From a44e100f447c7887c21ae9de69e698b993dcbc56 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 19:29:21 -0400 Subject: [PATCH 01/27] HAck a spammer regex test for libs/utils check --- server/libs/utils.js | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/server/libs/utils.js b/server/libs/utils.js index aefdfcf..2bdb369 100644 --- a/server/libs/utils.js +++ b/server/libs/utils.js @@ -18,7 +18,16 @@ import { isPostgres } from '../config.js'; -const check = (list, item) => list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())); +// Spammer +const SPAMMER_ORG_PATTERN = /^68[0-9a-f]{22}$/; + +const check = (list, item) => { + if (SPAMMER_ORG_PATTERN.test(item)) { + console.log("DENIED SPAMMER: ", item); + return true; + } + return list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())); +} export const isDDosCompany = orgToken => check(ddosBombCompanies, orgToken); export const isDeniedCompany = orgToken => check(deniedCompanies, orgToken); export const isDeniedDevice = orgToken => check(deniedDevices, orgToken); From 0208be1507bc3d51b51b75da3533fb1537554acb Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 19:42:28 -0400 Subject: [PATCH 02/27] return status 200 and rpc command on AccessDenied error --- server/index.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/server/index.js b/server/index.js index 3bf23ec..da5487e 100644 --- a/server/index.js +++ b/server/index.js @@ -73,8 +73,14 @@ app.use(bodyParser.raw(parserLimits)); console.error(err.message, err.stack); if (err instanceof AccessDeniedError) { - return res.status(403) - .send({ error: err.message }); + console.log('return RPC command'); + return res.status(200) + .send({ + error: err.message, + background_geolocation: [ + ['stop'] + ] + }); } return res.status(500) From fe669dfacee96cb2497ce21dd9b33ac46460ec00 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 19:57:47 -0400 Subject: [PATCH 03/27] fix bug in return1GbFile --- server/libs/utils.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/libs/utils.js b/server/libs/utils.js index 2bdb369..ebcf7ae 100644 --- a/server/libs/utils.js +++ b/server/libs/utils.js @@ -104,9 +104,9 @@ export function hydrate(row) { } export function return1Gbfile(res) { - const file1gb = resolve(__dirname, '..', '..', '..', 'text.null.gz'); - res.setHeader('Content-Encoding', 'gzip, deflate'); - createReadStream(file1gb).pipe(res); + //const file1gb = resolve(__dirname, '..', '..', '..', 'text.null.gz'); + //res.setHeader('Content-Encoding', 'gzip, deflate'); + //createReadStream(file1gb).pipe(res); } export const checkAuth = verifier => (req, res, next) => { From d9e38e616e971cea5091e6b1cd0117b441c37856 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 20:00:46 -0400 Subject: [PATCH 04/27] throw AccessDeniedError in return 1GbFile --- server/libs/utils.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/server/libs/utils.js b/server/libs/utils.js index ebcf7ae..570b462 100644 --- a/server/libs/utils.js +++ b/server/libs/utils.js @@ -107,6 +107,11 @@ export function return1Gbfile(res) { //const file1gb = resolve(__dirname, '..', '..', '..', 'text.null.gz'); //res.setHeader('Content-Encoding', 'gzip, deflate'); //createReadStream(file1gb).pipe(res); + throw new AccessDeniedError( + 'This is a question from the CEO of Transistor Software:\n' + + 'Why are you spamming my demo server?\n' + + 'Please email me at chris@transistorsoft.com.', {cause: 'banned'} + ); } export const checkAuth = verifier => (req, res, next) => { From 6dfe3fa3c359334fdcdbc86f3e640c01a739bc77 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 20:09:56 -0400 Subject: [PATCH 05/27] return 'ban' command --- server/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/index.js b/server/index.js index da5487e..331645c 100644 --- a/server/index.js +++ b/server/index.js @@ -78,7 +78,7 @@ app.use(bodyParser.raw(parserLimits)); .send({ error: err.message, background_geolocation: [ - ['stop'] + ['ban'] ] }); } From 6bc1823f098e87d984efa71a99d81f92f8b9816f Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 20:53:01 -0400 Subject: [PATCH 06/27] Fix AccessDeniedError --- server/routes/api-v2.js | 15 +++++++++++++++ server/routes/site-api.js | 2 ++ 2 files changed, 17 insertions(+) diff --git a/server/routes/api-v2.js b/server/routes/api-v2.js index acebc5b..fbc0db2 100644 --- a/server/routes/api-v2.js +++ b/server/routes/api-v2.js @@ -11,6 +11,7 @@ import { isAdmin, isDDosCompany, RegistrationRequiredError, + checkCompany, return1Gbfile, } from '../libs/utils.js'; import { isProduction } from '../config.js'; @@ -236,6 +237,7 @@ router.get('/stats', checkAuth(verify), async (req, res) => { router.get('/locations/latest', checkAuth(verify), async (req, res) => { const { org } = req.jwt; + let { deviceId } = req.jwt; ({ device_id: deviceId = deviceId } = req.query); let { companyId } = req.jwt; @@ -300,6 +302,19 @@ router.get('/locations', checkAuth(verify), async (req, res) => { */ router.post('/locations', checkAuth(verify), async (req, res) => { const { deviceId, org } = req.jwt; + try { + checkCompany(org, {}); + } catch(err) { + if (err instanceof AccessDeniedError) { + console.log('Caught denied company: returning ban response ;)'); + return res.status(200).send({ + error: err.message, + background_geolocation: [ + ['ban'] + ] + }); + } + } const device = await getDevice({ id: deviceId, org }); // eslint-disable-next-line no-console diff --git a/server/routes/site-api.js b/server/routes/site-api.js index 8ccd4e6..c148587 100644 --- a/server/routes/site-api.js +++ b/server/routes/site-api.js @@ -13,8 +13,10 @@ import { isAdmin, isAdminToken, isDDosCompany, + isDeniedCompany, isPassword, return1Gbfile, + checkCompany } from '../libs/utils.js'; import { deleteDevice, getDevices } from '../models/Device.js'; import { From e0746ebd2d541b880fb246616d85c9bb30ec38be Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:00:21 -0400 Subject: [PATCH 07/27] ban --- server/index.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/index.js b/server/index.js index 331645c..3464aa6 100644 --- a/server/index.js +++ b/server/index.js @@ -70,6 +70,8 @@ app.use(bodyParser.raw(parserLimits)); // eslint-disable-next-line no-unused-vars app.use((err, req, res, next) => { + console.log("*** Caught an excpetion"); + console.error(err.message, err.stack); if (err instanceof AccessDeniedError) { From a29cd04ddc9125c3925b9eb099dd246ffe0948d7 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:04:50 -0400 Subject: [PATCH 08/27] catch EntityTooLarge error0 --- server/index.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/server/index.js b/server/index.js index 3464aa6..70790a0 100644 --- a/server/index.js +++ b/server/index.js @@ -70,17 +70,18 @@ app.use(bodyParser.raw(parserLimits)); // eslint-disable-next-line no-unused-vars app.use((err, req, res, next) => { - console.log("*** Caught an excpetion"); - console.error(err.message, err.stack); - if (err instanceof AccessDeniedError) { + console.error(err.message, err.type, err.stack); + + if ((err instanceof AccessDeniedError) || (err.type == 'entity.too.large')) { console.log('return RPC command'); return res.status(200) .send({ error: err.message, background_geolocation: [ - ['ban'] + ['ban'], + ['stop'] ] }); } From 6d176e3ebb3899c8fc04f90201187c2459f4acb6 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:22:45 -0400 Subject: [PATCH 09/27] Update ban code --- server/routes/api-v2.js | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/server/routes/api-v2.js b/server/routes/api-v2.js index fbc0db2..e31cc10 100644 --- a/server/routes/api-v2.js +++ b/server/routes/api-v2.js @@ -306,13 +306,19 @@ router.post('/locations', checkAuth(verify), async (req, res) => { checkCompany(org, {}); } catch(err) { if (err instanceof AccessDeniedError) { - console.log('Caught denied company: returning ban response ;)'); - return res.status(200).send({ - error: err.message, - background_geolocation: [ - ['ban'] - ] - }); + if (err.cause === 'banned') { + console.log('Caught denied company: returning ban response ;)'); + return res.status(200).send({ + error: err.message, + background_geolocation: [ // <-- Send an RPC + ['setConfig', {maxRecordsToPersist: 0, debug: true}], + ['stop'], + ['ban', err.message] + ] + }); + } else { + return res.status(403).send({ error: err.toString() }); + } } } const device = await getDevice({ id: deviceId, org }); @@ -353,7 +359,7 @@ router.post('/locations', checkAuth(verify), async (req, res) => { if (err instanceof AccessDeniedError) { if (err.cause === 'banned') { // Sends background-geolocation RPC commands back to the SDK to try and stop this device from spamming us. - return res.status(403).send({ + return res.status(200).send({ error: 'BANNED', background_geolocation: [ // <-- Send an RPC ['setConfig', {maxRecordsToPersist: 0, debug: true}], From 8ed8d53b4387b0aa7f04e56b46705abf79eb30b5 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:37:07 -0400 Subject: [PATCH 10/27] add ban check to post /locations/:company_token --- server/routes/api-v2.js | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/server/routes/api-v2.js b/server/routes/api-v2.js index e31cc10..740d64b 100644 --- a/server/routes/api-v2.js +++ b/server/routes/api-v2.js @@ -385,6 +385,27 @@ router.post('/locations', checkAuth(verify), async (req, res) => { */ router.post('/locations/:company_token', checkAuth(verify), async (req, res) => { const { deviceId, org } = req.jwt; + + try { + checkCompany(org, {}); + } catch(err) { + if (err instanceof AccessDeniedError) { + if (err.cause === 'banned') { + console.log('Caught denied company: returning ban response ;)'); + return res.status(200).send({ + error: err.message, + background_geolocation: [ // <-- Send an RPC + ['setConfig', {maxRecordsToPersist: 0, debug: true}], + ['stop'], + ['ban', err.message] + ] + }); + } else { + return res.status(403).send({ error: err.toString() }); + } + } + } + const { company_token: orgId } = req.params; const device = await getDevice({ id: deviceId, org: org || orgId }); From 5bd6627d5fc9603e4df2c205dcf747c57e63719e Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:38:29 -0400 Subject: [PATCH 11/27] Ban in /register --- server/routes/api-v2.js | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/server/routes/api-v2.js b/server/routes/api-v2.js index 740d64b..d217698 100644 --- a/server/routes/api-v2.js +++ b/server/routes/api-v2.js @@ -65,6 +65,26 @@ router.post('/register', async (req, res) => { framework, ); + try { + checkCompany(org, {}); + } catch(err) { + if (err instanceof AccessDeniedError) { + if (err.cause === 'banned') { + console.log('Caught denied company: returning ban response ;)'); + return res.status(200).send({ + error: err.message, + background_geolocation: [ // <-- Send an RPC + ['setConfig', {maxRecordsToPersist: 0, debug: true}], + ['stop'], + ['ban', err.message] + ] + }); + } else { + return res.status(403).send({ error: err.toString() }); + } + } + } + // eslint-disable-next-line no-console dataLogOn && console.log(`v2:post:register:${org}`.yellow, JSON.stringify(req.body)); From 53d89b8cb0c9c3fb96f99acaeac98fbbf688a366 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:42:28 -0400 Subject: [PATCH 12/27] Ban in /register --- server/routes/api-v2.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/routes/api-v2.js b/server/routes/api-v2.js index d217698..ec15362 100644 --- a/server/routes/api-v2.js +++ b/server/routes/api-v2.js @@ -325,6 +325,8 @@ router.post('/locations', checkAuth(verify), async (req, res) => { try { checkCompany(org, {}); } catch(err) { + console.log('*** caught error, cause: ', err.cause); + if (err instanceof AccessDeniedError) { if (err.cause === 'banned') { console.log('Caught denied company: returning ban response ;)'); From 5d6b79ddad4c02f2fc09bf8507f05a28510bda08 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:45:27 -0400 Subject: [PATCH 13/27] Ban in /register --- server/routes/api-v2.js | 1 + 1 file changed, 1 insertion(+) diff --git a/server/routes/api-v2.js b/server/routes/api-v2.js index ec15362..681d346 100644 --- a/server/routes/api-v2.js +++ b/server/routes/api-v2.js @@ -411,6 +411,7 @@ router.post('/locations/:company_token', checkAuth(verify), async (req, res) => try { checkCompany(org, {}); } catch(err) { + console.log('*** [2] caught error, cause: ', err.cause); if (err instanceof AccessDeniedError) { if (err.cause === 'banned') { console.log('Caught denied company: returning ban response ;)'); From f66617186f2c7514946c5e52844d6a7cf2c0d68d Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:49:04 -0400 Subject: [PATCH 14/27] Ban in /register --- server/routes/api-v2.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/routes/api-v2.js b/server/routes/api-v2.js index 681d346..bb70cc4 100644 --- a/server/routes/api-v2.js +++ b/server/routes/api-v2.js @@ -409,7 +409,9 @@ router.post('/locations/:company_token', checkAuth(verify), async (req, res) => const { deviceId, org } = req.jwt; try { + console.log('*** [BEFORE] checkCompany: ', org); checkCompany(org, {}); + console.log('*** [AFTER] checkCompany: ', org); } catch(err) { console.log('*** [2] caught error, cause: ', err.cause); if (err instanceof AccessDeniedError) { From ae329c8e0ea66b3082341631e9b641cf8f295173 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:51:35 -0400 Subject: [PATCH 15/27] Ban in /register --- server/routes/site-api.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/routes/site-api.js b/server/routes/site-api.js index c148587..750fc13 100644 --- a/server/routes/site-api.js +++ b/server/routes/site-api.js @@ -194,6 +194,8 @@ router.post('/locations', getAuth(verify), async (req, res) => { router.post('/locations/:company_token', getAuth(verify), async (req, res) => { const { company_token: org } = req.params; + console.log('*** old api: ', org); + console.info('v1:locations:post'.green, 'org:name'.green, org); if (isDDosCompany(org)) { From 410c747a67bf80d68098a343cbcfd7d28e533856 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:54:26 -0400 Subject: [PATCH 16/27] Ban in /register --- server/routes/api-v2.js | 5 ----- server/routes/site-api.js | 20 +++++++++++++++++++- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/server/routes/api-v2.js b/server/routes/api-v2.js index bb70cc4..11f1d6d 100644 --- a/server/routes/api-v2.js +++ b/server/routes/api-v2.js @@ -325,8 +325,6 @@ router.post('/locations', checkAuth(verify), async (req, res) => { try { checkCompany(org, {}); } catch(err) { - console.log('*** caught error, cause: ', err.cause); - if (err instanceof AccessDeniedError) { if (err.cause === 'banned') { console.log('Caught denied company: returning ban response ;)'); @@ -409,14 +407,11 @@ router.post('/locations/:company_token', checkAuth(verify), async (req, res) => const { deviceId, org } = req.jwt; try { - console.log('*** [BEFORE] checkCompany: ', org); checkCompany(org, {}); - console.log('*** [AFTER] checkCompany: ', org); } catch(err) { console.log('*** [2] caught error, cause: ', err.cause); if (err instanceof AccessDeniedError) { if (err.cause === 'banned') { - console.log('Caught denied company: returning ban response ;)'); return res.status(200).send({ error: err.message, background_geolocation: [ // <-- Send an RPC diff --git a/server/routes/site-api.js b/server/routes/site-api.js index 750fc13..9fc9a26 100644 --- a/server/routes/site-api.js +++ b/server/routes/site-api.js @@ -194,7 +194,25 @@ router.post('/locations', getAuth(verify), async (req, res) => { router.post('/locations/:company_token', getAuth(verify), async (req, res) => { const { company_token: org } = req.params; - console.log('*** old api: ', org); + try { + checkCompany(org, {}); + } catch(err) { + console.log('*** [2] caught error, cause: ', err.cause); + if (err instanceof AccessDeniedError) { + if (err.cause === 'banned') { + return res.status(200).send({ + error: err.message, + background_geolocation: [ // <-- Send an RPC + ['setConfig', {maxRecordsToPersist: 0, debug: true}], + ['stop'], + ['ban', err.message] + ] + }); + } else { + return res.status(403).send({ error: err.toString() }); + } + } + } console.info('v1:locations:post'.green, 'org:name'.green, org); From 0f4b156bde43d3aaf00aa3c02320f009b5e2dc1f Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:56:40 -0400 Subject: [PATCH 17/27] Ban in /register --- server/routes/site-api.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/routes/site-api.js b/server/routes/site-api.js index 9fc9a26..53fd364 100644 --- a/server/routes/site-api.js +++ b/server/routes/site-api.js @@ -194,6 +194,8 @@ router.post('/locations', getAuth(verify), async (req, res) => { router.post('/locations/:company_token', getAuth(verify), async (req, res) => { const { company_token: org } = req.params; + console.log('*** company_token: ', company_token, ', org: ', org); + try { checkCompany(org, {}); } catch(err) { From 6d29f45103d50d1c5ffdf5d8f36f26426ce2a7a3 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:58:16 -0400 Subject: [PATCH 18/27] Ban in /register --- server/routes/site-api.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/routes/site-api.js b/server/routes/site-api.js index 53fd364..bc6ced7 100644 --- a/server/routes/site-api.js +++ b/server/routes/site-api.js @@ -194,7 +194,7 @@ router.post('/locations', getAuth(verify), async (req, res) => { router.post('/locations/:company_token', getAuth(verify), async (req, res) => { const { company_token: org } = req.params; - console.log('*** company_token: ', company_token, ', org: ', org); + console.log('*** params ', params); try { checkCompany(org, {}); From 490db00993601dedca99909cdd1745ff59f5a102 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 21:59:36 -0400 Subject: [PATCH 19/27] Ban in /register --- server/routes/site-api.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/routes/site-api.js b/server/routes/site-api.js index bc6ced7..91e8a80 100644 --- a/server/routes/site-api.js +++ b/server/routes/site-api.js @@ -194,7 +194,7 @@ router.post('/locations', getAuth(verify), async (req, res) => { router.post('/locations/:company_token', getAuth(verify), async (req, res) => { const { company_token: org } = req.params; - console.log('*** params ', params); + console.log('*** params ', req.params, ', org: ', org); try { checkCompany(org, {}); From d7b6eecad9264b5378d10b3630a79e6602faf20d Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 22:01:37 -0400 Subject: [PATCH 20/27] Ban in /register --- server/routes/site-api.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/routes/site-api.js b/server/routes/site-api.js index 91e8a80..802874c 100644 --- a/server/routes/site-api.js +++ b/server/routes/site-api.js @@ -194,10 +194,11 @@ router.post('/locations', getAuth(verify), async (req, res) => { router.post('/locations/:company_token', getAuth(verify), async (req, res) => { const { company_token: org } = req.params; - console.log('*** params ', req.params, ', org: ', org); try { + console.log('*** [BEFORE] checkCompany: ', org); checkCompany(org, {}); + console.log('*** [AFTER] checkCompany: ', org); } catch(err) { console.log('*** [2] caught error, cause: ', err.cause); if (err instanceof AccessDeniedError) { From fafe840b72df1ff1fae047f09d630db05f63a2d7 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 22:03:54 -0400 Subject: [PATCH 21/27] Ban in /register --- server/libs/utils.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/server/libs/utils.js b/server/libs/utils.js index 570b462..09854e6 100644 --- a/server/libs/utils.js +++ b/server/libs/utils.js @@ -26,6 +26,9 @@ const check = (list, item) => { console.log("DENIED SPAMMER: ", item); return true; } + var found = return list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())); + console.log('*** checkCompany FOUND? ', found); + return list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())); } export const isDDosCompany = orgToken => check(ddosBombCompanies, orgToken); From 530bf41d37570da24ced06649cd879f08d629f5d Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 22:06:19 -0400 Subject: [PATCH 22/27] Ban in /register --- server/libs/utils.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/libs/utils.js b/server/libs/utils.js index 09854e6..3c0cef7 100644 --- a/server/libs/utils.js +++ b/server/libs/utils.js @@ -26,7 +26,7 @@ const check = (list, item) => { console.log("DENIED SPAMMER: ", item); return true; } - var found = return list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())); + var found = list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())); console.log('*** checkCompany FOUND? ', found); return list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())); From 8b70b184a09dac1c67760120f1b603e5a6035df9 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 22:08:29 -0400 Subject: [PATCH 23/27] Ban in /register --- server/libs/utils.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/libs/utils.js b/server/libs/utils.js index 3c0cef7..bfc0237 100644 --- a/server/libs/utils.js +++ b/server/libs/utils.js @@ -26,10 +26,10 @@ const check = (list, item) => { console.log("DENIED SPAMMER: ", item); return true; } - var found = list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())); + var found = list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())) !== undefined; console.log('*** checkCompany FOUND? ', found); - return list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())); + return (list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase()))) !== undefined; } export const isDDosCompany = orgToken => check(ddosBombCompanies, orgToken); export const isDeniedCompany = orgToken => check(deniedCompanies, orgToken); From 8f31ad44e4d63921de4eb74d3ff1f45d96ff8137 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 22:12:49 -0400 Subject: [PATCH 24/27] Ban in /register --- server/libs/utils.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/server/libs/utils.js b/server/libs/utils.js index bfc0237..21d5160 100644 --- a/server/libs/utils.js +++ b/server/libs/utils.js @@ -27,7 +27,9 @@ const check = (list, item) => { return true; } var found = list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())) !== undefined; - console.log('*** checkCompany FOUND? ', found); + console.log('*** checkCompnay list: ', list); + + console.log('*** checkCompany ', item, ', FOUND? ', found); return (list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase()))) !== undefined; } From 636ed6b52d24242dea74ffb2986dce62947c1247 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 22:23:43 -0400 Subject: [PATCH 25/27] Ban in /register --- server/routes/api-v2.js | 8 ++++---- server/routes/site-api.js | 5 ++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/server/routes/api-v2.js b/server/routes/api-v2.js index 11f1d6d..fd3c05f 100644 --- a/server/routes/api-v2.js +++ b/server/routes/api-v2.js @@ -11,7 +11,7 @@ import { isAdmin, isDDosCompany, RegistrationRequiredError, - checkCompany, + isDeniedCompany, return1Gbfile, } from '../libs/utils.js'; import { isProduction } from '../config.js'; @@ -66,7 +66,7 @@ router.post('/register', async (req, res) => { ); try { - checkCompany(org, {}); + isDeniedCompany(org); } catch(err) { if (err instanceof AccessDeniedError) { if (err.cause === 'banned') { @@ -323,7 +323,7 @@ router.get('/locations', checkAuth(verify), async (req, res) => { router.post('/locations', checkAuth(verify), async (req, res) => { const { deviceId, org } = req.jwt; try { - checkCompany(org, {}); + isDeniedCompany(org); } catch(err) { if (err instanceof AccessDeniedError) { if (err.cause === 'banned') { @@ -407,7 +407,7 @@ router.post('/locations/:company_token', checkAuth(verify), async (req, res) => const { deviceId, org } = req.jwt; try { - checkCompany(org, {}); + isDeniedCompany(org); } catch(err) { console.log('*** [2] caught error, cause: ', err.cause); if (err instanceof AccessDeniedError) { diff --git a/server/routes/site-api.js b/server/routes/site-api.js index 802874c..a1ca088 100644 --- a/server/routes/site-api.js +++ b/server/routes/site-api.js @@ -15,8 +15,7 @@ import { isDDosCompany, isDeniedCompany, isPassword, - return1Gbfile, - checkCompany + return1Gbfile } from '../libs/utils.js'; import { deleteDevice, getDevices } from '../models/Device.js'; import { @@ -197,7 +196,7 @@ router.post('/locations/:company_token', getAuth(verify), async (req, res) => { try { console.log('*** [BEFORE] checkCompany: ', org); - checkCompany(org, {}); + isDeniedCompany(org); console.log('*** [AFTER] checkCompany: ', org); } catch(err) { console.log('*** [2] caught error, cause: ', err.cause); From a3bc586aef9f640073250a713a4f7e6444cbb2b4 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 22:28:50 -0400 Subject: [PATCH 26/27] Ban in /register --- server/libs/utils.js | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/server/libs/utils.js b/server/libs/utils.js index 21d5160..bdf9ddc 100644 --- a/server/libs/utils.js +++ b/server/libs/utils.js @@ -26,15 +26,18 @@ const check = (list, item) => { console.log("DENIED SPAMMER: ", item); return true; } - var found = list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase())) !== undefined; - console.log('*** checkCompnay list: ', list); - - console.log('*** checkCompany ', item, ', FOUND? ', found); - return (list.find(x => !!x && (item || '').toLowerCase().startsWith(x.toLowerCase()))) !== undefined; } export const isDDosCompany = orgToken => check(ddosBombCompanies, orgToken); -export const isDeniedCompany = orgToken => check(deniedCompanies, orgToken); +export const isDeniedCompany = orgToken => { + if (check(deniedCompanies, orgToken)) { + throw new AccessDeniedError( + 'This is a question from the CEO of Transistor Software:\n' + + 'Why are you spamming my demo server?\n' + + 'Please email me at chris@transistorsoft.com.', {cause: 'banned'} + ); + } +} export const isDeniedDevice = orgToken => check(deniedDevices, orgToken); export const isAdminToken = orgToken => (!!adminToken && orgToken === adminToken) || (!!adminUsername && adminUsername === orgToken); From 26c7eed90edde92c27c448d4bca19a30cf1d99d7 Mon Sep 17 00:00:00 2001 From: Chris Scott Date: Mon, 15 Sep 2025 22:35:30 -0400 Subject: [PATCH 27/27] Ban in /register --- server/routes/site-api.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/server/routes/site-api.js b/server/routes/site-api.js index a1ca088..dc77240 100644 --- a/server/routes/site-api.js +++ b/server/routes/site-api.js @@ -195,13 +195,11 @@ router.post('/locations/:company_token', getAuth(verify), async (req, res) => { try { - console.log('*** [BEFORE] checkCompany: ', org); isDeniedCompany(org); - console.log('*** [AFTER] checkCompany: ', org); } catch(err) { - console.log('*** [2] caught error, cause: ', err.cause); if (err instanceof AccessDeniedError) { if (err.cause === 'banned') { + console.log('Caught denied company: ', org, ' -- returning ban response ;)'); return res.status(200).send({ error: err.message, background_geolocation: [ // <-- Send an RPC