Limit user registrations

This commit is contained in:
calzoneman 2014-02-09 19:52:24 -06:00
parent 23acdd7613
commit 55b6e99896
4 changed files with 48 additions and 16 deletions

View File

@ -57,6 +57,8 @@ youtube-v2-key: ''
channel-save-interval: 5 channel-save-interval: 5
# Limit for the number of channels a user can register # Limit for the number of channels a user can register
max-channels-per-user: 5 max-channels-per-user: 5
# Limit for the number of accounts an IP address can register
max-accounts-per-ip: 5
# Minimum number of seconds between guest logins from the same IP # Minimum number of seconds between guest logins from the same IP
guest-login-delay: 60 guest-login-delay: 60
# Block known Tor IP addresses # Block known Tor IP addresses

View File

@ -50,6 +50,7 @@ var defaults = {
"youtube-v2-key": "", "youtube-v2-key": "",
"channel-save-interval": 5, "channel-save-interval": 5,
"max-channels-per-user": 5, "max-channels-per-user": 5,
"max-accounts-per-ip": 5,
"guest-login-delay": 60, "guest-login-delay": 60,
"enable-tor-blocker": true, "enable-tor-blocker": true,
stats: { stats: {

View File

@ -2,6 +2,7 @@
var $util = require("../utilities"); var $util = require("../utilities");
var bcrypt = require("bcrypt"); var bcrypt = require("bcrypt");
var db = require("../database"); var db = require("../database");
var Config = require("../config");
var registrationLock = {}; var registrationLock = {};
var blackHole = function () { }; var blackHole = function () { };
@ -98,41 +99,56 @@ module.exports = {
// on the same user account // on the same user account
registrationLock[lname] = true; registrationLock[lname] = true;
this.isUsernameTaken(name, function (err, taken) { this.getAccounts(ip, function (err, accts) {
if (err) { if (err) {
delete registrationLock[lname]; delete registrationLock[lname];
callback(err, null); callback(err, null);
return; return;
} }
if (taken) { if (accts.length >= Config.get("max-accounts-per-ip")) {
delete registrationLock[lname]; delete registrationLock[lname];
callback("Username is already registered", null); callback("You have registered too many accounts from this "+
"computer.", null);
return; return;
} }
bcrypt.hash(pw, 10, function (err, hash) { module.exports.isUsernameTaken(name, function (err, taken) {
if (err) { if (err) {
delete registrationLock[lname]; delete registrationLock[lname];
callback(err, null); callback(err, null);
return; return;
} }
db.query("INSERT INTO `users` " + if (taken) {
"(`name`, `password`, `global_rank`, `email`, `profile`, `ip`, `time`)" +
" VALUES " +
"(?, ?, ?, ?, '', ?, ?)",
[name, hash, 1, email, ip, Date.now()],
function (err, res) {
delete registrationLock[lname]; delete registrationLock[lname];
callback("Username is already registered", null);
return;
}
bcrypt.hash(pw, 10, function (err, hash) {
if (err) { if (err) {
delete registrationLock[lname];
callback(err, null); callback(err, null);
} else { return;
callback(null, {
name: name,
hash: hash
});
} }
db.query("INSERT INTO `users` " +
"(`name`, `password`, `global_rank`, `email`, `profile`, `ip`, `time`)" +
" VALUES " +
"(?, ?, ?, ?, '', ?, ?)",
[name, hash, 1, email, ip, Date.now()],
function (err, res) {
delete registrationLock[lname];
if (err) {
callback(err, null);
} else {
callback(null, {
name: name,
hash: hash
});
}
});
}); });
}); });
}); });
@ -496,5 +512,17 @@ module.exports = {
} }
db.query("SELECT * FROM `channels` WHERE owner=?", [name], callback); db.query("SELECT * FROM `channels` WHERE owner=?", [name], callback);
},
/**
* Retrieves all names registered from a given IP
*/
getAccounts: function (ip, callback) {
if (typeof callback !== "function") {
return;
}
db.query("SELECT name,global_rank FROM `users` WHERE `ip`=?", [ip],
callback);
} }
}; };

View File

@ -139,6 +139,7 @@ function handleRegisterPage(req, res) {
return; return;
} }
} }
sendJade(res, "register", { sendJade(res, "register", {
registered: false, registered: false,
registerError: false registerError: false