diff options
author | gumi <git@gumi.ca> | 2020-03-03 23:02:36 -0500 |
---|---|---|
committer | gumi <git@gumi.ca> | 2020-03-03 23:02:36 -0500 |
commit | 349053954d45e4625ab35e6b2383608e5132eba3 (patch) | |
tree | 1939eb58d8296bd43ce21e80708381c56e0aa120 /src/routers/vault/middlewares/evol/account.js | |
parent | 2df2f8a3f9eafdf1a28ce458a874135d666d0cf9 (diff) | |
download | api-349053954d45e4625ab35e6b2383608e5132eba3.tar.gz api-349053954d45e4625ab35e6b2383608e5132eba3.tar.bz2 api-349053954d45e4625ab35e6b2383608e5132eba3.tar.xz api-349053954d45e4625ab35e6b2383608e5132eba3.zip |
add rudimentary anti-bruteforcing
Diffstat (limited to 'src/routers/vault/middlewares/evol/account.js')
-rw-r--r-- | src/routers/vault/middlewares/evol/account.js | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/routers/vault/middlewares/evol/account.js b/src/routers/vault/middlewares/evol/account.js index 5067334..80f741d 100644 --- a/src/routers/vault/middlewares/evol/account.js +++ b/src/routers/vault/middlewares/evol/account.js @@ -13,8 +13,16 @@ const get_account_list = async (req, vault_id) => { where: {vaultId: vault_id}, }); - for (let acc of claimed) { - acc = await req.app.locals.evol.login.findByPk(acc.accountId); + for (const acc_ of claimed) { + const acc = await req.app.locals.evol.login.findByPk(acc_.accountId); + + if (acc === null || acc === undefined) { + // unexpected: account was deleted + console.info(`Vault.evol.account: unlinking deleted account ${acc_.accountId} {${vault_id}} [${req.ip}]`); + await acc_.destroy(); // un-claim the account + continue; + } + const chars = []; const chars_ = await req.app.locals.evol.char.findAll({ where: {accountId: acc.accountId}, |