log tokens to look for malformed token

Joystream · Sep 22, 2023 · 4bc0b25 · 4bc0b25
1 parent b9b684c
commit 4bc0b25
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 9 deletions.
diff --git a/src/app.ts b/src/app.ts
@@ -96,7 +96,7 @@ app.get('/status', async (req, res) => {
 })
 
 app.post('/register', async (req, res) => {
- log(`register request for ${req.body.handle} from ${req.ip}`)
+ log(`Register request for ${req.body.handle} from ${req.ip}`)
  metrics.register_attempt.inc(1)
 
  await joy.init

diff --git a/src/captcha.ts b/src/captcha.ts
@@ -19,8 +19,10 @@ export async function verifyCaptcha(
  return true
  }
 
- if(observedTokens.has(token)) {
- log('Token reuse:', token)
+ log('Verifying Captcha token:', token)
+ if (observedTokens.has(token)) {
+ log('Captcha token already used')
+ return ['token-already-used']
  } else {
  observedTokens.add(token)
  }
@@ -39,9 +41,10 @@ export async function verifyCaptcha(
  })
  const data = (await response.json()) as CaptchaResponse
  if (data.success) {
- log('Captcha verification success:', data.hostname, data.challenge_ts)
+ log('Captcha valid:', data.hostname, data.challenge_ts)
  return true
  } else {
+ log('Captcha invalid:', data['error-codes'])
  return data['error-codes']
  }
  } catch (e) {

diff --git a/src/register.ts b/src/register.ts
@@ -100,11 +100,12 @@ export async function register(
  },
  403
  )
- log(`Too many failed auth attempts from ${ip}`)
+ log('Too many failed auth attempts from', ip)
  return
  } else {
  authLimiter.clear(`${ip}-auth`)
  canBypass = true
+ log('Request authorized to bypass captcha', ip)
  }
  }
 
@@ -121,7 +122,6 @@ export async function register(
  } else {
  const captchaResult = await verifyCaptcha(captchaToken)
  if (captchaResult !== true) {
- log('captcha verification failed:', captchaResult)
  callback(
  {
  error: 'InvalidCaptchaToken',
@@ -140,7 +140,7 @@ export async function register(
  try {
  decodeAddress(account)
  } catch (err) {
- log('invalid address supplied')
+ log('Invalid address', account)
  callback(
  {
  error: 'InvalidAddress',
@@ -152,6 +152,7 @@ export async function register(
 
  // Ensure nonce = 0 and balance = 0 for account
  if (!(await joy.isFreshAccount(account))) {
+ log('Account is not fresh', account)
  callback(
  {
  error: 'OnlyNewAccountsCanBeUsedForScreenedMembers',
@@ -165,6 +166,7 @@ export async function register(
  const maxHandleLength = new BN(MAX_HANDLE_LENGTH)
 
  if (maxHandleLength.ltn(handle.length)) {
+ log('Handle too long', handle.length)
  callback(
  {
  error: 'HandleTooLong',
@@ -175,6 +177,7 @@ export async function register(
  }
 
  if (minHandleLength.gtn(handle.length)) {
+ log('Handle too short', handle.length)
  callback(
  {
  error: 'HandleTooShort',
@@ -186,7 +189,7 @@ export async function register(
 
  // Ensure handle is unique
  if (await joy.handleIsAlreadyRegistered(handle)) {
- log('handle already registered')
+ log('Handle already registered')
  callback(
  {
  error: 'HandleAlreadyRegistered',
@@ -247,7 +250,7 @@ export async function register(
  // apply global api call limit
  const wasBlockedGlobal = await globalLimiter.limit(GLOBAL_REGISTER_ID)
  if (wasBlockedGlobal) {
- log('global throttled')
+ log('Global throttled')
  return callback({ error: 'TooManyRequests' }, 429)
  }
  }