diff options
| author | gumi <git@gumi.ca> | 2020-03-06 15:36:44 -0500 |
|---|---|---|
| committer | gumi <git@gumi.ca> | 2020-03-06 16:03:34 -0500 |
| commit | 86be43f1c0143495abe003654a4e415a154b11d4 (patch) | |
| tree | 9ddfd0f8092369ba787ca8f0b49788d8684f4e1c /src/routers/vault/middlewares/legacy/account.js | |
| parent | 67ee81e912ab26930b3152ab3f35712cc68573e7 (diff) | |
| download | apiv1-86be43f1c0143495abe003654a4e415a154b11d4.tar.gz apiv1-86be43f1c0143495abe003654a4e415a154b11d4.tar.bz2 apiv1-86be43f1c0143495abe003654a4e415a154b11d4.tar.xz apiv1-86be43f1c0143495abe003654a4e415a154b11d4.zip | |
prevent uuid bruteforcing
Diffstat (limited to 'src/routers/vault/middlewares/legacy/account.js')
| -rw-r--r-- | src/routers/vault/middlewares/legacy/account.js | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/routers/vault/middlewares/legacy/account.js b/src/routers/vault/middlewares/legacy/account.js index fb507de..29da5a6 100644 --- a/src/routers/vault/middlewares/legacy/account.js +++ b/src/routers/vault/middlewares/legacy/account.js @@ -48,6 +48,17 @@ const get_accounts = async (req, res, next) => { return; } + if (session.strictIPCheck && session.ip !== req.ip) { + // the ip is not the same + res.status(403).json({ + status: "error", + error: "ip address mismatch", + }); + req.app.locals.logger.warn(`Vault.legacy.account: ip address mismatch <${session.vault}@vault> [${req.ip}]`); + req.app.locals.cooldown(req, 3e5); + return; + } + res.status(200).json({ status: "success", accounts: session.legacyAccounts, @@ -101,6 +112,17 @@ const claim_by_password = async (req, res, next) => { return; } + if (session.strictIPCheck && session.ip !== req.ip) { + // the ip is not the same + res.status(403).json({ + status: "error", + error: "ip address mismatch", + }); + req.app.locals.logger.warn(`Vault.legacy.account: ip address mismatch <${session.vault}@vault> [${req.ip}]`); + req.app.locals.cooldown(req, 3e5); + return; + } + const legacy = await req.app.locals.legacy.login.findOne({ where: {userid: req.body.username} }); @@ -255,6 +277,17 @@ const migrate = async (req, res, next) => { return; } + if (session.strictIPCheck && session.ip !== req.ip) { + // the ip is not the same + res.status(403).json({ + status: "error", + error: "ip address mismatch", + }); + req.app.locals.logger.warn(`Vault.legacy.account: ip address mismatch <${session.vault}@vault> [${req.ip}]`); + req.app.locals.cooldown(req, 3e5); + return; + } + let legacy = null; // check if we own it |