From ea676ddd0351bdf5949c19aeead2fdaeb668dcbf Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sun, 27 Jun 2021 23:14:13 +0200 Subject: :lock: register proxy ip check --- src/routes/auth/register.ts | 19 +++++++++++++++---- src/routes/guilds/#guild_id/bans.ts | 2 +- 2 files changed, 16 insertions(+), 5 deletions(-) (limited to 'src/routes') diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts index 49a3bd6c..f39206f2 100644 --- a/src/routes/auth/register.ts +++ b/src/routes/auth/register.ts @@ -4,6 +4,8 @@ import bcrypt from "bcrypt"; import { check, Email, EMAIL_REGEX, FieldErrors, Length } from "../../util/instanceOf"; import "missing-native-js-functions"; import { generateToken } from "./login"; +import { getIpAdress, IPAnalysis, isProxy } from "../../util/ipAddress"; +import { HTTPError } from "lambert-server"; const router: Router = Router(); @@ -34,7 +36,19 @@ router.post( gift_code_sku_id, // ? what is this captcha_key } = req.body; - console.log("register", req.body.email, req.body.username, req.headers["cf-connecting-ip"]); + + // get register Config + const { register, security } = Config.get(); + const ip = getIpAdress(req); + + if (register.blockProxies) { + if (isProxy(await IPAnalysis(ip))) { + console.log(`proxy ${ip} blocked from registration`); + throw new HTTPError("Your IP is blocked from registration"); + } + } + + console.log("register", req.body.email, req.body.username, ip); // TODO: automatically join invite // TODO: gift_code_sku_id? // TODO: check password strength @@ -51,9 +65,6 @@ router.post( // discriminator will be randomly generated let discriminator = ""; - // get register Config - const { register, security } = Config.get(); - // check if registration is allowed if (!register.allowNewRegistration) { throw FieldErrors({ diff --git a/src/routes/guilds/#guild_id/bans.ts b/src/routes/guilds/#guild_id/bans.ts index 87d2e7f8..cf6a059b 100644 --- a/src/routes/guilds/#guild_id/bans.ts +++ b/src/routes/guilds/#guild_id/bans.ts @@ -1,7 +1,7 @@ import { Request, Response, Router } from "express"; import { BanModel, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, GuildModel, toObject } from "@fosscord/server-util"; import { HTTPError } from "lambert-server"; -import { getIpAdress } from "../../../middlewares/GlobalRateLimit"; +import { getIpAdress } from "../../../util/ipAddress"; import { BanCreateSchema } from "../../../schema/Ban"; import { emitEvent } from "../../../util/Event"; import { check } from "../../../util/instanceOf"; -- cgit 1.5.1