Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Kayne Ruse
|
fd44712e37 | ||
|
Kayne Ruse
|
b3c7f7cb5e |
Generated
+2
-2
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "auth-server",
|
||||
"version": "1.7.5",
|
||||
"version": "1.7.7",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "auth-server",
|
||||
"version": "1.7.5",
|
||||
"version": "1.7.7",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"bcryptjs": "^2.4.3",
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "auth-server",
|
||||
"version": "1.7.5",
|
||||
"version": "1.7.7",
|
||||
"description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
|
||||
"main": "server/server.js",
|
||||
"scripts": {
|
||||
|
||||
+15
-1
@@ -121,7 +121,21 @@ const checkThrottle = async (email) => {
|
||||
}
|
||||
|
||||
const registerPendingSignup = async (body, hash, token) => {
|
||||
const record = await pendingSignups.upsert({
|
||||
//BUGFIX: delete existing pending signups that clash
|
||||
await pendingSignups.destroy({
|
||||
where: {
|
||||
email: body.email
|
||||
}
|
||||
});
|
||||
|
||||
await pendingSignups.destroy({
|
||||
where: {
|
||||
username: body.username
|
||||
}
|
||||
});
|
||||
|
||||
//record it
|
||||
const record = await pendingSignups.create({
|
||||
email: body.email,
|
||||
username: body.username,
|
||||
hash: hash,
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
const Sequelize = require('sequelize');
|
||||
const sequelize = require('..');
|
||||
|
||||
module.exports = sequelize.define('bannedIPAddresses', {
|
||||
content: {
|
||||
type: 'varchar(320)',
|
||||
unique: true
|
||||
},
|
||||
|
||||
expiry: {
|
||||
type: 'DATETIME',
|
||||
allowNull: true,
|
||||
defaultValue: null
|
||||
},
|
||||
});
|
||||
@@ -2,5 +2,6 @@ module.exports = {
|
||||
tokens: require('./tokens'),
|
||||
accounts: require('./accounts'),
|
||||
pendingSignups: require('./pending-signups'),
|
||||
recovery: require('./recovery')
|
||||
recovery: require('./recovery'),
|
||||
bannedIPAddresses: require("./banned-ip-addresses"),
|
||||
};
|
||||
@@ -23,6 +23,9 @@ app.use(cookieParser());
|
||||
//database connection
|
||||
const database = require('./database');
|
||||
|
||||
//ip-based management
|
||||
app.use(require('./utilities/banned-up-addresses-middleware'));
|
||||
|
||||
//access the admin
|
||||
app.use('/admin', require('./admin'));
|
||||
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
const { Op } = require("sequelize");
|
||||
const { bannedIPAddresses } = require('../database/models');
|
||||
|
||||
//middleware to manage banned IP addresses
|
||||
module.exports = async (req, res, next) => {
|
||||
const address = req.header('x-forwarded-for') || req.socket.remoteAddress;
|
||||
|
||||
const record = await bannedIPAddresses.findOne({
|
||||
where: {
|
||||
content: address,
|
||||
|
||||
expiry: {
|
||||
[Op.gt]: Date.now()
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
if (!!record) {
|
||||
return res.status(403).send("IP address banned");
|
||||
}
|
||||
|
||||
console.log(`IP ${address}`);
|
||||
|
||||
return next();
|
||||
};
|
||||
Reference in New Issue
Block a user