generated from nhcarrigan/template
feat: client and server logic to manage announcements (#3)
Node.js CI / Lint and Test (push) Successful in 1m9s
Node.js CI / Lint and Test (push) Successful in 1m9s
### Explanation _No response_ ### Issue _No response_ ### Attestations - [x] I have read and agree to the [Code of Conduct](https://docs.nhcarrigan.com/community/coc/) - [x] I have read and agree to the [Community Guidelines](https://docs.nhcarrigan.com/community/guide/). - [x] My contribution complies with the [Contributor Covenant](https://docs.nhcarrigan.com/dev/covenant/). ### Dependencies - [x] I have pinned the dependencies to a specific patch version. ### Style - [x] I have run the linter and resolved any errors. - [x] My pull request uses an appropriate title, matching the conventional commit standards. - [x] My scope of feat/fix/chore/etc. correctly matches the nature of changes in my pull request. ### Tests - [ ] My contribution adds new code, and I have added tests to cover it. - [ ] My contribution modifies existing code, and I have updated the tests to reflect these changes. - [ ] All new and existing tests pass locally with my changes. - [ ] Code coverage remains at or above the configured threshold. ### Documentation _No response_ ### Versioning _No response_ Reviewed-on: #3 Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com> Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>
This commit was merged in pull request #3.
This commit is contained in:
@@ -0,0 +1,36 @@
|
||||
/**
|
||||
* @copyright nhcarrigan
|
||||
* @license Naomi's Public License
|
||||
* @author Naomi Carrigan
|
||||
*/
|
||||
|
||||
import { blockedIps } from "../cache/blockedIps.js";
|
||||
import { getIpFromRequest } from "../modules/getIpFromRequest.js";
|
||||
import type { onRequestHookHandler } from "fastify";
|
||||
|
||||
/**
|
||||
* Ensures that form submissions only come from our web application.
|
||||
* @param request - The request payload from the server.
|
||||
* @param response - The reply handler from Fastify.
|
||||
* @returns A Fastify reply if the request is invalid, otherwise undefined.
|
||||
*/
|
||||
// eslint-disable-next-line @typescript-eslint/no-misused-promises -- For reasons I cannot comprehend, Fastify seems to require us to return a request?
|
||||
export const ipHook: onRequestHookHandler = async(request, response) => {
|
||||
const ip = getIpFromRequest(request);
|
||||
const ipRecord = blockedIps.find(
|
||||
(record) => {
|
||||
return record.ip === ip && record.ttl > new Date();
|
||||
},
|
||||
);
|
||||
if (ipRecord && ipRecord.ttl > new Date()) {
|
||||
return await response.
|
||||
status(403).
|
||||
send({
|
||||
error: `Your IP address (${ipRecord.ip}) has been blocked until ${ipRecord.ttl.toISOString()}, to protect our API against brute-force attacks.`,
|
||||
});
|
||||
}
|
||||
if (ipRecord && ipRecord.ttl <= new Date()) {
|
||||
blockedIps.splice(blockedIps.indexOf(ipRecord), 1);
|
||||
}
|
||||
return undefined;
|
||||
};
|
||||
Reference in New Issue
Block a user