Dekescordes/spacebar
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove whitelist for discord oauth login, add rate limit

Browse Source
This commit is contained in:
Madeline 2022-07-02 21:45:13 +10:00
parent 60ef362251
commit 284d8b72ab
1 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
slowcord/src/index.ts
View File

@ -15,6 +15,16 @@ const app = express();
app.use(cookieParser());
const port = process.env.PORT;
// ip -> unix epoch that requests will be accepted again
const rateLimits: { [ip: string]: number; } = {};
const allowRequestsEveryMs = 0.5 * 1000; // every half second
const allowedRequestsPerSecond = 50;
let requestsThisSecond = 0;
setInterval(() => {
requestsThisSecond = 0;
}, 1000);
class Discord {
static getAccessToken = async (req: Request, res: Response) => {
const { code } = req.query;
@ -69,6 +79,27 @@ const handlers: { [key: string]: any; } = {
"discord": Discord,
};
app.use((req, res, next) => {
requestsThisSecond++;
if (requestsThisSecond > allowedRequestsPerSecond)
return res.sendStatus(429);
const ip = (req.headers["X-Forwarded-For"] as string) || req.socket.remoteAddress as string;
console.log(`${ip}`);
if (!rateLimits[ip]) {
rateLimits[ip] = Date.now() + allowRequestsEveryMs;
}
else if (rateLimits[ip] > Date.now()) {
rateLimits[ip] += allowRequestsEveryMs;
return res.sendStatus(429);
}
else {
delete rateLimits[ip];
}
next();
});
app.get("/oauth/:type", async (req, res) => {
const { type } = req.params;
const handler = handlers[type];
@ -80,18 +111,6 @@ app.get("/oauth/:type", async (req, res) => {
const details = await handler.getUserDetails(data.access_token);
if (!details) return res.sendStatus(500);
// temp dirty solution
const whitelist = [
"226230010132824066", // maddyunderstars
"84022289024159744", // arcane
"841745750576726057", // gold
"398941530053672962", // erkinalp
"682572949219180547", // cyber
"920388642604732456", // aaron
];
if (whitelist.indexOf(details.id) === -1) return res.sendStatus(403);
let user = await User.findOne({ where: { email: details.email } });
if (!user) {
user = await User.register({