diff --git a/src/api/post.ts b/src/api/post.ts index 49284f1..998263b 100644 --- a/src/api/post.ts +++ b/src/api/post.ts @@ -9,6 +9,7 @@ import { db } from "../sys/db.js" import { sha256 } from "../sys/crypto.js"; import { get64, uts } from "../sys/tools.js"; import { addShutdownTask } from "nman"; +import { suspectRequest } from "../sys/bruteforce.js"; let acts = importActs as { [key: string]: Act }; @@ -17,7 +18,7 @@ let tempTokens: { [key: string]: postClient } = {}; export const addPostMethods = (server: express.Express) => { for (const act in acts) { let methode = acts[act]; - server.post("/api/" + act, async (req, res) => { + server.post("/api/" + act, async (req: suspectRequest, res) => { debug("POST", "reveived:", req.body); const aws = (state: string, data: any) => { res.status(state == "error" ? 400 : 200); @@ -31,11 +32,12 @@ export const addPostMethods = (server: express.Express) => { if (tempTokens[auth.token] != null) { client = tempTokens[auth.token]; } else { + if(req.suspect)req.suspect(); aws("error", "token"); return; } } else if (auth?.params?.name != null && auth?.params?.accountKey != null && typeof auth?.params?.name == "string" && typeof auth?.params?.accountKey == "string") { - client = new postClient(req.socket.remoteAddress ?? ""); + client = new postClient(req.ip); client.name = auth?.params?.name; client.server = "localhost"; let accountKey = auth?.params?.accountKey; @@ -48,7 +50,7 @@ export const addPostMethods = (server: express.Express) => { .query(db); if (query.length == 0 || query[0].accountKey != sha256((query[0].accountKeySalt ?? '') + accountKey)) { - client.suspect(); + if(req.suspect)req.suspect(); aws("error", "auth"); return; } diff --git a/src/sys/bruteforce.ts b/src/sys/bruteforce.ts index e1f5105..c2b62f8 100644 --- a/src/sys/bruteforce.ts +++ b/src/sys/bruteforce.ts @@ -4,7 +4,7 @@ import { uts } from "./tools.js"; import express from "express"; const timeout = 10; -const deleteater = 600; +const deleteafter = 600; const maxSus = 100; var bruteforcedata: { [key: string]: { n: number, t: number } } = {}; @@ -29,7 +29,7 @@ var bruteforcedatacleaner = setInterval(async () => { var utst = uts(); let keys = Object.keys(bruteforcedata); for (var i = 0; i < keys.length; i++) { - if (utst - bruteforcedata[keys[i]].t > deleteater) { + if (utst - bruteforcedata[keys[i]].t > deleteafter) { log("Bruteforce Protection", "remove ip: ", keys[i]); delete bruteforcedata[keys[i]]; }