diff options
author | gumi <git@gumi.ca> | 2020-02-14 12:18:00 -0500 |
---|---|---|
committer | gumi <git@gumi.ca> | 2020-03-02 15:37:17 -0500 |
commit | 2c25f53ddf418bdedd94c6142b03c80e49fc584d (patch) | |
tree | c15c45c16b7b649fb267241ffe0fe90aacf6fae5 /src/routers/tmwa | |
parent | 872288426090839f2f23e60187a58ee51d6fe4ea (diff) | |
download | api-2c25f53ddf418bdedd94c6142b03c80e49fc584d.tar.gz api-2c25f53ddf418bdedd94c6142b03c80e49fc584d.tar.bz2 api-2c25f53ddf418bdedd94c6142b03c80e49fc584d.tar.xz api-2c25f53ddf418bdedd94c6142b03c80e49fc584d.zip |
add support for Vault + major refactor
Diffstat (limited to 'src/routers/tmwa')
-rw-r--r-- | src/routers/tmwa/index.js | 4 | ||||
-rw-r--r-- | src/routers/tmwa/middlewares/account.js | 54 | ||||
-rw-r--r-- | src/routers/tmwa/middlewares/server.js | 1 |
3 files changed, 22 insertions, 37 deletions
diff --git a/src/routers/tmwa/index.js b/src/routers/tmwa/index.js index f3eeb72..f89c6bd 100644 --- a/src/routers/tmwa/index.js +++ b/src/routers/tmwa/index.js @@ -7,7 +7,7 @@ const middlewares = { }; module.exports = exports = class TMWA { - constructor(config, api, challenge, rate_limit) { + constructor(config, api, challenge) { // XXX: having to pass a reference to `api` is weird, we should instead // store config in this.config and make the middlewares (somehow) // access this.config. the problem is that we can't pass arguments @@ -22,7 +22,7 @@ module.exports = exports = class TMWA { this.router.get("/server", middlewares.server); - this.router.all("/account", rate_limit, challenge); // flood limit + captcha + this.router.all("/account", challenge); // require captcha this.router.all("/account", express.json(), middlewares.account); tmwa_poll(this); // first heartbeat diff --git a/src/routers/tmwa/middlewares/account.js b/src/routers/tmwa/middlewares/account.js index 7828191..393d0d5 100644 --- a/src/routers/tmwa/middlewares/account.js +++ b/src/routers/tmwa/middlewares/account.js @@ -100,8 +100,7 @@ const create_account = (req, res, next) => { status: "error", error: "malformed request" }); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); + req.app.locals.cooldown(req, 300000); return; } @@ -111,8 +110,7 @@ const create_account = (req, res, next) => { status: "error", error: "already exists" }); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 2000); + req.app.locals.cooldown(req, 2000); return; } @@ -141,9 +139,8 @@ const create_account = (req, res, next) => { res.status(201).json({ status: "success" }); - req.app.locals.logger.info(`TMWA.account: an account was created: ${req.body.username} [${req.ip}]`); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); + req.app.locals.logger.info(`TMWA.account: a Legacy account was created: ${req.body.username} [${req.ip}]`); + req.app.locals.cooldown(req, 300000); if (email === "a@a.com") return; @@ -153,9 +150,7 @@ const create_account = (req, res, next) => { to: email, subject: "The Mana World account registration", text: `Your account (\"${req.body.username}\") was created successfully.\nHave fun playing The Mana World!` - }, (err, info) => { - req.app.locals.logger.info(`TMWA.account: sent account creation email: ${req.body.username} ${info.messageId}`); - }); + }, (err, info) => {}); }); child.stdin.end(); }); @@ -176,8 +171,7 @@ const reset_password = async (req, res, next) => { status: "error", error: "no accounts found" }); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 8000); + req.app.locals.cooldown(req, 8000); return; } @@ -186,12 +180,11 @@ const reset_password = async (req, res, next) => { continue; for (const account of op.accounts) { if (account.email === req.body.email) { - res.status(429).json({ + res.status(425).json({ status: "error", error: "operation already pending" }); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 5000); + req.app.locals.cooldown(req, 5000); return; } } @@ -209,7 +202,7 @@ const reset_password = async (req, res, next) => { subject: "The Mana World password reset", text: "You are receiving this email because someone (you?) has requested a password reset on The Mana World "+ "with your email address.\nIf you did not request a password reset please ignore this email.\n\n"+ - "The following accounts are associated with this email address:\n" + account_names + "\n"+ + "The following Legacy accounts are associated with this email address:\n" + account_names + "\n"+ "To proceed with the password reset:\n" + `${req.app.locals.tmwa.reset}${uuid}` }, (err, info) => { pending_operations.set(uuid, { @@ -222,11 +215,9 @@ const reset_password = async (req, res, next) => { res.status(200).json({ status: "success" }); - req.app.locals.logger.info(`TMWA.account: initiated password reset: ${info.messageId} [${req.ip}]`); }); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 8000); + req.app.locals.cooldown(req, 8000); return; } else if (req.body && Reflect.has(req.body, "username") && !Reflect.has(req.body, "password") && @@ -250,8 +241,7 @@ const reset_password = async (req, res, next) => { status: "error", error: "malformed request" }); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); + req.app.locals.cooldown(req, 300000); return; } @@ -261,8 +251,7 @@ const reset_password = async (req, res, next) => { status: "error", error: "request expired" }); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); + req.app.locals.cooldown(req, 300000); return; } @@ -271,10 +260,9 @@ const reset_password = async (req, res, next) => { status: "error", error: "invalid type" }); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); + req.app.locals.cooldown(req, 300000); pending_operations.delete(req.body.code); - req.app.locals.logger.warn(`TMWA.account: attempted reset account with invalid uuid: ${req.body.username} [${req.ip}]`); + req.app.locals.logger.warn(`TMWA.account: attempted to reset a Legacy account using an invalid uuid: ${req.body.username} [${req.ip}]`); return; } @@ -305,17 +293,14 @@ const reset_password = async (req, res, next) => { status: "success" }); req.app.locals.logger.info(`TMWA.account: password has been reset: ${req.body.username} [${req.ip}]`); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); + req.app.locals.cooldown(req, 300000); transporter.sendMail({ from: req.app.locals.mailer.from, to: account.email, subject: "The Mana World password reset", - text: `You have successfully reset the password for account \"${req.body.username}\".\nHave fun playing The Mana World!\n\n⚠ If you did not perform this password reset, please contact us ASAP to secure your account.` - }, (err, info) => { - req.app.locals.logger.info(`TMWA.account: sent password reset confirmation email: ${req.body.username} ${info.messageId}`); - }); + text: `You have successfully reset the password for Legacy account \"${req.body.username}\".\nHave fun playing The Mana World!\n\n⚠ If you did not perform this password reset, please contact us ASAP to secure your account.` + }, (err, info) => {}); }); child.stdin.end(); return; @@ -326,10 +311,9 @@ const reset_password = async (req, res, next) => { status: "error", error: "foreign account" }); - req.app.locals.rate_limiting.add(req.ip); - setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); + req.app.locals.cooldown(req, 300000); pending_operations.delete(req.body.code); - req.app.locals.logger.warn(`TMWA.account: attempted reset account not owned by user: ${req.body.username} [${req.ip}]`); + req.app.locals.logger.warn(`TMWA.account: attempted to reset a Legacy account not owned by the user: ${req.body.username} [${req.ip}]`); return; }; diff --git a/src/routers/tmwa/middlewares/server.js b/src/routers/tmwa/middlewares/server.js index 261ecfd..51c293a 100644 --- a/src/routers/tmwa/middlewares/server.js +++ b/src/routers/tmwa/middlewares/server.js @@ -8,4 +8,5 @@ module.exports = exports = (req, res, next) => { playersOnline: req.app.locals.tmwa.num_online, serverStatus: req.app.locals.tmwa.status, }); + req.app.locals.cooldown(req, 500); }; |