diff options
-rw-r--r-- | src/api.js | 18 | ||||
-rw-r--r-- | src/routers/tmwa/index.js | 8 | ||||
-rw-r--r-- | src/routers/tmwa/middlewares/account.js | 8 |
3 files changed, 16 insertions, 18 deletions
@@ -41,7 +41,6 @@ const checkCaptcha = (req, res, next) => { status: "error", error: "no token sent" }); - console.info("a request with an empty token was received", req.ip); req.app.locals.rate_limiting.add(req.ip); setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); return false; @@ -51,13 +50,17 @@ const checkCaptcha = (req, res, next) => { re.setEncoding("utf8"); re.on("data", response => { const data = JSON.parse(response); - if (!data.success) { - console.error(`recaptcha returned an error: ${response}`); + if (!Reflect.has(data, "success") || data.success !== true) { + if (Reflect.has(data, "error-codes")) { + const error_codes = data["error-codes"].toString(); + if (error_codes !== "invalid-input-response") { + console.error("reCAPTCHA returned an error: %s", error_codes); + } + } res.status(403).json({ status: "error", error: "captcha validation failed" }); - console.info("a request failed to validate", req.ip); req.app.locals.rate_limiting.add(req.ip); setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); return false; @@ -69,9 +72,9 @@ const checkCaptcha = (req, res, next) => { console.error(error); res.status(403).json({ status: "error", - error: "recaptcha couldn't be reached" + error: "reCAPTCHA couldn't be reached" }); - console.warn("reCaptcha couldn't be reached"); + console.warn("reCAPTCHA couldn't be reached"); return false; }) }; @@ -119,9 +122,8 @@ api.use((req, res, next) => { status: "error", error: "unknown endpoint" }); - console.info("a request for an unknown endpoint was received", req.ip, req.originalUrl); }); api.set("trust proxy", "loopback"); // only allow localhost to communicate with the API api.disable("x-powered-by"); // we don't need this header -api.listen(process.env.npm_package_config_port, () => console.info(`Listening on port ${process.env.npm_package_config_port}`)); +api.listen(process.env.npm_package_config_port, () => console.info("Listening on port %d", process.env.npm_package_config_port)); diff --git a/src/routers/tmwa/index.js b/src/routers/tmwa/index.js index 7e1cefe..495240b 100644 --- a/src/routers/tmwa/index.js +++ b/src/routers/tmwa/index.js @@ -22,10 +22,8 @@ module.exports = exports = class TMWA { this.router.get("/server", middlewares.server); - this.router.all("/account", rate_limit); // filter out the flood - this.router.all("/account", challenge); // require a captcha - this.router.use("/account", express.json()); // parse the body as json - this.router.post("/account", middlewares.account); + this.router.all("/account", rate_limit, challenge); // flood limit + captcha + this.router.post("/account", express.json(), middlewares.account); tmwa_poll(this); // first heartbeat @@ -39,7 +37,7 @@ const tmwa_poll = (_this) => { const lines = data.split("\n"); if (err || lines.length < 2) { - console.error("encountered an error while retrieving online.txt", err); + console.error("TMWA: encountered an error while retrieving online.txt", err); _this.timeout = setTimeout(() => tmwa_poll(_this), 30000); // <= it failed, so check again later return; } diff --git a/src/routers/tmwa/middlewares/account.js b/src/routers/tmwa/middlewares/account.js index e29af24..1249618 100644 --- a/src/routers/tmwa/middlewares/account.js +++ b/src/routers/tmwa/middlewares/account.js @@ -10,7 +10,6 @@ module.exports = exports = (req, res, next) => { status: "error", error: "malformed request" }); - console.info("a malformed request was received", req.ip, req.body); req.app.locals.rate_limiting.add(req.ip); setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); return; @@ -22,7 +21,7 @@ module.exports = exports = (req, res, next) => { status: "error", error: "couldn't reach the database" }); - console.warn("a connection with the database couldn't be established"); + console.warn("TMWA.account: a connection with the database couldn't be established"); return; } @@ -40,7 +39,6 @@ module.exports = exports = (req, res, next) => { status: "error", error: "already exists" }); - console.info("a request to create an already-existent account was received", req.ip, query_params.USERNAME); req.app.locals.rate_limiting.add(req.ip); setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 2000); } else { @@ -48,13 +46,13 @@ module.exports = exports = (req, res, next) => { status: "error", error: "couldn't add the user" }); - console.error("an unexpected sql error occured", err); + console.error("TMWA.account: an unexpected sql error occured: %s", err.code); } } else { res.status(201).json({ status: "success" }); - console.info(`an account was created: ${query_params.USERNAME}`); + console.info("TMWA.account: an account was created: %s [%s]", query_params.USERNAME, req.ip); req.app.locals.rate_limiting.add(req.ip); setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000); } |