Last patch today, I'm happy with this rn

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "auth-server",
-  "version": "1.7.7",
+  "version": "1.7.8",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "auth-server",
-      "version": "1.7.7",
+      "version": "1.7.8",
       "license": "ISC",
       "dependencies": {
         "bcryptjs": "^2.4.3",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth-server",
-  "version": "1.7.7",
+  "version": "1.7.8",
   "description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
   "main": "server/server.js",
   "scripts": {

server/auth/signup.js

@@ -22,7 +22,7 @@ const route = async (req, res) => {
 	//script throttle
 	const throttle = await checkThrottle(req.body.email);
 	if (throttle) {
-		console.warn(`Spam attack detected: ${req.body.email} (${req.body.username})`);
+		console.warn(`Spam Throttled\t${req.body.email} (${req.body.username})`);
 		return res.status(401).send(throttle);
 	}
 

server/utilities/banned-up-addresses-middleware.js

@@ -10,16 +10,24 @@ module.exports = async (req, res, next) => {
 			content: address,
 
 			expiry: {
-				[Op.gt]: Date.now()
+				[Op.or]: {
+					//future or forever
+					[Op.gt]: Date.now(),
+					[Op.eq]: null,
+				}
 			}
 		}
 	});
 
+	//log the access timestamp
+	const date = new Date();
+
 	if (!!record) {
+		console.log(`IP blocked\t${address}\t\t\t${date.toTimeString()}`);
 		return res.status(403).send("IP address banned");
 	}
 
-	console.log(`IP      ${address}`);
+	console.log(`IP allowed\t${address}\t\t\t${date.toTimeString()}`);
 
 	return next();
 };