Do some initial and simple SPAM checking

parent e86c209d
Pipeline #52324788 failed with stage
in 1 minute and 9 seconds
......@@ -94,7 +94,45 @@ app.post(
async (req, res) => {
stats.shorten.inc()
const result = await api.createUrl(req.body.url)
// deconstruct all of the input fields
console.log('body:', req.body)
const { url, name, email, location, ts } = req.body
// For SPAM, we're going to check the following:
//
// 1. the dummy field 'name' is (and should always be) blank/empty
// 2. the dummy field 'email' is (and always should be) '[email protected]'
// 3. the dummy field 'location' is (and always should be) exactly the same as 'url'
// 4. the field 'ts' is (and always should be) within the past 5 mins
// 0. before SPAM check that URL is defined
if (url === '') {
res.render('index', {
menu: 'home',
err: 'Provide a URL',
form: {},
})
}
// 1. firstly check that the 'name' input is still blank
if (name !== '') {
res.send('Thanks')
return
}
// 2. the dummy field 'email' is (and always should be) '[email protected]'
if (email !== '[email protected]xample.com') {
res.send('Thanks')
return
}
// 3. the dummy field 'location' is (and always should be) exactly the same as 'url'
if (location !== url) {
res.send('Thanks')
return
}
const result = await api.createUrl(url)
if (!result.ok) {
res.render('index', {
menu: 'home',
......
var url = document.getElementById('url');
var loc = document.getElementById('location');
url.addEventListener('change', function(ev) {
loc.value = ev.target.value;
})
......@@ -6,7 +6,12 @@ block content
h2 Shorten your URLs
p This service is free to use.
form(action="/" method="post")
input.p-6.m-3.border.border-grey-dark.rounded(name="url" placeholder="https://..." value=form.url)
input.hidden(type="text" name="name" placeholder="Your Name" value="")
input.hidden(type="text" name="email" placeholder="Your Email" value="[email protected]")
input#location.hidden(type="text" name="location" placeholder="Location" value="")
input#url.p-6.m-3.border.border-grey-dark.rounded(type="text" name="url" placeholder="https://..." value=form.url)
input.bg-blue-dark.text-white.p-6.m-3.rounded(type="submit" value="Shorten")
if err
p.text-red= err
script(src="/s/js/main.js")
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment