[pl] jebać narodowców

This commit is contained in:
Avris 2021-08-07 11:14:53 +02:00
parent bf48318723
commit d2ac49bedd
1 changed files with 13 additions and 2 deletions

View File

@ -16,6 +16,13 @@ const USERNAME_CHARS = 'A-Za-zĄĆĘŁŃÓŚŻŹąćęłńóśżź0-9._-';
const normalise = s => s.trim().toLowerCase(); const normalise = s => s.trim().toLowerCase();
const isSpam = (email) => {
return email === 'jav.i.e.rfr.anci.sc.ot.m.p@gmail.com'
|| email.contains('dogazu')
|| email.contains('narodowcy.net')
|| email.length > 128;
}
const saveAuthenticator = async (db, type, user, payload, validForMinutes = null) => { const saveAuthenticator = async (db, type, user, payload, validForMinutes = null) => {
const id = ulid(); const id = ulid();
await db.get(SQL`INSERT INTO authenticators (id, userId, type, payload, validUntil) VALUES ( await db.get(SQL`INSERT INTO authenticators (id, userId, type, payload, validUntil) VALUES (
@ -185,11 +192,15 @@ const router = Router();
router.use(handleErrorAsync(reloadUser)); router.use(handleErrorAsync(reloadUser));
router.post('/user/init', handleErrorAsync(async (req, res) => { router.post('/user/init', handleErrorAsync(async (req, res) => {
if (req.body.usernameOrEmail && req.body.usernameOrEmail.includes('narodowcy.net')) { if (req.body.usernameOrEmail && isSpam(req.body.usernameOrEmail || '')) {
req.socket.end(); req.socket.end();
return; return;
} }
if (!await validateCaptcha(req.body.captchaToken)) {
return res.json({error: 'user.login.captchaInvalid'});
}
let user = undefined; let user = undefined;
let usernameOrEmail = req.body.usernameOrEmail; let usernameOrEmail = req.body.usernameOrEmail;
@ -288,7 +299,7 @@ router.post('/user/change-username', handleErrorAsync(async (req, res) => {
})); }));
router.post('/user/change-email', handleErrorAsync(async (req, res) => { router.post('/user/change-email', handleErrorAsync(async (req, res) => {
if (!req.user) { if (!req.user || req.user.bannedReason || isSpam(req.body.email || '')) {
return res.status(401).json({error: 'Unauthorised'}); return res.status(401).json({error: 'Unauthorised'});
} }