Properly detect new user agents and location
This commit is contained in:
35
src/users.js
35
src/users.js
@@ -30,6 +30,8 @@ exports = module.exports = {
|
||||
|
||||
sendPasswordResetByIdentifier,
|
||||
|
||||
checkLoginLocation,
|
||||
|
||||
setupAccount,
|
||||
getAvatarUrl,
|
||||
setAvatar,
|
||||
@@ -72,6 +74,7 @@ let assert = require('assert'),
|
||||
tokens = require('./tokens.js'),
|
||||
userdb = require('./userdb.js'),
|
||||
uuid = require('uuid'),
|
||||
superagent = require('superagent'),
|
||||
validator = require('validator'),
|
||||
_ = require('underscore');
|
||||
|
||||
@@ -527,6 +530,38 @@ function sendPasswordResetByIdentifier(identifier, callback) {
|
||||
});
|
||||
}
|
||||
|
||||
function checkLoginLocation(user, ip, userAgent) {
|
||||
assert.strictEqual(typeof user, 'object');
|
||||
assert.strictEqual(typeof ip, 'string');
|
||||
assert.strictEqual(typeof userAgent, 'string');
|
||||
|
||||
debug(`checkLoginLocation: ${user.id} ${ip} ${userAgent}`);
|
||||
|
||||
superagent.get('https://geolocation.cloudron.io/json').query({ ip: ip }).end(function (error, result) {
|
||||
if (error) return console.error('Failed to get geoip info:', error);
|
||||
|
||||
const country = result.body.country.names.en;
|
||||
const city = result.body.city.names.en;
|
||||
|
||||
const knownLogin = user.locations.find(function (l) {
|
||||
return l.userAgent === userAgent && l.country === country && l.city === city;
|
||||
});
|
||||
|
||||
if (knownLogin) return;
|
||||
|
||||
// purge potentially old locations where ts > now() - 6 months
|
||||
const sixMonthsBack = Date.now() - 6 * 30 * 24 * 60 * 60 * 1000;
|
||||
var locations = user.locations.filter(function (l) { return l.ts > sixMonthsBack; });
|
||||
|
||||
locations.push({ ts: Date.now(), ip, userAgent, country, city });
|
||||
userdb.update(user.id, { locations }, function (error) {
|
||||
if (error) console.error('checkLoginLocation: Failed to update user location.', error);
|
||||
|
||||
mailer.sendNewLoginLocation(user, ip, userAgent, country, city);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function setPassword(user, newPassword, callback) {
|
||||
assert.strictEqual(typeof user, 'object');
|
||||
assert.strictEqual(typeof newPassword, 'string');
|
||||
|
||||
Reference in New Issue
Block a user