Check the timestamp is within the past 5 mins

parent b15e50d3
Pipeline #52446089 failed with stage
in 1 minute and 13 seconds
......@@ -11,6 +11,7 @@ const favicon = require('serve-favicon')
const errorHandler = require('errorhandler')
const LogFmtr = require('logfmtr')
const yid = require('yid')
const dateFns = require('date-fns')
// local
const pkg = require('../package.json')
......@@ -84,6 +85,7 @@ app.get(
stats.home.inc()
res.render('index', {
menu: 'home',
ts: (new Date()).toISOString(),
form: {}
})
}
......@@ -108,6 +110,7 @@ app.post(
// 0. before SPAM check that URL is defined
if (url === '') {
res.render('index', {
ts: (new Date()).toISOString(),
menu: 'home',
err: 'Provide a URL',
form: {},
......@@ -132,9 +135,22 @@ app.post(
return
}
// 4. the field 'ts' is (and always should be) within the past 5 mins
// check it actually looks like a timestamp e.g. '2019-03-18T20:05:42.276Z'
if ( !ts.match(/^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d\.\d+Z$/) ) {
res.send('Thanks')
return
}
const diffInMins = dateFns.differenceInMinutes( new Date(ts), new Date() )
if ( diffInMins < 0 || diffInMins > 5 ) {
res.send('Thanks')
return
}
const result = await api.createUrl(url)
if (!result.ok) {
res.render('index', {
ts: (new Date()).toISOString(),
menu: 'home',
err: result.msg,
form: {
......
......@@ -782,6 +782,11 @@
"integrity": "sha1-ojD2T1aDEOFJgAmUB5DsmVRbyn4=",
"dev": true
},
"date-fns": {
"version": "1.30.1",
"resolved": "https://registry.npmjs.org/date-fns/-/date-fns-1.30.1.tgz",
"integrity": "sha512-hBSVCvSmWC+QypYObzwGOd9wqdDpOt+0wl0KbU+R+uuZBS1jN8VsD1ss3irQDknRj5NvxiTF6oj/nDRnN/UQNw=="
},
"debug": {
"version": "2.6.9",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
......
......@@ -13,6 +13,7 @@
"dependencies": {
"body-parser": "^1.18.3",
"compression": "^1.7.3",
"date-fns": "^1.30.1",
"errorhandler": "^1.5.0",
"express": "^4.16.4",
"express-async-handler": "^1.1.4",
......
......@@ -9,6 +9,7 @@ block content
input.hidden(type="text" name="name" placeholder="Your Name" value="")
input.hidden(type="text" name="email" placeholder="Your Email" value="[email protected]")
input#location.hidden(type="text" name="location" placeholder="Location" value="")
input.hidden(type="text" name="ts" value=ts)
input#url.p-6.m-3.border.border-grey-dark.rounded(type="text" name="url" placeholder="https://..." value=form.url)
input.bg-blue-dark.text-white.p-6.m-3.rounded(type="submit" value="Shorten")
if err
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment