Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Kayne Ruse
|
db03373892 | ||
|
Kayne Ruse
|
267ecaa705 | ||
|
Kayne Ruse
|
3a8cfd39ed |
Generated
+2
-2
@@ -1,12 +1,12 @@
|
|||||||
{
|
{
|
||||||
"name": "auth-server",
|
"name": "auth-server",
|
||||||
"version": "1.7.2",
|
"version": "1.7.5",
|
||||||
"lockfileVersion": 3,
|
"lockfileVersion": 3,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"packages": {
|
"packages": {
|
||||||
"": {
|
"": {
|
||||||
"name": "auth-server",
|
"name": "auth-server",
|
||||||
"version": "1.7.2",
|
"version": "1.7.5",
|
||||||
"license": "ISC",
|
"license": "ISC",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bcryptjs": "^2.4.3",
|
"bcryptjs": "^2.4.3",
|
||||||
|
|||||||
+1
-1
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "auth-server",
|
"name": "auth-server",
|
||||||
"version": "1.7.3",
|
"version": "1.7.5",
|
||||||
"description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
|
"description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
|
||||||
"main": "server/server.js",
|
"main": "server/server.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
|||||||
@@ -19,6 +19,13 @@ const route = async (req, res) => {
|
|||||||
return res.status(401).send(validateErr);
|
return res.status(401).send(validateErr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//script throttle
|
||||||
|
const throttle = await checkThrottle(req.body.email);
|
||||||
|
if (throttle) {
|
||||||
|
console.warn(`Spam attack detected: ${req.body.email} (${req.body.username})`);
|
||||||
|
return res.status(401).send(throttle);
|
||||||
|
}
|
||||||
|
|
||||||
//generate the password hash
|
//generate the password hash
|
||||||
const hash = await bcrypt.hash(req.body.password, await bcrypt.genSalt(11));
|
const hash = await bcrypt.hash(req.body.password, await bcrypt.genSalt(11));
|
||||||
|
|
||||||
@@ -83,6 +90,10 @@ const validateDetails = async (body) => {
|
|||||||
return 'Missing password';
|
return 'Missing password';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (typeof body.password != "string") {
|
||||||
|
return 'Invalid password';
|
||||||
|
}
|
||||||
|
|
||||||
if (body.password.length < 8) {
|
if (body.password.length < 8) {
|
||||||
return 'Password too short';
|
return 'Password too short';
|
||||||
}
|
}
|
||||||
@@ -90,6 +101,25 @@ const validateDetails = async (body) => {
|
|||||||
return null;
|
return null;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const checkThrottle = async (email) => {
|
||||||
|
//check email delay
|
||||||
|
const prev = await pendingSignups.findOne({
|
||||||
|
where: {
|
||||||
|
email: email,
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
const DateOffset = ( offset ) => { //Thanks, SO!
|
||||||
|
return new Date( +new Date + offset );
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!!prev && prev.updatedAt > DateOffset( -5000 )) {
|
||||||
|
return "An unknown error occurred";
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
const registerPendingSignup = async (body, hash, token) => {
|
const registerPendingSignup = async (body, hash, token) => {
|
||||||
const record = await pendingSignups.upsert({
|
const record = await pendingSignups.upsert({
|
||||||
email: body.email,
|
email: body.email,
|
||||||
|
|||||||
@@ -25,6 +25,11 @@ const TokenProvider = props => {
|
|||||||
localStorage.setItem("accessToken", accessToken);
|
localStorage.setItem("accessToken", accessToken);
|
||||||
}, [accessToken]);
|
}, [accessToken]);
|
||||||
|
|
||||||
|
//force a logout if refresh token is too old
|
||||||
|
if (accessToken && (new Date(Date.now() - 60 * 60 * 24 * 30 * 1000).getTime() > decode(accessToken).exp * 1000)) {
|
||||||
|
forceLogout();
|
||||||
|
}
|
||||||
|
|
||||||
//wrap the default fetch function
|
//wrap the default fetch function
|
||||||
const tokenFetch = async (url, options) => {
|
const tokenFetch = async (url, options) => {
|
||||||
//use this?
|
//use this?
|
||||||
|
|||||||
Reference in New Issue
Block a user