|
|
|
'use strict';
|
|
|
|
|
|
|
|
const Mongo = require(__dirname+'/../../db/db.js')
|
|
|
|
, { Posts } = require(__dirname+'/../../db/')
|
|
|
|
, timeUtils = require(__dirname+'/../timeutils.js')
|
|
|
|
|
|
|
|
module.exports = async (req, res) => {
|
|
|
|
|
|
|
|
if (res.locals.permLevel <= 1) { //global staff bypass spam check
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
const now = Date.now();
|
|
|
|
const last120id = Mongo.ObjectId.createFromTime(Math.floor((now - (timeUtils.MINUTE*2))/1000));
|
|
|
|
const last30id = Mongo.ObjectId.createFromTime(Math.floor((now - (timeUtils.MINUTE*0.5))/1000));
|
|
|
|
const last5id = Mongo.ObjectId.createFromTime(Math.floor((now - 5000)/1000));
|
|
|
|
const ors = [];
|
|
|
|
const contentOr = [];
|
|
|
|
if (res.locals.numFiles > 0) {
|
|
|
|
contentOr.push({
|
|
|
|
'files': {
|
|
|
|
'$elemMatch': {
|
|
|
|
'hash': { //any file hash will match, doesnt need to be all
|
|
|
|
'$in': req.files.file.map(f => f.sha256)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
if (req.body.message) {
|
|
|
|
contentOr.push({
|
|
|
|
'nomarkup': req.body.message
|
|
|
|
})
|
|
|
|
}
|
|
|
|
//matching content from any IP in the past 30 seconds
|
|
|
|
ors.push({
|
|
|
|
'_id': {
|
|
|
|
'$gt': last30id
|
|
|
|
},
|
|
|
|
'$or': contentOr
|
|
|
|
});
|
|
|
|
//matching content from same IP in last 2 minutes
|
|
|
|
ors.push({
|
|
|
|
'_id': {
|
|
|
|
'$gt': last120id
|
|
|
|
},
|
|
|
|
'ip.single': res.locals.ip.single,
|
|
|
|
'$or': contentOr
|
|
|
|
});
|
|
|
|
//any posts from same IP in past 5 seconds TODO: make this just use a redis key of IP and expire after 5 seconds
|
|
|
|
ors.push({
|
|
|
|
'_id': {
|
|
|
|
'$gt': last5id
|
|
|
|
},
|
|
|
|
'ip.single': res.locals.ip.single
|
|
|
|
})
|
|
|
|
|
|
|
|
let flood = await Posts.db.find({
|
|
|
|
'$or': ors
|
|
|
|
}).toArray();
|
|
|
|
|
|
|
|
return flood.length > 0;
|
|
|
|
|
|
|
|
}
|