surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Attacco SPAM

Browse Source
This commit is contained in:
Paolo Arena
2020-07-13 23:35:05 +02:00
parent 2a11673113
commit 650fddc277
5 changed files with 102 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/server/models/user.js
View File

@@ -2174,6 +2174,19 @@ UserSchema.statics.convSubAccount = async function (idapp) {
return { num };
};
UserSchema.statics.getLastRec = async function (idapp) {
const User = this;
lastrec = await User.find({ idapp }).sort({ date_reg: -1 }).limit(1);
if (!!lastrec) {
return lastrec[0];
} else {
return null;
}
};
UserSchema.statics.DbOp = async function (idapp, mydata) {
const User = this;
try {

36
src/server/router/users_router.js
View File

@@ -58,18 +58,50 @@ router.post('/', async (req, res) => {
body.email = body.email.toLowerCase();
const user = new User(body);
user.ipaddr = tools.getiPAddressUser(req);
// tools.mylog("LANG PASSATO = " + user.lang, "IDAPP", user.idapp);
if (!tools.isAlphaNumeric(body.username)) {
await tools.snooze(5000);
res.status(400).send({ code: server_constants.RIS_CODE_USERNAME_NOT_VALID, msg: '' });
return 1;
}
if (tools.blockwords(body.username)) {
tools.writeIPToBan(user.ipaddr + ': [' + user.username + '] ' + user.name + ' ' + user.surname);
await tools.snooze(100000);
res.status(400).send({ code: server_constants.RIS_CODE_USERNAME_NOT_VALID, msg: '' });
return 1;
}
user.linkreg = reg.getlinkregByEmail(body.idapp, body.email, body.username);
user.verified_email = false;
user.ipaddr = tools.getiPAddressUser(req);
user.lasttimeonline = new Date();
user.date_reg = new Date();
user.aportador_iniziale = user.aportador_solidario;
if (user.idapp === tools.AYNI) {
/* if (user.idapp === tools.AYNI) {
user.profile.paymenttypes = ['paypal'];
} */
// Controlla se anche l'ultimo record era dallo stesso IP:
const lastrec = await User.getLastRec(body.idapp);
if (!!lastrec) {
if (lastrec.ipaddr === user.ipaddr) {
// Se l'ha fatto troppo ravvicinato
if (lastrec.date_reg) {
let ris = tools.isdiffSecDateLess(lastrec.date_reg, 120);
if (ris) {
tools.writeIPToBan(user.ipaddr + ': [' + user.username + '] ' + user.name + ' ' + user.surname);
await tools.snooze(10000);
res.status(400).send({ code: server_constants.RIS_CODE_BANIP, msg: '' });
return 1;
}
}
}
}
// user.perm = 3;
if (tools.testing()) {
user.verified_email = true;

22
src/server/telegram/telegrambot.js
View File

@@ -696,7 +696,10 @@ module.exports = {
if (mydata.inviaemail && !!user.email) {
// user.email = 'paolo.arena77@gmail.com';
await sendemail.sendEmail_ByText(user.lang, user.email, user, idapp, {emailbody: mymsg, emailtitle: mytitle});
await sendemail.sendEmail_ByText(user.lang, user.email, user, idapp, {
emailbody: mymsg,
emailtitle: mytitle
});
strout += ' -> (EMAIL OK)';
}
@@ -1356,14 +1359,15 @@ class Telegram {
if (user) {
let ispaypal = false;
if (!!user.profile.paymenttypes) {
if (user.profile.paymenttypes.includes('paypal')) {
/*if (user.profile.paymenttypes.includes('paypal')) {
if (user.profile.email_paypal) {
ispaypal = true
}
}
}*/
if (!!user.profile)
if (!!user.profile.paymenttypes) {
return (user.profile.paymenttypes.length >= 1) && ispaypal;
return (user.profile.paymenttypes.length >= 1);
}
}
@@ -2015,8 +2019,14 @@ class Telegram {
// chiedisino = true;
// rec.msgall_status = StatusMSGALL.CONFIRM;
FormDaMostrare = this.getInlineKeyboard(lang, [
{ text: Menu[lang].SI, callback_data: { action: InlineCmd.VOGLIO_IMBARCARMI, username: utente.username } },
{ text: Menu[lang].NO, callback_data: { action: InlineCmd.NON_VOGLIO_IMBARCARMI, username: utente.username } },
{
text: Menu[lang].SI,
callback_data: { action: InlineCmd.VOGLIO_IMBARCARMI, username: utente.username }
},
{
text: Menu[lang].NO,
callback_data: { action: InlineCmd.NON_VOGLIO_IMBARCARMI, username: utente.username }
},
]);
inviaveramente = true;
} else {

33
src/server/tools/general.js
View File

@@ -26,6 +26,7 @@ const FILELOG = 'filelog.txt';
const FILEEVENTS = 'logevents.txt';
const FILEMANAGERS = 'logmanagers.txt';
const FILESOSTITUZIONI = 'log_sostituzioni.txt';
const FILEIP_TO_BAN = 'log_iptoban.txt';
const FILENAVE = 'logNave.txt';
const subject = process.env.URLBASE_APP1;
const publicVapidKey = process.env.PUBLIC_VAPI_KEY;
@@ -1164,6 +1165,14 @@ module.exports = {
return mydate
},
isdiffSecDateLess(mydatediffstr, secs) {
let mydate = new Date();
// console.log('mydate', mydate);
let mydata2 = new Date(mydatediffstr);
let ris = ((mydate.getTime() - mydata2.getTime()) / 1000);
return (ris < secs);
},
AddDate(mydate, days) {
let date = new Date(mydate);
date.setTime(date.getTime() + days * 86400000);
@@ -1483,6 +1492,10 @@ module.exports = {
this.writelogfile(mystr, FILESOSTITUZIONI);
},
writeIPToBan(mystr) {
this.writelogfile(mystr, FILEIP_TO_BAN);
},
writeFlottaLog(idapp, mystr, riga, col) {
this.mkdirpath(idapp + '/');
this.writelogfile(mystr, idapp + '/' + riga + '_' + col + '.txt');
@@ -1724,7 +1737,27 @@ module.exports = {
return '🇬🇧';
else if (lang === 'fr')
return '🇫🇷';
},
blockwords(mystr) {
if (mystr.includes('ttp')) {
return true;
}
return false;
},
isAlphaNumeric(str) {
let code, i, len;
for (i = 0, len = str.length; i < len; i++) {
code = str.charCodeAt(i);
if (!(code > 47 && code < 58) && // numeric (0-9)
!(code > 64 && code < 91) && // upper alpha (A-Z)
!(code > 96 && code < 123)) { // lower alpha (a-z)
return false;
}
}
return true;
}
};

2
src/server/tools/server_constants.js
View File

@@ -9,6 +9,8 @@ module.exports = Object.freeze({
RIS_CODE_USER_NOT_THIS_APORTADOR: -75,
RIS_CODE_USER_EXTRALIST_NOTFOUND: -70,
RIS_CODE_USERNAME_ALREADY_EXIST: -60,
RIS_CODE_USERNAME_NOT_VALID: -65,
RIS_CODE_BANIP: -63,
RIS_CODE_EMAIL_ALREADY_EXIST: -50,
RIS_CODE_USER_ALREADY_EXIST: -48,
RIS_CODE_EMAIL_NOT_EXIST: -45,