Skip to content

Commit 4705335

Browse files
dayofpaydayofpay
committed
Some security improvements
1 parent 19f7210 commit 4705335

3 files changed

Lines changed: 29 additions & 6 deletions

File tree

controllers/analyticsController.js

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ const router = require('express').Router();
66
const Site = require('../models/Sites');
77
let cors = require('cors');
88
const ipTools = require('../utils/ipTools');
9-
9+
const security = require('../utils/security');
1010
let corsOptions = {
1111
origin: function (origin, callback) {
1212
if (whitelist.indexOf(origin) !== -1) {
@@ -20,6 +20,11 @@ router.post('/sites/:id', async (req, res) => {
2020
// Get Site URL
2121

2222
try {
23+
const checkProxy = await security.isProxy(req.ip);
24+
if(checkProxy.isProxy){
25+
res.status(403).send({SecurityException : 'You are not allowed to send analytics data using Proxy'});
26+
return;
27+
}
2328
const siteUrl = await Site.findById(req.params.id).exec();
2429
if (siteUrl) {
2530

utils/security.js

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
async function isProxy(ip){
2+
const getData = await fetch(`https://proxycheck.io/v2/${ip}?vpn=1&asn=1`);
3+
4+
if(getData.ok){
5+
const result = await getData.json();
6+
if(result[ip]){
7+
return {'IsProxy' : await result[ip].proxy === 'no' ? false : true}
8+
}
9+
else{
10+
return {'isProxy' : false} // Error
11+
}
12+
}
13+
else{
14+
return {Result: 'Error while checking the ip'}
15+
}
16+
}
17+
18+
module.exports = {isProxy : isProxy}

views/index.hbs

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ document.addEventListener('DOMContentLoaded',(event) => {
8181
<h1 class="mt-1 mb-3">{{siteData.visitors}}</h1>
8282
<div class="mb-0">
8383
<span class="text-success"> <i class="mdi mdi-arrow-bottom-right"></i>
84-
5.25% </span>
84+
0.00% </span>
8585
<span class="text-muted">Since last week</span>
8686
</div>
8787
</div>
@@ -104,7 +104,7 @@ document.addEventListener('DOMContentLoaded',(event) => {
104104
<h1 class="mt-1 mb-3">{{siteData.visits}}</h1>
105105
<div class="mb-0">
106106
<span class="text-success"> <i class="mdi mdi-arrow-bottom-right"></i>
107-
5.25% </span>
107+
0.00% </span>
108108
<span class="text-muted">Since last week</span>
109109
</div>
110110
</div>
@@ -118,7 +118,7 @@ document.addEventListener('DOMContentLoaded',(event) => {
118118
<div class="card flex-fill w-100">
119119
<div class="card-header">
120120

121-
<h5 class="card-title mb-0">Recent Movement</h5>
121+
<h5 class="card-title mb-0">Recent Movement ( EXAMPLE )</h5>
122122
</div>
123123
<div class="card-body py-3">
124124
<div class="chart chart-sm">
@@ -168,7 +168,7 @@ document.addEventListener('DOMContentLoaded',(event) => {
168168
<div class="card flex-fill w-100">
169169
<div class="card-header">
170170

171-
<h5 class="card-title mb-0">Real-Time</h5>
171+
<h5 class="card-title mb-0">Real-Time ( EXAMPLE )</h5>
172172
</div>
173173
<div class="card-body px-4">
174174
<div id="world_map" style="height:350px;"></div>
@@ -254,7 +254,7 @@ document.addEventListener('DOMContentLoaded',(event) => {
254254
<div class="card flex-fill w-100">
255255
<div class="card-header">
256256

257-
<h5 class="card-title mb-0">Monthly Sales</h5>
257+
<h5 class="card-title mb-0">Monthly Visitors ( Demo )</h5>
258258
</div>
259259
<div class="card-body d-flex w-100">
260260
<div class="align-self-center chart chart-lg">

0 commit comments

Comments
 (0)