From b0b04027206e928e5a511c8f8f060b27006aa382 Mon Sep 17 00:00:00 2001 From: gumi Date: Tue, 10 Apr 2018 15:43:44 -0400 Subject: only call the captcha check when we actually need it --- server.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/server.js b/server.js index de4d53f..0d28cd5 100644 --- a/server.js +++ b/server.js @@ -56,7 +56,7 @@ const checkRateLimiting = (req, res, next) => { return; }; -const checkCaptcha = (req, res, next) => { +const checkCaptcha = (req, res) => { const token = String(req.get("X-CAPTCHA-TOKEN") || ""); if (!token.match(/^[a-zA-Z0-9-_]{30,60}$/)) { @@ -67,7 +67,7 @@ const checkCaptcha = (req, res, next) => { console.info("a request with an empty token was received", req.ip); rate_limiting.add(req.ip); setTimeout(() => rate_limiting.delete(req.ip), 300000); - return; + return false; } https.get(`https://www.google.com/recaptcha/api/siteverify?secret=${process.env.npm_package_config_recaptcha_secret}&response=${token}`, re => { @@ -83,10 +83,10 @@ const checkCaptcha = (req, res, next) => { console.info("a request failed to validate", req.ip); rate_limiting.add(req.ip); setTimeout(() => rate_limiting.delete(req.ip), 300000); - return; + return false; } - next(); // challenge passed, so process the request + return true; // challenge passed, so process the request }); }).on("error", error => { console.error(error); @@ -95,7 +95,7 @@ const checkCaptcha = (req, res, next) => { error: "recaptcha couldn't be reached" }); console.warn("reCaptcha couldn't be reached"); - return; + return false; }) }; @@ -112,9 +112,10 @@ api.get("/api/tmwa", (req, res) => { }); api.use(checkRateLimiting); -api.use(checkCaptcha); api.use(express.json()); api.post("/api/account", (req, res) => { + if (checkCaptcha(req, res) !== true) return; + if (!req.body || !Reflect.has(req.body, "username") || !Reflect.has(req.body, "password") || !Reflect.has(req.body, "email") || !req.body.username.match(/^[a-zA-Z0-9]{4,23}$/) || -- cgit v1.2.3-60-g2f50