Timeouting wrong tokens

2025-10-29 18:00:23 +00:00 · 2018-03-03 16:41:24 +01:00
parent 7d10360c81
commit e6eb066911
2 changed files with 43 additions and 29 deletions
--- a/server/README.md
+++ b/server/README.md
@@ -6,7 +6,7 @@ Under ``` /server/apps/ ```, there are two files, ``` admin.js ``` and ``` clien

 All PUT, DELETE and POST endpoints have a 2-second waitlimit for each command per client. You'll get a response with Retry-After header for how long you have to wait. Shuffling in a player has a 5-second waitlimit, but per channel instead of per client.

-If you want to skip the wait-times, send a mail to the team at contact@zoff.me, and get a token. Tokens are added to all the POST, PUT, DELETE, requests as ``` token: TOKEN ```
+If you want to skip the wait-times, send a mail to the team at contact@zoff.me, and get a token. Tokens are added to all the POST, PUT, DELETE, requests as ``` token: TOKEN ```.

 All requests return things on this form (results field is added if successful.)

--- a/server/routing/client/api.js
+++ b/server/routing/client/api.js
@@ -147,11 +147,13 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
        if(token_docs.length == 1 && token_docs[0].token == token) {
            authorized = true;
        }
-        if(token != "" && !authorized) {
-            res.status(403).send(JSON.stringify(error.not_authenticated));
-            return;
-        }
        checkTimeout(guid, res, authorized, "DELETE", function() {
+            if(token != "" && !authorized) {
+                updateTimeout(guid, res, authorized, "DELETE", function(err, docs) {
+                    res.status(403).send(JSON.stringify(error.not_authenticated));
+                    return;
+                });
+            }
            validateLogin(adminpass, userpass, channel_name, "delete", res, function(exists) {
                if(!exists) {
                    res.status(404).send(JSON.stringify(error.not_found.list));
@@ -242,11 +244,13 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
        if(token_docs.length == 1 && token_docs[0].token == token) {
            authorized = true;
        }
-        if(token != "" && !authorized) {
-            res.status(403).send(JSON.stringify(error.not_authenticated));
-            return;
-        }
        checkTimeout(guid, res, authorized, "CONFIG", function() {
+            if(token != "" && !authorized) {
+                updateTimeout(guid, res, authorized, "CONFIG", function(err, docs) {
+                    res.status(403).send(JSON.stringify(error.not_authenticated));
+                    return;
+                });
+            }
            validateLogin(adminpass, userpass, channel_name, "config", res, function(exists, conf) {
                if(!exists && conf.length == 0) {
                    res.status(404).send(JSON.stringify(error.not_found.list));
@@ -338,11 +342,13 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
        if(token_docs.length == 1 && token_docs[0].token == token) {
            authorized = true;
        }
-        if(token != "" && !authorized) {
-            res.status(403).send(JSON.stringify(error.not_authenticated));
-            return;
-        }
        checkTimeout(guid, res, authorized, "PUT", function() {
+            if(token != "" && !authorized) {
+                updateTimeout(guid, res, authorized, "PUT", function(err, docs) {
+                    res.status(403).send(JSON.stringify(error.not_authenticated));
+                    return;
+                });
+            }
            validateLogin(adminpass, userpass, channel_name, "vote", res, function(exists) {
                if(!exists) {
                    res.status(404).send(JSON.stringify(error.not_found.list));
@@ -405,11 +411,13 @@ router.route('/api/list/:channel_name/__np__').post(function(req, res) {
        if(token_docs.length == 1 && token_docs[0].token == token) {
            authorized = true;
        }
-        if(token != "" && !authorized) {
-            res.status(403).send(JSON.stringify(error.not_authenticated));
-            return;
-        }
        checkTimeout(guid, res, authorized, "POST", function() {
+            if(token != "" && !authorized) {
+                updateTimeout(guid, res, authorized, "POST", function(err, docs) {
+                    res.status(403).send(JSON.stringify(error.not_authenticated));
+                    return;
+                });
+            }
            db.collection(channel_name).find({now_playing: true}, toShowChannel, function(err, list) {
                if(list.length > 0) {
                    db.collection(channel_name + "_settings").find({ id: "config" }, function(err, conf) {
@@ -482,11 +490,13 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
        if(token_docs.length == 1 && token_docs[0].token == token) {
            authorized = true;
        }
-        if(token != "" && !authorized) {
-            res.status(403).send(JSON.stringify(error.not_authenticated));
-            return;
-        }
        checkTimeout(guid, res, authorized, "POST", function() {
+            if(token != "" && !authorized) {
+                updateTimeout(guid, res, authorized, "POST", function(err, docs) {
+                    res.status(403).send(JSON.stringify(error.not_authenticated));
+                    return;
+                });
+            }
            var type = fetch_only ? "fetch_song" : "add";
            validateLogin(adminpass, userpass, channel_name, type, res, function(exists, conf, authenticated) {
                db.collection(channel_name).find({id: video_id}, function(err, result) {
@@ -682,11 +692,13 @@ router.route('/api/conf/:channel_name').post(function(req, res) {
        if(token_docs.length == 1 && token_docs[0].token == token) {
            authorized = true;
        }
-        if(token != "" && !authorized) {
-            res.status(403).send(JSON.stringify(error.not_authenticated));
-            return;
-        }
        checkTimeout(guid, res, authorized, "POST", function() {
+            if(token != "" && !authorized) {
+                updateTimeout(guid, res, authorized, "DELETE", function(err, docs) {
+                    res.status(403).send(JSON.stringify(error.not_authenticated));
+                    return;
+                });
+            }
            db.collection(channel_name + "_settings").find({ id: "config" }, toShowConfig, function(err, docs) {
                if(docs.length > 0 && docs[0].userpass == userpass) {
                    var conf = docs[0];
@@ -747,11 +759,13 @@ router.route('/api/list/:channel_name').post(function(req, res) {
        if(token_docs.length == 1 && token_docs[0].token == token) {
            authorized = true;
        }
-        if(token != "" && !authorized) {
-            res.status(403).send(JSON.stringify(error.not_authenticated));
-            return;
-        }
        checkTimeout(guid, res, authorized, "POST", function() {
+            if(token != "" && !authorized) {
+                updateTimeout(guid, res, authorized, "POST", function(err, docs) {
+                    res.status(403).send(JSON.stringify(error.not_authenticated));
+                    return;
+                });
+            }
            db.collection(channel_name).find({views: {$exists: false}}, toShowChannel, function(err, list) {
                if(list.length > 0) {
                    db.collection(channel_name + "_settings").find({ id: "config" }, function(err, conf) {