From 54e5b61095f4c99bb90f6695982074cbfa425423 Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Wed, 3 Feb 2021 17:42:49 +0100 Subject: :lock: prevent passwort denial of server --- src/routes/api/v8/auth/login.ts | 6 +++--- src/routes/api/v8/auth/register.ts | 20 +++++++++++--------- src/routes/api/v8/channel/#CHANNELID/followers.ts | 4 ---- src/routes/api/v8/channel/#CHANNELID/index.ts | 4 ---- src/routes/api/v8/channel/#CHANNELID/invites.ts | 4 ---- src/routes/api/v8/channel/#CHANNELID/messages.ts | 4 ---- src/routes/api/v8/channel/#CHANNELID/permissions.ts | 4 ---- src/routes/api/v8/channel/#CHANNELID/pins.ts | 4 ---- src/routes/api/v8/channel/#CHANNELID/recipients.ts | 4 ---- src/routes/api/v8/channel/#CHANNELID/typing.ts | 4 ---- src/routes/api/v8/channels/#CHANNELID/followers.ts | 4 ++++ src/routes/api/v8/channels/#CHANNELID/index.ts | 4 ++++ src/routes/api/v8/channels/#CHANNELID/invites.ts | 4 ++++ src/routes/api/v8/channels/#CHANNELID/messages.ts | 4 ++++ src/routes/api/v8/channels/#CHANNELID/permissions.ts | 4 ++++ src/routes/api/v8/channels/#CHANNELID/pins.ts | 4 ++++ src/routes/api/v8/channels/#CHANNELID/recipients.ts | 4 ++++ src/routes/api/v8/channels/#CHANNELID/typing.ts | 4 ++++ src/routes/api/v8/invite/index.ts | 4 ---- src/routes/api/v8/invites/index.ts | 4 ++++ 20 files changed, 50 insertions(+), 48 deletions(-) delete mode 100644 src/routes/api/v8/channel/#CHANNELID/followers.ts delete mode 100644 src/routes/api/v8/channel/#CHANNELID/index.ts delete mode 100644 src/routes/api/v8/channel/#CHANNELID/invites.ts delete mode 100644 src/routes/api/v8/channel/#CHANNELID/messages.ts delete mode 100644 src/routes/api/v8/channel/#CHANNELID/permissions.ts delete mode 100644 src/routes/api/v8/channel/#CHANNELID/pins.ts delete mode 100644 src/routes/api/v8/channel/#CHANNELID/recipients.ts delete mode 100644 src/routes/api/v8/channel/#CHANNELID/typing.ts create mode 100644 src/routes/api/v8/channels/#CHANNELID/followers.ts create mode 100644 src/routes/api/v8/channels/#CHANNELID/index.ts create mode 100644 src/routes/api/v8/channels/#CHANNELID/invites.ts create mode 100644 src/routes/api/v8/channels/#CHANNELID/messages.ts create mode 100644 src/routes/api/v8/channels/#CHANNELID/permissions.ts create mode 100644 src/routes/api/v8/channels/#CHANNELID/pins.ts create mode 100644 src/routes/api/v8/channels/#CHANNELID/recipients.ts create mode 100644 src/routes/api/v8/channels/#CHANNELID/typing.ts delete mode 100644 src/routes/api/v8/invite/index.ts create mode 100644 src/routes/api/v8/invites/index.ts (limited to 'src/routes/api/v8') diff --git a/src/routes/api/v8/auth/login.ts b/src/routes/api/v8/auth/login.ts index 92676971..d8cab00a 100644 --- a/src/routes/api/v8/auth/login.ts +++ b/src/routes/api/v8/auth/login.ts @@ -1,6 +1,6 @@ import { Request, Response, Router } from "express"; import db from "../../../../util/Database"; -import { check, FieldErrors } from "../../../../util/instanceOf"; +import { check, FieldErrors, Length } from "../../../../util/instanceOf"; import bcrypt from "bcrypt"; import jwt from "jsonwebtoken"; import Config from "../../../../util/Config"; @@ -11,8 +11,8 @@ const router: Router = Router(); router.post( "/", check({ - login: String, // email or telephone - password: String, + login: new Length(String, 2, 100), // email or telephone + password: new Length(String, 8, 64), $undelete: Boolean, $captcha_key: String, $login_source: String, diff --git a/src/routes/api/v8/auth/register.ts b/src/routes/api/v8/auth/register.ts index 410c7f50..5c163890 100644 --- a/src/routes/api/v8/auth/register.ts +++ b/src/routes/api/v8/auth/register.ts @@ -2,22 +2,24 @@ import { NextFunction, Request, Response, Router } from "express"; import Config from "../../../../util/Config"; import db from "../../../../util/Database"; import bcrypt from "bcrypt"; -import { check, Email, EMAIL_REGEX, FieldErrors } from "../../../../util/instanceOf"; +import { check, Email, EMAIL_REGEX, FieldErrors, Length } from "../../../../util/instanceOf"; import { Snowflake } from "../../../../util/Snowflake"; import "missing-native-js-functions"; import { User } from "../../../../models/User"; import { generateToken } from "./login"; -import { checkLength, trimSpecial } from "../../../../util/String"; +import { trimSpecial } from "../../../../util/String"; const router: Router = Router(); router.post( "/", check({ - username: String, - password: String, + username: new Length(String, 2, 32), + // TODO: check min password length in config + // prevent Denial of Service with max length of 64 chars + password: new Length(String, 8, 64), consent: Boolean, - $email: Email, + $email: new Length(Email, 5, 100), $fingerprint: String, $invite: String, $date_of_birth: Date, // "2000-04-03" @@ -52,9 +54,6 @@ router.post( // discriminator will be randomly generated let discriminator = ""; - checkLength(adjusted_username, 2, 32, "username", req); - checkLength(password, 8, 100, "password", req); - const { register } = Config.get(); // check if registration is allowed @@ -146,7 +145,10 @@ router.post( adjusted_password = await bcrypt.hash(password, 12); let exists; - // TODO: is there any better way to generate a random discriminator only once, without checking if it already exists in the database? + // randomly generates a discriminator between 1 and 9999 and checks max five times if it already exists + // if it all five times already exists, abort with USERNAME_TOO_MANY_USERS error + // else just continue + // TODO: is there any better way to generate a random discriminator only once, without checking if it already exists in the mongodb database? for (let tries = 0; tries < 5; tries++) { discriminator = Math.randomIntBetween(1, 9999).toString().padStart(4, "0"); exists = await db.data.users({ discriminator, username: adjusted_username }).get({ id: true }); diff --git a/src/routes/api/v8/channel/#CHANNELID/followers.ts b/src/routes/api/v8/channel/#CHANNELID/followers.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channel/#CHANNELID/followers.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channel/#CHANNELID/index.ts b/src/routes/api/v8/channel/#CHANNELID/index.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channel/#CHANNELID/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channel/#CHANNELID/invites.ts b/src/routes/api/v8/channel/#CHANNELID/invites.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channel/#CHANNELID/invites.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channel/#CHANNELID/messages.ts b/src/routes/api/v8/channel/#CHANNELID/messages.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channel/#CHANNELID/messages.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channel/#CHANNELID/permissions.ts b/src/routes/api/v8/channel/#CHANNELID/permissions.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channel/#CHANNELID/permissions.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channel/#CHANNELID/pins.ts b/src/routes/api/v8/channel/#CHANNELID/pins.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channel/#CHANNELID/pins.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channel/#CHANNELID/recipients.ts b/src/routes/api/v8/channel/#CHANNELID/recipients.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channel/#CHANNELID/recipients.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channel/#CHANNELID/typing.ts b/src/routes/api/v8/channel/#CHANNELID/typing.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channel/#CHANNELID/typing.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channels/#CHANNELID/followers.ts b/src/routes/api/v8/channels/#CHANNELID/followers.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/api/v8/channels/#CHANNELID/followers.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/api/v8/channels/#CHANNELID/index.ts b/src/routes/api/v8/channels/#CHANNELID/index.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/api/v8/channels/#CHANNELID/index.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/api/v8/channels/#CHANNELID/invites.ts b/src/routes/api/v8/channels/#CHANNELID/invites.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/api/v8/channels/#CHANNELID/invites.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/api/v8/channels/#CHANNELID/messages.ts b/src/routes/api/v8/channels/#CHANNELID/messages.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/api/v8/channels/#CHANNELID/messages.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/api/v8/channels/#CHANNELID/permissions.ts b/src/routes/api/v8/channels/#CHANNELID/permissions.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/api/v8/channels/#CHANNELID/permissions.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/api/v8/channels/#CHANNELID/pins.ts b/src/routes/api/v8/channels/#CHANNELID/pins.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/api/v8/channels/#CHANNELID/pins.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/api/v8/channels/#CHANNELID/recipients.ts b/src/routes/api/v8/channels/#CHANNELID/recipients.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/api/v8/channels/#CHANNELID/recipients.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/api/v8/channels/#CHANNELID/typing.ts b/src/routes/api/v8/channels/#CHANNELID/typing.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/api/v8/channels/#CHANNELID/typing.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/api/v8/invite/index.ts b/src/routes/api/v8/invite/index.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/invite/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/invites/index.ts b/src/routes/api/v8/invites/index.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/api/v8/invites/index.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; -- cgit 1.5.1