From 4bf345b541bd73b9c9b47ab1193e8808c100f4b4 Mon Sep 17 00:00:00 2001 From: b1ek Date: Wed, 22 Feb 2023 16:42:43 +1000 Subject: [PATCH] add guestbook rate limits --- routes/guestbook.js | 26 +++++++++++++++++++++++++- view/guestbook.pug | 2 ++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/routes/guestbook.js b/routes/guestbook.js index 19667f8..ebb8d3a 100644 --- a/routes/guestbook.js +++ b/routes/guestbook.js @@ -38,8 +38,8 @@ async function submit(req, res, next) { const { name, email, message } = req.body; const hidemail = req.body.hidemail ? (req.body.hidemail == 'on' ? true : false) : false; + // check for errors let errors = []; - if (message.length >= 512) { errors.push('Maximum length is 512 characters.'); } @@ -63,6 +63,30 @@ async function submit(req, res, next) { return; } + // actual shit + + let records = await Sequelize.Guestbook.findAll({ + where: { + ip: req.ip + } + }); + let latest = 0; + for (const record of records) { + if (record.time > latest) latest = record.time; + } + const time = Math.floor(Date.now() / 1000); + + if (time - latest < 60) { + res.redirect( + '/guestbook?error=' + + encodeURIComponent( + 'You are allowed to send 1 message per minute. You will be able to send next message in ' + ((latest + 60) - time) + ' seconds.' + ) + ); + return; + } + + let data = await Sequelize.Guestbook.create({ name, email, diff --git a/view/guestbook.pug b/view/guestbook.pug index 33a08b6..3c873f6 100644 --- a/view/guestbook.pug +++ b/view/guestbook.pug @@ -39,6 +39,8 @@ block content if (errors) br span(style='font-weight:bold;color:darkred;font-size:9pt') !{errors} + br + a(style='font-size:9pt' href='/guestbook') Clear errors td(style='padding:0 16px;margin:0') h5 Guidelines ul