localhost_frssoft/fediauth
1
0
Fork 0
mirror of https://git.phreedom.club/localhost_frssoft/fediauth.git synced 2024-11-22 16:01:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

prevent flooding codes and mention spam

Browse source
This commit is contained in:
localhost_frssoft 2023-09-27 19:47:29 +00:00
parent 509ef3a3b0
commit fc102dddf0
2 changed files with 27 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
functions.lua
View file

@ -227,3 +227,8 @@ function fediauth.give_code(secret_b32, time)
end end
return codeseq return codeseq
end end
function fediauth.str_repeats(s,c)
local _,n = s:gsub(c,"")
return n
end

24
join.lua
View file

@ -14,6 +14,7 @@ local formspecfediadd = "size[9,10]" ..
"button[5,8.7;3,1;submit;Send code]" "button[5,8.7;3,1;submit;Send code]"
local feditempstore = {} local feditempstore = {}
local failed_counter = {}
minetest.register_entity("fediauth:checkmark", { minetest.register_entity("fediauth:checkmark", {
initial_properties = { initial_properties = {
@ -75,6 +76,23 @@ minetest.register_on_joinplayer(function(player)
end end
end) end)
-- prevent flooding codes
minetest.register_on_prejoinplayer(function(name, ip)
if (failed_counter[name] or 0) >= 2 then
return "Please try later, your attempts has expired"
end
end)
local function attempts_cleanup(name)
for k, v in pairs(failed_counter) do
if v >= 2 then
failed_counter[k] = nil
end
end
minetest.after(120, attempts_cleanup)
end
minetest.after(120, attempts_cleanup)
-- clear fediauth session on leave -- clear fediauth session on leave
minetest.register_on_leaveplayer(function(player) minetest.register_on_leaveplayer(function(player)
local playername = player:get_player_name() local playername = player:get_player_name()
@ -105,7 +123,8 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
-- check for new player or doesn't have fedi account -- check for new player or doesn't have fedi account
if fields.fediverse_account_url then if fields.fediverse_account_url then
if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 then -- basic prevent mention spam and limit length
if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 or fediauth.str_repeats(fields.fediverse_account_url, "@") > 2 then
minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Try again, your input is incorrect")) minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Try again, your input is incorrect"))
minetest.show_formspec(playername, FORMNAMEFEDI, formspecfediadd) minetest.show_formspec(playername, FORMNAMEFEDI, formspecfediadd)
return return
@ -129,7 +148,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
if fediauth.check_code(secret_b32, fields.code) then if fediauth.check_code(secret_b32, fields.code) then
local fedi_account = fediauth.storage:get_string(playername .. "_fedi") local fedi_account = fediauth.storage:get_string(playername .. "_fedi")
-- for account without fediverse (for prevent write account if code incorrect -- if player without fediverse (for prevent write account handle if code incorrect)
if fedi_account == "" and feditempstore[playername] then if fedi_account == "" and feditempstore[playername] then
fediauth.storage:set_string(playername .. "_fedi", feditempstore[playername]) fediauth.storage:set_string(playername .. "_fedi", feditempstore[playername])
fedi_account = feditempstore[playername] fedi_account = feditempstore[playername]
@ -143,5 +162,6 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
else else
minetest.kick_player(playername, "fediauth code validation failed") minetest.kick_player(playername, "fediauth code validation failed")
fediauth.regrant_privs(playername) fediauth.regrant_privs(playername)
failed_counter[playername] = (failed_counter[playername] or 0) + 1
end end
end) end)