diff --git a/src/server/models/user.js b/src/server/models/user.js index f0fecb1..a7658cf 100755 --- a/src/server/models/user.js +++ b/src/server/models/user.js @@ -2174,6 +2174,19 @@ UserSchema.statics.convSubAccount = async function (idapp) { return { num }; }; + +UserSchema.statics.getLastRec = async function (idapp) { + const User = this; + + lastrec = await User.find({ idapp }).sort({ date_reg: -1 }).limit(1); + if (!!lastrec) { + return lastrec[0]; + } else { + return null; + } +}; + + UserSchema.statics.DbOp = async function (idapp, mydata) { const User = this; try { diff --git a/src/server/router/users_router.js b/src/server/router/users_router.js index 64708bd..9e6795a 100755 --- a/src/server/router/users_router.js +++ b/src/server/router/users_router.js @@ -58,18 +58,50 @@ router.post('/', async (req, res) => { body.email = body.email.toLowerCase(); const user = new User(body); + user.ipaddr = tools.getiPAddressUser(req); // tools.mylog("LANG PASSATO = " + user.lang, "IDAPP", user.idapp); + if (!tools.isAlphaNumeric(body.username)) { + await tools.snooze(5000); + res.status(400).send({ code: server_constants.RIS_CODE_USERNAME_NOT_VALID, msg: '' }); + return 1; + } + + if (tools.blockwords(body.username)) { + tools.writeIPToBan(user.ipaddr + ': [' + user.username + '] ' + user.name + ' ' + user.surname); + await tools.snooze(100000); + res.status(400).send({ code: server_constants.RIS_CODE_USERNAME_NOT_VALID, msg: '' }); + return 1; + } + + user.linkreg = reg.getlinkregByEmail(body.idapp, body.email, body.username); user.verified_email = false; - user.ipaddr = tools.getiPAddressUser(req); user.lasttimeonline = new Date(); user.date_reg = new Date(); user.aportador_iniziale = user.aportador_solidario; - if (user.idapp === tools.AYNI) { + /* if (user.idapp === tools.AYNI) { user.profile.paymenttypes = ['paypal']; + } */ + + // Controlla se anche l'ultimo record era dallo stesso IP: + const lastrec = await User.getLastRec(body.idapp); + if (!!lastrec) { + if (lastrec.ipaddr === user.ipaddr) { + // Se l'ha fatto troppo ravvicinato + if (lastrec.date_reg) { + let ris = tools.isdiffSecDateLess(lastrec.date_reg, 120); + if (ris) { + tools.writeIPToBan(user.ipaddr + ': [' + user.username + '] ' + user.name + ' ' + user.surname); + await tools.snooze(10000); + res.status(400).send({ code: server_constants.RIS_CODE_BANIP, msg: '' }); + return 1; + } + } + } } + // user.perm = 3; if (tools.testing()) { user.verified_email = true; diff --git a/src/server/telegram/telegrambot.js b/src/server/telegram/telegrambot.js index 86ef408..0e15d61 100755 --- a/src/server/telegram/telegrambot.js +++ b/src/server/telegram/telegrambot.js @@ -530,7 +530,7 @@ module.exports = { getMsgByTipoMsg: async function (mydata, lang, user, sonosognatore) { if (!!mydata.msgextra) { - return { body: mydata.msgextra, title: ''} ; + return { body: mydata.msgextra, title: '' }; } let title = ''; @@ -696,7 +696,10 @@ module.exports = { if (mydata.inviaemail && !!user.email) { // user.email = 'paolo.arena77@gmail.com'; - await sendemail.sendEmail_ByText(user.lang, user.email, user, idapp, {emailbody: mymsg, emailtitle: mytitle}); + await sendemail.sendEmail_ByText(user.lang, user.email, user, idapp, { + emailbody: mymsg, + emailtitle: mytitle + }); strout += ' -> (EMAIL OK)'; } @@ -720,7 +723,7 @@ module.exports = { let msg = ''; if (!!flotta) { if (!!mydata.tipomsg) { - msg = 'Flotta ' + strflotta + '): ' + tools.getStrMsgByTipoMsg(mydata.tipomsg) + '\n' + mymsg ; + msg = 'Flotta ' + strflotta + '): ' + tools.getStrMsgByTipoMsg(mydata.tipomsg) + '\n' + mymsg; } else { msg = 'Inviato messaggio a tutta la FLOTTA DA ' + flotta.riga + '.' + flotta.col_prima + ' A ' + flotta.riga + '.' + flotta.col_ultima + ' \n' + mymsg; } @@ -1356,14 +1359,15 @@ class Telegram { if (user) { let ispaypal = false; if (!!user.profile.paymenttypes) { - if (user.profile.paymenttypes.includes('paypal')) { + /*if (user.profile.paymenttypes.includes('paypal')) { if (user.profile.email_paypal) { ispaypal = true } - } + }*/ + if (!!user.profile) if (!!user.profile.paymenttypes) { - return (user.profile.paymenttypes.length >= 1) && ispaypal; + return (user.profile.paymenttypes.length >= 1); } } @@ -2015,8 +2019,14 @@ class Telegram { // chiedisino = true; // rec.msgall_status = StatusMSGALL.CONFIRM; FormDaMostrare = this.getInlineKeyboard(lang, [ - { text: Menu[lang].SI, callback_data: { action: InlineCmd.VOGLIO_IMBARCARMI, username: utente.username } }, - { text: Menu[lang].NO, callback_data: { action: InlineCmd.NON_VOGLIO_IMBARCARMI, username: utente.username } }, + { + text: Menu[lang].SI, + callback_data: { action: InlineCmd.VOGLIO_IMBARCARMI, username: utente.username } + }, + { + text: Menu[lang].NO, + callback_data: { action: InlineCmd.NON_VOGLIO_IMBARCARMI, username: utente.username } + }, ]); inviaveramente = true; } else { diff --git a/src/server/tools/general.js b/src/server/tools/general.js index 0697fbd..0c7be4e 100755 --- a/src/server/tools/general.js +++ b/src/server/tools/general.js @@ -26,6 +26,7 @@ const FILELOG = 'filelog.txt'; const FILEEVENTS = 'logevents.txt'; const FILEMANAGERS = 'logmanagers.txt'; const FILESOSTITUZIONI = 'log_sostituzioni.txt'; +const FILEIP_TO_BAN = 'log_iptoban.txt'; const FILENAVE = 'logNave.txt'; const subject = process.env.URLBASE_APP1; const publicVapidKey = process.env.PUBLIC_VAPI_KEY; @@ -1164,6 +1165,14 @@ module.exports = { return mydate }, + isdiffSecDateLess(mydatediffstr, secs) { + let mydate = new Date(); + // console.log('mydate', mydate); + let mydata2 = new Date(mydatediffstr); + let ris = ((mydate.getTime() - mydata2.getTime()) / 1000); + return (ris < secs); + }, + AddDate(mydate, days) { let date = new Date(mydate); date.setTime(date.getTime() + days * 86400000); @@ -1483,6 +1492,10 @@ module.exports = { this.writelogfile(mystr, FILESOSTITUZIONI); }, + writeIPToBan(mystr) { + this.writelogfile(mystr, FILEIP_TO_BAN); + }, + writeFlottaLog(idapp, mystr, riga, col) { this.mkdirpath(idapp + '/'); this.writelogfile(mystr, idapp + '/' + riga + '_' + col + '.txt'); @@ -1724,7 +1737,27 @@ module.exports = { return '🇬🇧'; else if (lang === 'fr') return '🇫🇷'; + }, + + blockwords(mystr) { + if (mystr.includes('ttp')) { + return true; + } + + return false; + }, + + isAlphaNumeric(str) { + let code, i, len; + + for (i = 0, len = str.length; i < len; i++) { + code = str.charCodeAt(i); + if (!(code > 47 && code < 58) && // numeric (0-9) + !(code > 64 && code < 91) && // upper alpha (A-Z) + !(code > 96 && code < 123)) { // lower alpha (a-z) + return false; + } + } + return true; } - - }; diff --git a/src/server/tools/server_constants.js b/src/server/tools/server_constants.js index 7ce747b..4297710 100755 --- a/src/server/tools/server_constants.js +++ b/src/server/tools/server_constants.js @@ -9,6 +9,8 @@ module.exports = Object.freeze({ RIS_CODE_USER_NOT_THIS_APORTADOR: -75, RIS_CODE_USER_EXTRALIST_NOTFOUND: -70, RIS_CODE_USERNAME_ALREADY_EXIST: -60, + RIS_CODE_USERNAME_NOT_VALID: -65, + RIS_CODE_BANIP: -63, RIS_CODE_EMAIL_ALREADY_EXIST: -50, RIS_CODE_USER_ALREADY_EXIST: -48, RIS_CODE_EMAIL_NOT_EXIST: -45,