move throttle, add web login

misterhat · misterhat · commit a05017293203 · 2020-12-25T14:46:42.000-06:00
diff --git a/src/handlers/player.js b/src/handlers/player.js
@@ -6,6 +6,24 @@ const sleep = require('sleep-promise');
 const bcryptCompare = promisify(bcrypt.compare);
 const bcryptHash = promisify(bcrypt.hash);
 
+async function throttleAttempt(queryHandler, ip) {
+    let { attempts, lastDate } = queryHandler.getLoginAttempts(ip);
+
+    if (attempts >= 5) {
+        if (Date.now() - lastDate >= 1000 * 60 * 5) {
+            return true;
+        } else {
+            queryHandler.setLoginAttempts(ip, 0);
+            attempts = 0;
+        }
+    } else {
+        queryHandler.setLoginAttempts(ip, attempts + 1);
+    }
+
+    await sleep(attempts * 1000);
+    return false;
+}
+
 async function playerCount({ token }) {
     const queryHandler = this.server.queryHandler;
     const playerCount = queryHandler.getPlayerCount();
@@ -47,31 +65,22 @@ async function playerLogin({ token, username, password, ip, reconnecting }) {
 
     const queryHandler = this.server.queryHandler;
 
-    let { attempts, lastDate } = queryHandler.getLoginAttempts(ip);
-
-    if (attempts >= 5) {
-        if (Date.now() - lastDate >= 1000 * 60 * 5) {
-            queryHandler.setLoginAttempts(ip, 0);
-            attempts = 0;
-        } else {
-            message.code = 7;
-            message.success = false;
-            this.socket.sendMessage(message);
-            return;
-        }
+    if (await throttleAttempt(queryHandler, ip)) {
+        message.code = 7;
+        message.success = false;
+        return this.socket.sendMessage(message);
     }
 
-    await sleep(attempts * 1000);
-
     const hash = queryHandler.getPlayerPassword(username);
 
     if (!hash || !(await bcryptCompare(password, hash))) {
         message.code = 3;
         message.success = false;
-        queryHandler.setLoginAttempts(ip, attempts + 1);
         return this.socket.sendMessage(message);
     }
 
+    queryHandler.setLoginAttempts(ip, 0);
+
     const rounds = bcrypt.getRounds(hash);
     const passwordHashRounds = this.server.config.passwordHashRounds;
 
@@ -265,10 +274,7 @@ async function playerMessage({
             message
         });
 
-        this.socket.sendMessage({
-            token,
-            success: true
-        });
+        this.socket.sendMessage({ token, success: true });
     } catch (e) {
         this.socket.sendMessage({
             token,
@@ -278,6 +284,28 @@ async function playerMessage({
     }
 }
 
+async function webLogin({ token, username, password, ip }) {
+    username = username.trim().toLowerCase();
+
+    const queryHandler = this.server.queryHandler;
+
+    if (await throttleAttempt(queryHandler, ip)) {
+        return this.socket.sendMessage({ token, success: false });
+    }
+
+    const hash = queryHandler.getPlayerPassword(username);
+
+    if (!hash || !(await bcryptCompare(password, hash))) {
+        return this.socket.sendMessage({ token, success: false });
+    }
+
+    queryHandler.setLoginAttempts(ip, 0);
+
+    const player = queryHandler.getWebPlayer(username);
+
+    return this.socket.sendMessage({ token, success: true, player });
+}
+
 module.exports = {
     playerCount,
     playerGetWorlds,
@@ -287,5 +315,6 @@ module.exports = {
     playerOnlineCount,
     playerRegister,
     playerUpdate,
-    playerMessage
+    playerMessage,
+    webLogin
 };
diff --git a/src/query-handler.js b/src/query-handler.js
@@ -146,8 +146,8 @@ class QueryHandler {
                 'FROM `players` WHERE `username` = ?',
             searchNews:
                 'SELECT `id`, `date`, `category`, `title`, ' +
-                `substr(\`body\`, 0, ${SUMMARY_LENGTH}) AS \`summary\`, ` +
-                'count(1) over() AS `total` FROM `news` WHERE ' +
+                `trim(substr(\`body\`, 0, ${SUMMARY_LENGTH})) AS ` +
+                '`summary`, count(1) over() AS `total` FROM `news` WHERE ' +
                 'CASE WHEN :category > -1 THEN `category` = :category ELSE ' +
                 'true END AND ' +
                 'CASE WHEN LENGTH(:terms) > 2 THEN `title` LIKE :terms OR ' +
@@ -157,7 +157,9 @@ class QueryHandler {
                 'ORDER BY `date` DESC ' +
                 `LIMIT ${NEWS_PER_PAGE} OFFSET (:page * ${NEWS_PER_PAGE})`,
             getNews: 'SELECT * FROM `news` WHERE `id` = ?',
-            getFile: 'SELECT `file` FROM `uploads` WHERE `name` = ?'
+            getFile: 'SELECT `file` FROM `uploads` WHERE `name` = ?',
+            getWebPlayer:
+                'SELECT `id`, `rank` FROM `players` WHERE `username` = ?'
         };
 
         for (const [name, statement] of Object.entries(this.statements)) {
@@ -508,6 +510,10 @@ class QueryHandler {
         return this.statements.getFile.pluck().get(name);
     }
 
+    getWebPlayer(username) {
+        return this.statements.getWebPlayer.get(username);
+    }
+
     sync() {
         this.database.pragma('journal_mode = WAL');
         this.createTables();
