jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Properly detect new user agents and location

Browse Source
This commit is contained in:
Johannes Zellner
2021-04-30 13:21:50 +02:00
parent af2c096975
commit fb5c2a5e52
6 changed files with 72 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/users.js
View File

@@ -30,6 +30,8 @@ exports = module.exports = {
sendPasswordResetByIdentifier,
checkLoginLocation,
setupAccount,
getAvatarUrl,
setAvatar,
@@ -72,6 +74,7 @@ let assert = require('assert'),
tokens = require('./tokens.js'),
userdb = require('./userdb.js'),
uuid = require('uuid'),
superagent = require('superagent'),
validator = require('validator'),
_ = require('underscore');
@@ -527,6 +530,38 @@ function sendPasswordResetByIdentifier(identifier, callback) {
});
}
function checkLoginLocation(user, ip, userAgent) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof ip, 'string');
assert.strictEqual(typeof userAgent, 'string');
debug(`checkLoginLocation: ${user.id} ${ip} ${userAgent}`);
superagent.get('https://geolocation.cloudron.io/json').query({ ip: ip }).end(function (error, result) {
if (error) return console.error('Failed to get geoip info:', error);
const country = result.body.country.names.en;
const city = result.body.city.names.en;
const knownLogin = user.locations.find(function (l) {
return l.userAgent === userAgent && l.country === country && l.city === city;
});
if (knownLogin) return;
// purge potentially old locations where ts > now() - 6 months
const sixMonthsBack = Date.now() - 6 * 30 * 24 * 60 * 60 * 1000;
var locations = user.locations.filter(function (l) { return l.ts > sixMonthsBack; });
locations.push({ ts: Date.now(), ip, userAgent, country, city });
userdb.update(user.id, { locations }, function (error) {
if (error) console.error('checkLoginLocation: Failed to update user location.', error);
mailer.sendNewLoginLocation(user, ip, userAgent, country, city);
});
});
}
function setPassword(user, newPassword, callback) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof newPassword, 'string');