Merge branch 'feature-blacklist'

Added rate limiting logging and an error page for hitting the rate limit on opening characters
Added blacklist checks and rate limit logging
2018-04-02 14:27:24 +02:00 · 2018-04-02 14:26:55 +02:00 · 2018-03-12 09:22:04 +02:00 · 2018-03-03 20:13:03 +02:00 · 2018-03-03 17:28:42 +02:00 · 2018-02-24 14:49:42 +00:00
10 changed files with 110 additions and 8 deletions
--- a/rpg-docs/Model/Meta/Blacklist.js
+++ b/rpg-docs/Model/Meta/Blacklist.js
@@ -0,0 +1,9 @@
 Blacklist = new Mongo.Collection("blacklist");
 Schemas.Blacklist = new SimpleSchema({
 	userId: {
 		type: String,
 	},
 });
 Blacklist.attachSchema(Schemas.Blacklist);
--- a/rpg-docs/Routes/API.js
+++ b/rpg-docs/Routes/API.js
@@ -42,12 +42,21 @@ var ifKeyValid = function(apiKey, response, callback){
 };
 var isKeyValid = function(apiKey){
-	return !!Meteor.users.findOne({apiKey});
+	var user = Meteor.users.findOne({apiKey});
 	if (!user) return false;
 	var blackListed = Blacklist.findOne({userId: user._id});
 	return !blackListed;
 };
 var rateLimiter = new RateLimiter();
 rateLimiter.addRule({apiKey: String}, 2, 10000);
 var isRateLimited = function(apiKey){
-	return !rateLimiter.check({apiKey}).allowed;
+	const limited = !rateLimiter.check({apiKey}).allowed
 	if (limited) {
 		console.log(`Rate limit hit by API key ${apiKey}`);
 		return true;
 	} else {
 		return false;
 	}
 };
--- a/rpg-docs/Routes/Routes.js
+++ b/rpg-docs/Routes/Routes.js
@@ -13,6 +13,11 @@ Router.plugin("ensureSignedIn", {
 Router.plugin("dataNotFound", {notFoundTemplate: "notFound"});
 var handleSubError = function(e){
 	Session.set("error", {reason: e.reason, href: location.href});
 	Router.go("/error");
 };
 Router.map(function() {
 	this.route("/", {
 		name: "home",
@@ -36,7 +41,9 @@ Router.map(function() {
 		path: "/character/:_id/",
 		waitOn: function(){
 			return [
-				subsManager.subscribe("singleCharacter", this.params._id),
+				subsManager.subscribe(
 					"singleCharacter", this.params._id, {onError: handleSubError}
 				),
 			];
 		},
 		action: function(){
@@ -52,7 +59,9 @@ Router.map(function() {
 		path: "/character/:_id/:urlName",
 		waitOn: function(){
 			return [
-				subsManager.subscribe("singleCharacter", this.params._id),
+				subsManager.subscribe(
 					"singleCharacter", this.params._id, {onError: handleSubError}
 				),
 			];
 		},
 		data: function() {
@@ -82,7 +91,9 @@ Router.map(function() {
 		path: "/character/:_id/:urlName/print",
 		waitOn: function(){
 			return [
-				subsManager.subscribe("singleCharacter", this.params._id),
+				subsManager.subscribe(
 					"singleCharacter", this.params._id, {onError: handleSubError}
 				),
 			];
 		},
 		data: function() {
@@ -153,4 +164,11 @@ Router.map(function() {
 			document.title = appName;
 		},
 	});
 	this.route("/error", {
 		name: "error",
 		onAfterAction: function() {
 			document.title = `${appName} - Error`;
 		},
 	});
 });
--- a/rpg-docs/client/views/character/features/features.html
+++ b/rpg-docs/client/views/character/features/features.html
@@ -133,6 +133,12 @@
 			<div class="right clickable flex layout horizontal center">
 				{{title}}
 			</div>
 			<div class="layout horizontal center">
 				<div class="layout vertical">
 					<paper-button class="resourceResetMax" disabled={{cantIncrement}}>Reset</paper-button>
 					<paper-button class="resourceResetZero" disabled={{cantDecrement}}>Clear</paper-button>
 				</div>
 			</div>
 		</paper-material>
 	</div>
 	{{/if}}
--- a/rpg-docs/client/views/character/features/features.js
+++ b/rpg-docs/client/views/character/features/features.js
@@ -111,6 +111,17 @@ Template.resource.helpers({
 });
 Template.resource.events({
 	"click .resourceResetMax": function(event){
 		var modifier = {$set: {}};
 		modifier.$set[this.name + ".adjustment"] = 0;
 		Characters.update(this.char._id, modifier, {validate: false});
 	},
 	"click .resourceResetZero": function(event){
 		var base = Characters.calculate.attributeBase(this.char._id, this.name);
 		var modifier = {$set: {}};
 		modifier.$set[this.name + ".adjustment"] = -base;
 		Characters.update(this.char._id, modifier, {validate: false});
 	},
 	"click .resourceUp": function(event){
 		var value = Characters.calculate.attributeValue(this.char._id, this.name);
 		var base = Characters.calculate.attributeBase(this.char._id, this.name);
--- a/rpg-docs/client/views/character/printedCharacterSheet/printedCharacterSheet.html
+++ b/rpg-docs/client/views/character/printedCharacterSheet/printedCharacterSheet.html
@@ -18,7 +18,7 @@
 			<div class="page">
 				<div class="layout vertical" style="height: 100%;">
 					<div class="layout horizontal center" style="margin-bottom: 4mm">
-						<img src="http://localhost:3000/crown-dice-logo-cropped-transparent.png" style="width: 60px; margin-right: 2mm">
+						<img src="/crown-dice-logo-cropped-transparent.png" style="width: 60px; margin-right: 2mm">
 						<div class="characterName paper-font-title" style="margin-right: 4mm">
 							{{name}}
 						</div>
--- a/rpg-docs/client/views/meta/error/error.html
+++ b/rpg-docs/client/views/meta/error/error.html
@@ -0,0 +1,20 @@
 <template name="error">
 	<app-header-layout has-scrolling-region fullbleed>
 		<app-header class="app-grey white-text" fixed>
 			<app-toolbar>
 				<paper-icon-button icon="menu" drawer-toggle></paper-icon-button>
 			</app-toolbar>
 		</app-header>
 		<div class="fit layout vertical center center-justified">
 			<div class="paper-font-subhead"
 				style="margin-left: 16px;
 				margin-right: 16px;
 				text-align: center;">
 				{{#if errorMessage}}
 					<div>{{errorMessage}}</div>
 					<paper-button class="try-again">Try Again</paper-button>
 				{{/if}}
 			</div>
 		</div>
 	</app-header-layout>
 </template>
--- a/rpg-docs/client/views/meta/error/error.js
+++ b/rpg-docs/client/views/meta/error/error.js
@@ -0,0 +1,17 @@
 Template.error.onRendered(function(){
 	const error = Session.get("error") || {};
 	if (error.href) window.history.replaceState("", "", error.href);
 });
 Template.error.helpers({
 	errorMessage: function(){
 		const error = Session.get("error") || {};
 		return error.reason;
 	},
 });
 Template.error.events({
 	"click .try-again": function(event, instance){
 		window.location.reload();
 	},
 });
--- a/rpg-docs/server/lib/logRateError.js
+++ b/rpg-docs/server/lib/logRateError.js
@@ -0,0 +1,8 @@
 logRateError = function(reply, ruleInput){
 	// reply = {allowed, timeToReset, numInvocationsLeft}
 	// ruleInput = {userId, clientAddress, type, name, connectionId}
 	console.log(
 		`Limit hit for ${ruleInput.type} "${ruleInput.name}" ` +
 		`by user ${ruleInput.userId} from ${ruleInput.clientAddress}`
 	);
 }
--- a/rpg-docs/server/publications/singleCharacter.js
+++ b/rpg-docs/server/publications/singleCharacter.js
@@ -38,9 +38,13 @@ Meteor.publish("singleCharacter", function(characterId){
 DDPRateLimiter.addRule({
 	name: "singleCharacter",
 	type: "subscription",
-	userId(){ return true; },
+	userId: null,
 	connectionId(){ return true; },
-}, 8, 5000);
+}, 8, 10000, function(reply, ruleInput){
 	if(!reply.allowed){
 		logRateError(reply, ruleInput);
 	}
 });
 Meteor.publish("singleCharacterName", function(characterId){
 	userId = this.userId;
Author	SHA1	Message	Date
Thaum Rystra	45e9f491ff	Merge branch 'feature-blacklist'	2018-04-02 14:27:24 +02:00
Thaum Rystra	742b26b0de	Added rate limiting logging and an error page for hitting the rate limit on opening characters	2018-04-02 14:26:55 +02:00
Stefan Zermatten	164ba78c81	Added blacklist checks and rate limit logging Needs testing	2018-03-12 09:22:04 +02:00
Thaum Rystra	e27211b24d	Merge branch 'enhancement-154'	2018-03-03 20:13:03 +02:00
Thaum Rystra	30987752cc	Hotfix - Remove localhost from image link on printed character sheet	2018-03-03 17:28:42 +02:00
Jacob	4e574c0f51	Added "clear" (reset to 0) button to resource cards	2018-02-24 14:49:42 +00:00
Jacob	80b195b7f7	Added reset button to resource cards	2018-02-24 14:42:41 +00:00