If a moderator bans an user, Clank should send a ModlogEvent into the private modlog channel indicating that the user has been banned from the server. Additionally, if the mod provided a reason to Discord when issuing the ban, the reason should be logged in the message as well.

The reason is that, seeing why a user was banned is difficult because it requires opening the audit log in the server settings, plus it is difficult by itself because you might not know that an user was banned unless you actually reviewed the audit log itself.

The command !alert allows members with good karma level to report messages. Clank will manage reports and warn or ban users.

Usage spec: !alert <member> [<reason>]. Examples:

• !alert @danirod: signal an alert for danirod. No specified reason or comment.
• !alert @danirod spam: signal an alert for danirod, adding spam as a comment reason.

When an alert is received, the following happens:

• The alert is logged in the private moderation log.
• Clank updates the alert queue for the member that the alert is targeted to.
• Clank acknowledges the alert by reacting to the original message instead of replying.

The alert queue is a tag attached to a member. It is a list of timestamps at which an alert has been received.

It is acceptable for multiple people to issue multiple warns when a message should clearly be reported (such as spam). This pushes multiple timestamps into the alert queue of a member. Example:

@BadUser1: join my discord server! https://discord.gg/Mq7TBAB
@VeteranUser1: !alert @BadUser1
@VeteranUser2: !alert @BadUser1 spam
@VeteranUser3: !alert @BadUser1

An automatic warn is issued if a member receives more than N alerts for a 30 minute interval, or more than P alerts for a 4 hour interval. N and P are values that should not be considered hardcoded because they may be tweaked, either algorithmically or manually. Let it be initially N = 3 and P = 7.

An automatic ban is issued if an automatic warn is issued for a member that is already warned.

Describe the bug
Discord if you left a server your roles get reset and if a user lefts it can get back on the server verificate and isnt warned

To Reproduce
As an administrator warn a account you own and left the server and then go back into the server with an invite link
you have veen reseted the roles. If the server has a verification role verify yourself and you are no longer warned

Expected behavior
The bot add the warned role back

Clank has a lot of wrapping classes built on top of Discord.js in the lib/ directory.

Reorganize this repository so that the lib/ directory can be easier to re-use.

Related to #35.

Se sigue haciendo el INSERT como siempre, pero en el SELECT COUNT se cambiará la query SQL por una que limite el puntaje máximo a sumar en el COUNT a 100 por día, reiniciando en la medianoche UTC.

Dockerfile is currently a mess, basically because I built it back when I did not know much about Dockerfiles. Known issues:

• It doesn't really make sense to have multiple stage images.
• It uses ts-node in production instead of transpiling the image.

dsc.gg cloaks Discord invites. They use JavaScript redirection rather than a 302, so it might not trigger the antispam system.

Add it here to this array

https://github.com/makigas/clank/blob/86474ebb82c2b16db3b2a36083417e90a8c704b5/src/hooks/antispam.ts#L11-L15

Is your feature request related to a problem? Please describe.
After merging #151, the bot is more resilient to errors. Whenever the bot disconnects, the Docker engine will restart the bot very soon in order to make it work again. However, this doesn't mean that users are automatically approved. If the user attempts to type !accept during the downtime of the bot, the user won't be accepted yet. At the moment, this is solved by manually approving the user after the bot gets alive again.

Describe the solution you'd like
The bot should look for recent messages received in the captchas channel and approve those users who verify the following rules:

1. The user must not have the verify role yet.
2. The user must still be in the server.
3. The user must have typed !accept, as usual, or whatever keyword in use.
4. The user must have been part of the server for at least 5 minutes since the message was posted.

Describe alternatives you've considered
Doing this manually, but it is pain.

Something more friendly, in the style of the KCD bot:

• Have a private channel between Clank and a member that just joined.
• Ask some questions, the user replies using the standard yes/no answers or maybe using the Y / N reactions.
• On successful journies, the member is verified.

Possible script

1. Hola, $MEMBER$, soy Clank, el bot de moderación de este servidor, y también tu guía para darte la bienvenida y ayudarte a entrar a este servidor. Te voy a hacer una serie de preguntas. Para responder, {{escribe en esta conversación las respuestas sí/no}} | {{reacciona con la S para indicar Sí o con la N para indicar No}}. ¿Entendiste?

• S => 2

2. Este servidor busca ser una comunidad abierta y amigable y por ello tenemos un código de conducta de comportamiento. Además, para favorecer un entorno aceptable para todo el mundo tenemos unas normas esenciales. ¿Ya tuviste tiempo de echarle un ojo a las normas?

• N => 3
• S => 4

3. Entonces, por favor, visita #normas-de-uso y asegúrate de estar de acuerdo con todo. Abandona el servidor si no estás de acuerdo. ¿Ya tuviste tiempo de echarle un ojo a las normas?

• N => 3
• S => 4

4. ¡Estupendo! Antes de dejarte entrar, quiero darte algunos consejos. Algunos canales de este servidor están diseñados para que la gente pueda preguntar y responder dudas o pedir ayuda. Si vas a utilizarlos, te hago algunas recomendaciones:

• No necesitas pedir permiso para preguntar. ¡Para eso estoy aquí! Así que escribe tanto como necesites. Divide tu mensaje en varias partes si hace falta.
• Lo que tampoco deberías hacer es simplemente enviar mensajes como "¿alguien sabe de Java?". ¡Seguro que si asumes que alguien sabe y planteas tu pregunta directamente resuelves tu problema antes! No se pierde nada por intentarlo.
  ¿Entendiste esto?
• N => 5
• S => 6

5. Consulta https://dontasktoask.com/es/ si quieres saber más. Hicimos el esfuerzo de traducir al castellano el artículo, de hecho. ¡Con esto ya estaría! Cuando {{respondas Sí}} | {{reacciones de nuevo con la S}} podrás ver el resto de canales en la lista. ¡Pásalo bien!

• S => FIN

6. ¡Pues ya estamos! Cuando {{respondas Sí}} | {{reacciones de nuevo con la S}} podrás ver el resto de canales en la lista. ¡Pásalo bien!

• S => FIN

Issues

• Automatic or manual? (For instance, create a channel as soon as the member joins, or make the member do a trigger such as using the auto-reaction system)
• How many channels can we keep until we reach the channel limit for temporal members? Should we just close the channel if the member does not interact with the bot for 24 hours to prevent a limit?

Tracking issue. Requires reading.

If a moderator kicks an user, Clank should send a ModlogEvent into the private modlog channel indicating that the user has been kicked from the server. Additionally, if the mod provided a reason to Discord when issuing the kick, the reason should be logged in the message as well.

The reason is that, seeing why a user was kicked is difficult because it requires opening the audit log in the server settings, plus it is difficult by itself because you might not know that an user was kicked unless you actually reviewed the audit log itself.

Describe the bug
You can mark a element in the corcho with a star to add it more times

To Reproduce
Send a mesage to a chanel mark it with the star to add it to the corcho and add it again

Expected behavior
It dont add it other times ( More than 1)

Screenshots

The goal is to have a way to let users know that:

• They can use the issue tracker to report bugs.
• They can use the issue tracker to propose new features.
• They can open pull requests to fix bugs.
• They can open pull requests to add features if there has been a discussion yet.

It is important to make clear that opening a PR for features that hasn't been priorly discussed yet and that they come as surprise presents is unpleaseant because someone will have to maintain that code and it may be outside the project roadmap.

The bot sometimes disconnects from the network but doesn't attempt to reconnect when the network is available again.

!horn command will be removed because it is not widely used and it causes a dependency hell with node-opus. !horn command may be reintroduced later on.

Members would like to know which level they have, or how many points they have.

I mean, clearly there is a pattern. 👋

When the 🗑️ emoji is used to delete a priorly wanned message, the bot should send anotice into the private moderation log to mark the warned message as deleted. This should be done to indicate other moderators that the message was deleted, to avoid having them click the message and wonder where it is, or to avoid them spending time thinking if it's worth keeping the warned message or not if another moderator has already chosen so.

Si se publica un mensaje en un servidor que contiene un link a un mensaje del mismo servidor, el bot debería retirar cualquier posible embed genérico Open Graph que se haya podido presentar a partir del link e incrustar en su defecto un embed que contenga una cita del mensaje publicado.

Recientemente un usuario de Discord, no consciente del funcionamiento del sistema de captchas de nuestro servidor, intentó mandar un mensaje al canal de validaciones antes de validar su cuenta.

Posteriormente a este hecho, mandó un copia y pega del mensaje a un canal real y fue capturado por el sistema antiflood:

Este comportamiento es inconsistente, porque el mensaje original no forma parte de uno de los canales reales del servidor. Mientras un usuario no tenga la cuenta verificada por el sistema de captchas, no está terminado de unir, por lo que ese tipo de mensajes no deben ser tenidos en cuenta para el sistema antiflood.

Solución: el sistema antiflood no debe incluir en su memoria parcial mensajes de miembros no verificados.

To avoid being very noisy, Clank should reply the user using DMs instead of publicly mentioning the user in the channel the user typed the message in.

In some cases, such as when triggering the !helper command, Clank may attempt to automatically delete the triggering message to clean up the conversation.

Discord.js-Commando provides a settings provider based in a JSON schema that is dumped into a row of an SQLite database.

This is good but I'm cheating a lot by adding a lot of keys, thus it is difficult to scan the JSON document.

This may be better in a custom Setting Provider that stores each item in a database row, maybe allowing for the extra cheats that I use.

An example schema:

• guild_id: the ID for the tag (for sharding the bot across multiple servers)
• member_id the ID of the member owning this tag (for keys that depend on each user)
• key: the name of the tag (for access)
• value: the value of the tag (string, because then I can store any datatype if I serialize it as JSON)
• expires_at (null or datetime): time at which the key must expire

Additional patterns to detect:

• instagram.com/[a-zA-Z0-9._]+ => detect links to instagram profiles
• facebook.com/groups/[0-9]+=> detect links to Facebook groups
• facebook.com/pages/[0-9a-zA-Z._]+/[0-9]+/ => detect links to Facebook pages

Add a system to godfather trusted accounts (based on tags or roles). Let the bot look away when inspecting a message if the poster is a trusted account.

Example use case: someone who has been in the server for a month and that is very active may post a link to a Facebook page organically rather than for purposes of doing spam. In such case, having a way to tag (either manually or as part of the karma system) a user as a trusted one so that the message can be posted anyway would be good.

Es estúpido que diga "tienes que esperar unos minutos" pero no diga cuántos.

Can the bot notify the people when they type the !accept / !acepto command wrong?

Because verified users have already got a role, Discord's prune tool will not include them when pruning inactive users, which is something that every few months I do for users that haven't logged in, in a long time.

The reason I prune inactive users is that it provides a skewed statistic over the amount of users the server has. Plus, you never know when an inactive account may become a zombie account: it gets compromised and a bad actor uses it to send malware or spam.

The bot should log the last time an user goes available or unavailable in order to remove the verified badge, or at least mark the user as inactive, if the user has not logged in in three months.

If the system detects the same message being posted in multiple channels by the same user in a very short amount of time, it should mark the message as flooded.

Caveats:

• Message must match, to avoid having quote replies being tagged as flood.
• How to handle the buffer? Maybe keeping only the first message and checking the last time the sender has sent a message. Definitely, karma system could help with adding these member properties as tags.

Bot presence is a debug command that should be removed once it's not needed. The bot should always be available in production. There are better ways to mark the bot as in maintenance mode, which should be explored.

Commit 7bdd695 added logic to the antispam system so that it would delete messages sent by members with the links-disabled role containing links.

The next step is to automatically add members to this role if they match some criteria. It is always possible to remove this role later if they are found to be safe. Automatic karma could even do this once a member reaches level 2. Interesting heuristics to use:

• Members that have in their tags specific words: twitch, YT, YouTube.
• Members that have non-alphanumeric Unicode characters such as:
  • Emojis: ⚡JohnDoe⚡#1234
  • Manuscript: 𝓳𝓸𝓱𝓷 𝓭𝓸𝓮#1234
  • Bold text: 𝐣𝐨𝐡𝐧 𝐝𝐨𝐞#1234
• Members that joined Discord less than 24 hours ago.

Describe the bug
When you make use of the !primo command it can be broked

To Reproduce
Send the message !primo Text`outcuote

Expected behavior
Put the ` charter by first putting a backslash

Screenshots

Additional context
Its on the server Message

A command may query for videos added to the database.

Tentative command format

!videos [query] (see examples 1, 2)
!video [videoID] (see example 2)

Internal detail

An alternate representation for makigas:video, makigas:playlist and makigas:topic objects was proposed on makigas/makigas.es#75. Although the permalinks are not clear at this moment, it would be possible to get feeds and structured metadata about items on URLs such as https://www.makigas.es/videos.json or https://api.makigas.es/v1/videos.json. This permalink would emit a JSON object the bot can digest. All the heavy load of the query is done by makigas/makigas. This command's scope is limited to sending the proper query to the website and rendering the results.

Concerns

• Discord will convert links into embeds. Should the bot post the links on the results message and possibly spam multiple links if there are multiple results? Or should the bot provide a numeric ID (see example 2)

Examples

• Example 1:

danirod: !videos flatmap
Clank: Here are the videos about flatmap I found on makigas.es
  - Scala: flatten y flatMap: www.makigas.es/series/scala/flatten-y-flatmap

• Example 2:

danirod: !videos flatmap
Clank: Here are the videos about flatmap I found on makigas.es
  - Scala: flatten y flatMap: #183 (use !video 183 for info)
danirod: !video 183
Clank: 183 · flatten y flatMap
  Playlist: Scala. Episode: 18. Length: 8:54
  El flatten permite aplastar los elementos de una lista de listas para crear
  una lista única. Por otra parte, con flatMap podemos combinar un map y un
  flatten: primero aplicamos map a los elementos de una colección de entrada
  y luego le hacemos un flatMap.
  URL: www.makigas.es/series/scala/flatten-y-flatmap
  YouTube ID: youtu.be/JFv9THj85yE

Look how to do this.

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt#Browser_compatibility

Caso de uso 1: un usuario no quiere participar en el sistema karma, de modo que lo desactiva para que no se cuenten sus mensajes.

Caso de uso 2: moderación desactiva el sistema karma a una cuenta si considera que está utilizando de forma sospechosa el sistema de karma para abusar de sus mecánicas.

En ambos casos,

• El nivel es siempre 0.
• La suma de karma siempre da 0.
• El comando /karma informa de esto.
• Los canales que requieren nivel superior no dejan escribir si la cuenta no corresponde con un mod.

tslint is deprecated.

Have a blocklist based on user IDs, which are assumed to be owned by people with a spammy record, even if they haven’t joined the server yet.

Have the server check the ID of a member that joins the guild against the blocklist. Autoban any member whose ID is contained in the blocklist as soon as they join.

Currently work is done in Makibot.js. Although this made a great proof of concept, if the bot has to pass the PoC stage, commands should be split in class objects, and there should be some structure so that new commands can easily be added and existing commands can be modified as well.

Useful patterns:

• Command
• Chain of Responsability

Yes I am being serious.

Words opress me.

Also should follow my default conventions at danirod/dotfiles@cfd44da.

Idea pool:

• Auto-ban messages sent to the captchas channel matching the spammy regex.

Spammy regex list:

• /discord.gg/
• /discordapp.com/invite/
• /discord.com/invite/

If a member deletes a message, the antiflood system should forget about the original message, so that pasting it again (for instance, the member got a channel wrong and decided to fix it) do not triggers the antiflood system.