Last patch today, I'm happy with this rn

BUGFIX: clashing pending signups fixed
2023-05-15 11:33:32 +10:00 · 2023-05-15 11:02:51 +10:00
4 changed files with 29 additions and 7 deletions
@@ -1,12 +1,12 @@
 {
  "name": "auth-server",
-  "version": "1.7.6",
+  "version": "1.7.8",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "auth-server",
-      "version": "1.7.6",
+      "version": "1.7.8",
      "license": "ISC",
      "dependencies": {
        "bcryptjs": "^2.4.3",
@@ -1,6 +1,6 @@
 {
  "name": "auth-server",
-  "version": "1.7.6",
+  "version": "1.7.8",
  "description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
  "main": "server/server.js",
  "scripts": {
@@ -22,7 +22,7 @@ const route = async (req, res) => {
 	//script throttle
 	const throttle = await checkThrottle(req.body.email);
 	if (throttle) {
-		console.warn(`Spam attack detected: ${req.body.email} (${req.body.username})`);
+		console.warn(`Spam Throttled\t${req.body.email} (${req.body.username})`);
 		return res.status(401).send(throttle);
 	}

@@ -121,7 +121,21 @@ const checkThrottle = async (email) => {
 }

 const registerPendingSignup = async (body, hash, token) => {
-	const record = await pendingSignups.upsert({
+	//BUGFIX: delete existing pending signups that clash
+	await pendingSignups.destroy({
+		where: {
+			email: body.email
+		}
+	});
+
+	await pendingSignups.destroy({
+		where: {
+			username: body.username
+		}
+	});
+
+	//record it
+	const record = await pendingSignups.create({
 		email: body.email,
 		username: body.username,
 		hash: hash,
@@ -10,16 +10,24 @@ module.exports = async (req, res, next) => {
 			content: address,

 			expiry: {
-				[Op.gt]: Date.now()
+				[Op.or]: {
+					//future or forever
+					[Op.gt]: Date.now(),
+					[Op.eq]: null,
+				}
 			}
 		}
 	});

+	//log the access timestamp
+	const date = new Date();
+
 	if (!!record) {
+		console.log(`IP blocked\t${address}\t\t\t${date.toTimeString()}`);
 		return res.status(403).send("IP address banned");
 	}

-	console.log(`IP      ${address}`);
+	console.log(`IP allowed\t${address}\t\t\t${date.toTimeString()}`);

 	return next();
 };
Author	SHA1	Message	Date
Kayne Ruse	ac7c8d04ed	Last patch today, I'm happy with this rn	2023-05-15 11:33:32 +10:00
Kayne Ruse	fd44712e37	BUGFIX: clashing pending signups fixed	2023-05-15 11:02:51 +10:00