jusax23/actions-test
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

small fixes

Browse source
This commit is contained in:
jusax23 2023-03-02 00:08:21 +01:00
parent 1fbe8d69cb
commit 3b40cc05c3
Signed by: jusax23
GPG key ID: 499E2AA870C1CD41
2 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/api/post.ts
View file

@ -9,6 +9,7 @@ import { db } from "../sys/db.js"
import { sha256 } from "../sys/crypto.js"; import { sha256 } from "../sys/crypto.js";
import { get64, uts } from "../sys/tools.js"; import { get64, uts } from "../sys/tools.js";
import { addShutdownTask } from "nman"; import { addShutdownTask } from "nman";
import { suspectRequest } from "../sys/bruteforce.js";
let acts = importActs as { [key: string]: Act }; let acts = importActs as { [key: string]: Act };
@ -17,7 +18,7 @@ let tempTokens: { [key: string]: postClient } = {};
export const addPostMethods = (server: express.Express) => { export const addPostMethods = (server: express.Express) => {
for (const act in acts) { for (const act in acts) {
let methode = acts[act]; let methode = acts[act];
server.post("/api/" + act, async (req, res) => { server.post("/api/" + act, async (req: suspectRequest, res) => {
debug("POST", "reveived:", req.body); debug("POST", "reveived:", req.body);
const aws = (state: string, data: any) => { const aws = (state: string, data: any) => {
res.status(state == "error" ? 400 : 200); res.status(state == "error" ? 400 : 200);
@ -31,11 +32,12 @@ export const addPostMethods = (server: express.Express) => {
if (tempTokens[auth.token] != null) { if (tempTokens[auth.token] != null) {
client = tempTokens[auth.token]; client = tempTokens[auth.token];
} else { } else {
if(req.suspect)req.suspect();
aws("error", "token"); aws("error", "token");
return; return;
} }
} else if (auth?.params?.name != null && auth?.params?.accountKey != null && typeof auth?.params?.name == "string" && typeof auth?.params?.accountKey == "string") { } else if (auth?.params?.name != null && auth?.params?.accountKey != null && typeof auth?.params?.name == "string" && typeof auth?.params?.accountKey == "string") {
client = new postClient(req.socket.remoteAddress ?? ""); client = new postClient(req.ip);
client.name = auth?.params?.name; client.name = auth?.params?.name;
client.server = "localhost"; client.server = "localhost";
let accountKey = auth?.params?.accountKey; let accountKey = auth?.params?.accountKey;
@ -48,7 +50,7 @@ export const addPostMethods = (server: express.Express) => {
.query(db); .query(db);
if (query.length == 0 || query[0].accountKey != sha256((query[0].accountKeySalt ?? '') + accountKey)) { if (query.length == 0 || query[0].accountKey != sha256((query[0].accountKeySalt ?? '') + accountKey)) {
client.suspect(); if(req.suspect)req.suspect();
aws("error", "auth"); aws("error", "auth");
return; return;
} }

4
src/sys/bruteforce.ts
View file

@ -4,7 +4,7 @@ import { uts } from "./tools.js";
import express from "express"; import express from "express";
const timeout = 10; const timeout = 10;
const deleteater = 600; const deleteafter = 600;
const maxSus = 100; const maxSus = 100;
var bruteforcedata: { [key: string]: { n: number, t: number } } = {}; var bruteforcedata: { [key: string]: { n: number, t: number } } = {};
@ -29,7 +29,7 @@ var bruteforcedatacleaner = setInterval(async () => {
var utst = uts(); var utst = uts();
let keys = Object.keys(bruteforcedata); let keys = Object.keys(bruteforcedata);
for (var i = 0; i < keys.length; i++) { for (var i = 0; i < keys.length; i++) {
if (utst - bruteforcedata[keys[i]].t > deleteater) { if (utst - bruteforcedata[keys[i]].t > deleteafter) {
log("Bruteforce Protection", "remove ip: ", keys[i]); log("Bruteforce Protection", "remove ip: ", keys[i]);
delete bruteforcedata[keys[i]]; delete bruteforcedata[keys[i]];
} }