add guestbook rate limits

2023-02-22 16:42:43 +10:00 · 2023-02-22 16:42:43 +10:00 · 4bf345b541
parent 12f0f4bee6
commit 4bf345b541
2 changed files with 27 additions and 1 deletions
--- a/routes/guestbook.js
+++ b/routes/guestbook.js
@ -38,8 +38,8 @@ async function submit(req, res, next) {
    const { name, email, message } = req.body; 
    const hidemail = req.body.hidemail ? (req.body.hidemail == 'on' ? true : false) : false;

+    // check for errors
    let errors = [];
-
    if (message.length >= 512) {
        errors.push('Maximum length is 512 characters.');
    }
@ -63,6 +63,30 @@ async function submit(req, res, next) {
        return;
    }

+    // actual shit
+
+    let records = await Sequelize.Guestbook.findAll({
+        where: {
+            ip: req.ip
+        }
+    });
+    let latest = 0;
+    for (const record of records) {
+        if (record.time > latest) latest = record.time;
+    }
+    const time = Math.floor(Date.now() / 1000);
+
+    if (time - latest < 60) {
+        res.redirect(
+            '/guestbook?error=' +
+            encodeURIComponent(
+                'You are allowed to send 1 message per minute. You will be able to send next message in ' + ((latest + 60) - time) + ' seconds.'
+            )
+        );
+        return;
+    }
+
+
    let data = await Sequelize.Guestbook.create({
        name,
        email,
--- a/view/guestbook.pug
+++ b/view/guestbook.pug
@ -39,6 +39,8 @@ block content
                        if (errors)
                            br
                            span(style='font-weight:bold;color:darkred;font-size:9pt') !{errors}
+                            br
+                            a(style='font-size:9pt' href='/guestbook') Clear errors
            td(style='padding:0 16px;margin:0')
                h5 Guidelines
                ul