Attacco SPAM

src/server/router/users_router.js

@@ -58,18 +58,50 @@ router.post('/', async (req, res) => {
   body.email = body.email.toLowerCase();
 
   const user = new User(body);
+  user.ipaddr = tools.getiPAddressUser(req);
 
   // tools.mylog("LANG PASSATO = " + user.lang, "IDAPP", user.idapp);
 
+  if (!tools.isAlphaNumeric(body.username)) {
+    await tools.snooze(5000);
+    res.status(400).send({ code: server_constants.RIS_CODE_USERNAME_NOT_VALID, msg: '' });
+    return 1;
+  }
+
+  if (tools.blockwords(body.username)) {
+    tools.writeIPToBan(user.ipaddr + ': [' + user.username + '] ' + user.name + ' ' + user.surname);
+    await tools.snooze(100000);
+    res.status(400).send({ code: server_constants.RIS_CODE_USERNAME_NOT_VALID, msg: '' });
+    return 1;
+  }
+
+
   user.linkreg = reg.getlinkregByEmail(body.idapp, body.email, body.username);
   user.verified_email = false;
-  user.ipaddr = tools.getiPAddressUser(req);
   user.lasttimeonline = new Date();
   user.date_reg = new Date();
   user.aportador_iniziale = user.aportador_solidario;
-  if (user.idapp === tools.AYNI) {
+  /* if (user.idapp === tools.AYNI) {
     user.profile.paymenttypes = ['paypal'];
+  } */
+
+  // Controlla se anche l'ultimo record era dallo stesso IP:
+  const lastrec = await User.getLastRec(body.idapp);
+  if (!!lastrec) {
+    if (lastrec.ipaddr === user.ipaddr) {
+      // Se l'ha fatto troppo ravvicinato
+      if (lastrec.date_reg) {
+        let ris = tools.isdiffSecDateLess(lastrec.date_reg, 120);
+        if (ris) {
+          tools.writeIPToBan(user.ipaddr + ': [' + user.username + '] ' + user.name + ' ' + user.surname);
+          await tools.snooze(10000);
+          res.status(400).send({ code: server_constants.RIS_CODE_BANIP, msg: '' });
+          return 1;
+        }
+      }
+    }
   }
+
   // user.perm = 3;
   if (tools.testing()) {
     user.verified_email = true;