Add ability to ban certain domains

parent 1f0699b1
Pipeline #52845580 passed with stage
in 1 minute and 10 seconds
......@@ -4,6 +4,7 @@
// core
const path = require('path')
const url = require('url')
// npm
const pg = require('pg')
......@@ -17,7 +18,7 @@ const env = require('./env.js')
// ----------------------------------------------------------------------------
// setup
const databasePatchLevel = 3
const databasePatchLevel = 4
// create a pool
const pool = new pg.Pool({
......@@ -45,11 +46,23 @@ function patch (callback) {
// ----------------------------------------------------------------------------
// URLs
const getBannedDomainSql = 'SELECT id FROM banneddomain WHERE domain = $1'
const insUrlSql = 'INSERT INTO url(code, url) VALUES($1, $2) RETURNING *'
async function createUrl (url) {
async function createUrl (newUrl) {
try {
const params = [ zid(6), url ]
// first thing to do is check the `denydomain` table
const parsed = url.parse(newUrl)
const isBanned = await pool.query(getBannedDomainSql, [ parsed.host ])
if (isBanned.rows.length) {
return {
ok: false,
msg: 'Banned domain'
}
}
// all okay, so insert the url with a new shortcode
const params = [ zid(6), newUrl ]
const result = await pool.query(insUrlSql, params)
return {
ok: true,
......@@ -66,9 +79,9 @@ async function createUrl (url) {
const getUrlSql = 'SELECT * FROM url WHERE code = $1'
async function getUrl (url) {
async function getUrl (code) {
try {
const params = [ url ]
const params = [ code ]
const result = await pool.query(getUrlSql, params)
return {
ok: true,
......
......@@ -180,6 +180,9 @@ app.post(
// 3. the dummy field 'location' is (and always should be) exactly the same as 'url'
// 4. the field 'ts' is (and always should be) within the past 5 mins
// 5. the signature field should be valid and dependent on the 'ts'
//
// Note: None of this stops people from adding spam links, it just won't
// (or shouldn't) allow automated bots to do it.
// 1. firstly check that the 'name' input is still blank
if (name !== '') {
......@@ -227,6 +230,9 @@ app.post(
const result = await api.createUrl(url)
if (!result.ok) {
if (result.msg === 'Banned domain') {
stats.banneddomain.inc()
}
const hmac = createTsSig()
res.render('index', {
ts: hmac.ts,
......
......@@ -24,6 +24,7 @@ const pages = [
'tsinvalid',
'tsold',
'sig',
'banneddomain',
'shorten',
'expand',
'view',
......
-- ----------------------------------------------------------------------------
-- table: banneddomain
CREATE TABLE banneddomain (
id INTEGER NOT NULL DEFAULT nextval('object_id_seq'::TEXT) PRIMARY KEY,
domain TEXT NOT NULL,
LIKE base INCLUDING DEFAULTS
);
CREATE TRIGGER banneddomain_update BEFORE UPDATE ON banneddomain
FOR EACH ROW EXECUTE PROCEDURE updated();
-- ----------------------------------------------------------------------------
-- ----------------------------------------------------------------------------
-- tables
DROP TABLE banneddomain;
-- ----------------------------------------------------------------------------
......@@ -20,6 +20,7 @@ block content
th.text-right ✗ TS Invalid
th.text-right ✗ TS Old
th.text-right ✗ Signature
th.text-right ✗ Banned Domain
tbody
for ts in Object.keys(stats).sort()
tr
......@@ -37,5 +38,6 @@ block content
td.text-right= stats[ts].tsinvalid || 0
td.text-right= stats[ts].tsold || 0
td.text-right= stats[ts].sig || 0
td.text-right= stats[ts].banneddomain || 0
p (Ends)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment