mirror of
https://github.com/monkeytypegame/monkeytype.git
synced 2025-10-09 23:25:53 +08:00
increased fake result security by hasing objects and checking duplicate timestamps
This commit is contained in:
parent
ce0d7e1bac
commit
82a45bfb7d
3 changed files with 25 additions and 0 deletions
|
@ -7,6 +7,7 @@ const {
|
|||
validateResult,
|
||||
} = require("../../handlers/validation");
|
||||
const { stdDev, roundTo2 } = require("../../handlers/misc");
|
||||
const objecthash = require("object-hash");
|
||||
|
||||
class ResultController {
|
||||
static async getResults(req, res, next) {
|
||||
|
@ -92,6 +93,21 @@ class ResultController {
|
|||
.json({ message: "Result data doesn't make sense" });
|
||||
}
|
||||
|
||||
let resulthash = result.hash;
|
||||
delete result.hash;
|
||||
const serverhash = objecthash(result);
|
||||
if (serverhash !== resulthash) {
|
||||
return res.status(400).json({ message: "Incorrect result hash" });
|
||||
}
|
||||
|
||||
let timestampres = await ResultDAO.getResultByTimestamp(
|
||||
uid,
|
||||
result.timestamp
|
||||
);
|
||||
if (timestampres) {
|
||||
return res.status(400).json({ message: "Duplicate result" });
|
||||
}
|
||||
|
||||
try {
|
||||
result.keySpacingStats = {
|
||||
average:
|
||||
|
|
|
@ -47,6 +47,10 @@ class ResultDAO {
|
|||
return result;
|
||||
}
|
||||
|
||||
static async getResultByTimestamp(uid, timestamp) {
|
||||
return await mongoDB().collection("results").findOne({ uid, timestamp });
|
||||
}
|
||||
|
||||
static async getResults(uid, start, end) {
|
||||
start = start ?? 0;
|
||||
end = end ?? 1000;
|
||||
|
|
|
@ -37,6 +37,8 @@ import * as Wordset from "./wordset";
|
|||
import * as ChallengeContoller from "./challenge-controller";
|
||||
import * as RateQuotePopup from "./rate-quote-popup";
|
||||
|
||||
const objecthash = require("object-hash");
|
||||
|
||||
let glarsesMode = false;
|
||||
|
||||
export function toggleGlarses() {
|
||||
|
@ -1781,6 +1783,9 @@ export async function finish(difficultyFailed = false) {
|
|||
completedEvent.challenge = ChallengeContoller.verify(
|
||||
completedEvent
|
||||
);
|
||||
console.time("hash");
|
||||
completedEvent.hash = objecthash(completedEvent);
|
||||
console.timeEnd("hash");
|
||||
axiosInstance
|
||||
.post("/results/add", {
|
||||
result: completedEvent,
|
||||
|
|
Loading…
Add table
Reference in a new issue