This commit is contained in:
b1ek 2023-04-17 15:20:12 +10:00
parent d46eeacf41
commit 6cbb91062f
Signed by: blek
GPG Key ID: 14546221E3595D0C
2 changed files with 18 additions and 3 deletions

View File

@ -2,12 +2,25 @@ const express = require('express');
const router = express.Router();
const handler = require('express-async-handler');
const content = require('../helpers/content');
const memcache = require('memcached');
const cache = new memcache(process.env.SESSION_MEMCACHE_HOST);
const crypto = require('crypto');
const { MAXFILES } = process.env;
const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env;
let ratelimits = {};
async function upload(req, res) {
if (!ratelimits[req.ip])
ratelimits[req.ip] = Date.now();
if (Date.now() - ratelimits[req.ip] < RATE_LIMIT) {
res.status(503).send('You are being rate limited.');
return;
}
if (req.body['_csrf'] != req.session.csrf) {
res.status(405).send('CSRF error');
return;
@ -18,13 +31,12 @@ async function upload(req, res) {
return;
}
if (req.body[req.session.captcha_input] != req.session.captcha) {
if ((req.body[req.session.captcha_input] != req.session.captcha) | APP_DEBUG) {
res.status(405).send('Bad captcha');
return;
}
req.session.captcha = crypto.randomBytes(8).toString('base64').substring(0,6);
if (content.submitted() >= MAXFILES) {
res.status(405).send('Not allowed');
@ -42,6 +54,8 @@ async function upload(req, res) {
res.redirect(
'/view?id=' + encodeURIComponent(id)
);
req.session.last_text = '';
}
router.post('/upload', handler(upload));

View File

@ -7,6 +7,7 @@ html(lang='en_US')
title blek! Bin#{title ? title : ''}
link(rel='stylesheet' href='/static/main.css')
body
script 0
h1(align='center')
a(href='/') blek! Bin
p(align='center')