Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Kayne Ruse
|
ac7c8d04ed | ||
|
Kayne Ruse
|
fd44712e37 |
Generated
+2
-2
@@ -1,12 +1,12 @@
|
|||||||
{
|
{
|
||||||
"name": "auth-server",
|
"name": "auth-server",
|
||||||
"version": "1.7.6",
|
"version": "1.7.8",
|
||||||
"lockfileVersion": 3,
|
"lockfileVersion": 3,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"packages": {
|
"packages": {
|
||||||
"": {
|
"": {
|
||||||
"name": "auth-server",
|
"name": "auth-server",
|
||||||
"version": "1.7.6",
|
"version": "1.7.8",
|
||||||
"license": "ISC",
|
"license": "ISC",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bcryptjs": "^2.4.3",
|
"bcryptjs": "^2.4.3",
|
||||||
|
|||||||
+1
-1
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "auth-server",
|
"name": "auth-server",
|
||||||
"version": "1.7.6",
|
"version": "1.7.8",
|
||||||
"description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
|
"description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
|
||||||
"main": "server/server.js",
|
"main": "server/server.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
|||||||
+16
-2
@@ -22,7 +22,7 @@ const route = async (req, res) => {
|
|||||||
//script throttle
|
//script throttle
|
||||||
const throttle = await checkThrottle(req.body.email);
|
const throttle = await checkThrottle(req.body.email);
|
||||||
if (throttle) {
|
if (throttle) {
|
||||||
console.warn(`Spam attack detected: ${req.body.email} (${req.body.username})`);
|
console.warn(`Spam Throttled\t${req.body.email} (${req.body.username})`);
|
||||||
return res.status(401).send(throttle);
|
return res.status(401).send(throttle);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -121,7 +121,21 @@ const checkThrottle = async (email) => {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const registerPendingSignup = async (body, hash, token) => {
|
const registerPendingSignup = async (body, hash, token) => {
|
||||||
const record = await pendingSignups.upsert({
|
//BUGFIX: delete existing pending signups that clash
|
||||||
|
await pendingSignups.destroy({
|
||||||
|
where: {
|
||||||
|
email: body.email
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
await pendingSignups.destroy({
|
||||||
|
where: {
|
||||||
|
username: body.username
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
//record it
|
||||||
|
const record = await pendingSignups.create({
|
||||||
email: body.email,
|
email: body.email,
|
||||||
username: body.username,
|
username: body.username,
|
||||||
hash: hash,
|
hash: hash,
|
||||||
|
|||||||
@@ -10,16 +10,24 @@ module.exports = async (req, res, next) => {
|
|||||||
content: address,
|
content: address,
|
||||||
|
|
||||||
expiry: {
|
expiry: {
|
||||||
[Op.gt]: Date.now()
|
[Op.or]: {
|
||||||
|
//future or forever
|
||||||
|
[Op.gt]: Date.now(),
|
||||||
|
[Op.eq]: null,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
//log the access timestamp
|
||||||
|
const date = new Date();
|
||||||
|
|
||||||
if (!!record) {
|
if (!!record) {
|
||||||
|
console.log(`IP blocked\t${address}\t\t\t${date.toTimeString()}`);
|
||||||
return res.status(403).send("IP address banned");
|
return res.status(403).send("IP address banned");
|
||||||
}
|
}
|
||||||
|
|
||||||
console.log(`IP ${address}`);
|
console.log(`IP allowed\t${address}\t\t\t${date.toTimeString()}`);
|
||||||
|
|
||||||
return next();
|
return next();
|
||||||
};
|
};
|
||||||
Reference in New Issue
Block a user