuthPage params are set to true
Set BindToMainCharacter to enable this mode. Please take a look at the auth group named Mode6_AltCharactersAuth in settings.def.json file for more info.
Added new experimental !caps command to display information about capital ship drivers on channel/server.
This command uses new settings section: CommandsConfig and new config file shipdata.def.json which will be automaticaly unfold into shipdata.json. CapsCommandDiscordRoles - list of Discord roles who has access to this command (empty = all) CapsCommandDiscordChannels - list of Discord channels where this command is allowed (empty = everywhere)
Added spy mail feed filters by corp/alliance name and feed channel
Added DisplayDetailsSummary param to display EVE urls in mail summary
Added ability to auth timers module by Discord roles
Fixed auth cleanup bug when where was an auth group in a list with empty Allowed* fields (literally group allowed all users to auth)
Fixed forbidden channels handling for commands
Fixed radius kill feed with 0 system range paramater
Improved and cleaned up Discord mail feeds, introduced new mail summaries with EVE fit & channel links into separate blocks to reduce clutter
Improved text breaking logic to respect words and urls
Improved radiusKillFeedModule to accept all IDs and names in a single mixed list
Improved timersModule to accept all IDs and names in a single mixed list
Improved TED_ConfigEditor to correctly work with mixed lists
Removed duplicate mails from spy feeds
HIGHLIGHTS
Introducing global quality of life improvement - parameters which accept mixed arrays of IDs and names. Previously there was only strong typed arrays with faceless ID values.
Now I will gradually update modules to accept both names and IDs in a condensed number af params. This will reduce clutter, improve usability and readability of config files.
Before:
Note the a: and c: prefixes, they are needed to search for alliance or corporation. If no prefix is specified then system will search for character.
Also not that system can search for corporations and alliances by TICKER!
System, constellation and region names do not require prefixes as they’re unique by default.
NOTES
New SpyFilters config param in HRMModule section allows you to filter your spies output
New DisplayDetailsSummary param for MailModule filter
New DisplayMailDetailsSummary param for HRMModule filter
Several notes about Spies HR improvements.
You can now disable default mail feed by setting DefaultSpiesMailFeedChannelId to 0.
You can selectively enable and redirect mail feed by adding filters to SpyFilters collection
New filters use EVE names instead of IDs which improves config readability while not impacting general performance
Mail now can display summary blocks after the message which include EVE urls for fits and channels. You can paste these urls into EVE MAIL body to become readable inside the game.
BREAKING CHANGES
Renamed SpiesMailFeedChannelId config param to DefaultSpiesMailFeedChannelId
Removed RadiusSystemId,RadiusConstellationId,RadiusRegionId,RadiusChannel from radiusKillFeedModule
Added radiusChannels and radiusEntities to radiusKillFeedModule
Added FilterEntities,FilterDiscordRoles to timersModule access lists. Removed old parameters.
Added new static ZKBSettingsModule settings section. Related ZKB parameters moved here: zkillLiveFeedRedisqID, UseSocketsForZKillboard, ZKillboardWebSocketUrl
